On Monday 03 June 2002 08:25 pm, Bill Broadley wrote: > On Sun, Jun 02, 2002 at 09:47:36PM -0700, Ryan wrote: > > I've set myself up encrypted swap, and am wondering which cipher will be > > fastest. > > Hrm, I'd test them yourself, I've seen numerous benchmarks, particularly > in sci.crypt. It depends quite a bit on your implementation and hardware. > > I'd guess blowfish would be fastest since it was designed to be fast > with 32 bit cpu's, avoiding things like the DES proclivity for bit ops.
I poked around a bit, and it looks like AES and twofish use the fewest CPU cycles..... > > My choices are AES, serpent, twofish, or blowfish. I tried out xor too, > > but It looked like it was SEVERLY vunerable to a plaintext attack > > (creating a new swapfile to caculate the xor key). > > Xor is 100% secure if your key is as long as your data, otherwise known > as the otp = one time pad. If it's less, it is indeed rather easy to > break. Thought so. Using a one time pad for swap is usless due to memory requirements..... > > Why bother encrypting my swap? Losta passwords go in there in plaintext, > > easily recoverable with a boot disk. > > Hrm, I'd argue that this isn't true. Many applications specifically pin > pages so they aren't swappable (I.e. ssh). Not to mention a healthy linux > box shouldn't be swapping bins out to disk while they are being > actively used. Have you ever found a password there? Yea, I grep'ed it for fragments of several passwords I use and found them. > A much faster method might be to zero out your swap on shutdown. Wouldn't be zeroed out on a dirty shutdown. > > And if anyone wants it, I wrote a simple shell script to configure an > > encrypted loopback file with a random password, create a swap filesystem > > on it, and mount it as swap. > > Cool, hack, might want to check out, hrm, tin foil linux. It's a boot disk > for the very paranoid. It allows typing in a secure passphrase even if > the keyboard is tapped. It adjusts contrast to make sniffing the monitor > remotely maximally hard, it doesn't use any binaries from the local disk > (to protect against trojans), and may take other precautions as well, > i.e. random processes, random activity, random bus transfers etc. I want my system to usable, my only concern is my brother or a nosy repair tech. > I've pondered the truely paranoid approach of encrypting ALL files, using > a private key stores in an ibutton, if something ever happens and you want > to secure your files forever just destroy the ibutton. I'm able to memorize fairly long passwords of random garbage... My password for stuff I want secure (pgp private key, disks) is over 200 bits of random garbage (counting 6.5 bits per char) _______________________________________________ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
