Date: Sat, 27 Oct 2007 12:54:55 +0100 From: RW <fbsd06@mlists.homeunix.com> To: freebsd-questions@freebsd.org Subject: Re: Harddisk encryption with geli: key's block size Message-ID: <20071027125455.353e5217@gumby.homeunix.com.> In-Reply-To: <c4a063eb0710270340i32e24736s88f1ca871fb5a58b@mail.gmail.com> References: <c4a063eb0710270340i32e24736s88f1ca871fb5a58b@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 27 Oct 2007 12:40:00 +0200 "Thomas Hobbes" <mymailfloods@googlemail.com> wrote: > Hi, > > I want to encrypt my mobile computer's data-partition with a > passphrase, 128 bit AES and HMAC/MD5. A lot of people use different > block sizes to generate keys with dd. There are examples with block > sizes of 64, 32k and 128k in geli's man-page, but I couldn't find out > why they were used. Spidering 'geli + "key bs"' discovered that there > are some more values used, i.e. 128, 512 and 1k. What is a reasonable > block size to use? > It doesn't matter, the output of /dev/random is generated from a 256 bit yarrow key, so anything more than "dd /dev/random bs=32 count=1" is pointless. As you are only using 128 encryption, 256 bit of entropy is overkill anyway.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071027125455.353e5217>