encryption algorithm question

Hello.
I found this forum quite interesting in the past, but just registered now because i have a question...

I now use a password manager (Sticky password, don't know if it's quite as secure as others, but it works and it's easy to work with) and it encrypts the password database. I also can choose the encryption algorithm, wich right now it's set on AES 256 because i know from a little research this one it's good.

But upon updating and taking a closer look i found some other algorithms: BlowFish 448, TwoFish 256, Gost 256, Sapphire II 8192, Diamon II 2048, Frog 1000, Scoop 384 bit. As i can remember most of them are crackable in some degree or theoretical at least, but Sapphire II and Diamon II, what is it with those ? can't find any data on how strong they are... and a 8192 algorithm ?!

 

Use AES-256 Bit as it is the most common and proven algorithm. Serpent 256 Bit would be the next choose as it is technically stronger but slower (which is why it didn't win the AES competition) and than the final choose would be two-fish 256-BIT which was third place as it was slower and *Theoretically* weaker. All three are proven and yet to be broken. I would not trust the rest as they are unheard of (I cannot find much detail on them at all) and unproven.

 

Blowfish is an algorithm by Bruce Schneier that is still secure but offers zero advantages over AES. Twofish is the successor to Blowfish and was entered in the AES contest. It didn't win and Schneier says he recommends people use AES instead.

GOST is a Russian cipher that is probably secure, but offers zero advantages over AES.

Sapphire is a stream cipher. I had never heard of it until I googled it. Since it seems to be a rather obscure cipher, I wouldn't trust it. You only want to trust ciphers that have been well analyzed by experts over a number of years, and I doubt Sapphire has been given much thought by cryptanalysts.

FROG is on Wikipedia and apparently has issues with weak keys. Again, it likely hasn't been analyzed that much, so it's strength is questionable.

Bottom line: only trust ciphers that have been well analyzed by experts over a number of years. The only cipher in the list that really fits that criteria is AES -- it has been well analyzed by many people in the field for over 10 years now. Blowfish and Twofish have a decent amount of analysis behind them as well, but not as much as AES.

The mere fact that these software developers included all these obscure ciphers tells me they don't really understand what it is they're doing. The cipher is usually the strongest part of the security chain, thus there is no reason to include anything but AES.

 

I disagree, there should always be alternatives. Monopolies are never good for the end user.

You can also use 2 different algorithms together for more security.

 

Agreed. I use cascades when ever possible with the sole exception of FDE because that is where performance gets hit the most.

 

Suggesting there should be alternatives means you question AES. Do you have any reason to distrust AES?

The security benefit of chaining two ciphers together is extremely marginal [1]. In some cases, cascading two ciphers will actually make it weaker. The truth is, when you introduce a superencryption system consisting of two different block ciphers that were not designed to be used this way, you are doing something that has not been well studied by cryptographers.

The bottom line: Superencryption can make a system more secure, or it might not. The devil is in the details. One thing we do know is that it greatly increases the complexity of the system which leaves a lot of room for the programmer to make an error. You're better off using one well examined cipher.

1) Cascade Encryption Revisited, Peter Gazi and Ueli Maurer

 

I don't distrust it. My point is that it should never be the only one choice.

Surely you don't trust monopolies?

 

Now I am scared of my Cascade encrypted HDD. Do you think I should decrypt and re-encrypt with just AES? I am using TC w/AES-TWOFISH-SERPENT but I never saw that above article before and it makes a good point.

 

@x942: Take a look at some of the conclusion on the same article:

 

first, so i won't change the AES (i too didn't know about Sapphire and Diamon, that is why i posted).

Second, in my oppinion there is no real gain on cascade encryption because if you get stronger encryption (wich, you might or might not), you lose quite some time on it while encrypting large files or hdds. Plus, i think it's theoretically possibile you might even give a hole thru wich the hacker could get in (thru software bugs / encryption algorithm weekness etc). Sorry if i'm mistaken, ain't quite a master of this. J L states this and sais a second encryption won't do any good, maybe when you reach like... 4-5 cascades, wich is quite time consuming.

 

Well that's better But next time I encrypt it I think I am going to stick with AES for the reasons mentioned above (programing and implementation errors). Thanks for clearing it up

X942

 

There's no real point in comparing algorithms that haven't been broken. As mentioned earlier, it's the strongest link in the chain. The real weakness is the operating system it's being used with. Unless you've taken the time to really go through your system and harden it, strong encryption on Windows is like adding a steel link to a paper chain.

 

Before making any assumptions about cascading 2 encryption algorithms, consider this:
1) You encrypt some data with a cryptographic secure algorithm, then you encrypt the resulting data with another secure algorithm. How is it possible for this operation to DECREASE the security of the final data ?
2) You encrypt some data with a cryptographic secure algorithm, then you encrypt the resulting data with an INSECURE algorithm. How is it possible for this operation to DECREASE the security of the final data ?

I'd say that in both cases the data is perfectly safe. The problem with cascading is not related to the cascading itself but with the increased complexity in the encryption system. But if the system is well written, it shouldn't be a problem.

 

Remember, the algorithm is relevant to the datatype you are encrypting, and can have counter-intuitive results. You can't trust the cipher bit numbers, they are a misleading statistic. For example, AES-128 is "stronger" than AES-256 depending on the datatype and conditions and attacks. If you aren't a cryptologist, it is just smarter to consult the major crypto associations on what type of crypto to implement.

 

Twofish has some interesting inner workings, too bad it didn't win =/

Schneier wrote about this on his site. It isn't as straight forward as the above example though:

From wikipedia:
To prevent this kind of attack, one can use the method provided by Bruce Schneier in the references below: generate 2 random pads of the same size of the plaintext, XOR the plaintext with the first pad , then XOR the result with the second pad, resulting in a first ciphertext. Encrypt each pad with a different cipher and a different key, resulting in 2 more ciphertexts. Concatenate all 3 ciphertexts in order to build the final ciphertext. A cryptanalyst must break both ciphers to get any information. This will, however, have the drawback of making the ciphertext three times as long as the original plaintext.

 

According to the situation among wikileaks and the government, the AES256 is the world hardest encryption to be crack. Even if you use thousands of super computers, it will take million of years to brute force it. However it was said that, the CIA found the backdoor of AES256.

 

Link please

 

Will mail it on the post, one i find the articles in guardians.co.uk or simply see wikileaks.ch

 

Here is a perfect example: Dropbox is encrypted by AES256, see what they about the Terms.

Compliance with Laws and Law Enforcement
As set forth in our privacy policy, and in compliance with United States law, Dropbox cooperates with United States law enforcement when it receives valid legal process, which may require Dropbox to provide the contents of your private Dropbox. In these cases, Dropbox will remove Dropbox’s encryption from the files before providing them to law enforcement.

https://www.dropbox.com/terms/#security

"Dropbox employees aren’t able to access user files," this is what they said before.

^This actually proves that there are backdoor to AES256

 

It is not a backdoor what DropBox is using to decrypt your files, they are using your password/private key. If you give me the password to your encrypted files for safekeeping, I will be able to decrypt your AES256bit files too.

 

It amazes me how statements lead people to some absolutely bizarre conclusions. How can you make the leap from that statement that AES256 is backdoored? No one would use it if it was backdoored and a real backdoor couldn't be kept a secret for very long.