Re: [-SPAM-] Re: Can you keep a secret? This encrypted drive can...

2006-12-08 Thread Jon Callas
On 5 Dec 2006, at 3:22 PM, Brian Gladman wrote: For AES the round function and key scheduling cost per round are basically the same for both AES-128 and AES-256. In consequence I would expect the speed ratio to be close to the ratio of the number of rounds, which is 14 / 10 or 40%. My

Re: [-SPAM-] Re: Can you keep a secret? This encrypted drive can...

2006-12-06 Thread Brian Gladman
Jon Callas wrote: I just ran a speed test on my laptop. Here are some relevant excerpts: CipherKey Size Block Size Enc KB/sec Dec KB/sec -- -- -- IDEA 128 bits 8 bytes 24032.0924030.66 3DES 192 bits 8 bytes

Re: Can you keep a secret? This encrypted drive can...

2006-12-05 Thread Jon Callas
I just ran a speed test on my laptop. Here are some relevant excerpts: CipherKey Size Block Size Enc KB/sec Dec KB/sec -- -- -- IDEA 128 bits 8 bytes 24032.0924030.66 3DES 192 bits 8 bytes 10387.6710399.30 CAST5

Re: Can you keep a secret? This encrypted drive can...

2006-12-04 Thread Marcos el Ruptor
Compared to AES-128, AES-256 is 140% of the rounds to encrypt 200% as much data. So when implemented in hardware, AES-256 is substantially faster. Excuse me, AES-256 has the same block size as AES-128, that is 128 bits. It's in fact slower, not faster, and in hardware it also occupies a

Re: Can you keep a secret? This encrypted drive can...

2006-12-04 Thread Alexander Klimov
On Sun, 3 Dec 2006, David Johnston wrote: Moreover, AES-256 is 20-ish percent slower than AES-128. Compared to AES-128, AES-256 is 140% of the rounds to encrypt 200% as much data. So when implemented in hardware, AES-256 is substantially faster. AES-256 means AES with 128-bit block and

Re: [-SPAM-] Re: Can you keep a secret? This encrypted drive can...

2006-12-04 Thread Brian Gladman
David Johnston wrote: Jon Callas wrote: Moreover, AES-256 is 20-ish percent slower than AES-128. Compared to AES-128, AES-256 is 140% of the rounds to encrypt 200% as much data. So when implemented in hardware, AES-256 is substantially faster. AES-256 does not encrypt any more data per

Re: Can you keep a secret? This encrypted drive can...

2006-12-04 Thread David Johnston
Leichter, Jerry wrote: | Jon Callas wrote: | | | Moreover, AES-256 is 20-ish percent slower than AES-128. | Compared to AES-128, AES-256 is 140% of the rounds to encrypt 200% as much | data. AES-256 has a 256-bit key but exactly the same 128-bit block as AES-128 (and AES-192, for that

Re: Can you keep a secret? This encrypted drive can...

2006-12-03 Thread David Johnston
Jon Callas wrote: Moreover, AES-256 is 20-ish percent slower than AES-128. Compared to AES-128, AES-256 is 140% of the rounds to encrypt 200% as much data. So when implemented in hardware, AES-256 is substantially faster. AES-256 - 18.26 bits per round AES-128 - 12.8 bits per round I

Re: Can you keep a secret? This encrypted drive can...

2006-11-12 Thread bear
On Mon, 6 Nov 2006, Derek Atkins wrote: Quoting Leichter, Jerry [EMAIL PROTECTED]: Just wondering about this little piece. How did we get to 256-bit AES as a requirement? Just what threat out there justifies it? It's a management requirement. The manager sees AES128 and AES256 and

Re: Can you keep a secret? This encrypted drive can...

2006-11-10 Thread Greg Rose
At 17:58 -0500 2006/11/08, Leichter, Jerry wrote: No, SHA-1 is holding on (by a thread) because of differences in the details of the algorithm - details it shares with SHA-256. I don't think anyone will seriously argue that if SHA-1 is shown to be as vulnerable as we now know ND5 to be, then

Re: Can you keep a secret? This encrypted drive can...

2006-11-10 Thread Alexander Klimov
On Wed, 8 Nov 2006, Travis H. wrote: On Wed, Nov 08, 2006 at 05:58:41PM -0500, Leichter, Jerry wrote: Sorry, that doesn't make any sense. If your HWRNG leaks 64 bits, you might as well assume it leaks 256. When it comes to leaks of this sort, the only interesting numbers are 0 and all.

