On Sun, Feb 26, 2012 at 09:29:31PM +0000, Mickael wrote: > [...] > > PS: about point 3: Have you ever thinking adding an option to cryptsetup > to do a benchmark like this: http://www.truecrypt.org/screenshots2 (I > guess everyone build his own one) In fact, with the speed, it will be > great to have an idea about the security level of? each cipher too. But > is it possible to calculate such index ? For example, is the slowest > cipher the most secure ? Unfortunately, no. Ciphers get broken overt time and at some point they become practiclly insecure, depending on attacker model. This means cipher security is always an expert opinion as not all people working on breaking a cipher will publish their results. Then there is another factor: If somebody can break a cipher, for what kind of informatin will they admit they can (by using that nformaton)? And to make matters more complicated, once somebody adits to being able to break a certain cipher, they may also use that capability for things of far lesser worth. Cyrrent advice is to use AES for everything that needs to be secure. The other AES-finalists should also be pretty good and some may be more secure than AES in fact. Not that it matters at this time. Also note that TrueCrypt ffers cobinaton of ciphers where (hopefully) all have to be broken to access the secrets. dm-crypt does not do that, byt you can manyally layer diffent ciphers if you want it. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- One of the painful things about our time is that those who feel certainty are stupid, and those with any imagination and understanding are filled with doubt and indecision. -- Bertrand Russell _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
