On 2015-01-14 19:44, rozhuk...@gmail.com wrote: >> Excuse me, but if you think your physical medium is either 100% >> inaccessible to an adversary, or simply not worth a real attack, and >> the speed is the concern, then why do you want to use any encryption at >> all? > > 100% is not available yet introduced GELI keys / mounted drive. > AES-XTS is good but too slow.
FreeBSD supports AES-NI - hardware accelerated AES available in many Intel and AMD processors. I'm seeing speeds of 1GB/s on i5 2500K. > ChaCha is already enough to cryptography was not a bottleneck. > > The case when the disks - local (SATA/SAS/IDE/USB), keys entered / disk is > mounted and the attacker has access I do not see because AES-XTS does not > help. A few scenarios that will break ChaCha encryption: - remapped bad sectors on spinning disks, - multiple copies of sectors on SSD due to wear leveling, - RAID with one of the drives dropping out due to bad cabling, bad sectors or other issues, - disk imaged at multiple points in time (for example powered-off laptop left unattended). _______________________________________________ freebsd-geom@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-geom To unsubscribe, send any mail to "freebsd-geom-unsubscr...@freebsd.org"
