From owner-freebsd-questions@FreeBSD.ORG Fri Jul 27 14:36:23 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 01723106566B for ; Fri, 27 Jul 2012 14:36:23 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-ey0-f182.google.com (mail-ey0-f182.google.com [209.85.215.182]) by mx1.freebsd.org (Postfix) with ESMTP id 845898FC16 for ; Fri, 27 Jul 2012 14:36:22 +0000 (UTC) Received: by eaa11 with SMTP id 11so603840eaa.13 for ; Fri, 27 Jul 2012 07:36:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; bh=EstoxaTcmkmxn94KPhn/VyxO9sRPFfdgmbJI4cD8IPA=; b=VNGUHHQV3oP5NwdwEnkerRxYvNeD+4T1j0kYR0obCQkcDbUi/wolaMRuXovR8icglh 1bJNXTpdIPscj3ByHXtGYMfoUKxkz29EQbpd9hWdpvyXnZUVsOqGjPQgxAswyY2jn6ko z6gYQCkRXkXLsVX60YKyS5OxXoSgg4hSQrK8Iyavx3pVHZMD+NcsewFaMZQkjjcQjGw8 /E7LO2MuKmFuvnfAkTC5mkMa00GRhdGE5tQ5+WVGgMIKdjqfVJtBPtC+Bapc1v+bA0GG gl8fvnZMRalVrH3GkF+zdCM4aCOSmAaKI2j98dju1EUWBWbfguiHmFY0PTF1Bgql+rxf mb6A== Received: by 10.14.203.193 with SMTP id f41mr2959346eeo.14.1343399776015; Fri, 27 Jul 2012 07:36:16 -0700 (PDT) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk. [87.194.105.247]) by mx.google.com with ESMTPS id f45sm6724919eep.12.2012.07.27.07.36.14 (version=SSLv3 cipher=OTHER); Fri, 27 Jul 2012 07:36:14 -0700 (PDT) Date: Fri, 27 Jul 2012 15:36:12 +0100 From: RW To: freebsd-questions@freebsd.org Message-ID: <20120727153612.1e69d8ec@gumby.homeunix.com> In-Reply-To: References: <201207260052.q6Q0qdss086796@mail.r-bonomi.com> <20120726031450.5c06dd61@gumby.homeunix.com> X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.6; amd64-portbld-freebsd8.3) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: geli - selecting cipher X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Jul 2012 14:36:23 -0000 On Thu, 26 Jul 2012 17:47:10 +0200 Ivan Voras wrote: > On 26/07/2012 04:14, RW wrote: > > > I asked a similar questions to the OPs in the geom list and didn't > > get an answer. Geli doesn't need or isn't using any advantages of > > XTS. And CBC in geli is actually equivalent to ESSIV (see the > > previously linked wikipedia page). > > Hi, > > You didn't get an answer because in security, the answer depends on > exact circumstances of use. The short answer is that if you don't > have a specific adversary you need to protect your data from, I'd say > that GELI's CBC is good enough for you. Actually the reason I asked is that I wanted to check whether I was ovelooking some key advantage of XTS that justified its being the default. AES-XTS was chosen to provide the best protection against modified ciphertext without using authentication which would expand the size of the data. It seem to me than anyone that worries about attackers tampering with a drive should use authentication in geli, and anyone that doesn't should leave it off and use CBC. If you run geli init without -a or -e options, you get AES-XTS without authentication, a default that doesn't seem right for anyone.