I'd like to inform about three new features in GELI available in HEAD:
1. AES-XTS encryption. XTS mode is a standard that is recommended these
days for storage encryption. This is the default now. AES-XTS support
was also added to opencrypto framework and aesni(4) driver.
2. Multiple encryption keys. GELI will use one encryption key for at
most 2^20 blocks (sectors), as it is not recommended to use the same
encryption key for too much data. It generates keys array from the
master key on attach and uses it accordingly. This is the default now.
3. Passphrase can now be loaded from a file (-J and -j options).
--
Pawel Jakub Dawidek http://www.wheelsystems.com
p...@FreeBSD.org http://www.FreeBSD.org
FreeBSD committer Am I Evil? Yes, I Am!
Thank you very much pjd@!
_______________________________________________
freebsd-...@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-securi...@freebsd.org"