Gentoo Archives: gentoo-security

From: Daniel Troeder <daniel@×××××××××.com>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Encryption Ciphers
Date: Thu, 28 Feb 2008 11:27:33
Message-Id: 47C69A6A.8040101@admin-box.com
In Reply to: [gentoo-security] Encryption Ciphers by Florian Philipp
1 Hello Florian :)
2
3 Florian Philipp wrote:
4 > I just did some benchmarking on different ciphers for cryptsetup-luks
5 I have not done benchmarks on my own, and cannot say if your method is a
6 good one. What I've read is, that AES(Rijndael)-implementations have
7 been optimized a lot on all platforms. The last test I've read said,
8 that the Linux AES (Rijndael) implementation is fastest (compared with
9 others in its class) at 128 bit, while at 256 bit Blowfish is faster
10 than AES (Rijndael). (This will most certainly differ on other platforms!)
11
12 > Do you think keysize is more important than choosing a cipher which
13 > made it further in the AES-contest and therefore using Anubis with
14 > 320bit would be a better choice than AES or Twofish with 256bit?
15 > Might it even be an advantage because less people try to brake Anubis
16 > than AES (although it bears some similarity with AES and might be
17 > vulnerable to the same attacks)?
18 From what I've read, it is most important to use a well understood and
19 heavily reviewed algorithm. That also means, that it is good, if lots of
20 people have tried to break it.
21
22 > And if I need a faster cipher, do you think Blowfish with 64bit keys
23 > is save for the next 3 years?
24 I think you should stick to Rijndael-128 or Blowfish-256 - they are well
25 optimized for your computer, heavily analyzed by crypto-experts and
26 provide both the cryptographic strength against most attackers for the
27 next few years (say the crypto-experts, to whom I do not belong).
28
29 Bye,
30 Daniel
31
32 --
33 use PGP key @ http://pgpkeys.pca.dfn.de/pks/lookup?search=0xBB9D4887&op=get
34 # gpg --recv-keys --keyserver hkp://subkeys.pgp.net 0xBB9D4887

Attachments

File name MIME type
signature.asc application/pgp-signature