From owner-freebsd-security@FreeBSD.ORG Sun Sep 26 17:22:14 2010 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B6383106566B; Sun, 26 Sep 2010 17:22:14 +0000 (UTC) (envelope-from inigoortizdeurbina@gmail.com) Received: from mail-ey0-f182.google.com (mail-ey0-f182.google.com [209.85.215.182]) by mx1.freebsd.org (Postfix) with ESMTP id 249C88FC0A; Sun, 26 Sep 2010 17:22:13 +0000 (UTC) Received: by eyx24 with SMTP id 24so1276890eyx.13 for ; Sun, 26 Sep 2010 10:22:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type; bh=7sGqYWzKJcY1Q9NkTdMuLdzS+5mYHpepEZyNR7Jl8/8=; b=JD97dVOPjuLY9qGhrP3NUmBgGHJsooHTfHp6jIF4MEeGJnYM0YANcef+gSdwgEZAy+ HPKW3z+IdtsvGivDV59CbLaxkiI/hr0ZD7VR2lFaX+YV1+5FbLsi4bTX7c0vtTKxm+G/ Ca5fEs5YeqmHNxlPURCFUnKzXaFX4jnxM2AWk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=j/ejuhG5kO2zNOkKgYHPhslK1FDn+lYJrHaNQ0Q9poeXwZnpTrdGzHPsUvWS/ZHjrk PgsQ1MkpoyxBUFrGSu0HUqSCSNWuxB0shQ/FWIil/yuhtwEAs7lrAc51WWeS3LCDooFz lp/RE4HHfkiolARa6B2PFy+vJ0NS4BgXckcZY= MIME-Version: 1.0 Received: by 10.213.104.141 with SMTP id p13mr5124346ebo.64.1285519887598; Sun, 26 Sep 2010 09:51:27 -0700 (PDT) Received: by 10.14.119.203 with HTTP; Sun, 26 Sep 2010 09:51:27 -0700 (PDT) In-Reply-To: <20100925174929.GD47356@garage.freebsd.pl> References: <20100925174929.GD47356@garage.freebsd.pl> Date: Sun, 26 Sep 2010 18:51:27 +0200 Message-ID: From: =?UTF-8?Q?I=C3=B1igo_Ortiz_de_Urbina?= To: Pawel Jakub Dawidek , freebsd-current@freebsd.org, freebsd-security@freebsd.org Content-Type: text/plain; charset=UTF-8 Cc: Subject: Re: Recent GELI additions. X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Sep 2010 17:22:14 -0000 Indeed, truly impressive work. geli makes encryption a bliss :) Thank you very much pjd@! On 9/25/10, Pawel Jakub Dawidek wrote: > Hi. > > I'd like to inform about three new features in GELI available in HEAD: > > 1. AES-XTS encryption. XTS mode is a standard that is recommended these > days for storage encryption. This is the default now. AES-XTS support > was also added to opencrypto framework and aesni(4) driver. > > 2. Multiple encryption keys. GELI will use one encryption key for at > most 2^20 blocks (sectors), as it is not recommended to use the same > encryption key for too much data. It generates keys array from the > master key on attach and uses it accordingly. This is the default now. > > 3. Passphrase can now be loaded from a file (-J and -j options). > > -- > Pawel Jakub Dawidek http://www.wheelsystems.com > pjd@FreeBSD.org http://www.FreeBSD.org > FreeBSD committer Am I Evil? Yes, I Am! >