when a algorithm is recommended is it secure ?

when an encryption algorythm is recommended by for example a govt. agency or security expert, does this mean that its already been cracked and so they have an vested interest in recommending it ?.

Gazzer.

 

I smell LOTS of FUD from this thread.

AES is not crackable.

If you use truecrypt's default encryption algorithm, encryption cannot be cracked. The weakest link in any encryption program is the human who knows the password. Read up on Rubbernose Cryptoanalysis. An adversary can fool you into believing that truecrypt can be cracked in order to fool you into giving up the password. Or they can torture you for the password. Or they already have so much evidence against you that not giving up your password is an obstruction of justice.

Either way, the weakest link in an encryption algorithm is the human who know the password rather than the algorithm. If you are using AES, which is used by the government and security agencies, chances are it is VERY VERY secure. Especially when police cannot even crack it.

 

but how do we know its not been cracked ? maybe they want us to believe its not been cracked to avoid us looking into more secure methods...... and give us a false sense of security

 

I'll bite, what in your view constitutes sound encryption methods?

 

if i already knew the answer i wouldnt need to ask

 

I understand your concern. Every time questions regarding which encryption algorithm to use get asked, "experts" come out of the woodwork recommending only AES. Unfortunately, it's not possible to directly answer your question. We have no way of knowing if some govt agency has a way of breaking AES. With questions like these, the line between paranoia and legitimate concern is not clear. The push to AES has me asking the same question.

Fortunately, AES is not your only option. Blowfish and Twofish are both good options. Both are unbroken. Both are unrestricted by patents or proprietary influence. Both are available to everyone. I've opted for Blowfish for my file/disk encryption needs. IMO, the fact that it's unbroken after 20 years speaks for itself.

edit:
Unless it's broken by design, the algorithm chosen is seldom the weak link in encryption. Encryption is only as secure as the system it's running on. If we're talking Windows, there's no doubt what the weak spot is.

 

thanks for your reply and everybody else who has replied. i am currently using twofish as implemented by roboform, i have no idea about whether its correctly implemented or not mainly because i dont have the knowledge or understanding to tell the difference. all i want and i suspect many think alike is a good algo where i can just select and trust its right without needing to tweak or change any settings and possible mess things up and be LESS secure

 

a) How do we "no way of knowing if some govt agency has a way of breaking AES", yet we do know Blowfish and Twofish haven't been broken?

b) For what it's worth, here's Schneier on AES.

c) Blowfish doesn't seem so safe after all...

Depends on what you mean by that. If you just mean the way Windows might store key information in hibernation files or other places on the system partition, that's just simply a matter of maintaining good security protocol. Either encrypt the whole drive, or use a secure environment like Ubuntu Privacy Remix. But simply inferring that Windows is the weak spot in an encryption scheme is kind of disingenuous.