[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#748063: marked as done (debian-installer: Please offer luks serpent xts 512b)

Your message dated Thu, 15 May 2014 02:07:43 +0100
with message-id <5374135F.60400@pyro.eu.org>
and subject line Re: Bug#748063: debian-installer: Please offer luks serpent xts 512b
has caused the Debian Bug report #748063,
regarding debian-installer: Please offer luks serpent xts 512b
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
748063: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748063
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: debian-installer
Version: testing
Severity: wishlist

Dear Maintainer,

according to
http://www.reddit.com/r/crypto/comments/235i58/linux_cryptosetup_strong_crypto_settings/

serpent-512b-xts seems to be the fastest software crypt algorithm for
luks. But the debian installer menu only offers 256b-xts. It would be
nice to have a 512b option.

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'testing-updates'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.14-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---
--- Begin Message --- 
Hi,

>> Thomas Renard <cybaer42@web.de> (2014-05-13):
>>> serpent-512b-xts seems to be the fastest software crypt algorithm for
>>> luks. But the debian installer menu only offers 256b-xts. It would be
>>> nice to have a 512b option.

On 14/05/14 01:43, Cyril Brulebois wrote:
> So I've hacked the d-i bits, and I verified that the modified image
> indeed proposes serpent/512/xts as an option (even though I didn't test
> without my patch; I'm assuming you did).
> 
> Now, trying to use that doesn't work, given the kernel module is unhappy
> about the parameter being passed.
> 
> Looking at the kernel sources (v3.15-rc5-77-g14186fe), I see:
> | crypto/serpent_generic.c:       .cia_max_keysize        =       SERPENT_MAX_KEY_SIZE,
> | crypto/serpent_generic.c:       .cia_max_keysize        =       SERPENT_MAX_KEY_SIZE,
> | include/crypto/serpent.h:#define SERPENT_MAX_KEY_SIZE            32
> 
> which assuming max key size is expressed in bytes, would match a maximum
> key size of 256 bits.
> 
> But then I'm probably missing something obvious. And as I said, I don't
> know anything in the crypto area to being with.

There may be confusion here about what is really meant by 512b.  XTR
modes involve splitting a key into two parts, for example 256+256 bits.

The Serpent cipher has a maximum key size of 256 bits in its design, but
the syntax for cryptsetup is "--key-size 512" (which is misleading).

Thus I see partman-crypto is doubling the user's choice:

> 194         # xts modes needs double the key size
> 195         [ "${iv%xts-*}" = "${iv}" ] || size="$(($size * 2))"

So when Thomas chooses 256 bits he will actually get what Reddit called
serpent-512b-xts, which is still 256-bit Serpent after all.

p.s. benchmarking on my own machine showed that for 256+256-bit XTS,
Twofish was fastest, followed by AES (not hardware accelerated), and
Serpent barely half as fast, so YMMV.

Regards,
-- 
Steven Chamberlain
steven@pyro.eu.org

Attachment: signature.asc
Description: OpenPGP digital signature


--- End Message ---
Reply to: