From owner-freebsd-questions@FreeBSD.ORG  Sat Oct 27 12:12:34 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id CEDC116A419
	for <freebsd-questions@freebsd.org>;
	Sat, 27 Oct 2007 12:12:34 +0000 (UTC)
	(envelope-from fbsd06+PV=46c18da6@mlists.homeunix.com)
Received: from turtle-out.mxes.net (turtle-out.mxes.net [216.86.168.191])
	by mx1.freebsd.org (Postfix) with ESMTP id A616613C48D
	for <freebsd-questions@freebsd.org>;
	Sat, 27 Oct 2007 12:12:34 +0000 (UTC)
	(envelope-from fbsd06+PV=46c18da6@mlists.homeunix.com)
Received: from mxout-04.mxes.net (mxout-04.mxes.net [216.86.168.179])
	by turtle-in.mxes.net (Postfix) with ESMTP id 0D585164681
	for <freebsd-questions@freebsd.org>;
	Sat, 27 Oct 2007 07:55:00 -0400 (EDT)
Received: from gumby.homeunix.com. (unknown [87.81.140.128])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.mxes.net (Postfix) with ESMTP id 514C3D05B3
	for <freebsd-questions@freebsd.org>;
	Sat, 27 Oct 2007 07:54:58 -0400 (EDT)
Date: Sat, 27 Oct 2007 12:54:55 +0100
From: RW <fbsd06@mlists.homeunix.com>
To: freebsd-questions@freebsd.org
Message-ID: <20071027125455.353e5217@gumby.homeunix.com.>
In-Reply-To: <c4a063eb0710270340i32e24736s88f1ca871fb5a58b@mail.gmail.com>
References: <c4a063eb0710270340i32e24736s88f1ca871fb5a58b@mail.gmail.com>
X-Mailer: Claws Mail 3.0.2 (GTK+ 2.12.1; i386-portbld-freebsd6.2)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: Re: Harddisk encryption with geli: key's block size
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Oct 2007 12:12:34 -0000

On Sat, 27 Oct 2007 12:40:00 +0200
"Thomas Hobbes" <mymailfloods@googlemail.com> wrote:

> Hi,
> 
> I want to encrypt my mobile computer's data-partition with a
> passphrase, 128 bit AES and HMAC/MD5. A lot of people use different
> block sizes to generate keys with dd. There are examples with block
> sizes of 64, 32k and 128k in geli's man-page, but I couldn't find out
> why they were used. Spidering 'geli + "key bs"' discovered that there
> are some more values used, i.e. 128, 512 and 1k. What is a reasonable
> block size to use?
>

It doesn't matter, the output of /dev/random is generated from a 256
bit yarrow key, so anything more than "dd /dev/random bs=32 count=1"
is pointless. As you are only using  128  encryption, 256 bit of entropy
is overkill anyway.