geli - selecting cipher

Ivan Voras ivoras at
Thu Jul 26 15:47:27 UTC 2012

On 26/07/2012 04:14, RW wrote:

> I asked a similar questions to the OPs in the geom list and didn't get
> an answer. Geli doesn't need or isn't using any advantages of XTS. And
> CBC in geli is actually equivalent to ESSIV (see the previously linked
> wikipedia page). 


You didn't get an answer because in security, the answer depends on
exact circumstances of use. The short answer is that if you don't have a
specific adversary you need to protect your data from, I'd say that
GELI's CBC is good enough for you.

