* Re: [dm-crypt] double algorithm question E3E-2A1
@ 2009-08-02 1:49 Roscoe
2009-08-02 1:57 ` Roscoe
0 siblings, 1 reply; 3+ messages in thread
From: Roscoe @ 2009-08-02 1:49 UTC (permalink / raw)
To: Sam; +Cc: dm-crypt
Getting past spam filter, attempt 3.
On Sun, Aug 2, 2009 at 11:20 AM, Roscoe<eocsor@gmail.com> wrote:
> FWIW I wouldn't forget about Serpent, which came 2nd in the AES
> selection process.
>
> From Practical Cryptography, by Niels Ferguson and Bruce Schneier:
> "If you are paranoid about the security of your data, and speed is
> not important, then you should choose Seprent. During the AES process,
> every serious cryptographer agreed that Serpent was the most secure
> (or most conservative) of the submissions"
>
> -- Roscoe
>
> On Sun, Aug 2, 2009 at 12:48 AM, Sam<test532@codingninjas.org> wrote:
>> Thanks Moji,
>>
>> That will obviously provide a nice boost in performance over what I was
>> trying! I appreciate your help.
>>
>> Regards,
>> Sam
>>
>>> You do not need to make a filesystem on the intermediate device, because
>>> you treat the devices in /dev/mapper as block devices you can luksFormat
>>> any device that shows up in order to do cascade encryption. You just have
>>> to remember to close them first in last out.
>>>
>>> cryptsetup luksFormat -c aes-xts-plain /dev/sdc
>>> cryptsetup luksOpen /dev/sdc first_layer
>>> cryptsetup luksFormat -c aes-xts-plain /dev/mapper/first_layer
>>> cryptsetup luksOpen /dev/mapper/first second_layer
>>> mkfs.ext2 /dev/mapper/second_layer -m 0 -L "Test"
>>> mount /dev/mapper/second_layer /mnt/usb
>>> umount /mnt/cdrom
>>> cryptsetup luksClose second_layer
>>> cryptsetup luksClose first_layer
>>>
>>> [Of course omit the luksFormat/mkfs lines after the device is created to
>>> open/close the device.]
>>>
>>> I do not know of any vulnerabilities with cascade encryption, it is
>>> normally just excessive, but someone else might.
>>>
>>> I hope that helps you,
>>>
>>> -MJ
>>>
>>> On Sat, 1 Aug 2009 07:39:42 -0400
>>>
>>> Sam <test532@codingninjas.org> wrote:
>>> > Hi All,
>>> >
>>> > I am wondering if this is a good idea:
>>> >
>>> > encrypt a partition normally with cryptsetup luksFormat (using
>>> > aes-xts-plain), then luksOpen,
>>> > mkfs.ext2 format the device mapper device that appears,
>>> > mount it.
>>> > Then, create a giant file that fills up the partition.
>>> > losetup it that file,
>>> > luksFormat the loop device (using twofish-xts-plain)
>>> > luksOpen it,
>>> > mkfs.ext2 format the device mapper device that appears,
>>> > mount it,
>>> > and use it...
>>> >
>>> > My purpose is that I don't trust AES, but I don't trust twofish enough to
>>> > be sure it is better than AES.
>>> >
>>> > I am paranoid enough that the speed hit is acceptable.
>>> >
>>> > Questions:
>>> >
>>> > 1) is this the best way to achieve my goal with dm-crypt?
>>> > 2) is it secure? Or will somehow it cause my data to be less secure than
>>> > just using one cipher? Or will it somehow defeat the security provided by
>>> > XTS? (i would assume it becoming less secure in any way is impossible,
>>> > but i am not a cryptoanalyst, so i don't want to be assuming such
>>> > things).
>>> >
>>> > I know truecrypt has a feature where you specify the cipher as
>>> > aes-twofish. This is what I wish to achieve, but using dm-crypt.
>>> >
>>> > Regards,
>>> > Sam
>>> > _______________________________________________
>>> > dm-crypt mailing list
>>> > dm-crypt@saout.de
>>> > http://www.saout.de/mailman/listinfo/dm-crypt
>>>
>>> _______________________________________________
>>> dm-crypt mailing list
>>> dm-crypt@saout.de
>>> http://www.saout.de/mailman/listinfo/dm-crypt
>> _______________________________________________
>> dm-crypt mailing list
>> dm-crypt@saout.de
>> http://www.saout.de/mailman/listinfo/dm-crypt
>>
>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [dm-crypt] double algorithm question E3E-2A1
2009-08-02 1:49 [dm-crypt] double algorithm question E3E-2A1 Roscoe
@ 2009-08-02 1:57 ` Roscoe
2009-08-02 3:56 ` Sam
0 siblings, 1 reply; 3+ messages in thread
From: Roscoe @ 2009-08-02 1:57 UTC (permalink / raw)
To: dm-crypt
Getting past spam filter, attempt 4. If this doesn't work I'm giving up.
FWIW I wouldn't forget about Serpent, which came 2nd in the AES
selection process. From Practical Cryptography, by Niels Ferguson and
Bruce Schneier:
"If you are paranoid about the security of your data, and speed is
not important, then you should choose Seprent. During the AES process,
every serious cryptographer agreed that Serpent was the most secure
(or most conservative) of the submissions"
-- Roscoe
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [dm-crypt] double algorithm question E3E-2A1
2009-08-02 1:57 ` Roscoe
@ 2009-08-02 3:56 ` Sam
0 siblings, 0 replies; 3+ messages in thread
From: Sam @ 2009-08-02 3:56 UTC (permalink / raw)
To: dm-crypt
Hi Roscoe,
Thanks for your suggestion. I have heard this vaguely elsewhere in the past.
Perhaps that is what I will do now that you bring it up again.
By the way, your mail got through each time. I get that spam message too when
posting. I believe what happens is that when the mailing list server sends our
message to each address that is subscribed, only one person who is subscribed
has some problem that triggers that message from their address. Thus your mail
gets to everyone but that one person. I don't know about you, but every time I
post I also get a subscribe request confirmation for some yahoo group for
danish cats as well, lol.
Thanks again,
Sam
> Getting past spam filter, attempt 4. If this doesn't work I'm giving up.
>
>
> FWIW I wouldn't forget about Serpent, which came 2nd in the AES
> selection process. From Practical Cryptography, by Niels Ferguson and
> Bruce Schneier:
> "If you are paranoid about the security of your data, and speed is
> not important, then you should choose Seprent. During the AES process,
> every serious cryptographer agreed that Serpent was the most secure
> (or most conservative) of the submissions"
>
> -- Roscoe
> _______________________________________________
> dm-crypt mailing list
> dm-crypt@saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2009-08-02 3:57 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-08-02 1:49 [dm-crypt] double algorithm question E3E-2A1 Roscoe
2009-08-02 1:57 ` Roscoe
2009-08-02 3:56 ` Sam
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox