Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753661AbdCaGgH (ORCPT ); Fri, 31 Mar 2017 02:36:07 -0400 Received: from mail-pg0-f65.google.com ([74.125.83.65]:34904 "EHLO mail-pg0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751347AbdCaGgF (ORCPT ); Fri, 31 Mar 2017 02:36:05 -0400 Date: Thu, 30 Mar 2017 23:36:01 -0700 From: Eric Biggers To: David Gstir Cc: tytso@mit.edu, jaegeuk@kernel.org, dwalter@sigma-star.at, richard@sigma-star.at, herbert@gondor.apana.org.au, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-fscrypt@vger.kernel.org Subject: Re: [PATCH] fscrypt: Add support for AES-128-CBC Message-ID: <20170331063601.GB32409@zzz> References: <20170330173840.72909-1-david@sigma-star.at> <20170331062149.GA32409@zzz> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20170331062149.GA32409@zzz> User-Agent: Mutt/1.8.0 (2017-02-23) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 490 Lines: 12 On Thu, Mar 30, 2017 at 11:21:49PM -0700, Eric Biggers wrote: > > Something else to consider (probably for the future; this doesn't necessarily > have to be done yet) is that you really only need one essiv_tfm per *key*, not > one per inode. To deduplicate them you'd need a hash table or LRU queue or > something to keep track of the keys in use. > Sorry, I screwed this up. This wouldn't work because the ESSIV key is being derived from the per-file key, not the master key. - Eric