On Sun, 1 Mar 2015 13:52:37 -0500 Jonathan Thornburg wrote: > > That deprecation is not going to happen. Keep using what you are > > using now. > > I grok that (the current implementation of) vnd crypto is weak. What's > the current migration/fixing/transition plan for this? (I can't find any > mention of "vnd" or "vnconfig" in http://www.openbsd.org/plus.html .)
Where do you grok that from? I believe the words were "not state of the art", which is fair and encouraging to use softraid is correct. vnd crypto uses CBC which has some papers pondering the possibility of breakage but in no way are they useful to a legitimate attacker. It doesn't change the keys like softraid which also uses the more modern xts and is far more suitable to larger volumes. Blowfish certainly isn't "weak" I believe theo said something along the lines of there is still a place for a simpler crypto implementation. I think that says it all and the warning will certainly send those in doubt to bioctl (softraid)
