From owner-freebsd-questions@FreeBSD.ORG Thu Jul 26 15:47:27 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9BE3E106566B for ; Thu, 26 Jul 2012 15:47:27 +0000 (UTC) (envelope-from freebsd-questions@m.gmane.org) Received: from plane.gmane.org (plane.gmane.org [80.91.229.3]) by mx1.freebsd.org (Postfix) with ESMTP id 4E9CA8FC1C for ; Thu, 26 Jul 2012 15:47:26 +0000 (UTC) Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1SuQHb-00032g-4h for freebsd-questions@freebsd.org; Thu, 26 Jul 2012 17:47:23 +0200 Received: from lara.cc.fer.hr ([161.53.72.113]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 26 Jul 2012 17:47:23 +0200 Received: from ivoras by lara.cc.fer.hr with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 26 Jul 2012 17:47:23 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-questions@freebsd.org From: Ivan Voras Date: Thu, 26 Jul 2012 17:47:10 +0200 Lines: 36 Message-ID: References: <201207260052.q6Q0qdss086796@mail.r-bonomi.com> <20120726031450.5c06dd61@gumby.homeunix.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig5C7050C45B53EE4D9B414468" X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: lara.cc.fer.hr User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:10.0) Gecko/20120213 Thunderbird/10.0 In-Reply-To: <20120726031450.5c06dd61@gumby.homeunix.com> X-Enigmail-Version: 1.3.5 Subject: Re: geli - selecting cipher X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jul 2012 15:47:27 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig5C7050C45B53EE4D9B414468 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 26/07/2012 04:14, RW wrote: > I asked a similar questions to the OPs in the geom list and didn't get > an answer. Geli doesn't need or isn't using any advantages of XTS. And > CBC in geli is actually equivalent to ESSIV (see the previously linked > wikipedia page).=20 Hi, You didn't get an answer because in security, the answer depends on exact circumstances of use. The short answer is that if you don't have a specific adversary you need to protect your data from, I'd say that GELI's CBC is good enough for you. --------------enig5C7050C45B53EE4D9B414468 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlARZn4ACgkQ/QjVBj3/HSzzhACfY1Rgqm8ym13/6MLe1/cUS5WN BVQAnjTeBhnQmKkna5DwMnquUEZDq1LF =7mw9 -----END PGP SIGNATURE----- --------------enig5C7050C45B53EE4D9B414468--