On Sun, 2019-06-30 at 11:00 +0200, Milan Broz wrote: > Yes, the proposed decision is quite weak at this point Well removing MORUS is of course absolutely fine... > IMO the problem is that the winner will get more attraction > (both from the implementation side as accelerations, but also > some analysis). I think this will not happen with the variants. Haven't we had in the past some (non-real-world) "attacks" on AES which affects either only AES128 or 256? It's as you've said in that one mail you've referenced... there's often more analysis on alogs which are actually used(usable) somewhere... which however also means, if implementations focus only on one single algorithm (arguably the two are the same alog, just different sizes) there is no fall back ready if anything should ever been suddenly found in that single algo. > I would probably prefer just one AEGIS variant, it is less confusing > to the non-technical people. Helping non-technical people is rather by providing good recommendations/defaults in the userland tools. > I just want to send an early warning here :-) Sure... thx for that :-) Cheers, Chris. _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx https://www.saout.de/mailman/listinfo/dm-crypt
