I installed OpenSUSE 13.2 with the default YaST encryption settings.
When examining the final product with "cryptsetup luksDump /dev/sda2"
the encryption used was aes xts-plain-64 with a MK bits (key size) of
256 bits. Which is effectively 128 bits for XTS mode. There was no GUI
way to change this in the installer.
Most of the other distributions (Debian Jessie, Fedora 21, Ubuntu 14,
CentOS 7) are shipping with a default key size of 512 bits (effectively
256 bits) for aes xts-plain-64 in their installers.
Is this an omission in OpenSUSE or is there a policy for keeping system
encryption at 256 (effectively 128) bits?
Apologies if I couldn't pinpoint a prior message about this in the list.
To unsubscribe, e-mail: opensuse-security+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-security+owner(a)opensuse.org