Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 26 Jul 2012 17:47:10 +0200
From:      Ivan Voras <>
Subject:   Re: geli - selecting cipher
Message-ID:  <juropu$hvb$>
In-Reply-To: <>
References:  <> <> <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 26/07/2012 04:14, RW wrote:

> I asked a similar questions to the OPs in the geom list and didn't get
> an answer. Geli doesn't need or isn't using any advantages of XTS. And
> CBC in geli is actually equivalent to ESSIV (see the previously linked
> wikipedia page).=20


You didn't get an answer because in security, the answer depends on
exact circumstances of use. The short answer is that if you don't have a
specific adversary you need to protect your data from, I'd say that
GELI's CBC is good enough for you.

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

Version: GnuPG v2.0.19 (FreeBSD)
Comment: Using GnuPG with Mozilla -



Want to link to this message? Use this URL: <$hvb$1>