GELI's ciphers overview + sector size clarification

Seeker

Seeker

I've tried almost hard, but failed to find a "raw" comparison of ciphers:
AES, Blowfish, Camellia -> category 128 and 256 bit.

Type of answer, I would like:
I.e; Relative to AES, Blowfish is 12% safer/stronger, and Camellia 88% safer/stronger.


Second question, relates to sector size, of raw device.
I.e;
cd has a sector size of 2048 bytes
HDD has a sector size of 512 bytes...

Now, on HDD, when we 'geli init' target(device,slice,partition...), where we can choose other sector size and then attach it, thus creating new /dev/...eli raw device, ready to receive data.
Does sector size of 4096 bytes, of .eli raw device, even speed beneficial, could cause problems with file systems(UFS, ZFS), that would potentially be installed on it, as they "expect" 512 bytes, of sector size for HDD?
 
Oh, I see.
And a... regarding Camellia..., this worries me a "bit".
As we are talking, about physical access, to our machine, as a reason to use GELI, then in that context Camellia's key is gone for good, by an attack method described above, as it is exclusively local attack.

What about sector size?
 
It's all about risk-management. What are the odds of 'them' capturing your keys. And how long it'll take for it to crack. It's usually easier just to steal someone's keys then it is to pick his lock.

No idea about sector size though ;)
 
Seeker said:
Second question, relates to sector size, of raw device.
I.e;
cd has a sector size of 2048 bytes
HDD has a sector size of 512 bytes...

Now, on HDD, when we 'geli init' target(device,slice,partition...), where we can choose other sector size and then attach it, thus creating new /dev/...eli raw device, ready to receive data.
Does sector size of 4096 bytes, of .eli raw device, even speed beneficial, could cause problems with file systems(UFS, ZFS), that would potentially be installed on it, as they "expect" 512 bytes, of sector size for HDD?
Click to expand...

No, it works just fine for me :D
and I've been using geli with sector size 4096 for almost 2 years (this means both UFS and ZFS)
 
SirDice said:
It's all about risk-management. What are the odds of 'them' capturing your keys. And how long it'll take for it to crack. It's usually easier just to steal someone's keys then it is to pick his lock...
Click to expand...
No, no. That's not what I meant.
If someone, steals my HDD, encrypted with Camellia, he'll be able to recover Camellia's key, by applying attack, described in link, above.
As local access, is needed for it and physical possession of HDD, is exactly that.

killasmurf86 said:
No, it works just fine for me :D
and I've been using geli with sector size 4096 for almost 2 years (this means bough UFS and ZFS)
Click to expand...
Thx!
 
You must log in or register to reply here.
Back
Top