5c420aae3b
- Triple DES has been formally deprecated in Kerberos (RFC 8429) and is soon to be deprecated in IPsec (RFC 8221). - Blowfish is deprecated. FreeBSD doesn't support its successor (Twofish). - MD5 is generally considered a weak digest that has known attacks. geli refuses to create new volumes using these algorithms via 'geli init'. It also warns when attaching to existing volumes or creating temporary volumes via 'geli onetime' . The plan is to fully remove support for these algorithms in FreeBSD 13. Note that none of these algorithms have ever been the default algorithm used by geli(8). Users would have had to explicitly select these algorithms when creating volumes in the past. Reviewed by: cem, delphij MFC after: 3 days Relnotes: yes Sponsored by: Chelsio Communications Differential Revision: https://reviews.freebsd.org/D20344 |
||
---|---|---|
.. | ||
g_eli_crypto.c | ||
g_eli_ctl.c | ||
g_eli_hmac.c | ||
g_eli_integrity.c | ||
g_eli_key_cache.c | ||
g_eli_key.c | ||
g_eli_privacy.c | ||
g_eli.c | ||
g_eli.h | ||
pkcs5v2.c | ||
pkcs5v2.h |