Pawel Jakub Dawidek <p...@freebsd.org> wrote: > On Sun, Feb 10, 2013 at 09:50:58AM +0200, Andriy Gapon wrote: > > I think that PAGE_SIZE (or at most a small multiple of it) should be > > sufficient. I don't think that we currently have (or expect to see in > > the near future) algorithms where keys with more than 4096 size > > provide any additional security. > > geli(8) deals just fine with files that are larger than buffers, so even > with smaller buffer it can read the data in few steps. > > The proposed patch is here if someone would like to give it a try: > > http://people.freebsd.org/~pjd/patches/geom_eli.c.patch
Works for me, thanks a lot. I tested with a couple of geli providers ranging from v3 AES-CBC 128 bit to v7 AES-XTS 256 bit and didn't get any crashes. Fabian
signature.asc
Description: PGP signature