Date: Mon, 9 Aug 2010 22:43:36 +0200 From: Pawel Jakub Dawidek <pjd@FreeBSD.org> To: Nick Ulen <uncle@wolfman.devio.us> Cc: freebsd-geom@freebsd.org Subject: Re: block cipher mode Message-ID: <20100809204336.GA2087@garage.freebsd.pl> In-Reply-To: <20100809193608.GA10991@wolfman.devio.us> References: <20100809193608.GA10991@wolfman.devio.us>
next in thread | previous in thread | raw e-mail | index | archive | help
--zYM0uCDKw75PZbzx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Aug 09, 2010 at 03:36:08PM -0400, Nick Ulen wrote: > Greetings, >=20 > What GELI uses: CBC or CBC-ESSIV ? GELI uses CBC with unpredictable IV. IV is generated by calculating SHA256 from IV-Key (which is secret) and sector offset. Not sure if this fully matches ESSIV definition. > man geli remains silent ( > according to http://mareichelt.de/pub/notmine/linuxbsd-comparison.html i= t's CBC-ESSIV; > dmesg showed AES-CBC. Do you know who is maintaining this page? There are some bits I'd like to update. For example GELI does support two factor authentication and also does support passphrase changing without reencryption. What I find a very important feature of GELI is integrity verification, which discovers any unauthorized data modification and not only protects data privacy. --=20 Pawel Jakub Dawidek http://www.wheelsystems.com pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --zYM0uCDKw75PZbzx Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (FreeBSD) iEYEARECAAYFAkxgaHgACgkQForvXbEpPzTzeQCfQj4jX8T9SmIQQGW0IqcvTQLC 6PMAoI0S5kALLcop//k0k1Cj9FVPQIsX =axG4 -----END PGP SIGNATURE----- --zYM0uCDKw75PZbzx--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100809204336.GA2087>