[dm-crypt] Re2: Cascading two plain dm-crypt volumes

anderson jackson thewizard at mighty.co.za
Fri Nov 29 09:56:43 CET 2013

On Fri, 29 Nov 2013 06:17:31 +0100 Arno Wagner <arno at wagner.name> wrote

> The gist is that breaking aes(k1, aes(k2, data)) 
> takes only twice as long as breaking aes(k3, data),
> i.e. adds one bit of entropy and is meanigless security-wise.
> If you have less than the maximum entropy in your keys,
> then doing aes(k1+k2, data) doubles the entropy, i.e.
> _squares_ the effort needed, up to 2^(number of key bits).
> So, really, do not do this.

Thank you for the clarification and the supplied reference. I see now that my
suggested method is flawed. I will use LUKS instead; I can then combine the
two passphrases and make use of the key strengthening features instead of
choosing less security with no header. 
However I am curious, would my suggestion work with two different ciphers? So
twofish(k1, AES(k2, data)) or twofish(k1, Serpent(k2, data) both still plain?
Or does the MITM attack still apply in these scenarios. 


South Africas premier free email service - www.webmail.co.za 

The Simplest Way To Owning Your Own Business http://iib468.ubuntuconnect.com

More information about the dm-crypt mailing list