Narrow-block Vs. Wide-block Encryption
An encryption algorithm used for data storage has to support independent encryption and decryption of portions of data. So called narrow-block algorithms operate on relatively small portions of data, while the wide-block algorithms encrypt or decrypt a whole sector. Narrow-block algorithms have the advantage of more efficient hardware implementation. On the other hand, smaller block size provides finer granularity for data modification attacks. There is no standardized "acceptable granularity"; however, for example, the possibility of data modification with the granularity of one bit (bit-flipping attack) is generally considered unacceptable.
For these reasons, the working group has selected the narrow-block (128 bits) encryption with no authentication in the standard P1619, assuming that the added efficiency warrants the additional risk. But recognizing that wide-block encryption might be useful in some cases, another project P1619.2 has been started to study the usage of wide-block encryption.
Read more about this topic: IEEE P1619