Rob McGee wrote: > I'm no cryptographer nor mathematician, but ISTM that having only one > algorithm potentially helps an attacker, because there's only that one > to contend with. You can look at the system and see which project is in > use, and if it's Loop-AES you know with high probability that any large > incomprehensible file could be an AES loop container. But if its Crypto > API, you have to consider all the alternatives too. And in the crypto > world you have to think about the future: algorithms might be cracked, > computing power might make brute force attacks feasible. Encryption type is almost always specified in /etc/fstab options, so even when multiple algorithms are used, an attacker would know the algorithm anyway. Security comes from keeping the _key_ secret (but you knew that). > Jari, I personally would be more interested in your project with the > choice of at least one other algorithm, and if it could coexist with > the kernel's loop driver. Loop-AES' loop.o module is a replacement for kernel's loop.o module. It does everything standard loop driver does, and that includes letting other modules register new cipher transfer functions. Only AES transfer is pre-registered. Regards, Jari Ruusu <jari.ruusu@xxxxxxxxxx> Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
