| What's the best encryption algorithm? As i said in another topic, i've been using the software DriveCrypt, which gives me the option to choose one algorithm between 11, and i'm not sure which one is the best, and how do they work.
If someone could help me one more time, i really appreciate.
Follow the algorithm.
- AES 256 bits
- Triple AES 768 bits
- Blowfish 256 bits
- Blowfish 448 bits
- Triple blowfish 1344 bits
- DES 56 bits
- Triple DES 168 bits
- Mysti1 128 bits
- Square 128 bits
- Tea (16 rounds 128 bits)
- Tea (32 rounds 128 bits) |
|
| I would avoid Triple AES and Triple blowfish. Running the same algorithm multiple times may result in less security then using the original algorithm one time. Some implementations of Triple DES have this problem, depending on how the keys are used. I have not heard of any research into "triple" versions of AES or blowfish. If it were me I'd choose AES. And I'd check into the implementation used by DriveCrypt. Many good encryption algorithms are rendered useless by poor implementations. |
|
 DanielPremium,MVM
join:2000-06-26
San Francisco, CA | reply to Dalai
First off, AES is not an algorithm -- it's a standard. But nitpicking aside, I agree that AES is very likely to give you what you need. The reason it's usually a good choice is because it was painstakingly selected using a number of criterion, including security, speed, etc.
Out of many, many contenders AES won out. Unless you have very specific needs, AES-256 is probably going to do everything you want.
--
dmiessler.com -- grep understanding knowledge |
|
Reviews:
 ·AcroVoice
| said by Daniel:First off, AES is not an algorithm -- it's a standard. But nitpicking aside, I agree that AES is very likely to give you what you need. The reason it's usually a good choice is because it was painstakingly selected using a number of criterion, including security, speed, etc. Out of many, many contenders AES won out. Unless you have very specific needs, AES-256 is probably going to do everything you want. Rjindeal won to become AES. |
|
| reply to Dalai
Thank you all. But i'm still confuse about somethings.
How about Blowfish 448 bits? Why should i go for AES 256, if blowfish 448 bits seems stronger, and is not triple?
Thanks again |
|
DanielPremium,MVM
join:2000-06-26
San Francisco, CA
1 edit | reply to Dalai
At these strength levels (256+ for most) it's not really an issue which is higher than the others. A 256-bit key length is just so incredibly large that adding to it becomes unnecessary given our current and foreseeable computer systems.
Only quantum-based attacks and/or an algorithm compromise could potentially break encryption at this level, and the former would break both and AES is more likely to stand up to an algorithm attack than Blowfish just because it's been scrutinized more.
I say AES-256.
--
dmiessler.com -- grep understanding knowledge |
|
 trparkyApple... YUMPremium,MVM
join:2000-05-24
Cleveland, OH
kudos:2
 ·Time Warner Cable
1 edit | As Daniel  said, EAS creates a key so very large that based upon the way computer technology is progressing, even the largest super computers would probably take the age of the universe and then some to crack it.
Trust me, there isn't anything better than AES-256.
--
Tom |
|
 SteveI know your IP addressConsultant
join:2001-03-10
Yorba Linda, CA
kudos:5 | I'm a big fan of ROT-2041  |
|
 yockTFTCPremium
join:2000-11-21
Miamisburg, OH
kudos:3 | I can achieve the same through Triple Rot-13, so there!  |
|
2 edits | reply to Dalai
Answer is much more simple:
Dont use any Drivecrypt products. They smell snakeoil. Having something like "military grade encryption" and "triple AES" and "triple blowfish" sounds 99% of snakeoil to me. Maybe they are ok, maybe not. But I would not use any products from a company that uses those kinds of expressions to describe their products, since that reflects hype and lack of knowledge of cryptography.
ALSO, the fact that they allow users to chooce encryption algorithms that are already broken (like TEA, Misty, DES) shows their lack of knowledge or careness.
Grap and use Truecrypt instead. Besides, Truecrypt is completely free, its open source and you can use algorithms like Twofish and Serpent also with it (not to mention you can use cascaded ciphers like Twofish-Serpent-AES).
--
My computer security & privacy related homepage »www.markusjansson.net
Use HushTools or GnuPG/PGP to encrypt any email before sending it to me to protect our privacy. |
|
|
|
DanielPremium,MVM
join:2000-06-26
San Francisco, CA | reply to Steve
said by Steve:I'm a big fan of ROT-2041 Sure, for woosies that can't use ROT-2042.
--
dmiessler.com -- grep understanding knowledge |
|
SteveI know your IP addressConsultant
join:2001-03-10
Yorba Linda, CA
kudos:5 | said by Daniel:Sure, for woosies that can't use ROT-2042. ROT-2042 is not a reversible cipher; N has to be an odd multiple of 13
--
Stephen J. Friedl | Unix Wizard | Microsoft Security MVP | Tustin, California USA | my web site |
|
yockTFTCPremium
join:2000-11-21
Miamisburg, OH
kudos:3 | Rot-2042 Would be the reverse of 2041. =) |
|
 nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7
 ·AT&T U-Verse
| reply to jansson_mark
Dont use any Drivecrypt products. They smell snakeoil. I don't have any personal knowledge of whether drivecrypt is a good product. But I have to agree with jansson_mark , that I would be turned off by the hype. I would probably go with truecrypt, or if I wanted a commercial product, with pointsec or with PGP whole disk encryption. |
|
 ABPremium
join:2006-04-04
Leesburg, VA
kudos:3
 ·Verizon Online DSL
| reply to trparky
said by trparky:As Daniel said, EAS creates a key so very large that based upon the way computer technology is progressing, even the largest super computers would probably take the age of the universe and then some to crack it. . . . This is of course assuming the correct combination is not arrived at until late in the process.
Nobody ever seems to consider that sometimes you could get 'cracked' right off, or early in the process, regardless of how tough that encryption is.
Sometimes, even a blind squirrel finds an acorn.
But that being said-- I'll stick with strong encryption.
I'm currently a fan of the 'AES-Twofish-Blowfish' combo, but given the thoughts in this thread, and some other things I've read, I'm seriously considering moving to simply AES-256. |
|
 SentinelPremium
join:2001-02-07
Florida
kudos:1 | reply to Dalai
I use SecureIt and I use the 448 Blowfish. Works for me.
But this is the first thread I've read where it makes me consider using AES 256 instead. So should I use Blowfish448 or AES 256? |
|
2 edits | reply to Dalai
Key size is not everything. Almost all of those algorithms, except AES & Square, are 64 bit block ciphers. They are more vulnerable to a birthday attack when you encrypt large amounts of data (bad for file encryption). (AES has a 128 bit blocksize). I would pick AES 256. |
|
DanielPremium,MVM
join:2000-06-26
San Francisco, CA | reply to Steve
said by Steve:said by Daniel:Sure, for woosies that can't use ROT-2042. ROT-2042 is not a reversible cipher Reversible? Who wants that? We're looking for security here.
--
dmiessler.com -- grep understanding knowledge |
|
DanielPremium,MVM
join:2000-06-26
San Francisco, CA | reply to Sentinel
said by Sentinel:But this is the first thread I've read where it makes me consider using AES 256 instead. So should I use Blowfish448 or AES 256? I suggest AES-256.
--
dmiessler.com -- grep understanding knowledge |
|
 WildcatboyInvisiblePremium,Mod
join:2000-10-30
Toronto, ON
kudos:2 | reply to Dalai
AES-256 and Truecrypt. |
|
