Xts-aes-128 May 2026

# Create a 1GB test file dd if=/dev/zero of=disk.img bs=1M count=1024 losetup -f disk.img Format with LUKS2, XTS-AES-128 cryptsetup luksFormat --type luks2 --cipher aes-xts-plain64 --key-size 256 /dev/loop0

It’s the most widely deployed storage encryption mode in the world, yet it is often misunderstood. Developers sometimes treat it like a stream cipher or misuse it as a replacement for HTTPS. xts-aes-128

Check the active cipher:

Note --key-size 256 – because XTS takes two keys, you specify the key length. AES-128 in XTS mode = 256 bits of key material. # Create a 1GB test file dd if=/dev/zero of=disk

When you encrypt the hard drive on your new laptop with BitLocker, secure an external SSD with VeraCrypt, or enable encryption on an Android device, you are almost certainly using XTS-AES-128 . AES-128 in XTS mode = 256 bits of key material

2^64 blocks = 256 exabytes (2^64 * 16 bytes). For a single drive writing at 1 GB/s, that would take over 8 million years.