Gentoo Logo
Gentoo Spaceship

Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
To: gentoo-security@g.o
From: <bmicek@...>
Subject: Re: Encrypting a user home folder on a laptop
Date: Fri, 15 Feb 2008 15:45:57 PST
I spent time about a year ago looking into good encryption.&nbsp; At that time, cryptsetup was the best bet.&nbsp; Its really easy to use.&nbsp; With cryptsetup, your best off encrypting an entire filesystem/partition so there are no restrictions regarding size.<BR>
As far as ciphers, there are three popular ones that are 256 bits in the Linux kernel.&nbsp; You'll have to pick the one(s) you like best.&nbsp; Generally, everyone agrees Serpent is the strongest, followed by AES then followed by TwoFish.&nbsp; From my tests, performance of the algorithms is in reverse order (meaning TwoFish is the fastest).&nbsp; Linux is a bit behind last I checked regarding encription modes of operation and seems to only offer ECB or CBC.&nbsp; CBC is Chain Block Cipher and is based on an IV which is like an index into your media.&nbsp; The IV is used to encript a block of data so a previous identical block wont be identically encrypted.&nbsp; As far as your question regarding one-bit changes, a one bit change will have the effect you mentioned but only for one encrypted block.<BR>
I'd recommend reading up on the ciphers to see what you like.&nbsp; There has been some talk about TwoFish being broken however I find it hard to believe.&nbsp; There has been a lot of talk about TrueCrypt on Linux.&nbsp; From what I can tell, it seems a bit more advanced and supports different (more modern?) modes of encryption.&nbsp; <BR>
On Friday February 15 2008 6:09 pm, Randy Barlow wrote:<BR>
&gt; I am probably being paranoid, but I'd like to encrypt my /home/username<BR>
&gt; folder on my laptop.&nbsp; I tried EncFS using [1], but KDE didn't seem to<BR>
&gt; work under that setup because of the restriction that the filesystem<BR>
&gt; doesn't support hardlinks.&nbsp; So now I am playing around with [2].&nbsp; The<BR>
&gt; only problem I have here is that it seems like I have to know in advance<BR>
&gt; what size I want to use for my home folder (I am using a file as a<BR>
&gt; loopback device rather than a partition, mostly because I already have a<BR>
&gt; system up and don't want to mess with resizing partitions).&nbsp; Is there<BR>
&gt; any way to resize the loopback device on the fly, or do you just have to<BR>
&gt; create a new one and copy the files into it every time you need to resize?<BR>
&gt; Another question I have: I am pretty new to ciphers.&nbsp; One thing I have<BR>
&gt; learned is that the avalanche effect is desirable, meaning that one bit<BR>
&gt; flipped in the plaintext should cause about half of the ciphertext bits<BR>
&gt; to flip.&nbsp; Does the dm-crypt setup have much correlation between<BR>
&gt; encryption blocks to where this avalanche effect would change the whole<BR>
&gt; file, or just a few encryption blocks?&nbsp; To illustrate, I'm looking to<BR>
&gt; encrypt probably something like 40 GB of data.&nbsp; If I change 1 bit<BR>
&gt; somewhere in my plaintext, how many bytes of that 40 GB of total data on<BR>
&gt; my loopback device should I expect that bit flip to have an effect on?<BR>
&gt; Thanks for any enlightenment you can offer!<BR>
&gt; [1]<BR>
&gt; [2]<BR>
&gt; --<BR>
&gt; Randy Barlow<BR>
gentoo-security@g.o mailing list

Re: Encrypting a user home folder on a laptop
-- Randy Barlow
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Encrypting a user home folder on a laptop
Next by thread:
Re: Encrypting a user home folder on a laptop
Previous by date:
Encrypting a user home folder on a laptop
Next by date:
Re: Encrypting a user home folder on a laptop

Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.