Feature changed by: Mat B. (kernelOfTruth) Feature #307523, revision 8 Title: Make hard disk encryption configurable openSUSE-11.3: Unconfirmed Priority Requester: Important Requested by: Stephan Kleine (bitshuffler) Description: E.g. currently aes-cbc-essiv instead of aes-xts-plain is used because it is the upstream default although it has a number of disadvantages. That is perfectly fine as long as one could change the default. In short the following features are needed: 1) Possibility to override used options during installation (also should be setable via autoyast / kiwi so one doesn't have to change the setting on every new install). 2) Possibility to override used options during partition creation. 3) Possibility to set the used default options in some /etc file. IMHO a simple text field in the partitioner to override the used options would perfectly suffice. Then safe & restore that field via autoyast & kiwi and be done. The systemwide default should be stored in some /etc/sysconfig file. Related bug report: https://bugzilla.novell.com/show_bug.cgi?id=534644 Discussion: #1: Tim - (timshei) (2010-05-08 11:20:05) I agree with that and afaik aes-xts-plain should be also faster. It would be also great if Yast offers an advanced configuration button like in case of formatting where the user can change the key length (128-256) and maybe the algorithm. I think the default should be aes- xts-plain 512 (256 bit key length) though. + #2: Mat B. (kerneloftruth) (2010-08-03 23:53:26) (reply to #1) + besides that aes-xts-plain (or in the case of 64bit aes-xts-benbi) it + both should be faster and somewhat more secure than their cbc-essiv + parts + + it would also be nice being able to choose a different algorithm + besides aes, such as twofish, blowfish, camellia, etc. -- openSUSE Feature: https://features.opensuse.org/307523