describe the request
Hello,
First of all, thank you for this great installer. Currently archinstall defaults to AES for disk encryption. While this is ideal for modern hardware, it creates a significant performance bottleneck for legacy systems or low-end hardware that lacks AES-NI support e.g. Intel Celeron older Atom processors or some ARM boards
On such devices, software-based AES encryption makes the system nearly unusable. However, ChaCha20-Poly1305 provides much better performance on CPUs without hardware-accelerated encryption while maintaining a high level of security.
My Proposal:
Could we add an option in the disk encryption menu to choose between the default cipher (AES) and an alternative like ChaCha20-Poly1305?
Adding this would:
Make Full Disk Encryption FDE viable for older/low-end hardware.
Provide a more flexible "Arch way" installation experience for power users.
Command example for implementation:
cryptsetup luksFormat --type luks2 --cipher chacha20-poly1305-generic /dev/sda
Thank you for your consideration.
describe the request
Hello,
First of all, thank you for this great installer. Currently archinstall defaults to AES for disk encryption. While this is ideal for modern hardware, it creates a significant performance bottleneck for legacy systems or low-end hardware that lacks AES-NI support e.g. Intel Celeron older Atom processors or some ARM boards
On such devices, software-based AES encryption makes the system nearly unusable. However, ChaCha20-Poly1305 provides much better performance on CPUs without hardware-accelerated encryption while maintaining a high level of security.
My Proposal:
Could we add an option in the disk encryption menu to choose between the default cipher (AES) and an alternative like ChaCha20-Poly1305?
Adding this would:
Command example for implementation:
cryptsetup luksFormat --type luks2 --cipher chacha20-poly1305-generic /dev/sda
Thank you for your consideration.