From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-user+bounces-191713-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id C5EAE1382C5
	for <garchives@archives.gentoo.org>; Sun,  7 Jun 2020 12:44:35 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id F1D6CE09BC;
	Sun,  7 Jun 2020 12:44:27 +0000 (UTC)
Received: from mail-wr1-x432.google.com (mail-wr1-x432.google.com [IPv6:2a00:1450:4864:20::432])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id ABB02E09A5
	for <gentoo-user@lists.gentoo.org>; Sun,  7 Jun 2020 12:44:27 +0000 (UTC)
Received: by mail-wr1-x432.google.com with SMTP id l11so14500873wru.0
        for <gentoo-user@lists.gentoo.org>; Sun, 07 Jun 2020 05:44:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=subject:from:to:references:autocrypt:message-id:date:user-agent
         :mime-version:in-reply-to;
        bh=X9FuTNcb4Nd4Cr+GMSm8ZvioJ/xOyTdXU3XZFQooAjo=;
        b=r0I9t2rL5Y16JQKLpq0gMlUVHgFkJWSTcbiL0bpdMszGc6azwcv87LKaboC7Mz4FPD
         t4eoY+t4kJe9szlYoIPlRZZ8+VyQ4RA9bfjcnjbNpsaerhlPXC819Q9p1Xf7uomMcU6a
         KwGLM72GTn15m/+HNZB6I/hOU+M386w+DW1fbMjmEb7fxcHAHhR704O0JE0CT+llFBgV
         /jk84FFHaH/MIXqOAy1cynWPPM8r/TYVwx5I7lLYYqTvS1CYYo95gbCR98OgUizd0FyK
         eyVEuzq52uB4LHkUW2gD8kqpmr4gKrQlU3kaWhstJil/oIrqjHFjuOQeX2Fnbbb5+l4m
         /ZTw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:subject:from:to:references:autocrypt:message-id
         :date:user-agent:mime-version:in-reply-to;
        bh=X9FuTNcb4Nd4Cr+GMSm8ZvioJ/xOyTdXU3XZFQooAjo=;
        b=VrQ1swe0z1Ysxdngf3jgLeqjvwUcbY/eQT0Mw146gnalnVIKiLCDHLHehU4oBjCTxU
         d/BjiIozOF7ZwCY4Ku5+F5fQgm+NpnEFIUM6qATW+uiz9F9F8gBsRi75fQakiPO0J4/H
         8XNUBNWguj7yE369r+DM5g3WiRbf1TarJhr3n0NnNmHBSJIKdMZGqqt67ChcXGYHFJAq
         dQuB0dZs3rh5K7+f6Rkd2B8PqWNKRD7PpnTI/IImobbu0QDvR1VlGQnWLUnXTgWGdQn7
         +oX7tf6WjgRmrX041Ie832V0aZ+MkeYflQHO7Ho5sAwn0d8rnrUgmVuzJ94JjrllpiU/
         YsUg==
X-Gm-Message-State: AOAM531sv8w+Af90PamF58h+hAQu3zjwiEClEWg3wqKkaDThAgvDuM3Y
	EFfjPsd4uWRJsaIpBD9qELSXOYik
X-Google-Smtp-Source: ABdhPJx54DXBQY02KymKtgnmNt47Q0yhWAwNwaSe9d04auhclS84UP61TF1gnGS1q7y6VDxQZZVAlA==
X-Received: by 2002:a05:6000:1185:: with SMTP id g5mr20244425wrx.39.1591533864736;
        Sun, 07 Jun 2020 05:44:24 -0700 (PDT)
Received: from [192.168.0.64] (cpc148898-sgyl44-2-0-cust897.18-2.cable.virginm.net. [82.34.183.130])
