Crypto in DragonFlyBSD
--00163646cf8a3169ee04831b8273
Content-Type: text/plain; charset=ISO-8859-1
There is some talk on the kernel-mailing list about implementing
Cryptography in DragonFlyBSD.
I would like to add my input in this discussion;
Most cryptography implementations use block-ciphers. But I consider
block-ciphers (even AES) bad, because
they are just a code-book.
I consider Stream Ciphers to be the best way to encrypt data, as these are
"the next best thing" to a
one-time-pad (one-time-pad is a provably secure encryption method).
So if DragonFly were to support encrypting the hard-disk-drive/file-system,
I would recommend
a Stream-Cipher implementation.
There is more than one way to go about this; read up on CSPRNG on
www.wikipedia.org.
For me, the limiting factor is the cycle-length of the Stream-Cipher/CSPRNG.
If you go via the method outlined in wikipedia for a CSPRNG (a block-cipher
like
AES in counter mode) then the limitation of the cycle-length is the
limitation of
the size of the counter. So in todays world of 64-bit computing that's
64-bits,
generally speaking.
Alternatively, you could use IBAA64 which is available from:
http://www.leopard.uk.com/IBAA64
(or any other good CSPRNG with a guaranteed cycle-length).
If DragonFlyBSD was to go down the stream-cipher/CSPRNG route (as opposed
to the block-cipher route which everyone else has chosen), I would like to
point
out an improved version of the usual Stream-Cipher technique which I
invented
and have called "Cipher-Packet";
The algorithm/implementation is available from:
http://www.leopard.uk.com/C12
Cheers !
--
Sincerely,
Robin Carey
--00163646cf8a3169ee04831b8273
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<p>There is some talk on the kernel-mailing list about implementing Cryptog=
raphy in DragonFlyBSD.<br>=A0<br>I would like to add my input in this discu=
ssion;<br>=A0<br>Most cryptography implementations use block-ciphers. But I=
consider block-ciphers (even AES) bad, because<br>
they are just a code-book.<br>=A0<br>I consider Stream Ciphers to be the be=
st way to encrypt data, as these are "the next best thing" to a<b=
r>one-time-pad (one-time-pad is a provably secure encryption method).<br>
=A0<br>So if DragonFly were to support encrypting the hard-disk-drive/file-=
system, I would recommend<br>a Stream-Cipher implementation.<br>=A0<br>Ther=
e is more than one way to go about this; read up on CSPRNG on <a href=3D"ht=
tp://www.wikipedia.org/">www.wikipedia.org</a>.<br>
=A0<br>For me, the limiting factor is the cycle-length of the Stream-Cipher=
/CSPRNG.<br>=A0<br>If you go via the method outlined in wikipedia for a CSP=
RNG (a block-cipher like<br>AES in counter mode) then the limitation of the=
cycle-length is the limitation of<br>
the size of the counter. So in todays world of 64-bit computing that's =
64-bits,<br>generally speaking.<br>=A0<br>Alternatively, you could use IBAA=
64 which is available from:<br>=A0<br><a href=3D"http://www.leopard.uk.com/=
IBAA64">http://www.leopard.uk.com/IBAA64</a><br>
=A0<br>(or any other good CSPRNG with a guaranteed cycle-length).<br>=A0<br=
>If DragonFlyBSD was to go down the stream-cipher/CSPRNG route (as opposed<=
br>to the block-cipher route which everyone else has chosen), I would like =
to point<br>
out an improved version of the usual Stream-Cipher technique which I invent=
ed<br>and have called "Cipher-Packet";<br>=A0<br>The algorithm/im=
plementation is available from:<br>=A0<br><a href=3D"http://www.leopard.uk.=
com/C12">http://www.leopard.uk.com/C12</a></p>
<p>Cheers !<br clear=3D"all"><br>-- <br>Sincerely,<br>Robin Carey<br></p>
--00163646cf8a3169ee04831b8273--
討論串 (同標題文章)
完整討論串 (本文為第 3 之 7 篇):