Date: Wed, 25 Jul 2012 12:18:47 -0700 From: Michael Sierchio <kudzu@tenebras.com> To: Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl> Cc: freebsd-questions@freebsd.org Subject: Re: geli - selecting cipher Message-ID: <CAHu1Y72jhZ7hSP_AfoTiP7dmdgpjS8OWLrLfkn3zFfgeu8dHBw@mail.gmail.com> In-Reply-To: <alpine.BSF.2.00.1207252055180.9814@wojtek.tensor.gdynia.pl> References: <alpine.BSF.2.00.1207252055180.9814@wojtek.tensor.gdynia.pl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jul 25, 2012 at 11:57 AM, Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl> wrote: > i need high speed disk encryption (many disks running in parallel, lots of > I'm not cryptography expert, is CBC somehow "less secure", and if so is it > really a problem? XTS-AES is a standard devised specifically for disk encryption - it supports operations on sectors that aren't divisible by the cipher block size. See http://en.wikipedia.org/wiki/Disk_encryption_theory#XEX-based_tweaked-codebook_mode_with_ciphertext_stealing_.28XTS.29 I personally would be fine with AES-CTR mode, since I don't see the need to defend against the mythical "strong" adversary who can write arbitrary bits to unused sectors and then ask to have them decrypted. AES-CTR doesn't (by itself) have any integrity check. AES-CBC is fine, but the ciphertext is larger than the plaintext. - M
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHu1Y72jhZ7hSP_AfoTiP7dmdgpjS8OWLrLfkn3zFfgeu8dHBw>