* [dm-crypt] list of supported encryption options for LUKS @ 2014-09-07 16:15 .. ink .. 2014-09-07 16:59 ` Milan Broz 0 siblings, 1 reply; 9+ messages in thread From: .. ink .. @ 2014-09-07 16:15 UTC (permalink / raw) To: dm-crypt@saout.de [-- Attachment #1: Type: text/plain, Size: 384 bytes --] The most requested feature in my project zuluCrypt has been to have an option to set encryption options when creating a volume and i have decided to implement it after just receiving another feature request. "cryptsetup benchmark" mentions a few different combinations and i am wondering if these combinations are the only ones supported or if there are more supported combinations. [-- Attachment #2: Type: text/html, Size: 494 bytes --] ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [dm-crypt] list of supported encryption options for LUKS 2014-09-07 16:15 [dm-crypt] list of supported encryption options for LUKS .. ink .. @ 2014-09-07 16:59 ` Milan Broz 2014-09-07 17:30 ` .. ink .. ` (2 more replies) 0 siblings, 3 replies; 9+ messages in thread From: Milan Broz @ 2014-09-07 16:59 UTC (permalink / raw) To: dm-crypt@saout.de On 09/07/2014 06:15 PM, .. ink .. wrote: > > The most requested feature in my project zuluCrypt has been to have an option > to set encryption options when creating a volume and i have decided to implement it > after just receiving another feature request. > > "cryptsetup benchmark" mentions a few different combinations and i am wondering if > these combinations are the only ones supported or if there are more supported combinations. These are just common and widely used. (I selected AES finalist mainly to compare speed on particular machine.) You can use and test anything what kernel provides but you have to know key size etc (IIRC for blockiphers kernel supports more options including e.g. camelia, cast, blowfish, ... Dito for block modes. See for example tcrypt tests which tests all Truecrypt historic images, there are more ciphers.) But from my experience, I am against providing too many easy available options for non-expert users. (Sadly, cryptsetup already requires user to fiddle with too many options sometimes.) Security experts know how to switch it if needed (and it will be always possible) but simple list box containing all possible variants will not help anything. People tend to experiment without thinking about security (and even practical) consequences. ("I read SHA1 is insecure so I used whirpool everywhere." Recent story...) If you are able to provide some comment to options (TrueCrypt tried to do that) it can be better, at least someone read it and decides according to comment. But I still think that there should be only few strong predefined combinations. Why the users want to change default? What's the real problem - cipher speed or they do not trust NIS and NSA or ... they just want more knobs because more knobs means more security :-) ? Milan ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [dm-crypt] list of supported encryption options for LUKS 2014-09-07 16:59 ` Milan Broz @ 2014-09-07 17:30 ` .. ink .. 2014-09-07 22:11 ` Arno Wagner 2014-09-07 22:05 ` Arno Wagner 2014-09-08 19:42 ` .. ink .. 2 siblings, 1 reply; 9+ messages in thread From: .. ink .. @ 2014-09-07 17:30 UTC (permalink / raw) To: dm-crypt@saout.de [-- Attachment #1: Type: text/plain, Size: 958 bytes --] > But I still think that there should be only few strong predefined > combinations. > > I will go with only those mentioned in the benchmark as "supported options". Why the users want to change default? What's the real problem - cipher speed or they do not trust NIS and NSA or > ... > they just want more knobs because more knobs means more security :-) ? > > I currently do not allow options because i though defaults were good for everybody but people keep asking for ability to change them.This post[1] is a good example of that They wished for more options but did not specify why. About a week ago,somebody sent me a zuluCrypt source file and asked me to modify it to change hard coded defaults.They wanted