Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 26 Jul 2012 17:47:10 +0200
From:      Ivan Voras <ivoras@freebsd.org>
To:        freebsd-questions@freebsd.org
Subject:   Re: geli - selecting cipher
Message-ID:  <juropu$hvb$1@dough.gmane.org>
In-Reply-To: <20120726031450.5c06dd61@gumby.homeunix.com>
References:  <alpine.BSF.2.00.1207252055180.9814@wojtek.tensor.gdynia.pl> <201207260052.q6Q0qdss086796@mail.r-bonomi.com> <20120726031450.5c06dd61@gumby.homeunix.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig5C7050C45B53EE4D9B414468
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 26/07/2012 04:14, RW wrote:

> I asked a similar questions to the OPs in the geom list and didn't get
> an answer. Geli doesn't need or isn't using any advantages of XTS. And
> CBC in geli is actually equivalent to ESSIV (see the previously linked
> wikipedia page).=20

Hi,

You didn't get an answer because in security, the answer depends on
exact circumstances of use. The short answer is that if you don't have a
specific adversary you need to protect your data from, I'd say that
GELI's CBC is good enough for you.



--------------enig5C7050C45B53EE4D9B414468
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAlARZn4ACgkQ/QjVBj3/HSzzhACfY1Rgqm8ym13/6MLe1/cUS5WN
BVQAnjTeBhnQmKkna5DwMnquUEZDq1LF
=7mw9
-----END PGP SIGNATURE-----

--------------enig5C7050C45B53EE4D9B414468--




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?juropu$hvb$1>