geli(8) breaks after a couple hours of uptime
Fabian Keil
freebsd-listen at fabiankeil.de
Mon Feb 11 10:52:12 UTC 2013
Pawel Jakub Dawidek <pjd at FreeBSD.org> wrote:
> On Sun, Feb 10, 2013 at 09:50:58AM +0200, Andriy Gapon wrote:
> > I think that PAGE_SIZE (or at most a small multiple of it) should be
> > sufficient. I don't think that we currently have (or expect to see in
> > the near future) algorithms where keys with more than 4096 size
> > provide any additional security.
>
> geli(8) deals just fine with files that are larger than buffers, so even
> with smaller buffer it can read the data in few steps.
>
> The proposed patch is here if someone would like to give it a try:
>
> http://people.freebsd.org/~pjd/patches/geom_eli.c.patch
Works for me, thanks a lot.
I tested with a couple of geli providers ranging from
v3 AES-CBC 128 bit to v7 AES-XTS 256 bit and didn't get
any crashes.
Fabian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-current/attachments/20130211/9a17df26/attachment.sig>
More information about the freebsd-current
mailing list