Re: Recent GELI additions.



Indeed, truly impressive work. geli makes encryption a bliss :)

Thank you very much pjd@!

On 9/25/10, Pawel Jakub Dawidek <pjd@xxxxxxxxxxx> wrote:
Hi.

I'd like to inform about three new features in GELI available in HEAD:

1. AES-XTS encryption. XTS mode is a standard that is recommended these
days for storage encryption. This is the default now. AES-XTS support
was also added to opencrypto framework and aesni(4) driver.

2. Multiple encryption keys. GELI will use one encryption key for at
most 2^20 blocks (sectors), as it is not recommended to use the same
encryption key for too much data. It generates keys array from the
master key on attach and uses it accordingly. This is the default now.

3. Passphrase can now be loaded from a file (-J and -j options).

--
Pawel Jakub Dawidek http://www.wheelsystems.com
pjd@xxxxxxxxxxx http://www.FreeBSD.org
FreeBSD committer Am I Evil? Yes, I Am!

_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"



Relevant Pages

  • Re: mod_auth_kerb: gss_accept_sec_context() failed
    ... The "Decrypt integrity check failed" error means that the GSS service ... encryption key, key version number or encryption type was not exactly ... the same as that used to encrypt the service ticket. ...
    (comp.protocols.kerberos)
  • Re: Recent GELI additions.
    ... I'd like to inform about three new features in GELI available in HEAD: ... AES-XTS encryption. ... GELI will use one encryption key for at ...
    (freebsd-current)
  • Re: if I encrypt key data why do I want or need SSL?
    ... If an attacker compromises your system somehow and gets your strong named ... he can simply decompile it. ... using asymetric encryption, you are rebuilding https... ... The encryption key itself - are you using one for all the encryption stuff? ...
    (microsoft.public.dotnet.security)
  • Recent GELI additions.
    ... I'd like to inform about three new features in GELI available in HEAD: ... AES-XTS encryption. ... GELI will use one encryption key for at ...
    (freebsd-current)
  • Recent GELI additions.
    ... I'd like to inform about three new features in GELI available in HEAD: ... AES-XTS encryption. ... GELI will use one encryption key for at ...
    (FreeBSD-Security)