Author: goupille Date: To: tails-dev Subject: [Tails-dev] thoughts about the persistence encryption
Hi !
we received complaints from a user about the persistence encryption. basically, I don't really know what I'm talking about, so that's a resumee of that user's remarks (without the bad words) :
AES : the fact that moderns hardware are shipping dedicated AES modules is a risk (potentiality of unknown features in those modules). the user proposes to use Serpent instead (which is less subject to that threat)
SHA1 : using SHA1 today is very bad, SHA512 should be the default
keysize: with a keysize of 256 in XTS method the real keysize to factor against is already only 128 (if the everything else in the implementation is robust). he seems to think that AES-128 is not safe at all against a government and doesn't trust so much AES-256. since there is no "significant performance hit", and due to XTS, the default keysize should be 512 bits.
iteration time: it is low for slow systems, and Tails is aimed to work on relatively slow systems it should be increased