Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 24 Jul 2012 05:21:35 -0500
From:      CyberLeo Kitsana <cyberleo@cyberleo.net>
To:        RW <rwmaillists@googlemail.com>
Cc:        freebsd-geom@freebsd.org
Subject:   Re: XTS v's CBC
Message-ID:  <500E772F.6000709@cyberleo.net>
In-Reply-To: <20120722230539.43054c22@gumby.homeunix.com>
References:  <20120722230539.43054c22@gumby.homeunix.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On 07/22/2012 05:05 PM, RW wrote:
> 
> Is there any good reason for preferring XTS over CBC in geli? I just did
> some tests on a new disk and CBC seems to be about 30% faster.

This depends on how the initialization vectors are generated for CBC. If
guessable IVs are used, such as with plain sector/block numbers, a
cryptographic watermark attack is possible.

The attack is not possible if ESSIV (encrypted salt-sector IV) is used
in CBC mode, since the IVs cannot be guessed without the key.

The design of XTS mode thwarts the watermark attack, and allows the
cipher to be easily parallelized, but requires twice the keying material
due to its use of separate keys for encryption and whitening.

The geli manpage does not say which algorithm is used to generate IVs
for CBC mode.

-- 
Fuzzy love,
-CyberLeo
Technical Administrator
CyberLeo.Net Webhosting
http://www.CyberLeo.Net
<CyberLeo@CyberLeo.Net>

Furry Peace! - http://wwww.fur.com/peace/



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?500E772F.6000709>