Bug#910249: Bumping up encryption to AES-256 by default

Jeremy Bicha jbicha at debian.org
Thu Oct 4 00:21:00 BST 2018


On Wed, Oct 3, 2018 at 6:36 PM procmem <procmem at riseup.net> wrote:
> Package: gnome-disk-utility
> Version: all
> Severity: serious
>
> Hi. I noticed Gnome Disks uses AES-128 by default instead of AES-256
> like Debian does out of the box. Having 256 bit symmetric keys is good
> practice for long term security especially in a coming era of quantum
> computers. (Whether they materialize or not is deabatble but why not
> have a sufficient margin if it's easy enough?) It is also the
> recommended level by NIST.

Please report this issue to the GNOME Disks developers:
https://gitlab.gnome.org/GNOME/gnome-disk-utility/issues

>From what I can tell, Disks uses udisks2 which uses libblockdev. The
libblockdev default is 256 bits.

https://github.com/storaged-project/libblockdev/blob/master/src/plugins/crypto.h#L39

So I'm not sure if the libblockdev default should be changed or if
that's something that GNOME Disks is supposed to handle itself.

Thanks,
Jeremy Bicha



More information about the pkg-gnome-maintainers mailing list