: Since OS X Lion, FileVault 2 has used XTS-AES-128 with a 256-bit key to protect the startup volume.
This refers to the length of the encryption key in bits. While AES-256 provides even more "brute-force" resistance, 128-bit keys are still cryptographically secure and offer a performance advantage, especially on mobile devices or hardware without specialized encryption chips.
While "XTS-AES-128" is the specific algorithm implementation, the academic paper that introduced and standardized it is primarily authored by (who formalized XEX) and the IEEE Security in Storage Working Group . xts-aes-128
$$C = E_K1(P \oplus T) \oplus T$$
What storage needed was:
XTS is considered a encryption mode.
For authenticated encryption, you need a MAC (e.g., AES-GCM-SIV). But for raw block devices, XTS is the practical choice. : Since OS X Lion, FileVault 2 has
: This technique allows the algorithm to encrypt data that isn't a perfect multiple of the block size (128 bits) without needing to add extra "padding" that would waste storage space. Major Implementations