harddrive encryption

Roland Smith rsmith at xs4all.nl
Wed Jan 19 22:45:15 UTC 2011

On Tue, Jan 18, 2011 at 06:15:50PM +0100, Roland Smith wrote:
> > What do you folks think of the relative merits of AES vs Blowfish for
> > disk encryption?
> Neither have been broken with their complete number of rounds. Versions of
> both can be broken with a reduced number of rounds. See
> http://www.schneier.com/paper-blowfish-oneyear.html for some analysis of
> blowfish, and e.g. http://www.schneier.com/paper-rijndael.html for several
> attacks on Rijndael with reduced rounds.

It seems I have to correct myself here. According to a presentation by Colin
Percival [1] (slides [2]), blowfish is not safe because it uses a relatively
small block size (for compatibility with DES, IIRC), which makes it more
likely that you can get two identical blocks of (cypher)text in one message,
giving an attacker an avenue of attack.

His recommendation is to use AES. This is wat geli(8) recommends as well.

[1]: http://blip.tv/file/3627639
[2]: http://www.bsdcan.org/2010/schedule/attachments/135_crypto1hr.pdf

R.F.Smith                                   http://www.xs4all.nl/~rsmith/
[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 1A2B 477F 9970 BA3C 2914  B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20110119/8c44bb1a/attachment.pgp

More information about the freebsd-questions mailing list