[vox-tech] Which cipher to use?

Bill Broadley vox-tech@lists.lugod.org
Mon, 3 Jun 2002 22:41:21 -0700 

On Mon, Jun 03, 2002 at 10:25:23PM -0700, Ryan wrote:
> >
> > Hrm, I'd test them yourself, I've seen numerous benchmarks, particularly
> > in sci.crypt.  It depends quite a bit on your implementation and hardware.
> >
> > I'd guess blowfish would be fastest since it was designed to be fast
> > with 32 bit cpu's, avoiding things like the DES proclivity for bit ops.
> 
> I poked around a bit, and it looks like AES and twofish use the fewest CPU 
> cycles.....

Interesting, I found a AES comparison, but it didn't include blofish.

> Thought so. Using a one time pad for swap is usless due to memory 
> requirements.....

*chuckle*

> Yea, I grep'ed it for fragments of several passwords I use and found them.

Interesting, I guess various apps aren't as careful as ssh, I shouldn't
be surprised, sigh.

> > A much faster method might be to zero out your swap on shutdown.
> 
> Wouldn't be zeroed out on a dirty shutdown.

True, linux can usually avoid those, at least with a UPS to insure
someone doesn't cut power to achieve that end.

> I want my system to usable, my only concern is my brother or a nosy repair 
> tech.

It would be interesting to figure out how to map swapspace to a process then
fix each program.  Hrm things like mozilla might be quite tough.  Hrm,
I wonder if there is a discussion on this somewhere.  Slurping the code from
ssh (open a single page, mark it unswappable, keep anything important
there).

Another trick along similar lines is to force a core dump of /bin/login
or similar programs.

> I'm able to memorize fairly long passwords of random garbage... My password 
> for stuff I want secure (pgp private key, disks) is over 200 bits of random 
> garbage (counting 6.5 bits per char)

Sounds great, although if someone throws your ass in jail till you
give up your key, you will have a difficult choice.  To easily destroy
the key in a unrecoverable way makes it harder to be held in contempt of
course since you can't get the key back even if you want to.

-- 
Bill Broadley
Mathematics/Institute of Theoretical Dynamics
UC Davis