From: Filip Cernoch <filipcernoch@posteo.net>
Subject: Re: Deprecate vnconfig encryption
To: Kevin Chadwick <kc-openbsd@chadwicks.me.uk>, tech@openbsd.org
Date: Thu, 18 Sep 2025 12:16:37 +0000

On 25/09/18 10:18AM, Kevin Chadwick wrote:
> I believe Blowfish is more secure than AES and Twofish so how is Blowfish
> insecure. To do with large filesystem sizes or CBC vs XTS?
> 
> If it saves space on the CD or reduces maintenance then anyone needing to
> recover data can always install an old OpenBSD though.
One argument for AES is that it can be hardware-accelerated on amd64
and some ARM machines, which as far I know it isn't currently, at least
not when using sys/crypto/aes.h like I did in my diff. But I also don't
know whether to use hardware-accelerated AES doesn't bring in new 
problems like it being less portable.