different defaults but did not trust themselves to change the source file so they asked me to do it for them. [1] http://www.wilderssecurity.com/threads/zulucrypt-easily-create-and-manage-luks-plain-truecrypt-volumes-and-partitions.363255/ [-- Attachment #2: Type: text/html, Size: 1701 bytes --] ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [dm-crypt] list of supported encryption options for LUKS 2014-09-07 17:30 ` .. ink .. @ 2014-09-07 22:11 ` Arno Wagner 0 siblings, 0 replies; 9+ messages in thread From: Arno Wagner @ 2014-09-07 22:11 UTC (permalink / raw) To: dm-crypt On Sun, Sep 07, 2014 at 19:30:00 CEST, .. ink .. wrote: > > But I still think that there should be only few strong predefined > > combinations. > > > > I will go with only those mentioned in the benchmark as "supported > options". > > Why the users want to change default? > > What's the real problem - cipher speed or they do not trust NIS and NSA or > > ... > > they just want more knobs because more knobs means more security :-) ? > > > > > I currently do not allow options because i though defaults were good for > everybody but people keep asking for > ability to change them.This post[1] is a good example of that They wished > for more options but did not specify why. > > About a week ago,somebody sent me a zuluCrypt source file and asked me to > modify it to change hard coded defaults.They wanted different defaults but > did not trust themselves to change the source file so they asked me to do > it for them. That is really hilarious: People that do not trust themselves to change a few strings, but do trust themselves to evaluate what crypto is secure and what is not. I guess people really have no clue how easy it is to completely break security with wrong crypto parameters. You should not give in or at the very least put up strong warnings. Some people will always manage to shoot themselves in the foot (Dunning-Kruger effect at work), but at least you can then say "I told you so". Arno > > [1] > http://www.wilderssecurity.com/threads/zulucrypt-easily-create-and-manage-luks-plain-truecrypt-volumes-and-partitions.363255/ > _______________________________________________ > dm-crypt mailing list > dm-crypt@saout.de > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [dm-crypt] list of supported encryption options for LUKS 2014-09-07 16:59 ` Milan Broz 2014-09-07 17:30 ` .. ink .. @ 2014-09-07 22:05 ` Arno Wagner 2014-09-08 19:42 ` .. ink .. 2 siblings, 0 replies; 9+ messages in thread From: Arno Wagner @ 2014-09-07 22:05 UTC (permalink / raw) To: dm-crypt On Sun, Sep 07, 2014 at 18:59:21 CEST, Milan Broz wrote: > On 09/07/2014 06:15 PM, .. ink .. wrote: > > > > The most requested feature in my project zuluCrypt has been to have an > > option to set encryption options when creating a volume and i have > > decided to implement it after just receiving another feature request. > > > > "cryptsetup benchmark" mentions a few different combinations and i am > > wondering if these combinations are the only ones supported or if there > > are more supported combinations. > > These are just common and widely used. (I selected AES finalist mainly to > compare speed on particular machine.) > > You can use and test anything what kernel provides but you have to know > key size etc (IIRC for blockiphers kernel supports more options including > e.g. camelia, cast, blowfish, ... Dito for block modes. See for example > tcrypt tests which tests all Truecrypt historic images, there are more > ciphers.) Also remember that you need a block cipher for the cipher. Milan rightfully pointed this out to me when, in a moment of madness, I tried to use RC4 for FAQ Item 6.13. > But from my experience, I am against providing too many easy available > options for non-expert users. (Sadly, cryptsetup already requires user to > fiddle with too many options sometimes.) There really is no good way around that. Sadly, security needs some understanding of things as there are too many attackers that do not care one bit about the user's security, some of them even able to