From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id C5EAE1382C5 for ; Sun, 7 Jun 2020 12:44:35 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id F1D6CE09BC; Sun, 7 Jun 2020 12:44:27 +0000 (UTC) Received: from mail-wr1-x432.google.com (mail-wr1-x432.google.com [IPv6:2a00:1450:4864:20::432]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id ABB02E09A5 for ; Sun, 7 Jun 2020 12:44:27 +0000 (UTC) Received: by mail-wr1-x432.google.com with SMTP id l11so14500873wru.0 for ; Sun, 07 Jun 2020 05:44:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:from:to:references:autocrypt:message-id:date:user-agent :mime-version:in-reply-to; bh=X9FuTNcb4Nd4Cr+GMSm8ZvioJ/xOyTdXU3XZFQooAjo=; b=r0I9t2rL5Y16JQKLpq0gMlUVHgFkJWSTcbiL0bpdMszGc6azwcv87LKaboC7Mz4FPD t4eoY+t4kJe9szlYoIPlRZZ8+VyQ4RA9bfjcnjbNpsaerhlPXC819Q9p1Xf7uomMcU6a KwGLM72GTn15m/+HNZB6I/hOU+M386w+DW1fbMjmEb7fxcHAHhR704O0JE0CT+llFBgV /jk84FFHaH/MIXqOAy1cynWPPM8r/TYVwx5I7lLYYqTvS1CYYo95gbCR98OgUizd0FyK eyVEuzq52uB4LHkUW2gD8kqpmr4gKrQlU3kaWhstJil/oIrqjHFjuOQeX2Fnbbb5+l4m /ZTw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:from:to:references:autocrypt:message-id :date:user-agent:mime-version:in-reply-to; bh=X9FuTNcb4Nd4Cr+GMSm8ZvioJ/xOyTdXU3XZFQooAjo=; b=VrQ1swe0z1Ysxdngf3jgLeqjvwUcbY/eQT0Mw146gnalnVIKiLCDHLHehU4oBjCTxU d/BjiIozOF7ZwCY4Ku5+F5fQgm+NpnEFIUM6qATW+uiz9F9F8gBsRi75fQakiPO0J4/H 8XNUBNWguj7yE369r+DM5g3WiRbf1TarJhr3n0NnNmHBSJIKdMZGqqt67ChcXGYHFJAq dQuB0dZs3rh5K7+f6Rkd2B8PqWNKRD7PpnTI/IImobbu0QDvR1VlGQnWLUnXTgWGdQn7 +oX7tf6WjgRmrX041Ie832V0aZ+MkeYflQHO7Ho5sAwn0d8rnrUgmVuzJ94JjrllpiU/ YsUg== X-Gm-Message-State: AOAM531sv8w+Af90PamF58h+hAQu3zjwiEClEWg3wqKkaDThAgvDuM3Y EFfjPsd4uWRJsaIpBD9qELSXOYik X-Google-Smtp-Source: ABdhPJx54DXBQY02KymKtgnmNt47Q0yhWAwNwaSe9d04auhclS84UP61TF1gnGS1q7y6VDxQZZVAlA== X-Received: by 2002:a05:6000:1185:: with SMTP id g5mr20244425wrx.39.1591533864736; Sun, 07 Jun 2020 05:44:24 -0700 (PDT) Received: from [192.168.0.64] (cpc148898-sgyl44-2-0-cust897.18-2.cable.virginm.net. [82.34.183.130]) by smtp.gmail.com with ESMTPSA id f185sm9162952wmf.43.2020.06.07.05.44.23 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 07 Jun 2020 05:44:24 -0700 (PDT) Subject: Re: [gentoo-user] Encrypting a hard drive's data. Best method. From: Victor Ivanov To: gentoo-user@lists.gentoo.org References: <7e55092b-1914-da09-cb33-25aea63d2b22@gmail.com> <6a9ae564-14be-aa10-e0d3-d50fd82e3e3b@gmail.com> <7e2ee8c9-7956-39a4-e31b-6a3f40d08da9@gmail.com> <18e49200-21a8-ed0a-3b96-3cc0e4ba93e3@gmail.com> Autocrypt: addr=vic.m.ivanov@gmail.com; keydata= mQINBF3g/JMBEAC4yM5z5iFHFBU8Zf92ZRB+6uH3ipSWXBYpP+23cdjXO0CFYnUykGSwzYb4 y0/nL1r5FDiNyciRb00QorIHqgi32yzTxApDEb12Bt0xOp8fbSIgEQcwU63Ig7IxQ4PRT5Wd dXdwvtU2ZntcrtDLaRM7ukjqlistrZQGWfHfuGW/7clD8huRVGywHSxFlkupfwVPzxjTQt1T KUs0zsbl4pmXgXfCtQT1t5I9XgJ3gjsh1k0iHaoTubdJwEhukeTNMOIDQACU17Bw/M0ZB70x TRpweOmXOGvEgX9JJQsNnllfo+Uq9vZ2YARc/T576YPNDbeMT6ili/Td81r7gjYGHF7vHaGr 8nWl6qp1/saqMaIlRrg+cpbmMx/p6NrbunYUq4uG73cYE4vW7IesvPqyFNRpYOpO2k482BJn WjsUlN7WqSMvBSVelxOzAAliieUbVft6YfqrLcm17W0fsxIse3i19u/qYP1eWIzHYNy+4rsr S8MIvHlEdL+2cvyPDzKv57G5Vo1sfBp8tkAcBEbYBVM8YLm6UU5nPFJxhy4Hly0MzYaPfsuy Le4D3VcjdLtXRVqISNnpgIjqnnPNuNcQf2e0olEKyv34I1Xd/th/2OozLdmSzaooyzI1fs1Q wbUC2Tpmi5oxlCXOw3HwJ/V/GhOGYtr9lA2AaouoqGf9xKCZxwARAQABtCZWaWN0b3IgSXZh bm92IDx2aWMubS5pdmFub3ZAZ21haWwuY29tPokCVgQTAQoAQAIbAQUJAeEzgAIeAQIXgAIZ ARYhBIsM+jNKfukNfT85Q22UeoIMUN1ZBQJd4P/nBAsJCAcFFQoJCAsFFgIDAQAACgkQbZR6 ggxQ3VnWYRAAlXiNLrRWlDn5I1sm753dxjaN4Yzlfx3wS1NdLM7/v1A44R3wCEzKOiB9oP6Y OqCJOxDeFnWsFZNVM2NcAvgF7py0Wo9/k2Kj4ZG4LCnrYLHlYI6lks0kqubiIKBdeCMpgR2/ AuU0xjUgtGur/TH6VIL5omA0NK4psPnUe/Lomfim6J18++oROhXoekZ3TkHwdt2aB7Cl1iOf N5scJWvkG+vapmtSN5A3vwFda+Uf1PG8SgZOtlmnlrLGUnvPcUKtcCO6m7dZZPfboY9jusG9 IOCZxrexHYbo0zqSaKoaU0TBqFmVO+9jddqC5japWQnuw5THQ/ehC4UJrWovYEeJtpo8lAsE gP0CImo5p5zM7JmntvXO5N9R3hnX1GQnBU0kKL93uQj6pTeY5S7SSdO8nEKGQzuulB4vRMpS RWlSA+g5Z3NLKnslq1gs9f4mtooGXj/6SShKE+lLVPpPGfkUElhzGfkLMgH/pGRsoFUFDzbG YXDxCxat8v9OCo3hpR9ouKWoxj1jDRoc98AufN22giInaWYtn9CBWfNuamvXlXgk9/oSI9fQ hWBKs0t8xdXsmdFEakrR6DVjuPKGGe9Wm2aRd4rdI8pQanNTW3SmIS5nMvbPJ4f1z5N6joc1 BIcNv4VWz8nZApPpCsw/TZMcqxOkxaDhi1Tgf06LMWIN+6S5Ag0EXeD8tAEQAPWvRL9eauw+ GTBmhmUJ6KY2IjxJi67VEAFar+CZwe8py3UI5CIoZEBjifYEC43hV6i34VrE3CBu6uVmjF69 AeBAd93K1kXvmXcCAaxbzh3xLr7OynR5fc0rliJCtqQ+l1PHbcH8zPcgNX1P57wnXLBrd6H7 p/Zfpn1uVlVwzZG4qtOuT833EbdvFhu1NvYrzwoY4rTgUqeZsNXkaVI9g6fp2GsMV3lHNzI0 