| 1 |
On 080301 at 01:51, Dan Reidy wrote: |
| 2 |
> I've never done any benchmarks myself, however a few years back I did read |
| 3 |
> up on which crytpo engine would be best for a large hard disk or partition. |
| 4 |
> I do remember clearly that there is a bug in AES's block cyper that causes |
| 5 |
> it to repeat keys on large disks/partitions. This "feature" could make it |
| 6 |
> easier for your key to be cracked. I personally use Twofish 256 with |
| 7 |
> SHA256, ive never tried any other hash method. I also use Serpent on my |
| 8 |
> swap, for no other reason than to try something different - and it's a cool |
| 9 |
> name. (flame on!). |
| 10 |
|
| 11 |
You may be talking about a generic problem when using a block cipher in CBC mode. |
| 12 |
The block size of a block cipher limits the total amount of data that |
| 13 |
can be encrypted using a single key, without reducing security. |
| 14 |
|
| 15 |
See also: http://en.wikipedia.org/wiki/Disk_encryption_theory |
| 16 |
|
| 17 |
I'm pretty sure that there is no such bug in AES itself. A known |
| 18 |
problem however is the susceptibility to side-channel attacks: |
| 19 |
http://en.wikipedia.org/wiki/Advanced_Encryption_Standard#Side_channel_attacks |
| 20 |
Ciphers can be designed to avoid side-channel attacks, but NIST(sadly) |
| 21 |
did not care about this problem during the AES contest. |
| 22 |
|
| 23 |
|
| 24 |
About other algorithms...3DES is still considered very secure due to |
| 25 |
the very extensive review. AES is very new in comparison, but has also |
| 26 |
been heavily reviewed due to its status as encryption standard. The |
| 27 |
other AES finalists are probably about as secure. But if you want to |
| 28 |
use a different algorithm, or mode, adjust how a cipher is used or |
| 29 |
combine it with other ciphers, you should *really* know your stuff. |
| 30 |
And even then, you will probably miss something and the result will be |
| 31 |
less secure. |
| 32 |
|
| 33 |
|
| 34 |
128bit are considered secure for the next several years. Its much |
| 35 |
easier and cheaper to guess your password, steal your usb-key or |
| 36 |
threaten your family than to break a 128 bit key by bruteforce. If you |
| 37 |
are afraid of quantum computers or aliens, you may want to choose |
| 38 |
256bit. |
| 39 |
|
| 40 |
|
| 41 |
HTH, |
| 42 |
pepe |
| 43 |
-- |
| 44 |
pepe@×××××××.net gpg --recv-key A04D7875 |
| 45 |
Key fingerprint: B805 57BE E4AF 0104 CC51 77A1 CE6F 8D46 A04D 7875 |
Archives