From owner-freebsd-geom@FreeBSD.ORG Mon Aug 9 20:44:05 2010 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D94C5106566C for ; Mon, 9 Aug 2010 20:44:04 +0000 (UTC) (envelope-from pjd@garage.freebsd.pl) Received: from mail.garage.freebsd.pl (chello089077043238.chello.pl [89.77.43.238]) by mx1.freebsd.org (Postfix) with ESMTP id D30828FC14 for ; Mon, 9 Aug 2010 20:43:52 +0000 (UTC) Received: by mail.garage.freebsd.pl (Postfix, from userid 65534) id 066E445CD9; Mon, 9 Aug 2010 22:43:51 +0200 (CEST) Received: from localhost (chello089077043238.chello.pl [89.77.43.238]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.garage.freebsd.pl (Postfix) with ESMTP id E48FA45C9C; Mon, 9 Aug 2010 22:43:45 +0200 (CEST) Date: Mon, 9 Aug 2010 22:43:36 +0200 From: Pawel Jakub Dawidek To: Nick Ulen Message-ID: <20100809204336.GA2087@garage.freebsd.pl> References: <20100809193608.GA10991@wolfman.devio.us> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="zYM0uCDKw75PZbzx" Content-Disposition: inline In-Reply-To: <20100809193608.GA10991@wolfman.devio.us> User-Agent: Mutt/1.4.2.3i X-PGP-Key-URL: http://people.freebsd.org/~pjd/pjd.asc X-OS: FreeBSD 9.0-CURRENT amd64 X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on mail.garage.freebsd.pl X-Spam-Level: X-Spam-Status: No, score=-0.6 required=4.5 tests=BAYES_00,RCVD_IN_SORBS_DUL autolearn=no version=3.0.4 Cc: freebsd-geom@freebsd.org Subject: Re: block cipher mode X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Aug 2010 20:44:05 -0000 --zYM0uCDKw75PZbzx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Aug 09, 2010 at 03:36:08PM -0400, Nick Ulen wrote: > Greetings, >=20 > What GELI uses: CBC or CBC-ESSIV ? GELI uses CBC with unpredictable IV. IV is generated by calculating SHA256 from IV-Key (which is secret) and sector offset. Not sure if this fully matches ESSIV definition. > man geli remains silent ( > according to http://mareichelt.de/pub/notmine/linuxbsd-comparison.html i= t's CBC-ESSIV; > dmesg showed AES-CBC. Do you know who is maintaining this page? There are some bits I'd like to update. For example GELI does support two factor authentication and also does support passphrase changing without reencryption. What I find a very important feature of GELI is integrity verification, which discovers any unauthorized data modification and not only protects data privacy. --=20 Pawel Jakub Dawidek http://www.wheelsystems.com pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! --zYM0uCDKw75PZbzx Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (FreeBSD) iEYEARECAAYFAkxgaHgACgkQForvXbEpPzTzeQCfQj4jX8T9SmIQQGW0IqcvTQLC 6PMAoI0S5kALLcop//k0k1Cj9FVPQIsX =axG4 -----END PGP SIGNATURE----- --zYM0uCDKw75PZbzx--