influence hardware and Linux distros. > Security experts know how to switch it if needed (and it will be always > possible) but simple list box containing all possible variants will not > help anything. > > People tend to experiment without thinking about security (and even > practical) consequences. ("I read SHA1 is insecure so I used whirpool > everywhere." Recent story...) Argggghh! Yes, see FAQ Item 5.20. People are actively getting less security by messing with settings. Or see Example 2 in FAQ Item 6.13: You can use Blowfish with 64 Bit keys, giving you no security against an attacker with modest security, but it is nicely fast. And a non-expert may just think that 64 bits of key are enough. > If you are able to provide some comment to options (TrueCrypt tried to do > that) it can be better, at least someone read it and decides according to > comment. I think you should at the very least warn of low key-lengths, broken or expected-to-be-broken soon hashes, insecure modes (CBC) etc. > But I still think that there should be only few strong predefined > combinations. Or at least a few strong suggested combination and strong warnings against not using them. For example, the AES finalists should be fine, ciphers that dropped out earlies are likely not. > Why the users want to change default? > What's the real problem - cipher speed or they do not trust > NIS and NSA or ... they just want more knobs because more > knobs means more security :-) > ? I think it is mostly a general mistrust against the NSA and NIST (both deservedly), coupled with no understanding what actually got compromised by the NSA. Most people do not even know that the NSA has different parts and some are really dedicated to making things more secure. People are even mistrusting SELinux because that was done by the NSA, and completely disregard that this is an access layer and backdoors can be spotted relatively easily (i.e. high risk for the NSA of getting caught), unlike some crypto-backdoors, where spotting them is impossible. For example, I really doubt the NSA did anything to weaken AES, but the curves for their ECC CPRNG are more than fishy, as is Intels RDRAND design. Both are compromised designs, as there is no way for anybody outside to verify their security. To make things even more complicated, a compromised design does not mean things are compromised, the CPRNG and RDRAND could be perfectly secure. Nobody believes that, of course, but anybody not a crypto-expert will be completely confused at this point. To make matters worse, deciding whom to trust when you are not an expert is really difficult, especially when you see, e.g. Google using RC4 for SSL. Are they compromised? Are they just trying to save cycles? Do they maybe know that the NSA cannot break RC4 wholesale? Impossible to answer for a non-expert. Hence people try to protect themselves by suspecting the defaults and end up making matters worse. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [dm-crypt] list of supported encryption options for LUKS 2014-09-07 16:59 ` Milan Broz 2014-09-07 17:30 ` .. ink .. 2014-09-07 22:05 ` Arno Wagner @ 2014-09-08 19:42 ` .. ink .. 2014-09-08 22:33 ` Arno Wagner 2 siblings, 1 reply; 9+ messages in thread From: .. ink .. @ 2014-09-08 19:42 UTC (permalink / raw) To: dm-crypt@saout.de [-- Attachment #1: Type: text/plain, Size: 503 bytes --] On Sun, Sep 7, 2014 at 12:59 PM, Milan Broz <gmazyland@gmail.com> wrote: > But I still think that there should be only few strong predefined > combinations. > > The list of option i am going to support for LUKS volumes is listed below as taken from cryptsetup benchmark list. First condition is for plain volumes,second condition for luks and the last one is for truecrypt. https://github.com/mhogomchungu/zuluCrypt/blob/c99841c21a6edeea955106134fd54d5935f8e237/zuluCrypt-gui/createvolume.cpp#L238 [-- Attachment #2: Type: text/html, Size: 1038 bytes --] ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [dm-crypt] list of supported encryption options for LUKS 2014-09-08 19:42 ` .. ink .. @ 2014-09-08 22:33 ` Arno Wagner 2014-09-08 22:38 ` Arno Wagner 2014-09-09 1:19 ` .. ink .. 