Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 17 Apr 2011 19:16:59 +0200
From:      Pawel Jakub Dawidek <pjd@FreeBSD.org>
To:        Christian Baer <christian.baer@uni-dortmund.de>
Cc:        freebsd-geom@freebsd.org
Subject:   Re: Maximum secure filesystem-size with geli
Message-ID:  <20110417171659.GD22319@garage.freebsd.pl>
In-Reply-To: <fc5ee742-9f3a-4418-9fe7-4062de807360@email.android.com>
References:  <fc5ee742-9f3a-4418-9fe7-4062de807360@email.android.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

--ylS2wUBXLOxYXZFQ
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Apr 17, 2011 at 06:25:00PM +0200, Christian Baer wrote:
> Hello Folks!
>=20
> This is quite a novum for me: The first message to a mailing list from an=
 Android phone. :-) But since I am very far away from a "real" computer, I =
have to do it this was. Maybe there will be an answer by the time I get hom=
e so I can dig in directly. :-)
>=20
> Now I know this question has been asked before, but somehow there has nev=
er been a definite answer.
>=20
> What is the official maximum recommended file system size when encrypting=
 with geli and AES or Camellia. I am not asking about the security of the c=
iphers (64 bit blocks like Blowfish has would not be good for modern file s=
ystem sizes) or geli in itself but rather about at hat size it is recommend=
ed to make two file systems and thus creating two keys for the entire size.
>=20
> Does it make a diff if there are less IVs? Since newer and larger HDs now=
 longer come with 512 byte sectory but instead with 4096 byte sectors, I gu=
ess this changes things too.
>=20
> Has anyone got a recommendation for me?

Recent GELI uses one key for every 2^20 sectors, so no more than
(2^20)*sectorsize bytes is encrypted using one key, so file system size
should not be an issue.

--=20
Pawel Jakub Dawidek                       http://www.wheelsystems.com
FreeBSD committer                         http://www.FreeBSD.org
Am I Evil? Yes, I Am!                     http://yomoli.com

--ylS2wUBXLOxYXZFQ
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (FreeBSD)

iEYEARECAAYFAk2rIIsACgkQForvXbEpPzQyoACdGVcW2RQsBbTFfKRkzaXLXpCP
DsgAoNWomZSd3E+KcCZ5/ghOlth2AFl0
=2VEf
-----END PGP SIGNATURE-----

--ylS2wUBXLOxYXZFQ--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110417171659.GD22319>