TuRfr3ATtkHIvgkr9uLDYiFexu1hzlsVfckTn0XP21CjWOtMB/gbkoue2CGyFcGCstsx0aeY t3JCnWdv93LRNRm30VQmOaxrCBRCCAQWSIzuW8s290iWv7jTZYj1V3QLauHBybUSVhwiqpRq SnGEkFdEnlKMGo2LwodyMRou1iOxP0MSXJCrGdDz2uaPMC6ZrTH8ExZIdmWzpI3bMosAK9A1 0Vnmz2GbmZMFWS1Gkel0adICH5sQiqjRTElv6s35f81B+bft095zfzU72Nur0aj418RKucra WyJIE4sNgkNFTKe+61nw2XcX+n2Tp/qXnctc2FC3Qxjp0I96Ef/dV0OXa1hkwCfiJqRAe7cG EIhazh74y1DjjXyzSNl1CKOmeYjE4tUcjQ0mRPJTkTsarTUYBev4yZtYYQKFsTpPVT2GpL4g /9Rzg1JGPxWJwJCz/QUwNTGXABEBAAGJAjwEGAEKACYWIQSLDPozSn7pDX0/OUNtlHqCDFDd WQUCXeD8tAIbDAUJAeEzgAAKCRBtlHqCDFDdWTTND/9VRrwI13C4UC2tZx0DCVvFKqGsyd7h nfsGMnM1hcOaUUyRUrpaoTYIc59mVuTnIg5b1LuUkvFFm50uq5pK2E9VxtAi3T/qlTIoe3zX pavMMOj67p3+fWp1zz+UBoUvZEzsYtOzhAEsBSEoUxDY5bxrPlj5KGLXm6YjWvlo4jjbwaAk N113TP0koaIWbCvaz+GNVHuZ0/s9lQwydIpbGdpZ4KuDohA7SadJtV6Z9aPYo9sybY5iX/FT 6/0AF2IvBfuiVbLpIgsI/aYEA5ROIHe2DqzWtRUOfydSPUKb+4U+NzgVwpOMAc3p55kv3V3h HSdgnebVPlLLCtRgAVnYAyo99MOAeXcmM2PRn5pSwX/etId4uPXA9N+c08F9vl2cpqg2oGaO jsd4ZFmhd//g7nUpNDzqZ5h7bx7ztgn/srjO2BfOF53HrzjYjDOqE1mUfTTQhIxweW+3+vRo AgDNJgkMHYcDBOabzqwliWEATlY8TBsCi7ATajX1wk8ZP4VvtIHFMjNc//MumZb5VEe/VwmC l1SNCeVioy3Smm76NApPT7EEvrEtoKEeJXKoBJwoErkQkuccEkGpkhuaDupeXcrm4cqknHLB b106Qm69jTl/8xRqLreSxTz/vPxEAFdf1S0XXwXd3RHHi2DBYdQ/dlHzJF5aWtOr+WADz/iT 07V84bkCDQRd4PzOARAAxf3teIWCgoqYmwfEsZgDoXn8LIz8eL93D2LBnW4tikQUESFvF1V7 +BASk8cfbwgq2Rw+M87ITBZWcQ2pRcaImZc0MBP1Yb5TrAd6YuImQfHY2rkdw4B2NI4PCx5i mEdtHF0fAc7kOp0slNHrg3NVKj+1YIz3YMaHnSxPxe3c0kcDRyGdgfpJXsT6XeMqana/QGgR zo/i1NFeOcAVChwD/qCUTSVJcIeFCSah5XXUPrxdeEi8YUl7WlXtb+enOof/2LCz3dYG6vOn Hmn6M+Tw7VowLtC3plg6NmtM+9S3905DBxg2tFYtoE6RfzDmIJOoFZH8CqH920nQmtE7jN7R gcuMV/+RszfyT6q12XAS+/R/no2+MuaEtFKazfP7IYA3KHLsGzxlex3LJKPQLiKSFi68Jbgl yJXskxwCuJN5YLClFlnkVmXuuZ7DVk5dTTnc7eTVSaU09fAy7llz/Iva4KVpH5jxl8qJYdkG WiJkcBJ9Zk+oNhuoKwMc1jOveaRzzfBKU4NGCMYiCxtiGUXfH8EgDryUxcaUE3EmcA/RGUM1 hL81awOOQXR4mzhjyAzakFiJsu+qOv7R8qyl4aJ5ZVk4mDV8f0Ds5DlWngf6gTkl/AsDIuvE 5DpeG3H4IBCHCmjoaWNHouI6DdWkA42GpvFpEkcr6QT8yxceqsD+2ZMAEQEAAYkEcgQYAQoA JhYhBIsM+jNKfukNfT85Q22UeoIMUN1ZBQJd4PzOAhsCBQkB4TOAAkAJEG2UeoIMUN1ZwXQg BBkBCgAdFiEEKFZblUJabdsjGSQvxx0QR+MZjnMFAl3g/M4ACgkQxx0QR+MZjnOHBw//e2BK d+FPZihrgdB1dpBGS5C16v+GxC5VmIQ3ldifxXch+mLE1qQ6b3PINdkQsd1WKZ7fPiHyFoYq 