* [dm-crypt] "re-encrypting" ? @ 2011-08-13 21:18 Steve Verniers 2011-08-13 23:35 ` wolfgang.aigner 2011-08-14 8:32 ` Arno Wagner 0 siblings, 2 replies; 15+ messages in thread From: Steve Verniers @ 2011-08-13 21:18 UTC (permalink / raw) To: dm-crypt [-- Attachment #1: Type: text/plain, Size: 414 bytes --] Hi, Just a quick question. I have encrypted my FS with cryptsetup and see it's 256bit but I found that it is too taxing on my systems resources (only Pentium 4 machine with 2GB ram) Could I "re-encrypt" the FS without loosing the data which is already stored on it ? I have no room to backup so much space. Also what would be a recommanded bit for a system such as mine ? 64bit ? 128 ? -- Kind Regards Steve [-- Attachment #2: Type: text/html, Size: 536 bytes --] ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [dm-crypt] "re-encrypting" ? 2011-08-13 21:18 [dm-crypt] "re-encrypting" ? Steve Verniers @ 2011-08-13 23:35 ` wolfgang.aigner 2011-08-14 1:10 ` Steve Verniers 2011-08-14 8:05 ` Roscoe 2011-08-14 8:32 ` Arno Wagner 1 sibling, 2 replies; 15+ messages in thread From: wolfgang.aigner @ 2011-08-13 23:35 UTC (permalink / raw) To: Steve Verniers, dm-crypt Hello Steve, > I have encrypted my FS with cryptsetup and see it's > 256bit but I found that it is too taxing on my systems resources (only > Pentium 4 machine with 2GB ram) Could I "re-encrypt" the FS without > loosing > the data which is already stored on it ? I have no room to backup so much > space. Yes, but its always dangerous and you could loose all your data. Don't trust on that and do a backup. If it doesn't matter if you loose anything you could use: dd if=/dev/mapper/[cryptdevice] of=/dev/[device] conv=notrunc Be aware this is DANGEROUS. > Also what would be a recommanded bit for a system such as mine ? 64bit ? > 128 You get a bit more Speed with 128 Bit AES, but still it is slower than withou encryption. cheers Wolfgang -- NEU: FreePhone - 0ct/min Handyspartarif mit Geld-zurück-Garantie! Jetzt informieren: http://www.gmx.net/de/go/freephone ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [dm-crypt] "re-encrypting" ? 2011-08-13 23:35 ` wolfgang.aigner @ 2011-08-14 1:10 ` Steve Verniers 2011-08-14 7:00 ` Heinz Diehl 2011-08-14 17:57 ` Wolfgang Aigner 2011-08-14 8:05 ` Roscoe 1 sibling, 2 replies; 15+ messages in thread From: Steve Verniers @ 2011-08-14 1:10 UTC (permalink / raw) To: wolfgang.aigner@gmx.de; +Cc: dm-crypt@saout.de Hi wolfgang. Thank you for your fast response. What would > dd if=/dev/mapper/[cryptdevice] of=/dev/[device] conv=notrunc Actually do then ? Would it revert back to no encryption ? How would i convert the 256 bit encrypt to 128 ? Thanks Sent from my iPhone On 14-aug.-2011, at 01:35, wolfgang.aigner@gmx.de wrote: > Hello Steve, > >> I have encrypted my FS with cryptsetup and see it's >> 256bit but I found that it is too taxing on my systems resources (only >> Pentium 4 machine with 2GB ram) Could I "re-encrypt" the FS without >> loosing >> the data which is already stored on it ? I have no room to backup so much >> space. > > Yes, but its always dangerous and you could loose all your data. Don't trust on that and do a backup. If it doesn't matter if you loose anything you could use: > dd if=/dev/mapper/[cryptdevice] of=/dev/[device] conv=notrunc > > Be aware this is DANGEROUS. > >> Also what would be a recommanded bit for a system such as mine ? 64bit ? >> 128 > > You get a bit more Speed with 128 Bit AES, but still it is slower than withou encryption. > > cheers > Wolfgang > -- > NEU: FreePhone - 0ct/min Handyspartarif mit Geld-zurück-Garantie! > Jetzt informieren: http://www.gmx.net/de/go/freephone ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [dm-crypt] "re-encrypting" ? 2011-08-14 1:10 ` Steve Verniers @ 2011-08-14 7:00 ` Heinz Diehl 2011-08-14 17:57 ` Wolfgang Aigner 1 sibling, 0 replies; 15+ messages in thread From: Heinz Diehl @ 2011-08-14 7:00 UTC (permalink / raw) To: dm-crypt On 14.08.2011, Steve Verniers wrote: > How would i convert the 256 bit encrypt to 128 ? Actually, you can't. You'll have to backup your data somewhere and luksFormat the partition with the new parameters. Besides, I doubt that 128 bit gives noticeably more speed than 256 bit, even if your system is somewhat old. ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [dm-crypt] "re-encrypting" ? 2011-08-14 1:10 ` Steve Verniers 2011-08-14 7:00 ` Heinz Diehl @ 2011-08-14 17:57 ` Wolfgang Aigner 1 sibling, 0 replies; 15+ messages in thread From: Wolfgang Aigner @ 2011-08-14 17:57 UTC (permalink / raw) To: dm-crypt; +Cc: Steve Verniers Hello Steve, > What would > > dd if=/dev/mapper/[cryptdevice] of=/dev/[device] conv=notrunc > Actually do then ? > Would it revert back to no encryption ? How would i convert the 256 bit > encrypt to 128 ? Ok, sorry for not be clear in the first mail. I thought you'd like to unencrypt the whole thing. To reencrypt you get two cryptdevices for the same device: /dev/mapper/[cryptdevice-AES128] /dev/mapper/[cryptdevice-AES256] and then do an dd if=/dev/mapper/[cryptdevice-AES256] of=/dev/[cryptdevice-AES128] \ conv=notrunc And as wrote before, DON'T DO THIS IF DATA LOSS IS A PROBLEM for you. Ive done this many times and most times it worked fine, but you can't be sure. > Hein Diehl wrote > Actually, you can't. You'll have to backup your data somewhere and > luksFormat the partition with the new parameters. Besides, I doubt that > 128 bit gives noticeably more speed than 256 bit, even if your system is > somewhat old. Be aware, that doesn't work with LUKS devices, only with plain dm-crypt devices. > Roscoe wrote > This strikes me as poor advice for the following reasons: > > - It's writing out plaintext directly to his hard disk, the exact > thing he doesn't want to happen you are right, as I wrote on top I thought he would like to unencrypt the whole device. > - It's riskier than it has to be, you're not even backing up the master > key... As Heinz Diehl wrote, it doesn't work with LUKS Headers. Don't bother to make a backup for the keys ;-) For dm-crypt devices you don't need a backup of you master key. cheers Wolfgang ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [dm-crypt] "re-encrypting" ? 2011-08-13 23:35 ` wolfgang.aigner 2011-08-14 1:10 ` Steve Verniers @ 2011-08-14 8:05 ` Roscoe 1 sibling, 0 replies; 15+ messages in thread From: Roscoe @ 2011-08-14 8:05 UTC (permalink / raw) To: dm-crypt On Sun, Aug 14, 2011 at 9:35 AM, <wolfgang.aigner@gmx.de> wrote: ... > Yes, but its always dangerous and you could loose all your data. Don't trust on that and do a backup. If it doesn't matter if you loose anything you could use: > dd if=/dev/mapper/[cryptdevice] of=/dev/[device] conv=notrunc ... This strikes me as poor advice for the following reasons: - It's writing out plaintext directly to his hard disk, the exact thing he doesn't want to happen - He asked for a re-encryption solution - It's riskier than it has to be, you're not even backing up the master key... -- Roscoe ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [dm-crypt] "re-encrypting" ? 2011-08-13 21:18 [dm-crypt] "re-encrypting" ? Steve Verniers 2011-08-13 23:35 ` wolfgang.aigner @ 2011-08-14 8:32 ` Arno Wagner 2011-08-14 10:32 ` Heinz Diehl 1 sibling, 1 reply; 15+ messages in thread From: Arno Wagner @ 2011-08-14 8:32 UTC (permalink / raw) To: dm-crypt On Sat, Aug 13, 2011 at 11:18:15PM +0200, Steve Verniers wrote: > Hi, > > Just a quick question. I have encrypted my FS with cryptsetup and see it's > 256bit but I found that it is too taxing on my systems resources (only > Pentium 4 machine with 2GB ram) "256" bit does not say a lot about encryption speed. The most important facto is the cipher. Mode also plays a role. If you look here: http://blog.wpkg.org/2009/04/23/cipher-benchmark-for-dm-crypt-luks/ you will find that AES256 is close to the maximum speed you can get and AES128 is only about 20% faster. The perception limit for computing speed changes is around 20%, i.e. it is possible you would not even notice the change. It would seem that you will not get any significant speed improvement by changing the cipher. Also note that you need to use cbc-essiv or xts mode at this time to be seucre, the others have data-leackage issues. > Could I "re-encrypt" the FS without loosing > the data which is already stored on it ? I have no room to backup so much > space. You could, but there is a massive risk of complete data-loss. Don't do this without a full, verifed backup. If you have that backup, you can just re-create the encrypted device and be done, so I will not go into any bizzare solutions for doing this. Side note, you need a full backup of the encrypted data anyways, if it is worth anything, see also the FAQ. If you do not have a backup, I recommend just deleting all data and starting over with an empty device, as your data is obviously not worth anything. > Also what would be a recommanded bit for a system such as > mine ? 