> On 08.12.2017, at 03:51, Jason A. Donenfeld wrote:
>
> Hi Eric,
>
> Nice to see more use of ChaCha20. However...
>
> Can we skip over the "sort of worse than XTS, but not having _real_
> authentication sucks anyway in either case, so whatever" and move
> directly to, "linux finally supports
On Fri, Dec 08, 2017 at 07:48:54PM -0500, Jeffrey Walton wrote:
> > Still, a stream cipher is sufficient to protect data confidentiality in
> > the event of a single point-in-time permanent offline compromise of the
> > disk, which currently is the primary threat model for fscrypt. Thus,
> > when
> Still, a stream cipher is sufficient to protect data confidentiality in
> the event of a single point-in-time permanent offline compromise of the
> disk, which currently is the primary threat model for fscrypt. Thus,
> when the alternative is quite literally *no encryption*, we might as
> well u
On Fri, Dec 08, 2017 at 07:20:43AM +, Ard Biesheuvel wrote:
> On 8 December 2017 at 02:51, Jason A. Donenfeld wrote:
> > Hi Eric,
> >
> > Nice to see more use of ChaCha20. However...
> >
> > Can we skip over the "sort of worse than XTS, but not having _real_
> > authentication sucks anyway in
On 8 December 2017 at 10:14, Stephan Mueller wrote:
> Am Freitag, 8. Dezember 2017, 11:06:31 CET schrieb Ard Biesheuvel:
>
> Hi Ard,
>
>>
>> Given how it is not uncommon for counters to be used as IV, this is a
>> fundamental flaw that could rear its head in other places as well, so
>> I propose w
Am Freitag, 8. Dezember 2017, 11:06:31 CET schrieb Ard Biesheuvel:
Hi Ard,
>
> Given how it is not uncommon for counters to be used as IV, this is a
> fundamental flaw that could rear its head in other places as well, so
> I propose we fix this one way (fix the current code) or the other
> (depr
On 8 December 2017 at 09:11, Ard Biesheuvel wrote:
> On 8 December 2017 at 09:11, Ard Biesheuvel wrote:
>> Hi Eric,
>>
>> On 8 December 2017 at 01:38, Eric Biggers wrote:
>>> From: Eric Biggers
>>>
>>> fscrypt currently only supports AES encryption. However, many low-end
>>> mobile devices sti
On 8 December 2017 at 09:11, Ard Biesheuvel wrote:
> Hi Eric,
>
> On 8 December 2017 at 01:38, Eric Biggers wrote:
>> From: Eric Biggers
>>
>> fscrypt currently only supports AES encryption. However, many low-end
>> mobile devices still use older CPUs such as ARMv7, which do not support
>> the
Hi Eric,
On 8 December 2017 at 01:38, Eric Biggers wrote:
> From: Eric Biggers
>
> fscrypt currently only supports AES encryption. However, many low-end
> mobile devices still use older CPUs such as ARMv7, which do not support
> the AES instructions (the ARMv8 Cryptography Extensions). This re
On 8 December 2017 at 02:51, Jason A. Donenfeld wrote:
> Hi Eric,
>
> Nice to see more use of ChaCha20. However...
>
> Can we skip over the "sort of worse than XTS, but not having _real_
> authentication sucks anyway in either case, so whatever" and move
> directly to, "linux finally supports auth
Hi Eric,
Nice to see more use of ChaCha20. However...
Can we skip over the "sort of worse than XTS, but not having _real_
authentication sucks anyway in either case, so whatever" and move
directly to, "linux finally supports authenticated encryption for disk
encryption!"? This would be a big deal
From: Eric Biggers
fscrypt currently only supports AES encryption. However, many low-end
mobile devices still use older CPUs such as ARMv7, which do not support
the AES instructions (the ARMv8 Cryptography Extensions). This results
in very poor AES performance, even if the NEON bit-sliced imple
12 matches
Mail list logo
