Closed
Description
When I was going through a crypto review as part of internal corporate processes, the reviewers found the crypto in Adiantum a bit too new-fangled. Nothing inherently wrong, just not on a pre-vetted list.
As such, it was suggested that I use AES-XTS and key generation via PBKDF2 instead of Argon2id. My XTS VFS implementation is not highly differentiated from the Adiantum VFS, except perhaps that it only imports x/crypto
.
Are you interested in an XTS VFS PR (with internal/util.AssertErr
added)?
See https://github.com/fido-device-onboard/go-fdo/blob/main/sqlite/xts/xts.go