[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [ANNOUNCE] ROCKate Tor LiveCD V0.4.0.0

To: or-talk@xxxxxxxxxxxxx
Subject: Re: [ANNOUNCE] ROCKate Tor LiveCD V0.4.0.0
From: coderman <coderman@xxxxxxxxx>
Date: Thu, 21 Jun 2007 11:55:46 -0700
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Thu, 21 Jun 2007 14:55:56 -0400
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=OKaQm3lTXWwnPyG+TsvW/omzodUftRxZZDxSqCH5fFzmErc1NfCvOt0aDjuBmfVn87H7DaCwM7VN6kg0rmFepcr5YZJpDmhRMHgmJRvJg67h4umz5b2ksW3qMnBNDTDEST2sg4xHYsD9EQYBosH8KUbTNURHr+jHyAlLTKb6+KQ=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=GAo3sKAQrYfqOMnlnNhqwsCAXNenvVGNQY6nvdDIGPWiCyrpf4IFgT/QjFir57GldqjMAcmTk+IS2LEvlSiEwCLq/s8xXRrE3MNUupR50lqgHep1nwLqYFuJ6dEWEkW3pFpfd2pwUuXzuHIo/uuUpRp1p5J2TcROgcnuhtfcz+E=
In-reply-to: <20070621183735.GD521@xxxxxxxxxxxxxxxxxxxx>
References: <20070620150922.GQ713@xxxxxxxxxxxxxxxxxxxx> <1182427884.23799.1196329557@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <20070621170355.GC521@xxxxxxxxxxxxxxxxxxxx> <4ef5fec60706211121g76c02bc0j9621f949daf099e5@xxxxxxxxxxxxxx> <20070621183735.GD521@xxxxxxxxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

On 6/21/07, Benjamin Schieder <blindcoder@xxxxxxxxxxxxxxxxxxxx> wrote:

...
Key management is an implementation detail and should be of no concern
to ROCKate users.


right.  but this means more work for you (to manage loop-aes keys) as
luks makes things simple(r) already. :)

> 1. cryptoloop, dm-crypt, bestcrypt, truecrypt, and loop-aes  - Why
> cryptoloop should not be used.
>    http://mareichelt.de/pub/texts.cryptoloop.php

Last update is over a year old. Which parts do apply to todays kernel?


all of the statements are current for the most part. the author
updated relevant sections to name versions where the watermarking /
plain-text attack issues were fixed in truecrypt / dm-crypt.

dm-crypt still exposes more information than is desired during partial
block updates. (change the last bit in a loop-aes 512byte block and
you get a new block.  dm-crypt just updates the last cipher block
sized portion at the end of the 512 block - 16 bytes)

overall, any of them are a pretty good choice.  the crypto will be the
last thing an adversary tries to attack here, so your key management
and user clue will be the crux.

key scrubbing and robust key schedule (less data is encrypted per key
than the others) for loop-aes multi-v3 may provide a useful benefit
depending on your needs...

best regards,

Follow-Ups:
- Re: [ANNOUNCE] ROCKate Tor LiveCD V0.4.0.0
  - From: Benjamin Schieder

References:
- [ANNOUNCE] ROCKate Tor LiveCD V0.4.0.0
  - From: Benjamin Schieder
- Re: [ANNOUNCE] ROCKate Tor LiveCD V0.4.0.0
  - From: JT
- Re: [ANNOUNCE] ROCKate Tor LiveCD V0.4.0.0
  - From: Benjamin Schieder
- Re: [ANNOUNCE] ROCKate Tor LiveCD V0.4.0.0
  - From: coderman
- Re: [ANNOUNCE] ROCKate Tor LiveCD V0.4.0.0
  - From: Benjamin Schieder

Prev by Author: Re: Remote Vulnerability in Firefox Extensions
Next by Author: Re: [ANNOUNCE] ROCKate Tor LiveCD V0.4.0.0
Previous by thread: Re: [ANNOUNCE] ROCKate Tor LiveCD V0.4.0.0
Next by thread: Re: [ANNOUNCE] ROCKate Tor LiveCD V0.4.0.0
Index(es):
- Author
- Thread