Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
encryption dillemmas
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
kamilsok
n00b
n00b


Joined: 02 Mar 2010
Posts: 57
Location: Gdynia

PostPosted: Thu Sep 20, 2012 11:12 am    Post subject: encryption dillemmas Reply with quote

Hello

While planning a new system deployment I got stuck with some dilemmas considering drive encryption hence a couple of question/thoughts that I hope You guys will help with.

Let me start with why do I want/need encryption.. I plan to perform some heavy development (hardware, software) along with system/server config's testing on this machine (which is in fact a notebook) and I don't want anybody to be able to retrieve any source or config files when the PC is scraped (or get's stolen or confiscated or whatever..).

Currently I'm considering 3 encryption schemes:

1. Whole drive encryption (excluding /boot) using one of 3 ciphers (AES, Twofish or Serpent)

partitions scheme
Code:
sda1        /boot                        # no encryption
sda2                                       # encrypted with the best security/performance compromise between the mentioned ciphers
        lvm


2. Whole drive encryption (excluding /boot) with ciphers dedicated per partition

partitions scheme
Code:
sda1        /boot                        # no encryption
sda2                                       # mostly static/shareable, encrypted with Serpent/Twofish (security)
        lvm1
                /
                /usr
                /opt
                /home
sda3                                       # mostly variable/unshareable, encrypted with AES (performance)
        lvm2
                swap
                /var
                /tmp


3. Only chosen partitions encryption
- considering swap, /tmp, /var, /var/tmp and /home


Questions
- is encrypting several partitions with different ciphers possible/worth the "money"?
- will encrypting several partitions with different ciphers have any (if so how significant) impact on performance?
- will different patterns for encrypted data be visible (or could be caught)? (don't think so but You never know)
- as an option I'm also considering 3 encrypted physical partitions (placing /usr on a separate partition with lvm and encrypting with Twofish).. would this add some value?
_________________
"If you are using Linux as a development platform, do not skip first learning administration and security. It is a foolish programmer indeed who is not master of his or her own computer"
Back to top
View user's profile Send private message
John R. Graham
Administrator
Administrator


Joined: 08 Mar 2005
Posts: 7778
Location: Somewhere over Atlanta, Georgia

PostPosted: Thu Sep 20, 2012 12:03 pm    Post subject: Reply with quote

Regarding using different ciphers, the work factor increase isn't that much. Let's make some assumptions for the sake of argument:
  • The two ciphers are of equal key length.
  • The two ciphers are of equivalent strength (i.e., they're equally hard to crack).
If either one of those assumptions is not true, then having two different ciphers actually weakens your protection. Why not just use the stronger one, right?

So, for the worst case (i.e., least efficient) attack—exhaustion—using two ciphers increases the best case work factor by 2, which is equivalent to increasing the key size by one single bit. But, you achieve the same thing—and, in practice, more—by using different keys on the different partitions. My advice would be, if you want to increase the robustness of your protection, choose the best cipher (by your criteria) and then use as many different keys as makes you comfortable. Different ciphers without different keys may not actually increase the work factor very much because, once the key is discovered for one partition, it's pretty easy to try that key with all the different ciphers on the other partition.

The "best" cipher for you may be:
  • The strongest that isn't too slow, or
  • The fastest that isn't too weak.
In summary, different ciphers don't buy you that much just by being different. Different keys potentially buy you something. The weakest point in your system is likely going to be outside of both of those choices and lie realm of key management anyway: how do you protect the keys?

- John
_________________
This space intentionally left blank.
Back to top
View user's profile Send private message
kamilsok
n00b
n00b


Joined: 02 Mar 2010
Posts: 57
Location: Gdynia

PostPosted: Thu Sep 20, 2012 3:02 pm    Post subject: Reply with quote

Using two different ciphers seamed adequate because of the performance differences between Serpent (most secure) and AES (fastest). I would choose Serpent if I wasn't worried about the performance (hence usability) gap for i.e. compilation in tmp dir's. Unfortunately the above assumptions are based only on web-sourced benchmarks, not on tests performed on my platform. Maybe the gap between the two would be minimal and considered a non-factor for my every day work but currently I don't have time for such thorough testing.

As for key mgmt I was planning on storing encrypted keys for each partition in a loopback device (best usability:security ratio as far as my insight on the subject goes) plus adding a pass-phrase as second, "backup" option.
_________________
"If you are using Linux as a development platform, do not skip first learning administration and security. It is a foolish programmer indeed who is not master of his or her own computer"
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum