Subject: Re: Encrypted compressed vnds
To: None <tech-kern@netbsd.org>
From: Garrett D'Amore <garrett_damore@tadpole.com>
List: tech-kern
Date: 08/07/2006 08:21:12
Joerg Sonnenberger wrote:
> On Mon, Aug 07, 2006 at 10:29:49AM +0100, Stephen Borrill wrote:
>   
>> You may remember a discussion about encryption of compressed vnds that I 
>> started: http://mail-index.netbsd.org/tech-kern/2006/06/23/0011.html
>> No simple effective solution was proposed (compressing a cgd-on-vnd isn't 
>> going to give good compression), so I've decided to go with my original 
>> plan and implement DES encryption in the compression part of the vnd 
>> driver.
>>     
>
> If you want something simple, at least use a secure cipher. AES and
> Blowfish are in the kernel already, so use them. RC4 is as well, but
> considered weak now. DES is just not worth the effort.
>
> Joerg
>   

I'm not aware of any cryptographers that consider RC4 weak.  RC4 is fast
and simple, and it is a stream cipher.  I think RC4 has gotten a bad
name because it was misused in WEP.  The usage created the weakness --
properly used RC4 should be pretty strong.

AES is very strong, and has been blessed by the US government.  Its much
faster than DES, but not nearly as fast as RC4.  Lots of eyes have
looked at it, I would trust it.

Blowfish is a little bit faster than AES, but it hasn't gotten the same
level of scrutiny as AES, or even RC4.

If you're working on data for the US (and probably also Canadian)
government, AES is your only viable choice.

-- 
Garrett D'Amore, Principal Software Engineer
Tadpole Computer / Computing Technologies Division,
General Dynamics C4 Systems
http://www.tadpolecomputer.com/
Phone: 951 325-2134  Fax: 951 325-2191