geli - selecting cipher
RW
rwmaillists at googlemail.com
Thu Jul 26 02:15:04 UTC 2012
On Wed, 25 Jul 2012 19:52:39 -0500 (CDT)
Robert Bonomi wrote:
> > From owner-freebsd-questions at freebsd.org Wed Jul 25 14:00:27 2012
> > Date: Wed, 25 Jul 2012 20:57:30 +0200 (CEST)
> > From: Wojciech Puchar <wojtek at wojtek.tensor.gdynia.pl>
> > To: freebsd-questions at freebsd.org
> > Subject: geli - selecting cipher
> >
> > i need high speed disk encryption (many disks running in parallel,
> > lots of data movement). i have processor with AES-NI.
> >
> > geli give 150MB/s performance (tested from/to md ramdisk) using
> > default and recommended AES-XTS
> >
> > and ca 400MB/s read and 700MB/s write using AES-CBC.
> >
> > I'm not cryptography expert, is CBC somehow "less secure", and if
> > so is it really a problem?
>
> If you "don't know" what strength encryption you need, and/or the
> difference between the methods, you need to hire a data-security
> professional to examine your situation and make recommendations
> appropriate for _your_ needs.
>
> 'CBC' -- [C]ypher [B]lock [C]hainig -- is well-suited for strictly
> -sequential- data access. Try reading the blocks of a large (say
> 10gB) file in *reverse* order and see what kind of performance you
> get.
Exactly the same, in geli the encryption is done per sector.
I asked a similar questions to the OPs in the geom list and didn't get
an answer. Geli doesn't need or isn't using any advantages of XTS. And
CBC in geli is actually equivalent to ESSIV (see the previously linked
wikipedia page).
In the end I went with 128 bit aes-cbc since it's the fastest setting
and Bruce Schneier recommends 128 over 256 AES as being more secure.
More information about the freebsd-questions
mailing list