XTS v's CBC
CyberLeo Kitsana
cyberleo at cyberleo.net
Tue Jul 24 10:31:39 UTC 2012
On 07/22/2012 05:05 PM, RW wrote:
>
> Is there any good reason for preferring XTS over CBC in geli? I just did
> some tests on a new disk and CBC seems to be about 30% faster.
This depends on how the initialization vectors are generated for CBC. If
guessable IVs are used, such as with plain sector/block numbers, a
cryptographic watermark attack is possible.
The attack is not possible if ESSIV (encrypted salt-sector IV) is used
in CBC mode, since the IVs cannot be guessed without the key.
The design of XTS mode thwarts the watermark attack, and allows the
cipher to be easily parallelized, but requires twice the keying material
due to its use of separate keys for encryption and whitening.
The geli manpage does not say which algorithm is used to generate IVs
for CBC mode.
--
Fuzzy love,
-CyberLeo
Technical Administrator
CyberLeo.Net Webhosting
http://www.CyberLeo.Net
<CyberLeo at CyberLeo.Net>
Furry Peace! - http://wwww.fur.com/peace/
More information about the freebsd-geom
mailing list