0 siblings, 2 replies; 9+ messages in thread From: Arno Wagner @ 2014-09-08 22:33 UTC (permalink / raw) To: dm-crypt On Mon, Sep 08, 2014 at 21:42:06 CEST, .. ink .. wrote: > On Sun, Sep 7, 2014 at 12:59 PM, Milan Broz <gmazyland@gmail.com> wrote: > > > > > But I still think that there should be only few strong predefined > > combinations. > > > > > The list of option i am going to support for LUKS volumes is listed below > as taken from cryptsetup benchmark list. > > First condition is for plain volumes,second condition for luks and the last > one is for truecrypt. > > https://github.com/mhogomchungu/zuluCrypt/blob/c99841c21a6edeea955106134fd54d5935f8e237/zuluCrypt-gui/createvolume.cpp#L238 I would add a warning about gcrypt (see FAQ 8.3) for all variants with whirlpool. Some people may still use this with the broken gcrypt implementation. Apart from that, the list looks fine. Side-question: Are the multi-cipher variants like "twofish:aes.xts-plain64.256.ripemd160" something you do yourself? How do you do them? Additional LUKS layers with the same passphrase set-up? Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [dm-crypt] list of supported encryption options for LUKS 2014-09-08 22:33 ` Arno Wagner @ 2014-09-08 22:38 ` Arno Wagner 2014-09-09 1:19 ` .. ink .. 1 sibling, 0 replies; 9+ messages in thread From: Arno Wagner @ 2014-09-08 22:38 UTC (permalink / raw) To: dm-crypt On Tue, Sep 09, 2014 at 00:33:09 CEST, Arno Wagner wrote: > On Mon, Sep 08, 2014 at 21:42:06 CEST, .. ink .. wrote: > > On Sun, Sep 7, 2014 at 12:59 PM, Milan Broz <gmazyland@gmail.com> wrote: > > > > > > > > > But I still think that there should be only few strong predefined > > > combinations. > > > > > > > > The list of option i am going to support for LUKS volumes is listed below > > as taken from cryptsetup benchmark list. > > > > First condition is for plain volumes,second condition for luks and the last > > one is for truecrypt. > > > > https://github.com/mhogomchungu/zuluCrypt/blob/c99841c21a6edeea955106134fd54d5935f8e237/zuluCrypt-gui/createvolume.cpp#L238 > > I would add a warning about gcrypt (see FAQ 8.3) for all > variants with whirlpool. Some people may still use this with > the broken gcrypt implementation. > > Apart from that, the list looks fine. > > Side-question: > Are the multi-cipher variants like "twofish:aes.xts-plain64.256.ripemd160" > something you do yourself? How do you do them? Additional > LUKS layers with the same passphrase set-up? Ah, sorry, they are for TrueCrypt, obviously. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [dm-crypt] list of supported encryption options for LUKS 2014-09-08 22:33 ` Arno Wagner 2014-09-08 22:38 ` Arno Wagner @ 2014-09-09 1:19 ` .. ink .. 1 sibling, 0 replies; 9+ messages in thread From: .. ink .. @ 2014-09-09 1:19 UTC (permalink / raw) To: dm-crypt@saout.de [-- Attachment #1: Type: text/plain, Size: 516 bytes --] On Mon, Sep 8, 2014 at 6:33 PM, Arno Wagner <arno@wagner.name> wrote: > I would add a warning about gcrypt (see FAQ 8.3) for all > variants with whirlpool. Some people may still use this with > the broken gcrypt implementation. > > Thanks for the tip. I have decided to go with allowing whirlpool usage only if the project was build with libgcrypt >= 1.6.1 and libcryptsetup >= 1.6.4 If the two conditions are not met,the option will not be listed in the GUI component and the CLI component will just error out. [-- Attachment #2: Type: text/html, Size: 967 bytes --] ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2014-09-09 1:20 UTC | newest] Thread overview: 9+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2014-09-07 16:15 [dm-crypt] list of supported encryption options for LUKS .. ink .. 2014-09-07 16:59 ` Milan Broz 2014-09-07 17:30 ` .. ink .. 2014-09-07 22:11 ` Arno Wagner 2014-09-07 22:05 ` Arno Wagner 2014-09-08 19:42 ` .. ink .. 2014-09-08 22:33 ` Arno Wagner 2014-09-08 22:38 ` Arno Wagner 2014-09-09 1:19 ` .. ink ..
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.