0DA0LZZ4LIBI61MauWO5b7j8OEZR/ik/+dV+hvoxnBnTtVd2eBQoKp2GNBw7GiLmt6jr/uW7 LY2uD+zQgV+L38MfGEkwd4+keZIRR3+jl69/jvGHub9SOKJ07GyfDhaXm83GufXCdw0Wli8f pqLGL06pfmSZFiQ3LtPQqB+X5DpAljbqGV661RZR1DiQa6NlUcqqVRw1pytWN29WzbNyKz3W zu7jeTRd1M+XtBoY6g69cCeu4ITr7nFNyckoKu9djZLIfuaLRYUeWxgM9eYezmz1N1S3Y+E6 QwAaWdajioSZeWvsTJU1rMCTgWlJSQlYog0LlbKskccvVDilV9cE4Wq05r3G7bkt4q/uGuxl jCtJzLp0FewOID9cyMqLKDwQ4LnKKjTtNDX7O4B/SWJSncErFJcVkTQQAQix1FCuXfjFbOmr LCDigES5hiRA3Cge+bhwYn/Q+nQCvF+cE9Ohl0pf4RPZ+78kwKzeavnoUiDJ6Vbgqag/OsdE w2VnxWldmWbtFVGSHh7P7Kqz4NwNyQFasm6jZypE3kV9TbTaGcWQlq1fLRIlWsARvXYAKE/c LaGW0oZNBSm/CpGgXxhmkeyosmggNRQRoA/7BoMl42Sn46DfTMhH0TwptsAAFjX488nBhPQL bqxVzq5yO52CTeRafMmtx873JMlh7u14pP59AqUeYgUqp9Wyg8erLV6CKa4Xll5cj22w9OhH xJ0G8cxPIbZGrc/8/z4Mr6AHfT8DgZ2Ez5siU6IuygM7YTMQjzGGJPqDWcQrf/37NuVd+sFt oj008BxqpBD8kQ7+jV5rR/o6FJ2CGebjouJTaTcPIIdsga0ych1RYiTioh1OPuj34YYf6I+B xqJGCd084m/EdP6zDvJVLDxkOMuMGpVSwWrDQcDWBSd1/AfzQmyC9tsYLoxrFYYDNPXp/QxS LT+yz0T2p2JRuZDMGCyLGRO3YLQATJQgPLkpHrZR5coSliuVeUG68iX/55h/dop613g1rdzI seOkJqSC02DVP7kF2E7QHDMxLpCDnsmomlW7uul/d+yF6oDjCuLSAlngVBVkVwl6NIrcSkuh em9Y0+2X9tAVTAdc0V2Ctt7p6stGEBx7RFEimpwKubXpUQ/OReiTr2IxpMj6o4lFoHKL9heA C3YTpJnOGV00jLPhjOgEqWxLmnRmM8E3wtgLGfItoAjDN8U/qdNVoRpWfFO/rPOEugvT31rE MTVdmb4EJtRvDHLGUQ6JeHMm/ftBJokS2bO8HDjslCXQ02I3wl/rZzbKQisstJwRqVM5TJk= Message-ID: Date: Sun, 7 Jun 2020 13:43:32 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.9.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 In-Reply-To: <18e49200-21a8-ed0a-3b96-3cc0e4ba93e3@gmail.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="4m8Bg0w1p9qbiV17tuMGx7IjjzK5Rak1b" X-Archives-Salt: c6508e6d-b538-49fa-bc18-10a70a43fd0c X-Archives-Hash: 0c49edc22bab3fead600cb26a989aca7 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --4m8Bg0w1p9qbiV17tuMGx7IjjzK5Rak1b Content-Type: multipart/mixed; boundary="W6bSTrIRnx9fkjsgUw81zx1YsE6JrRX6L" --W6bSTrIRnx9fkjsgUw81zx1YsE6JrRX6L Content-Type: text/plain; charset=utf-8 Content-Language: en-GB Content-Transfer-Encoding: quoted-printable On 07/06/2020 12:52, Victor Ivanov wrote: > Indeed. I second Rich and too would recommend sticking with AES for thi= s > reason. LUKS will support an AES key of up to 512 bits. It's fast and > hardware acceleration is widely available. > ... > For example, Intel's native AES extensions work in 4x4 data blocks of > 128 bits but will support variable key lengths. Their white paper [3] > suggests supported key lengths are 128, 192, and 256 bits but I've been= > using a 512 bit key on my drives for years with negligible performance > impact (Skylake systems). Perhaps this requires extra clarification re key length, which I should have included, as it may give misleading information. As an algorithm AES fundamentally only goes up to 256 bits for key length. However, in XTS mode (aes-xts) two _separate_ keys are used for the initialisation vector and the block encryption. As such, for AES-256 in XTS mode, one needs to supply 2x256b keys. Effectively, 512b are used, but this too may be misleading. It's better than 1x256b but certainly not as good as 1x512: (2^256 + 2^256) vs 2^512. It also maps well to hardware extensions already supporting key sizes of 256b. This is not possible in CBC or GCM mode which only allows for a single key of up to 256b. My apologies, it was a case of my fingers getting ahead of my thoughts and not having formulating the latter appropriately. Regards, Victor --W6bSTrIRnx9fkjsgUw81zx1YsE6JrRX6L-- --4m8Bg0w1p9qbiV17tuMGx7IjjzK5Rak1b Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEKFZblUJabdsjGSQvxx0QR+MZjnMFAl7c4PQACgkQxx0QR+MZ jnMM1hAAict/rHvsdeZPTKu5ufFc80dAB1958nTb5iDy+NM/8UiyMk1aDOGnfdyh P5ZgD8blZH01pJBbjygUqZOtAUy1AjWk9e9BgsFqFyAclq4ylkh3u+tPCYYNHSTm Fptgs/vL5BMu7iTpYV+HLQApDHG7gAXOHOgmajRRc7mlcFb5sN2Gd3atJ33xkD4C LCvJVzpjY8M7Qm4VhM3i7wxJqfGW/uqNeJPpUJRrU8pEtgm8vFDZ1lEOxSwQA6CM 2jYPUBYT1ApH9KWJXfMeMtE1BOxt4cdiaWKc4Qqux1N4uq6AkP6OPjp88o1O7Tnl +ad66I0vClfI7Dp5ecoIHnrjUYBcsuH12aLh7UpHW7o9yEFum9RuumJvTaANWLhE qqCQ5vK5sEtwszByrNsqdNY8nXBBq8BYxDOHmcaF0KqBWj+34sm0Tq4Kh1edGUiu 6fnLKmASMjBvC917laD7ybA5JEzPI/iWLjoiUD8ve/QCnj9xdwJuAiiHFAmPXyAC kIJARoE1CihkwQKdhSoBwQWQ8qvqexJW5NulSKudaJdRCOra34vowjViO4WQi5d7 zd+x0049AtkfxAz4uJ1KpirFpJjCrvOI1WfljN9BH58Mxgje1sccIi1PCjObbUh0 kN2L0jkf6nG4CWP8srKgANPZw2Mj9/+zvLlu7sSPdLtPEfY20BY= =FdC+ -----END PGP SIGNATURE----- --4m8Bg0w1p9qbiV17tuMGx7IjjzK5Rak1b--