On Wed, 2008-11-05 at 15:32 +0200, Gabriel VLASIU wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Wed, 5 Nov 2008, Vali Dragnuta wrote: > > > Subliniind sfatul lui Petre de a ignora alte porcarii gen loop-aes > > Citat din Jari Ruusu: > "> Since then, dm-crypt has obviously caught up. > No it has not. Loop-AES still has stronger and better IV computation, and > multi-key mode that reduces amount of data encrypted with one encryption > key. > Try modifying last byte of 512 byte sector, and observe how many 128 bit > ciphertext blocks change; loop-AES: 32, dm-crypt: 1"
Chestia asta la ultimul octet este o problema doar in cazuri extrem de speciale, si chiar si acolo trebuie sa depui suficient efort ca sa te poti folosi de acea problema. Prin comparatie, avantajele luks (integrare, platforma curata de jos pina sus, posibilitatea de a avea mai multe chei si/sau de a le schimba) sint niste avantaje majore. Si daca tot ai dat citate, hai sa-ti dau si eu un citat despre theoderaadtu' care mentine(a) loop-AES : 1). "Two years later I repeated my attempt to encrypt my data by default, this time with loop-AES, a high performance encryption package for Linux. But due to its unrefined coding style, next to the author’s dislike for cooperation, the code was never included into any mainstream Linux project. " 2)." In the first quarter of 2004, Jari Ruusu, the author of loop-AES, imple- mented the water marking attack against the CBC on-disk format both – cryptoloop and dm-crypt – were using. The attack was not taken seriously, especially not by me, as Jari Ruusu had no good reputation and was known to spread more confusion than facts. After new threat models had shown that this attack can be relevant in some situations, I invented ESSIV to remedy the problem. Unfortunately, most Linux users were not well educated with respect to cryptography and were confused from the mixture of correct and unobjective claims Ruusu was still posting to the Linux mailing list. " In fine, recomand acest paper despre luks : http://clemens.endorphin.org/nmihde/nmihde-A4-os.pdf Nu in ultimul rind, as vrea sa mai mentionez urmatoarele : Daca criptez un usb stick cu luks apoi il infig intr-un linux de generatie recenta imi va cere frumos cheia de decriptare inainte de a-l monta automat. Bonus points for grandma-type users. _______________________________________________ RLUG mailing list [email protected] http://lists.lug.ro/mailman/listinfo/rlug
