Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 24 Jul 2012 13:28:23 +0200
From:      Pawel Jakub Dawidek <pjd@FreeBSD.org>
To:        CyberLeo Kitsana <cyberleo@cyberleo.net>
Cc:        RW <rwmaillists@googlemail.com>, freebsd-geom@freebsd.org
Subject:   Re: XTS v's CBC
Message-ID:  <20120724112823.GD1384@garage.freebsd.pl>
In-Reply-To: <500E772F.6000709@cyberleo.net>
References:  <20120722230539.43054c22@gumby.homeunix.com> <500E772F.6000709@cyberleo.net>

next in thread | previous in thread | raw e-mail | index | archive | help

--Kj7319i9nmIyA2yE
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Jul 24, 2012 at 05:21:35AM -0500, CyberLeo Kitsana wrote:
> On 07/22/2012 05:05 PM, RW wrote:
> >=20
> > Is there any good reason for preferring XTS over CBC in geli? I just did
> > some tests on a new disk and CBC seems to be about 30% faster.
>=20
> This depends on how the initialization vectors are generated for CBC. If
> guessable IVs are used, such as with plain sector/block numbers, a
> cryptographic watermark attack is possible.
>=20
> The attack is not possible if ESSIV (encrypted salt-sector IV) is used
> in CBC mode, since the IVs cannot be guessed without the key.
>=20
> The design of XTS mode thwarts the watermark attack, and allows the
> cipher to be easily parallelized, but requires twice the keying material
> due to its use of separate keys for encryption and whitening.
>=20
> The geli manpage does not say which algorithm is used to generate IVs
> for CBC mode.

It does in the ENCRYPTION MODES section:

geli supports two encryption modes: XTS, which was standardized as IEE
P1619 and CBC with unpredictable IV. The CBC mode used by geli is very
similar to the mode ESSIV.

--=20
Pawel Jakub Dawidek                       http://www.wheelsystems.com
FreeBSD committer                         http://www.FreeBSD.org
Am I Evil? Yes, I Am!                     http://tupytaj.pl

--Kj7319i9nmIyA2yE
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)

iEYEARECAAYFAlAOhtcACgkQForvXbEpPzTwrQCeJiyrcAeZYYTNu1sB6hgOjSFq
pyEAn3TRGbhr1EHu4aC7fbVAWHP/4fo6
=BtUI
-----END PGP SIGNATURE-----

--Kj7319i9nmIyA2yE--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120724112823.GD1384>