John Kennedy wrote: > <snip> > I'm sort of looking for an experience-based answer off of the top of > your (or anyone's) head, but we're mixing generalities with math and > crypto (not a good combo). I'm wanting to know how much encrypted- > knowntext you would need to really compromise the serpent password, > which would let you turn around and compromise the rest of the disk. > For what is publicly nown, serpent is secure, no matter what. There are academic attacks against reduced-round versions, but the cipher as defined in the AES paper is secure. Yet that is no guarantee. Tomorrow may see a complete break of serpent, but that is unlikely, of course. Serpent is a 128 bit blockcipher, meaning, you can encrypt many, _many_ Gigabytes with it before you get equal ciphertext blocks, which would give an attacker some hints. So no problems from that front, too. The most probable point of attack is your passphrase. I'd almost bet that it does not contain 128 bits of entropy. and if it is just an English sentence, it would only contain 1.3 bits/char of entropy. If you want to know about the feasibilty of a known-plaintext attack: No such attack is known that is faster than brute force. Yet brute-forcing your passphrase may be well feasible. Does that answer your question? Marc Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
