On Fri, Jan 04, 2013 at 12:50:04PM +0100, Milan Broz wrote: > On 12/29/2012 10:40 PM, Milan Broz wrote: > > The testing release candidate cryptsetup 1.6.0-rc1 is available at > > > > http://code.google.com/p/cryptsetup/ > > > > Feedback and bug reports are welcomed. > > > > Cryptsetup 1.6.0 Release Notes (RC1) > > > I am going to do one more important change to final 1.6.0: > change LUKS _default_ cipher to aes-xts-plain64 with 512bits key. I think this is a very good idea. Arno > Most of recent disk encryption systems switched already to XTS mode, > also it is preferred by standards (and we are using it for very long > time in Fedora/RHEL during installations.) > > Distro maintainers can always overwrite this during compilation time, > and user can use -c aes-cbc-essiv:sha256 -s 256 to old mode always. > > (Plain mode have to stay with CBC, change would cause compatibility problems.) > > Any serious objections to not do that now? > > Milan > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- One of the painful things about our time is that those who feel certainty are stupid, and those with any imagination and understanding are filled with doubt and indecision. -- Bertrand Russell _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
