Encryption types

Mikuro

Crotchety UI Nitpicker
I'm a paranoid security freak (when it comes to certain things). I'm just wondering what the best option is. We've got a few:

1. 128-bit AES with OS X's standard DMG encryption.
2. 256-bit AES with StuffIt
3. 512-bit RC4 with StuffIt
4. 448-bit Blowfish with StuffIt
5. 64-bit DES with StuffIt

I like to use OS X's built-in DMG encryption, because it's easy to use, doesn't require un-archiving, and will work on any OS X system. BUT, it's only 128-bit.

So my question is, how much does this really matter? Does 256-bit AES offer significantly more security than 128-bit? And how do RC4 and Blowfish compare?

I burn a lot of data to CDs and DVDs using encypted DMGs (AES-128). These CDs and DVDs are going to be around for many years. Is AES-128 bound to be cracked by then? I'm wondering how safe it is to use any of these formats for long-term storage.

Can anyone shed some light?
 

lurk

Mitä?
Who are you hiding things from, governments or your little brother? What is the impact of them decoding something embarrassment... a stay in a Turkish prison... being buried in sand up to you neck in a pit of fire ants and covered with honey?

That really matters because you need to have a complete strategy and not just say encrypt it. Because if the black helicopter guys have bugged you keyboard it doesn't matter what you use.

Now to actually answer you original question. Adding bits to the key length does not necessarily improve the security of a cypher and it can even reduce its strength. This is because internal interactions that might leak information may not appear until the length of the key is of a certain length. That is why you can safely ignore anyone who says "Dude, I have 7568 bit RSA protection it is like so unbreakable!" as a poser. So remember bigger is not always better.

So is 512 bit RC4 better than 448 bit Blowfish or 128 bit AES. On a naive level it would appear that searching for a 512 bit key would be harder than finding a 128 bit key. The problem is that there are ways of trying to reduce the size of the space of keys that can radically reduce the number of bits one actually has to check. I heard that there is a theoretical result that might let them shave a couple of bits off of AES but you are still looking at the NSA dedicating years of compute time to break your encryption.

One final thing to keep in mind is that you are really the weakest link in this arrangement. I am 99% certain that your password will be your downfall. If you think about it every letter in your password is really only good for about 5 bits of information in practice. So a "good" AES password would need to be 25 letters long for a 512 bit key you need around 102 characters, are your passwords that long?

Worse yet when they get that long remember that they need to basically be random letters and numbers to prevent a dictionary attack, so how will you remember them? Here is where passwords are the limiting factor. If I am attacking anything you are using as a normal part of your day it is more effective for me to directly attack your password than to attack the derived encryption key.

And again if you are hiding from an oppressive state then they can always search you for the piece of paper you write it down on or torture you until you tell them.

Finally, for those of us leading boring normal lives who want to protect normal stuff AES128 is totally strong enough for any use. And who cares if your great grand kids will be able to find the My Little Pony fan fiction you wrote 70 years earlier, your be senile anyway and they might just get a kick out of it.
 

Mikuro

Crotchety UI Nitpicker
Thanks for the informative (and amusing) reply.

lurk said:
Who are you hiding things from, governments or your little brother? What is the impact of them decoding something embarrassment... a stay in a Turkish prison... being buried in sand up to you neck in a pit of fire ants and covered with honey?
Like I said, I'm paranoid. Could be all of those things! Who's to say my little brother won't turn me in to the Turks?!? Sure, I don't have a little brother, but still. We can't rule out the possibility of alternate realities colliding.

But in all (or at least some) seriousness, I'm most interested in encrypting my work (source code, and writing). It wouldn't kill me, but I don't want this stuff stolen. It is sensitive. Being a Mac user, I don't have to worry TOO much about being hacked, but still. I don't want my backups being stolen and cracked, either, and this stuff will probably be relevant to me for a number of years.

In any case, this is the kind of thing it's good to know, even if you don't absolutely need it right this minute.

