Gentoo Archives: gentoo-security

From: Florian Philipp <lists@××××××××××××××××××.net>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Encryption Ciphers
Date: Fri, 29 Feb 2008 17:10:31
Message-Id: 1204304962.6725.5.camel@NOTE_GENTOO64.PHHEIMNETZ
In Reply to: Re: [gentoo-security] Encryption Ciphers by Mansour Moufid
On Thu, 2008-02-28 at 15:19 -0500, Mansour Moufid wrote:
> On Thu, Feb 28, 2008 at 1:29 PM, Florian Philipp > <lists@f_philipp.fastmail.net> wrote: > > One last question for everyone who has read this rather long mail (thank > > you, btw): What exactly is benbi in aes-lrw-benbi:sha256 and what should > > I choose for XTS? The kernel description states plain but essiv and > > benbi work as well. > > > > benbi is an IV generation algorithm. If you look at the dm-crypt > sources [1], benbi stands for "big-endian 'narrow block'-count" (not > sure where they got the `i' from...). There's also one called bewbi, > which I thought was entertaining. > > Sincerely, > Mansour Moufid > > [1] http://www.cs.fsu.edu/~baker/devices/lxr/http/source/linux/drivers/md/dm-crypt.c#L110
Thanks! So, am I right to believe that essiv is the best choice and benbi just some kind of special requirement for lrw or should I stick with what's recommended (although without reasons given for xts), e.g. cbc-essiv, lrw-benbi, xts-plain?

Attachments

File name MIME type
signature.asc application/pgp-signature