-
Notifications
You must be signed in to change notification settings - Fork 980
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Better alternatives for data encryption #5254
Comments
Also related: #5174 JuiceFS could learn from Restic encryption (alsor programmed in Go): https://restic.readthedocs.io/en/v0.4.0/Design/ |
Restic format is already "legacy", which uses scrypt for kdf, which is a second choice after argon2id according to OWASP, AES-CTR with Poly1305-AES is also "legacy" with less support compared with AES-256-GCM or xChaCha20-Poly1305 cf. https://soatok.blog/2020/07/12/comparison-of-symmetric-encryption-methods/ |
Sounds, can you send PR for these? |
Can i take this up if no one is working on it? |
Sure, no one is working on this |
Hey @ab-shrek are you still working on the issue? |
Hey @vivekcode101 I am not working on this. Feel free to take it up |
The current data at rest encryption design with RSA private key is both slow and insecure (crackable passphrase and not quantum safe, which is esp. problematic for data at rest). Go standard lib already deprecated RSA with passphrase. We had to explicitly suppress the compiler warning against the usage.
IMO. the following are reasonable alternatives:
The text was updated successfully, but these errors were encountered: