encrypted root filesystem

Christophe Devine devine at iie.cnam.fr
Tue Feb 24 07:28:02 PST 2004

Ian Molton <spyro at f2s.com> wrote:

> > No, they're not.  You should be ashamed of yourself for posting such a
> > comment.

> I remain unconvinced. encrypting an entire filesystem gives you loads of
> known plaintext (and binaries, potentially).

This is right. However even with 2^64 known plaintext/ciphertext couples,
cryptographers are unable to crack the key used to encrypt the media. At
the moment, the best attack method we know is by brute-forcing the keyspace,
which cannot be achieved: there simply isn't enough computing power in the
whole universe to crack an AES-128 key by brute force.

More information about the hlfs-dev mailing list