On Sun, Sep 07, 2014 at 19:30:00 CEST, .. ink .. wrote: > > But I still think that there should be only few strong predefined > > combinations. > > > > I will go with only those mentioned in the benchmark as "supported > options". > > Why the users want to change default? > > What's the real problem - cipher speed or they do not trust NIS and NSA or > > ... > > they just want more knobs because more knobs means more security :-) ? > > > > > I currently do not allow options because i though defaults were good for > everybody but people keep asking for > ability to change them.This post[1] is a good example of that They wished > for more options but did not specify why. > > About a week ago,somebody sent me a zuluCrypt source file and asked me to > modify it to change hard coded defaults.They wanted different defaults but > did not trust themselves to change the source file so they asked me to do > it for them. That is really hilarious: People that do not trust themselves to change a few strings, but do trust themselves to evaluate what crypto is secure and what is not. I guess people really have no clue how easy it is to completely break security with wrong crypto parameters. You should not give in or at the very least put up strong warnings. Some people will always manage to shoot themselves in the foot (Dunning-Kruger effect at work), but at least you can then say "I told you so". Arno > > [1] > http://www.wilderssecurity.com/threads/zulucrypt-easily-create-and-manage-luks-plain-truecrypt-volumes-and-partitions.363255/ > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
