Note --key-size 256 – because XTS takes two keys, you specify the key length. AES-128 in XTS mode = 256 bits of key material.
# Create a 1GB test file dd if=/dev/zero of=disk.img bs=1M count=1024 losetup -f disk.img Format with LUKS2, XTS-AES-128 cryptsetup luksFormat --type luks2 --cipher aes-xts-plain64 --key-size 256 /dev/loop0 xts-aes-128
2^64 blocks = 256 exabytes (2^64 * 16 bytes). For a single drive writing at 1 GB/s, that would take over 8 million years. Note --key-size 256 – because XTS takes two
It’s the most widely deployed storage encryption mode in the world, yet it is often misunderstood. Developers sometimes treat it like a stream cipher or misuse it as a replacement for HTTPS. xts-aes-128