Date: Fri, 16 Jan 2015 00:24:05 +0000 From: Vsevolod Stakhov <vsevolod@highsecure.ru> To: Rozhuk.IM@gmail.com Cc: freebsd-hackers@freebsd.org, 'Adam Nowacki' <nowakpl@platinum.linux.pl>, 'freebsd-geom' <freebsd-geom@freebsd.org> Subject: Re: ChaCha8/12/20 and GEOM ELI tests Message-ID: <54B85A25.6010806@highsecure.ru> In-Reply-To: <54b85491.4925980a.17c4.2b00@mx.google.com> References: <54B4AE55.9090205@platinum.linux.pl> <54b5d299.4914980a.61cd.43a6@mx.google.com> <20150114041708.GA3189@reks> <54b601ec.0515980a.0c9c.47e1@mx.google.com> <20150114082019.GA3669@reks> <54b6ae4c.0905990a.6c9c.642e@mx.google.com> <CAHsZcQH1BTz0Yn%2BxsRFjBxizOLaR=40Rh%2B_3TEmt6Q2mALTOog@mail.gmail.com> <54b6b91b.2aa3700a.3a6c.47b5@mx.google.com> <54B6C6B7.4070407@platinum.linux.pl> <54b709fb.0739700a.2970.ffffa14a@mx.google.com> <20150115150316.GB1190@garage.freebsd.pl> <54b85491.4925980a.17c4.2b00@mx.google.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 16/01/15 00:00, rozhuk.im@gmail.com wrote: >> I'm very happy that you have spent the time to play with GELI code and >> I hope you will continue to work on it, but this particular change >> won't be accepted as part of GELI, please accept that even if you don't >> fully agree. Stream ciphers are not compatible with GELI design. > > Hopefully ChaCha gets into /dev/crypto. > > >> Using chacha might be a better fit for GBDE, where encryption keys are >> generated and stored for every write, so there should be no risk with >> reusing a key stream. This of course also require further analysis. >> >> If you would like to spend some more time with GELI, I'd suggest for >> starters to preparing a patch that removes support for MD5, SHA1 and >> RIPEMD160. > > Options I have not so much. > 1. Drink vodka and use slow AES-XTS :) > 2. Use ChaCha GELI private patch > 3. Write Geom node. > > Cipher = ChaCha/XChaCha > Hash = Blake2 - https://blake2.net/ > Key1 = key for cipher > Key2 = key hor HMAC > IV = HMAC(Key2, ('plain text data' + 'sector num')) = (8/24 bytes) > What about the fourth funny option - trying threefish which is claimed to be a very fast tweakable block cipher?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54B85A25.6010806>