Re: Is AES-GCM still a bad idea?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 11/28/21 06:50, Alex Lieflander wrote:
Hello,

My situation is quite similar to a thread posted a few months ago ("AEAD, recommended alogs and some more questions”), but it was pretty long and I don’t think it got any responses.

I’m hoping that a simplified version might be more approachable. Partial answers are welcome as well.

1) Is aes-gcm-random still unsuitable for “normal” use?
2) If so, are there any plans or estimates for when this might be improved/fixed?

I think the best option for now is perhaps to use AEGIS ("--cipher aegis128-random --key-size 128 --integrity aead" in cryptsetup notation).

Note that AEGIS256 was removed from recent kernels, see
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=520c1993bbe620e39fd93de1a01b9e0dc0b97aa6

Also see https://github.com/jedisct1/draft-aegis-aead

But still, AEAD (authenticated encryption) in LUKS2 is experimental, so it depends what is the "normal" use for you.

All this really depends what kernel crypto API provides, if we have some better option there, it is trivial to add to cryptsetup.

Milan
_______________________________________________
dm-crypt mailing list -- dm-crypt@xxxxxxxx
To unsubscribe send an email to dm-crypt-leave@xxxxxxxx




[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux