Você está falando sobre o tamanho do bloco usado pela cifra? O Cryptsetup usa cifras de bloco, geralmente com blocos de 16 bytes. Alterar a cifra pode alterar o tamanho do bloco, veja /proc/crypto
para as cifras disponíveis & detalhes e man cryptsetup
.
-
O Cryptsetup tem um bloco de blocos fixo de 512 bytes. Aqui está um pouco da FAQ :
2.18 Is there a concern with 4k Sectors?
Not from dm-crypt itself. Encryption will be done in 512B blocks, but if the partition and filesystem are aligned correctly and the filesystem uses multiples of 4kiB as block size, the dm-crypt layer will just process 8 x 512B = 4096B at a time with negligible overhead. LUKS does place data at an offset, which is 2MiB per default and will not break alignment. See also Item 6.12 of this FAQ for more details. Note that if your partition or filesystem is misaligned, dm-crypt can make the effect worse though.
Também mencionado em 5.16:
There is a potential security issue with XTS mode and large blocks. LUKS and dm-crypt always use 512B blocks and the issue does not apply.
-
Pode também estar interessado neste problema de cryptetup fechado (# 150) Adicionar suporte dm-crypt para maior setor de criptografia (bloco) tamanho :
Comment by chriv... on 2013-11-07 11:32:05:
I would be very interested in this. It turns out, there are many embedded-type systems with on-board crypto accelerators, that fail to perform adequately when given small blocks to work with. Examples include mv_cesa, which is found in so many home NASes these days (all the orion/kirkwood boards, at least. This includes most of Synology and QNaps offerings)
Milan Broz @mbroz commented 5 months ago - Owner:
The sector size option is in kernel 4.12 but will be supported only (optionally) in LUKS2.