        by smtp.gmail.com with ESMTPSA id f185sm9162952wmf.43.2020.06.07.05.44.23
        for <gentoo-user@lists.gentoo.org>
        (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
        Sun, 07 Jun 2020 05:44:24 -0700 (PDT)
Subject: Re: [gentoo-user] Encrypting a hard drive's data. Best method.
From: Victor Ivanov <vic.m.ivanov@gmail.com>
To: gentoo-user@lists.gentoo.org
References: <ddcf7e41-ef39-eae8-ba36-82efc057a1ee@gmail.com>
 <7e55092b-1914-da09-cb33-25aea63d2b22@gmail.com>
 <CAGfcS_=Qt6=hjTWpPvN+zHabagnQvazeqgZu9Qi74utWPeuj0A@mail.gmail.com>
 <6a9ae564-14be-aa10-e0d3-d50fd82e3e3b@gmail.com>
 <CAGfcS_kxEU_y7d8cTbg7sbXOtdKgaUmt7i_05vYVFahc1SBtTQ@mail.gmail.com>
 <7e2ee8c9-7956-39a4-e31b-6a3f40d08da9@gmail.com>
 <CAGfcS_ncL5UcqwHBDAUEJXV5ePP36in+MVCjbBcgBHj3gRfQgQ@mail.gmail.com>
 <b788f50e-601c-7ff0-057f-c93e2c2f51a4@gmail.com>
 <cfe773b1-ada0-7b22-16df-66decb767d91@gmail.com>
 <18e49200-21a8-ed0a-3b96-3cc0e4ba93e3@gmail.com>
Autocrypt: addr=vic.m.ivanov@gmail.com; keydata=
 mQINBF3g/JMBEAC4yM5z5iFHFBU8Zf92ZRB+6uH3ipSWXBYpP+23cdjXO0CFYnUykGSwzYb4
 y0/nL1r5FDiNyciRb00QorIHqgi32yzTxApDEb12Bt0xOp8fbSIgEQcwU63Ig7IxQ4PRT5Wd
 dXdwvtU2ZntcrtDLaRM7ukjqlistrZQGWfHfuGW/7clD8huRVGywHSxFlkupfwVPzxjTQt1T
 KUs0zsbl4pmXgXfCtQT1t5I9XgJ3gjsh1k0iHaoTubdJwEhukeTNMOIDQACU17Bw/M0ZB70x
 TRpweOmXOGvEgX9JJQsNnllfo+Uq9vZ2YARc/T576YPNDbeMT6ili/Td81r7gjYGHF7vHaGr
 8nWl6qp1/saqMaIlRrg+cpbmMx/p6NrbunYUq4uG73cYE4vW7IesvPqyFNRpYOpO2k482BJn
 WjsUlN7WqSMvBSVelxOzAAliieUbVft6YfqrLcm17W0fsxIse3i19u/qYP1eWIzHYNy+4rsr
 S8MIvHlEdL+2cvyPDzKv57G5Vo1sfBp8tkAcBEbYBVM8YLm6UU5nPFJxhy4Hly0MzYaPfsuy
 Le4D3VcjdLtXRVqISNnpgIjqnnPNuNcQf2e0olEKyv34I1Xd/th/2OozLdmSzaooyzI1fs1Q
 wbUC2Tpmi5oxlCXOw3HwJ/V/GhOGYtr9lA2AaouoqGf9xKCZxwARAQABtCZWaWN0b3IgSXZh
 bm92IDx2aWMubS5pdmFub3ZAZ21haWwuY29tPokCVgQTAQoAQAIbAQUJAeEzgAIeAQIXgAIZ
 ARYhBIsM+jNKfukNfT85Q22UeoIMUN1ZBQJd4P/nBAsJCAcFFQoJCAsFFgIDAQAACgkQbZR6
 ggxQ3VnWYRAAlXiNLrRWlDn5I1sm753dxjaN4Yzlfx3wS1NdLM7/v1A44R3wCEzKOiB9oP6Y
 OqCJOxDeFnWsFZNVM2NcAvgF7py0Wo9/k2Kj4ZG4LCnrYLHlYI6lks0kqubiIKBdeCMpgR2/
 AuU0xjUgtGur/TH6VIL5omA0NK4psPnUe/Lomfim6J18++oROhXoekZ3TkHwdt2aB7Cl1iOf
 N5scJWvkG+vapmtSN5A3vwFda+Uf1PG8SgZOtlmnlrLGUnvPcUKtcCO6m7dZZPfboY9jusG9
 IOCZxrexHYbo0zqSaKoaU0TBqFmVO+9jddqC5japWQnuw5THQ/ehC4UJrWovYEeJtpo8lAsE
