Date: Fri, 27 Jul 2012 22:24:40 +0200 (CEST) From: Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl> To: Fabian Keil <freebsd-listen@fabiankeil.de> Cc: freebsd-questions@freebsd.org Subject: Re: geli - selecting cipher Message-ID: <alpine.BSF.2.00.1207272219350.1795@wojtek.tensor.gdynia.pl> In-Reply-To: <20120727182654.339ca39a@fabiankeil.de> References: <alpine.BSF.2.00.1207252055180.9814@wojtek.tensor.gdynia.pl> <201207260052.q6Q0qdss086796@mail.r-bonomi.com> <20120726031450.5c06dd61@gumby.homeunix.com> <juropu$hvb$1@dough.gmane.org> <20120727153612.1e69d8ec@gumby.homeunix.com> <20120727182654.339ca39a@fabiankeil.de>
next in thread | previous in thread | raw e-mail | index | archive | help
> Saying that geli's CBC implementation "is good enough" for someone > seems to imply that it's somehow worse than XTS in general. Could you true. i still don't really understand the difference. I don't need actually anything other that inability to read data from my disk for a potential thief. > The rationale of the change isn't clear to me either. > Until recently I wasn't aware of the performance impact, though. It is huge 5-8 times depending if you have hardware acceleration or not. AES-CBC is fast enough so encrypting SSD drives make sense.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1207272219350.1795>