[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Disk encryption best practices?

To: linux-crypto@xxxxxxxxxxxx
Subject: Disk encryption best practices?
From: Jens Lechtenboerger <lechten@xxxxxxxxxxxxxxxxxx>
Date: Fri, 15 Sep 2006 10:37:22 +0200
List-archive: <http://mail.nl.linux.org/linux-crypto/>
List-help: <mailto:ecartis@nl.linux.org?Subject=help>
List-id: <linux-crypto.nl.linux.org>
List-owner: <mailto:ecartis-owner@nl.linux.org>
List-post: <mailto:linux-crypto@nl.linux.org>
List-software: Ecartis version 1.0.0
List-subscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=unsubscribe>
Sender: linux-crypto-bounce@xxxxxxxxxxxx
User-agent: Gnus/5.110006 (No Gnus v0.6) Emacs/21.3 (gnu/linux)

Hi there,

I'm about to encrypt my disk with loop-aes, and I'm wondering
whether this is a clever move:

1. The introduction (in German) at
   http://wiki.chaostreff.ch/index.php/Festplattenverschl%C3%BCsselung
   recommends not to use AES but to prefer Twofish.
   In addition, GnuPG uses CAST5 as default for symmetric
   encryption.

   What is the state-of-the-art here?

2. The text at http://mareichelt.de/pub/texts.cryptoloop.php
   warns against mainline cryptoloop:
   "Both cryptoloop and dm-crypt in kernels prior to 2.6.10 are
    vulnerable, and even recent dm-crypt still suffers from a weak
    crypto implementation."

   What is weak here?

3. The German Linux-Magazin 10/06 (http://www.linux-magazin.de)
   features an article by Peter Gutmann and Christian Ney, where
   they analyze different types of crypto filesystems.  They
   recommend Truecrypt, dm-crypt is second, and they essentially
   warn against loop-aes:
   They state that the code is complex and written in such a way
   that it is difficult to judge whether it does what it is supposed
   to do.  In addition, return values are never checked (e.g., when
   computing encryption keys), which might lead to a key consisting
   of just zeros.  However, the code is so sloppy that programs are
   more likely to crash with null-pointer dereferences than to use
   empty keys.  Besides, they complain that by default passwords are
   not salted and password hash iterations are not used.

   The part about code quality sounds scary.  Opinions?

   Concerning salting and iterations, for my root partition, I just
   have to uncomment to lines in build-initrd.sh, right?
   Concerning Example 2 in the loop-aes README (partition backed
   loop with gpg encrypted keys), I get salting and iterations with
   the gpg patch provided with loop-aes, right?

I'm curious...

Jens

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

Follow-Ups:
- Re: Disk encryption best practices?
  - From: Gisle Sælensminde
- Re: Disk encryption best practices?
  - From: Jari Ruusu

Prev by Date: firefox is up/downloading something unauthorized-- logfiles non-proxy-use
Next by Date: Re: Disk encryption best practices?
Previous by thread: Re: firefox is up/downloading something unauthorized-- logfiles non-proxy-use
Next by thread: Re: Disk encryption best practices?
Index(es):
- Date
- Thread