Crypto in DragonFlyBSD
Dmitry Stephantsov
d.a.stephantsov at gmail.com
Wed Mar 31 10:58:08 PDT 2010
Hello, Robin!
Robin Carey wrote:
There is some talk on the kernel-mailing list about implementing
Cryptography in DragonFlyBSD.
I would like to add my input in this discussion;
Most cryptography implementations use block-ciphers. But I consider
block-ciphers (even AES) bad, because
they are just a code-book.
Actually, you can use different cipher modes like CBC to overtook this
code-book-alike behavior of block ciphers. Advanced modes like
LRW/XEX/XTS are even protecting against watermarking attacks.
I consider Stream Ciphers to be the best way to encrypt data, as these are
"the next best thing" to a
one-time-pad (one-time-pad is a provably secure encryption method).
One-time-pad is indeed provably secure encrypted method (more, it has
``perfect security'' property) but this does not holds for arbitrary
stream cipher. A5 algorithm (which implemented in cell phones for GSM)
considered weak ATM, for example.
Moreover, there is always opportunity to make attack with known plain
text on stream cipher. Take the first block of a file which is, for
example, C source. In most cases it will start with string like
``#include'' or, even worse, with license notice. You know, almost
surely, that plain text is license or sequence of includes. If
cipher-stream was just xor'ed with plain text, you can take the license,
xor it with the first block of the file and get the stream. With it you
can perform further cryptanalysis.
It depends on application â which type of cipher to use. Stream ciphers
are good when you don't actually know where your data will end (like the
encoded voice in cell phones). Block ciphers were primarily designed to
be used in computers (e.g. file systems and databases).
--
Best regards, Dmitry A. Stephantsov
More information about the Kernel
mailing list