Cryptsetup benchmarks for a Dell 17r.

For no good reason today I decided to run some cryptsetup benchmarks on Windbringer. The only really significant change to the systemware configuration is that Windbringer is now running Linux kernel version 3.9.4-1-ARCH.

[drwho@windbringer ~]$ cryptsetup benchmark
# Tests are approximate using memory only (no storage IO).
PBKDF2-sha1 407688 iterations per second
PBKDF2-sha256 222155 iterations per second
PBKDF2-sha512 144511 iterations per second
PBKDF2-ripemd160 334367 iterations per second
PBKDF2-whirlpool 187245 iterations per second
# Algorithm | Key | Encryption | Decryption
aes-cbc 128b 563.0 MiB/s 1862.0 MiB/s
serpent-cbc 128b 67.7 MiB/s 281.0 MiB/s
twofish-cbc 128b 158 …

Read more...

Cryptoparty presentation: Whole Disk Encryption

At the DC Cryptoparty in October of 2012 I did two presentations: One on GnuPG and one on whole disk encryption. While I'd put the GnuPG presentation online I hadn't done the same for the disk encryption one because I had to update it after the cryptoparty to take into account new information acquired that afternoon regarding MacOSX and Windows. I did so, converted the OpenOffice Presentation deck into a PDF, PGP signed them, and uploaded them this afternoon.

v1.0 of the WDE presentation is now available for download:

- cryptoparty-whole_disk_encryption-v1.0.odp (v1.0) (sig)
- cryptoparty-whole_disk_encryption-v1.0.pdf (v1 …

Read more...

Practical whole disk encryption, or, how to frustrate data forensics.

When you get right down to it, the best way for an attacker to get hold of your data is to shut the box down, pull the drive, and rip a sector-by-sector image to analyze offsite. It might not be quick (depending on the speed of the hard drive, speed of the storage drive, and a number of other factors) but if you're not there when it's done you might not know that it ever happened. However, if you encrypt data at the level of the drive, they can copy the drive all they want but they won't be able …

Read more...

Boot loaders and securing dual-booting portable systems.

UPDATE - 20170327 - Truecrypt was disconnected in 2014.ev when Microsoft stopped supporting Windows XP.  DO NOT USE IT.  This blog post must be considered historical in nature.

If you've been following the news media for the past year or so, stores have been cropping up with frightening regularity about travelers who are detained at the border while customs agents demand the login credentials for their notebook computers so that they can be examined for gods-know-what kind of information. From time to time, the hard drives of computers are actually imaged for later analysis. As if that weren't enough, the United …

Read more...