On Tue, Sep 16, 2025 at 06:09:32PM +0000, Filip Cernoch wrote:
> On 25/09/16 06:22PM, Alexander Bluhm wrote:
> > Does this prevent recovery for all existing disk images which are
> > encrypted with blowfish?
> > 
> > vnd(4) encryption is legacy, use softraid(4) instead.
> > 
> > bluhm
> You're right, I didn't think it think of somebody still using the
> Blowfish encryption and therefor still needing it. 
> 
> Would you suggest leaving it like the way it's now (because it's legacy
> and it's not useful to anybody besides the people who still use for one
> reason or the other) or would adding AES on top of what's  already 
> there, i.e. making an additional function that does the same but with 
> AES better? I don't want to do something that's essentially useless.

Should vnconfig move from blowfish, it should probably be to a scheme
actually designed for data storage like AES-XTS (like softraid CRYPTO)
or similar.

  https://en.wikipedia.org/wiki/Disk_encryption_theory

I'm no crypto expert, but I doubt that moving from blowfish-CBC to
AES-CBC would be a big win.

-- 
jca