Main Area and Open Discussion > Living Room

The Password Encryption Education Thread

<< < (2/2)

Paul Keith:
Yeah, unless I'm mistaken, no one has really disputed AES-256 yet.

I could be wrong but from my brief lurking over the net, that seems to be THE encryption to trust.

But then, see this is where the whole discussion often flies by my head.

The guy pointed out 448-bit PLUS speed.

Maybe I'm missing the whole thing because I'm comparing personal applications like password managers but speed in the sense of encryption doesn't really give the feeling of slow. At least I assume lots of other things like javascript contribute more to speed than the encryption process.

Encryption like that is cumulative, so you can use both, or use 1 of them 2x. Technically, you could have a 2-bit encryption scheme and just run it again and again to get the same kind of security. Many schemes can have different bit lengths as well. e.g. You can have 512-bit AES as well.

AES is still a standard, and that won't change. Everyone will use it and support it. Most often, security is about money, and not about security. -Renegade (June 17, 2010, 09:55 AM)
--- End quote ---

True but let's just say this was from the perspective of a casual user with no idea how to sink his teeth into understanding his choices.

For one thing, I would assume cumulative encryption is out of the window but what about things like the patented nature of AES?

Also could you clarify why the standard won't change? It can be disconcerting to find out that it didn't change because of the money rather than the level of security.

For a long time, I think few people could have envisioned some normal people worrying about the open-source-ness and license of an application yet here we are today where at least some people are trying to.

This security encryption thing could one day meet the same fate when the choice of available secure options increases.

Paul Keith:
Just saw this old thread via searching AES-256 less secure than AES-128

...and the confusion further dissolves into confusion.

CWuestefeld:
Encryption like that is cumulative, so you can use both, or use 1 of them 2x. Technically, you could have a 2-bit encryption scheme and just run it again and again to get the same kind of security.-Renegade (June 17, 2010, 09:55 AM)
--- End quote ---

This is true for some cyphers, but not all. And I don't understand them well enough to know which is which.

Renegade:
Encryption like that is cumulative, so you can use both, or use 1 of them 2x. Technically, you could have a 2-bit encryption scheme and just run it again and again to get the same kind of security.-Renegade (June 17, 2010, 09:55 AM)
--- End quote ---

This is true for some cyphers, but not all. And I don't understand them well enough to know which is which.
-CWuestefeld (June 17, 2010, 05:06 PM)
--- End quote ---

It's true for symmetric encryption in general as far as I know. There are ciphers that will give you the same result back after being run a few times (e.g. Letter shifting). I don't know of any cipher that you'd actually use in the real world that wouldn't be cumulative. I presume it's true for all cryptographically strong ciphers.

It's pointless for asymmetric encryption as it defeats the purpose.

Navigation

[0] Message Index

[*] Previous page