Language Selection

English French German Italian Portuguese Spanish

Disk Encryption for Low-End Hardware

Filed under
Linux
Security

Unfortunately, they were not able to find any existing encryption algorithm that was both fast and secure, and that would work with existing Linux kernel infrastructure. They, therefore, designed the Adiantum encryption mode, which they described in a light, easy-to-read and completely non-mathematical way.

Essentially, Adiantum is not a new form of encryption; it relies on the ChaCha stream cipher developed by D. J. Bernstein in 2008. As Eric put it, "Adiantum is a construction, not a primitive. Its security is reducible to that of XChaCha12 and AES-256, subject to a security bound; the proof is in Section 5 of our paper. Therefore, one need not 'trust' Adiantum; they only need trust XChaCha12 and AES-256."

Eric reported that Adiantum offered a 20% speed improvement over his and Paul's earlier HPolyC encryption mode, and it offered a very slight improvement in actual security.

Eric posted some patches, adding Adiantum to the Linux kernel's crypto API. He remarked, "Some of these patches conflict with the new 'Zinc' crypto library. But I don't know when Zinc will be merged, so for now, I've continued to base this patchset on the current 'cryptodev'."

Read more

Google Created Faster Encryption for Low-End Android Phones

  • Google Created Faster Encryption for Low-End Android Phones and IoT Devices

    Low-resource Android phones and IoT devices don’t have the processing power to use modern encryption services, which makes them vulnerable to hacking. That’s why Google is introducing Adiantum, a super-fast encryption standard for low-resource Android devices.

    Popular Android phones, like the Google Pixel or anything from the Samsung Galaxy line, are built around the Advanced Encryption Standard (AES). With the AES, all of the information on your phone is encrypted and only verified users can access the data. But a lot of Android phones and smart devices can’t use the AES because they don’t have enough processing power to quickly encrypt and decrypt information. Plus, they usually don’t have built-in security features, like fingerprint scanners or iris scanners. This leaves low-resource Android devices, including smart watches and IOT products, very easy to compromise.

Google Details Their New Adiantum Encryption For Low-End Android

  • Google Details Their New Adiantum Encryption For Low-End Android Devices

    With the upcoming Linux 5.0 kernel release there is initial support for Adiantum and implemented within the fscrypt file-system encryption framework in Google's pursuit to offering more viable data encryption on low-end Android devices.

    Google engineers began working on Adiantum following the fall-out from their plans for using the NSA-developed Speck for encryption on low-end devices, with Speck widely believed to have been backdoor'ed by the National Security Agency.

More on Friday

  • Google Launches ‘Adiantum’ To Faster Encrypt Low Spec Devices

    Google has unveiled a new form of encryption called Adiantum, which is specifically designed to encrypt data on budget smartphones and other devices that come with low processing power.

    Encryption is essential for security and privacy but it always comes with a trade-off in the form of speed as it can take a toll on the system resources. This issue can slow down a device to an extent where the device becomes practically unusable.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Fedora 30 Workstation review - Smarter, faster and buggier

Fedora 30 is definitely one of the more interesting releases of this family in a long-time. It brings significant changes, including solid improvements in the desktop performance and responsiveness. Over the years, Fedora went from no proprietary stuff whatsoever to slowly acknowledging the modern needs of computing, so now it gives you MP3 codecs and you can install graphics drivers and such. Reasonable looks, plus good functionality across the board. However, there were tons of issues, too. Printing to Samba, video screenshot bug, installer cropped-image slides, package management complications, mouse cursor lag, oopses, average battery life, and inadequate usability out of the box. You need to change the defaults to have a desktop that can be used in a quick, efficient way without remembering a dozen nerdy keyboard shortcuts. All in all, I like the freshness. In general, it would seem the Linux desktop is seeing a cautious revival, and Fedora's definitely a happy player. But there are too many rough edges. Well, we got performance tweaks after so many years, and codecs, we might get window buttons and desktop icons one day back, too. Something like 6/10, and definitely worth exploring. I am happy enough to do two more tests. I will run an in-vivo upgrade on the F29 instance on this same box, and then also test the distro on an old Nvidia-powered laptop, which will showcase both the support for proprietary graphics (didn't work the last time) and performance improvements, if they scale for old hardware, too. That's all for now. Read more

