* james hughes <[email protected]> wrote: > If there is no room for or an integrity field, you can look at > XTS-AES. > http://csrc.nist.gov/publications/nistpubs/800-38E/nist-sp-800-38E.pdf
A not so well-known statement of said PDF certainly is the following, especially in light of today's storage device capacities: "The length of the data unit for any instance of an implementation of XTS-AES shall not exceed 2^20 AES blocks." It seems to have made it smartly into openbsd, at least this commit-info hints it: http://marc.info/?l=openbsd-cvs&m=121341266715025 -- left blank, right bald
pgpjXNpaGVZ6T.pgp
Description: PGP signature
