On Sun, Jun 01, 2014 at 11:37, Theo de Raadt wrote: >> Could you please provide a little bit more information? What causes >> encrypted vnd to be insecure > > Ted went a bit far; it is unusual for him to be melodratic. > > Basically -- less than state of the art crypto.
You would never use blowfish-cbc (with a 64-bit blocksize) for disk encryption today. You can probably find a wiki page somewhere with details, but the reality is most people aren't capable of assessing whether this is "secure enough". Part of the deprecation / migration process is identifying the weird ways people use vnd and finding solutions for them. But as we've seen, people never move forward without the occasional push.