[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AES

To: Emil Laurentiu <emil@la.mine.nu>
Subject: Re: AES
From: Gisle S{lensminde <gisle@ii.uib.no>
Date: Wed, 3 Jan 2001 17:16:47 +0100 (MET)
cc: John Kennedy <jk@csuchico.edu>, Marc Mutz <Marc@mutz.com>, <linux-crypto@nl.linux.org>
In-Reply-To: <20010102032625.479002381@hal.haln>
Sender: owner-linux-crypto@nl.linux.org

On Tue, 2 Jan 2001, Emil Laurentiu wrote:

> On 23 November 2000, John Kennedy <jk@csuchico.edu> wrote:
> > On Mon, Nov 06, 2000 at 10:34:54AM +0100, Marc Mutz wrote:
> > > Emil wrote:
> > > > util-linux-2.10o.int.patch still doesn't include the AES encryption
> > > > Anyone plans to do it ?
> > >
> > > You can easily add it to the list of known ciphers in
> > > util-linux/mount/lomount.c
> > > Then re-compile both mount and losetup.
>
> I have compiled the international patch for the latest util-linux-2.10r
> It has the AES included and small modifications like zeroing the password
> and the hash once they are passed to the encryption loop structure.

Cool!

> Also note that the sizes of keys for some encryption types have been
> modified to use the maximum available keysize.

No - many of the algorithms supports longer keysizes, like serpent, rc6
and blowfish, but you miss one point IMHO. Currently we use a passphrase
to generate the key, and it's unlikely that the passphrase contains
more than 128 bits of entropy. Allowing longer keys will probably only
give false impression of security. Then it's a bad thing to break
compatibility, like your patch will do for several ciphers.

Another thing for Rijndael is that the number of round increase with
longer keys, so a 256 bit key needs 14 rounds, while an 128 bit key
only need 10 or 12, and as long as a 256 bit key don't increase security,
I see no reason to use one. This is a minor point, though.

If a better scheme for key management is developed, it's a different
matter, but then we must also develop a new way of initialising the
loop device, and can then decide which keylength to use.

> (WARNING: This will prevent you from decrypting your partitions/files
> if the keysize has changed so better decrypt everything before applying
> this patch!!!)
>
> Another change is in the definitions for AES and RIJNDAEL which should be
> the same since it's the same encryption method with 2 different names.
> In this case AES = RIJNDAEL = 16. Choosing different numbers will break things.

I fully agree with here. Could you submit a patch that _only_ does this,
and keeps the keysizes for the other ciphers untouched.

--
Gisle Sælensminde ( gisle@ii.uib.no )

With sufficient thrust, pigs fly just fine. However, this is not
necessarily a good idea. It is hard to be sure where they are going
to land, and it could be dangerous sitting under them as they fly
overhead. (from RFC 1925)

Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

Follow-Ups:
- Re: AES
  - From: Emil Laurentiu <emil@la.mine.nu>

References:
- Re: AES
  - From: Emil Laurentiu <emil@la.mine.nu>

Prev by Date: Re: AES
Next by Date: Problem with DES
Prev by thread: Re: AES
Next by thread: Re: AES
Index(es):
- Date
- Thread