Date: Tue, 24 Jul 2012 05:21:35 -0500 From: CyberLeo Kitsana <cyberleo@cyberleo.net> To: RW <rwmaillists@googlemail.com> Cc: freebsd-geom@freebsd.org Subject: Re: XTS v's CBC Message-ID: <500E772F.6000709@cyberleo.net> In-Reply-To: <20120722230539.43054c22@gumby.homeunix.com> References: <20120722230539.43054c22@gumby.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 07/22/2012 05:05 PM, RW wrote: > > Is there any good reason for preferring XTS over CBC in geli? I just did > some tests on a new disk and CBC seems to be about 30% faster. This depends on how the initialization vectors are generated for CBC. If guessable IVs are used, such as with plain sector/block numbers, a cryptographic watermark attack is possible. The attack is not possible if ESSIV (encrypted salt-sector IV) is used in CBC mode, since the IVs cannot be guessed without the key. The design of XTS mode thwarts the watermark attack, and allows the cipher to be easily parallelized, but requires twice the keying material due to its use of separate keys for encryption and whitening. The geli manpage does not say which algorithm is used to generate IVs for CBC mode. -- Fuzzy love, -CyberLeo Technical Administrator CyberLeo.Net Webhosting http://www.CyberLeo.Net <CyberLeo@CyberLeo.Net> Furry Peace! - http://wwww.fur.com/peace/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?500E772F.6000709>