Gentoo Archives: gentoo-security

From: Florian Philipp <lists@××××××××××××××××××.net>
To: gentoo-security@l.g.o
Subject: [gentoo-security] Encryption Ciphers
Date: Wed, 27 Feb 2008 18:59:26
Message-Id: 1204138691.10427.152.camel@NOTE_GENTOO64.PHHEIMNETZ
Hi!

I just did some benchmarking on different ciphers for cryptsetup-luks
and now I've got some questions:

1. Is it a valid way to benchmark by using "time dd if=/dev/zero
of=/dev/mapper/cryptmapping -bs=1M"? The results seem to match other
benchmarks but I just want to be sure.

2. I've tested every (sensible) cipher with 64, 128, 256 and 320bits
keysize (if supported). Apparently I can choose between:

Blowfish 64-256bit
Twofish 128-256bit
AES 128-256bit
Anubis 128-320bit

These are settings on which my harddisk limits transfer speed, not the
encryption.

Surprisingly, Anubis is faster with 320bits than Blowfish with the same
setting (Blowfish: 32MB/s, Anubis 37MB/s, hdparm -tT 38MB/s). Do you
think keysize is more important than choosing a cipher which made it
further in the AES-contest and therefore using Anubis with 320bit would
be a better choice than AES or Twofish with 256bit? Might it even be an
advantage because less people try to brake Anubis than AES (although it
bears some similarity with AES and might be vulnerable to the same
attacks)?

And if I need a faster cipher, do you think Blowfish with 64bit keys is
save for the next 3 years?

Thanks in advance!

Florian Philipp

Attachments

File name MIME type
signature.asc application/pgp-signature

Replies

Subject Author
Re: [gentoo-security] Encryption Ciphers Dan Reidy <dubkat@×××××.com>
Re: [gentoo-security] Encryption Ciphers Peter Meier <peter.meier@×××××××.ch>
Re: [gentoo-security] Encryption Ciphers Daniel Troeder <daniel@×××××××××.com>