[opensuse-security] Default system encryption key size is XTS 256 bits and not 512 bits
Hello, I installed OpenSUSE 13.2 with the default YaST encryption settings. When examining the final product with "cryptsetup luksDump /dev/sda2" the encryption used was aes xts-plain-64 with a MK bits (key size) of 256 bits. Which is effectively 128 bits for XTS mode. There was no GUI way to change this in the installer. Most of the other distributions (Debian Jessie, Fedora 21, Ubuntu 14, CentOS 7) are shipping with a default key size of 512 bits (effectively 256 bits) for aes xts-plain-64 in their installers. Is this an omission in OpenSUSE or is there a policy for keeping system encryption at 256 (effectively 128) bits? Apologies if I couldn't pinpoint a prior message about this in the list. Thanks -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
On Wed, Mar 25, 2015 at 02:41:17AM -0400, John Ashcroft wrote:
Hello,
I installed OpenSUSE 13.2 with the default YaST encryption settings. When examining the final product with "cryptsetup luksDump /dev/sda2" the encryption used was aes xts-plain-64 with a MK bits (key size) of 256 bits. Which is effectively 128 bits for XTS mode. There was no GUI way to change this in the installer.
Most of the other distributions (Debian Jessie, Fedora 21, Ubuntu 14, CentOS 7) are shipping with a default key size of 512 bits (effectively 256 bits) for aes xts-plain-64 in their installers.
Is this an omission in OpenSUSE or is there a policy for keeping system encryption at 256 (effectively 128) bits?
Apologies if I couldn't pinpoint a prior message about this in the list.
This is an omission. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
On 27. März 2015 14:02:40 MEZ, Marcus Meissner <meissner@suse.de> wrote:
Hello,
I installed OpenSUSE 13.2 with the default YaST encryption settings. When examining the final product with "cryptsetup luksDump /dev/sda2" the encryption used was aes xts-plain-64 with a MK bits (key size) of 256 bits. Which is effectively 128 bits for XTS mode. There was no GUI way to change this in the installer.
Most of the other distributions (Debian Jessie, Fedora 21, Ubuntu 14, CentOS 7) are shipping with a default key size of 512 bits (effectively 256 bits) for aes xts-plain-64 in their installers.
Is this an omission in OpenSUSE or is there a policy for keeping system encryption at 256 (effectively 128) bits?
Apologies if I couldn't pinpoint a prior message about this in the
On Wed, Mar 25, 2015 at 02:41:17AM -0400, John Ashcroft wrote: list.
This is an omission.
Ciao, Marcus
Why don't you give us the option in YaST to chose the cipher and key length? -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
On Sat, Mar 28, 2015 at 01:49:23PM +0100, pinguin74@gmx.com wrote:
On 27. März 2015 14:02:40 MEZ, Marcus Meissner <meissner@suse.de> wrote:
Hello,
I installed OpenSUSE 13.2 with the default YaST encryption settings. When examining the final product with "cryptsetup luksDump /dev/sda2" the encryption used was aes xts-plain-64 with a MK bits (key size) of 256 bits. Which is effectively 128 bits for XTS mode. There was no GUI way to change this in the installer.
Most of the other distributions (Debian Jessie, Fedora 21, Ubuntu 14, CentOS 7) are shipping with a default key size of 512 bits (effectively 256 bits) for aes xts-plain-64 in their installers.
Is this an omission in OpenSUSE or is there a policy for keeping system encryption at 256 (effectively 128) bits?
Apologies if I couldn't pinpoint a prior message about this in the
On Wed, Mar 25, 2015 at 02:41:17AM -0400, John Ashcroft wrote: list.
This is an omission.
Ciao, Marcus
Why don't you give us the option in YaST to chose the cipher and key length?
"you" is strangely worded. It would be whoever develops the yast2 storage module. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
On 25. März 2015 07:41:17 MEZ, John Ashcroft <largeopenroomwithwindows@gmail.com> wrote:
Hello,
I installed OpenSUSE 13.2 with the default YaST encryption settings. When examining the final product with "cryptsetup luksDump /dev/sda2" the encryption used was aes xts-plain-64 with a MK bits (key size) of 256 bits. Which is effectively 128 bits for XTS mode. There was no GUI way to change this in the installer.
Most of the other distributions (Debian Jessie, Fedora 21, Ubuntu 14, CentOS 7) are shipping with a default key size of 512 bits (effectively
256 bits) for aes xts-plain-64 in their installers.
Is this an omission in OpenSUSE or is there a policy for keeping system
encryption at 256 (effectively 128) bits?
Apologies if I couldn't pinpoint a prior message about this in the list.
Thanks
John, I'd rather worry more about AES/Rijndael than key length. 128 bit is okay for the next 20 years ore more. Personally I use Twofish wherever I can. -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org
participants (3)
-
John Ashcroft
-
Marcus Meissner
-
pinguin74@gmx.com