Maximum secure filesystem-size with geli

[Pawel Jakub Dawidek]

On Sun, Apr 17, 2011 at 06:25:00PM +0200, Christian Baer wrote:
> Hello Folks!
> 
> This is quite a novum for me: The first message to a mailing list from an Android phone. :-) But since I am very far away from a "real" computer, I have to do it this was. Maybe there will be an answer by the time I get home so I can dig in directly. :-)
> 
> Now I know this question has been asked before, but somehow there has never been a definite answer.
> 
> What is the official maximum recommended file system size when encrypting with geli and AES or Camellia. I am not asking about the security of the ciphers (64 bit blocks like Blowfish has would not be good for modern file system sizes) or geli in itself but rather about at hat size it is recommended to make two file systems and thus creating two keys for the entire size.
> 
> Does it make a diff if there are less IVs? Since newer and larger HDs now longer come with 512 byte sectory but instead with 4096 byte sectors, I guess this changes things too.
> 
> Has anyone got a recommendation for me?

Recent GELI uses one key for every 2^20 sectors, so no more than
(2^20)*sectorsize bytes is encrypted using one key, so file system size
should not be an issue.

-- 
Pawel Jakub Dawidek                       http://www.wheelsystems.com
FreeBSD committer                         http://www.FreeBSD.org
Am I Evil? Yes, I Am!                     http://yomoli.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-geom/attachments/20110417/4c52d282/attachment.pgp