Re: Can you keep a secret? This encrypted drive can...

2006-11-08 Thread Jon Callas
Just wondering about this little piece. How did we get to 256-bit AES as a requirement? Just what threat out there justifies it? There's no conceivable brute-force attack against 128-bit AES as far out as we can see, so we're presumably begin paranoid about an analytic attack. But is there

Re: Can you keep a secret? This encrypted drive can...

2006-11-08 Thread Leichter, Jerry
| | Just wondering about this little piece. How did we get to 256-bit | | AES as a requirement? Just what threat out there justifies it? ... | | I can see it as useful if some bits of the key got leaked somehow. | For example, if you're using a HWRNG to generate keys, and it's | bits are

Re: Can you keep a secret? This encrypted drive can...

2006-11-08 Thread Leichter, Jerry
| On Wed, Nov 08, 2006 at 05:58:41PM -0500, Leichter, Jerry wrote: | Sorry, that doesn't make any sense. If your HWRNG leaks 64 bits, | you might as well assume it leaks 256. When it comes to leaks of | this sort, the only interesting numbers are 0 and all. | | Nonsense. I can cite numerous

Re: Can you keep a secret? This encrypted drive can...

2006-11-07 Thread Derek Atkins
Quoting Leichter, Jerry [EMAIL PROTECTED]: | ...Compusec is great for home / personal use. It is cheap i.e. $0.00 | (Free), and does not slow down the computer as much as the other | products. But that is because it only support 128 bit AES, which is a | major drawback as most enterprise

Re: Can you keep a secret? This encrypted drive can...

2006-11-07 Thread Peter Gutmann
Saqib Ali [EMAIL PROTECTED] writes: I compile a lot of software on my laptop, and I *certainly notice* the difference between my office laptop (no encryption) and my travel laptop (with FDE). The laptops are exactly the same, with the same image loaded. The only difference is the FDE software

Re: Can you keep a secret? This encrypted drive can...

2006-11-07 Thread Alexander Klimov
On Tue, 7 Nov 2006, Peter Gutmann wrote: Saqib Ali [EMAIL PROTECTED] writes: I compile a lot of software on my laptop, and I *certainly notice* the difference between my office laptop (no encryption) and my travel laptop (with FDE). The laptops are exactly the same, with the same image

Re: Can you keep a secret? This encrypted drive can...

2006-11-07 Thread Saqib Ali
Hello Alexander, My guess is that slow compilation is a result of access time misconfiguration: if a filesystem has access time enabled, then each time a file is read, the file system updates access time on disk. A solution is to set noatime option on the filesystem used for compilation. This

Re: Can you keep a secret? This encrypted drive can...

2006-11-07 Thread Peter Gutmann
Saqib Ali [EMAIL PROTECTED] writes: My guess is that slow compilation is a result of access time misconfiguration: if a filesystem has access time enabled, then each time a file is read, the file system updates access time on disk. A solution is to set noatime option on the filesystem used

Re: Can you keep a secret? This encrypted drive can...

2006-11-07 Thread Leichter, Jerry
| | ...Compusec is great for home / personal use. It is cheap i.e. $0.00 | | (Free), and does not slow down the computer as much as the other | | products. But that is because it only support 128 bit AES, which is a | | major drawback as most enterprise settings require at least 256 bit | |

RE: Can you keep a secret? This encrypted drive can...

2006-11-07 Thread dave kleiman
-Original Message- From: Saqib Ali [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 07, 2006 08:16 Hello Alexander, My guess is that slow compilation is a result of access time misconfiguration: if a filesystem has access time enabled,

Re: Can you keep a secret? This encrypted drive can...

2006-11-06 Thread Saqib Ali
I compile a lot of software on my laptop, and I *certainly notice* the difference between my office laptop (no encryption) and my travel laptop (with FDE). The laptops are exactly the same, with the same image loaded. The only difference is the FDE software that is installed on the travel laptop.

Re: Can you keep a secret? This encrypted drive can...

2006-11-06 Thread Peter Gutmann
Alexander Klimov [EMAIL PROTECTED] writes: If a PC is used by an interactive user, it is irrelevant how much access time is increased, as far as the user cannot see a difference without a timer. Several times I have read that disk encryption is not noticeable. I agree that in most cases the

Re: Can you keep a secret? This encrypted drive can...

