From bc4eac650aa3674eaf5bff4b729bb510485844c0 Mon Sep 17 00:00:00 2001
From: Richard Laager <rlaager@wiktel.com>
Date: Mon, 25 May 2020 03:56:51 -0500
Subject: [PATCH] Debian: Update aes-256-gcm note

buster-backports has ZoL 0.8.4.  I am still explicitly specifying
encryption=aes-256-gcm to avoid accidents.  This can probably change to
encryption=on at some point.

Signed-off-by: Richard Laager <rlaager@wiktel.com>
---
 .../Debian/Debian Buster Root on ZFS.rst               | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/docs/Getting Started/Debian/Debian Buster Root on ZFS.rst b/docs/Getting Started/Debian/Debian Buster Root on ZFS.rst
index f08468d..7915682 100644
--- a/docs/Getting Started/Debian/Debian Buster Root on ZFS.rst	
+++ b/docs/Getting Started/Debian/Debian Buster Root on ZFS.rst	
@@ -358,15 +358,9 @@ Step 2: Disk Formatting
    - Make sure to include the ``-part4`` portion of the drive path. If you
      forget that, you are specifying the whole disk, which ZFS will then
      re-partition, and you will lose the bootloader partition(s).
-   - ZFS native encryption defaults to ``aes-256-ccm``, but `the default has
-     changed upstream
+   - ZFS native encryption `now
      <https://github.com/openzfs/zfs/commit/31b160f0a6c673c8f926233af2ed6d5354808393>`__
-     to ``aes-256-gcm``. `AES-GCM seems to be generally preferred over AES-CCM
-     <https://crypto.stackexchange.com/questions/6842/how-to-choose-between-aes-ccm-and-aes-gcm-for-storage-volume-encryption>`__,
-     `is faster now
-     <https://github.com/zfsonlinux/zfs/pull/9749#issuecomment-569132997>`__,
-     and `will be even faster in the future
-     <https://github.com/zfsonlinux/zfs/pull/9749>`__.
+     defaults to ``aes-256-gcm``.
    - For LUKS, the key size chosen is 512 bits. However, XTS mode requires two
      keys, so the LUKS key is split in half. Thus, ``-s 512`` means AES-256.
    - Your passphrase will likely be the weakest link. Choose wisely. See