Rob McGee wrote: > > On Thu, Sep 27, 2001 at 10:32:09PM +0000, Jonas Larsson wrote: > > For me it seems like either the AES or Twofish crypto with the maximum > > keylength of 256 bits is probably the _most_ secure choise. For me the > > security strength is _much_ more important than the speed of read/write to > > the fs. > > > > Any coments? > > How do you measure security? Most cryptographers (and I doubt there are > any on this list) say that time and analysis will increase their trust > in a given algorithm. Neither AES nor Twofish has been around that long. However, all the AES candidates got heavily analysed during the AES process and the people involved included many of the world's top cryptographers. > The venerable and slow old 3DES has, and it has defied all attackers. Yes, but it is slow in software. DES was designed for hardware. Schneier gives numbers indicating ciphers like CAST-128 or Blowfish have over a 3-to-1 speed advantage over DES, so nearly 10-to-1 over 3DES. > IDEA has probably been around long enough to have earned trust. Perhaps, but it has license restrictions that I think rule it out. > Blowfish is getting there, if not there already. I'd trust Blowfish or CAST-128. Both are used in quite a few products, both were designed to resist the differential and linear attacks devbeloped against DES, both have some theory behind them and have withstood a lot of analysis. As I see it, they are the best of their generation -- post-DES, pre-AES. > Somewhere recently I read a slightly outdated page which described all > the main algorithms in layman's terms, and included plenty of cites of > respected cryptographers' opinions. Sorry, I don't know the URL. Not in layman's terms, but a good site: http://www.ii.uib.no/~larsr/bc.html Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
