Good everning,
I just experienced that, when setting up a new Fedora, Anaconda (both
"Custom" and "Advanced Custom (Blivet-GUI)") always uses aes-xts-plain64
for disk encryption, even if the hardware does not support AES-NI.
Does it make sense to use xchacha12,aes-adiantum-plain64 by default if
there is no AES-NI in the hardware?
For a general use case, the security advantages of Adiantum can be
neglected; both aes-xts & chacha-adiantum are secure.
But there are big performance disadvantages of AES when there is no
AES-NI (this was the major reason for merging Adiantum into the kernel).
Besides the use of system resources, netbooks and such may have strongly
decreased battery life times with aes-xts (the issue is primarily aes,
not xts).
I tested with Fedora 35, KDE spin; but as the issue is Anaconda-centric,
I expect that other Workstation installations tend to the same behavior.
Adjustments would be limited to Anaconda.
Regards & stay safe,
Chris
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
