Gentoo Archives: gentoo-security

From: Steffen Schulz <pepe_ml@×××.net>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Encryption Ciphers
Date: Sat, 01 Mar 2008 02:37:51
Message-Id: 20080301023712.GA7949@cbg.dyndns.org
In Reply to: Re: [gentoo-security] Encryption Ciphers by Dan Reidy
On 080301 at 01:51, Dan Reidy wrote:
> I've never done any benchmarks myself, however a few years back I did read > up on which crytpo engine would be best for a large hard disk or partition. > I do remember clearly that there is a bug in AES's block cyper that causes > it to repeat keys on large disks/partitions. This "feature" could make it > easier for your key to be cracked. I personally use Twofish 256 with > SHA256, ive never tried any other hash method. I also use Serpent on my > swap, for no other reason than to try something different - and it's a cool > name. (flame on!).
You may be talking about a generic problem when using a block cipher in CBC mode. The block size of a block cipher limits the total amount of data that can be encrypted using a single key, without reducing security. See also: http://en.wikipedia.org/wiki/Disk_encryption_theory I'm pretty sure that there is no such bug in AES itself. A known problem however is the susceptibility to side-channel attacks: http://en.wikipedia.org/wiki/Advanced_Encryption_Standard#Side_channel_attacks Ciphers can be designed to avoid side-channel attacks, but NIST(sadly) did not care about this problem during the AES contest. About other algorithms...3DES is still considered very secure due to the very extensive review. AES is very new in comparison, but has also been heavily reviewed due to its status as encryption standard. The other AES finalists are probably about as secure. But if you want to use a different algorithm, or mode, adjust how a cipher is used or combine it with other ciphers, you should *really* know your stuff. And even then, you will probably miss something and the result will be less secure. 128bit are considered secure for the next several years. Its much easier and cheaper to guess your password, steal your usb-key or threaten your family than to break a 128 bit key by bruteforce. If you are afraid of quantum computers or aliens, you may want to choose 256bit. HTH, pepe -- pepe@×××××××.net gpg --recv-key A04D7875 Key fingerprint: B805 57BE E4AF 0104 CC51 77A1 CE6F 8D46 A04D 7875

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies

Subject Author
Re: [gentoo-security] Encryption Ciphers Mansour Moufid <mansourmoufid@×××××.com>