How to use Serpent

How to use Serpent

[Fabian Stargalla]

Hello everyone!

Please excuse me if my post in this mailing list seems a bit out of
place; I am fairly new to mailing lists, and this is actually my very
first post.

I would like to seek advice from someone who is familiar with the
Serpent cipher, encryption and cryptsetup in general.
Currently, I'm planning my new Arch installation with a BTRFS
filesystem that is encrypted using cryptsetup and LUKS, and I'm
finding little to no information on how to properly use the Serpent
cipher for system encryption, as well as for encrypting hard drives
solely for data storage, and for a swap partition to enable
hibernation support.
From what I've read and understood so far, it would be best to use
Serpent for my system encryption in the same way AES is used by
default with LUKS, that would be serpent-xts-plain64, but I'm not 100%
sure and can't verify it any other way than to ask here.
Furthermore, I would also like to know if the XTS mode with plain64 is
also appropriate and works well for my swap partition and my data
storage drives/partitions?

Just in case someone says I should just be using default AES (like in
one thread on the Arch forum):
My primary concern is the higher level of security that Serpent
offers, which is why I prefer it over the default AES encryption. That
also means that speed is completely irrelevant to me, as long as it
remains within a bearable range.

I would be really pleased and very grateful if someone would be so
kind as to offer me some advice on these 3 questions.

Thanks,
fabestah

Re: How to use Serpent

[Milan Broz]

On 8/28/23 01:37, Fabian Stargalla wrote:
> I would like to seek advice from someone who is familiar with the
> Serpent cipher, encryption and cryptsetup in general.
> Currently, I'm planning my new Arch installation with a BTRFS
> filesystem that is encrypted using cryptsetup and LUKS, and I'm
> finding little to no information on how to properly use the Serpent
> cipher for system encryption, as well as for encrypting hard drives
> solely for data storage, and for a swap partition to enable
> hibernation support.
>  From what I've read and understood so far, it would be best to use
> Serpent for my system encryption in the same way AES is used by
> default with LUKS, that would be serpent-xts-plain64, but I'm not 100%
> sure and can't verify it any other way than to ask here.
> Furthermore, I would also like to know if the XTS mode with plain64 is
> also appropriate and works well for my swap partition and my data
> storage drives/partitions?

Usually if you need to ask these questions, then just use defaults.

Anyway, Serpent works with LUKS without problem, all you need to do
is use --cipher serpent-xts-plain64 during format (and enable Serpent
in kernel). XTS mode with plain64 IV is appropriate (and the best option)
here.

But as there is no hw optimization, you will get significantly slower
encryption compared to AES-NI (check output of "cryptsetup benchmark"
it measures Serpent by default, see 512bit key as it is default for XTS).
  
> Just in case someone says I should just be using default AES (like in
> one thread on the Arch forum):
> My primary concern is the higher level of security that Serpent
> offers, which is why I prefer it over the default AES encryption. That
> also means that speed is completely irrelevant to me, as long as it
> remains within a bearable range.

It is also about implementation issues. I highly doubt sw implementation
of Serpent in kernel is side-channel safe, so AES with AES-NI hw enabled
support could be practically better solution.

Anyway, I am just responding to the technical question, not the security one.
Serpent can be used with LUKS easily without problem.

Milan