View Single Post
Old 04-06-2004, 03:45 AM   #4
Alexander Turcic
Fully Converged
Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.Alexander Turcic ought to be getting tired of karma fortunes by now.
 
Alexander Turcic's Avatar
 
Posts: 17,107
Karma: 10995944
Join Date: Oct 2002
Location: Switzerland
Device: Sony PRS-650 / Nexus 7 / Kindle PW
Quote:
DES. Sure I would go for 192/168 bit 3DES
DES is very fast in hardware. It was originally designed as an hardware based cipher. AFAIK DES has never been broken by cryptoanalysis. And only the 40/56 bit versions are bruteforced. So looking at pure time to bruteforce 3DES is extremely secure.
3DES is secure - DES is not. And you should assume that by now there is also hardware available to quickly break DES with higher than 56bit (remember we are talking about the "ideal encryption solution" here). Check here for more.

Btw, I would be hesitant to buy hardware encryption from eNOVA, who is a Chinese company. Would you "trust" them if they "gave their word" that there was no backdoor included?

Quote:
Surely CBC is more secure. But I think CBC is impossible (no matter what cipher) when using as full HD encryption. Firstly the hardware doesnt know about files because it just encrypts datastreams. Secondly suppose you need a block at the end of a 200GB HD. It would mean you should decrypt 200GB to get the 'key' for the last block.
I think you misunderstand how CBC works. For using CBC, you don't need to know anything about "files" nor do you have to jump 200GB forward.

I give you an example: I once wrote a WinNT driver that would encrypt data written to a DAT backup tape. This driver supported AES, Twofish, and Serpent of variable key length plus it supports CBC. The driver did not know anything about "files" written to the tape (the encryption is block based, like it is the case with a harddrive encryption) nor did it have to jump back and forth on the tape (you can imagine what physical strain that would put on a tape). I attached the driver source to this post, so you can have a closer look if you know C programming.

Quote:
(wireless) networking
Encryption should be very fast. Otherwise 'the user' could be tempted to bypass it.
Have you looked at the network hardware encryption I posted? I've heard some good user comments on the vpn12x1, though never used it myself. Note that the encryption does not have to be faster than the speed of your network (which is usually limited to 100Mbit). The vpn12x1 specs say that encryption, DES, Triple-DES and RC4 range from 70 to 188 Mbps. So that is not too bad.

Quote:
a] Say I install BSD with the encryption package of your choice. What kind of speed I can expect? I think 30-40MB/s is needed for decent performance.
That depends on many variables. Are you planning to use a software-only encryption? The one I mentioned, geom-gbde, "seems" to have a good throughput, though I've never measured it. Also, I think there are other factors that would heavily influence this measurement (computer cpu, harddisk (ide-scsi-raid)).

Quote:
b] Is there something to choose from on BSD. I've seen alot on Linux and Windows but nothing on the DevilOS
I am using FreeBSD. While both OpenBSD and FreeBSD fully support the vpn12x1 chip, only FreeBSD comes with geom-gbde.

Quote:
c] I think wireless is very slow and not near 30MB/s
I wouldn't go for wireless then Btw, did you really mean 30MB/s? Even with a 100mbit lan, you won't make more than 10MB/s.

Quote:
d] Whats the latency on a (wireless) network.
I use some heavy. For example an app that does do a *lot* of database access.
I am sorry but I think I didn't understand the question. The speed of your network depends on various variables, too. There is the physical constraint (10mbit, 100mbit, 1gbit, ...). Then, what protocol are you using? SMB? NFS? IPX? Huge difference.

Greets
Alex
Attached Files
File Type: txt stesys.c.txt (34.5 KB, 235 views)
Alexander Turcic is offline   Reply With Quote