Gentoo Archives: gentoo-security

From: Dan Reidy <dubkat@×××××.com>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Encryption Ciphers
Date: Sat, 01 Mar 2008 00:50:11
In Reply to: [gentoo-security] Encryption Ciphers by Florian Philipp
On Wednesday 27 February 2008 01:58:11 pm Florian Philipp wrote:
> Hi! > > I just did some benchmarking on different ciphers for cryptsetup-luks > and now I've got some questions: > > 1. Is it a valid way to benchmark by using "time dd if=/dev/zero > of=/dev/mapper/cryptmapping -bs=1M"? The results seem to match other > benchmarks but I just want to be sure. > > 2. I've tested every (sensible) cipher with 64, 128, 256 and 320bits > keysize (if supported). Apparently I can choose between: > > Blowfish 64-256bit > Twofish 128-256bit > AES 128-256bit > Anubis 128-320bit
I've never done any benchmarks myself, however a few years back I did read up on which crytpo engine would be best for a large hard disk or partition. I do remember clearly that there is a bug in AES's block cyper that causes it to repeat keys on large disks/partitions. This "feature" could make it easier for your key to be cracked. I personally use Twofish 256 with SHA256, ive never tried any other hash method. I also use Serpent on my swap, for no other reason than to try something different - and it's a cool name. (flame on!). I tried to find that link that explains that AES flaw, but to no avail. Maybe you'll have better luck if it's something that concerns you. ps. i am obviously no expert in cryptology - take my comments with a grain of salt. -- -==========================================- Avoid the Gates of Hell. Use Linux. The choice of a GNU Generation. Daniel J Reidy RipeID: DJR9-RIPE dubkat@×××××.com GPG Key: 0x36833401 -==========================================-


File name MIME type
signature.asc application/pgp-signature


Subject Author
Re: [gentoo-security] Encryption Ciphers Steffen Schulz <pepe_ml@×××.net>