[Tails-dev] thoughts about the persistence encryption

This message is part of the following thread:
M\the complete thread tree sorted by date
MM 
MDaniel Kahn Gillmor at ->
Delete this message

Reply to this message
Author: goupille
Date:  
To: tails-dev
Subject: [Tails-dev] thoughts about the persistence encryption
Hi !

we received complaints from a user about the persistence encryption. basically, I don't really know what I'm talking about, so that's a resumee of that user's remarks (without the bad words) :

AES : the fact that moderns hardware are shipping dedicated AES modules is a risk (potentiality of unknown features in those modules). the user proposes to use Serpent instead (which is less subject to that threat)

SHA1 : using SHA1 today is very bad, SHA512 should be the default

keysize: with a keysize of 256 in XTS method the real keysize to factor against is already only 128 (if the everything else in the implementation is robust). he seems to think that AES-128 is not safe at all against a government and doesn't trust so much AES-256. since there is no "significant performance hit", and due to XTS, the default keysize should be 512 bits.

iteration time: it is low for slow systems, and Tails is aimed to work on relatively slow systems it should be increased



cheers.
This message was posted to the following mailing lists:
tails-dev
Mailing List Info | Nearby Messages		<-Re: [Tails-dev] What do we miss to replace Vidalia [was: Getting rid of Vidalia]Re: [Tails-dev] Fw: Electrum doc wrt. SPV security->
lists.autistici.org administrated by postmasterLurker (version 2.3)