One final thing to keep in mind is that you are really the weakest link in this arrangement. I am 99% certain that your password will be your downfall. If you think about it every letter in your password is really only good for about 5 bits of information in practice. So a "good" AES password would need to be 25 letters long for a 512 bit key you need around 102 characters, are your passwords that long?
...
Worse yet when they get that long remember that they need to basically be random letters and numbers to prevent a dictionary attack, so how will you remember them?
....
they can always search you for the piece of paper you write it down on
That's definitely a tricky part. I wonder about that, too, but I do take care in my passwords and I think they're pretty solid. Definitely more than 25 characters, although no, not over 100.

I usually string together a dozen or so words/names (and no, not my pets' names ;)) with semi-relevant numbers here and there. I can remember it (at least after a few tries), so I don't need to write it down (although sometimes I'll leave myself clues, but only I would know how to find/read them), and I can't imagine anyone guessing it, even if they knew me very well. It also seems to me that it would be pretty resistant to brute-force attacks.

Of course, now that I've revealed my "formula", I'll need to change it. My non-existant little brother might read this someday, after all. ;)

...the My Little Pony fan fiction you wrote...
......who are you, and how do you know my deepest secrets?!?!?
 

symphonix

Scratch & Sniff Committee
Isn't it obvious. He hacked your system and read your My Little Pony file. Derrr.


;-)



And just as an FYI, if you're worried about protecting things from the government and or its agencies wherever you are (and there are plenty of valid constitutional reasons why you might be concerned, such as if you are a journalist, activist, lawyer or investigator) then AES and DES codecs will not be good enough, and you'll need to look at options like PGP or GPG. However, all of the codecs you mentioned would require some serious computing horsepower to break by brute force. Even the lowest, AES-128, would tie up the average server farm and small team of hackers for a couple of weeks in order to break in.
 

ElDiabloConCaca

U.S.D.A. Prime
Another point to add -- if your password consist of solely random numbers and characters that form words, then your password being 25 characters in length isn't any better than a password half that length. A simple dictionary/brute force attack could crack a password like that in a few hours, if not quicker. The fact that the password contains words and numbers is it's Achilles heel.

My suggestion is to get rid of ALL the words in the password, and alternate between upper- and lower-case letters, numbers, and different special characters like underscores, bangs (!), dollar signs, etc. If you want strong encryption, then the password you use to encrypt the data should NOT be something that one can remember off the top of one's head.

Encrypting data with a poor password is on par with not encrypting the data at all.
 

lurk

Mitä?
symphonix said:
Isn't it obvious. He hacked your system and read your My Little Pony file. Derrr.
...
Even the lowest, AES-128, would tie up the average server farm and small team of hackers for a couple of weeks in order to break in.
Dude, my quantum decrypter has you so pwn3d you don't even know.

However, for the rest of you without access to a quantum computer AES is a bit stronger than a few weeks of compute time. The best current guess is that it will take 2^88 operations to break AES if you use an algebraic attack. Just to show how hard that is if we assume that each of these operations is as easy as a floating point operation (big assumption) and solved this problem using BlueGene, which is currently the world's fastest supercomputer, it would only take 53,445.2187 years* to break one key.

Given that, I think that AES is good enough for me and mine at the moment.

Even though it might look like it, I am not contradicting symphonix. People do attack and break things with AES protection in days and weeks; however, they are attacking weak passwords and not the encryption. If you have a good password then you are set.

/ Also note that 663 bit RSA was recently broken and they are getting closer on 1024 bit RSA.
// Broken means recovered one key for one encrypted message.
/// Your fanfic is still relatively safe...


* Calculated in Google YMMV, caveat emptor, offer void where prohibited by law.

-------

I see elDiablo posted while I was composing this. Just as a little anecdote there dictionary attacks are really pretty good. Way back in '92 I took a C programing class and after about a week the professor cam in and started writing things like mickeymouse, 2hot4u, #spuds# and so on on the board. He put up like 15 of them and then told the class that if they recognized their password on the board it should be changed ASAP. All they did was use a dictionary attack tool on the ancient 8 MHz Apollo to see what they could break overnight.

But really it all needs to fit into an overall security strategy that makes sense. If I install iron bars on my windows but don't lock my door then that did not help much. And if I am going to all this effort to protect two half used bags of kitty litter, well that is misspent effort dontchknow ;)
 
Top