freebsd-skq/sys/geom/eli
John Baldwin 5c420aae3b Add deprecation warnings for weaker algorithms to geli(4).
- Triple DES has been formally deprecated in Kerberos (RFC 8429)
  and is soon to be deprecated in IPsec (RFC 8221).
- Blowfish is deprecated.  FreeBSD doesn't support its successor
  (Twofish).
- MD5 is generally considered a weak digest that has known attacks.

geli refuses to create new volumes using these algorithms via 'geli
init'.  It also warns when attaching to existing volumes or creating
temporary volumes via 'geli onetime' .  The plan is to fully remove
support for these algorithms in FreeBSD 13.

Note that none of these algorithms have ever been the default
algorithm used by geli(8).  Users would have had to explicitly select
these algorithms when creating volumes in the past.

Reviewed by:	cem, delphij
MFC after:	3 days
Relnotes:	yes
Sponsored by:	Chelsio Communications
Differential Revision:	https://reviews.freebsd.org/D20344
2019-05-23 22:31:55 +00:00
..
g_eli_crypto.c Make geli(8) buildable. 2018-09-19 07:08:04 +00:00
g_eli_ctl.c Implement automatic online expansion of GELI providers - if the underlying 2019-04-03 23:57:37 +00:00
g_eli_hmac.c When building standalone, include stand.h rather than the kernel 2017-12-05 21:37:32 +00:00
g_eli_integrity.c OpenCrypto: Convert sessions to opaque handles instead of integers 2018-07-18 00:56:25 +00:00
g_eli_key_cache.c Implement automatic online expansion of GELI providers - if the underlying 2019-04-03 23:57:37 +00:00
g_eli_key.c Introduce the 'n' flag for the geli attach command. 2018-05-09 20:53:38 +00:00
g_eli_privacy.c OpenCrypto: Convert sessions to opaque handles instead of integers 2018-07-18 00:56:25 +00:00
g_eli.c Add deprecation warnings for weaker algorithms to geli(4). 2019-05-23 22:31:55 +00:00
g_eli.h Implement automatic online expansion of GELI providers - if the underlying 2019-04-03 23:57:37 +00:00
pkcs5v2.c We don't need both _STAND and _STANDALONE. There's more places that 2017-12-02 00:07:09 +00:00
pkcs5v2.h sys/geom: adoption of SPDX licensing ID tags. 2017-11-27 15:17:37 +00:00