On 7/26/2012 4:05 AM, Ben McGinnes wrote: > On a semi-related tangent, does this mean that utilising the three > symmetric ciphers available in TrueCrypt (AES, Serpent and Twofish) > is a bad idea or do they play well together?
My understanding is they at least tolerate each other, but I'm unaware of any serious analysis that suggests you enjoy increased cryptographic strength by stacking them. It wouldn't surprise me if you did, but at the same time ... as I mentioned earlier, I really don't see the point. > Also, if you had to pick one of those three, which would you choose > (for general purposes rather than a specific threat model and > ignoring the possible speed differences between AES and Serpent)? This presumes I'm competent to have an opinion. I really don't think I am. Evaluating cryptographic algorithms is almost as hard as designing them. It's the sort of thing that's best done by a handful of experts all looking at the algorithms through slightly different prisms of experience and skill. For instance, I don't like Serpent very much on account of how complex it is. My rule of thumb is, "if I don't believe an undergraduate in computer science can understand this algorithm, how can I expect people to implement this algorithm correctly?" So, had I been on the AES selection committee, I'd have given Serpent a thumbs-down. Other people with different perspectives would've given it thumbs-ups and thumbs-down, and our ultimate recommendation would take into account all the input of the different experts on the selection committee. But whenever you ask one person for his or her opinion on a cipher, all you're getting is one perspective, and you really need more perspectives than that. Still, you asked a question, and now that I've spent three paragraphs explaining why you shouldn't trust my answer I'll give you my answer: Twofish. Most symmetric ciphers nowadays are built around Feistel networks. We have a lot of experience with Feistel networks: many algorithms built around them have held up quite well over the years. (3DES, for instance, which pretty much every cryppie holds in a mixture of distaste, disgust, fear, terror, awe and reverence, is built around a Feistel network. 30+ years, no really meaningful results against it.) Feistel networks make me happy: who doesn't like a track record of success? Rijndael is not a Feistel cipher. That doesn't mean it's bad, far from it. But if Feistel networks give me the warm fuzzies, then that means I need to strike non-Feistel networks from my list. I don't like Serpent's complexity: I think that leads to difficulty in implementing it. By comparison, I've implemented Twofish a couple of times and have seen undergraduates implement it correctly. So, yeah, for my money I prefer Twofish. But I don't think you should trust my opinion worth a damn. :) _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
