Re: [dm-crypt] Re : Re : Re : Poor performances with nfs and Kernel 3.x

[Arno Wagner <arno@wagner.name>]

On Sun, Feb 26, 2012 at 09:29:31PM +0000, Mickael wrote:
> 
[...]
> 
> PS: about point 3: Have you ever thinking adding an option to cryptsetup
> to do a benchmark like this: http://www.truecrypt.org/screenshots2 (I
> guess everyone build his own one) In fact, with the speed, it will be
> great to have an idea about the security level of?  each cipher too.  But
> is it possible to calculate such index ?  For example, is the slowest
> cipher the most secure ?

Unfortunately, no. Ciphers get broken overt time and at some point
they become practiclly insecure, depending on attacker model.
This means cipher security is always an expert opinion as not all
people working on breaking a cipher will publish their results.
Then there is another factor: If somebody can break a cipher, 
for what kind of informatin will they admit they can (by using
that nformaton)? And to make matters more complicated, once somebody
adits to being able to break a certain cipher, they may also
use that capability for things of far lesser worth.

Cyrrent advice is to use AES for everything that needs to be 
secure. The other AES-finalists should also be pretty good and 
some may be more secure than AES in fact. Not that it matters
at this time.

Also note that TrueCrypt ffers cobinaton of ciphers where
(hopefully) all have to be broken to access the secrets.
dm-crypt does not do that, byt you can manyally layer diffent
ciphers if you want it. 
 
Arno
-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
One of the painful things about our time is that those who feel certainty 
are stupid, and those with any imagination and understanding are filled 
with doubt and indecision. -- Bertrand Russell