[New: openFATE 313003] Installer: ability to choose encryption type / strength
Feature added by: Robert Delahunt (radelahunt) Feature #313003, revision 1 Title: Installer: ability to choose encryption type / strength openSUSE Distribution: Unconfirmed Priority Requester: Desirable Requested by: Robert Delahunt (radelahunt) Partner organization: openSUSE.org Description: I would like to request that a feature be added that allows a user to specify the encryption strength for their encrypted LVM. Previously on 11.4, the installer would accept the unlock key and then format the LUKS container to its own default (at the time I think 256bit aes-xts-something), which is overkill for a netbook, and may not be user-desirable. OpenSuSE 12.1 doesn't do this, honoring the LUKS setup that already exists, but nevertheless, being able to choose the bit strength and encryption type (such as aes-cbc-essiv, etc) would be nice. I would be willing to provide any help documentation for a "help" or "what is this?" button on this section (and it could be made part of the "custom (for experts)" section of disk partitioning. Respectfully, Robert -- openSUSE Feature: https://features.opensuse.org/313003
Feature changed by: Denys Rtveliashvili (rtvd) Feature #313003, revision 6 Title: Installer: ability to choose encryption type / strength openSUSE Distribution: Unconfirmed Priority Requester: Desirable Requested by: Robert Delahunt (radelahunt) Partner organization: openSUSE.org Description: I would like to request that a feature be added that allows a user to specify the encryption strength for their encrypted LVM. Previously on 11.4, the installer would accept the unlock key and then format the LUKS container to its own default (at the time I think 256bit aes-xts- something), which is overkill for a netbook, and may not be user- desirable. OpenSuSE 12.1 doesn't do this, honoring the LUKS setup that already exists, but nevertheless, being able to choose the bit strength and encryption type (such as aes-cbc-essiv, etc) would be nice. I would be willing to provide any help documentation for a "help" or "what is this?" button on this section (and it could be made part of the "custom (for experts)" section of disk partitioning. Respectfully, Robert + Discussion: + #1: Denys Rtveliashvili (rtvd) (2013-03-12 10:49:42) + I also think it is quite useful. In my case, however, I prefer to have + the top strength possible. -- openSUSE Feature: https://features.opensuse.org/313003
Feature changed by: Stakanov Schufter (stakanov) Feature #313003, revision 7 Title: Installer: ability to choose encryption type / strength openSUSE Distribution: Unconfirmed Priority Requester: Desirable Requested by: Robert Delahunt (radelahunt) Partner organization: openSUSE.org Description: I would like to request that a feature be added that allows a user to specify the encryption strength for their encrypted LVM. Previously on 11.4, the installer would accept the unlock key and then format the LUKS container to its own default (at the time I think 256bit aes-xts- something), which is overkill for a netbook, and may not be user- desirable. OpenSuSE 12.1 doesn't do this, honoring the LUKS setup that already exists, but nevertheless, being able to choose the bit strength and encryption type (such as aes-cbc-essiv, etc) would be nice. I would be willing to provide any help documentation for a "help" or "what is this?" button on this section (and it could be made part of the "custom (for experts)" section of disk partitioning. Respectfully, Robert Discussion: #1: Denys Rtveliashvili (rtvd) (2013-03-12 10:49:42) I also think it is quite useful. In my case, however, I prefer to have the top strength possible. + #2: Stakanov Schufter (stakanov) (2013-12-25 10:35:09) + http://www.jakoblell.com/blog/2013/12/22/practical-malleability-attack-again... + (http://www.jakoblell.com/blog/2013/12/22/practical-malleability-attack-again...) + Given these last news, this feature appears to me still more appealing + and maybe even mandatory. We cannot know when vulnerabilities are + uncovered. Although AFAIK XTS should be set default by the next + libcrypt version (1.6) the lack of this feature makes standard + encrypted LVM installation unnecessary less safe. Now there is never a + perfect safety but admittedly system safety is currently too low in + nearly all mainstream OS I know (where I put Linux distributions into + mainstream), and enjoys too little attention. I do not know if this + feature would be terribly difficult to implement, but if not, the + possibility to change default values will come very useful in the + aforementioned cases. A bit in contrast to the requester, for me it + would be a question to choose the right - see stronger - (still valid) + encryption given that IMO "overkill" in safety does not exist. -- openSUSE Feature: https://features.opensuse.org/313003
participants (1)
-
fate_noreply@suse.de