Harddisk encryption with geli: key's block size

RW fbsd06 at mlists.homeunix.com
Sat Oct 27 05:12:34 PDT 2007

On Sat, 27 Oct 2007 12:40:00 +0200
"Thomas Hobbes" <mymailfloods at googlemail.com> wrote:

> Hi,
> I want to encrypt my mobile computer's data-partition with a
> passphrase, 128 bit AES and HMAC/MD5. A lot of people use different
> block sizes to generate keys with dd. There are examples with block
> sizes of 64, 32k and 128k in geli's man-page, but I couldn't find out
> why they were used. Spidering 'geli + "key bs"' discovered that there
> are some more values used, i.e. 128, 512 and 1k. What is a reasonable
> block size to use?

It doesn't matter, the output of /dev/random is generated from a 256
bit yarrow key, so anything more than "dd /dev/random bs=32 count=1"
is pointless. As you are only using  128  encryption, 256 bit of entropy
is overkill anyway.

More information about the freebsd-questions mailing list