On Sun, Jun 02, 2002 at 09:47:36PM -0700, Ryan wrote: > I've set myself up encrypted swap, and am wondering which cipher will be > fastest.
Hrm, I'd test them yourself, I've seen numerous benchmarks, particularly in sci.crypt. It depends quite a bit on your implementation and hardware. I'd guess blowfish would be fastest since it was designed to be fast with 32 bit cpu's, avoiding things like the DES proclivity for bit ops. > My choices are AES, serpent, twofish, or blowfish. I tried out xor too, but > It looked like it was SEVERLY vunerable to a plaintext attack (creating a new > swapfile to caculate the xor key). Xor is 100% secure if your key is as long as your data, otherwise known as the otp = one time pad. If it's less, it is indeed rather easy to break. > Why bother encrypting my swap? Losta passwords go in there in plaintext, > easily recoverable with a boot disk. Hrm, I'd argue that this isn't true. Many applications specifically pin pages so they aren't swappable (I.e. ssh). Not to mention a healthy linux box shouldn't be swapping bins out to disk while they are being actively used. Have you ever found a password there? A much faster method might be to zero out your swap on shutdown. > And if anyone wants it, I wrote a simple shell script to configure an > encrypted loopback file with a random password, create a swap filesystem on > it, and mount it as swap. Cool, hack, might want to check out, hrm, tin foil linux. It's a boot disk for the very paranoid. It allows typing in a secure passphrase even if the keyboard is tapped. It adjusts contrast to make sniffing the monitor remotely maximally hard, it doesn't use any binaries from the local disk (to protect against trojans), and may take other precautions as well, i.e. random processes, random activity, random bus transfers etc. I've pondered the truely paranoid approach of encrypting ALL files, using a private key stores in an ibutton, if something ever happens and you want to secure your files forever just destroy the ibutton. I've yet to even get my ibutton working to store my ssh passphrase. I saw tin foil or similar single floppy distribution mentioned at Codecon 2002. -- Bill Broadley Mathematics/Institute of Theoretical Dynamics UC Davis _______________________________________________ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