 gP0CImo5p5zM7JmntvXO5N9R3hnX1GQnBU0kKL93uQj6pTeY5S7SSdO8nEKGQzuulB4vRMpS
 RWlSA+g5Z3NLKnslq1gs9f4mtooGXj/6SShKE+lLVPpPGfkUElhzGfkLMgH/pGRsoFUFDzbG
 YXDxCxat8v9OCo3hpR9ouKWoxj1jDRoc98AufN22giInaWYtn9CBWfNuamvXlXgk9/oSI9fQ
 hWBKs0t8xdXsmdFEakrR6DVjuPKGGe9Wm2aRd4rdI8pQanNTW3SmIS5nMvbPJ4f1z5N6joc1
 BIcNv4VWz8nZApPpCsw/TZMcqxOkxaDhi1Tgf06LMWIN+6S5Ag0EXeD8tAEQAPWvRL9eauw+
 GTBmhmUJ6KY2IjxJi67VEAFar+CZwe8py3UI5CIoZEBjifYEC43hV6i34VrE3CBu6uVmjF69
 AeBAd93K1kXvmXcCAaxbzh3xLr7OynR5fc0rliJCtqQ+l1PHbcH8zPcgNX1P57wnXLBrd6H7
 p/Zfpn1uVlVwzZG4qtOuT833EbdvFhu1NvYrzwoY4rTgUqeZsNXkaVI9g6fp2GsMV3lHNzI0
 TuRfr3ATtkHIvgkr9uLDYiFexu1hzlsVfckTn0XP21CjWOtMB/gbkoue2CGyFcGCstsx0aeY
 t3JCnWdv93LRNRm30VQmOaxrCBRCCAQWSIzuW8s290iWv7jTZYj1V3QLauHBybUSVhwiqpRq
 SnGEkFdEnlKMGo2LwodyMRou1iOxP0MSXJCrGdDz2uaPMC6ZrTH8ExZIdmWzpI3bMosAK9A1
 0Vnmz2GbmZMFWS1Gkel0adICH5sQiqjRTElv6s35f81B+bft095zfzU72Nur0aj418RKucra
 WyJIE4sNgkNFTKe+61nw2XcX+n2Tp/qXnctc2FC3Qxjp0I96Ef/dV0OXa1hkwCfiJqRAe7cG
 EIhazh74y1DjjXyzSNl1CKOmeYjE4tUcjQ0mRPJTkTsarTUYBev4yZtYYQKFsTpPVT2GpL4g
 /9Rzg1JGPxWJwJCz/QUwNTGXABEBAAGJAjwEGAEKACYWIQSLDPozSn7pDX0/OUNtlHqCDFDd
 WQUCXeD8tAIbDAUJAeEzgAAKCRBtlHqCDFDdWTTND/9VRrwI13C4UC2tZx0DCVvFKqGsyd7h
 nfsGMnM1hcOaUUyRUrpaoTYIc59mVuTnIg5b1LuUkvFFm50uq5pK2E9VxtAi3T/qlTIoe3zX
 pavMMOj67p3+fWp1zz+UBoUvZEzsYtOzhAEsBSEoUxDY5bxrPlj5KGLXm6YjWvlo4jjbwaAk
 N113TP0koaIWbCvaz+GNVHuZ0/s9lQwydIpbGdpZ4KuDohA7SadJtV6Z9aPYo9sybY5iX/FT
 6/0AF2IvBfuiVbLpIgsI/aYEA5ROIHe2DqzWtRUOfydSPUKb+4U+NzgVwpOMAc3p55kv3V3h
 HSdgnebVPlLLCtRgAVnYAyo99MOAeXcmM2PRn5pSwX/etId4uPXA9N+c08F9vl2cpqg2oGaO
 jsd4ZFmhd//g7nUpNDzqZ5h7bx7ztgn/srjO2BfOF53HrzjYjDOqE1mUfTTQhIxweW+3+vRo
 AgDNJgkMHYcDBOabzqwliWEATlY8TBsCi7ATajX1wk8ZP4VvtIHFMjNc//MumZb5VEe/VwmC
 l1SNCeVioy3Smm76NApPT7EEvrEtoKEeJXKoBJwoErkQkuccEkGpkhuaDupeXcrm4cqknHLB
 b106Qm69jTl/8xRqLreSxTz/vPxEAFdf1S0XXwXd3RHHi2DBYdQ/dlHzJF5aWtOr+WADz/iT
 07V84bkCDQRd4PzOARAAxf3teIWCgoqYmwfEsZgDoXn8LIz8eL93D2LBnW4tikQUESFvF1V7
 +BASk8cfbwgq2Rw+M87ITBZWcQ2pRcaImZc0MBP1Yb5TrAd6YuImQfHY2rkdw4B2NI4PCx5i
 mEdtHF0fAc7kOp0slNHrg3NVKj+1YIz3YMaHnSxPxe3c0kcDRyGdgfpJXsT6XeMqana/QGgR
 zo/i1NFeOcAVChwD/qCUTSVJcIeFCSah5XXUPrxdeEi8YUl7WlXtb+enOof/2LCz3dYG6vOn
 Hmn6M+Tw7VowLtC3plg6NmtM+9S3905DBxg2tFYtoE6RfzDmIJOoFZH8CqH920nQmtE7jN7R
 gcuMV/+RszfyT6q12XAS+/R/no2+MuaEtFKazfP7IYA3KHLsGzxlex3LJKPQLiKSFi68Jbgl
