| 1 |
Hello everyone, |
| 2 |
|
| 3 |
I've been using dm-crypt with twofish-lrw-benbi:ripemd160 for (swap |
| 4 |
and /tmp) because, if I understand correctly, Twofish is more |
| 5 |
optimized in the Linux kernel than AES (and therefore faster). I've |
| 6 |
been thinking of using AES on /home. |
| 7 |
One thing I don't understand is the term "benbi". Does this have |
| 8 |
something to do with IV generation? |
| 9 |
|
| 10 |
One last thing. I've heard that LRW will be replaced with XTS. [1] |
| 11 |
IIRC correctly, the XTS cipher mode isn't in the Linux kernel yet? |
| 12 |
Also, from what I've read, the problems with LRW boil down to a |
| 13 |
"traitor tracing" problem, that repeated physical access to a drive is |
| 14 |
needed, and even then one could theoretically only confirm the |
| 15 |
presence of a known plaintext. Am I getting this right? |
| 16 |
|
| 17 |
[1] http://en.wikipedia.org/wiki/IEEE_P1619#LRW_issue |
| 18 |
|
| 19 |
Sincerely, |
| 20 |
Mansour Moufid |
| 21 |
-- |
| 22 |
gentoo-security@l.g.o mailing list |
Archives