Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 25 Jul 2012 12:18:47 -0700
From:      Michael Sierchio <kudzu@tenebras.com>
To:        Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: geli - selecting cipher
Message-ID:  <CAHu1Y72jhZ7hSP_AfoTiP7dmdgpjS8OWLrLfkn3zFfgeu8dHBw@mail.gmail.com>
In-Reply-To: <alpine.BSF.2.00.1207252055180.9814@wojtek.tensor.gdynia.pl>
References:  <alpine.BSF.2.00.1207252055180.9814@wojtek.tensor.gdynia.pl>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Wed, Jul 25, 2012 at 11:57 AM, Wojciech Puchar
<wojtek@wojtek.tensor.gdynia.pl> wrote:
> i need high speed disk encryption (many disks running in parallel, lots of

> I'm not cryptography expert, is CBC somehow "less secure", and if so is it
> really a problem?

XTS-AES is a standard devised specifically for disk encryption - it
supports operations on sectors that aren't divisible by the cipher
block size.

See  http://en.wikipedia.org/wiki/Disk_encryption_theory#XEX-based_tweaked-codebook_mode_with_ciphertext_stealing_.28XTS.29

I personally would be fine with AES-CTR mode, since I don't see the
need to defend against the mythical "strong" adversary who can write
arbitrary bits to unused sectors and then ask to have them decrypted.
AES-CTR doesn't (by itself) have any integrity check.

AES-CBC is fine, but the ciphertext is larger than the plaintext.

- M



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?CAHu1Y72jhZ7hSP_AfoTiP7dmdgpjS8OWLrLfkn3zFfgeu8dHBw>