64bit ? 128? As a shorter key does not give significant speed improvement, aes256-cbc-essiv or aes256-xts is close to optimal. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [dm-crypt] "re-encrypting" ? 2011-08-14 8:32 ` Arno Wagner @ 2011-08-14 10:32 ` Heinz Diehl 2011-08-14 12:22 ` Arno Wagner 0 siblings, 1 reply; 15+ messages in thread From: Heinz Diehl @ 2011-08-14 10:32 UTC (permalink / raw) To: dm-crypt On 14.08.2011, Arno Wagner wrote: > As a shorter key does not give significant speed > improvement, aes256-cbc-essiv or aes256-xts is close > to optimal. On my Intel Core i5 laptop, twofish is actually faster than AES.. ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [dm-crypt] "re-encrypting" ? 2011-08-14 10:32 ` Heinz Diehl @ 2011-08-14 12:22 ` Arno Wagner 2011-08-14 12:49 ` Kyle Rose ` (2 more replies) 0 siblings, 3 replies; 15+ messages in thread From: Arno Wagner @ 2011-08-14 12:22 UTC (permalink / raw) To: dm-crypt On Sun, Aug 14, 2011 at 12:32:10PM +0200, Heinz Diehl wrote: > On 14.08.2011, Arno Wagner wrote: > > > As a shorter key does not give significant speed > > improvement, aes256-cbc-essiv or aes256-xts is close > > to optimal. > > On my Intel Core i5 laptop, twofish is actually faster than AES.. It is on some architectures. It is also less secure. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [dm-crypt] "re-encrypting" ? 2011-08-14 12:22 ` Arno Wagner @ 2011-08-14 12:49 ` Kyle Rose 2011-08-14 13:12 ` Heinz Diehl 2011-08-14 17:46 ` Wolfgang Aigner 2 siblings, 0 replies; 15+ messages in thread From: Kyle Rose @ 2011-08-14 12:49 UTC (permalink / raw) To: dm-crypt [-- Attachment #1: Type: text/plain, Size: 1066 bytes --] Really? You know of an attack on Twofish that reveals plaintext or statistical information about the plaintext? On Aug 14, 2011 8:23 AM, "Arno Wagner" <arno@wagner.name> wrote: > On Sun, Aug 14, 2011 at 12:32:10PM +0200, Heinz Diehl wrote: >> On 14.08.2011, Arno Wagner wrote: >> >> > As a shorter key does not give significant speed >> > improvement, aes256-cbc-essiv or aes256-xts is close >> > to optimal. >> >> On my Intel Core i5 laptop, twofish is actually faster than AES.. > > It is on some architectures. It is also less secure. > > Arno > -- > Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name > GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F > ---- > Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans > > If it's in the news, don't worry about it. The very definition of > "news" is "something that hardly ever happens." -- Bruce Schneier > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt [-- Attachment #2: Type: text/html, Size: 1551 bytes --] ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [dm-crypt] "re-encrypting" ? 2011-08-14 12:22 ` Arno Wagner 2011-08-14 12:49 ` Kyle Rose @ 2011-08-14 13:12 ` Heinz Diehl 2011-08-14 16:59 ` Arno Wagner 2011-08-14 17:46 ` Wolfgang Aigner 2 siblings, 1 reply; 15+ messages in thread From: Heinz Diehl @ 2011-08-14 13:12 UTC (permalink / raw) To: dm-crypt On 14.08.2011, Arno Wagner wrote: > It is on some architectures. It is also less secure. As far as I know, both Serpent and Twofish has shown to be more secure than Rijndael. However, Rijndael was choosen as the new AES because of its overall qualities (speed on various architectures, simplicity..). http://csrc.nist.gov/archive/aes/round2/comments/20000515-bschneier.pdf Anyway, I doubt this is playing an important role since none of these algorithms has been broken yet. ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [dm-crypt] "re-encrypting" ? 2011-08-14 13:12 ` Heinz Diehl @ 2011-08-14 16:59 ` Arno Wagner 0 siblings, 0 replies; 15+ messages in thread From: Arno Wagner @ 2011-08-14 16:59 UTC (permalink / raw) To: dm-crypt On Sun, Aug 14, 2011 at 03:12:08PM +0200, Heinz Diehl wrote: > On 14.08.2011, Arno Wagner wrote: > > > It is on some architectures. It is also less secure. > > As far as I know, both Serpent and Twofish has shown to be more secure than > Rijndael. However, Rijndael was choosen as the new AES because of its overall > qualities (speed on various architectures, simplicity..). > > http://csrc.nist.gov/archive/aes/round2/comments/20000515-bschneier.pdf > > Anyway, I doubt this is playing an important role since none of these algorithms > has been broken yet. Indeed. One argument is that AES will get more scrutiny, as it is more critical for the world. Typically it should not matter though. Arno > > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt > -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [dm-crypt] "re-encrypting" ? 