# GELI's ciphers overview + sector size clarification



## Seeker (Jun 15, 2010)

I've tried almost hard, but failed to find a "raw" comparison of ciphers:
*AES, Blowfish, Camellia* -> category 128 and 256 bit.

Type of answer, I would like:
I.e; Relative to AES, Blowfish is 12% safer/stronger, and Camellia 88% safer/stronger.


Second question, relates to sector size, of raw device.
I.e;
cd has a sector size of 2048 bytes
HDD has a sector size of 512 bytes...

Now, on HDD, when we 'geli init' target(device,slice,partition...), where we can choose other sector size and then attach it, thus creating new /dev/...eli raw device, ready to receive data.
Does sector size of 4096 bytes, of .eli raw device, even speed beneficial, could cause problems with file systems(UFS, ZFS), that would potentially be installed on it, as they "expect" 512 bytes, of sector size for HDD?


----------



## SirDice (Jun 15, 2010)

Seeker said:
			
		

> Type of answer, I would like:
> I.e; Relative to AES, Blowfish is 12% safer/stronger, and Camellia 88% safer/stronger.


That's going to be tricky because you can't compare them that way.

http://en.wikipedia.org/wiki/Block_cipher_security_summary


----------



## Seeker (Jun 15, 2010)

Oh, I see.
And a... regarding Camellia..., this worries me a "bit".
As we are talking, about physical access, to our machine, as a reason to use GELI, then in that context *Camellia's key* is _gone for good_, by an attack method described above, as it is exclusively *local attack*.

What about sector size?


----------



## SirDice (Jun 15, 2010)

It's all about risk-management. What are the odds of 'them' capturing your keys. And how long it'll take for it to crack. It's usually easier just to steal someone's keys then it is to pick his lock. 

No idea about sector size though


----------



## graudeejs (Jun 16, 2010)

Seeker said:
			
		

> Second question, relates to sector size, of raw device.
> I.e;
> cd has a sector size of 2048 bytes
> HDD has a sector size of 512 bytes...
> ...



No, it works just fine for me 
and I've been using geli with sector size 4096 for almost 2 years (this means both UFS and ZFS)


----------



## Seeker (Jun 16, 2010)

SirDice said:
			
		

> It's all about risk-management. What are the odds of 'them' capturing your keys. And how long it'll take for it to crack. It's usually easier just to steal someone's keys then it is to pick his lock...


No, no. That's not what I meant.
If someone, steals my HDD, encrypted with Camellia, he'll be able to recover Camellia's key, by applying attack, described in link, above.
As *local access*, is needed for it and physical possession of HDD, is exactly that.



			
				killasmurf86 said:
			
		

> No, it works just fine for me
> and I've been using geli with sector size 4096 for almost 2 years (this means bough UFS and ZFS)


Thx!


----------

