AES-128-CBC Support Coming To Fscrypt
Written by Michael Larabel in Linux Storage on 26 June 2017 at 09:41 AM EDT. 2 Comments
AES-128-CBC support is coming to fscrypt, the generic file-system crypto code in the Linux kernel that's currently in use by F2FS and EXT4 for offering native file-system encryption support.

Fscrypt currently makes use of AES-256-XTS/AES-256-CBC-CTS but the fscrypt design allows for supporting multiple encryption standards. Support for AES-128-CBC in file contents and AES-128-CBC-CTS for file names is being added namely for mobile/embedded hardware that may provide crypto accelerators for these standards.

From this fscrypt commit:
This patch adds support for using AES-128-CBC for file contents and AES-128-CBC-CTS for file name encryption. To mitigate watermarking attacks, IVs are generated using the ESSIV algorithm. While AES-CBC is actually slightly less secure than AES-XTS from a security point of view, there is more widespread hardware support. Using AES-CBC gives us the acceptable performance while still providing a moderate level of security for persistent storage.

Especially low-powered embedded devices with crypto accelerators such as CAAM or CESA often only support AES-CBC. Since using AES-CBC over AES-XTS is basically thought of a last resort, we use AES-128-CBC over AES-256-CBC since it has less encryption rounds and yields noticeable better performance starting from a file size of just a few kB.
This addition to fscrypt should be merged during the upcoming Linux 4.13 merge window.
Related News
About The Author
Author picture

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter or contacted via

Popular News This Week