From owner-freebsd-questions@FreeBSD.ORG Fri Jul 27 16:27:18 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 54F1D106564A for ; Fri, 27 Jul 2012 16:27:18 +0000 (UTC) (envelope-from freebsd-listen@fabiankeil.de) Received: from smtprelay02.ispgateway.de (smtprelay02.ispgateway.de [80.67.29.24]) by mx1.freebsd.org (Postfix) with ESMTP id D57AF8FC08 for ; Fri, 27 Jul 2012 16:27:17 +0000 (UTC) Received: from [87.79.196.93] (helo=fabiankeil.de) by smtprelay02.ispgateway.de with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.68) (envelope-from ) id 1SunNe-0003Vx-Uj for freebsd-questions@freebsd.org; Fri, 27 Jul 2012 18:27:11 +0200 Date: Fri, 27 Jul 2012 18:26:54 +0200 From: Fabian Keil To: freebsd-questions@freebsd.org Message-ID: <20120727182654.339ca39a@fabiankeil.de> In-Reply-To: <20120727153612.1e69d8ec@gumby.homeunix.com> References: <201207260052.q6Q0qdss086796@mail.r-bonomi.com> <20120726031450.5c06dd61@gumby.homeunix.com> <20120727153612.1e69d8ec@gumby.homeunix.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA1; boundary="Sig_/ysPhllLBrmVejOfhtNMeLyM"; protocol="application/pgp-signature" X-Df-Sender: Nzc1MDY3 Subject: Re: geli - selecting cipher X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Jul 2012 16:27:18 -0000 --Sig_/ysPhllLBrmVejOfhtNMeLyM Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable RW wrote: > On Thu, 26 Jul 2012 17:47:10 +0200 > Ivan Voras wrote: >=20 > > On 26/07/2012 04:14, RW wrote: > >=20 > > > I asked a similar questions to the OPs in the geom list and didn't > > > get an answer. Geli doesn't need or isn't using any advantages of > > > XTS. And CBC in geli is actually equivalent to ESSIV (see the > > > previously linked wikipedia page).=20 > > You didn't get an answer because in security, the answer depends on > > exact circumstances of use. The short answer is that if you don't > > have a specific adversary you need to protect your data from, I'd say > > that GELI's CBC is good enough for you. Most answers depend on the circumstances. At least to me this doesn't seem like a good reason to completely ignore questions, even if they are related to security. Saying that geli's CBC implementation "is good enough" for someone seems to imply that it's somehow worse than XTS in general. Could you please clarify in which scenario you think XTS offers better protection? > Actually the reason I asked is that I wanted to check whether I was > ovelooking some key advantage of XTS that justified its being the > default. The rationale of the change isn't clear to me either. Until recently I wasn't aware of the performance impact, though. > AES-XTS was chosen to provide the best protection against modified > ciphertext without using authentication which would expand the size > of the data. >=20 > It seem to me than anyone that worries about attackers tampering with > a drive should use authentication in geli, and anyone that doesn't > should leave it off and use CBC. If ZFS is used and checksums aren't disabled, I don't see any advantage of additionally enabling geli's authentication whose protection seems a lot weaker. For tampering resistance I would thus recommend ZFS on geli without authentication in geli. Fabian --Sig_/ysPhllLBrmVejOfhtNMeLyM Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlASwV4ACgkQBYqIVf93VJ0OvQCcDTdBIsdTBiV8kITd+OJThXt9 nqoAoK1HZm3GyDWpOLYDb10kIwZ1e8Nf =2PVq -----END PGP SIGNATURE----- --Sig_/ysPhllLBrmVejOfhtNMeLyM--