Home_greyopenFATE - openSUSE feature tracking > #307523
Dashboard | Search | Sign up | Login

Please login or register to be able to edit or vote this feature.

Make hard disk encryption configurable

Feature state



E.g. currently aes-cbc-essiv instead of aes-xts-plain is used because it is the upstream default although it has a number of disadvantages. That is perfectly fine as long as one could change the default.

In short the following features are needed:

  1. Possibility to override used options during installation (also should be setable via autoyast / kiwi so one doesn't have to change the setting on every new install).
  2. Possibility to override used options during partition creation.
  3. Possibility to set the used default options in some /etc file.

IMHO a simple text field in the partitioner to override the used options would perfectly suffice. Then safe & restore that field via autoyast & kiwi and be done. The systemwide default should be stored in some /etc/sysconfig file.

Related bug report: https://bugzilla.novell.com/show_bug.cgi?id=534644


icons/user_comment.png T. -. wrote: (8 years ago)

I agree with that and afaik aes-xts-plain should be also faster.

It would be also great if Yast offers an advanced configuration button like in case of formatting where the user can change the key length (128-256) and maybe the algorithm. I think the default should be aes-xts-plain 512 (256 bit key length) though.

icons/user_comment.png M. B. wrote: (8 years ago)

besides that aes-xts-plain (or in the case of 64bit aes-xts-benbi) it both should be faster and somewhat more secure than their cbc-essiv parts

it would also be nice being able to choose a different algorithm besides aes, such as twofish, blowfish, camellia, etc.

Last change: 5 years ago
Loading tags...
Feature Export
Application-xmlXML   Text-x-logPlaintext   PrinterPrint