l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
October 7: Social gathering
Next Installfest:
TBD
Latest News:
Aug. 18: Discounts to "Velocity" in NY; come to tonight's "Photography" talk
Page last updated:
2002 Jun 04 12:45

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Which cipher to use?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Which cipher to use?



On Monday 03 June 2002 08:25 pm, Bill Broadley wrote:
> On Sun, Jun 02, 2002 at 09:47:36PM -0700, Ryan wrote:
> > I've set myself up encrypted swap, and am wondering which cipher will be
> > fastest.
>
> Hrm, I'd test them yourself, I've seen numerous benchmarks, particularly
> in sci.crypt.  It depends quite a bit on your implementation and hardware.
>
> I'd guess blowfish would be fastest since it was designed to be fast
> with 32 bit cpu's, avoiding things like the DES proclivity for bit ops.

I poked around a bit, and it looks like AES and twofish use the fewest CPU 
cycles.....

> > My choices are AES, serpent, twofish, or blowfish. I tried out xor too,
> > but It looked like it was SEVERLY vunerable to a plaintext attack
> > (creating a new swapfile to caculate the xor key).
>
> Xor is 100% secure if your key is as long as your data, otherwise known
> as the otp = one time pad.  If it's less, it is indeed rather easy to
> break.

Thought so. Using a one time pad for swap is usless due to memory 
requirements.....

> > Why bother encrypting my swap? Losta passwords go in there in plaintext,
> > easily recoverable with a boot disk.
>
> Hrm, I'd argue that this isn't true.  Many applications specifically pin
> pages so they aren't swappable (I.e. ssh).  Not to mention a healthy linux
> box shouldn't be swapping bins out to disk while they are being
> actively used.  Have you ever found a password there?

Yea, I grep'ed it for fragments of several passwords I use and found them.

> A much faster method might be to zero out your swap on shutdown.

Wouldn't be zeroed out on a dirty shutdown.

> > And if anyone wants it, I wrote a simple shell script to configure an
> > encrypted loopback file with a random password, create a swap filesystem
> > on it, and mount it as swap.
>
> Cool, hack, might want to check out, hrm, tin foil linux.  It's a boot disk
> for the very paranoid.  It allows typing in a secure passphrase even if
> the keyboard is tapped.  It adjusts contrast to make sniffing the monitor
> remotely maximally hard, it doesn't use any binaries from the local disk
> (to protect against trojans), and may take other precautions as well,
> i.e. random processes, random activity, random bus transfers etc.

I want my system to usable, my only concern is my brother or a nosy repair 
tech.

> I've pondered the truely paranoid approach of encrypting ALL files, using
> a private key stores in an ibutton, if something ever happens and you want
> to secure your files forever just destroy the ibutton.

I'm able to memorize fairly long passwords of random garbage... My password 
for stuff I want secure (pgp private key, disks) is over 200 bits of random 
garbage (counting 6.5 bits per char)
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
EDGE Tech Corp.
For donating some give-aways for our meetings.