Module Name: src Committed By: alnsn Date: Sun Dec 11 00:24:48 UTC 2016
Modified Files: src/share/man/man4: cgd.4 Log Message: Document AES-XTS in cgd(4). To generate a diff of this commit: cvs rdiff -u -r1.19 -r1.20 src/share/man/man4/cgd.4 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/share/man/man4/cgd.4 diff -u src/share/man/man4/cgd.4:1.19 src/share/man/man4/cgd.4:1.20 --- src/share/man/man4/cgd.4:1.19 Wed Jun 1 01:34:43 2016 +++ src/share/man/man4/cgd.4 Sun Dec 11 00:24:48 2016 @@ -1,4 +1,4 @@ -.\" $NetBSD: cgd.4,v 1.19 2016/06/01 01:34:43 pgoyette Exp $ +.\" $NetBSD: cgd.4,v 1.20 2016/12/11 00:24:48 alnsn Exp $ .\" .\" Copyright (c) 2002, 2003 The NetBSD Foundation, Inc. .\" All rights reserved. @@ -27,7 +27,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE .\" POSSIBILITY OF SUCH DAMAGE. .\" -.Dd November 30, 2013 +.Dd December 11, 2016 .Dt CGD 4 .Os .Sh NAME @@ -64,6 +64,21 @@ mode. .Tn AES uses a 128 bit blocksize and can accept keys of length 128, 192, or 256. The default key length is 128. +.It Ic aes-xts +.Tn AES +in +.Tn XTS +mode. +.Tn AES-XTS +uses a 128 bit blocksize and can accept keys of length 256 or 512. +Note that +.Tn AES-XTS +key is made of two +.Tn AES +keys of equal size. +The second key is used solely to encrypt the block number of the physical +disk block. +The default key length is 256. .It Ic 3des-cbc Triple .Tn DES @@ -159,11 +174,25 @@ and their associated data structures are .In dev/cgdvar.h header. .Sh WARNINGS +.Pp It goes without saying that if you forget the passphrase that you used to configure a .Nm , then you have irrevocably lost all of the data on the disk. Please ensure that you are using an appropriate backup strategy. +.Pp +A +.Nm +device doesn't authenticate data and thus it can't guarantee integrity +of the encrypted data. +In particular, if the plaintext is known to an adversary, it is +possible to change every second block on a disk encrypted in the +.Tn CBC +mode to plaintext blocks of their choice. +The +.Tn +XTS mode isn't vulnerable to this particular attack but a lack of +integrity should be taken into accout when evaluating security risks. .Sh FILES .Bl -tag -width indentxxxxxxxxxxx .It /dev/{,r}cgd*