| 1 |
On Wednesday 27 February 2008 01:58:11 pm Florian Philipp wrote: |
| 2 |
> Hi! |
| 3 |
> |
| 4 |
> I just did some benchmarking on different ciphers for cryptsetup-luks |
| 5 |
> and now I've got some questions: |
| 6 |
> |
| 7 |
> 1. Is it a valid way to benchmark by using "time dd if=/dev/zero |
| 8 |
> of=/dev/mapper/cryptmapping -bs=1M"? The results seem to match other |
| 9 |
> benchmarks but I just want to be sure. |
| 10 |
> |
| 11 |
> 2. I've tested every (sensible) cipher with 64, 128, 256 and 320bits |
| 12 |
> keysize (if supported). Apparently I can choose between: |
| 13 |
> |
| 14 |
> Blowfish 64-256bit |
| 15 |
> Twofish 128-256bit |
| 16 |
> AES 128-256bit |
| 17 |
> Anubis 128-320bit |
| 18 |
|
| 19 |
I've never done any benchmarks myself, however a few years back I did read |
| 20 |
up on which crytpo engine would be best for a large hard disk or partition. |
| 21 |
I do remember clearly that there is a bug in AES's block cyper that causes |
| 22 |
it to repeat keys on large disks/partitions. This "feature" could make it |
| 23 |
easier for your key to be cracked. I personally use Twofish 256 with |
| 24 |
SHA256, ive never tried any other hash method. I also use Serpent on my |
| 25 |
swap, for no other reason than to try something different - and it's a cool |
| 26 |
name. (flame on!). |
| 27 |
|
| 28 |
I tried to find that link that explains that AES flaw, but to no avail. |
| 29 |
Maybe you'll have better luck if it's something that concerns you. |
| 30 |
|
| 31 |
ps. i am obviously no expert in cryptology - take my comments with a grain |
| 32 |
of salt. |
| 33 |
|
| 34 |
|
| 35 |
-- |
| 36 |
-==========================================- |
| 37 |
|
| 38 |
Avoid the Gates of Hell. Use Linux. |
| 39 |
The choice of a GNU Generation. |
| 40 |
|
| 41 |
Daniel J Reidy RipeID: DJR9-RIPE |
| 42 |
dubkat@×××××.com GPG Key: 0x36833401 |
| 43 |
http://sigterm.us/ |
| 44 |
|
| 45 |
-==========================================- |
Archives