Re: Hardware without AES-NI: use xchacha12/Adiantum instead of AES-XTS

2022-06-08 Thread Casper
Thanks for your answer Chris. ``` blackbird:~ # cryptsetup benchmark -c aes-xts-plain64 --key-size 512 # Tests approximatifs en utilisant uniquement la mémoire (pas de stockage E/S). # Algorithme | Clé | Chiffrement |Déchiffrement aes-xts512b84,3 MiB/s83,5

Re: Hardware without AES-NI: use xchacha12/Adiantum instead of AES-XTS

2022-06-08 Thread Christopher Klooz
The irony is that XTS uses two different keys for different parts of the operation. This means that AES-XTS-256 is AES128 and AES-XTS-512 is AES256 (security is not increased by the second key). So, you compared AES with 128 bit encryption with XChaCha with 256 bit. And despite the doubled key

Re: Hardware without AES-NI: use xchacha12/Adiantum instead of AES-XTS

2022-06-07 Thread Casper
I was curious to see if changes were significant on my old Asus laptop: ``` blackbird:~ # cryptsetup benchmark -c xchacha20,aes-adiantum # Tests approximatifs en utilisant uniquement la mémoire (pas de stockage E/S). #Algorithme | Clé | Chiffrement |Déchif

Hardware without AES-NI: use xchacha12/Adiantum instead of AES-XTS

2022-04-20 Thread py0xc3
Good everning, I just experienced that, when setting up a new Fedora, Anaconda (both "Custom" and "Advanced Custom (Blivet-GUI)") always uses aes-xts-plain64 for disk encryption, even if the hardware does not support AES-NI. Does it make sense to use xchacha12,aes-adiantum-plain64 by default