Bug#910249: Bumping up encryption to AES-256 by default
procmem
procmem at riseup.net
Wed Oct 3 23:31:00 BST 2018
Package: gnome-disk-utility
Version: all
Severity: serious
Hi. I noticed Gnome Disks uses AES-128 by default instead of AES-256
like Debian does out of the box. Having 256 bit symmetric keys is good
practice for long term security especially in a coming era of quantum
computers. (Whether they materialize or not is deabatble but why not
have a sufficient margin if it's easy enough?) It is also the
recommended level by NIST.
This is verified by running:
# cryptsetup luksDump --debug <device>
AES in XTS mode uses a keysize double its bit size (512 in this case)
since with XTS the key is split in 2 so you actually get AES with
256-bit keys.
A partition created by Gnome Disks shows it's only using MK size 256
instead of the expected 512. Please modify the source to pass 512 bit
size to cryptsetup.
For more details and original research by me see:
https://www.whonix.org/wiki/Full_Disk_Encryption_and_Encrypted_Images#Protection_Against_Powerful_Adversaries
More information about the pkg-gnome-maintainers
mailing list