| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.64.1304091352320.10025@file.rdu.redhat.com> Date: Tue, 9 Apr 2013 14:08:59 -0400 (EDT) From: Mikulas Patocka <mpatocka@...hat.com> To: Milan Broz <gmazyland@...il.com> cc: Mike Snitzer <msnitzer@...hat.com>, dm-devel@...hat.com, Andi Kleen <andi@...stfloor.org>, dm-crypt@...ut.de, linux-kernel@...r.kernel.org, Christoph Hellwig <hch@...radead.org>, Christian Schmidt <schmidt@...add.de> Subject: Re: [dm-devel] dm-crypt performance On Tue, 26 Mar 2013, Milan Broz wrote: > - Are we sure we are not inroducing some another side channel in disc > encryption? (Unprivileged user can measure timing here). > (Perhaps stupid reason but please do not prefer performance to security > in encryption. Enough we have timing attacks for AES implementations...) So use serpent - it is implemented without any data-dependent lookup tables, so it has no timing attacks. AES uses data-dependent lookup tables, on CPU with hyperthreding, the second thread can observe L1 cache footprint done by the first thread and get some information about data being encrypted... Mikulas -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists