Dirk Heinrichs wrote: >Am Dienstag, 31. Mai 2005 18:34 schrieb ext Richard Fish: > > >>I would suggest anybody looking for filesystem encryption checkout both >>dm-crypt and loop AES. For me, loop-AES is faster, offers better >>security, and is easier to setup with encrypted GPG key files. >> >> > >Are there any analysis about which is more secure? > > >
It is pretty easy to google for such a comparison. The main security problem with dm-crypt is that it doesn't support multi-key encryption modes, which makes it vulnerable to "watermark" attacks. It is better than it used to be, with reasonable key hashing and cbc modes though. To be honest, I use single-key mode with loop-AES for performance reasons, so I have the equivalent security as I would have with dm-crypt. My security needs are not that stringent...anybody who thinks I have anything valuable enough on my laptop to waste time actually cracking the encyption can have my password much faster and easier by simply threatening physical violence!! I am mostly worried about an opportunistic theft of the laptop, not being a real target. And loop-AES runs 60-80% faster in single-key vs mult-key mode. -Richard -- gentoo-user@gentoo.org mailing list
