Well I don't know if this is the correct subforum for this topic.
Reading about FDE with Data Autentication in GELI I read that some space is designed to store the Hmac of the stored encrypted data.
In /usr/src/sys/geom/eli/g_eli_integrity.c says that:
I ask:
Why the authenticated data need to be stored with its HMAC in the same place?
With the actual configuration in a perfect 500 GB Disk we only have usable:
477218586624 bytes
466033776 KiB
455111 MiB
444.44 GiB Usable
We need 55 GiB of the Original 500 GiB (11%) to authenticate data.
I Propose:
With this configuration we have usable
505290269696 bytes
493447529 KiB
481882 MiB
470.58 GiB Usable
We only need 30 GiB of the Original 500 GiB (6%) to authenticate data.
Reading about FDE with Data Autentication in GELI I read that some space is designed to store the Hmac of the stored encrypted data.
In /usr/src/sys/geom/eli/g_eli_integrity.c says that:
Code:
One of the most important assumption here is that authenticated data and its HMAC has to be stored in the same place (namely in the same sector) to make it work reliable.
With 4096 bytes sector we can use 89% of size of the original provider. I find it as an acceptable cost.
I ask:
Why the authenticated data need to be stored with its HMAC in the same place?
With the actual configuration in a perfect 500 GB Disk we only have usable:
477218586624 bytes
466033776 KiB
455111 MiB
444.44 GiB Usable
We need 55 GiB of the Original 500 GiB (11%) to authenticate data.
I Propose:
Code:
da0:
+---------+ +---------+ +---------+ +---------+ +---------+ +---------+
| 0 | | 1 | | 2 | | 3 | | ... | | 16 |
+----+----+ +----+----+ +----+----+ +----+----+ +----+----+ +----+----+
|16 Times | | F U L L | | F U L L | | F U L L | | F U L L | | F U L L |
|32b HMAC | | D A T A | | D A T A | | D A T A | | D A T A | | D A T A |
+----+----+ +----+----+ +----+----+ +----+----+ +----+----+ +----+----+
|512 bytes| |512 bytes| |512 bytes| |512 bytes| |512 bytes| |512 bytes|
+---------+ +---------+ +---------+ +---------+ +---------+ +---------+
With this configuration we have usable
505290269696 bytes
493447529 KiB
481882 MiB
470.58 GiB Usable
We only need 30 GiB of the Original 500 GiB (6%) to authenticate data.