I don't see how adding salt to the key can provide more security if the user has chosen a long key with sufficient entropy. For example, if the user used the original -k option and had a truly random 448 bit key, adding the salt would have no advantage, if the salt only affected the key. It could even be a disadvantage, as the 448 bit random key the user chose would be reduced to a 128 bit key with the salt added in.
Woodchuck <[EMAIL PROTECTED]> wrote: On Sat, 27 Jan 2007, Don Smith wrote: > On the newer versions of OpenBSD, there is -K added as > an option for SVND. > > I always used the -k option with a strong key and no > salt file. > > Is the original -k method still secure, given a strong key? No. But that's hearsay. Here's what I heard someone say: "The biggest drawback of svnd is its lack of security in the general use case. It is vulnerable to an offline dictionary attack. That is, you can generate a database mapping known ciphertext blocks on the disk back into pass phrases that can be accessed in O(1) without even being in possession of the disk. What's even worse is that the same database will work on any svnd disk. It is possible--and perhaps even likely--that large agencies such as the NSA have constructed such a database and can crack a majority of the svnds in the world in less than a second. The way that one prevents an offline dictionary attack is to use a salt in conjunction with the pass phrase," Source: http://www.onlamp.com/pub/a/bsd/2005/12/21/netbsd_cgd.html?page=3 Disclaimer: I am not a cryptanalyst. Maybe that's all FUD and blown smoke. Advice: Use the salt. How can it hurt? It depends on your threat model. If it's a laptop and you don't want some random thief or whoever he sells your stolen property to to read your disk, -k will suffice. If you're worried about a large government, there are still other considerations (rubber hoses for one), but the salt won't hurt. If I recall the source code correctly, using -k, you are already using salt -- of zero. The salt is used when generating the key from the passphrase, and won't slow down the actual disk en/decryption, so salt is a win. Dave -- The law has converted plunder into a right and lawful defense into a crime. -- Frederic Bastiat, 1850 --------------------------------- Get your own web address. Have a HUGE year through Yahoo! Small Business.
