From owner-freebsd-geom@FreeBSD.ORG Tue Jul 24 11:30:48 2012 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E47A81065670 for ; Tue, 24 Jul 2012 11:30:48 +0000 (UTC) (envelope-from pawel@dawidek.net) Received: from mail.dawidek.net (garage.dawidek.net [91.121.88.72]) by mx1.freebsd.org (Postfix) with ESMTP id A5AF98FC1A for ; Tue, 24 Jul 2012 11:30:48 +0000 (UTC) Received: from localhost (dlc45.neoplus.adsl.tpnet.pl [83.24.32.45]) by mail.dawidek.net (Postfix) with ESMTPSA id F1CE72F3; Tue, 24 Jul 2012 13:30:34 +0200 (CEST) Date: Tue, 24 Jul 2012 13:28:23 +0200 From: Pawel Jakub Dawidek To: CyberLeo Kitsana Message-ID: <20120724112823.GD1384@garage.freebsd.pl> References: <20120722230539.43054c22@gumby.homeunix.com> <500E772F.6000709@cyberleo.net> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Kj7319i9nmIyA2yE" Content-Disposition: inline In-Reply-To: <500E772F.6000709@cyberleo.net> X-OS: FreeBSD 10.0-CURRENT amd64 User-Agent: Mutt/1.5.21 (2010-09-15) Cc: RW , freebsd-geom@freebsd.org Subject: Re: XTS v's CBC X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Jul 2012 11:30:49 -0000 --Kj7319i9nmIyA2yE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jul 24, 2012 at 05:21:35AM -0500, CyberLeo Kitsana wrote: > On 07/22/2012 05:05 PM, RW wrote: > >=20 > > Is there any good reason for preferring XTS over CBC in geli? I just did > > some tests on a new disk and CBC seems to be about 30% faster. >=20 > This depends on how the initialization vectors are generated for CBC. If > guessable IVs are used, such as with plain sector/block numbers, a > cryptographic watermark attack is possible. >=20 > The attack is not possible if ESSIV (encrypted salt-sector IV) is used > in CBC mode, since the IVs cannot be guessed without the key. >=20 > The design of XTS mode thwarts the watermark attack, and allows the > cipher to be easily parallelized, but requires twice the keying material > due to its use of separate keys for encryption and whitening. >=20 > The geli manpage does not say which algorithm is used to generate IVs > for CBC mode. It does in the ENCRYPTION MODES section: geli supports two encryption modes: XTS, which was standardized as IEE P1619 and CBC with unpredictable IV. The CBC mode used by geli is very similar to the mode ESSIV. --=20 Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://tupytaj.pl --Kj7319i9nmIyA2yE Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlAOhtcACgkQForvXbEpPzTwrQCeJiyrcAeZYYTNu1sB6hgOjSFq pyEAn3TRGbhr1EHu4aC7fbVAWHP/4fo6 =BtUI -----END PGP SIGNATURE----- --Kj7319i9nmIyA2yE--