Package: gnome-disk-utility Version: all Severity: serious Hi. I noticed Gnome Disks uses AES-128 by default instead of AES-256 like Debian does out of the box. Having 256 bit symmetric keys is good practice for long term security especially in a coming era of quantum computers. (Whether they materialize or not is deabatble but why not have a sufficient margin if it's easy enough?) It is also the recommended level by NIST.
This is verified by running: # cryptsetup luksDump --debug <device> AES in XTS mode uses a keysize double its bit size (512 in this case) since with XTS the key is split in 2 so you actually get AES with 256-bit keys. A partition created by Gnome Disks shows it's only using MK size 256 instead of the expected 512. Please modify the source to pass 512 bit size to cryptsetup. For more details and original research by me see: https://www.whonix.org/wiki/Full_Disk_Encryption_and_Encrypted_Images#Protection_Against_Powerful_Adversaries
