Date: Tue, 18 Jan 2011 18:15:50 +0100 From: Roland Smith <rsmith@xs4all.nl> To: freebsd-questions@freebsd.org Subject: Re: harddrive encryption Message-ID: <20110118171550.GA64143@slackbox.erewhon.net> In-Reply-To: <20110118161040.GC76347@libertas.local.camdensoftware.com> References: <4D34A6EF.30600@alokat.org> <20110117225308.GA40523@slackbox.erewhon.net> <AANLkTinruOxi_1FFDZzfhSojk1u%2B_XfGsJkDiSbMOuMW@mail.gmail.com> <20110118070719.GA51692@slackbox.erewhon.net> <20110118161040.GC76347@libertas.local.camdensoftware.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--T4sUOijqQbZv57TR Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jan 18, 2011 at 08:10:40AM -0800, Chip Camden wrote: > It seems prudent to me to reduce the attack surface to that which really > needs to be defended -- "When you defend everything, you defend nothing". > Not to mention avoiding the overhead of encrypting OS files. Indeed. =20 > What do you folks think of the relative merits of AES vs Blowfish for > disk encryption? Neither have been broken with their complete number of rounds. Versions of both can be broken with a reduced number of rounds. See http://www.schneier.com/paper-blowfish-oneyear.html for some analysis of blowfish, and e.g. http://www.schneier.com/paper-rijndael.html for several attacks on Rijndael with reduced rounds. It looks like both are viable choices today. Certainly good enough to prote= ct your data in case of hardware theft. No encryption method is secure against lead-pipe cryptanalysis. [http://www.schlockmercenary.com/2009-10-19] :-) But it seems like a safe bet that there will be more effort spent on breaki= ng AES/Rijndael. Roland --=20 R.F.Smith http://www.xs4all.nl/~rsmith/ [plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated] pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725) --T4sUOijqQbZv57TR Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (FreeBSD) iEYEARECAAYFAk01ysYACgkQEnfvsMMhpyV7hwCfRn+SQyB9IeIaiv/gvHaPiEIK HNAAn2zS40QgLZPZUrRzrFQWQI4shh4f =sJ+w -----END PGP SIGNATURE----- --T4sUOijqQbZv57TR--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110118171550.GA64143>