[dm-devel] [RFC PATCH 0/3] crypto: switch to shash for ESSIV generation
Milan Broz
gmazyland at gmail.com
Mon Jun 17 14:35:18 UTC 2019
On 17/06/2019 15:59, Ard Biesheuvel wrote:
>
> So my main question/showstopper at the moment is: which modes do we
> need to support for ESSIV? Only CBC? Any skcipher? Or both skciphers
> and AEADs?
Support, or cover by internal test? I think you nee to support everything
what dmcrypt currently allows, if you want to port dmcrypt to new API.
I know of many systems that use aes-xts-essiv:sha256 (it does not make sense
much but people just use it).
Some people use serpent and twofish, but we allow any cipher that fits...
For the start, run this
https://gitlab.com/cryptsetup/cryptsetup/blob/master/tests/mode-test
In other words, if you add some additional limit, we are breaking backward compatibility.
(Despite the configuration is "wrong" from the security point of view.)
Milan
More information about the dm-devel
mailing list