2

I am looking for strong cipher for LUKS, currently I am thinking about SHA512, but encryption is not my cup of tea, so could you give me your hints, what are you using for encryption?

Ency
  • 1,231
  • 1
  • 19
  • 27
  • 3
    SHA512 is rather too one-wayish for a crypto cipher... – Hubert Kario Jan 08 '11 at 18:53
  • 1
    What is your use case? What kind of data are you trying to protect, what are you trying to protect against, and are there any applicable legal/regulatory compliances involved? – Scott Pack Jan 08 '11 at 19:26
  • I am trying to protect myself basically against police or court order, here is no any restriction or regulation. – Ency Jan 08 '11 at 19:29
  • 2
    Ency, I don't know what country you are in, but in the US (and several others), a Court can order you to turn over your encryption keys and or passwords, and basically keep you in jail until you do. Just an FYI. – BenGC Jan 08 '11 at 19:55
  • Do you care more about throughput or privacy? Also what CPU do you have? Some CPUs from Intel have instructions for AES encryption. – Cristian Ciupitu Jan 08 '11 at 20:08
  • Ask on http://security.stackexchange.com/ perhaps? The cipher has almost nothing to do with a court order though. A court could order you to give up you keys even if you where using ROT13. – Zoredache Jan 08 '11 at 20:29
  • We do not have restriction about that. Well I dont have CPU with this feature. – Ency Jan 08 '11 at 20:30
  • 1
    @zoredache: Since he is most likely trying to commit crimes (i.e. obstruct legal investigations and court orders) we probably shouldn't help him there either. – Scott Pack Jan 08 '11 at 20:35
  • 2
    @packs: You and everyone else has a right on privacy (or are you from china or kldr?) and that's what i want to have, no one is able to see may data without may permission. – Ency Jan 08 '11 at 21:29
  • @ency: That's more of a side conversation, and a good one. Legally, the only privacy you have is what the law gives you. Legally/constitutionally/whatever issued court orders and/or searches/seizures will trump those protections. – Scott Pack Jan 09 '11 at 15:45

1 Answers1

7

Go with the default unless you know what you're doing.

ptman
  • 28,394
  • 2
  • 30
  • 45
  • I know what I am doing, I am just not so good in cryptography, that is why i am asking ... – Ency Jan 08 '11 at 20:31
  • 2
    I believe the default for LUKS is AES-CBC with a 256 bit key size. This is a pretty good all around choice. As mentioned unless you know more about cryptography than the developers of LUKS, staying with the default is probably a good choice. –  Jan 08 '11 at 21:00
  • Cryptography is hard, really hard. The key strength, algorithm, use case, and cipher mode need to all fit together like a puzzle, or else the whole is weaker than the sum. Unless you have a strong understanding of all those parts, then the defaults are usually better. That being said, AES-CBC with a 256 bit key sounds reasonable from my understanding of them. – Scott Pack Jan 09 '11 at 15:50