Best encryption method?

amarildojr · August 2, 2013, 11:18pm

I’m working on encrypting a friend’s HD with TrueCrypt and I came up with one doubt: Should I use cascate or single layer encryption? For the data partition I will use Cipher with AES-Twofish-Serpent and Whirlpool, but when I tried encrypting the system partition it said “you could end uo with problems”. Error = SUSE Paste

This guy also says not to use, but “Assuming TrueCrypt implements its cascades properly, then using them won’t hurt”.

Should I really not use it? Have any of you tried and succeded? I know there are some encryption experts here so that’s why I’m asking

amarildojr · August 3, 2013, 12:27am

Turns out that for system encryption I’ve chosen AES (reasons bellow). For the data partition I will use Serpent-AES with Whirlpool’.

Sources:

Wilders Security Forums - View Single Post - Serpent cipher

Wilders Security Forums - View Single Post - Truecrypt 5.0 Release Date Set - FEBRUARY 4th

http://csrc.nist.gov/archive/aes/round2/comments/20000523-msmid-2.pdf

security - AES vs Blowfish for file encryption - Stack Overflow

security - Which TrueCrypt Algorithm is the safest? - Super User

when should Serpent or Twofish be used? - Wilders Security Forums

hendersj · August 3, 2013, 1:19am

On Fri, 02 Aug 2013 21:26:03 +0000, amarildojr wrote:

> I’m working on encrypting a friend’s HD with TrueCrypt and I came up
> with one doubt: Should I use cascate or single layer encryption? For the
> data partition I will use Cipher with AES-Twofish-Serpent and Whirlpool,
> but when I tried encrypting the system partition it said “you could end
> uo with problems”. Error = ‘SUSE Paste’
> (http://paste.opensuse.org/14236062)
>
> ‘This guy’
> (http://www.wilderssecurity.com/showpost.php?p=1297883&postcount=5) also
> says not to use, but “Assuming TrueCrypt implements its cascades
> properly, then using them won’t hurt”.
>
> Should I really not use it? Have any of you tried and succeded? I know
> there are some encryption experts here so that’s why I’m asking

I’ve just used a single method rather than cascading them.

Keep in mind that selecting the hash algorithm in combination with any of
the actual encryption algorithms means that anyone trying to brute force
the encryption (even with a dictionary attack) has to try each possible
combination of hash and crypto separately. Logically, the defaults are
what one would start with in a brute force attack, so those might not be
the best options to use.

Jim

Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

amarildojr · August 3, 2013, 1:59am

I selected just “AES” to the system partition since Serpent is the slowest one (around 110MB/s, while AES is 200MB/s+). For the Data partition I selected “AES + TwoFish + Serpent”, but didn’t notice any performance hit. After some reading I didn’t see any reason to use TwoFish, so I’ll just use Serpent + AES on all partitions, with the addition of “Whirpool” on the data partition, because I can’t use it on the system drive.

amarildojr · August 3, 2013, 10:30am

Interesting performance readings before and after encryption.

I used Serpent - AES for the system encryption (cascade mode), and the results were:

Not-Encrypted

Random read:

Maximum: 93.7 MB/s
Minimum: 55.3 MB/s
Average: 77.1 MB/s

Linear read:

Minimum: 98.7 MB/s
Maximum: 108.8 MB/s
Average: 104 MB/s

Average read access: 14.77 ms

Encrypted

Random read:

Maximum: 100.04 MB/s
Minimum: 78.4 MB/s
Average: 89.1 MB/s

Linear read:

Minimum: 74.3 MB/s
Maximum: 75.4 MB/s
Average: 74.9 MB/s

Average read access: 15.33 ms