[CentOS] luks and aes-ni

Sun Jan 13 04:42:39 UTC 2013
Markus Falb <markus.falb at fasel.at>

Short version: If I had a CPU with the aes-ni [1] feature would luks use it?

I know that Upstream Vendors Security Guide [2] says:

The default cipher used for LUKS (refer to cryptsetup --help) is
aes-cbc-essiv:sha256 (ESSIV - Encrypted Salt-Sector Initialization
Vector). Note that the installation program, Anaconda, uses by default
XTS mode (aes-xts-plain64)

I also found a notion in the forums that maybe only aes-cbc is using
aes-ni [3] and that could mean that after a install aes-ni is not used
at all.

Does anyone know about this or has experiences?

[1] http://en.wikipedia.org/wiki/AES_instruction_set


Kind Regards, Markus Falb

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 306 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20130113/e01d0c90/attachment-0003.sig>