hello, I'd like to know how Loop-AES (used with mulitkey mode, key stored on external media, root directory encrypted and booting from CD-ROM) and PPDD compare in terms of security. In the PPDD documentation, Allan states that "the first 1024 bytes of the file are reserved for keys and other control information and are never read or written by the device.[...] In the encrypted part of the block are the keys for the database and iv data needed for the encryption process. [...] The key derived from the master pass phrase is held in the block and is encrypted with the key derived from the working pass phrase." So, is the key actually stored on disk? Furthermore, PPDD seems to use 17 randomly generated keys, Loop-AES uses 64 AES keys to encrypt/decrypt sectors. Does this automatically mean that Loop-AES is more secure concerning this point? Both PPDD and Loop-AES(gpg) seem to use /dev/urandom or /dev/random. Now, if I want to use another (CS)PRNG, I could use it only with Loop-AES? Loop-AES has the option for password seeding and key iteration count to slow down dictionary attacks. Do you know whether PPDD has a similar protection? I speculate that PPDD has no significant problems with using Blowfish and the 64bit blocksize because this becomes only a problem when encrypting every sector with a single key. PPDD uses this whitening process, to keep the IVs secret. Is there any match in Loop-AES? Dowdeswell/Ioannidis remark that only their cgd uses a secure key generation method (pkcs#5 pbkdf2) and the other approaches (including loop-aes) use a simpler hash transform. How important is that drawback? Maybe these questions are already redundant because PPDD seems to be abandoned. Anyways, if some of you find the time I would be thankful for any hint and things I missed here. Thx for your help in advance. greets, Richard PS: thx to all ppl writing open source crypto :D - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