Events: Automotive at LF, Linux Clusters Institute, Linux Plumbers Conference (LPC)

  • Automotive Linux Summit and Open Source Summit Japan Keynote Speakers and Schedule Announced
    The Linux Foundation, the nonprofit organization enabling mass innovation through open source has announced the speaker line up for Open Source Summit Japan and Automotive Linux Summit. One registration provides access to all content at both events, which will be held July 17-19 at the Toranomon Hills Forum in Tokyo. Open Source Summit Japan (OSSJ) and Automotive Linux Summit (ALS) will bring together top talent from companies on the leading edge of innovation including Toyota Motor Corporation, Uber, Intel, Sony, Google, Microsoft and more. Talks will cover a range of topics, with ALS talks on everything from infrastructure and hardware to compliance and security; and OSSJ sessions on AI, Linux systems, cloud infrastructure, cloud native applications, open networking, edge computing, safety and security and open source best practices.
  • Register Now for the 2019 Introductory Linux Clusters Institute Workshop
    Registration is now open for the 2019 Linux Clusters Institute (LCI) Introductory Workshop,which will be held August 19-23, 2019 at the Rutgers University Inn & Conference Center in New Brunswick, NJ. This workshop will cover the fundamentals of setting up and administering a high-performance computing (HPC) cluster and will be led by leading HPC experts.
  • Additional early bird slots available for LPC 2019
    The Linux Plumbers Conference (LPC) registration web site has been showing “sold out” recently because the cap on early bird registrations was reached. We are happy to report that we have reviewed the registration numbers for this year’s conference and were able to open more early bird registration slots. Beyond that, regular registration will open July 1st. Please note that speakers and microconference runners get free passes to LPC, as do some microconference presenters, so that may be another way to attend the conference. Time is running out for new refereed-track and microconference proposals, so visit the CFP page soon. Topics for accepted microconferences are welcome as well.

Security Leftovers

  • Security updates for Wednesday
  • Illumos-Powered OmniOS Gets Updated Against MDS / ZombieLoad Vulnerabilities
    While it was just earlier this month that the OpenSolaris/Illumos-based OmniOS saw a big LTS release, it's already been succeeded by a new release given the recent Intel MDS / Zombieload CPU vulnerabilities coming to light. There are new spins of OmniOS for all supported releases. These new OmniOS Community Edition releases mitigate against the Multiarchitectural Data Sampling (MDS) vulnerabilities and also bundle in the updated Intel CPU microcode.
  • Hackers Hack A Forum For Hacked Accounts: Here’s How
    A group of hackers failed to deploy security mechanisms to secure the storage where they store hacked accounts and another hacker group hacked it. The story is indeed funny and real. Infamous forum named OGUSERS which is popular amongst hackers for obtaining “OG” Instagram, Twitter usernames, hacked accounts of Domino’s Pizza, Steam, PlayStation Network, and other online accounts was hacked by a hacker group and its data was published in another hacker forum.
  • Security Announcement: Disabling SMT by default on affected Intel processors
    This is an important announcement with an upcoming change in the next Core Update of IPFire. Because of the recent vulnerabilities in Intel processors, the IPFire team has decided, that - to keep systems as secure as possible - Simultaneous Multi-Processing (SMT) is automatically disabled if the processor is vulnerable to one of the attacks. SMT is also called Intel(R) Hyper-Threading Technology and simulates more virtual cores than the system has. This allows to perform faster processing when applications benefit from it. Unfortunately with networking, we benefit from that. Therefore the effect of disabling SMT will be a very signifiant performance impact of around 30% or more. Applications that will be affected in IPFire are the firewall throughput itself as well as other CPU and memory-bound tasks like the web proxy and the Intrusion Prevention System. On systems that are not vulnerable for this attack, SMT is being left enabled. If you still want to disable it, please do so in the BIOS of your firewall.

Android Leftovers