On Fri, Jul 06, 2001 at 09:26:34PM +0200, peter k. wrote: > > In short: If file crypto is all you need, this package is a hassle free > > replacement for international crypto patch. > > This package provides loadable Linux kernel module (loop.o) that has AES > > cipher built-in. The AES cipher can be used to encrypt local file systems > > and disk partitions. For more information about compiling and using the > > driver, see the README file in the package. > > Features: > > - No source modifications to kernel. No patch hassles when a new version > of > > kernel is released. > > - Works with 2.4, 2.2 and 2.0 kernels. > > - AES cipher is used in CBC mode. Supports 128, 192 and 256 bit keys. > > - Passwords hashed with SHA-256, SHA-384 or SHA-512. > > - 512 byte based IV. IV is immune to variations in transfer size and does > > not depend on file system block size. > i saw that in the readme: "Password string has a minimum length of 20 > characters." > aren't 10 byte passwords enough? i dont like having to learn 20 byte > passwords =( No, 10 byte passwords are NOT enough. Given that they are printable ascii characters and subject to a variety of other entropy reducing issues, a password "byte" is probably only worth about 6 bits of entropy, maybe (probably) less. That gives you only about 60 bits of strength against brute force. Not enough... Rule of thumb... (although all "rules of thumb are bad since they lead to guessible patterns.) Pass WORD is bad. Pass PHRASE is better. Make it several words with number substitutions and odd punctuation. Make at LEAST one word misspelled, especially if the mispelling is one of the numbers. (Example: Wizard -> W122@xx!). The sillier (or obnoxious, or obscene) the better (easier to remember, harder to guess). Basic mnemonics. You won't forget and 1t_wi11-b3=@xxxxxxx)H! t0 gu3ss..! (it will be a bitch to guess) :-) > and which encryption type do you suggest? AES, AES128, AES192 or AES256? > Linux-crypto: cryptography in and on the Linux system > Archive: http://mail.nl.linux.org/linux-crypto/ Mike -- Michael H. Warfield | (770) 985-6132 | mhw@xxxxxxxxxxxx (The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it! Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
