Gentoo Archives: gentoo-security

From: Florian Philipp <lists@××××××××××××××××××.net>
To: gentoo-security@l.g.o
Subject: [gentoo-security] Encryption Ciphers
Date: Wed, 27 Feb 2008 18:59:26
Message-Id: 1204138691.10427.152.camel@NOTE_GENTOO64.PHHEIMNETZ

I just did some benchmarking on different ciphers for cryptsetup-luks
and now I've got some questions:

1. Is it a valid way to benchmark by using "time dd if=/dev/zero
of=/dev/mapper/cryptmapping -bs=1M"? The results seem to match other
benchmarks but I just want to be sure.

2. I've tested every (sensible) cipher with 64, 128, 256 and 320bits
keysize (if supported). Apparently I can choose between:

Blowfish 64-256bit
Twofish 128-256bit
AES 128-256bit
Anubis 128-320bit

These are settings on which my harddisk limits transfer speed, not the

Surprisingly, Anubis is faster with 320bits than Blowfish with the same
setting (Blowfish: 32MB/s, Anubis 37MB/s, hdparm -tT 38MB/s). Do you
think keysize is more important than choosing a cipher which made it
further in the AES-contest and therefore using Anubis with 320bit would
be a better choice than AES or Twofish with 256bit? Might it even be an
advantage because less people try to brake Anubis than AES (although it
bears some similarity with AES and might be vulnerable to the same

And if I need a faster cipher, do you think Blowfish with 64bit keys is
save for the next 3 years?

Thanks in advance!

Florian Philipp


File name MIME type
signature.asc application/pgp-signature


Subject Author
Re: [gentoo-security] Encryption Ciphers Daniel Troeder <daniel@×××××××××.com>
Re: [gentoo-security] Encryption Ciphers Peter Meier <peter.meier@×××××××.ch>
Re: [gentoo-security] Encryption Ciphers Dan Reidy <dubkat@×××××.com>