Hi. I'd like to inform about three new features in GELI available in HEAD: 1. AES-XTS encryption. XTS mode is a standard that is recommended these days for storage encryption. This is the default now. AES-XTS support was also added to opencrypto framework and aesni(4) driver. 2. Multiple encryption keys. GELI will use one encryption key for at most 2^20 blocks (sectors), as it is not recommended to use the same encryption key for too much data. It generates keys array from the master key on attach and uses it accordingly. This is the default now. 3. Passphrase can now be loaded from a file (-J and -j options). -- Pawel Jakub Dawidek http://www.wheelsystems.com pjd@FreeBSD.org http://www.FreeBSD.org FreeBSD committer Am I Evil? Yes, I Am! -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20100925/b6baa454/attachment.pgp
Indeed, truly impressive work. geli makes encryption a bliss :) Thank you very much pjd@! On 9/25/10, Pawel Jakub Dawidek <pjd@freebsd.org> wrote:> Hi. > > I'd like to inform about three new features in GELI available in HEAD: > > 1. AES-XTS encryption. XTS mode is a standard that is recommended these > days for storage encryption. This is the default now. AES-XTS support > was also added to opencrypto framework and aesni(4) driver. > > 2. Multiple encryption keys. GELI will use one encryption key for at > most 2^20 blocks (sectors), as it is not recommended to use the same > encryption key for too much data. It generates keys array from the > master key on attach and uses it accordingly. This is the default now. > > 3. Passphrase can now be loaded from a file (-J and -j options). > > -- > Pawel Jakub Dawidek http://www.wheelsystems.com > pjd@FreeBSD.org http://www.FreeBSD.org > FreeBSD committer Am I Evil? Yes, I Am! >