Mailinglist Archive: opensuse-features (542 mails)

< Previous Next >
[openFATE 307523] Make hard disk encryption configurable
  • From: fate_noreply@xxxxxxx
  • Date: Thu, 2 Dec 2010 15:23:52 +0100 (CET)
  • Message-id: <feature-307523-9@xxxxxxxxxxxxxx>
Feature changed by: Andreas Jaeger (a_jaeger)
Feature #307523, revision 9
Title: Make hard disk encryption configurable

- openSUSE-11.3: Unconfirmed
+ openSUSE-11.3: New
Requester: Important

Requested by: Stephan Kleine (bitshuffler)
Partner organization:

E.g. currently aes-cbc-essiv instead of aes-xts-plain is used because
it is the upstream default although it has a number of disadvantages.
That is perfectly fine as long as one could change the default.
In short the following features are needed:
1) Possibility to override used options during installation (also
should be setable via autoyast / kiwi so one doesn't have to change the
setting on every new install).
2) Possibility to override used options during partition creation.
3) Possibility to set the used default options in some /etc file.
IMHO a simple text field in the partitioner to override the used
options would perfectly suffice. Then safe & restore that field via
autoyast & kiwi and be done. The systemwide default should be stored in
some /etc/sysconfig file.
Related bug report:

#1: Tim - (timshei) (2010-05-08 11:20:05)
I agree with that and afaik aes-xts-plain should be also faster.
It would be also great if Yast offers an advanced configuration button
like in case of formatting where the user can change the key length
(128-256) and maybe the algorithm. I think the default should be aes-
xts-plain 512 (256 bit key length) though.

#2: Mat B. (kerneloftruth) (2010-08-03 23:53:26) (reply to #1)
besides that aes-xts-plain (or in the case of 64bit aes-xts-benbi) it
both should be faster and somewhat more secure than their cbc-essiv
it would also be nice being able to choose a different algorithm
besides aes, such as twofish, blowfish, camellia, etc.

openSUSE Feature:

< Previous Next >
This Thread
  • No further messages