1 |
On Wednesday 27 February 2008 01:58:11 pm Florian Philipp wrote: |
2 |
> Hi! |
3 |
> |
4 |
> I just did some benchmarking on different ciphers for cryptsetup-luks |
5 |
> and now I've got some questions: |
6 |
> |
7 |
> 1. Is it a valid way to benchmark by using "time dd if=/dev/zero |
8 |
> of=/dev/mapper/cryptmapping -bs=1M"? The results seem to match other |
9 |
> benchmarks but I just want to be sure. |
10 |
> |
11 |
> 2. I've tested every (sensible) cipher with 64, 128, 256 and 320bits |
12 |
> keysize (if supported). Apparently I can choose between: |
13 |
> |
14 |
> Blowfish 64-256bit |
15 |
> Twofish 128-256bit |
16 |
> AES 128-256bit |
17 |
> Anubis 128-320bit |
18 |
|
19 |
I've never done any benchmarks myself, however a few years back I did read |
20 |
up on which crytpo engine would be best for a large hard disk or partition. |
21 |
I do remember clearly that there is a bug in AES's block cyper that causes |
22 |
it to repeat keys on large disks/partitions. This "feature" could make it |
23 |
easier for your key to be cracked. I personally use Twofish 256 with |
24 |
SHA256, ive never tried any other hash method. I also use Serpent on my |
25 |
swap, for no other reason than to try something different - and it's a cool |
26 |
name. (flame on!). |
27 |
|
28 |
I tried to find that link that explains that AES flaw, but to no avail. |
29 |
Maybe you'll have better luck if it's something that concerns you. |
30 |
|
31 |
ps. i am obviously no expert in cryptology - take my comments with a grain |
32 |
of salt. |
33 |
|
34 |
|
35 |
-- |
36 |
-==========================================- |
37 |
|
38 |
Avoid the Gates of Hell. Use Linux. |
39 |
The choice of a GNU Generation. |
40 |
|
41 |
Daniel J Reidy RipeID: DJR9-RIPE |
42 |
dubkat@×××××.com GPG Key: 0x36833401 |
43 |
http://sigterm.us/ |
44 |
|
45 |
-==========================================- |