1 |
Hello everyone, |
2 |
|
3 |
I've been using dm-crypt with twofish-lrw-benbi:ripemd160 for (swap |
4 |
and /tmp) because, if I understand correctly, Twofish is more |
5 |
optimized in the Linux kernel than AES (and therefore faster). I've |
6 |
been thinking of using AES on /home. |
7 |
One thing I don't understand is the term "benbi". Does this have |
8 |
something to do with IV generation? |
9 |
|
10 |
One last thing. I've heard that LRW will be replaced with XTS. [1] |
11 |
IIRC correctly, the XTS cipher mode isn't in the Linux kernel yet? |
12 |
Also, from what I've read, the problems with LRW boil down to a |
13 |
"traitor tracing" problem, that repeated physical access to a drive is |
14 |
needed, and even then one could theoretically only confirm the |
15 |
presence of a known plaintext. Am I getting this right? |
16 |
|
17 |
[1] http://en.wikipedia.org/wiki/IEEE_P1619#LRW_issue |
18 |
|
19 |
Sincerely, |
20 |
Mansour Moufid |
21 |
-- |
22 |
gentoo-security@l.g.o mailing list |