 yJXskxwCuJN5YLClFlnkVmXuuZ7DVk5dTTnc7eTVSaU09fAy7llz/Iva4KVpH5jxl8qJYdkG
 WiJkcBJ9Zk+oNhuoKwMc1jOveaRzzfBKU4NGCMYiCxtiGUXfH8EgDryUxcaUE3EmcA/RGUM1
 hL81awOOQXR4mzhjyAzakFiJsu+qOv7R8qyl4aJ5ZVk4mDV8f0Ds5DlWngf6gTkl/AsDIuvE
 5DpeG3H4IBCHCmjoaWNHouI6DdWkA42GpvFpEkcr6QT8yxceqsD+2ZMAEQEAAYkEcgQYAQoA
 JhYhBIsM+jNKfukNfT85Q22UeoIMUN1ZBQJd4PzOAhsCBQkB4TOAAkAJEG2UeoIMUN1ZwXQg
 BBkBCgAdFiEEKFZblUJabdsjGSQvxx0QR+MZjnMFAl3g/M4ACgkQxx0QR+MZjnOHBw//e2BK
 d+FPZihrgdB1dpBGS5C16v+GxC5VmIQ3ldifxXch+mLE1qQ6b3PINdkQsd1WKZ7fPiHyFoYq
 0DA0LZZ4LIBI61MauWO5b7j8OEZR/ik/+dV+hvoxnBnTtVd2eBQoKp2GNBw7GiLmt6jr/uW7
 LY2uD+zQgV+L38MfGEkwd4+keZIRR3+jl69/jvGHub9SOKJ07GyfDhaXm83GufXCdw0Wli8f
 pqLGL06pfmSZFiQ3LtPQqB+X5DpAljbqGV661RZR1DiQa6NlUcqqVRw1pytWN29WzbNyKz3W
 zu7jeTRd1M+XtBoY6g69cCeu4ITr7nFNyckoKu9djZLIfuaLRYUeWxgM9eYezmz1N1S3Y+E6
 QwAaWdajioSZeWvsTJU1rMCTgWlJSQlYog0LlbKskccvVDilV9cE4Wq05r3G7bkt4q/uGuxl
 jCtJzLp0FewOID9cyMqLKDwQ4LnKKjTtNDX7O4B/SWJSncErFJcVkTQQAQix1FCuXfjFbOmr
 LCDigES5hiRA3Cge+bhwYn/Q+nQCvF+cE9Ohl0pf4RPZ+78kwKzeavnoUiDJ6Vbgqag/OsdE
 w2VnxWldmWbtFVGSHh7P7Kqz4NwNyQFasm6jZypE3kV9TbTaGcWQlq1fLRIlWsARvXYAKE/c
 LaGW0oZNBSm/CpGgXxhmkeyosmggNRQRoA/7BoMl42Sn46DfTMhH0TwptsAAFjX488nBhPQL
 bqxVzq5yO52CTeRafMmtx873JMlh7u14pP59AqUeYgUqp9Wyg8erLV6CKa4Xll5cj22w9OhH
 xJ0G8cxPIbZGrc/8/z4Mr6AHfT8DgZ2Ez5siU6IuygM7YTMQjzGGJPqDWcQrf/37NuVd+sFt
 oj008BxqpBD8kQ7+jV5rR/o6FJ2CGebjouJTaTcPIIdsga0ych1RYiTioh1OPuj34YYf6I+B
 xqJGCd084m/EdP6zDvJVLDxkOMuMGpVSwWrDQcDWBSd1/AfzQmyC9tsYLoxrFYYDNPXp/QxS
 LT+yz0T2p2JRuZDMGCyLGRO3YLQATJQgPLkpHrZR5coSliuVeUG68iX/55h/dop613g1rdzI
 seOkJqSC02DVP7kF2E7QHDMxLpCDnsmomlW7uul/d+yF6oDjCuLSAlngVBVkVwl6NIrcSkuh
 em9Y0+2X9tAVTAdc0V2Ctt7p6stGEBx7RFEimpwKubXpUQ/OReiTr2IxpMj6o4lFoHKL9heA
 C3YTpJnOGV00jLPhjOgEqWxLmnRmM8E3wtgLGfItoAjDN8U/qdNVoRpWfFO/rPOEugvT31rE
 MTVdmb4EJtRvDHLGUQ6JeHMm/ftBJokS2bO8HDjslCXQ02I3wl/rZzbKQisstJwRqVM5TJk=
Message-ID: <e6d906be-a95f-0ac5-c66b-fd89bf73e899@gmail.com>
Date: Sun, 7 Jun 2020 13:43:32 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101
 Thunderbird/68.9.0
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
MIME-Version: 1.0
In-Reply-To: <18e49200-21a8-ed0a-3b96-3cc0e4ba93e3@gmail.com>
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="4m8Bg0w1p9qbiV17tuMGx7IjjzK5Rak1b"
X-Archives-Salt: c6508e6d-b538-49fa-bc18-10a70a43fd0c
X-Archives-Hash: 0c49edc22bab3fead600cb26a989aca7

