Been waiting for a while to see some current encryption added to openbsd. Surprised it has not been already, and frankly find it weak that the 'worlds most secure OS' does not have current encryption. Why is this?
I use vnconfig for encryption, which uses Blowfish. Blowfish is old, early 1990's. 64-bit block size. I realize there is no known cryptanalysis of it out in the public domain. But I would feel safer using AES (Rijndael), Serpent, or Twofish. Something with a 128-bit block size (and 256-bit key). Something that is recommended and in use as a current standard. Even Bruce Schneier, blowfish's creator has recommended that a stronger cipher be used. "At this point, though, I'm amazed it's still being used. If people ask, I recommend Twofish instead." from http://www.computerworld.com.au/article/46254/bruce_almighty_schneier_preaches_security_linux_faithful?pp=1&fp=4194304&fpid=1 on page 3 of article He also recently blogged about some attacks on AES, although none are effective against all 14 rounds What cipher is used to protect confidential information on the SECRET and TOP SECRET levels? Its not blowfish, its AES-256. I love OpenBSD, been using it since 3.3. Bought my 3.6 CD set and a few t-shirts to support the project (Was surprised to read recently that t-shirts do not directly support the project. Something else that needs to be fixed. I know I'll buy more t-shirts, but CD sets are doubtful) Tried to donate some old mac ppc hardware to support the project, but never got a response from developers. I want to continue using it and supporting it. But the operating system that is so focused on security needs some cipher updates. Options for people to choose from, not just old blowfish. I am writing this because i am torn. On one end, the OS I love, am familiar with, and includes so many great security features, by default. On the other end, is this concern about encryption and openbsd's lack of it. I am considering using any linux flavor, because they all support AES(Rijndael) as well as the the most popular finalists for AES, like Serpent and Twofish. I want to use OpenBSD, but need to use the AES cipher. I do not feel safe with just blowfish. Blowfish just does not 'cut it' Please update the OS to include these new encryption standards. If someone can explain why openbsd still only uses blowfish, after all this time, that would be helpful too. If this is the case, it is time for me to look for a secure operating system. Something with ciphers that are current, relevant, and still recommended for use J-BSD
