[CentOS] luks and aes-ni

Sun Jan 13 04:42:39 UTC 2013
Markus Falb <markus.falb at fasel.at>

Hi,
Short version: If I had a CPU with the aes-ni [1] feature would luks use it?

I know that Upstream Vendors Security Guide [2] says:

...snip
The default cipher used for LUKS (refer to cryptsetup --help) is
aes-cbc-essiv:sha256 (ESSIV - Encrypted Salt-Sector Initialization
Vector). Note that the installation program, Anaconda, uses by default
XTS mode (aes-xts-plain64)
snap...

I also found a notion in the forums that maybe only aes-cbc is using
aes-ni [3] and that could mean that after a install aes-ni is not used
at all.

Does anyone know about this or has experiences?

[1] http://en.wikipedia.org/wiki/AES_instruction_set

[2]
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption.html

[3]
http://forum.centos.org/modules/newbb/viewtopic.php?topic_id=38226&forum=56&post_id=166657#forumpost166657
-- 
Kind Regards, Markus Falb

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 306 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20130113/e01d0c90/attachment-0004.sig>