From owner-freebsd-geom@FreeBSD.ORG  Tue Jul 24 10:31:39 2012
Return-Path: <owner-freebsd-geom@FreeBSD.ORG>
Delivered-To: freebsd-geom@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 2AB89106566B
	for <freebsd-geom@freebsd.org>; Tue, 24 Jul 2012 10:31:39 +0000 (UTC)
	(envelope-from cyberleo@cyberleo.net)
Received: from paka.cyberleo.net (paka.cyberleo.net [66.219.31.21])
	by mx1.freebsd.org (Postfix) with ESMTP id EB29E8FC0A
	for <freebsd-geom@freebsd.org>; Tue, 24 Jul 2012 10:31:38 +0000 (UTC)
Received: from [172.16.44.4] (den.cyberleo.net [216.80.73.130])
	by paka.cyberleo.net (Postfix) with ESMTPSA id 04088298C0;
	Tue, 24 Jul 2012 06:21:38 -0400 (EDT)
Message-ID: <500E772F.6000709@cyberleo.net>
Date: Tue, 24 Jul 2012 05:21:35 -0500
From: CyberLeo Kitsana <cyberleo@cyberleo.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:10.0.4) Gecko/20120617 Thunderbird/10.0.4
MIME-Version: 1.0
To: RW <rwmaillists@googlemail.com>
References: <20120722230539.43054c22@gumby.homeunix.com>
In-Reply-To: <20120722230539.43054c22@gumby.homeunix.com>
X-Enigmail-Version: 1.3.5
Content-Type: text/plain; charset=windows-1251
Content-Transfer-Encoding: 7bit
Cc: freebsd-geom@freebsd.org
Subject: Re: XTS v's CBC
X-BeenThere: freebsd-geom@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: GEOM-specific discussions and implementations
	<freebsd-geom.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-geom>
List-Post: <mailto:freebsd-geom@freebsd.org>
List-Help: <mailto:freebsd-geom-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-geom>,
	<mailto:freebsd-geom-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Jul 2012 10:31:39 -0000

On 07/22/2012 05:05 PM, RW wrote:
> 
> Is there any good reason for preferring XTS over CBC in geli? I just did
> some tests on a new disk and CBC seems to be about 30% faster.

This depends on how the initialization vectors are generated for CBC. If
guessable IVs are used, such as with plain sector/block numbers, a
cryptographic watermark attack is possible.

The attack is not possible if ESSIV (encrypted salt-sector IV) is used
in CBC mode, since the IVs cannot be guessed without the key.

The design of XTS mode thwarts the watermark attack, and allows the
cipher to be easily parallelized, but requires twice the keying material
due to its use of separate keys for encryption and whitening.

The geli manpage does not say which algorithm is used to generate IVs
for CBC mode.

-- 
Fuzzy love,
-CyberLeo
Technical Administrator
CyberLeo.Net Webhosting
http://www.CyberLeo.Net
<CyberLeo@CyberLeo.Net>

Furry Peace! - http://wwww.fur.com/peace/