2006-11-06 Thread Ralf Senderek
On Thu, 2 Nov 2006, Alexander Klimov wrote: I guess many people here have tried full disk encryption for themselves, do you notice any difference in performance or not? Yes and no! I use dm-crypt on a Linux laptop with FC5. On the encrypted filesystem: # df /dev/mapper/secure 309895

Re: Can you keep a secret? This encrypted drive can...

2006-11-06 Thread Jonathan Thornburg
On Thu, 2 Nov 2006, Alexander Klimov wrote: I guess many people here have tried full disk encryption for themselves, do you notice any difference in performance or not? I've been using Matt Blaze's CFS (cryptographic file system) to encrypt personal E-mail archives since 1994 or so. CFS is

Re: Can you keep a secret? This encrypted drive can...

2006-11-06 Thread Leichter, Jerry
| ...Compusec is great for home / personal use. It is cheap i.e. $0.00 | (Free), and does not slow down the computer as much as the other | products. But that is because it only support 128 bit AES, which is a | major drawback as most enterprise settings require at least 256 bit | AES Just

Re: Can you keep a secret? This encrypted drive can...

2006-11-06 Thread Jason Holt
On Sat, 4 Nov 2006, Ralf Senderek wrote: On the unencrypted filesystem: # time dd if=/dev/zero of=cryptogram bs=1MB count=50 50+0 records in 50+0 records out 5000 bytes (50 MB) copied, 0.216106 seconds, 231 MB/s real0m0.257s user0m0.000s sys 0m0.252s Unless you have a disk

Re: Can you keep a secret? This encrypted drive can...

2006-11-03 Thread Alexander Klimov
On Wed, 1 Nov 2006, Saqib Ali wrote: Well for one thing, any software based FDE is extremely slow, doubles the file access times, and is a serious drain on the laptop battery. If a PC is used by an interactive user, it is irrelevant how much access time is increased, as far as the user cannot

Re: Can you keep a secret? This encrypted drive can...

2006-11-03 Thread Steven M. Bellovin
On Thu, 02 Nov 2006 10:42:29 -0500, Ivan Krsti? [EMAIL PROTECTED] wrote: Adam Shostack wrote: Just a nit: as I understand things, Bitlocker is available, but not on, by default. Someone needs to actively flip a switch to make it go. Ah, okay. The notes I jotted down from MacIver's

Re: Can you keep a secret? This encrypted drive can...

2006-11-02 Thread Saqib Ali
Well for one thing, any software based FDE is extremely slow, doubles the file access times, and is a serious drain on the laptop battery. See the URL below for a software based FDE benchmark/analysis: http://www.xml-dev.com/blog/index.php?action=viewtopicid=250 What if the encryption key for

Re: Can you keep a secret? This encrypted drive can...

2006-11-02 Thread Adam Shostack
On Tue, Oct 31, 2006 at 06:50:20PM -0500, Ivan Krsti?? wrote: | On the other hand, Vista is shipping with BitLocker enabled by default | in the upper editions (Enterprise or somesuch), and doesn't rely on Just a nit: as I understand things, Bitlocker is available, but not on, by default.

Re: Can you keep a secret? This encrypted drive can...

2006-11-02 Thread Ivan Krstić
Adam Shostack wrote: Just a nit: as I understand things, Bitlocker is available, but not on, by default. Someone needs to actively flip a switch to make it go. Ah, okay. The notes I jotted down from MacIver's talk at HITB in Malaysia indicate he said it was on by default in the upper

Re: Can you keep a secret? This encrypted drive can...

2006-11-01 Thread Ivan Krstić
Saqib Ali wrote: http://www.infoworld.com/article/06/10/30/HNseagateagain_1.html Notably, none of the three articles mention Vista's BitLocker, which provides FDE in software and establishes trust via a TPM chip. (For those who haven't heard about it, BitLocker also uses a clever diffuser that

Re: Can you keep a secret? This encrypted drive can...

2006-11-01 Thread Damien Miller
On Mon, 30 Oct 2006, Saqib Ali wrote: http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2006/10/30/BUGU2M1ETT1.DTLtype=printable http://www.theglobeandmail.com/servlet/story/RTGAM.20061030.wharddrive1029/BNStory/Front/?page=rssid=RTGAM.20061030.wharddrive1029

Can you keep a secret? This encrypted drive can...

2006-10-31 Thread Saqib Ali
http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2006/10/30/BUGU2M1ETT1.DTLtype=printable http://www.theglobeandmail.com/servlet/story/RTGAM.20061030.wharddrive1029/BNStory/Front/?page=rssid=RTGAM.20061030.wharddrive1029