Hi,
Short version: If I had a CPU with the aes-ni [1] feature would luks use it?
I know that Upstream Vendors Security Guide [2] says:
...snip
The default cipher used for LUKS (refer to cryptsetup --help) is
aes-cbc-essiv:sha256 (ESSIV - Encrypted Salt-Sector Initialization
Vector). Note that the installation program, Anaconda, uses by default
XTS mode (aes-xts-plain64)
snap...
I also found a notion in the forums that maybe only aes-cbc is using
aes-ni [3] and that could mean that after a install aes-ni is not used
at all.
Does anyone know about this or has experiences?
[1] http://en.wikipedia.org/wiki/AES_instruction_set
[2]
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption.html
[3]
http://forum.centos.org/modules/newbb/viewtopic.php?topic_id=38226&forum=56&post_id=166657#forumpost166657
--
Kind Regards, Markus Falb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 306 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.centos.org/pipermail/centos/attachments/20130113/e01d0c90/attachment-0005.sig>
