when should Serpent or Twofish be used?

Discussion in 'privacy technology' started by nmaynan, Jan 5, 2009.

Thread Status:
Not open for further replies.
  1. nmaynan

    nmaynan Registered Member

    Mar 2, 2008
    After reading posts from the knowledgeable encryption guys at Wilders, they say to use AES as this is the best general purpose algorithm around. Most say that there are some specific scenarios where serpent or twofish would be better though.

    What are some of the few scenarios (out of curiosity) where Twofish or Serpent would be a better choice than AES? Why are they a better choice in these limited instances--is it due to esoteric stuff about the design or is it comprehendable to me?
  2. SteveTX

    SteveTX Registered Member

    Mar 27, 2007
    The short answer:

    It doesn't matter if you are using TwoFish, Rijndael (AES), or Serpent, and long as they are properly implemented. Serpent is the slowest, Rijndael is the fastest.

    The longer answer:

    All will be virtually impossible to break for a long time. Unless you are encrypting millions of messages a day, it won't matter what their hardware/software speed is to you. You will never notice the difference.

    Rijndael has a timing attack that can be performed on it, but not in a trivial or surreptitious manner that would render your messages or files readable. It requires a specific setup and detection method which does not lend itself to being a pragmatic attack vector.
  3. LockBox

    LockBox Registered Member

    Nov 20, 2004
    To add to what Steve said, the other difference is initial encryption if using OTFE. For example, if you're encrypting a partition or drive with TrueCrypt, using AES is much faster on initial encryption than Serpent. TC offers a benchmark tool to test the difference on your computer. But that's just a one time deal.
  4. Leonid

    Leonid Registered Member

    Dec 23, 2008
    According to TC developers Serpent is significantly slower then AES or Twofish when it comes to system encryption. System encryption is painfully slow anyway. So, I never even tried to use Serpent for it. Don't have enough time to. It's hard to do it. I have to be around, monitoring everything, making sure that nobody spots what I am doing. :D
  5. n33m3rz

    n33m3rz Registered Member

    Jan 10, 2009
    Serpent is much stronger than AES. AES is much faster than Serpent. Either of them should work just about as well. If you are super paranoid use Serpent. You wont notice much speed difference unless you are doing high intensity stuff.
Thread Status:
Not open for further replies.