Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • December 08, 2016, 02:08:15 PM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: The Password Encryption Education Thread  (Read 2252 times)

Paul Keith

  • Member
  • Joined in 2008
  • **
  • Posts: 1,982
    • View Profile
    • Donate to Member
The Password Encryption Education Thread
« on: June 17, 2010, 09:27:44 AM »
http://news.ycombina....com/item?id=1231399

Someone asked:

Quote
Just curious, what's your objection to AES?

and the guy said:

Quote
jSCrypto uses AES-128 only, a 10-round cipher with a small keysize, to which there are a number of side-channel attacks available. AES is also a very slow performer due to its computationally demanding nature, and still it does not supply additional benefits from the large amount of work it puts into scrambling data - a perfect example of another case of this would be the good old DES standards, with its measly 56-bit (7 bytes) keys, which are computationally more demanding than newer, safer ciphers, yet still so easily broken.

In comparison to this, a cipher that is both fast and also secure would be f.e. Blowfish, a 16-round cipher supporting 448-bit (56 bytes) keys, while still, on 448-bit keys, operating about 25% faster than the not quite as secure AES-128 does with its 128-bit (16 bytes) keys. Blowfish is entirely free of patents, whereas most of the cipher modes of AES are patented.

The second most important factor in a cipher's security is its keysize. If the cipher withstands all cryptoanalysis on its full amount of rounds, the last resort is brute force, and with brute force every extra bit of keysize matters to the feasibility and practical possibility of breaking the data. 128 bits of AES is today broken with modern parallel means in ridiculously short times (read: hours). Every extra bit of key theoretically (but not always practically) doubles the work required; a 129-bit key is twice as large as a 128-bit key; a 130-bit key is four times larger than a 128-bit key; a 448-bit key is 320 times larger than a 128-bit key.

For the most part, I don't understand this but as a whole I interpreted it as DES < AES because of bloatedness despite lesser security while AES = Blowfish if it's system wasn't patented and in this case if it was higher like AES-256 but not AES-128 especially with Blowfish's speed but I could be wrong.

Not sure if DC has a thread for this already but as password managers and security in general becomes more popular, I thought I'd try to re-invigorate a discussion on this as it's too easy to stumble upon these encryption acronyms even if you're a total newb.


Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,220
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: The Password Encryption Education Thread
« Reply #1 on: June 17, 2010, 09:34:28 AM »
It's saying DES < AES < Blowfish. And about patents and speed. AES takes CPU where other methods are less intense.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

Paul Keith

  • Member
  • Joined in 2008
  • **
  • Posts: 1,982
    • View Profile
    • Donate to Member
Re: The Password Encryption Education Thread
« Reply #2 on: June 17, 2010, 09:42:50 AM »
Yeah, for the most part that's the short version but imagine if users were faced with the gray area of BlowFish vs. AES?

Lots of applications still uses AES and when you combine Blowfish into an optional option... well there goes the confusion for the casual non-techie curious about which encryption is the best. (and that is if they don't give up and just take everything AES for granted as that's good enough for most non-enterprise security)

There's also this tad bit of adjective: not quite as secure AES-128 :in there.

steeladept

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,059
    • View Profile
    • Donate to Member
Re: The Password Encryption Education Thread
« Reply #3 on: June 17, 2010, 09:48:44 AM »
Also don't forget they are talking of AES-128 whereas in most places, when they speak of AES, they are talking about AES-256.  AES-256 is, as explained in the article, 128 times larger key.  That coupled with some other technical efficiencies MAY make AES-256 stronger despite the higher CPU demand.

I say MAY because I am no expert here and do not wish to imply otherwise.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,220
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: The Password Encryption Education Thread
« Reply #4 on: June 17, 2010, 09:55:21 AM »
Encryption like that is cumulative, so you can use both, or use 1 of them 2x. Technically, you could have a 2-bit encryption scheme and just run it again and again to get the same kind of security. Many schemes can have different bit lengths as well. e.g. You can have 512-bit AES as well.

AES is still a standard, and that won't change. Everyone will use it and support it. Most often, security is about money, and not about security.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

Paul Keith

  • Member
  • Joined in 2008
  • **
  • Posts: 1,982
    • View Profile
    • Donate to Member
Re: The Password Encryption Education Thread
« Reply #5 on: June 17, 2010, 10:03:02 AM »
Yeah, unless I'm mistaken, no one has really disputed AES-256 yet.

I could be wrong but from my brief lurking over the net, that seems to be THE encryption to trust.

But then, see this is where the whole discussion often flies by my head.

The guy pointed out 448-bit PLUS speed.

Maybe I'm missing the whole thing because I'm comparing personal applications like password managers but speed in the sense of encryption doesn't really give the feeling of slow. At least I assume lots of other things like javascript contribute more to speed than the encryption process.

Encryption like that is cumulative, so you can use both, or use 1 of them 2x. Technically, you could have a 2-bit encryption scheme and just run it again and again to get the same kind of security. Many schemes can have different bit lengths as well. e.g. You can have 512-bit AES as well.

AES is still a standard, and that won't change. Everyone will use it and support it. Most often, security is about money, and not about security.

True but let's just say this was from the perspective of a casual user with no idea how to sink his teeth into understanding his choices.

For one thing, I would assume cumulative encryption is out of the window but what about things like the patented nature of AES?

Also could you clarify why the standard won't change? It can be disconcerting to find out that it didn't change because of the money rather than the level of security.

For a long time, I think few people could have envisioned some normal people worrying about the open-source-ness and license of an application yet here we are today where at least some people are trying to.

This security encryption thing could one day meet the same fate when the choice of available secure options increases.

Paul Keith

  • Member
  • Joined in 2008
  • **
  • Posts: 1,982
    • View Profile
    • Donate to Member
Re: The Password Encryption Education Thread
« Reply #6 on: June 17, 2010, 03:32:00 PM »
Just saw this old thread via searching AES-256 less secure than AES-128

...and the confusion further dissolves into confusion.

CWuestefeld

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,002
    • View Profile
    • Donate to Member
Re: The Password Encryption Education Thread
« Reply #7 on: June 17, 2010, 05:06:38 PM »
Encryption like that is cumulative, so you can use both, or use 1 of them 2x. Technically, you could have a 2-bit encryption scheme and just run it again and again to get the same kind of security.

This is true for some cyphers, but not all. And I don't understand them well enough to know which is which.

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,220
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: The Password Encryption Education Thread
« Reply #8 on: June 17, 2010, 07:33:14 PM »
Encryption like that is cumulative, so you can use both, or use 1 of them 2x. Technically, you could have a 2-bit encryption scheme and just run it again and again to get the same kind of security.

This is true for some cyphers, but not all. And I don't understand them well enough to know which is which.

It's true for symmetric encryption in general as far as I know. There are ciphers that will give you the same result back after being run a few times (e.g. Letter shifting). I don't know of any cipher that you'd actually use in the real world that wouldn't be cumulative. I presume it's true for all cryptographically strong ciphers.

It's pointless for asymmetric encryption as it defeats the purpose.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker