From owner-freebsd-geom@FreeBSD.ORG Sun Apr 17 17:17:22 2011 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7F28F1065676 for ; Sun, 17 Apr 2011 17:17:22 +0000 (UTC) (envelope-from pawel@dawidek.net) Received: from mail.garage.freebsd.pl (60.wheelsystems.com [83.12.187.60]) by mx1.freebsd.org (Postfix) with ESMTP id 26C638FC12 for ; Sun, 17 Apr 2011 17:17:20 +0000 (UTC) Received: by mail.garage.freebsd.pl (Postfix, from userid 65534) id 7B03745CA0; Sun, 17 Apr 2011 19:17:19 +0200 (CEST) Received: from localhost (89-73-195-149.dynamic.chello.pl [89.73.195.149]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.garage.freebsd.pl (Postfix) with ESMTP id A536E45C9B; Sun, 17 Apr 2011 19:17:13 +0200 (CEST) Date: Sun, 17 Apr 2011 19:16:59 +0200 From: Pawel Jakub Dawidek To: Christian Baer Message-ID: <20110417171659.GD22319@garage.freebsd.pl> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="ylS2wUBXLOxYXZFQ" Content-Disposition: inline In-Reply-To: X-OS: FreeBSD 9.0-CURRENT amd64 User-Agent: Mutt/1.5.21 (2010-09-15) X-Spam-Checker-Version: SpamAssassin 3.0.4 (2005-06-05) on mail.garage.freebsd.pl X-Spam-Level: X-Spam-Status: No, score=-0.6 required=4.5 tests=BAYES_00,RCVD_IN_SORBS_DUL autolearn=no version=3.0.4 Cc: freebsd-geom@freebsd.org Subject: Re: Maximum secure filesystem-size with geli X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Apr 2011 17:17:22 -0000 --ylS2wUBXLOxYXZFQ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Apr 17, 2011 at 06:25:00PM +0200, Christian Baer wrote: > Hello Folks! >=20 > This is quite a novum for me: The first message to a mailing list from an= Android phone. :-) But since I am very far away from a "real" computer, I = have to do it this was. Maybe there will be an answer by the time I get hom= e so I can dig in directly. :-) >=20 > Now I know this question has been asked before, but somehow there has nev= er been a definite answer. >=20 > What is the official maximum recommended file system size when encrypting= with geli and AES or Camellia. I am not asking about the security of the c= iphers (64 bit blocks like Blowfish has would not be good for modern file s= ystem sizes) or geli in itself but rather about at hat size it is recommend= ed to make two file systems and thus creating two keys for the entire size. >=20 > Does it make a diff if there are less IVs? Since newer and larger HDs now= longer come with 512 byte sectory but instead with 4096 byte sectors, I gu= ess this changes things too. >=20 > Has anyone got a recommendation for me? Recent GELI uses one key for every 2^20 sectors, so no more than (2^20)*sectorsize bytes is encrypted using one key, so file system size should not be an issue. --=20 Pawel Jakub Dawidek http://www.wheelsystems.com FreeBSD committer http://www.FreeBSD.org Am I Evil? Yes, I Am! http://yomoli.com --ylS2wUBXLOxYXZFQ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (FreeBSD) iEYEARECAAYFAk2rIIsACgkQForvXbEpPzQyoACdGVcW2RQsBbTFfKRkzaXLXpCP DsgAoNWomZSd3E+KcCZ5/ghOlth2AFl0 =2VEf -----END PGP SIGNATURE----- --ylS2wUBXLOxYXZFQ--