when a algorithm is recommended is it secure ?

Discussion in 'privacy technology' started by garry35, May 7, 2013.

Thread Status:
Not open for further replies.
  1. garry35

    garry35 Registered Member

    Joined:
    Jan 20, 2009
    Posts:
    329
    when an encryption algorythm is recommended by for example a govt. agency or security expert, does this mean that its already been cracked and so they have an vested interest in recommending it ?.

    Gazzer.:ninja:
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,719
    Location:
    Texas
    Doubtful.

    Some things to read here and here.
     
    Last edited: May 7, 2013
  3. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    534
    I smell LOTS of FUD from this thread.

    AES is not crackable.

    If you use truecrypt's default encryption algorithm, encryption cannot be cracked. The weakest link in any encryption program is the human who knows the password. Read up on Rubbernose Cryptoanalysis. An adversary can fool you into believing that truecrypt can be cracked in order to fool you into giving up the password. Or they can torture you for the password. Or they already have so much evidence against you that not giving up your password is an obstruction of justice.

    Either way, the weakest link in an encryption algorithm is the human who know the password rather than the algorithm. If you are using AES, which is used by the government and security agencies, chances are it is VERY VERY secure. Especially when police cannot even crack it.
     
  4. garry35

    garry35 Registered Member

    Joined:
    Jan 20, 2009
    Posts:
    329
    but how do we know its not been cracked ? maybe they want us to believe its not been cracked to avoid us looking into more secure methods...... and give us a false sense of security
     
  5. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    I'll bite, what in your view constitutes sound encryption methods?
     
  6. garry35

    garry35 Registered Member

    Joined:
    Jan 20, 2009
    Posts:
    329
    if i already knew the answer i wouldnt need to ask
     
  7. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I understand your concern. Every time questions regarding which encryption algorithm to use get asked, "experts" come out of the woodwork recommending only AES. Unfortunately, it's not possible to directly answer your question. We have no way of knowing if some govt agency has a way of breaking AES. With questions like these, the line between paranoia and legitimate concern is not clear. The push to AES has me asking the same question.

    Fortunately, AES is not your only option. Blowfish and Twofish are both good options. Both are unbroken. Both are unrestricted by patents or proprietary influence. Both are available to everyone. I've opted for Blowfish for my file/disk encryption needs. IMO, the fact that it's unbroken after 20 years speaks for itself.

    edit:
    Unless it's broken by design, the algorithm chosen is seldom the weak link in encryption. Encryption is only as secure as the system it's running on. If we're talking Windows, there's no doubt what the weak spot is.
     
    Last edited: May 8, 2013
  8. garry35

    garry35 Registered Member

    Joined:
    Jan 20, 2009
    Posts:
    329
    thanks for your reply and everybody else who has replied. i am currently using twofish as implemented by roboform, i have no idea about whether its correctly implemented or not mainly because i dont have the knowledge or understanding to tell the difference. all i want and i suspect many think alike is a good algo where i can just select and trust its right without needing to tweak or change any settings and possible mess things up and be LESS secure o_O
     
  9. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
    a) How do we "no way of knowing if some govt agency has a way of breaking AES", yet we do know Blowfish and Twofish haven't been broken?

    b) For what it's worth, here's Schneier on AES.

    c) Blowfish doesn't seem so safe after all...



    Depends on what you mean by that. If you just mean the way Windows might store key information in hibernation files or other places on the system partition, that's just simply a matter of maintaining good security protocol. Either encrypt the whole drive, or use a secure environment like Ubuntu Privacy Remix. But simply inferring that Windows is the weak spot in an encryption scheme is kind of disingenuous.
     
Loading...
Thread Status:
Not open for further replies.