Update default drive encryption to AES-256
Bug #1577619 reported by
kon in
This bug affects 2 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| cryptsetup (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
Bug Description
Currently, the latest version of Ubuntu encrypts new installations with AES-256 (512 bits halved). But when you encrypt an external drive using Ubuntu's default Format+Create LUKS partition once the operating system is installed, it only encrypts it with AES-128 as far as I can see (256 bits halved). Why is this the case?
I see no reason not to upgrade it to AES-256 and can help protect, to an extent, future quantum computing attacks where AES-128 would become much less resilient in comparison.
P.S. Any possibility of OCB (patent-free for GPL) or GCM to be included in block ciphers in the future (not an expert in this area so correct me if I am wrong to assume they are going to be better than what we have now)?
Thank you.
Revision history for this message
| Launchpad Janitor (janitor) wrote | #1 |
| Changed in cryptsetup (Ubuntu): | |
| status: | New → Confirmed |
Revision history for this message
| Jim Baxter (jbaxter) wrote | #2 |
To post a comment you must log in.
Status changed to 'Confirmed' because the bug affects multiple users.