Thanks for the prompt response!
> On Nov 28, 2021, at 9:58 AM, Milan Broz wrote:
>> On 11/28/21 06:50, Alex Lieflander wrote:
>> Hello,
>> My situation is quite similar to a thread posted a few months ago ("AEAD, recommended alogs and some more questions”), but it was pretty long and I don’t think it got any responses.
>> I’m hoping that a simplified version might be more approachable. Partial answers are welcome as well.
>> 1) Is aes-gcm-random still unsuitable for “normal” use?
>> 2) If so, are there any plans or estimates for when this might be improved/fixed?
>
> I think the best option for now is perhaps to use AEGIS ("--cipher aegis128-random --key-size 128 --integrity aead" in cryptsetup notation).
>
> Note that AEGIS256 was removed from recent kernels, see
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=520c1993bbe620e39fd93de1a01b9e0dc0b97aa6
>
> Also see https://github.com/jedisct1/draft-aegis-aead
I appreciate the suggestion, but I was really hoping for something that supported 192-bit AES encryption.
> But still, AEAD (authenticated encryption) in LUKS2 is experimental, so it depends what is the "normal" use for you.
>
> All this really depends what kernel crypto API provides, if we have some better option there, it is trivial to add to cryptsetup.
>
> Milan
Speaking of which, does cryptsetup support AES-GCM-SIV? I seem to be able to create devices with "--cipher aes-gcm-siv --integrity aead” but I can’t open them.
_______________________________________________
dm-crypt mailing list -- dm-crypt@xxxxxxxx
To unsubscribe send an email to dm-crypt-leave@xxxxxxxx
