Alberto napsal(a): > *Zdenek Kaspar* wrote: >> IMO it's not good to hide any changes in crypto from the user. > > I agree with you. > >> Even doubling the key without further notice. Maybe some >> hint/help/screen option to explain XTS-based mode. > > At least in meantime (and before of lenny release) why don't > offer only few and safe predefined options? > >> I don't see any advantages here. XTS is claimed as more secure.. >> But still both modes have kernel status = EXPERIMENTAL. Therefore CBC >> should stay as "less-secure/more-stable" default option for the system >> encryption. > > Also in 2.6.26 (and .27)? >
Both options are EXPERIMENTAL: CRYPTO_GF128MUL for almost 2 years and CRYPTO_XTS for 1 year. As you mentioned in your next mail it would be nice to pickup some predefined options with XTS for ppl who want to use it.. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
