From: Kevin Chadwick <kc-openbsd@chadwicks.me.uk>
Subject: Re: Deprecate vnconfig encryption
To: tech@openbsd.org
Date: Thu, 18 Sep 2025 10:18:05 +0100

On 17/09/2025 16:32, Jeremie Courreges-Anglas wrote:
>   revision 1.15
>   date: 2014/05/30 16:14:19;  author: tedu;  state: Exp;  lines: +5 -1;
>   WARNING: Encrypted vnd is insecure.
>   Migrate your data to softraid before 5.7.
> 
> Again, the diff* I proposed doesn't remove the code, it adds a louder
> warning that makes it clear that people should migrate *now*,
> something that was lacking.  I think I'm pretty far from doing a
> reckless proposal here.

I believe Blowfish is more secure than AES and Twofish so how is Blowfish
insecure. To do with large filesystem sizes or CBC vs XTS?

If it saves space on the CD or reduces maintenance then anyone needing to
recover data can always install an old OpenBSD though.