> For all ciphers that we currently use in the NetBSD kernel, the output
> size is the same as the input size.  Obviously the input size has to be
> rounded to the cipher's block size, if you're using a block cipher, but
> for disk blocks, that should pretty much always be the case.

Whether or not encryption requires additional storage also depends on
what you're doing for initialization vectors and the like.

It would also be extremely worthwhile for an encrypting filesystem to
be able to do an "end-to-end" MAC/MDC of some sort to detect
corruption/tampering, but that also requires additional storage..

					- Bill