On Wed, Sep 17, 2025 at 02:27:35PM +0100, Crystal Kolipe wrote:
> On Wed, Sep 17, 2025 at 02:29:34PM +0200, Jeremie Courreges-Anglas wrote:
> > On Wed, Sep 17, 2025 at 12:44:35PM +0100, Crystal Kolipe wrote:
> > > On Wed, Sep 17, 2025 at 01:42:59AM +0200, Jeremie Courreges-Anglas wrote:
> > > > On Wed, Sep 17, 2025 at 09:29:12AM +1000, Damien Miller wrote:
> > > > > On Wed, 17 Sep 2025, Jeremie Courreges-Anglas wrote:
> > > > > 
> > > > > > Should vnconfig move from blowfish, it should probably be to a scheme
> > > > > > actually designed for data storage like AES-XTS (like softraid CRYPTO)
> > > > > > or similar.
> > > > > > 
> > > > > >   https://en.wikipedia.org/wiki/Disk_encryption_theory
> > > > > > 
> > > > > > I'm no crypto expert, but I doubt that moving from blowfish-CBC to
> > > > > > AES-CBC would be a big win.
> > > > > 
> > > > > softraid already uses AES-XTS for encrypted volumes.
> > > > 
> > > > Yup.
> > > > 
> > > > > IMO vnconfig
> > > > > crypto is just legacy and should be removed.
> > > > 
> > > > From looking at the code, vnconfig already says:
> > > > 
> > > >   WARNING: Consider using softraid crypto.
> > > > 
> > > > Maybe we should make it clear that we're going to remove this code,
> > > > say, for 7.9?  If people actually wanted to keep using this, I guess
> > > > someone would have stepped up by now.
> > > 
> > > Surely it's more likely that anyone who is already using it would just ignore
> > > the warning and assume that it's aimed at new users?  Exactly because there is
> > > no mention of the vnconfig encryption support being removed.
> > > 
> > > Why not start by making the related options undocumented in the manual?
> > 
> > You're saying people ignore the warning because it doesn't mention a
> > pending removal, but instead of fixing that, you make it harder for
> > users to get at the documentation needed to migrate their data.
> 
> Existing users of encrypted vnd will already know how to mount these volumes.

I'll repeat myself: I strongly disagree that we should make
documentation unreachable from the users that might need it.
 
> (Unless we considering the case where somebody finds such a file on an ancient
> backup and has no idea what it is.)
> 
> We actively want to discourage the creation of new vnd encrypted volumes.
>
> > It seems we all agree that these options should be removed, so ok for
> > the diff below?
> 
> Are you sure that there is indeed sufficient agreement that encryption support
> is going to be imminently removed from vnd?
> 
> I didn't think that decision had been met yet.

The decision happens when developers agree, the diff is on the list.
If people disagree they need to answer the proposal.  I have adjusted
the subject of the mail to better reflect it.

> There is at least one use case where softraid crypto is NOT currently a
> workable alternative.
> 
> If you have a read-only device with a vnd encrypted image on it, you can
> happily mount and use it.  Currently, softraid crypto does not support
> read-only devices.
> 
> I actually posted patches to -tech to add support for that, so if you want to
> remove vnd encryption support and push people to softraid crypto, at least the
> code has been written and tested.  But It's not in cvs, so such existing users
> of vnd crypto would be left without a migration path if you push forward with
> it's removal.

I understand you'd like your softraid patch to be considered, but I
doubt that the use case you mention prevents the removal of vnconfig
encryption support.  Do you actually use vnconfig encryption?

-- 
jca