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--4m8Bg0w1p9qbiV17tuMGx7IjjzK5Rak1b
Content-Type: multipart/mixed; boundary="W6bSTrIRnx9fkjsgUw81zx1YsE6JrRX6L"

--W6bSTrIRnx9fkjsgUw81zx1YsE6JrRX6L
Content-Type: text/plain; charset=utf-8
Content-Language: en-GB
Content-Transfer-Encoding: quoted-printable

On 07/06/2020 12:52, Victor Ivanov wrote:
> Indeed. I second Rich and too would recommend sticking with AES for thi=
s
> reason. LUKS will support an AES key of up to 512 bits. It's fast and
> hardware acceleration is widely available.
>  ...
> For example, Intel's native AES  extensions work in 4x4 data blocks of
> 128 bits but will support variable key lengths. Their white paper [3]
> suggests supported key lengths are 128, 192, and 256 bits but I've been=

> using a 512 bit key on my drives for years with negligible performance
> impact (Skylake systems).

Perhaps this requires extra clarification re key length, which I should
have included, as it may give misleading information.

As an algorithm AES fundamentally only goes up to 256 bits for key
length. However, in XTS mode (aes-xts) two _separate_ keys are used for
the initialisation vector and the block encryption. As such, for AES-256
in XTS mode, one needs to supply 2x256b keys.

Effectively, 512b are used, but this too may be misleading. It's better
than 1x256b but certainly not as good as 1x512: (2^256 + 2^256) vs
2^512. It also maps well to hardware extensions already supporting key
sizes of 256b.

This is not possible in CBC or GCM mode which only allows for a single
key of up to 256b.

My apologies, it was a case of my fingers getting ahead of my thoughts
and not having formulating the latter appropriately.

Regards,
Victor


--W6bSTrIRnx9fkjsgUw81zx1YsE6JrRX6L--

--4m8Bg0w1p9qbiV17tuMGx7IjjzK5Rak1b
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEKFZblUJabdsjGSQvxx0QR+MZjnMFAl7c4PQACgkQxx0QR+MZ
jnMM1hAAict/rHvsdeZPTKu5ufFc80dAB1958nTb5iDy+NM/8UiyMk1aDOGnfdyh
P5ZgD8blZH01pJBbjygUqZOtAUy1AjWk9e9BgsFqFyAclq4ylkh3u+tPCYYNHSTm
Fptgs/vL5BMu7iTpYV+HLQApDHG7gAXOHOgmajRRc7mlcFb5sN2Gd3atJ33xkD4C
LCvJVzpjY8M7Qm4VhM3i7wxJqfGW/uqNeJPpUJRrU8pEtgm8vFDZ1lEOxSwQA6CM
2jYPUBYT1ApH9KWJXfMeMtE1BOxt4cdiaWKc4Qqux1N4uq6AkP6OPjp88o1O7Tnl
+ad66I0vClfI7Dp5ecoIHnrjUYBcsuH12aLh7UpHW7o9yEFum9RuumJvTaANWLhE
qqCQ5vK5sEtwszByrNsqdNY8nXBBq8BYxDOHmcaF0KqBWj+34sm0Tq4Kh1edGUiu
6fnLKmASMjBvC917laD7ybA5JEzPI/iWLjoiUD8ve/QCnj9xdwJuAiiHFAmPXyAC
kIJARoE1CihkwQKdhSoBwQWQ8qvqexJW5NulSKudaJdRCOra34vowjViO4WQi5d7
zd+x0049AtkfxAz4uJ1KpirFpJjCrvOI1WfljN9BH58Mxgje1sccIi1PCjObbUh0
kN2L0jkf6nG4CWP8srKgANPZw2Mj9/+zvLlu7sSPdLtPEfY20BY=
=FdC+
-----END PGP SIGNATURE-----

--4m8Bg0w1p9qbiV17tuMGx7IjjzK5Rak1b--