Is there a way to install OpenSUSE 13.2 with system encryption using the more recent 512 key size for AES xts-plain-64?
After installing OpenSUSE 13.2 with Yast or the default installer, cryptsetup luksDump on /dev/sda2 says the key is 256 bits (effectively this is 128 bits for XTS mode).
Other distributions notably Fedora 21, CentOS 7 and Ubuntu 14 are using 512 bits for XTS for system encryption (effectively 256 bits), which I verified on other systems with the same method.
Now it is true that cryptsetup itself defaults to 256 bits for XTS for LUKS when creating new volumes, but 512 is being adopted for system encryption. I’d prefer that and it makes me worry OpenSUSE might not be keeping up to date on security settings, or it has its own policy. I don’t know and couldn’t find any information.
misc: I also checked Debian Jessie RC1 installer and it’s also defaulting with 512 bit key (it’s listed as 256 but multiplies by 2 automatically, it’s also the only installer I could find that lets you configure it in the GUI).
Actually, this choice is put on the distro’s developers hands. You can, however, change the KEY size to 512 on install (thus making it effective 256 bit because of XTS splitting). I’ll post instructions on how to do this if you want, but it’s probably going to be very hard to do so, specially if you want to change from AES to Twofish or Serpent (smart choice to do so).
Can you post the results of “cryptsetup status your_encrypted_partition”?
I couldn’t change the KEY size neither the encryption algorithm. I did everything correctly, but still at the end the system doesn’t recognize my encrypted partition. I even stopped the installation at the end (when it wants to reboot) and logged into a tty so I could edit /etc/crypttab, but all efforts are useless.
Since I have clinical paranoia, I’m stick with Debian for the moment
The mailing list said the low key size was not intentional, so I’ve filed a bug.
I didn’t file one for installer features because none of the other distros have them either (except Debian, and it’s not extremely intuitive) and personally I’m ok with a sane default. Feel free to make one…
After a lot of reading I came to the conclusion that 128 bit Key is, well, more recommended that 256, and it’s obviously faster. And since I can’t use Bruce’s Twofish on openSUSE, I might as well trust his opinion on AES, right?
I know it’s not unanimous, but that attack is from 2009-2010. I take 512 bits (256) making it into latest RHEL/CentOS as not agreeing or the defacto standard. Truecrypt also stayed with aes-256 until the end. But it is true cryptsetup itself defaults to 256 (128).
For ciphers, in the past I used Truecrypt Serpent-AES on volumes just so I wouldn’t have to worry, but it was excessive. The one practical advantage to AES, it’s hardware-accelerated in newer processors and devices. It makes a very large difference now, see screenshot I saved some time ago: http://imgur.com/jBeACrg
FYI, they cancelled the bug I reported which requested solely a switch of the default key size. Their answer was:
So there are already at least four feature requests in this area - some
for several years. As long as product management sees other features as
more important the YaST team does not have the time to work on the issue.
So thanks for your answers but I’ll move to another distribution.