From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <test532@codingninjas.org>
Received: from localhost (localhost [127.0.0.1])
	by mail.saout.de (Postfix) with ESMTP id 79FC49039
	for <dm-crypt@saout.de>; Sat,  1 Aug 2009 13:43:45 +0200 (CEST)
Received: from mail.saout.de ([127.0.0.1])
	by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id Rwg7ycPh-B9u for <dm-crypt@saout.de>;
	Sat,  1 Aug 2009 13:43:40 +0200 (CEST)
Received: from op7.codingninjas.org (op7.codingninjas.org [209.222.52.116])
	(using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.saout.de (Postfix) with ESMTPS
	for <dm-crypt@saout.de>; Sat,  1 Aug 2009 13:43:39 +0200 (CEST)
Received: from sschai.localnet
	(CPE0080c6e9d913-CM000f9f4fecc0.cpe.net.cable.rogers.com
	[99.249.56.245])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by op7.codingninjas.org (Postfix) with ESMTPSA id A65D14E227E
	for <dm-crypt@saout.de>; Sat,  1 Aug 2009 07:43:37 -0400 (EDT)
From: Sam <test532@codingninjas.org>
Date: Sat, 1 Aug 2009 07:39:42 -0400
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <200908010739.42930.test532@codingninjas.org>
Subject: [dm-crypt] double algorithm question
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

Hi All,

I am wondering if this is a good idea:

encrypt a partition normally with cryptsetup luksFormat (using aes-xts-plain),
then luksOpen,
mkfs.ext2 format the device mapper device that appears,
mount it.
Then, create a giant file that fills up the partition.
losetup it that file,
luksFormat the loop device (using twofish-xts-plain)
luksOpen it,
mkfs.ext2 format the device mapper device that appears,
mount it,
and use it...

My purpose is that I don't trust AES, but I don't trust twofish enough to be 
sure it is better than AES.

I am paranoid enough that the speed hit is acceptable.

Questions:

1) is this the best way to achieve my goal with dm-crypt?
2) is it secure? Or will somehow it cause my data to be less secure than just 
using one cipher? Or will it somehow defeat the security provided by XTS? (i 
would assume it becoming less secure in any way is impossible, but i am not a 
cryptoanalyst, so i don't want to be assuming such things).

I know truecrypt has a feature where you specify the cipher as aes-twofish. 
This is what I wish to achieve, but using dm-crypt.

Regards,
Sam