Gentoo Archives: gentoo-security

From: Mansour Moufid <mansourmoufid@×××××.com>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Encrypting a user home folder on a laptop
Date: Sat, 16 Feb 2008 21:12:41
In Reply to: Re: [gentoo-security] Encrypting a user home folder on a laptop by Florian Philipp
Hello everyone,

I've been using dm-crypt with twofish-lrw-benbi:ripemd160 for (swap
and /tmp) because, if I understand correctly, Twofish is more
optimized in the Linux kernel than AES (and therefore faster). I've
been thinking of using AES on /home.
One thing I don't understand is the term "benbi". Does this have
something to do with IV generation?

One last thing. I've heard that LRW will be replaced with XTS. [1]
IIRC correctly, the XTS cipher mode isn't in the Linux kernel yet?
Also, from what I've read, the problems with LRW boil down to a
"traitor tracing" problem, that repeated physical access to a drive is
needed, and even then one could theoretically only confirm the
presence of a known plaintext. Am I getting this right?


Mansour Moufid
gentoo-security@l.g.o mailing list