Gentoo Logo
Gentoo Spaceship

Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
To: gentoo-security@g.o
From: <bmicek@...>
Subject: Re: Encryption Ciphers gentoo-security@g.o
Date: Fri, 29 Feb 2008 18:28:39 PST
I benchmakerked them also about two years ago.&nbsp; At that time anibus encryption, xtc and lrw modes didnt exist in the kernel.&nbsp;&nbsp; I concentrated on 256 bits for AES, Serpant and Twofish.&nbsp; I dont recall the exact numbers, but this is the order from slowest (and also most secure) to fastest:<BR>
1.&nbsp; Serpent<BR>
2.&nbsp; AES<BR>
3.&nbsp; Twofish<BR>
The tests were run with bonnie++<BR>
I recall something like a 20% penalty for using CBC versus ECB on any variant.&nbsp; If your going to encrypt many times, you might want to consider only using one agressive mode and you might want to consider leaving the other encryption instances with ECB<BR>
I am interested to see what the results are for&nbsp; LRW and XTC&nbsp; compared to ECB and CBC.<BR>
Brian Micek<BR>
On Friday February 29 2008 7:48 pm, Dan Reidy wrote:<BR>
&gt; On Wednesday 27 February 2008 01:58:11 pm Florian Philipp wrote:<BR>
&gt; &gt; Hi!<BR>
&gt; &gt;<BR>
&gt; &gt; I just did some benchmarking on different ciphers for cryptsetup-luks<BR>
&gt; &gt; and now I've got some questions:<BR>
&gt; &gt;<BR>
&gt; &gt; 1. Is it a valid way to benchmark by using "time dd if=/dev/zero<BR>
&gt; &gt; of=/dev/mapper/cryptmapping -bs=1M"? The results seem to match other<BR>
&gt; &gt; benchmarks but I just want to be sure.<BR>
&gt; &gt;<BR>
&gt; &gt; 2. I've tested every (sensible) cipher with 64, 128, 256 and 320bits<BR>
&gt; &gt; keysize (if supported). Apparently I can choose between:<BR>
&gt; &gt;<BR>
&gt; &gt; Blowfish 64-256bit<BR>
&gt; &gt; Twofish 128-256bit<BR>
&gt; &gt; AES 128-256bit<BR>
&gt; &gt; Anubis 128-320bit<BR>
&gt; I've never done any benchmarks myself, however a few years back I did read<BR>
&gt; up on which crytpo engine would be best for a large hard disk or partition.<BR>
&gt; I do remember clearly that there is a bug in AES's block cyper that causes<BR>
&gt; it to repeat keys on large disks/partitions. This "feature" could make it<BR>
&gt; easier for your key to be cracked. I personally use Twofish 256 with<BR>
&gt; SHA256, ive never tried any other hash method. I also use Serpent on my<BR>
&gt; swap, for no other reason than to try something different - and it's a cool<BR>
&gt; name. (flame on!).<BR>
&gt; I tried to find that link that explains that AES flaw, but to no avail.<BR>
&gt; Maybe you'll have better luck if it's something that concerns you.<BR>
&gt; ps. i am obviously no expert in cryptology - take my comments with a grain<BR>
&gt; of salt.<BR>
gentoo-security@g.o mailing list

Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
[no subject]
Next by thread:
User authentication with key-file and gpg-agent
Previous by date:
Re: Encryption Ciphers
Next by date:
Re: Encryption Ciphers

Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.