On 11/28/21 21:35, Alex Lieflander wrote:
Thanks for the prompt response!
On Nov 28, 2021, at 9:58 AM, Milan Broz wrote:
On 11/28/21 06:50, Alex Lieflander wrote:
Hello,
My situation is quite similar to a thread posted a few months ago ("AEAD, recommended alogs and some more questions”), but it was pretty long and I don’t think it got any responses.
I’m hoping that a simplified version might be more approachable. Partial answers are welcome as well.
1) Is aes-gcm-random still unsuitable for “normal” use?
2) If so, are there any plans or estimates for when this might be improved/fixed?
I think the best option for now is perhaps to use AEGIS ("--cipher aegis128-random --key-size 128 --integrity aead" in cryptsetup notation).
Note that AEGIS256 was removed from recent kernels, see
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=520c1993bbe620e39fd93de1a01b9e0dc0b97aa6
Also see https://github.com/jedisct1/draft-aegis-aead
I appreciate the suggestion, but I was really hoping for something that supported 192-bit AES encryption.
We had AEGIS256 there, but as you can see, it was removed.
But still, AEAD (authenticated encryption) in LUKS2 is experimental, so it depends what is the "normal" use for you.
All this really depends what kernel crypto API provides, if we have some better option there, it is trivial to add to cryptsetup.
Milan
Speaking of which, does cryptsetup support AES-GCM-SIV? I seem to be able to create devices with "--cipher aes-gcm-siv --integrity aead” but I can’t open them.
As I said, it must be supported by Linux kernel API... GCM-SIV is not supported yet (only GCM).
Cryptsetup currently can check only for non-AEAD algorithms support in kernel before formatting, that's why it fails too late there (on open)
That should fixed, eventually.
Milan
_______________________________________________
dm-crypt mailing list -- dm-crypt@xxxxxxxx
To unsubscribe send an email to dm-crypt-leave@xxxxxxxx