From owner-freebsd-geom@FreeBSD.ORG  Sun Apr 17 16:44:38 2011
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
Delivered-To: freebsd-geom@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 69CE8106564A
	for <freebsd-geom@freebsd.org>; Sun, 17 Apr 2011 16:44:38 +0000 (UTC)
	(envelope-from christian.baer@uni-dortmund.de)
Received: from dd18116.kasserver.com (dd18116.kasserver.com [85.13.138.156])
	by mx1.freebsd.org (Postfix) with ESMTP id 2F62B8FC0A
	for <freebsd-geom@freebsd.org>; Sun, 17 Apr 2011 16:44:37 +0000 (UTC)
Received: from [10.207.132.225] (tmo-109-17.customers.d1-online.com
	[80.187.109.17])
	by dd18116.kasserver.com (Postfix) with ESMTPSA id B53D16601A3;
	Sun, 17 Apr 2011 18:25:32 +0200 (CEST)
User-Agent: K-9 Mail for Android
MIME-Version: 1.0
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 8bit
From: Christian Baer <christian.baer@uni-dortmund.de>
Date: Sun, 17 Apr 2011 18:25:00 +0200
To: freebsd-geom@freebsd.org
Message-ID: <fc5ee742-9f3a-4418-9fe7-4062de807360@email.android.com>
Subject: Maximum secure filesystem-size with geli
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Apr 2011 16:44:38 -0000

Hello Folks!

This is quite a novum for me: The first message to a mailing list from an Android phone. :-) But since I am very far away from a "real" computer, I have to do it this was. Maybe there will be an answer by the time I get home so I can dig in directly. :-)

Now I know this question has been asked before, but somehow there has never been a definite answer.

What is the official maximum recommended file system size when encrypting with geli and AES or Camellia. I am not asking about the security of the ciphers (64 bit blocks like Blowfish has would not be good for modern file system sizes) or geli in itself but rather about at hat size it is recommended to make two file systems and thus creating two keys for the entire size.

Does it make a diff if there are less IVs? Since newer and larger HDs now longer come with 512 byte sectory but instead with 4096 byte sectors, I guess this changes things too.

Has anyone got a recommendation for me?

-- 
Best regards from Germany!
Chris