Xts-aes-128 !!top!! <PC>

: The "XTS" part adds a "tweak" value—usually based on the physical location (sector) of the data on the disk. This ensures that the ciphertext is unique to its specific position on the drive.

This specific configuration is widely recognized as the industry standard for securing data "at rest" on modern storage devices, including solid-state drives (SSDs), hard drives, and USB flash drives. It is the default encryption method for prominent security tools like Apple FileVault 2 and Microsoft BitLocker. How XTS-AES-128 Works xts-aes-128

The paper specifies "XTS" (the 'S' stands for Stealing). Storage sectors are rarely perfect multiples of the block size (16 bytes). Ciphertext stealing allows XTS to encrypt data of any length without needing padding (which would expand the data and break storage mapping). : The "XTS" part adds a "tweak" value—usually

This effectively "randomizes" the position of the block, ensuring that encryption is deterministic based on location (no need to store an IV) but secure against pattern analysis. It is the default encryption method for prominent

| Use case | Recommendation | |----------|----------------| | Full-disk encryption (laptops, external drives) | ✅ Yes – standard | | Encrypted SSDs (OPAL, eDrive) | ✅ Yes – mandatory | | Virtual machine disk images | ✅ Yes – if no snapshot-based attacks | | Cloud block storage (EBS, Persistent Disk) | ⚠️ Caution – if you deduplicate across tenants, consider AES-256 | | Database inline encryption | ❌ No – use AEAD or format-preserving encryption | | Network transport (TLS, WireGuard) | ❌ No – use ChaCha20-Poly1305 or AES-GCM |