ChaCha8/12/20 and GEOM ELI tests
Vsevolod Stakhov
vsevolod at highsecure.ru
Fri Jan 16 00:24:17 UTC 2015
On 16/01/15 00:00, rozhuk.im at gmail.com wrote:
>> I'm very happy that you have spent the time to play with GELI code and
>> I hope you will continue to work on it, but this particular change
>> won't be accepted as part of GELI, please accept that even if you don't
>> fully agree. Stream ciphers are not compatible with GELI design.
>
> Hopefully ChaCha gets into /dev/crypto.
>
>
>> Using chacha might be a better fit for GBDE, where encryption keys are
>> generated and stored for every write, so there should be no risk with
>> reusing a key stream. This of course also require further analysis.
>>
>> If you would like to spend some more time with GELI, I'd suggest for
>> starters to preparing a patch that removes support for MD5, SHA1 and
>> RIPEMD160.
>
> Options I have not so much.
> 1. Drink vodka and use slow AES-XTS :)
> 2. Use ChaCha GELI private patch
> 3. Write Geom node.
>
> Cipher = ChaCha/XChaCha
> Hash = Blake2 - https://blake2.net/
> Key1 = key for cipher
> Key2 = key hor HMAC
> IV = HMAC(Key2, ('plain text data' + 'sector num')) = (8/24 bytes)
>
What about the fourth funny option - trying threefish which is claimed
to be a very fast tweakable block cipher?
More information about the freebsd-geom
mailing list