From: Damien Miller <djm@mindrot.org>
Subject: Re: Replace Blowfish with AES in vnode disk driver
To: Jeremie Courreges-Anglas <jca@wxcvbn.org>
Cc: Filip Cernoch <filipcernoch@posteo.net>, tech@openbsd.org
Date: Wed, 17 Sep 2025 09:29:12 +1000

On Wed, 17 Sep 2025, Jeremie Courreges-Anglas wrote:

> Should vnconfig move from blowfish, it should probably be to a scheme
> actually designed for data storage like AES-XTS (like softraid CRYPTO)
> or similar.
> 
>   https://en.wikipedia.org/wiki/Disk_encryption_theory
> 
> I'm no crypto expert, but I doubt that moving from blowfish-CBC to
> AES-CBC would be a big win.

softraid already uses AES-XTS for encrypted volumes. IMO vnconfig
crypto is just legacy and should be removed.