Mailing List Archive

From:: Kevin Chadwick <kc-openbsd@chadwicks.me.uk>
Subject:: Re: Deprecate vnconfig encryption
To:: tech@openbsd.org
Date:: Thu, 18 Sep 2025 10:18:05 +0100

Download raw body.

Thread

2025-09-17 15:32 Jeremie Courreges-Anglas:
Deprecate vnconfig encryption (was: Re: Replace Blowfish with AES in vnode disk driver)
2025-09-17 16:12 Crystal Kolipe:
Deprecate vnconfig encryption (was: Re: Replace Blowfish with AES in vnode disk driver)
2025-09-18 09:18 Kevin Chadwick:
Deprecate vnconfig encryption
2025-09-18 12:16 Filip Cernoch:
Deprecate vnconfig encryption
2025-09-18 13:17 kc-openbsd@chadwicks.me.uk:
Deprecate vnconfig encryption

On 17/09/2025 16:32, Jeremie Courreges-Anglas wrote:
>   revision 1.15
>   date: 2014/05/30 16:14:19;  author: tedu;  state: Exp;  lines: +5 -1;
>   WARNING: Encrypted vnd is insecure.
>   Migrate your data to softraid before 5.7.
> 
> Again, the diff* I proposed doesn't remove the code, it adds a louder
> warning that makes it clear that people should migrate *now*,
> something that was lacking.  I think I'm pretty far from doing a
> reckless proposal here.

I believe Blowfish is more secure than AES and Twofish so how is Blowfish
insecure. To do with large filesystem sizes or CBC vs XTS?

If it saves space on the CD or reduces maintenance then anyone needing to
recover data can always install an old OpenBSD though.

2025-09-17 15:32 Jeremie Courreges-Anglas:
Deprecate vnconfig encryption (was: Re: Replace Blowfish with AES in vnode disk driver)
2025-09-17 16:12 Crystal Kolipe:
Deprecate vnconfig encryption (was: Re: Replace Blowfish with AES in vnode disk driver)
2025-09-18 09:18 Kevin Chadwick:
Deprecate vnconfig encryption
2025-09-18 12:16 Filip Cernoch:
Deprecate vnconfig encryption
2025-09-18 13:17 kc-openbsd@chadwicks.me.uk:
Deprecate vnconfig encryption