dm-crypt / cryptsetup which block encryption dimension use

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
0
down vote

favorite












I'm working on dm-crypt utilizing cryptsetup. I'm interested to understand if it's using a fixed block dimension to encrypt files.

I explain it better: I created a LUKS envelop, formatted it with luksFormat, then open and mounted in file system.

Then I normally write files in that encrypted folder. I want to understand if I write 8 Kb file there is the possibility that dm-crypt encrypt it in blocks of fixed dimensions and in case there is a way to modify this block dimension??



|-----------------------------------------------|
|+ 8Kb +|
|-----------------------------------------------|
| b1 | b2 | b3 | | | | bn |
| | | | | | | |
--------------------------------------------------






share|improve this question
























    up vote
    0
    down vote

    favorite












    I'm working on dm-crypt utilizing cryptsetup. I'm interested to understand if it's using a fixed block dimension to encrypt files.

    I explain it better: I created a LUKS envelop, formatted it with luksFormat, then open and mounted in file system.

    Then I normally write files in that encrypted folder. I want to understand if I write 8 Kb file there is the possibility that dm-crypt encrypt it in blocks of fixed dimensions and in case there is a way to modify this block dimension??



    |-----------------------------------------------|
    |+ 8Kb +|
    |-----------------------------------------------|
    | b1 | b2 | b3 | | | | bn |
    | | | | | | | |
    --------------------------------------------------






    share|improve this question






















      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      I'm working on dm-crypt utilizing cryptsetup. I'm interested to understand if it's using a fixed block dimension to encrypt files.

      I explain it better: I created a LUKS envelop, formatted it with luksFormat, then open and mounted in file system.

      Then I normally write files in that encrypted folder. I want to understand if I write 8 Kb file there is the possibility that dm-crypt encrypt it in blocks of fixed dimensions and in case there is a way to modify this block dimension??



      |-----------------------------------------------|
      |+ 8Kb +|
      |-----------------------------------------------|
      | b1 | b2 | b3 | | | | bn |
      | | | | | | | |
      --------------------------------------------------






      share|improve this question












      I'm working on dm-crypt utilizing cryptsetup. I'm interested to understand if it's using a fixed block dimension to encrypt files.

      I explain it better: I created a LUKS envelop, formatted it with luksFormat, then open and mounted in file system.

      Then I normally write files in that encrypted folder. I want to understand if I write 8 Kb file there is the possibility that dm-crypt encrypt it in blocks of fixed dimensions and in case there is a way to modify this block dimension??



      |-----------------------------------------------|
      |+ 8Kb +|
      |-----------------------------------------------|
      | b1 | b2 | b3 | | | | bn |
      | | | | | | | |
      --------------------------------------------------








      share|improve this question











      share|improve this question




      share|improve this question










      asked Dec 15 '17 at 9:50









      G.D.

      204




      204




















          1 Answer
          1






          active

          oldest

          votes

















          up vote
          0
          down vote



          accepted










          Are you talking about the blocksize used by the cipher? Cryptsetup uses block ciphers, often with a 16 byte blocksize. Changing the cipher might change the blocksize, see /proc/crypto for available ciphers & details, and man cryptsetup.




          • Cryptsetup has a fixed blocksize, 512 bytes, here's a little from it's FAQ:




            2.18 Is there a concern with 4k Sectors?



            Not from dm-crypt itself. Encryption will be done in 512B blocks, but if the partition and filesystem are aligned correctly and the filesystem uses multiples of 4kiB as block size, the dm-crypt layer will just process 8 x 512B = 4096B at a time with negligible overhead. LUKS does place data at an offset, which is 2MiB per default and will not break alignment. See also Item 6.12 of this FAQ for more details. Note that if your partition or filesystem is misaligned, dm-crypt can make the effect worse though.




            Also mentioned in 5.16:




            There is a potential security issue with XTS mode and large blocks.
            LUKS and dm-crypt always use 512B blocks and the issue does not
            apply.





          • Might also be interested in this closed cryptsetup issue (#150) Add dm-crypt support for larger encryption sector (block) size:




            Comment by chriv... on 2013-11-07 11:32:05:



            I would be very interested in this. It turns out, there are many embedded-type systems with on-board crypto accelerators, that fail to perform adequately when given small blocks to work with. Examples include mv_cesa, which is found in so many home NASes these days (all the orion/kirkwood boards, at least. This includes most of Synology and QNaps offerings)



            Milan Broz @mbroz commented 5 months ago - Owner:



            The sector size option is in kernel 4.12 but will be supported only (optionally) in LUKS2.








          share|improve this answer






















          • I know that the block size for final encryption is decided by /proc/crypto. I'm interested to understand if cryptsetup has a defined block size that is passed to kernel and if it is possible to change it (ex. from 512 to 1024) and see if writing speed increases. Because in embedded machines the total delay is high.
            – G.D.
            Dec 18 '17 at 8:18










          • I'll edit in a little from cryptsetup's FAQ, and other places
            – Xen2050
            Dec 18 '17 at 18:31










          Your Answer







          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "106"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: false,
          noModals: false,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );








           

          draft saved


          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f411011%2fdm-crypt-cryptsetup-which-block-encryption-dimension-use%23new-answer', 'question_page');

          );

          Post as a guest






























          1 Answer
          1






          active

          oldest

          votes








          1 Answer
          1






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes








          up vote
          0
          down vote



          accepted










          Are you talking about the blocksize used by the cipher? Cryptsetup uses block ciphers, often with a 16 byte blocksize. Changing the cipher might change the blocksize, see /proc/crypto for available ciphers & details, and man cryptsetup.




          • Cryptsetup has a fixed blocksize, 512 bytes, here's a little from it's FAQ:




            2.18 Is there a concern with 4k Sectors?



            Not from dm-crypt itself. Encryption will be done in 512B blocks, but if the partition and filesystem are aligned correctly and the filesystem uses multiples of 4kiB as block size, the dm-crypt layer will just process 8 x 512B = 4096B at a time with negligible overhead. LUKS does place data at an offset, which is 2MiB per default and will not break alignment. See also Item 6.12 of this FAQ for more details. Note that if your partition or filesystem is misaligned, dm-crypt can make the effect worse though.




            Also mentioned in 5.16:




            There is a potential security issue with XTS mode and large blocks.
            LUKS and dm-crypt always use 512B blocks and the issue does not
            apply.





          • Might also be interested in this closed cryptsetup issue (#150) Add dm-crypt support for larger encryption sector (block) size:




            Comment by chriv... on 2013-11-07 11:32:05:



            I would be very interested in this. It turns out, there are many embedded-type systems with on-board crypto accelerators, that fail to perform adequately when given small blocks to work with. Examples include mv_cesa, which is found in so many home NASes these days (all the orion/kirkwood boards, at least. This includes most of Synology and QNaps offerings)



            Milan Broz @mbroz commented 5 months ago - Owner:



            The sector size option is in kernel 4.12 but will be supported only (optionally) in LUKS2.








          share|improve this answer






















          • I know that the block size for final encryption is decided by /proc/crypto. I'm interested to understand if cryptsetup has a defined block size that is passed to kernel and if it is possible to change it (ex. from 512 to 1024) and see if writing speed increases. Because in embedded machines the total delay is high.
            – G.D.
            Dec 18 '17 at 8:18










          • I'll edit in a little from cryptsetup's FAQ, and other places
            – Xen2050
            Dec 18 '17 at 18:31














          up vote
          0
          down vote



          accepted










          Are you talking about the blocksize used by the cipher? Cryptsetup uses block ciphers, often with a 16 byte blocksize. Changing the cipher might change the blocksize, see /proc/crypto for available ciphers & details, and man cryptsetup.




          • Cryptsetup has a fixed blocksize, 512 bytes, here's a little from it's FAQ:




            2.18 Is there a concern with 4k Sectors?



            Not from dm-crypt itself. Encryption will be done in 512B blocks, but if the partition and filesystem are aligned correctly and the filesystem uses multiples of 4kiB as block size, the dm-crypt layer will just process 8 x 512B = 4096B at a time with negligible overhead. LUKS does place data at an offset, which is 2MiB per default and will not break alignment. See also Item 6.12 of this FAQ for more details. Note that if your partition or filesystem is misaligned, dm-crypt can make the effect worse though.




            Also mentioned in 5.16:




            There is a potential security issue with XTS mode and large blocks.
            LUKS and dm-crypt always use 512B blocks and the issue does not
            apply.





          • Might also be interested in this closed cryptsetup issue (#150) Add dm-crypt support for larger encryption sector (block) size:




            Comment by chriv... on 2013-11-07 11:32:05:



            I would be very interested in this. It turns out, there are many embedded-type systems with on-board crypto accelerators, that fail to perform adequately when given small blocks to work with. Examples include mv_cesa, which is found in so many home NASes these days (all the orion/kirkwood boards, at least. This includes most of Synology and QNaps offerings)



            Milan Broz @mbroz commented 5 months ago - Owner:



            The sector size option is in kernel 4.12 but will be supported only (optionally) in LUKS2.








          share|improve this answer






















          • I know that the block size for final encryption is decided by /proc/crypto. I'm interested to understand if cryptsetup has a defined block size that is passed to kernel and if it is possible to change it (ex. from 512 to 1024) and see if writing speed increases. Because in embedded machines the total delay is high.
            – G.D.
            Dec 18 '17 at 8:18










          • I'll edit in a little from cryptsetup's FAQ, and other places
            – Xen2050
            Dec 18 '17 at 18:31












          up vote
          0
          down vote



          accepted







          up vote
          0
          down vote



          accepted






          Are you talking about the blocksize used by the cipher? Cryptsetup uses block ciphers, often with a 16 byte blocksize. Changing the cipher might change the blocksize, see /proc/crypto for available ciphers & details, and man cryptsetup.




          • Cryptsetup has a fixed blocksize, 512 bytes, here's a little from it's FAQ:




            2.18 Is there a concern with 4k Sectors?



            Not from dm-crypt itself. Encryption will be done in 512B blocks, but if the partition and filesystem are aligned correctly and the filesystem uses multiples of 4kiB as block size, the dm-crypt layer will just process 8 x 512B = 4096B at a time with negligible overhead. LUKS does place data at an offset, which is 2MiB per default and will not break alignment. See also Item 6.12 of this FAQ for more details. Note that if your partition or filesystem is misaligned, dm-crypt can make the effect worse though.




            Also mentioned in 5.16:




            There is a potential security issue with XTS mode and large blocks.
            LUKS and dm-crypt always use 512B blocks and the issue does not
            apply.





          • Might also be interested in this closed cryptsetup issue (#150) Add dm-crypt support for larger encryption sector (block) size:




            Comment by chriv... on 2013-11-07 11:32:05:



            I would be very interested in this. It turns out, there are many embedded-type systems with on-board crypto accelerators, that fail to perform adequately when given small blocks to work with. Examples include mv_cesa, which is found in so many home NASes these days (all the orion/kirkwood boards, at least. This includes most of Synology and QNaps offerings)



            Milan Broz @mbroz commented 5 months ago - Owner:



            The sector size option is in kernel 4.12 but will be supported only (optionally) in LUKS2.








          share|improve this answer














          Are you talking about the blocksize used by the cipher? Cryptsetup uses block ciphers, often with a 16 byte blocksize. Changing the cipher might change the blocksize, see /proc/crypto for available ciphers & details, and man cryptsetup.




          • Cryptsetup has a fixed blocksize, 512 bytes, here's a little from it's FAQ:




            2.18 Is there a concern with 4k Sectors?



            Not from dm-crypt itself. Encryption will be done in 512B blocks, but if the partition and filesystem are aligned correctly and the filesystem uses multiples of 4kiB as block size, the dm-crypt layer will just process 8 x 512B = 4096B at a time with negligible overhead. LUKS does place data at an offset, which is 2MiB per default and will not break alignment. See also Item 6.12 of this FAQ for more details. Note that if your partition or filesystem is misaligned, dm-crypt can make the effect worse though.




            Also mentioned in 5.16:




            There is a potential security issue with XTS mode and large blocks.
            LUKS and dm-crypt always use 512B blocks and the issue does not
            apply.





          • Might also be interested in this closed cryptsetup issue (#150) Add dm-crypt support for larger encryption sector (block) size:




            Comment by chriv... on 2013-11-07 11:32:05:



            I would be very interested in this. It turns out, there are many embedded-type systems with on-board crypto accelerators, that fail to perform adequately when given small blocks to work with. Examples include mv_cesa, which is found in so many home NASes these days (all the orion/kirkwood boards, at least. This includes most of Synology and QNaps offerings)



            Milan Broz @mbroz commented 5 months ago - Owner:



            The sector size option is in kernel 4.12 but will be supported only (optionally) in LUKS2.









          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Dec 18 '17 at 18:51

























          answered Dec 18 '17 at 1:44









          Xen2050

          1,012711




          1,012711











          • I know that the block size for final encryption is decided by /proc/crypto. I'm interested to understand if cryptsetup has a defined block size that is passed to kernel and if it is possible to change it (ex. from 512 to 1024) and see if writing speed increases. Because in embedded machines the total delay is high.
            – G.D.
            Dec 18 '17 at 8:18










          • I'll edit in a little from cryptsetup's FAQ, and other places
            – Xen2050
            Dec 18 '17 at 18:31
















          • I know that the block size for final encryption is decided by /proc/crypto. I'm interested to understand if cryptsetup has a defined block size that is passed to kernel and if it is possible to change it (ex. from 512 to 1024) and see if writing speed increases. Because in embedded machines the total delay is high.
            – G.D.
            Dec 18 '17 at 8:18










          • I'll edit in a little from cryptsetup's FAQ, and other places
            – Xen2050
            Dec 18 '17 at 18:31















          I know that the block size for final encryption is decided by /proc/crypto. I'm interested to understand if cryptsetup has a defined block size that is passed to kernel and if it is possible to change it (ex. from 512 to 1024) and see if writing speed increases. Because in embedded machines the total delay is high.
          – G.D.
          Dec 18 '17 at 8:18




          I know that the block size for final encryption is decided by /proc/crypto. I'm interested to understand if cryptsetup has a defined block size that is passed to kernel and if it is possible to change it (ex. from 512 to 1024) and see if writing speed increases. Because in embedded machines the total delay is high.
          – G.D.
          Dec 18 '17 at 8:18












          I'll edit in a little from cryptsetup's FAQ, and other places
          – Xen2050
          Dec 18 '17 at 18:31




          I'll edit in a little from cryptsetup's FAQ, and other places
          – Xen2050
          Dec 18 '17 at 18:31












           

          draft saved


          draft discarded


























           


          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f411011%2fdm-crypt-cryptsetup-which-block-encryption-dimension-use%23new-answer', 'question_page');

          );

          Post as a guest













































































          Popular posts from this blog

          How to check contact read email or not when send email to Individual?

          Displaying single band from multi-band raster using QGIS

          How many registers does an x86_64 CPU actually have?