List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
On Wednesday 27 February 2008 01:58:11 pm Florian Philipp wrote:
> I just did some benchmarking on different ciphers for cryptsetup-luks
> and now I've got some questions:
> 1. Is it a valid way to benchmark by using "time dd if=/dev/zero
> of=/dev/mapper/cryptmapping -bs=1M"? The results seem to match other
> benchmarks but I just want to be sure.
> 2. I've tested every (sensible) cipher with 64, 128, 256 and 320bits
> keysize (if supported). Apparently I can choose between:
> Blowfish 64-256bit
> Twofish 128-256bit
> AES 128-256bit
> Anubis 128-320bit
I've never done any benchmarks myself, however a few years back I did read
up on which crytpo engine would be best for a large hard disk or partition.
I do remember clearly that there is a bug in AES's block cyper that causes
it to repeat keys on large disks/partitions. This "feature" could make it
easier for your key to be cracked. I personally use Twofish 256 with
SHA256, ive never tried any other hash method. I also use Serpent on my
swap, for no other reason than to try something different - and it's a cool
name. (flame on!).
I tried to find that link that explains that AES flaw, but to no avail.
Maybe you'll have better luck if it's something that concerns you.
ps. i am obviously no expert in cryptology - take my comments with a grain
Avoid the Gates of Hell. Use Linux.
The choice of a GNU Generation.
Daniel J Reidy RipeID: DJR9-RIPE
dubkat@... GPG Key: 0x36833401
signature.asc (This is a digitally signed message part.)