geli - selecting cipher

Wojciech Puchar wojtek at
Wed Jul 25 18:57:33 UTC 2012

i need high speed disk encryption (many disks running in parallel, lots of 
data movement). i have processor with AES-NI.

geli give 150MB/s performance (tested from/to md ramdisk) using default 
and recommended AES-XTS

and ca 400MB/s read and 700MB/s write using AES-CBC.

I'm not cryptography expert, is CBC somehow "less secure", and if so is it 
really a problem?

