geli - selecting cipher

Wojciech Puchar wojtek at
Fri Jul 27 20:41:28 UTC 2012

> Saying that geli's CBC implementation "is good enough" for someone
> seems to imply that it's somehow worse than XTS in general. Could you

true. i still don't really understand the difference.

I don't need actually anything other that inability to read data from my 
disk for a potential thief.

> The rationale of the change isn't clear to me either.
> Until recently I wasn't aware of the performance impact, though.

It is huge 5-8 times depending if you have hardware acceleration or not. 
AES-CBC is fast enough so encrypting SSD drives make sense.

More information about the freebsd-questions mailing list