On Mon, Sep 17, 2007 at 12:48:57AM -0400, Eric St-Laurent wrote: > Hi, > > What are the currently recommended settings for an encrypted volume? > > This seem common: > > -c aes-cbc-essiv:sha256 -h sha256 -s 256 -y > > I've seen this which "looks" better: > > -c aes-lrw-benbi -h sha256 -s 384 -y > > > Is the lrw mode working great and a obvious improvement over essiv? > > (I'm not a crypto expert by any mean, I've just seen some > "hype" about lrw on the web) ESSIV and lrw are both sedcure against "detection patterns" embedded in the data. The only thing ESSIV is insecure against is, AFAIK, that you can detect file changes on a sub-sector level if they happen towards the end of a sector. lrw fixes that, i.e. you can only tell that a disk-block was changed, but not how much of it. For many practical applications, ESSIV and LRW should be equally secure. Note that with both you have absolutely no leaking of the contens of the plain data, just some leakage about changes. Even aes-cbc-plain is secure in most cases, the main risk here is that an attacker can recognize specially prepared files in the encrypted data. Again, an attacker cannot deduce anything abut data you prepared. Arno -- Arno Wagner, Dipl. Inform., CISSP --- CSG, ETH Zurich, wagner@xxxxxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
