Hi, I think it's good time to use XTS for filesystem encryption since RedHat already does so in rhel5/6.
Looks like cryptsetup -c aes-xts-plain64 -s 512 is their standard for filesystem encryption during system install. 1) d-i kernel needs to support: CONFIG_CRYPTO_XTS and CONFIG_CRYPTO_GF128MUL 2) two new options into expert-mode installer: -s 512 -c aes-xts-plain64 (future new standard) -s 256 -c aes-xts-plain64 (performance option) Could such modification be done even in a point release ? TIA, Z. -- To UNSUBSCRIBE, email to debian-boot-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4e219a49.8020...@gmail.com
