From owner-freebsd-geom@FreeBSD.ORG Mon Sep 24 09:10:26 2007 Return-Path: Delivered-To: freebsd-geom@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 904B616A41B for ; Mon, 24 Sep 2007 09:10:26 +0000 (UTC) (envelope-from news@nermal.rz1.convenimus.net) Received: from mx3.netclusive.de (mx3.netclusive.de [89.110.132.133]) by mx1.freebsd.org (Postfix) with ESMTP id 1AEDB13C44B for ; Mon, 24 Sep 2007 09:10:26 +0000 (UTC) (envelope-from news@nermal.rz1.convenimus.net) Received: from nermal.rz1.convenimus.net (Fdcde.f.ppp-pool.de [195.4.220.222]) (Authenticated sender: ncf1534p2) by mx3.netclusive.de (Postfix) with ESMTP id B7BB3604BDE for ; Mon, 24 Sep 2007 11:10:24 +0200 (CEST) Received: by nermal.rz1.convenimus.net (Postfix, from userid 8) id 84BDC15217; Mon, 24 Sep 2007 11:07:13 +0200 (CEST) To: freebsd-geom@freebsd.org Path: not-for-mail From: Christian Baer Newsgroups: gmane.os.freebsd.devel.geom Date: Mon, 24 Sep 2007 11:07:13 +0200 (CEST) Organization: Convenimus Projekt Lines: 49 Message-ID: References: <200709222256.17692.yarodin@gmail.com> <15188.8009081178$1190592622@news.gmane.org> NNTP-Posting-Host: sunny.rz1.convenimus.net Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Trace: nermal.rz1.convenimus.net 1190624833 88773 192.168.100.5 (24 Sep 2007 09:07:13 GMT) X-Complaints-To: abuse@convenimus.net NNTP-Posting-Date: Mon, 24 Sep 2007 09:07:13 +0000 (UTC) User-Agent: slrn/0.9.8.1 (FreeBSD/6.2-RELEASE-p7 (sparc64)) Subject: Re: Pipes password from kdialog to geli attach X-BeenThere: freebsd-geom@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: GEOM-specific discussions and implementations List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Sep 2007 09:10:26 -0000 On Mon, 24 Sep 2007 00:49:46 +0100 RW wrote: >> Blowfish". Blowfish is much faster than AES, especially with these >> short keylengths. > > Is it? Blowfish is very fast when you use it to encrypt a whole file, > but it deliberately has a high initialization cost to prevent its speed > aiding a brute force attacks against beginning of the ciphertext. I know the problem with the brute force attack - although IMHO you'd probably break it open more quickly if you attacked the passphrase. I gave this suggestion in direct combination with a weak passphrase or password, if only mild security was needed; like keeping love letters safe from your wife/girlfriend. :-) The weaknesses of Blowfish are well known, that is why the Bruce Schneier brought out a new Cypher (Twofish) together with John Kelsey, Doug Whiting, David Wagner, Chris Hall, and Niels Ferguson. > Presumably geli encrypts a sector at a time, so it's not obvious > whether Blowfish is all that fast. Do you know of any Benchmarks for > Blowfish verses AES? There are several out there but although they distinguisch AES128 and AES256, there is only one Blowfish and judging from the speed, I'd say they used a keylength of 448 bits. With such a long key, Blowfish is actually slower than AES - even if you encrypt a large file with it. You're right, geli does encrypt sector by sector. But first of all, the sectors aren't 512 bytes in size, but more like 4096 bytes and second, it doesn't use a new key for every sector. I'm afraid I have no benchmarks for you that will satisfy scientific standards. Older Versions of Truecrypt[1] supported Blowfish (it was removed a while back) and also had a benchmark where Blowfish was always on top - and 3DES always on the bottom. :-) I played around with geli a fair while back, trying AES and Blowfish. On that machine (AMD Tbred 2000) Blowfish was always a lot faster when the key was no longer than 256 bits. I tried that extensively by moving files around (from a non-encrypted provider to an encrypted one). Please don't ask me about the numbers, as I was really only playing around. The installation of a crypto-cárd was always planned and these little buggers are optimized for AES. I'm not even sure if they do anything else. Regards, Chris [1] http://www.truecrypt.org