Michael, On 05.10.2016 23:11, Michael Halcrow wrote: >>> In the meantime, to address the CBC thing, I'd want to understand what >>> the hardware is doing exactly. I wouldn't want the existence of code >>> that supports CBC in fs/crypto to be interpreted as some sort of >>> endorsement for using it rather than XTS (when unauthenticated >>> encryption is for some reason the only viable option) for new storage >>> encryption applications. >> >> The hardware offers AES-CBC, accessible via the kernel crypto API. > > I presume your goal is to usually package up relatively large segments > of data you'd like to chain together under one key/IV?
Yes. That's the plan. > Else, for random-access block storage, I would like to get on idea on > what the latency/throughput/power impact would be vs. just doing > AES-XTS on the CPU. Hopefully I can report some results soon. :-) > Regardless, if you need IV generation in fs/crypto, you can use ESSIV > from eCryptfs as an example. Except you'll probably want to use > SHA-256 instead of MD5, if only for the sake of hygiene. Thanks for the pointer. Thanks, //richard ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Linux-f2fs-devel mailing list Linux-f2fs-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
