Main Area and Open Discussion > Living Room

The Password Encryption Education Thread

(1/2) > >>

Paul Keith:
http://news.ycombinator.com/item?id=1231399

Someone asked:

Just curious, what's your objection to AES?
--- End quote ---

and the guy said:

jSCrypto uses AES-128 only, a 10-round cipher with a small keysize, to which there are a number of side-channel attacks available. AES is also a very slow performer due to its computationally demanding nature, and still it does not supply additional benefits from the large amount of work it puts into scrambling data - a perfect example of another case of this would be the good old DES standards, with its measly 56-bit (7 bytes) keys, which are computationally more demanding than newer, safer ciphers, yet still so easily broken.

In comparison to this, a cipher that is both fast and also secure would be f.e. Blowfish, a 16-round cipher supporting 448-bit (56 bytes) keys, while still, on 448-bit keys, operating about 25% faster than the not quite as secure AES-128 does with its 128-bit (16 bytes) keys. Blowfish is entirely free of patents, whereas most of the cipher modes of AES are patented.

The second most important factor in a cipher's security is its keysize. If the cipher withstands all cryptoanalysis on its full amount of rounds, the last resort is brute force, and with brute force every extra bit of keysize matters to the feasibility and practical possibility of breaking the data. 128 bits of AES is today broken with modern parallel means in ridiculously short times (read: hours). Every extra bit of key theoretically (but not always practically) doubles the work required; a 129-bit key is twice as large as a 128-bit key; a 130-bit key is four times larger than a 128-bit key; a 448-bit key is 320 times larger than a 128-bit key.
--- End quote ---

For the most part, I don't understand this but as a whole I interpreted it as DES < AES because of bloatedness despite lesser security while AES = Blowfish if it's system wasn't patented and in this case if it was higher like AES-256 but not AES-128 especially with Blowfish's speed but I could be wrong.

Not sure if DC has a thread for this already but as password managers and security in general becomes more popular, I thought I'd try to re-invigorate a discussion on this as it's too easy to stumble upon these encryption acronyms even if you're a total newb.

Renegade:
It's saying DES < AES < Blowfish. And about patents and speed. AES takes CPU where other methods are less intense.

Paul Keith:
Yeah, for the most part that's the short version but imagine if users were faced with the gray area of BlowFish vs. AES?

Lots of applications still uses AES and when you combine Blowfish into an optional option... well there goes the confusion for the casual non-techie curious about which encryption is the best. (and that is if they don't give up and just take everything AES for granted as that's good enough for most non-enterprise security)

There's also this tad bit of adjective: not quite as secure AES-128 :in there.

steeladept:
Also don't forget they are talking of AES-128 whereas in most places, when they speak of AES, they are talking about AES-256.  AES-256 is, as explained in the article, 128 times larger key.  That coupled with some other technical efficiencies MAY make AES-256 stronger despite the higher CPU demand.

I say MAY because I am no expert here and do not wish to imply otherwise.

Renegade:
Encryption like that is cumulative, so you can use both, or use 1 of them 2x. Technically, you could have a 2-bit encryption scheme and just run it again and again to get the same kind of security. Many schemes can have different bit lengths as well. e.g. You can have 512-bit AES as well.

AES is still a standard, and that won't change. Everyone will use it and support it. Most often, security is about money, and not about security.

Navigation

[0] Message Index

[#] Next page