Re: XTS cipher mode for cluster file encryption

Greetings,

* Bruce Momjian (bruce@momjian.us) wrote:
> On Mon, Nov  1, 2021 at 02:24:36PM -0400, Stephen Frost wrote:
> > I can understand the general idea that we should be sure to engineer
> > this in a way that multiple methods can be used, as surely one day folks
> > will say that AES128 isn't acceptable any more.  In terms of what we'll
> > do from the start, I would think providing the options of AES128 and
> > AES256 would be good to ensure that we have the bits covered to support
> > multiple methods and I don't think that would put us into a situation of
>
> My patch supports AES128, AES192, and AES256.

Right, so we're already showing that it's flexible to allow for multiple
encryption methods.  If folks want more then it's on them to research
how they'd work exactly and explain why they'd be useful to add and how
users might make an informed choice (though, again, I don't think we
need to go *too* deep into that as we don't for, eg, pgcrypto, and I
don't believe we've ever heard people complain about that).

Thanks,

Stephen