Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 25 Jul 2012 19:52:39 -0500 (CDT)
From:      Robert Bonomi <>
Subject:   Re: geli - selecting cipher
Message-ID:  <>
In-Reply-To: <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
> From  Wed Jul 25 14:00:27 2012
> Date: Wed, 25 Jul 2012 20:57:30 +0200 (CEST)
> From: Wojciech Puchar <>
> To:
> Subject: geli - selecting cipher
> i need high speed disk encryption (many disks running in parallel, lots of 
> data movement). i have processor with AES-NI.
> geli give 150MB/s performance (tested from/to md ramdisk) using default 
> and recommended AES-XTS
> and ca 400MB/s read and 700MB/s write using AES-CBC.
> I'm not cryptography expert, is CBC somehow "less secure", and if so is it 
> really a problem?

If you "don't know" what strength encryption you need, and/or the difference
between the methods, you need to hire a data-security professional to examine
your situation and make recommendations appropriate for _your_ needs.

'CBC' -- [C]ypher [B]lock [C]hainig -- is well-suited for strictly -sequential-
data access.   Try reading the blocks of a large (say 10gB) file in *reverse*
order and see what kind of performance you get.  

Want to link to this message? Use this URL: <>