| View previous topic :: View next topic |
| Author |
Message |
Sujao
l33t
Joined: 25 Sep 2004
Posts: 677
Location: Germany
|
 Posted: Sun May 08, 2005 3:54 pm Post subject: some questions about hdd encryption |
 |
|
Hi all,
I would like to present you my concept of hdd encryption and ask you for advice.
I want to encrypt my drive with AES-128. The Key is going to be a hash made with ripemd160. The lengt/complexity of the passphrase is irrelevant as I will only save the hash. Actually I just need a string for key that fits the encryption algorithm best. Is there any possibility to "optimize" a key? If I use AES-128 the keys length is exactly 128-bit, right?
This key will be encrypted again with AES or Blowfish. The key will be the hash of a human-rememberable passphrase. This hash will be saved unencrypted on a storage device. As here only a short string needs to be encrypted I can use a much more complex hash-algorithm. Is there any use of taking something else than ripemd160? Would ripemd320 make a difference?(I dont want to take SHA-1 as I heard that ripemd160 is more seucre, correct me if I am wrong)
At booting the user will be prompted for a passphrase that then willl decrypt the key which will be used for decrypting the harddrive. This way I can change the human-passphrase without reencrypting my data.
What do you thing about this concept? Any improvents? Any security flaws?
Thank you for your time! |
|
| Back to top |
|
 |
nx12
Apprentice
Joined: 14 Jan 2004
Posts: 193
|
|
| Back to top |
|
|
Sujao
l33t
Joined: 25 Sep 2004
Posts: 677
Location: Germany
|
| Posted: Sun May 08, 2005 5:54 pm Post subject: |
|
|
| Thx, but I didnt ask "how" to do it. I already know that. I already used the search some days ago and found some HowTo's. My questions are more about the algorithms themselves and this specific concepts. See bold questions. I also read the some articles about aes, sha, ripemd on wikipedia but didnt find an answer for some specific questions. Again, thx for answering the "optimize key" question. |
|
| Back to top |
|
|
nx12
Apprentice
Joined: 14 Jan 2004
Posts: 193
|
| Posted: Sun May 08, 2005 9:01 pm Post subject: |
|
|
Here are some comparisons I found on my hd.
| Code: |
Block read/write, 1MB block size, 1GB total, 2GHz Athlon, 40 GB WDC WD400EB-00CPF0
read read write write
plain plain
total 26.96 total 33.89
sys 3.046 sys 2.623
37.98 MB/s 30.21 MB/s
AES-i586-128 AES-i586-256 AES-i586-128 AES-i586-256
total 40.96 total 43.40 total 35.15 total 35.65
sys 3.36 sys 3.20 sys 25.21 sys 11.37
25.00 MB/s 23.59 MB/s 29.13 MB/s 28.72 MB/s
Serpent-128 Serpent-256 Serpent-128 Serpent-256
total 47.81 total 47.69 total 40.79 total 40.93
sys 3.37 sys 3.23 sys 6.35 sys 6.18
21.41 MB/s 21.47 MB/s 25.10 MB/s 25.01 MB/s
Twofish-128 Twofish-256 Twofish-128 Twofish-256
total 47.70 total 47.82 total 42.81 total 42.90
sys 3.48 sys 3.37 sys 12.62 sys 12.86
21.46 MB/s 21.41 MB/s 23.91 MB/s 23.86 MB/s
Blowfish-128 Blowfish-256 Blowfish-128 Blowfish-256
total 53.02 total 53.18 total 50.69 total 50.65
sys 3.43 sys 3.38 sys 14.91 sys 14.91
19.31 MB/s 19.26 MB/s 20.20 MB/s 20.21 MB/s
AES-128 AES-256 AES-128 AES-256
total 50.57 total 59.10 total 46.49 total 52.61
sys 3.28 sys 3.26 sys 13.99 sys 15.46
20.24 MB/s 17.32 MB/s 22.02 MB/s 19.46 MB/s
DES-64 3-DES-192 DES-64 3-DES-192
total 64.65 total 125.62 total 68.24 total 125.48
sys 3.32 sys 3.53 sys 18.91 sys 34.11
15.84 MB/s 8.15 MB/s 15.00 MB/s 8.16 MB/s
Conclusions:
- The speed of Twofish, Blowfish and Serpent is not affected by keysize
- DES and Triple-DES are completely outdated
- DES is not secure, keys are simply too short
- Assembler-optimized code (AES-i586) really makes a difference
In recent versions of Linux (2.6.8 or newer) AES-i586 has been included.
