[OpenAFS] fs setcrypt benchmarks?

Jim Rees rees@umich.edu
Tue, 03 Jun 2003 14:45:06 -0400


Using fcrypt adds a great deal of security.  It's one of the best things you
can do.

Without fcrypt, any passive snooper can read your files.  With it, today, a
determined adversary might be able to read your files, but is more likely to
abandon snooping in favor of social engineering, insider theft of tokens or
other local machine attacks, dictionary attacks on your password, etc.  Any
security feature that makes your adversary abandon an entire attack method
(snooping) is well worth doing.

The talk about fcrypt weakness mostly has to do with key size.  Nothing
really needs to be done about this today unless you are someone like Phil
Moore, who uses afs to store large sums of money (presumably).  He won't
talk about it but I'll bet he's using an extra layer of application
encryption any place he's really concerned about (so do I).

The reason for the talk is that we have to start working on the key size
now, so we'll be ready for the day when any teenager can crack fcrypt
session keys on his Playstation.  We have not yet reached that point.  Even
Gilmore hasn't built an fcrypt cracker yet.  And if he did, he wouldn't
spend a week of computer time to get a few hours of your, or my, afs
traffic.  He'd crack your password instead.