Mailing List Archive

From:: Damien Miller <djm@mindrot.org>
Subject:: Re: Replace Blowfish with AES in vnode disk driver
To:: Jeremie Courreges-Anglas <jca@wxcvbn.org>
Cc:: Filip Cernoch <filipcernoch@posteo.net>, tech@openbsd.org
Date:: Wed, 17 Sep 2025 09:29:12 +1000

Download raw body.

Thread

2025-09-16 18:09 Filip Cernoch:
Replace Blowfish with AES in vnode disk driver
- 2025-09-16 23:24 Jeremie Courreges-Anglas:
  Replace Blowfish with AES in vnode disk driver
- - 2025-09-16 23:29 Damien Miller:
    Replace Blowfish with AES in vnode disk driver
  - - 2025-09-16 23:42 Jeremie Courreges-Anglas:
      Replace Blowfish with AES in vnode disk driver
    - - 2025-09-17 11:44 Crystal Kolipe:
        Replace Blowfish with AES in vnode disk driver

On Wed, 17 Sep 2025, Jeremie Courreges-Anglas wrote:

> Should vnconfig move from blowfish, it should probably be to a scheme
> actually designed for data storage like AES-XTS (like softraid CRYPTO)
> or similar.
> 
>   https://en.wikipedia.org/wiki/Disk_encryption_theory
> 
> I'm no crypto expert, but I doubt that moving from blowfish-CBC to
> AES-CBC would be a big win.

softraid already uses AES-XTS for encrypted volumes. IMO vnconfig
crypto is just legacy and should be removed.

2025-09-16 18:09 Filip Cernoch:
Replace Blowfish with AES in vnode disk driver
- 2025-09-16 23:24 Jeremie Courreges-Anglas:
  Replace Blowfish with AES in vnode disk driver
- - 2025-09-16 23:29 Damien Miller:
    Replace Blowfish with AES in vnode disk driver
  - - 2025-09-16 23:42 Jeremie Courreges-Anglas:
      Replace Blowfish with AES in vnode disk driver
    - - 2025-09-17 11:44 Crystal Kolipe:
        Replace Blowfish with AES in vnode disk driver