On Thu, 26 Jul 2012 17:47:10 +0200
Ivan Voras wrote:
On 26/07/2012 04:14, RW wrote:
I asked a similar questions to the OPs in the geom list and didn't
get an answer. Geli doesn't need or isn't using any advantages of
XTS. And CBC in geli is actually equivalent to ESSIV (see the
RW rwmailli...@googlemail.com wrote:
On Thu, 26 Jul 2012 17:47:10 +0200
Ivan Voras wrote:
On 26/07/2012 04:14, RW wrote:
I asked a similar questions to the OPs in the geom list and didn't
get an answer. Geli doesn't need or isn't using any advantages of
XTS. And CBC in geli is
Saying that geli's CBC implementation is good enough for someone
seems to imply that it's somehow worse than XTS in general. Could you
true. i still don't really understand the difference.
I don't need actually anything other that inability to read data from my
disk for a potential thief.
'CBC' -- [C]ypher [B]lock [C]hainig -- is well-suited for strictly
-sequential- data access. Try reading the blocks of a large (say
10gB) file in *reverse* order and see what kind of performance you
get.
how about randomio test on geli encrypted ramdisk?
AES-CBC still 3 times faster
-questions@freebsd.org
Subject: geli - selecting cipher
i need high speed disk encryption (many disks running in parallel,
lots of data movement). i have processor with AES-NI.
geli give 150MB/s performance (tested from/to md ramdisk) using
default and recommended AES-XTS
and ca
On 26/07/2012 04:14, RW wrote:
I asked a similar questions to the OPs in the geom list and didn't get
an answer. Geli doesn't need or isn't using any advantages of XTS. And
CBC in geli is actually equivalent to ESSIV (see the previously linked
wikipedia page).
Hi,
You didn't get an answer
On Thu, Jul 26, 2012 at 8:47 AM, Ivan Voras ivo...@freebsd.org wrote:
You didn't get an answer because in security, the answer depends on
exact circumstances of use. The short answer is that if you don't have a
specific adversary you need to protect your data from, I'd say that
GELI's CBC is
If you don't need to detect modifications/insertions/deletions that
yes i don't.
i just want data to be unreadable for thieves in case of robbery.
___
freebsd-questions@freebsd.org mailing list
On Thu, 26 Jul 2012 15:49:00 +0200
Fabian Keil wrote:
RW rwmailli...@googlemail.com wrote:
In the end I went with 128 bit aes-cbc since it's the fastest
setting and Bruce Schneier recommends 128 over 256 AES as being
more secure.
Can you provide the source for the as being more
i need high speed disk encryption (many disks running in parallel, lots of
data movement). i have processor with AES-NI.
geli give 150MB/s performance (tested from/to md ramdisk) using default
and recommended AES-XTS
and ca 400MB/s read and 700MB/s write using AES-CBC.
I'm not cryptography
On Wed, Jul 25, 2012 at 11:57 AM, Wojciech Puchar
woj...@wojtek.tensor.gdynia.pl wrote:
i need high speed disk encryption (many disks running in parallel, lots of
I'm not cryptography expert, is CBC somehow less secure, and if so is it
really a problem?
XTS-AES is a standard devised
From owner-freebsd-questi...@freebsd.org Wed Jul 25 14:00:27 2012
Date: Wed, 25 Jul 2012 20:57:30 +0200 (CEST)
From: Wojciech Puchar woj...@wojtek.tensor.gdynia.pl
To: freebsd-questions@freebsd.org
Subject: geli - selecting cipher
i need high speed disk encryption (many disks running
On Wed, 25 Jul 2012 19:52:39 -0500 (CDT)
Robert Bonomi wrote:
From owner-freebsd-questi...@freebsd.org Wed Jul 25 14:00:27 2012
Date: Wed, 25 Jul 2012 20:57:30 +0200 (CEST)
From: Wojciech Puchar woj...@wojtek.tensor.gdynia.pl
To: freebsd-questions@freebsd.org
Subject: geli - selecting
13 matches
Mail list logo