2011-08-14 12:22 ` Arno Wagner 2011-08-14 12:49 ` Kyle Rose 2011-08-14 13:12 ` Heinz Diehl @ 2011-08-14 17:46 ` Wolfgang Aigner 2011-08-15 7:54 ` Arno Wagner 2 siblings, 1 reply; 15+ messages in thread From: Wolfgang Aigner @ 2011-08-14 17:46 UTC (permalink / raw) To: dm-crypt; +Cc: Arno Wagner On Sunday, August 14, 2011 02:22:57 PM Arno Wagner wrote: > On Sun, Aug 14, 2011 at 12:32:10PM +0200, Heinz Diehl wrote: > > On 14.08.2011, Arno Wagner wrote: > > > As a shorter key does not give significant speed > > > improvement, aes256-cbc-essiv or aes256-xts is close > > > to optimal. > > > > On my Intel Core i5 laptop, twofish is actually faster than AES.. > > It is on some architectures. It is also less secure. > Cryptgraphically the best know attack against truefish is as far as I know still http://www.schneier.com/paper-twofish-impossible.html I'm also not aware of any implementation problems on "some architectures". The only think I can argue against twofish is, that there are not so many cryptographical analysisis against it as agains Rijndael. Can you bring any paper, article or other resource that supports your claim? cheers Wolfgang ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [dm-crypt] "re-encrypting" ? 2011-08-14 17:46 ` Wolfgang Aigner @ 2011-08-15 7:54 ` Arno Wagner 2011-08-15 13:00 ` Kyle Rose 0 siblings, 1 reply; 15+ messages in thread From: Arno Wagner @ 2011-08-15 7:54 UTC (permalink / raw) To: dm-crypt On Sun, Aug 14, 2011 at 07:46:23PM +0200, Wolfgang Aigner wrote: > On Sunday, August 14, 2011 02:22:57 PM Arno Wagner wrote: > > On Sun, Aug 14, 2011 at 12:32:10PM +0200, Heinz Diehl wrote: > > > On 14.08.2011, Arno Wagner wrote: > > > > As a shorter key does not give significant speed > > > > improvement, aes256-cbc-essiv or aes256-xts is close > > > > to optimal. > > > > > > On my Intel Core i5 laptop, twofish is actually faster than AES.. > > > > It is on some architectures. It is also less secure. > > > > Cryptgraphically the best know attack against truefish is as far as I > know still > > http://www.schneier.com/paper-twofish-impossible.html > > I'm also not aware of any implementation problems on "some architectures". The > only think I can argue against twofish is, that there are not so many > cryptographical analysisis against it as agains Rijndael. This is my claim. Also take into account that the NSA spent significant time on AES, as the US economy depends on it. No such thing for twofish. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier ^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [dm-crypt] "re-encrypting" ? 2011-08-15 7:54 ` Arno Wagner @ 2011-08-15 13:00 ` Kyle Rose 0 siblings, 0 replies; 15+ messages in thread From: Kyle Rose @ 2011-08-15 13:00 UTC (permalink / raw) To: dm-crypt > This is my claim. Also take into account that the NSA spent significant > time on AES, as the US economy depends on it. No such thing for > twofish. Then one right way to phrase your opinion is "The evidence suggests that AES is at least as secure as Twofish, and the added scrutiny gives me more confidence in it." Leaving out the extra words and abbreviating this as "AES is more secure than Twofish" is an unfounded assertion of fact, when in reality all you have is opinion and deeper cryptanalysis. Until you find a way to break a symmetric cipher, it's hard to say with any certainty whether it is more or less secure than any other cipher with the same parameters (block size and key length). ^ permalink raw reply [flat|nested] 15+ messages in thread
end of thread, other threads:[~2011-08-15 13:00 UTC | newest] Thread overview: 15+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2011-08-13 21:18 [dm-crypt] "re-encrypting" ? Steve Verniers 2011-08-13 23:35 ` wolfgang.aigner 2011-08-14 1:10 ` Steve Verniers 2011-08-14 7:00 ` Heinz Diehl 2011-08-14 17:57 ` Wolfgang Aigner 2011-08-14 8:05 ` Roscoe 2011-08-14 8:32 ` Arno Wagner 2011-08-14 10:32 ` Heinz Diehl 2011-08-14 12:22 ` Arno Wagner 2011-08-14 12:49 ` Kyle Rose 2011-08-14 13:12 ` Heinz Diehl 2011-08-14 16:59 ` Arno Wagner 2011-08-14 17:46 ` Wolfgang Aigner 2011-08-15 7:54 ` Arno Wagner 2011-08-15 13:00 ` Kyle Rose
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.