block cipher mode
Pawel Jakub Dawidek
pjd at FreeBSD.org
Mon Aug 9 20:44:05 UTC 2010
On Mon, Aug 09, 2010 at 03:36:08PM -0400, Nick Ulen wrote:
> Greetings,
>
> What GELI uses: CBC or CBC-ESSIV ?
GELI uses CBC with unpredictable IV. IV is generated by calculating
SHA256 from IV-Key (which is secret) and sector offset. Not sure if this
fully matches ESSIV definition.
> man geli remains silent (
> according to http://mareichelt.de/pub/notmine/linuxbsd-comparison.html it's CBC-ESSIV;
> dmesg showed AES-CBC.
Do you know who is maintaining this page? There are some bits I'd like
to update. For example GELI does support two factor authentication and
also does support passphrase changing without reencryption.
What I find a very important feature of GELI is integrity verification,
which discovers any unauthorized data modification and not only protects
data privacy.
--
Pawel Jakub Dawidek http://www.wheelsystems.com
pjd at FreeBSD.org http://www.FreeBSD.org
FreeBSD committer Am I Evil? Yes, I Am!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-geom/attachments/20100809/c4d8cf25/attachment.pgp
More information about the freebsd-geom
mailing list