l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2002 Jun 04 21:30

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Which cipher to use?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Which cipher to use?

On Sun, Jun 02, 2002 at 09:47:36PM -0700, Ryan wrote:
> I've set myself up encrypted swap, and am wondering which cipher will be 
> fastest.

Hrm, I'd test them yourself, I've seen numerous benchmarks, particularly
in sci.crypt.  It depends quite a bit on your implementation and hardware.

I'd guess blowfish would be fastest since it was designed to be fast
with 32 bit cpu's, avoiding things like the DES proclivity for bit ops.

> My choices are AES, serpent, twofish, or blowfish. I tried out xor too, but 
> It looked like it was SEVERLY vunerable to a plaintext attack (creating a new 
> swapfile to caculate the xor key).

Xor is 100% secure if your key is as long as your data, otherwise known
as the otp = one time pad.  If it's less, it is indeed rather easy to break.

> Why bother encrypting my swap? Losta passwords go in there in plaintext, 
> easily recoverable with a boot disk.

Hrm, I'd argue that this isn't true.  Many applications specifically pin
pages so they aren't swappable (I.e. ssh).  Not to mention a healthy linux
box shouldn't be swapping bins out to disk while they are being
actively used.  Have you ever found a password there?  

A much faster method might be to zero out your swap on shutdown.

> And if anyone wants it, I wrote a simple shell script to configure an 
> encrypted loopback file with a random password, create a swap filesystem on 
> it, and mount it as swap.

Cool, hack, might want to check out, hrm, tin foil linux.  It's a boot disk
for the very paranoid.  It allows typing in a secure passphrase even if
the keyboard is tapped.  It adjusts contrast to make sniffing the monitor
remotely maximally hard, it doesn't use any binaries from the local disk
(to protect against trojans), and may take other precautions as well,
i.e. random processes, random activity, random bus transfers etc.

I've pondered the truely paranoid approach of encrypting ALL files, using
a private key stores in an ibutton, if something ever happens and you want
to secure your files forever just destroy the ibutton.

I've yet to even get my ibutton working to store my ssh passphrase.

I saw tin foil or similar single floppy distribution 
mentioned at Codecon 2002.

Bill Broadley
Mathematics/Institute of Theoretical Dynamics
UC Davis
vox-tech mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.