[dm-crypt] Re2: Cascading two plain dm-crypt volumes

anderson jackson thewizard at mighty.co.za
Fri Nov 29 09:56:43 CET 2013


On Fri, 29 Nov 2013 06:17:31 +0100 Arno Wagner <arno at wagner.name> wrote


> The gist is that breaking aes(k1, aes(k2, data)) 
> takes only twice as long as breaking aes(k3, data),
> i.e. adds one bit of entropy and is meanigless security-wise.
> 
> If you have less than the maximum entropy in your keys,
> then doing aes(k1+k2, data) doubles the entropy, i.e.
> _squares_ the effort needed, up to 2^(number of key bits).
> 
> So, really, do not do this.

Thank you for the clarification and the supplied reference. I see now that my
suggested method is flawed. I will use LUKS instead; I can then combine the
two passphrases and make use of the key strengthening features instead of
choosing less security with no header. 
However I am curious, would my suggestion work with two different ciphers? So
twofish(k1, AES(k2, data)) or twofish(k1, Serpent(k2, data) both still plain?
Or does the MITM attack still apply in these scenarios. 

Jackson

____________________________________________________________
South Africas premier free email service - www.webmail.co.za 

The Simplest Way To Owning Your Own Business http://iib468.ubuntuconnect.com




More information about the dm-crypt mailing list