Filesystems (if memory servers me) use AES in XTS mode. > On Aug 13, 2025, at 06:46, Jeffrey Walton <[email protected]> wrote: > > > > >> On Tue, Aug 12, 2025 at 5:07 PM Lana Deere <[email protected]> wrote: >> On Tuesday, August 12, 2025 at 8:10:03 AM UTC-4 Jeffrey Walton wrote: >> GCM plaintext maximum length is specified in bits, not bytes. See SP800-39D, >> Section 5.2.1.1 Input Data, p. 8, >> <https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf>. >> That leads to: >> >> 2^39 - 256 = 549755813632 >> 549755813632 / 8 = 68719476704 >> >> Is there a standard practice for handling AES encryption of large files? >> E.g., create a new IV and resume encryption? Use something other than GCM >> which has a higher limit? > > The limit you are encountering in GCM mode is due to an internal 32-bit > counter. The limit is not directly due to AES. > > You could use a block cipher and mode of operation with a 64-bit counter, or > a stream cipher with a 64-bit counter. Bernstein's original ChaCha20 has an > internal 64-bit counter. So Bernstein's ChaCha20 paired with Poly1305 could > be a good replacement for you. See <https://www.cryptopp.com/wiki/ChaCha20>. > > The IETF's version of ChaCha20 used in TLS regresses to a 32-bit counter, so > don't use it. > > Jeff > -- > You received this message because you are subscribed to the Google Groups > "Crypto++ Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion visit > https://groups.google.com/d/msgid/cryptopp-users/CAH8yC8%3DaTnOxAvMWbOOFto2RnUtqPecxTW_k-%3DmBNaXLt8Mq1A%40mail.gmail.com.
-- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/cryptopp-users/E471EEC0-A232-4D08-B494-948575F8F2F5%40gmail.com.
