Thomas wrote: > I'm new to LUKS and I wonder if it makes sense to cascade LUKS devices > with different ciphers, i.e. a Serpent over an AES over a Twofish > device. The idea is if one of the ciphers is broken in the future, the > data is still secure as long as the other ciphers are good. Does this > work and really increase security? Or does it decrease security in the > end? >From technical piont of view (not security): Truecrypt use this (using dm-crypt backend in Linux), so the kernel side allows it - by simple stacking crypt devices. But cryptsetup utility doesn't support it in one step. You can create LUKS over LUKS but then you need activate it in several steps. (and there are several LUKS headers). Anyway, the performance penalty will be not ideal for this mapping. Milan -- mbroz@xxxxxxxxxx --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
