geli - selecting cipher
RW
rwmaillists at googlemail.com
Fri Jul 27 14:36:23 UTC 2012
On Thu, 26 Jul 2012 17:47:10 +0200
Ivan Voras wrote:
> On 26/07/2012 04:14, RW wrote:
>
> > I asked a similar questions to the OPs in the geom list and didn't
> > get an answer. Geli doesn't need or isn't using any advantages of
> > XTS. And CBC in geli is actually equivalent to ESSIV (see the
> > previously linked wikipedia page).
>
> Hi,
>
> You didn't get an answer because in security, the answer depends on
> exact circumstances of use. The short answer is that if you don't
> have a specific adversary you need to protect your data from, I'd say
> that GELI's CBC is good enough for you.
Actually the reason I asked is that I wanted to check whether I was
ovelooking some key advantage of XTS that justified its being the
default.
AES-XTS was chosen to provide the best protection against modified
ciphertext without using authentication which would expand the size
of the data.
It seem to me than anyone that worries about attackers tampering with
a drive should use authentication in geli, and anyone that doesn't
should leave it off and use CBC.
If you run geli init without -a or -e options, you get AES-XTS
without authentication, a default that doesn't seem right for
anyone.
More information about the freebsd-questions
mailing list