[Whonix-devel] Bug#910249: Bumping up encryption to AES-256 by default

procmem procmem at riseup.net
Thu Oct 4 02:43:48 CEST 2018

Jeremy Bicha:
> On Wed, Oct 3, 2018 at 6:36 PM procmem <procmem at riseup.net> wrote:
>> Package: gnome-disk-utility
>> Version: all
>> Severity: serious
>> Hi. I noticed Gnome Disks uses AES-128 by default instead of AES-256
>> like Debian does out of the box. Having 256 bit symmetric keys is good
>> practice for long term security especially in a coming era of quantum
>> computers. (Whether they materialize or not is deabatble but why not
>> have a sufficient margin if it's easy enough?) It is also the
>> recommended level by NIST.
> Please report this issue to the GNOME Disks developers:
> https://gitlab.gnome.org/GNOME/gnome-disk-utility/issues
> From what I can tell, Disks uses udisks2 which uses libblockdev. The
> libblockdev default is 256 bits.
> https://github.com/storaged-project/libblockdev/blob/master/src/plugins/crypto.h#L39
> So I'm not sure if the libblockdev default should be changed or if
> that's something that GNOME Disks is supposed to handle itself.
> Thanks,
> Jeremy Bicha

Thanks for pointing me to the code and upstream bugtracker :) I've
opened a ticket on GNOME here:


Feel free to close the ticket here because it's not related to you guys.

More information about the Whonix-devel mailing list