List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
On 080301 at 01:51, Dan Reidy wrote:
> I've never done any benchmarks myself, however a few years back I did read
> up on which crytpo engine would be best for a large hard disk or partition.
> I do remember clearly that there is a bug in AES's block cyper that causes
> it to repeat keys on large disks/partitions. This "feature" could make it
> easier for your key to be cracked. I personally use Twofish 256 with
> SHA256, ive never tried any other hash method. I also use Serpent on my
> swap, for no other reason than to try something different - and it's a cool
> name. (flame on!).
You may be talking about a generic problem when using a block cipher in CBC mode.
The block size of a block cipher limits the total amount of data that
can be encrypted using a single key, without reducing security.
See also: http://en.wikipedia.org/wiki/Disk_encryption_theory
I'm pretty sure that there is no such bug in AES itself. A known
problem however is the susceptibility to side-channel attacks:
Ciphers can be designed to avoid side-channel attacks, but NIST(sadly)
did not care about this problem during the AES contest.
About other algorithms...3DES is still considered very secure due to
the very extensive review. AES is very new in comparison, but has also
been heavily reviewed due to its status as encryption standard. The
other AES finalists are probably about as secure. But if you want to
use a different algorithm, or mode, adjust how a cipher is used or
combine it with other ciphers, you should *really* know your stuff.
And even then, you will probably miss something and the result will be
128bit are considered secure for the next several years. Its much
easier and cheaper to guess your password, steal your usb-key or
threaten your family than to break a 128 bit key by bruteforce. If you
are afraid of quantum computers or aliens, you may want to choose
pepe@... gpg --recv-key A04D7875
Key fingerprint: B805 57BE E4AF 0104 CC51 77A1 CE6F 8D46 A04D 7875