# encryption dillemmas

## kamilsok

Hello

While planning a new system deployment I got stuck with some dilemmas considering drive encryption hence a couple of question/thoughts that I hope You guys will help with.

Let me start with why do I want/need encryption.. I plan to perform some heavy development (hardware, software) along with system/server config's testing on this machine (which is in fact a notebook) and I don't want anybody to be able to retrieve any source or config files when the PC is scraped (or get's stolen or confiscated or whatever..). 

Currently I'm considering 3 encryption schemes:

1. Whole drive encryption (excluding /boot) using one of 3 ciphers (AES, Twofish or Serpent)

partitions scheme

```
sda1        /boot                        # no encryption

sda2                                       # encrypted with the best security/performance compromise between the mentioned ciphers

        lvm
```

2. Whole drive encryption (excluding /boot) with ciphers dedicated per partition

partitions scheme

```
sda1        /boot                        # no encryption

sda2                                       # mostly static/shareable, encrypted with Serpent/Twofish (security)

        lvm1

                /

                /usr

                /opt

                /home

sda3                                       # mostly variable/unshareable, encrypted with AES (performance)

        lvm2

                swap

                /var

                /tmp

```

3. Only chosen partitions encryption

- considering swap, /tmp, /var, /var/tmp and /home

Questions

- is encrypting several partitions with different ciphers possible/worth the "money"?

- will encrypting several partitions with different ciphers have any (if so how significant) impact on performance?

- will different patterns for encrypted data be visible (or could be caught)? (don't think so but You never know)

- as an option I'm also considering 3 encrypted physical partitions (placing /usr on a separate partition with lvm and encrypting with Twofish).. would this add some value?

----------

## John R. Graham

Regarding using different ciphers, the work factor increase isn't that much. Let's make some assumptions for the sake of argument:The two ciphers are of equal key length.

The two ciphers are of equivalent strength (i.e., they're equally hard to crack).If either one of those assumptions is not true, then having two different ciphers actually weakens your protection. Why not just use the stronger one, right?

So, for the worst case (i.e., least efficient) attack—exhaustion—using two ciphers increases the best case work factor by 2, which is equivalent to increasing the key size by one single bit. But, you achieve the same thing—and, in practice, more—by using different keys on the different partitions. My advice would be, if you want to increase the robustness of your protection, choose the best cipher (by your criteria) and then use as many different keys as makes you comfortable. Different ciphers without different keys may not actually increase the work factor very much because, once the key is discovered for one partition, it's pretty easy to try that key with all the different ciphers on the other partition.

The "best" cipher for you may be:The strongest that isn't too slow, or

The fastest that isn't too weak.In summary, different ciphers don't buy you that much just by being different. Different keys potentially buy you something. The weakest point in your system is likely going to be outside of both of those choices and lie realm of key management anyway: how do you protect the keys?

- John

----------

## kamilsok

Using two different ciphers seamed adequate because of the performance differences between Serpent (most secure) and AES (fastest). I would choose Serpent if I wasn't worried about the performance (hence usability) gap for i.e. compilation in tmp dir's. Unfortunately the above assumptions are based only on web-sourced benchmarks, not on tests performed on my platform. Maybe the gap between the two would be minimal and considered a non-factor for my every day work but currently I don't have time for such thorough testing. 

As for key mgmt I was planning on storing encrypted keys for each partition in a loopback device (best usability:security ratio as far as my insight on the subject goes) plus adding a pass-phrase as second, "backup" option.

----------

