Tor uses swap?
Gregory Maxwell
gmaxwell at gmail.com
Tue Jan 4 17:29:57 UTC 2011
On Tue, Jan 4, 2011 at 12:11 PM, Steve Crook <steve at mixmin.net> wrote:
> On Tue, Jan 04, 2011 at 10:13:00AM -0500, Gregory Maxwell wrote:
>
>> swap /dev/sda9 /dev/urandom swap,cipher=aes-lrw-plain,size=256
>
> Same solution as I use but with slightly different options. Mine are:
> cipher=aes-cbc-essiv:sha256,size=256,hash=sha256,swap
>
> The example on
> https://trac.torproject.org/projects/tor/wiki/TheOnionRouter/OperationalSecurity
> suggests no options other than 'swap'.
Our commands differ in the chaining and IV selection mode. Mine
should be a fair bit faster. Both should provide adequate security.
The LRW mode I'm suggesting wasn't added to the kernel until a few
years after essiv support, which explains the prevalence of essiv in
recommendations.
I'm not sure what the defaults are if no parameters are specified. I'd
be concerned that it may use plain CBC, which is vulnerable to
watermarking attacks[1].
[1] http://www.tcs.hut.fi/~mjos/doc/saarinen_encrypted_watermarks.pdf
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list