Arno Wagner wrote:
On Sat, Jun 10, 2006 at 11:10:54PM +0200, Rapha?l Gertz wrote:
Hi,
I am looking one more time here, to replace my cryptoloop
crypted devices, I looked the LUKS and I am playing to integrate on
mandriva and do a proper howto to use it to crypt the / and use of
initrd/initramfs.img
I was wonderning, how is it difficult to put the support for at least
1024/2048 aes key (256bit is realy weak today)
You are confusing things: 256 bit is weak for normal RSA. But it is
very strong for a symmetric block-cipher like AES. In addition, there
is no good way to extend a block-cipher to a key-lenght longer
than it is designed to take.
On the other hand RSA or ElGamal can be done for any key-length.
Plz don't answer "code it", that's my intention, I just want to know the
difficulty, what's missing, if api of luks can handle it yet or not ?
You have not understood the problem or rather is absence. Sorry.
Arno
I might augment Arno's comments with a further clarification.
The strength of an RSA key is based upon the difficulty of factoring
very large numbers. Hence, there is a need for a much larger key size
for RSA than for a symmetric cipher like AES.
The strength of the key size in a symmetric cipher is the assumption
that it would require a brute force attack of 2^keysize attempts to
break the cipher.
Prior work has suggested that for the purpose of difficulty comparisons,
a 1024 bit RSA key size would be roughly equivalent to a 80 bit
symmetric key size.
More information on that work is here:
http://www.rsasecurity.com/rsalabs/node.asp?id=2004
and more information on AES is here:
http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
HTH,
Marc Schwartz
---------------------------------------------------------------------
- http://www.saout.de/misc/dm-crypt/
To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx
For additional commands, e-mail: dm-crypt-help@xxxxxxxx