[dm-crypt] list of supported encryption options for LUKS
arno at wagner.name
Mon Sep 8 00:11:18 CEST 2014
On Sun, Sep 07, 2014 at 19:30:00 CEST, .. ink .. wrote:
> > But I still think that there should be only few strong predefined
> > combinations.
> > I will go with only those mentioned in the benchmark as "supported
> Why the users want to change default?
> What's the real problem - cipher speed or they do not trust NIS and NSA or
> > ...
> > they just want more knobs because more knobs means more security :-) ?
> I currently do not allow options because i though defaults were good for
> everybody but people keep asking for
> ability to change them.This post is a good example of that They wished
> for more options but did not specify why.
> About a week ago,somebody sent me a zuluCrypt source file and asked me to
> modify it to change hard coded defaults.They wanted different defaults but
> did not trust themselves to change the source file so they asked me to do
> it for them.
That is really hilarious: People that do not trust themselves to
change a few strings, but do trust themselves to evaluate what
crypto is secure and what is not.
I guess people really have no clue how easy it is to completely break
security with wrong crypto parameters. You should not give in or
at the very least put up strong warnings. Some people will always
manage to shoot themselves in the foot (Dunning-Kruger effect at work),
but at least you can then say "I told you so".
> dm-crypt mailing list
> dm-crypt at saout.de
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno at wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
A good decision is based on knowledge and not on numbers. -- Plato
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
More information about the dm-crypt