On 30/06/2019 02:59, Christoph Anton Mitterer wrote: > On Sat, 2019-06-29 at 19:03 +0200, Milan Broz wrote: >> - other AEGIS variants (AEGIS256, AEGIS128L) are ok, >> but the consensus seems to be to support only one finalist >> variant (AEGIS128) > > That's a bit surprising... shouldn't AEGIS256 have a higher security > goal, according to the design paper? So why removing it? Well, see the whole discussion on linux-crypto (or even you can reply there)... Yes, the proposed decision is quite weak at this point (also note that is not yet in the cryptodev tree, so it is not final decision yet). IMO the problem is that the winner will get more attraction (both from the implementation side as accelerations, but also some analysis). I think this will not happen with the variants. I would probably prefer just one AEGIS variant, it is less confusing to the non-technical people. Also, there is a limited group of people that can actually submit patches for the implementations, it is better to focus on maintaining fewer algorithms (but this is just my opinion). I just want to send an early warning here :-) Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx https://www.saout.de/mailman/listinfo/dm-crypt
