Gentoo Archives: gentoo-security

From: Daniel Troeder <daniel@×××××××××.com>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Encryption Ciphers
Date: Thu, 28 Feb 2008 11:27:33
Message-Id: 47C69A6A.8040101@admin-box.com
In Reply to: [gentoo-security] Encryption Ciphers by Florian Philipp
Hello Florian :)

Florian Philipp wrote:
> I just did some benchmarking on different ciphers for cryptsetup-luks
I have not done benchmarks on my own, and cannot say if your method is a good one. What I've read is, that AES(Rijndael)-implementations have been optimized a lot on all platforms. The last test I've read said, that the Linux AES (Rijndael) implementation is fastest (compared with others in its class) at 128 bit, while at 256 bit Blowfish is faster than AES (Rijndael). (This will most certainly differ on other platforms!)
> Do you think keysize is more important than choosing a cipher which > made it further in the AES-contest and therefore using Anubis with > 320bit would be a better choice than AES or Twofish with 256bit? > Might it even be an advantage because less people try to brake Anubis > than AES (although it bears some similarity with AES and might be > vulnerable to the same attacks)?
From what I've read, it is most important to use a well understood and heavily reviewed algorithm. That also means, that it is good, if lots of people have tried to break it.
> And if I need a faster cipher, do you think Blowfish with 64bit keys > is save for the next 3 years?
I think you should stick to Rijndael-128 or Blowfish-256 - they are well optimized for your computer, heavily analyzed by crypto-experts and provide both the cryptographic strength against most attackers for the next few years (say the crypto-experts, to whom I do not belong). Bye, Daniel -- use PGP key @ http://pgpkeys.pca.dfn.de/pks/lookup?search=0xBB9D4887&op=get # gpg --recv-keys --keyserver hkp://subkeys.pgp.net 0xBB9D4887

Attachments

File name MIME type
signature.asc application/pgp-signature