VeraCrypt - AES vs Twofish

Discussion in 'privacy technology' started by amarildojr, Mar 4, 2016.

  1. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,988
    Location:
    Brasil
    I'll start encrypting my HD now, but I have a doubt: does it matter which cipher is faster, considering that my HD has a read/write rate of 40 MB/s when copying and pasting large files?

    I know Twofish's slower performance doesn't matter much on memory operations, but since I do video recordings to my HD I wonder if using AES would have any real advantage over Twofish.

    EDIT: Went for AES. I just realized I'm not a valuable target and therefore it's impossible that someone with a great amount of computer would want my data.
     

    Attached Files:

    • VC.PNG
      VC.PNG
      File size:
      37.1 KB
      Views:
      33
    Last edited: Mar 4, 2016
  2. haakon

    haakon Registered Member

    Joined:
    May 25, 2015
    Posts:
    765
    Location:
    SW USA
    As an FYI for others: AES instructions are "built in" for most of Intel's high-end CPUs and offer a significant boost in performance.

    http://ark.intel.com/
    Look for "AES New Instructions" yes/no for the CPU of interest.

    I can't say for AMD procs.

    VCbench.jpg
     
  3. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    In almost any multithreaded processor (including AES-NI), you will be IO bound, not CPU. The data rates of domestic video recordings are also not usually that high due to improvements in video codecs.
     
  4. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    Comes down to your trust of the API given to TrueCrypt (and now VeraCrypt) to make hardware acceleration work. It is not an area where there is an incontrovertible conclusion. To be flexible there is an option, which many users with advance machines elect, where you disable acceleration and therefore do not use the API that was given even if the computer supports such acceleration.

    Either algo works well and I don't notice much speed difference until at such time as you start triple cascade's, which I do on many archival volumes. Speed vs security tradeoff I am willing to make. My .02
     
  5. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,988
    Location:
    Brasil
    No need to trust, at least no blindly :) TrueCrypt has already been audited and it actually fine, no major security or cryptography problems. And VeraCrypt is TC continued - both are open source.
     
  6. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    You missed my point so let me elaborate. Just trying to help here.

    TrueCrypt had NO control of the provided AES-API. This came from Microsoft. Two articles with a couple of snips to point you in the direction to learning.

    http://download.cnet.com/blog/downl...rdware-acceleration-convenience-improvements/

    The latest TrueCrypt takes advantage of pressure directed from TrueCrypt towards Microsoft in the wake of version 6 that requested an API for hibernation files, which had not existed previously.
    ## This AES-API that came from Microsoft is encrypted and is not open source requiring you to trust Microsoft!!



    https://www.truecrypt71a.com/documentation/hardware-acceleration/

    If you want to disable hardware acceleration of AES (e.g. because you want TrueCrypt to use only a fully open-source implementation of AES), you can do so by selecting Settings > Performance and disabling the option ‘Accelerate AES encryption/decryption by using the AES instructions of the processor’


    We examined this over many threads at the TC forum throughout the years. Pro's and Con's went back and forth. You will have to make up your own mind on this. The acceleration API came from the same company that made Windows. I guess to be consistent you either trust Microsoft or you don't.

    I personally elect to use the open source and "known" AES afforded by TrueCrypt and now Vera Crypt by default. Only rarely will I pick a small speed differential over security. I turn off and use the established method, but again, its your call.

    I hope this post clears this up for you.
     
  7. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,988
    Location:
    Brasil
    @Palancar You're right, I forgot that the API is provided by MS. My apologies.

    Is the Crypto API also provided by MS when we don't use hardware acceleration?
     
  8. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    NO. The "original" product is open source and did not come from Microsoft. It is un-able to do acceleration as you have found out. When you turn off/disable acceleration (assuming your machine supports it), TC/VC reverts to the included original open source method of crunching the math.

    Your use of the word "apologies" is also completely unneeded. We are two friends helping each other along, that is all. I have well over a decade and too many thousands of hours to count using this code. You returned the favor answering some of my linux inquiries when I switched to Debian awhile back.
     
  9. haakon

    haakon Registered Member

    Joined:
    May 25, 2015
    Posts:
    765
    Location:
    SW USA
    Some of us might recall Rijndael won NIST's AES contest in October of 2000 over Twofish and Serpent largely due to its hardware friendliness.

    The OP's pre-edit inquiry focused on speed, citing a metric and presenting a screenie of the benchmark.

    All I did up there is FYI inject the awareness and merits of the hardware acceleration offered by Intel's AES-NI support and threw in my own benchmark.

    While my proc is obviously more powerful than whatever the OP uses, note that Twofish is only 3.5 times faster, Serpent 3.3, while AES is 11.4. With accel disabled, AES is equally impaired as I tested a while back when I built this i7 box. (Producing a benchmark screen shot just for this thread is beyond the scope of my efforts.) Hardware acceleration SMOKES. Period.

    IO, API, trust... not relevant to my #2 post. Cheers!
     
  10. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,988
    Location:
    Brasil
    Oh, that's fine then. That's what I use.

    Tell me: If the processor has AES acceleration, can we disable it on the BIOS so that TC/VC use their own API?

    Thank you :thumb: But I apologize so people don't think I'm trying to be the smartass or whatnot ;) Some people in this forum really hate me and would use anything against me.

    Correct. IIRC Twofish is twice more secure, though it's performance isn't a match to AES. I do look forward to see what Threefish will bring.

    Sorry for not responding, I just don't have an Intel processor (since 2006) so I can't comment on that :)

    May I ask which processor you have?
     
  11. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    Could not agree more. I would say that most users of TC/VC are only protecting against theft and general privacy/security. The aspects to which I referred above are only applicable if your adversary carries a "badge" or wields similar powers. For those against such an adversary, I maintain that hardware acceleration (while many times faster) is not worth the additional risk due to the encrypted closed source API.

    I share some others' opinions and I am quite fond of twofish. On my linux machines I build the LUKS headers to custom twofish specs and really attempt to harden the headers.

    amarildojr --- he is using the i7 proc, or at least that is what is depicted in his post.
     
Loading...