Hi Eric, Nice to see more use of ChaCha20. However... Can we skip over the "sort of worse than XTS, but not having _real_ authentication sucks anyway in either case, so whatever" and move directly to, "linux finally supports authenticated encryption for disk encryption!"? This would be a big deal and would actually be a noticeable security improvement, instead of a potentially dubious step sidewaysbackish. Bcachefs supports ChaCha20Poly1305, which is pretty neat. From what I've read, performance is acceptable too. http://bcachefs.org/Encryption/ Jason
