Date: Fri, 27 Jul 2012 15:36:12 +0100 From: RW <rwmaillists@googlemail.com> To: freebsd-questions@freebsd.org Subject: Re: geli - selecting cipher Message-ID: <20120727153612.1e69d8ec@gumby.homeunix.com> In-Reply-To: <juropu$hvb$1@dough.gmane.org> References: <alpine.BSF.2.00.1207252055180.9814@wojtek.tensor.gdynia.pl> <201207260052.q6Q0qdss086796@mail.r-bonomi.com> <20120726031450.5c06dd61@gumby.homeunix.com> <juropu$hvb$1@dough.gmane.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 26 Jul 2012 17:47:10 +0200 Ivan Voras wrote: > On 26/07/2012 04:14, RW wrote: > > > I asked a similar questions to the OPs in the geom list and didn't > > get an answer. Geli doesn't need or isn't using any advantages of > > XTS. And CBC in geli is actually equivalent to ESSIV (see the > > previously linked wikipedia page). > > Hi, > > You didn't get an answer because in security, the answer depends on > exact circumstances of use. The short answer is that if you don't > have a specific adversary you need to protect your data from, I'd say > that GELI's CBC is good enough for you. Actually the reason I asked is that I wanted to check whether I was ovelooking some key advantage of XTS that justified its being the default. AES-XTS was chosen to provide the best protection against modified ciphertext without using authentication which would expand the size of the data. It seem to me than anyone that worries about attackers tampering with a drive should use authentication in geli, and anyone that doesn't should leave it off and use CBC. If you run geli init without -a or -e options, you get AES-XTS without authentication, a default that doesn't seem right for anyone.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120727153612.1e69d8ec>