[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor uses swap?



On Tue, Jan 4, 2011 at 12:11 PM, Steve Crook <steve@xxxxxxxxxx> wrote:
> On Tue, Jan 04, 2011 at 10:13:00AM -0500, Gregory Maxwell wrote:
>
>> swap /dev/sda9 /dev/urandom swap,cipher=aes-lrw-plain,size=256
>
> Same solution as I use but with slightly different options. ÂMine are:
> cipher=aes-cbc-essiv:sha256,size=256,hash=sha256,swap
>
> The example on
> https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/OperationalSecurity
> suggests no options other than 'swap'.

Our commands differ in the chaining and IV selection mode.  Mine
should be a fair bit faster. Both should provide adequate security.
The LRW mode I'm suggesting wasn't added to the kernel until a few
years after essiv support, which explains the prevalence of essiv in
recommendations.

I'm not sure what the defaults are if no parameters are specified. I'd
be concerned that it may use plain CBC, which is vulnerable to
watermarking attacks[1].



[1] http://www.tcs.hut.fi/~mjos/doc/saarinen_encrypted_watermarks.pdf
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/