[vox-tech] Which cipher to use?

Ryan vox-tech@lists.lugod.org
Mon, 3 Jun 2002 22:25:23 -0700


On Monday 03 June 2002 08:25 pm, Bill Broadley wrote:
> On Sun, Jun 02, 2002 at 09:47:36PM -0700, Ryan wrote:
> > I've set myself up encrypted swap, and am wondering which cipher will=
 be
> > fastest.
>
> Hrm, I'd test them yourself, I've seen numerous benchmarks, particularl=
y
> in sci.crypt.  It depends quite a bit on your implementation and hardwa=
re.
>
> I'd guess blowfish would be fastest since it was designed to be fast
> with 32 bit cpu's, avoiding things like the DES proclivity for bit ops.

I poked around a bit, and it looks like AES and twofish use the fewest CP=
U=20
cycles.....

> > My choices are AES, serpent, twofish, or blowfish. I tried out xor to=
o,
> > but It looked like it was SEVERLY vunerable to a plaintext attack
> > (creating a new swapfile to caculate the xor key).
>
> Xor is 100% secure if your key is as long as your data, otherwise known
> as the otp =3D one time pad.  If it's less, it is indeed rather easy to
> break.

Thought so. Using a one time pad for swap is usless due to memory=20
requirements.....

> > Why bother encrypting my swap? Losta passwords go in there in plainte=
xt,
> > easily recoverable with a boot disk.
>
> Hrm, I'd argue that this isn't true.  Many applications specifically pi=
n
> pages so they aren't swappable (I.e. ssh).  Not to mention a healthy li=
nux
> box shouldn't be swapping bins out to disk while they are being
> actively used.  Have you ever found a password there?

Yea, I grep'ed it for fragments of several passwords I use and found them=
=2E

> A much faster method might be to zero out your swap on shutdown.

Wouldn't be zeroed out on a dirty shutdown.

> > And if anyone wants it, I wrote a simple shell script to configure an
> > encrypted loopback file with a random password, create a swap filesys=
tem
> > on it, and mount it as swap.
>
> Cool, hack, might want to check out, hrm, tin foil linux.  It's a boot =
disk
> for the very paranoid.  It allows typing in a secure passphrase even if
> the keyboard is tapped.  It adjusts contrast to make sniffing the monit=
or
> remotely maximally hard, it doesn't use any binaries from the local dis=
k
> (to protect against trojans), and may take other precautions as well,
> i.e. random processes, random activity, random bus transfers etc.

I want my system to usable, my only concern is my brother or a nosy repai=
r=20
tech.

> I've pondered the truely paranoid approach of encrypting ALL files, usi=
ng
> a private key stores in an ibutton, if something ever happens and you w=
ant
> to secure your files forever just destroy the ibutton.

I'm able to memorize fairly long passwords of random garbage... My passwo=
rd=20
for stuff I want secure (pgp private key, disks) is over 200 bits of rand=
om=20
garbage (counting 6.5 bits per char)