encryption dillemmas

[kamilsok]

Hello

While planning a new system deployment I got stuck with some dilemmas considering drive encryption hence a couple of question/thoughts that I hope You guys will help with.

Let me start with why do I want/need encryption.. I plan to perform some heavy development (hardware, software) along with system/server config's testing on this machine (which is in fact a notebook) and I don't want anybody to be able to retrieve any source or config files when the PC is scraped (or get's stolen or confiscated or whatever..).

Currently I'm considering 3 encryption schemes:

1. Whole drive encryption (excluding /boot) using one of 3 ciphers (AES, Twofish or Serpent)

partitions scheme

[John R. Graham]

Regarding using different ciphers, the work factor increase isn't that much. Let's make some assumptions for the sake of argument:

• The two ciphers are of equal key length.
  
• The two ciphers are of equivalent strength (i.e., they're equally hard to crack).

If either one of those assumptions is not true, then having two different ciphers actually weakens your protection. Why not just use the stronger one, right?

So, for the worst case (i.e., least efficient) attack—exhaustion—using two ciphers increases the best case work factor by 2, which is equivalent to increasing the key size by one single bit. But, you achieve the same thing—and, in practice, more—by using different keys on the different partitions. My advice would be, if you want to increase the robustness of your protection, choose the best cipher (by your criteria) and then use as many different keys as makes you comfortable. Different ciphers without different keys may not actually increase the work factor very much because, once the key is discovered for one partition, it's pretty easy to try that key with all the different ciphers on the other partition.

The "best" cipher for you may be:

• The strongest that isn't too slow, or
  
• The fastest that isn't too weak.

In summary, different ciphers don't buy you that much just by being different. Different keys potentially buy you something. The weakest point in your system is likely going to be outside of both of those choices and lie realm of key management anyway: how do you protect the keys?

- John
_________________
I can confirm that I have received between 0 and 499 National Security Letters.

[kamilsok]

Using two different ciphers seamed adequate because of the performance differences between Serpent (most secure) and AES (fastest). I would choose Serpent if I wasn't worried about the performance (hence usability) gap for i.e. compilation in tmp dir's. Unfortunately the above assumptions are based only on web-sourced benchmarks, not on tests performed on my platform. Maybe the gap between the two would be minimal and considered a non-factor for my every day work but currently I don't have time for such thorough testing.

As for key mgmt I was planning on storing encrypted keys for each partition in a loopback device (best usability:security ratio as far as my insight on the subject goes) plus adding a pass-phrase as second, "backup" option.
_________________
"If you are using Linux as a development platform, do not skip first learning administration and security. It is a foolish programmer indeed who is not master of his or her own computer"