JAXx
aka Stephen
Premium
join:2000-03-31
New York, NY
 ·VOIPo
 ·Time Warner Cable
·RoadRunner Cable
| which encryption algorithms are best?
I realize this might be a difficult question as there may be pros and cons to all encryption algorithms,(speed vs security, etc) but I would still appreciate it if anyone can speak to the issue of choosing the best algorithm (between AES256, triple AES, Blowfish, Triple blowfish, Tea 16, Tea 32, IDEA, DES, Triple DES, Square and Misty 1.
Also I know an algorithm is only as secure as your passphrase, but that's a different topic.
Thanks |
|
SiliconSquid
join:2003-08-08
Pinellas Park, FL
| TripleAES is the new "standard" for encryption. Try to use this algorithm if at all possible. For all encryption, time is the true test. The longer an encryption protocol lasts, the stronger and more tested it is. Of course with longer keys and better math, newer crypto comes out but can it stand the test of time? We shall see. Hope this helps. BTW, Blowfish isn't bad. |
|
gkweb
join:2003-06-09
76800 | reply to JAXx
It isn't TripleAES but just "AES".
They were 15 cryptographic algorithm suggested to NIST and RijnDael was the winner, and became AES, Advanced Encrypted System.
Don't confuse with 3DES (TripleDES). |
|
B
Premium,MVM
join:2000-10-28
| For more info on the AES process check back issues of Schneier's Crypto-Gram at »www.counterpane.com/crypto-gram.html .
He's the author of Blowfish and Twofish -- the latter was an AES finalist and arguably a stronger choice than Rijndael...
-- B |
|
jansson_mark
Markus Jansson
Premium
join:2001-08-05
Finland
|  reply to JAXx
My 5 cents...
For starters, please read
 »www.markusjansson.net/esecuring.html#secure
There is no such algorithm as TripleAES. Using same encryption algorithm more than once adds security ONLY if that algorithm is not a "group". From DES we know that it isnt a "group" but we dont know about AES. If its "group", then using 3x or 60x encryption might actually LOWER the strenght, since additional encryptions might actually "decrypt" the data.
AES256
Good, fast and USA goverment has approved it to be used with "Top Secret" data so yes, I bet it is secure. Also, its so well known today and will be used for long time, so it will be putted under tests that if some hole is in it, its likely that it will be found.
triple AES
Is it a group or not? AES256 gives more than enought protection anyway, no need to use this.
Blowfish,
As good as AES256 or perhaps slightly better? Its old algorithm and no real attacks have been made against it.
Triple blowfish
Is Blowfish a group or not? I wouldnt trust this one. Besides, Blowfish448 gives more than enought protection, so you dont need this.
Tea 16, Tea 32,
Not very secure, but very fast. I would use these at all.
IDEA
Good, old and pretty rugged, however, some advance has been made on cracking it. There are better alternatives out there...
DES, Triple DES
Old, rugged and reliable, but very slow. DES is cracked long time ago and it should NOT be used at all! 3DES is, however very conservative and pretty secure choise.
Square and Misty 1.
Hard to tell really. There are no "bonus" in using these, so better just stick to AES.
PS. the most important thing is the IMPLEMENTATION of the cipher and the passphrase. It doesnt matter what cipher it has or how good is your passphrase if the program that uses them sucks and has bugs, holes and doesnt "really" properly encrypt what you want.
--
My computer security & privacy related homepage
»www.markusjansson.net
[text was edited by author 2003-08-08 15:41:36] |
|
B
Premium,MVM
join:2000-10-28 | Markus, care to add your sixth cent about Twofish? (The Blowfish author must think it's better since he proposed it as AES.)
-- B |
|
jansson_mark
Markus Jansson
Premium
join:2001-08-05
Finland
| said by B  :
Markus, care to add your sixth cent about Twofish?
From what I have read, Twofish is even better than Blowfish. Bruce took few tips and tweaks and ideas and created Twofish based on the research and knowledge that where gained from Blowfish. Its excellent algorithm. Somehow I littlebit dislike AES (paranoia?) and like Twofish even better.
The only "problem" with Twofish is that its not that well examined and wont be as well examined as AES will be. So there "might be" some vulnerabilities in it that the public does not know and will never know. But then again, AES might have some vulnerabilities that only NSA knows about (and thats why they *choosed* that Rijdael is to be used as AES). We really cant know for sure.
My main PGPkey uses Twofish-256 for symmetric cipher and 16000bit RSA for asymmetric cipher (+ SHA-512 for hashing). Go ahead and crack that one out my friend... 
--
My computer security & privacy related homepage »www.markusjansson.net |
|
cavileer
join:2003-06-05
Indiana, PA
| reply to JAXx
Re: which encryption algorithms are best?
TwoFish is thought of as more secure then AES but also a little bit slower. Keep in mind that many criteria were taken into consideration to select the new AES and security was just one of those...speed being another. If i had the option between AES 256 or TwoFish 256 i would go with TwoFish. Better yet, if i had the option of Serpent i would go with that! However, from the original post and the list of encryption algos, it sounds like the user is using DriveCrypt. Therefore, if the user wants a safe algo that is pretty fast i would stick with AES 256 or Blowfish.
However, and i can't stress this enough..... i doesn't matter which Algo you choose if you have poor pass phrases. Implimentation of the software and good strong pass words/phrases is just, IF NOT more important then selecting from various well know Algos.
One last point, stay away from software that uses propritary encryption algos. Make sure you always use an open or tested encryption algo like the ones i have talked about here.
P.S. - on triple DES, as far as an encryption algo that has been attached and attacked..3DES has stood up to the test of time..the most important factor in determining an algos resistence to attacks and exploits. Don't be affraid to use 3DES if your using a newer, relativly fast computer. 3DES has the MOST testing behind it and it has shown to be secure. This might change someday, but this day may come for any Algo. Stay away from just regular DES, i don't think anyone really uses it anymore..triple or 3 DES is the secure one.
Peace,
C
[text was edited by author 2003-08-08 16:42:53] |
|
