![]() ![]() ![]() However, let's exclude MD5, SHA-1, and RIPEMD-160 anyway for being old. For PBKDF2, an algorithm that iterates a single hash multiple times to slow down brute force attacks, the choice of algorithm doesn't particularly matter. Now let's go over the hashing algorithms you have. This only leaves Camellia, a cipher with a high security margin. The GOST algorithms have not been extensively analyzed, so I would not trust them for long-term use. 3DES is further vulnerable to linear and differential cryptanalysis which becomes possible when encrypting very large amounts of data. Blowfish, IDEA, CAST5, and 3DES have a 64-bit block size, making them insecure for encrypting large amounts of data. Let's go over the ciphers you have available. Unless you either modify the code of VeraCrypt yourself, or use an alternate utility that allows true cascading, what you're doing is a bad idea. A true cascade (as VeraCrypt does) would make it such that an attacker would need to break every cipher at once to know whether or not they have succeeded. If you use one encryption program and then another one on top of that, an attacker will be able to break each cipher one at a time. You need each algorithm to be truly cascaded such that it's impossible to determine if one has been successfully broken without breaking all the others. I won't say that it's overkill, but I will say that I think you need to get a better understanding of cryptography before attempting to secure your data for 100+ years.Įncrypting in a cascade is actually difficult to do correctly. (And please, PLEASE, do not say this is overkill.) Do you agree? Please give me your opinions and do not say that it doesn't matter. I think that in case of VeraCrypt AES-Twofish-Serpent is better than Serpent-Twofish-AES because the outermost encryption is strongest (AES will be the first layer needed to break - do I understand that correctly?).Which algorithm/hash method mentioned above is best if we exclude AES, Twofish, Serpent and Whirpool?.When I open advanced settings to modify it, I am given these options: RFC 2440 specifications for session keys encrypted by symmetric or public key encryption algorithms" ![]() PKCS #5 recommendations for the implementation of password-based cryptography Specifications for public/secret key pair format: PKCS #12, X.509 Secure Hash Algorithms: SHA-256, SHA-1, MD5 and RIPEMD-160Īsymmetric (public/secret key pair) algorithms: RSA, ElGamal / Diffie-Hellman "Compressed archive with strong encryptionīCArchive utilizes the following encryption algorithms, standards and specifications: Symmetric algorithms: Rijndael (AES), Blowfish-256, Blowfish-448, IDEA, CAST5, GOST 28147-89, Triple DES So I encrypt those files with VeraCrypt using AES-Twofish-Serpent cascade, Whirpool as the hash.īut in case that someday a flaw will be found in any given algorithm or in its implementation (in VeraCrypt itself), I want to add an additional layer of protection - another software and another algorithm.īCArchive seems like a great opinion. Super strong and random password is a sure thing. Of course, nobody can imagine what computers will look and work in 2100 - BUT at least I can try to mitigate security risks. I plan to store them for the next upcoming 100+ years in the future. My threat model is archiving and backing up important and private files.įiles will be stored in many places including clouds, so count them as publicly accessible. ![]() TLDR: Which algorithm is safest if we exclude AES, Twofish, Serpent and Whirpool? ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |