dm-crypt / cryptsetup which block encryption dimension use
Clash Royale CLAN TAG#URR8PPP
up vote
0
down vote
favorite
I'm working on dm-crypt utilizing cryptsetup. I'm interested to understand if it's using a fixed block dimension to encrypt files.
I explain it better: I created a LUKS envelop, formatted it with luksFormat, then open and mounted in file system.
Then I normally write files in that encrypted folder. I want to understand if I write 8 Kb file there is the possibility that dm-crypt encrypt it in blocks of fixed dimensions and in case there is a way to modify this block dimension??
|-----------------------------------------------|
|+ 8Kb +|
|-----------------------------------------------|
| b1 | b2 | b3 | | | | bn |
| | | | | | | |
--------------------------------------------------
encryption disk-encryption cryptsetup dm-crypt
add a comment |Â
up vote
0
down vote
favorite
I'm working on dm-crypt utilizing cryptsetup. I'm interested to understand if it's using a fixed block dimension to encrypt files.
I explain it better: I created a LUKS envelop, formatted it with luksFormat, then open and mounted in file system.
Then I normally write files in that encrypted folder. I want to understand if I write 8 Kb file there is the possibility that dm-crypt encrypt it in blocks of fixed dimensions and in case there is a way to modify this block dimension??
|-----------------------------------------------|
|+ 8Kb +|
|-----------------------------------------------|
| b1 | b2 | b3 | | | | bn |
| | | | | | | |
--------------------------------------------------
encryption disk-encryption cryptsetup dm-crypt
add a comment |Â
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I'm working on dm-crypt utilizing cryptsetup. I'm interested to understand if it's using a fixed block dimension to encrypt files.
I explain it better: I created a LUKS envelop, formatted it with luksFormat, then open and mounted in file system.
Then I normally write files in that encrypted folder. I want to understand if I write 8 Kb file there is the possibility that dm-crypt encrypt it in blocks of fixed dimensions and in case there is a way to modify this block dimension??
|-----------------------------------------------|
|+ 8Kb +|
|-----------------------------------------------|
| b1 | b2 | b3 | | | | bn |
| | | | | | | |
--------------------------------------------------
encryption disk-encryption cryptsetup dm-crypt
I'm working on dm-crypt utilizing cryptsetup. I'm interested to understand if it's using a fixed block dimension to encrypt files.
I explain it better: I created a LUKS envelop, formatted it with luksFormat, then open and mounted in file system.
Then I normally write files in that encrypted folder. I want to understand if I write 8 Kb file there is the possibility that dm-crypt encrypt it in blocks of fixed dimensions and in case there is a way to modify this block dimension??
|-----------------------------------------------|
|+ 8Kb +|
|-----------------------------------------------|
| b1 | b2 | b3 | | | | bn |
| | | | | | | |
--------------------------------------------------
encryption disk-encryption cryptsetup dm-crypt
asked Dec 15 '17 at 9:50
G.D.
204
204
add a comment |Â
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
0
down vote
accepted
Are you talking about the blocksize used by the cipher? Cryptsetup uses block ciphers, often with a 16 byte blocksize. Changing the cipher might change the blocksize, see /proc/crypto
for available ciphers & details, and man cryptsetup
.
Cryptsetup has a fixed blocksize, 512 bytes, here's a little from it's FAQ:
2.18 Is there a concern with 4k Sectors?
Not from dm-crypt itself. Encryption will be done in 512B blocks, but if the partition and filesystem are aligned correctly and the filesystem uses multiples of 4kiB as block size, the dm-crypt layer will just process 8 x 512B = 4096B at a time with negligible overhead. LUKS does place data at an offset, which is 2MiB per default and will not break alignment. See also Item 6.12 of this FAQ for more details. Note that if your partition or filesystem is misaligned, dm-crypt can make the effect worse though.
Also mentioned in 5.16:
There is a potential security issue with XTS mode and large blocks.
LUKS and dm-crypt always use 512B blocks and the issue does not
apply.Might also be interested in this closed cryptsetup issue (#150) Add dm-crypt support for larger encryption sector (block) size:
Comment by chriv... on 2013-11-07 11:32:05:
I would be very interested in this. It turns out, there are many embedded-type systems with on-board crypto accelerators, that fail to perform adequately when given small blocks to work with. Examples include mv_cesa, which is found in so many home NASes these days (all the orion/kirkwood boards, at least. This includes most of Synology and QNaps offerings)
Milan Broz @mbroz commented 5 months ago - Owner:
The sector size option is in kernel 4.12 but will be supported only (optionally) in LUKS2.
I know that the block size for final encryption is decided by /proc/crypto. I'm interested to understand if cryptsetup has a defined block size that is passed to kernel and if it is possible to change it (ex. from 512 to 1024) and see if writing speed increases. Because in embedded machines the total delay is high.
â G.D.
Dec 18 '17 at 8:18
I'll edit in a little from cryptsetup's FAQ, and other places
â Xen2050
Dec 18 '17 at 18:31
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
accepted
Are you talking about the blocksize used by the cipher? Cryptsetup uses block ciphers, often with a 16 byte blocksize. Changing the cipher might change the blocksize, see /proc/crypto
for available ciphers & details, and man cryptsetup
.
Cryptsetup has a fixed blocksize, 512 bytes, here's a little from it's FAQ:
2.18 Is there a concern with 4k Sectors?
Not from dm-crypt itself. Encryption will be done in 512B blocks, but if the partition and filesystem are aligned correctly and the filesystem uses multiples of 4kiB as block size, the dm-crypt layer will just process 8 x 512B = 4096B at a time with negligible overhead. LUKS does place data at an offset, which is 2MiB per default and will not break alignment. See also Item 6.12 of this FAQ for more details. Note that if your partition or filesystem is misaligned, dm-crypt can make the effect worse though.
Also mentioned in 5.16:
There is a potential security issue with XTS mode and large blocks.
LUKS and dm-crypt always use 512B blocks and the issue does not
apply.Might also be interested in this closed cryptsetup issue (#150) Add dm-crypt support for larger encryption sector (block) size:
Comment by chriv... on 2013-11-07 11:32:05:
I would be very interested in this. It turns out, there are many embedded-type systems with on-board crypto accelerators, that fail to perform adequately when given small blocks to work with. Examples include mv_cesa, which is found in so many home NASes these days (all the orion/kirkwood boards, at least. This includes most of Synology and QNaps offerings)
Milan Broz @mbroz commented 5 months ago - Owner:
The sector size option is in kernel 4.12 but will be supported only (optionally) in LUKS2.
I know that the block size for final encryption is decided by /proc/crypto. I'm interested to understand if cryptsetup has a defined block size that is passed to kernel and if it is possible to change it (ex. from 512 to 1024) and see if writing speed increases. Because in embedded machines the total delay is high.
â G.D.
Dec 18 '17 at 8:18
I'll edit in a little from cryptsetup's FAQ, and other places
â Xen2050
Dec 18 '17 at 18:31
add a comment |Â
up vote
0
down vote
accepted
Are you talking about the blocksize used by the cipher? Cryptsetup uses block ciphers, often with a 16 byte blocksize. Changing the cipher might change the blocksize, see /proc/crypto
for available ciphers & details, and man cryptsetup
.
Cryptsetup has a fixed blocksize, 512 bytes, here's a little from it's FAQ:
2.18 Is there a concern with 4k Sectors?
Not from dm-crypt itself. Encryption will be done in 512B blocks, but if the partition and filesystem are aligned correctly and the filesystem uses multiples of 4kiB as block size, the dm-crypt layer will just process 8 x 512B = 4096B at a time with negligible overhead. LUKS does place data at an offset, which is 2MiB per default and will not break alignment. See also Item 6.12 of this FAQ for more details. Note that if your partition or filesystem is misaligned, dm-crypt can make the effect worse though.
Also mentioned in 5.16:
There is a potential security issue with XTS mode and large blocks.
LUKS and dm-crypt always use 512B blocks and the issue does not
apply.Might also be interested in this closed cryptsetup issue (#150) Add dm-crypt support for larger encryption sector (block) size:
Comment by chriv... on 2013-11-07 11:32:05:
I would be very interested in this. It turns out, there are many embedded-type systems with on-board crypto accelerators, that fail to perform adequately when given small blocks to work with. Examples include mv_cesa, which is found in so many home NASes these days (all the orion/kirkwood boards, at least. This includes most of Synology and QNaps offerings)
Milan Broz @mbroz commented 5 months ago - Owner:
The sector size option is in kernel 4.12 but will be supported only (optionally) in LUKS2.
I know that the block size for final encryption is decided by /proc/crypto. I'm interested to understand if cryptsetup has a defined block size that is passed to kernel and if it is possible to change it (ex. from 512 to 1024) and see if writing speed increases. Because in embedded machines the total delay is high.
â G.D.
Dec 18 '17 at 8:18
I'll edit in a little from cryptsetup's FAQ, and other places
â Xen2050
Dec 18 '17 at 18:31
add a comment |Â
up vote
0
down vote
accepted
up vote
0
down vote
accepted
Are you talking about the blocksize used by the cipher? Cryptsetup uses block ciphers, often with a 16 byte blocksize. Changing the cipher might change the blocksize, see /proc/crypto
for available ciphers & details, and man cryptsetup
.
Cryptsetup has a fixed blocksize, 512 bytes, here's a little from it's FAQ:
2.18 Is there a concern with 4k Sectors?
Not from dm-crypt itself. Encryption will be done in 512B blocks, but if the partition and filesystem are aligned correctly and the filesystem uses multiples of 4kiB as block size, the dm-crypt layer will just process 8 x 512B = 4096B at a time with negligible overhead. LUKS does place data at an offset, which is 2MiB per default and will not break alignment. See also Item 6.12 of this FAQ for more details. Note that if your partition or filesystem is misaligned, dm-crypt can make the effect worse though.
Also mentioned in 5.16:
There is a potential security issue with XTS mode and large blocks.
LUKS and dm-crypt always use 512B blocks and the issue does not
apply.Might also be interested in this closed cryptsetup issue (#150) Add dm-crypt support for larger encryption sector (block) size:
Comment by chriv... on 2013-11-07 11:32:05:
I would be very interested in this. It turns out, there are many embedded-type systems with on-board crypto accelerators, that fail to perform adequately when given small blocks to work with. Examples include mv_cesa, which is found in so many home NASes these days (all the orion/kirkwood boards, at least. This includes most of Synology and QNaps offerings)
Milan Broz @mbroz commented 5 months ago - Owner:
The sector size option is in kernel 4.12 but will be supported only (optionally) in LUKS2.
Are you talking about the blocksize used by the cipher? Cryptsetup uses block ciphers, often with a 16 byte blocksize. Changing the cipher might change the blocksize, see /proc/crypto
for available ciphers & details, and man cryptsetup
.
Cryptsetup has a fixed blocksize, 512 bytes, here's a little from it's FAQ:
2.18 Is there a concern with 4k Sectors?
Not from dm-crypt itself. Encryption will be done in 512B blocks, but if the partition and filesystem are aligned correctly and the filesystem uses multiples of 4kiB as block size, the dm-crypt layer will just process 8 x 512B = 4096B at a time with negligible overhead. LUKS does place data at an offset, which is 2MiB per default and will not break alignment. See also Item 6.12 of this FAQ for more details. Note that if your partition or filesystem is misaligned, dm-crypt can make the effect worse though.
Also mentioned in 5.16:
There is a potential security issue with XTS mode and large blocks.
LUKS and dm-crypt always use 512B blocks and the issue does not
apply.Might also be interested in this closed cryptsetup issue (#150) Add dm-crypt support for larger encryption sector (block) size:
Comment by chriv... on 2013-11-07 11:32:05:
I would be very interested in this. It turns out, there are many embedded-type systems with on-board crypto accelerators, that fail to perform adequately when given small blocks to work with. Examples include mv_cesa, which is found in so many home NASes these days (all the orion/kirkwood boards, at least. This includes most of Synology and QNaps offerings)
Milan Broz @mbroz commented 5 months ago - Owner:
The sector size option is in kernel 4.12 but will be supported only (optionally) in LUKS2.
edited Dec 18 '17 at 18:51
answered Dec 18 '17 at 1:44
Xen2050
1,012711
1,012711
I know that the block size for final encryption is decided by /proc/crypto. I'm interested to understand if cryptsetup has a defined block size that is passed to kernel and if it is possible to change it (ex. from 512 to 1024) and see if writing speed increases. Because in embedded machines the total delay is high.
â G.D.
Dec 18 '17 at 8:18
I'll edit in a little from cryptsetup's FAQ, and other places
â Xen2050
Dec 18 '17 at 18:31
add a comment |Â
I know that the block size for final encryption is decided by /proc/crypto. I'm interested to understand if cryptsetup has a defined block size that is passed to kernel and if it is possible to change it (ex. from 512 to 1024) and see if writing speed increases. Because in embedded machines the total delay is high.
â G.D.
Dec 18 '17 at 8:18
I'll edit in a little from cryptsetup's FAQ, and other places
â Xen2050
Dec 18 '17 at 18:31
I know that the block size for final encryption is decided by /proc/crypto. I'm interested to understand if cryptsetup has a defined block size that is passed to kernel and if it is possible to change it (ex. from 512 to 1024) and see if writing speed increases. Because in embedded machines the total delay is high.
â G.D.
Dec 18 '17 at 8:18
I know that the block size for final encryption is decided by /proc/crypto. I'm interested to understand if cryptsetup has a defined block size that is passed to kernel and if it is possible to change it (ex. from 512 to 1024) and see if writing speed increases. Because in embedded machines the total delay is high.
â G.D.
Dec 18 '17 at 8:18
I'll edit in a little from cryptsetup's FAQ, and other places
â Xen2050
Dec 18 '17 at 18:31
I'll edit in a little from cryptsetup's FAQ, and other places
â Xen2050
Dec 18 '17 at 18:31
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f411011%2fdm-crypt-cryptsetup-which-block-encryption-dimension-use%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password