[OMV4 only] Default cipher is aes-cbc, which is deprecated. Default cipher should be aes-xts [is default in OMV5]

Question

[OMV4 only] Default cipher is aes-cbc, which is deprecated. Default cipher should be aes-xts [is default in OMV5]

Wikinaut opened this issue 5 years ago · 1 comments

Cipher aes-cbc appears to be your default standard but should be replaced by aes-xts.
see https://www.jakoblell.com/blog/2013/12/22/practical-malleability-attack-against-cbc-encrypted-luks-partitions/

"Der Cipher 'aes-cbc' kann vom aktuellem Standpunkt nicht mehr als sicher eingestuft werden und sollte dringend in nächster Zeit gegen 'aes-xts' ausgetauscht werden."

Answer 1 · 2020-05-03T10:27:16.000Z

This issue was observed with version OpenMediaVault 4.x.
The newer OpenMediaVault 5.x and the plugin uses - this may be because of the newer kernel and LUKS software - aes-xts as default cipher, which looks fine to me.