TJonLongIsland
asked on
256 bit vs. 1344 bit encryption -- what exactly are we talking about?
After having a laptop stolen which contained unfiled patent application information, I have become extra paranoid about protecting the data on my physical drives. Consequently, I have come to use DriveCrypt for all of my data drives, with unique complex passwords for each.
When creating the drivecrypt partitions, I have the following options:
Rijndael AES 256 bit (Gladman code)
Triple AES/RijnDael 769 bit
Blowfish 256 bit
Blowfish 448 bit
Triple Blowfish 1344 bit
Des 56 bit
Triple DES 168 bit
Misty1 128 bit
Square 128 bit
Tea (16 rounds 128 bit)
Tea (32 rounds 128 bit)
My assumption is that the 'most secure' is the Triple Blowfish 1344 bit, is this correct? The software suggests that "If you are unsure about which cipher to use, we suggest using 'Rijndael/AES 256 bit' which is very secure and fast." For the purposes of this question, I am not concerned with of encryption, etc.; my only concern is the best possible security.
And the question I've been most curious about:
Using the 'most secure' method listed above (please correct me if my assumption on the 1344 bit being most 'secure'), how possible/likely could the data be extracted? For example, suppose Osama Bin Ladin's laptop was found with the 'most secure' encryption type listed -- how long and what would it take with existing technologies to access the data on the encrypted drive, assuming a 'brute force resistent' password was used?
I guess I am just trying to get a good idea of just how secure the data is, from a "possession of the physical hardware" perspective.
Thanks!
When creating the drivecrypt partitions, I have the following options:
Rijndael AES 256 bit (Gladman code)
Triple AES/RijnDael 769 bit
Blowfish 256 bit
Blowfish 448 bit
Triple Blowfish 1344 bit
Des 56 bit
Triple DES 168 bit
Misty1 128 bit
Square 128 bit
Tea (16 rounds 128 bit)
Tea (32 rounds 128 bit)
My assumption is that the 'most secure' is the Triple Blowfish 1344 bit, is this correct? The software suggests that "If you are unsure about which cipher to use, we suggest using 'Rijndael/AES 256 bit' which is very secure and fast." For the purposes of this question, I am not concerned with of encryption, etc.; my only concern is the best possible security.
And the question I've been most curious about:
Using the 'most secure' method listed above (please correct me if my assumption on the 1344 bit being most 'secure'), how possible/likely could the data be extracted? For example, suppose Osama Bin Ladin's laptop was found with the 'most secure' encryption type listed -- how long and what would it take with existing technologies to access the data on the encrypted drive, assuming a 'brute force resistent' password was used?
I guess I am just trying to get a good idea of just how secure the data is, from a "possession of the physical hardware" perspective.
Thanks!
number of bits gives an upper bound on the security, but "most secure" also means best analyzed for potential weakness.
in practice 1344 or 256 are both well beyond the range of a practical exhaustive search,
and the vulnerabilites are mopre likely to be in the discovery of a more efficient attack,
or the invention of quantum computers, or more likely the mismangement of the secret keys.
in practice 1344 or 256 are both well beyond the range of a practical exhaustive search,
and the vulnerabilites are mopre likely to be in the discovery of a more efficient attack,
or the invention of quantum computers, or more likely the mismangement of the secret keys.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Triple Blowfish 1344 bit is top security encryption is true but we may be going too far with security at the cost of the system performance,
the AES with 256 will work very good without sacrifying system performance
and CoccoBill gave you good figures of time that takes to decrypt the data without key
the AES with 256 will work very good without sacrifying system performance
and CoccoBill gave you good figures of time that takes to decrypt the data without key
In practice, even 56-bit DES is likely sufficient unless you belive that foreign governments are interested in decrypting your data since the best decrypt for DES is on the order of 40 hours on a cluster dozens of machines.
That said, I agree with others that going with a standard algorithm is better because it's had more analysis. Aside from AES/Rijndael, other highly-analyzed algorithms in the above list are DES, 3DES, and Blowfish (it was one of the AES finalists but lost out because it doesn't run well on 16-bit hardware if I remember correctly).
That said, I agree with others that going with a standard algorithm is better because it's had more analysis. Aside from AES/Rijndael, other highly-analyzed algorithms in the above list are DES, 3DES, and Blowfish (it was one of the AES finalists but lost out because it doesn't run well on 16-bit hardware if I remember correctly).
If you are are looking for pure security, Triple Blowfish 1344 bit is the most secure their list, BUT you may want to read this:
http://www.schneier.com/blog/archives/2005/07/the_doghouse_pr.html
Bruce placed Privacy.li and their product, DriveCrypt, in his Doghouse this Summer.
Bruce wrote Blowfish if you didn't know that, and if you do listen to him, it's when he talks about encryption and encryption products.
He seriously dislikes this company. If you read his post, he questions whether or not this company truly implemented encryption technology correctly.
http://www.schneier.com/blog/archives/2005/07/the_doghouse_pr.html
Bruce placed Privacy.li and their product, DriveCrypt, in his Doghouse this Summer.
Bruce wrote Blowfish if you didn't know that, and if you do listen to him, it's when he talks about encryption and encryption products.
He seriously dislikes this company. If you read his post, he questions whether or not this company truly implemented encryption technology correctly.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Rijndael AES 256 bit is most secure encryption algorithm...
There are a lot of attacks like DFA (Differential Fault Analysis) attacks to all others... But i suggest you Rijndael... That is best :)
So strong and secure
There are a lot of attacks like DFA (Differential Fault Analysis) attacks to all others... But i suggest you Rijndael... That is best :)
So strong and secure
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
as the number of bits increase the encryption also increases dramatically