Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 26 Jul 2012 03:14:50 +0100
From:      RW <rwmaillists@googlemail.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: geli - selecting cipher
Message-ID:  <20120726031450.5c06dd61@gumby.homeunix.com>
In-Reply-To: <201207260052.q6Q0qdss086796@mail.r-bonomi.com>
References:  <alpine.BSF.2.00.1207252055180.9814@wojtek.tensor.gdynia.pl> <201207260052.q6Q0qdss086796@mail.r-bonomi.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
On Wed, 25 Jul 2012 19:52:39 -0500 (CDT)
Robert Bonomi wrote:

> > From owner-freebsd-questions@freebsd.org  Wed Jul 25 14:00:27 2012
> > Date: Wed, 25 Jul 2012 20:57:30 +0200 (CEST)
> > From: Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl>
> > To: freebsd-questions@freebsd.org
> > Subject: geli - selecting cipher
> >
> > i need high speed disk encryption (many disks running in parallel,
> > lots of data movement). i have processor with AES-NI.
> >
> > geli give 150MB/s performance (tested from/to md ramdisk) using
> > default and recommended AES-XTS
> >
> > and ca 400MB/s read and 700MB/s write using AES-CBC.
> >
> > I'm not cryptography expert, is CBC somehow "less secure", and if
> > so is it really a problem?
> 
> If you "don't know" what strength encryption you need, and/or the
> difference between the methods, you need to hire a data-security
> professional to examine your situation and make recommendations
> appropriate for _your_ needs.
> 
> 'CBC' -- [C]ypher [B]lock [C]hainig -- is well-suited for strictly
> -sequential- data access.   Try reading the blocks of a large (say
> 10gB) file in *reverse* order and see what kind of performance you
> get.  

Exactly the same, in geli the encryption is done per sector. 


I asked a similar questions to the OPs in the geom list and didn't get
an answer. Geli doesn't need or isn't using any advantages of XTS. And
CBC in geli is actually equivalent to ESSIV (see the previously linked
wikipedia page). 

In the end I went with 128 bit aes-cbc since it's the fastest setting
and Bruce Schneier recommends 128 over 256 AES as being more secure.  



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?20120726031450.5c06dd61>