From owner-freebsd-questions@FreeBSD.ORG  Wed Jul 25 19:18:49 2012
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id F3E2510656EA
	for <freebsd-questions@freebsd.org>;
	Wed, 25 Jul 2012 19:18:48 +0000 (UTC)
	(envelope-from kudzu@tenebras.com)
Received: from mail-wg0-f50.google.com (mail-wg0-f50.google.com [74.125.82.50])
	by mx1.freebsd.org (Postfix) with ESMTP id 84B748FC17
	for <freebsd-questions@freebsd.org>;
	Wed, 25 Jul 2012 19:18:48 +0000 (UTC)
Received: by wgbds11 with SMTP id ds11so1046391wgb.31
	for <freebsd-questions@freebsd.org>;
	Wed, 25 Jul 2012 12:18:47 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=google.com; s=20120113;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type:x-gm-message-state;
	bh=YSaUWFVjRPdaUF7iT/Sq/HtGQTDXYCZYLgpyJgg/62w=;
	b=MAcc2YvIvzVmLPe0fn4kVx/nGqjf1YYOEWg9+gPnBVW03oVOMWKNjy07ifyTz/6AtX
	oyhPnAkiWaJVUOCFIKWSSvJ2+InFR6bsjrkNtrlH84zJVn8uqV9sCPjlr6N781QVmU6t
	D1y2qPacWfumgahyrkmbbsizqyTvKExEq1mHoFrU8IKCClWk7B06MX+zQa4ncs0mRABO
	Jig4mmJW3JHlpFschS/Zs9J9/ClXFYrKCQM/I80Otu/sh8eGF+XXdm3u0+eVqY2fRUZK
	k2FFoDAcqPJ7q7q7yumsHmCzcQjix15pG1yvyE5mDD6bVSv8n2yG2hkPPG5oXmfRwl9D
	5gWw==
MIME-Version: 1.0
Received: by 10.216.241.198 with SMTP id g48mr4609813wer.192.1343243927286;
	Wed, 25 Jul 2012 12:18:47 -0700 (PDT)
Received: by 10.223.172.129 with HTTP; Wed, 25 Jul 2012 12:18:47 -0700 (PDT)
In-Reply-To: <alpine.BSF.2.00.1207252055180.9814@wojtek.tensor.gdynia.pl>
References: <alpine.BSF.2.00.1207252055180.9814@wojtek.tensor.gdynia.pl>
Date: Wed, 25 Jul 2012 12:18:47 -0700
Message-ID: <CAHu1Y72jhZ7hSP_AfoTiP7dmdgpjS8OWLrLfkn3zFfgeu8dHBw@mail.gmail.com>
From: Michael Sierchio <kudzu@tenebras.com>
To: Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl>
Content-Type: text/plain; charset=ISO-8859-1
X-Gm-Message-State: ALoCoQnQFGxNg1W2lms/utxFfT9CJTP6wj1Kz6z7OalS1d/0U+7R7cadZ3q/vfvQKeW3qnvyS49c
Cc: freebsd-questions@freebsd.org
Subject: Re: geli - selecting cipher
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Jul 2012 19:18:49 -0000

On Wed, Jul 25, 2012 at 11:57 AM, Wojciech Puchar
<wojtek@wojtek.tensor.gdynia.pl> wrote:
> i need high speed disk encryption (many disks running in parallel, lots of

> I'm not cryptography expert, is CBC somehow "less secure", and if so is it
> really a problem?

XTS-AES is a standard devised specifically for disk encryption - it
supports operations on sectors that aren't divisible by the cipher
block size.

See  http://en.wikipedia.org/wiki/Disk_encryption_theory#XEX-based_tweaked-codebook_mode_with_ciphertext_stealing_.28XTS.29

I personally would be fine with AES-CTR mode, since I don't see the
need to defend against the mythical "strong" adversary who can write
arbitrary bits to unused sectors and then ask to have them decrypted.
AES-CTR doesn't (by itself) have any integrity check.

AES-CBC is fine, but the ciphertext is larger than the plaintext.

- M