geli - selecting cipher
Wojciech Puchar
wojtek at wojtek.tensor.gdynia.pl
Fri Jul 27 20:41:28 UTC 2012
> Saying that geli's CBC implementation "is good enough" for someone
> seems to imply that it's somehow worse than XTS in general. Could you
true. i still don't really understand the difference.
I don't need actually anything other that inability to read data from my
disk for a potential thief.
> The rationale of the change isn't clear to me either.
> Until recently I wasn't aware of the performance impact, though.
It is huge 5-8 times depending if you have hardware acceleration or not.
AES-CBC is fast enough so encrypting SSD drives make sense.
More information about the freebsd-questions
mailing list