On 2025/09/17 01:42, Jeremie Courreges-Anglas wrote:
> On Wed, Sep 17, 2025 at 09:29:12AM +1000, Damien Miller wrote:
> > On Wed, 17 Sep 2025, Jeremie Courreges-Anglas wrote:
> > 
> > > Should vnconfig move from blowfish, it should probably be to a scheme
> > > actually designed for data storage like AES-XTS (like softraid CRYPTO)
> > > or similar.
> > > 
> > >   https://en.wikipedia.org/wiki/Disk_encryption_theory
> > > 
> > > I'm no crypto expert, but I doubt that moving from blowfish-CBC to
> > > AES-CBC would be a big win.
> > 
> > softraid already uses AES-XTS for encrypted volumes.
> 
> Yup.
> 
> > IMO vnconfig
> > crypto is just legacy and should be removed.
> 
> From looking at the code, vnconfig already says:
> 
>   WARNING: Consider using softraid crypto.
> 
> Maybe we should make it clear that we're going to remove this code,
> say, for 7.9?  If people actually wanted to keep using this, I guess
> someone would have stepped up by now.

I don't see much point in waiting. If it's going to be removed sometime
then imho doing it now and adding a warning in current.html -> upgrade78.html
that it has been removed should be enough.