encryption algorithm question

Discussion in 'privacy technology' started by Dotuletz, Apr 11, 2011.

Thread Status:
Not open for further replies.
  1. Dotuletz

    Dotuletz Registered Member

    Joined:
    Apr 11, 2011
    Posts:
    2
    Hello.
    I found this forum quite interesting in the past, but just registered now because i have a question...

    I now use a password manager (Sticky password, don't know if it's quite as secure as others, but it works and it's easy to work with) and it encrypts the password database. I also can choose the encryption algorithm, wich right now it's set on AES 256 because i know from a little research this one it's good.

    But upon updating and taking a closer look i found some other algorithms: BlowFish 448, TwoFish 256, Gost 256, Sapphire II 8192, Diamon II 2048, Frog 1000, Scoop 384 bit. As i can remember most of them are crackable in some degree or theoretical at least, but Sapphire II and Diamon II, what is it with those ? can't find any data on how strong they are... and a 8192 algorithm ?!
     
  2. x942

    x942 Guest

    Use AES-256 Bit as it is the most common and proven algorithm. Serpent 256 Bit would be the next choose as it is technically stronger but slower (which is why it didn't win the AES competition) and than the final choose would be two-fish 256-BIT which was third place as it was slower and *Theoretically* weaker. All three are proven and yet to be broken. I would not trust the rest as they are unheard of (I cannot find much detail on them at all) and unproven.
     
  3. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    Blowfish is an algorithm by Bruce Schneier that is still secure but offers zero advantages over AES. Twofish is the successor to Blowfish and was entered in the AES contest. It didn't win and Schneier says he recommends people use AES instead.

    GOST is a Russian cipher that is probably secure, but offers zero advantages over AES.

    Sapphire is a stream cipher. I had never heard of it until I googled it. Since it seems to be a rather obscure cipher, I wouldn't trust it. You only want to trust ciphers that have been well analyzed by experts over a number of years, and I doubt Sapphire has been given much thought by cryptanalysts.

    FROG is on Wikipedia and apparently has issues with weak keys. Again, it likely hasn't been analyzed that much, so it's strength is questionable.

    Bottom line: only trust ciphers that have been well analyzed by experts over a number of years. The only cipher in the list that really fits that criteria is AES -- it has been well analyzed by many people in the field for over 10 years now. Blowfish and Twofish have a decent amount of analysis behind them as well, but not as much as AES.

    The mere fact that these software developers included all these obscure ciphers tells me they don't really understand what it is they're doing. The cipher is usually the strongest part of the security chain, thus there is no reason to include anything but AES.
     
  4. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    I disagree, there should always be alternatives. Monopolies are never good for the end user.

    You can also use 2 different algorithms together for more security.
     
  5. x942

    x942 Guest

    Agreed. I use cascades when ever possible with the sole exception of FDE because that is where performance gets hit the most.
     
  6. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    Suggesting there should be alternatives means you question AES. Do you have any reason to distrust AES?

    The security benefit of chaining two ciphers together is extremely marginal [1]. In some cases, cascading two ciphers will actually make it weaker. The truth is, when you introduce a superencryption system consisting of two different block ciphers that were not designed to be used this way, you are doing something that has not been well studied by cryptographers.

    The bottom line: Superencryption can make a system more secure, or it might not. The devil is in the details. One thing we do know is that it greatly increases the complexity of the system which leaves a lot of room for the programmer to make an error. You're better off using one well examined cipher.

    1) Cascade Encryption Revisited, Peter Gazi and Ueli Maurer
     
  7. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    I don't distrust it. My point is that it should never be the only one choice.

    Surely you don't trust monopolies?
     
  8. x942

    x942 Guest

    Now I am scared of my Cascade encrypted HDD. Do you think I should decrypt and re-encrypt with just AES? I am using TC w/AES-TWOFISH-SERPENT but I never saw that above article before and it makes a good point.
     
    Last edited by a moderator: Apr 12, 2011
  9. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    @x942: Take a look at some of the conclusion on the same article:
     
  10. Dotuletz

    Dotuletz Registered Member

    Joined:
    Apr 11, 2011
    Posts:
    2
    first, so i won't change the AES :) (i too didn't know about Sapphire and Diamon, that is why i posted).

    Second, in my oppinion there is no real gain on cascade encryption because if you get stronger encryption (wich, you might or might not), you lose quite some time on it while encrypting large files or hdds. Plus, i think it's theoretically possibile you might even give a hole thru wich the hacker could get in (thru software bugs / encryption algorithm weekness etc). Sorry if i'm mistaken, ain't quite a master of this. J L states this and sais a second encryption won't do any good, maybe when you reach like... 4-5 cascades, wich is quite time consuming.
     
  11. x942

    x942 Guest

    Well that's better :thumb: But next time I encrypt it I think I am going to stick with AES for the reasons mentioned above (programing and implementation errors). Thanks for clearing it up :thumb:

    X942
     
  12. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,873
    Location:
    New England
  13. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    There's no real point in comparing algorithms that haven't been broken. As mentioned earlier, it's the strongest link in the chain. The real weakness is the operating system it's being used with. Unless you've taken the time to really go through your system and harden it, strong encryption on Windows is like adding a steel link to a paper chain.
     
  14. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Before making any assumptions about cascading 2 encryption algorithms, consider this:
    1) You encrypt some data with a cryptographic secure algorithm, then you encrypt the resulting data with another secure algorithm. How is it possible for this operation to DECREASE the security of the final data ?
    2) You encrypt some data with a cryptographic secure algorithm, then you encrypt the resulting data with an INSECURE algorithm. How is it possible for this operation to DECREASE the security of the final data ?

    I'd say that in both cases the data is perfectly safe. The problem with cascading is not related to the cascading itself but with the increased complexity in the encryption system. But if the system is well written, it shouldn't be a problem.
     
  15. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    Remember, the algorithm is relevant to the datatype you are encrypting, and can have counter-intuitive results. You can't trust the cipher bit numbers, they are a misleading statistic. For example, AES-128 is "stronger" than AES-256 depending on the datatype and conditions and attacks. If you aren't a cryptologist, it is just smarter to consult the major crypto associations on what type of crypto to implement.
     
  16. pwr

    pwr Registered Member

    Joined:
    Dec 1, 2006
    Posts:
    70
    Twofish has some interesting inner workings, too bad it didn't win =/

    Schneier wrote about this on his site. It isn't as straight forward as the above example though:

    From wikipedia:
    To prevent this kind of attack, one can use the method provided by Bruce Schneier in the references below: generate 2 random pads of the same size of the plaintext, XOR the plaintext with the first pad , then XOR the result with the second pad, resulting in a first ciphertext. Encrypt each pad with a different cipher and a different key, resulting in 2 more ciphertexts. Concatenate all 3 ciphertexts in order to build the final ciphertext. A cryptanalyst must break both ciphers to get any information. This will, however, have the drawback of making the ciphertext three times as long as the original plaintext.
     
    Last edited: Apr 19, 2011
  17. doctorlink

    doctorlink Registered Member

    Joined:
    May 8, 2011
    Posts:
    23
    According to the situation among wikileaks and the government, the AES256 is the world hardest encryption to be crack. Even if you use thousands of super computers, it will take million of years to brute force it. However it was said that, the CIA found the backdoor of AES256.
     
  18. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    :eek: Link please :thumb:
     
  19. doctorlink

    doctorlink Registered Member

    Joined:
    May 8, 2011
    Posts:
    23
    Will mail it on the post, one i find the articles in guardians.co.uk or simply see wikileaks.ch
     
  20. doctorlink

    doctorlink Registered Member

    Joined:
    May 8, 2011
    Posts:
    23
    Here is a perfect example: Dropbox is encrypted by AES256, see what they about the Terms.

    Compliance with Laws and Law Enforcement
    As set forth in our privacy policy, and in compliance with United States law, Dropbox cooperates with United States law enforcement when it receives valid legal process, which may require Dropbox to provide the contents of your private Dropbox. In these cases, Dropbox will remove Dropbox’s encryption from the files before providing them to law enforcement.

    https://www.dropbox.com/terms/#security

    "Dropbox employees aren’t able to access user files," this is what they said before.

    ^This actually proves that there are backdoor to AES256

    :ouch:
     
  21. box750

    box750 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    259
    It is not a backdoor what DropBox is using to decrypt your files, they are using your password/private key. If you give me the password to your encrypted files for safekeeping, I will be able to decrypt your AES256bit files too.
     
  22. jackrabbit

    jackrabbit Registered Member

    Joined:
    Aug 26, 2008
    Posts:
    7

    It amazes me how statements lead people to some absolutely bizarre conclusions. How can you make the leap from that statement that AES256 is backdoored? No one would use it if it was backdoored and a real backdoor couldn't be kept a secret for very long.
     
Loading...
Thread Status:
Not open for further replies.