When compiling for an x86-CPU >=i586 it will be used instead of the default implementation. |
I don't know if use of ripemd320 will give you much more security.
About improvements:.. I can advise you to put /home, /etc and /var on separate partitions, so you could comparatively painlessly re-encrypt them from time to time, because if someone will copy your unencrypted boot toolchain and get a users boot-pass all your data will be compromised, as the root-device-key will be gained. Thus you should periodically re-encrypt at least /etc and /home.
Personally I'd recommend to get some smart-card authentication, but it's expensive and not so flexible.
EDIT: Sorry for messed formatting, hope it's still readable.
_________________
signature sucks |
|
| Back to top |
|
|
Sujao
l33t
Joined: 25 Sep 2004
Posts: 677
Location: Germany
|
| Posted: Sun May 08, 2005 10:16 pm Post subject: |
|
|
Yeah, I've seen this comparison somewhere, too. Although the differnce between AES-128 and AES-256 is really marginal I wonder whether there is any reason I should take 256bit.
Lets consider a 128bit key.
2^128=3.402823e+38 (amount of key-variations)
Assuming somebody would have 1000 super-chips that could tests 10 billion keys per second respectively you would still need:
2^128 / 1000 / 10.000.000.000 / 3600 / 24 / 365 =
1.0790E18 = 1.079.000.000.000.000.000 years to test all keys.
And if we assume that the cracker would be damn lucky and he would find the correct key already after 1/100 of all combinations, he would still need:
10.790.000.000.000.000 years.
OK lets go even further. Some mathematician discovers a flaw in the algorith and decreases the complexity of the brute force by 10^20.
The cracker would still need 10 years.
So why take a 256-bit key? Is it just to be extra-paranoid-safe or is it the same like buying yourself a 600W power supply because "modern hardware needs that much"?
| nx12 wrote: | | ....because if someone will copy your unencrypted boot toolchain and get a users boot-pass all your data will be compromised, as the root-device-key will be gained. Thus you should periodically re-encrypt at least /etc and /home. |
hmm...I dont quite understand you? What to you mean by boot toolchain? How would he get the users boot-pass? It's not saved anywhere except RAM or maybe SWAP. |
|
| Back to top |
|
|
nx12
Apprentice
Joined: 14 Jan 2004
Posts: 193
|
| Posted: Sun May 08, 2005 11:50 pm Post subject: |
|
|
| Sujao wrote: |
hmm...I dont quite understand you? What to you mean by boot toolchain? How would he get the users boot-pass? It's not saved anywhere except RAM or maybe SWAP. |
I meant you'll need some unencrypted libs and apps to boot the kernel, ask the password and pass the key/generate the key as a boot option. So the attacker can copy it and possibly, having eavesdropped or obtained by some other way users password, can get the key the root partition was encrypted with. After that he can simply load your box with any live-cd or connect your hdd to his box and in 15 minutes have all your data copied or put some malware somewhere in your setup.
Well, what about difference between aes-128 and aes-256, it must depend on the password strength also, I mean assuming you use 6 lowercase letters/dictionary word it won't take much time to sort out the hash. And considering that total majoity of lusers genetically can't remember anything longer than there birthdate in digits, you are out of luck here, cause anything longer they write down and stick on the monitor.
_________________
signature sucks |
|
| Back to top |
|
|
Sujao
l33t
Joined: 25 Sep 2004
Posts: 677
Location: Germany
|
| Posted: Mon May 09, 2005 1:56 pm Post subject: |
|
|
Hmm OK, there is always that risk of being eavedropped but this risk is there on every system. And yes he has acces to the boo partition and the kernel and the boot manager as they are not encrypted but thats why I encrypt my root partition. And the key is not saved on boot but on some other storage device. So the user or the root password are irrelevant cause their hash is saved on a encrypted partition.
The only risk I see is that somebody can enter my system through the network and then somehow extracts the key from RAM. But this is a problem EVERY system has unless its offline.
The actual key for the partition will be 128-bit long and saved on a storage device so it will be 16 characters long (128bit). the key for the encrypted key will be also 128 bit long and 16 chars long. As I had a 14char root-password before I dont think it will be a problem remembering a 16char password. I am young and my brain is still able to learn and remember.  |
|
| Back to top |
|
|
|
Networking & Security
