Announcement

Collapse
No announcement yet.

Fscrypt's Adiantum Sent In For Linux 4.21 For Speedy Disk Encryption On Low-End Hardware

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Fscrypt's Adiantum Sent In For Linux 4.21 For Speedy Disk Encryption On Low-End Hardware

    Phoronix: Fscrypt's Adiantum Sent In For Linux 4.21 For Speedy Disk Encryption On Low-End Hardware

    Waiting until the last day of the Linux 4.21 kernel merge window, Ted Ts'o sent in the fscrypt changes today adding Adiantum crypto support to this file-system encryption framework currently used by F2FS and EXT4...

    http://www.phoronix.com/scan.php?pag...iantum-Sent-In

  • #2
    Typo:

    Originally posted by phoronix View Post
    Adiantum can perform well on low-emd ARM Cortex processors,

    Comment


    • #3
      I'll be working on some Adiantum fscrypt encrypted storage benchmarks soon.
      Michael, a couple tips in case you don't know already --- for meaningful results, make sure to enable all the relevant accelerated crypto algorithms in the kernel config for each architecture: CONFIG_CRYPTO_AES_*, CONFIG_CRYPTO_NHPOLY1305_* and CONFIG_CRYPTO_CHACHA20_*. Also for each result, mention the algorithm implementation that fscrypt used, e.g. "adiantum(xchacha12-neon,aes-arm,nhpoly1305-neon)". You can get this by running dmesg | grep 'fscrypt: .* using implementation'.

      Also in the event that you test Adiantum with dm-crypt too, note that with dm-crypt Adiantum is primarily intended to be used with a 4K dm-crypt sector size, not the default of 512. E.g. with cryptsetup v2.0.6+: cryptsetup luksFormat --type luks2 --sector-size 4096 -c xchacha12,aes-adiantum-plain64 -s 256 <device>

      Comment


      • #4
        This should be really good for people like me running encrypted disks connected directly to ARM-based routers.

        Although one wonders how secure ChaCha really is. Anything that runs fast and efficient in software could possibly be attacked very quickly with high-end hardware.

        Comment


        • #5
          Although one wonders how secure ChaCha really is. Anything that runs fast and efficient in software could possibly be attacked very quickly with high-end hardware.
          Ciphers optimized for software aren't fundamentally less secure than ciphers optimized for hardware. If anything, the better performance allows doing more rounds in less time, increasing the cryptographic strength. In the case of ChaCha, the best known attack makes it through only 7 rounds, with a time complexity of 2235. Thus ChaCha12, the variant that Adiantum uses, actually has a higher security margin than AES-256. The Adiantum template in Linux may also be instantiated with ChaCha20, which has an even higher security margin.

          Comment


          • #6
            ebiggers Did you considered to call it "Adamantium"? I bet it would boost it's popularity significantly.

            Comment


            • #7
              Adamantium will probably become the nick name of the Chacha20 variation :-D

              Comment


              • #8
                Hi, All

                Wanted to ask if it would be possible to use the Poly1305 performance enhancement for CJDNS on ARM ?

                https://github.com/cjdelisle/cjdns/b.../Whitepaper.md

                Comment

                Working...
                X