From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=SGw0=LF=saout.de=dm-crypt-bounces@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-5.3 required=3.0 tests=BAYES_00,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,
	USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2DCBCC48BD1
	for <dm-crypt@archiver.kernel.org>; Fri, 11 Jun 2021 08:23:49 +0000 (UTC)
Received: from mail.server123.net (mail.server123.net [78.46.64.186])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 8F7DE613C1
	for <dm-crypt@archiver.kernel.org>; Fri, 11 Jun 2021 08:23:48 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 8F7DE613C1
Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=wagner.name
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=dm-crypt-bounces@saout.de
X-Virus-Scanned: amavisd-new at saout.de
Received-SPF: None (mailfrom) identity=mailfrom; client-ip=84.19.178.47; helo=v1.tansi.org; envelope-from=arno@wagner.name; receiver=<UNKNOWN> 
Received: from v1.tansi.org (mail.tansi.org [84.19.178.47])
	by mail.server123.net (Postfix) with ESMTP
	for <dm-crypt@saout.de>; Fri, 11 Jun 2021 10:20:54 +0200 (CEST)
Received: from gatewagner.dyndns.org (81-6-44-245.init7.net [81.6.44.245])
	by v1.tansi.org (Postfix) with ESMTPA id 294C51400D4
	for <dm-crypt@saout.de>; Fri, 11 Jun 2021 10:20:56 +0200 (CEST)
Received: by gatewagner.dyndns.org (Postfix, from userid 1000)
	id D77F317A279; Fri, 11 Jun 2021 10:20:53 +0200 (CEST)
Date: Fri, 11 Jun 2021 10:20:53 +0200
From: Arno Wagner <arno@wagner.name>
To: dm-crypt@saout.de
Message-ID: <20210611082053.GA11826@tansi.org>
Mail-Followup-To: dm-crypt@saout.de
References: <e3548498-2c4c-faf0-5d13-fdcbb2a5b4c4@gmx.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <e3548498-2c4c-faf0-5d13-fdcbb2a5b4c4@gmx.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Message-ID-Hash: F7ROD2GKWY4MIVKHTEAP3ZGS2KLBJ2NR
X-Message-ID-Hash: F7ROD2GKWY4MIVKHTEAP3ZGS2KLBJ2NR
X-MailFrom: arno@wagner.name
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dm-crypt.saout.de-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header
X-Mailman-Version: 3.3.2
Precedence: list
Subject: [dm-crypt] Re: Combining ciphers with LUKS possible?
List-Id: <dm-crypt.saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Post: <mailto:dm-crypt@saout.de>
List-Subscribe: <mailto:dm-crypt-join@saout.de>
List-Unsubscribe: <mailto:dm-crypt-leave@saout.de>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

Hi Andreas,

I think this was basically the result of the sometimes
special level of paranoia that went into the TC design.
I would say there really is no reason to mistrust AES at 
this time. Also remember AES gets hardware accelelration 
on most platforms these days, but Serpent (for example)
does not. That makes a rather large difference.

But if you think you really need this, you can layer LUKS or
put plain dm-crypt volumes inside each other and inside 
LUKS containers. May have bad performance impact beyond
the additional encryption though.

Regards,
Arno

On Fri, Jun 11, 2021 at 10:04:09 CEST, Andreas Heinlein wrote:
> Hello,
> 
> I have a question regarding possible ciphers for LUKS encryption.
> 
> I came across this when trying out the TCRYPT extension for cryptsetup. 
> It seems that cryptsetup can map TrueCrypt/VeraCrypt devices with combined
> ciphers, such as Serpent/AES.  cryptsetup status shows
> 'aes-serpent-xts-plain64' as cipher in this case.
> 
> So I wondered whether this was usable for LUKS, to.  But it seems I cannot
> create a LUKS device with '...  -c aes-serpent-xts-plain64 ...' Is there
> any way to accomplish this?
> 
> Thanks,
> Andreas
> _______________________________________________
> dm-crypt mailing list -- dm-crypt@saout.de
> To unsubscribe send an email to dm-crypt-leave@saout.de

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno@wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
A good decision is based on knowledge and not on numbers. -- Plato

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier
_______________________________________________
dm-crypt mailing list -- dm-crypt@saout.de
To unsubscribe send an email to dm-crypt-leave@saout.de