Date: Sun, 17 Apr 2011 19:16:59 +0200 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: Christian Baer <christian.baer@uni-dortmund.de> Cc: freebsd-geom@freebsd.org Subject: Re: Maximum secure filesystem-size with geli Message-ID: <20110417171659.GD22319@garage.freebsd.pl> In-Reply-To: <fc5ee742-9f3a-4418-9fe7-4062de807360@email.android.com> References: <fc5ee742-9f3a-4418-9fe7-4062de807360@email.android.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Sun, Apr 17, 2011 at 06:25:00PM +0200, Christian Baer wrote: > Hello Folks! > > This is quite a novum for me: The first message to a mailing list from an Android phone. :-) But since I am very far away from a "real" computer, I have to do it this was. Maybe there will be an answer by the time I get home so I can dig in directly. :-) > > Now I know this question has been asked before, but somehow there has never been a definite answer. > > What is the official maximum recommended file system size when encrypting with geli and AES or Camellia. I am not asking about the security of the ciphers (64 bit blocks like Blowfish has would not be good for modern file system sizes) or geli in itself but rather about at hat size it is recommended to make two file systems and thus creating two keys for the entire size. > > Does it make a diff if there are less IVs? Since newer and larger HDs now longer come with 512 byte sectory but instead with 4096 byte sectors, I guess this changes things too. > > Has anyone got a recommendation for me? Recent GELI uses one key for every 2^20 sectors, so no more than (2^20)*sectorsize bytes is encrypted using one key, so file system size should not be an issue. -- Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://yomoli.com [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (FreeBSD) iEYEARECAAYFAk2rIIsACgkQForvXbEpPzQyoACdGVcW2RQsBbTFfKRkzaXLXpCP DsgAoNWomZSd3E+KcCZ5/ghOlth2AFl0 =2VEf -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110417171659.GD22319>