On Sat, Dec 31, 2005 at 11:26:50PM -0600, Travers Buda wrote:
> Well I was contemplating the error of my ways on this thread. I realized
> that I was wrong. Blowfish's implementation is secure and efficient...
> from a programmer's point of view.
> This can be applied to cryptography, and for my practical purposes,
> cryptographic disks. Imagine the efficacy of taking at least three
> radically different (from one another) forms of crypto and
> superimposing those cryptographies on one another.
> Sure, it's slow, inefficient.
> At the very least, the idea of diversification is good... the details
> can be worked out later.
You are right, *if* your data is of such a nature that it needs to be
kept secret for tens, likely hundreds of years. In that case, however,
extending the vnd(4) device to use, at least, AES as well should be
easy. (Not that I've looked at the code, but quite a few algorithms seem
to be in the kernel already, among them AES.)
For me, personally, I don't handle data that I'd be willing to have my
fingers broken for, so protecting the data better than myself makes
little sense.
That doesn't mean that your idea isn't at least theoretically sound -
and yes, implementing it would not necessarily be a bad idea (on a
guess, one might be able to layer svnd(4) devices, so only adding some
algorithms should be enough). That being said, I'm not convinced it has
priority.
Joachim
