Date: Mon, 20 Oct 2008 22:50:50 +0200 From: "=?ISO-8859-1?Q?Marius_N=FCnnerich?=" <marius@nuenneri.ch> To: "Christian Baer" <christian.baer@uni-dortmund.de> Cc: freebsd-geom@freebsd.org Subject: Re: Big file systems with geli Message-ID: <b649e5e0810201350j1d05c6bch49f83c674fa03873@mail.gmail.com> In-Reply-To: <gbantd$1e9j$2@nermal.rz1.convenimus.net> References: <gbantd$1e9j$2@nermal.rz1.convenimus.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Sep 23, 2008 at 3:18 PM, Christian Baer <christian.baer@uni-dortmund.de> wrote: > Hey there folks! > > After reading up a little on encryption modes, I was wondering, how large > may a geli-encrypted file system be and still be cosidered being secure? > There are suggestions not to go above 1TB with a single key in XTS mode[1]. > geli uses cbc, IIRC, which is a simpler approach. So I was wondering, what > size might be safe here. > > 1TB file systems can even be on single drives (Seagate has 1,5TB drives) and > RAIDs could be even bigger. Since ffs can go way beyond that, a hint > concerning geli would be nice. That depends on your situation. For the usual private stuff I think it's ok to have 1TB Filesystems, for other things maybe not. Maybe you should ask some crypto folks :) > > Regards, > Chris > > [1] http://en.wikipedia.org/wiki/Disk_encryption_theory#XTS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b649e5e0810201350j1d05c6bch49f83c674fa03873>