Re: Can you keep a secret? This encrypted drive can...
Quoting Leichter, Jerry [EMAIL PROTECTED]: | ...Compusec is great for home / personal use. It is cheap i.e. $0.00 | (Free), and does not slow down the computer as much as the other | products. But that is because it only support 128 bit AES, which is a | major drawback as most enterprise settings require at least 256 bit | AES Just wondering about this little piece. How did we get to 256-bit AES as a requirement? Just what threat out there justifies it? There's no conceivable brute-force attack against 128-bit AES as far out as we can see, so we're presumably begin paranoid about an analytic attack. But is there even the hint of an analytic attack against AES that would (a) provide a practical way in to AES-128; (b) would not provide a practical way into AES-256? What little I've seen in the way of proposed attacks on AES all go after the algebraic structure (with no real success), and that structure is the same in both AES-128 and AES-256. It's a management requirement. The manager sees AES128 and AES256 and thinks 256 must be better than 128 and therefore the edict comes down that AES256 must be used. It's not a technical decision. It's not a decision made by analyzing the threats. It's made purely by assertion, but it's a decision that can't easily be refuted. -- Jerry -derek -- Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory Member, MIT Student Information Processing Board (SIPB) URL: http://web.mit.edu/warlord/PP-ASEL-IA N1NWH [EMAIL PROTECTED]PGP key available - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Can you keep a secret? This encrypted drive can...
Saqib Ali [EMAIL PROTECTED] writes: I compile a lot of software on my laptop, and I *certainly notice* the difference between my office laptop (no encryption) and my travel laptop (with FDE). The laptops are exactly the same, with the same image loaded. The only difference is the FDE software that is installed on the travel laptop. That's because you're doing something that produces worst-case behaviour. The (obvious) solution is the standard don't do that, then. My main development machine builds to a RAM drive, and for some odd reason I don't notice any disk access latency at all. But that is because it only support 128 bit AES, which is a major drawback as most enterprise settings require at least 256 bit AES. Realising the importance of the case, my men are applying twice the usual amount of tinfoil. Peter. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Can you keep a secret? This encrypted drive can...
On Tue, 7 Nov 2006, Peter Gutmann wrote: Saqib Ali [EMAIL PROTECTED] writes: I compile a lot of software on my laptop, and I *certainly notice* the difference between my office laptop (no encryption) and my travel laptop (with FDE). The laptops are exactly the same, with the same image loaded. The only difference is the FDE software that is installed on the travel laptop. That's because you're doing something that produces worst-case behaviour. The (obvious) solution is the standard don't do that, then. My main development machine builds to a RAM drive, and for some odd reason I don't notice any disk access latency at all. I am not sure that compilation is worst case for disk performance: once system compiled the first file, the compiler and most of .h files are in RAM and should not be fetched from disk. Note that RAM of modern computers is large enough to store all the source code of a project (except, maybe, openoffice.org). My guess is that slow compilation is a result of access time misconfiguration: if a filesystem has access time enabled, then each time a file is read, the file system updates access time on disk. A solution is to set noatime option on the filesystem used for compilation. A better approach is to mount tmpfs as /tmp, and build in /tmp (for openoffice.org compilation increase size and number of inodes with size and nr_inodes options). -- Regards, ASK P.S. Probably of interest for disk benchmarker: disk performance depends on which cylinders are used, so if one has two partitions (one near the center and another one near the outer edge of the disk) performance on these partitions can be different. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Can you keep a secret? This encrypted drive can...
Hello Alexander, My guess is that slow compilation is a result of access time misconfiguration: if a filesystem has access time enabled, then each time a file is read, the file system updates access time on disk. A solution is to set noatime option on the filesystem used for compilation. This is a good info. Do you how this can be done on windows? P.S. Probably of interest for disk benchmarker: disk performance depends on which cylinders are used, so if one has two partitions (one near the center and another one near the outer edge of the disk) performance on these partitions can be different. Good point. That is why I made sure that I had only 1 partition, and i used the fasted drive in the market available for laptops. :-) saqib http://www.full-disk-encryption.net - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Can you keep a secret? This encrypted drive can...
Saqib Ali [EMAIL PROTECTED] writes: My guess is that slow compilation is a result of access time misconfiguration: if a filesystem has access time enabled, then each time a file is read, the file system updates access time on disk. A solution is to set noatime option on the filesystem used for compilation. This is a good info. Do you how this can be done on windows? HKLM\System\CurrentControlSet\Control\FileSystem\NtfsDisableLastAccessUpdate = 1, but this probably shouldn't be necessary because for temp files Windows will try to avoid creating the file on disk unless it runs out of file buffer memory. Peter. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Can you keep a secret? This encrypted drive can...
| | ...Compusec is great for home / personal use. It is cheap i.e. $0.00 | | (Free), and does not slow down the computer as much as the other | | products. But that is because it only support 128 bit AES, which is a | | major drawback as most enterprise settings require at least 256 bit | | AES | Just wondering about this little piece. How did we get to 256-bit | AES as a requirement? Just what threat out there justifies it? ... | | It's a management requirement. The manager sees AES128 and AES256 | and thinks 256 must be better than 128 and therefore the edict comes | down that AES256 must be used. It's not a technical decision. It's | not a decision made by analyzing the threats. It's made purely | by assertion, but it's a decision that can't easily be refuted. Well, there's a very easy answer to that one: Tell the manager involved that the number is the price. You can have the industrial grade one for 128 bucks, or the one done to MIL specs with gold plating for 256 bucks. :-) -- Jerry - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
RE: Can you keep a secret? This encrypted drive can...
-Original Message- From: Saqib Ali [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 07, 2006 08:16 Hello Alexander, My guess is that slow compilation is a result of access time misconfiguration: if a filesystem has access time enabled, then each time a file is read, the file system updates access time on disk. A solution is to set noatime option on the filesystem used for compilation. This is a good info. Do you how this can be done on windows? It is on page 43 and 44 of a class I did at the last CyberCrime Summit: http://davekleiman.com/Files/HTCIACyberCrimeSummit_For_CD.zip Additionally, I talk about using Log Parser to retrieve information from the filesystem and log files without causing access updates - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
