Gentoo Logo
Gentoo Spaceship

Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
To: gentoo-security@g.o
From: <bmicek@...>
Subject: Re: Encrypting a user home folder on a laptop
Date: Fri, 15 Feb 2008 22:46:30 PST
Here are some other quick reads that appear to be accurate:<BR>
Serpent Cipher:&nbsp;&nbsp;<BR>
From Serpent's site - a claim it is stronger than AES:&nbsp;<BR>
Two Fish:&nbsp;<BR>
Bruce Schneier on Two Fish being far from broken:&nbsp;<BR>
Cipher Modes:&nbsp;<BR>
Electronic Code Book (ECB):&nbsp;<BR>
Chain Block Cipher (CBC):&nbsp;<BR>
True Crypt:&nbsp;<BR>
True Crypt's Site:&nbsp;<BR>
Brian Micek<BR>
On Friday February 15 2008 10:06 pm, Samuel Halicke wrote:<BR>
&gt; Read Introduction To Algorithms and get the MIT open courseware for<BR>
&gt; the book from their site or iTunes Univ.<BR>
&gt; At least you get a start that way<BR>
&gt; Sam<BR>
&gt; On Feb 15, 2008, at 6:08 PM, Randy Barlow wrote:<BR>
&gt; &gt; bmicek@... wrote:<BR>
&gt; &gt;&gt; I spent time about a year ago looking into good encryption.&nbsp; At that<BR>
&gt; &gt;&gt; time, cryptsetup was the best bet.&nbsp; Its really easy to use.&nbsp; With<BR>
&gt; &gt;&gt; cryptsetup, your best off encrypting an entire filesystem/partition<BR>
&gt; &gt;&gt; so<BR>
&gt; &gt;&gt; there are no restrictions regarding size.<BR>
&gt; &gt;&gt;<BR>
&gt; &gt;&gt; As far as ciphers, there are three popular ones that are 256 bits<BR>
&gt; &gt;&gt; in the<BR>
&gt; &gt;&gt; Linux kernel.&nbsp; You'll have to pick the one(s) you like best.<BR>
&gt; &gt;&gt; Generally,<BR>
&gt; &gt;&gt; everyone agrees Serpent is the strongest, followed by AES then<BR>
&gt; &gt;&gt; followed<BR>
&gt; &gt;&gt; by TwoFish.&nbsp; From my tests, performance of the algorithms is in<BR>
&gt; &gt;&gt; reverse<BR>
&gt; &gt;&gt; order (meaning TwoFish is the fastest).&nbsp; Linux is a bit behind last I<BR>
&gt; &gt;&gt; checked regarding encription modes of operation and seems to only<BR>
&gt; &gt;&gt; offer<BR>
&gt; &gt;&gt; ECB or CBC.&nbsp; CBC is Chain Block Cipher and is based on an IV which is<BR>
&gt; &gt;&gt; like an index into your media.&nbsp; The IV is used to encript a block of<BR>
&gt; &gt;&gt; data so a previous identical block wont be identically encrypted.&nbsp; As<BR>
&gt; &gt;&gt; far as your question regarding one-bit changes, a one bit change will<BR>
&gt; &gt;&gt; have the effect you mentioned but only for one encrypted block.<BR>
&gt; &gt;&gt;<BR>
&gt; &gt;&gt; I'd recommend reading up on the ciphers to see what you like.<BR>
&gt; &gt;&gt; There has<BR>
&gt; &gt;&gt; been some talk about TwoFish being broken however I find it hard to<BR>
&gt; &gt;&gt; believe.&nbsp; There has been a lot of talk about TrueCrypt on Linux.<BR>
&gt; &gt;&gt; From<BR>
&gt; &gt;&gt; what I can tell, it seems a bit more advanced and supports different<BR>
&gt; &gt;&gt; (more modern?) modes of encryption.<BR>
&gt; &gt;<BR>
&gt; &gt; Thanks for the reply Brian!&nbsp; In a course I am taking this semester, we<BR>
&gt; &gt; have learned the nitty gritty of AES, and I think I am pretty happy<BR>
&gt; &gt; with<BR>
&gt; &gt; that one given a long enough key (256 is way plenty!)&nbsp; I have been<BR>
&gt; &gt; playing around with the creation of the file for the loopback block<BR>
&gt; &gt; device for dm-crypt, and I have learned some surprising things about<BR>
&gt; &gt; filesystems.&nbsp; Can anybody explain the following to me?<BR>
&gt; &gt;<BR>
&gt; &gt; If I create a file like this:<BR>
&gt; &gt;<BR>
&gt; &gt; dd if=/dev/zero bs=1000000000 of=/path/to/crytped/file<BR>
&gt; &gt;<BR>
&gt; &gt; it makes a file that takes up 1 GB of hard drive space.&nbsp; It takes a<BR>
&gt; &gt; while to write to disk, and you will notice that the file is 1 GB with<BR>
&gt; &gt; ls -l and you will also notice a change in the space for the partition<BR>
&gt; &gt; using df.<BR>
&gt; &gt;<BR>
&gt; &gt; If I create a file like this:<BR>
&gt; &gt;<BR>
&gt; &gt; dd bs=1 seek=1GB if=/dev/null of=/path/to/crypted/file<BR>
&gt; &gt;<BR>
&gt; &gt; it makes a file that reports itself to be 1 GB long by ls -l, but<BR>
&gt; &gt; doesn't seem to write 1 GB to the disk.&nbsp; Also, df doesn't report 1 GB<BR>
&gt; &gt; less than before you run the command.<BR>
&gt; &gt;<BR>
&gt; &gt; What's happening here?&nbsp; I had assumed before I did this that the<BR>
&gt; &gt; output<BR>
&gt; &gt; of ls -l is the actual number of bits consumed by a file, but that<BR>
&gt; &gt; doesn't seem to be the case anymore.<BR>
&gt; &gt;<BR>
&gt; &gt; I created a file using the second command, and now as I copy files<BR>
&gt; &gt; into<BR>
&gt; &gt; it I can see the disk space going down bit by bit.&nbsp; This is really<BR>
&gt; &gt; what<BR>
&gt; &gt; I wanted in the first place, but I am just confused as to what is<BR>
&gt; &gt; really<BR>
&gt; &gt; going on.&nbsp; Could anybody explain, please?<BR>
&gt; &gt;<BR>
&gt; &gt; --<BR>
&gt; &gt; Randy Barlow<BR>
&gt; &gt;<BR>
&gt; &gt; --<BR>
&gt; &gt; gentoo-security@g.o mailing list<BR>
gentoo-security@g.o mailing list

Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Encrypting a user home folder on a laptop
Next by thread:
Kernel Security + KISS
Previous by date:
Re: Encrypting a user home folder on a laptop
Next by date:
Re: Encrypting a user home folder on a laptop

Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.