Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Is ccrypt AES 256 bit crypto secure enough?
Special Forums Cybersecurity Is ccrypt AES 256 bit crypto secure enough? Post 302887079 by Perderabo on Wednesday 5th of February 2014 01:33:39 PM
Old 02-05-2014
Yeah, but read that page the OP linked. It's only 2 sentences or so. It says "However, in the AES standard a 128-bit block size is used, whereas ccrypt uses a 256-bit block size." I don't understand how someone can read that and conclude that AES is in use.

gpg (gnu privacy guard) is open source and should be immune to the back door intentionally placed in prodcuts. Your link about key recovery is worrisome. But they need both ciphertext and plaintext to recover the key.

The word here at work is that we are required to AES-256 still. As long as I can convince a security auditor that AES-256 is in use I am covered. I can do that with gpg. I would not want to try with ccrypt.

AES-256 is a symmetric key algorithm. What symmetric key algorithm would you replace AES-256 with? Those longer keys you mention are usually associated with public key encryption.

Our mandate to use AES-256 ultimately comes from the US Department of Defense who seems to feel that it is adequate protection.
This User Gave Thanks to Perderabo For This Post:
Neo
 

5 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

encrypting file system using AES 256 bit

Experts, I am trying to encrypt my filesystem using the AES 256 bit type of encryption. I am using FreeBSD 5.4 and need to encrypt one of the mounted points. Does anybody have any good idea of how to do it? Is there any documentation about encrypting the disk partition as this method is more... (2 Replies)
Discussion started by: jimmynath
2 Replies

2. Programming

AES encryption

Hi, Any body can please point me to source code for implementing AES encryption in CTR mode i.e RFC 3686 (AES-CTR).I did googling but no good results. (6 Replies)
Discussion started by: Raom
6 Replies

3. Programming

JAVA AES keylength exception

I am developing a JAVA application that must encrypt its data. On my development machine, I can use a 256 bit key with no problem. A test machine throws an exception complaining about an illegal key length. The test machine is using JRE 1.6u21. Does anyone know where I can get a version of the JRE... (1 Reply)
Discussion started by: ilikecows
1 Replies

4. UNIX for Dummies Questions & Answers

Using sed with special characters produced from crypto

Hey there, I'm facing some weird issues with sed when trying to do substitution in a text file with the content of some environment variables. Those variables are used to store crypted (3DES) info with much special characters and that's where the problem starts. I've already tried to use both... (7 Replies)
Discussion started by: Jormun
7 Replies

5. Programming

Publish and Subscribe to AES-256 Encrypted MQTT Messages to Node-RED from PHP Scripts

Various Node-Red crypto modules do not work with PHP, so to send an encrypted message from a PHP script (in this case from a Ubuntu server) to Node-RED we need our own code. After a few hours of searching, testing various libs, more testing and debugging, I got this PHP to Node-RED code... (0 Replies)
Discussion started by: Neo
0 Replies

LEARN ABOUT FREEBSD

aesni

AESNI(4)						   BSD Kernel Interfaces Manual 						  AESNI(4)

NAME

     aesni -- driver for the AES accelerator on Intel CPUs

SYNOPSIS

     To compile this driver into the kernel, place the following lines in your kernel configuration file:

	   device crypto
	   device aesni

     Alternatively, to load the driver as a module at boot time, place the following line in loader.conf(5):

	   aesni_load="YES"

DESCRIPTION

     Starting with some models of Core i5/i7, Intel processors implement a new set of instructions called AESNI.  The set of six instructions
     accelerates the calculation of the key schedule for key lengths of 128, 192, and 256 of the Advanced Encryption Standard (AES) symmetric
     cipher, and provides a hardware implementation of the regular and the last encryption and decryption rounds.

     The processor capability is reported as AESNI in the Features2 line at boot.  The aesni driver does not attach on systems that lack the
     required CPU capability.

     The aesni driver registers itself to accelerate AES operations for crypto(4).  Besides speed, the advantage of using the aesni driver is that
     the AESNI operation is data-independent, thus eliminating some attack vectors based on measuring cache use and timings typically present in
     table-driven implementations.

SEE ALSO

     crypt(3), crypto(4), intro(4), ipsec(4), padlock(4), random(4), crypto(9)

HISTORY

     The aesni driver first appeared in FreeBSD 9.0.

AUTHORS

     The aesni driver was written by Konstantin Belousov <kib@FreeBSD.org>.  The key schedule calculation code was adopted from the sample pro-
     vided by Intel and used in the analogous OpenBSD driver.

BSD
								 September 6, 2010							       BSD
All times are GMT -4. The time now is 08:36 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy