Which crypt algorithm?

gir1dhar · n00b Joined: 10 Nov 2009 Posts: 11

Hello,
I've just finished installing gentoo on my netbook. Most of it is done. And now I'm focusing on the finishing touches.
Since it is a netbook, and I take it everywhere I decided to encrypt the partition for the home folder. I've read http://en.gentoo-wiki.com/wiki/SECURITY_System_Encryption_DM-Crypt_with_LUKS, and I managed to set my encrypted partition. But I've found that the suggested algorithms are too "heavy" for my little netbook.
First, why do I need to encrypt my home folder? As I said before I'm taking my netbook everywhere, and in the case of being stolen I don't want to have all my passwords and data easily read by anyone. But I don't want to set up a super strong security system that slows my computer to a crawl and makes it unusable.
My encryption scheme must be fast and simple, it should be easier to format the drive in case of loss than reading the info. I know that I will be screwed if it falls in the right hands and I'm ok with it.
I want to know which are the fastest crypt/digest algorithms, and setups?

My netbook is a toshiba nb205-210, Intel Atom 280 1Gb RAM 160Gb HD.
I encrypted swap. Instead of the recommended

Roman_Gruber · Posted: Thu Mar 18, 2010 11:40 am Post subject:

Well what you like you can do.

There are always draw backs.

I use aes encryption because its the fastest.

Veldrin · Posted: Thu Mar 18, 2010 12:47 pm Post subject:

As tw04l124 already said, it depends on what you want or need.

I would go with one of the AES finalists: Rijndael (AES), Twofish or Serpent. (Don't use Blowfish, I has been superseeded by twofish)

There respective "features" are

Twofish - Speed, thus less secure
Serpent - Security, thus slower
Rijndael (AES) - compromise between speed and security

While the swap config seems fine, you should really use the recommended settings for the home partition: Blowfish is deprecated, SHA1 has been broken (cryptographically and should be phased out) and a short key means less security.
If you care about speed, go with twofish.

gir1dhar · n00b Joined: 10 Nov 2009 Posts: 11

Thanks for replying!
tw04l124

rufnut · Apprentice Joined: 16 May 2005 Posts: 247

Roman_Gruber · Posted: Fri Mar 19, 2010 11:48 am Post subject:

In short:

My way was this:

First to install a full runing arch-linux installation
secure wipe partitions 4 or 5 times, I think
making lvm volumes
doing on top luks encrypted volume
make mountpoint in arch linux and mounting encrypted volume there.
chroot into enrypted disc partition and begin gentoo installation while having a working arch linux for using browsers, games, and so on

the kernel part is tricky but quite simple, emerge genkernel

make your kernel
then let genkernel only make initrd image and put this image on boot finished

For the details, sorry, but using lvm and so on, I did read a lot of documentations and it took me really 3 weeks to get this setup up and running. Thats why I installed arch to have a working computer in the meantime

I know netbooks dont have cdroms, most of them, so using a usb boot flash disc may be enough.

The only way is to understand the things people want to tell about their installation guides

genkernel helps you a lot, because the initrd image, which is needed for booting can be a pain in the ass, so let genkernel let do the work for you.

If you ask me make a huge boot partitions, huge means for me 512 mb. If you want to boot from usb flash disc, I encourage you to have 3 usb flash discs of different types, because the fail easily and then you really have a problem booting your system.