Encryption software with cascade encryption algorithms

Discussion in 'encryption problems' started by oliverjia, Aug 27, 2016.

  1. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,517
    Guys,

    I am looking for reliable, ideally open source file encryption software that can encrypt files with cascade encryption algorithms, such as AES-Twofish-Serpent. The only ones that I know of for sure are VeraCrypt (and the abandoned TrueCrypt).

    It appears PeaZip also implemented cascading encryption algorithms in its most recent version v6.10:
    ARC
    FreeARC ARC format implementing encryption scheme that supports AES256, AES contest finalists Twofish256 and Serpent256 algorithms, and classic Blowfish algorithm
    PEA
    PeaZip's native .pea file format, supporting AES, Serpent and Twofish (128 and 256 bit) EAX-mode authenticated encryption, enforcing cryptographically strong data secrecy and verifiable authenticity.

    Any other such software that you could think of, please share it here. Considering the ever increasing computing ability of modern hardware (CUP/GPU, Cloud computing), multiple encryption algorithms don't appear to be an overkill nowadays.
     
  2. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,592
    Just be very wary of the "implementation" of any cascades. Poor handling of the exchange can introduce vulnerabilities that allow for breaking the encryption where the actual algo stands unbroken. If time is not an issue and its all about security a strong backup is nesting encryption protocols individually. e.g. - taking a pgp/gpg encrypted file and saving it on a VeraCrypt encrypted volume (even if that volume does not cascade). In this example both protocols would need to fail before an adversary made it in to the "good stuff".
     
  3. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,517
    Thank you Palancar! Your input makes a lot of sense. In fact I have been doing this for the most important stuff that I have (tax return info and other sensitive personal info): I encrypted the PDFs and TurboTax files with 7-Zip, then put all these .7z files into a VeraCrypt Container.

    I thought about for some important but not top-secret info maybe I can just use one encryption software to encrypt them, such as just 7-Zip. But what you said reminded me possible implementation problem when dealing with complicated situations such as cascaded algorithms, or even single algorithm could potentially have potential implementation problems.

    So maybe I shouldn't be lazy just using one line of encryption. It appears to me gpg4win also offers strong file encryption. I'm experimenting with its sign and encrypt feature.
     
  4. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    Although nesting could be used for strength purposes, it could [also] be used for organizational purposes. For example, a user could do something like:
    • My Files (encrypted)
      • Misc files
      • Medical Records (encrypted)
        • Misc files
      • Financial Records (encrypted)
        • Misc files
        • Business Finance (encrypted)
          • Misc files
        • Personal Finance (encrypted)
          • Misc files
      • My Diary (encrypted)
        • Misc Files
    where (encrypted) is an encrypted container file of some sort. The idea being to:
    1. Keep all their [important] files in one easy to work with encrypted container *and* ...
    2. Only decrypt/open what is necessary at the time
    3. Be able to limit access to different things via different passwords. For example, in case of emergency/death they might want someone to have access to everything except their diary.
    4. Make it easier to selectively share or store things. Encrypted container files can be copied/burned/transferred as is. So it would be easy to prepare a Medical Files USB that is handy in an emergency, give an accountant a copy of their Business Finance records, whatever.
    I think they'd want to keep the levels down if every password is a long manually entered one and/or their encryption tools force them to use lengthy encryption/decryption steps all the time. I don't think the approach is best for everyone, but maybe the concept is worth considering.
     
  5. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,592
    That is a solid strategy, which makes sense to me.
     
  6. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,517
    Thanks TWB for your input. Yes your strategy looks logical and sound to me.
     
Loading...