Gentoo Logo
Gentoo Spaceship

Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
To: gentoo-security@g.o
From: Danny <dannydaemonic@...>
Subject: Re: Encryption Ciphers
Date: Fri, 7 Mar 2008 11:02:32 -0700
The idea of avoiding something less popular,
is that  if someone gets your encrypted data, they could look through the algorithm and find a hole and break it without you knowing.&nbsp; However, choosing Serpent is not a choice of security through obscurity.&nbsp; Serpent is as open as AES, and in this day and
age we have fairly reliable ways of deciding what makes a strong
encryption cipher.&nbsp; Serpent came in 2nd in the AES contest, only beaten by Rijndael (which directly became AES).&nbsp; It is a 32-round substitution-permutation network where 16 rounds were deemed sufficient.&nbsp; Which, by the way, helped against the XSL attack (which can weaken AES), when applied to Serpent it is more expensive than a brute force attack (not true for AES).<br>
<br>There is probably more to gain by announcing you broke Serpent than by using it for personal gain, where I would argue the opposite is true of AES.&nbsp; That said, this conversation was initially about personal laptops and personal computers, and I only ever suggest it for personal use.&nbsp; Of course if you have government secrets or corporate data that needs to be secured, you should use something under heavy scrutiny.&nbsp; There is a lesser chance of a determined group of mathematicians getting at your data since many in the academic world are actively trying to break it.<br>
<br>To say either AES or Serpent will never be broken is simply ignorant, but when it happens there will likely be programs to decrypt such data.&nbsp; Lets say which ever cipher you chose is broken tomorrow.&nbsp; I&#39;m guessing the AES tools will be easier to get, and use than the Serpent ones.&nbsp; So if some random thief steals your laptop, they are more likely to decrypt it if you use AES.&nbsp; This scenario is more likely if they make an image of the hard drive to save for later.&nbsp; Again, all this changes if your data is very valuable for some reason, but I don&#39;t consider it a bad choice for personal use.<br>
<br><div class="gmail_quote">On Thu, Mar 6, 2008 at 8:30 AM, Peter Meier &lt;<a href="mailto:peter.meier@...">peter.meier@...</a>&gt; wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d"><br>
&gt; I just wanted to jump in and say that I&#39;m personally a fan of Serpent. &nbsp;I<br>
&gt; like to use something that&#39;s a little less popular, but still open. &nbsp;It is<br>
&gt; similar in strength (IMHO), but there will be more people trying to break<br>
&gt; AES than Serpent. &nbsp;For example, I&#39;ve read the XSL attack that can weaken AES<br>
&gt; is too complex when used on Serpent -- it would be more expensive than a<br>
&gt; brute force attack.<br>
</div>in my opinion quite a bad assumption. the more a crypto algorithm is<br>
open, the more people it test, the more it can be assumed that it is<br>
safe against current known attacks.<br>
greets pete<br>
<div><div></div><div class="Wj3C7c">--<br>
<a href="mailto:gentoo-security@g.o">gentoo-security@g.o</a> mailing list<br>
Encryption Ciphers
-- Florian Philipp
Re: Encryption Ciphers
-- Dan Reidy
Re: Encryption Ciphers
-- Steffen Schulz
Re: Encryption Ciphers
-- Mansour Moufid
Re: Encryption Ciphers
-- Florian Philipp
Re: Encryption Ciphers
-- Calum
Re: Encryption Ciphers
-- Florian Philipp
Re: Encryption Ciphers
-- Danny
Re: Encryption Ciphers
-- Peter Meier
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: gentoo-security+unsubscribe@g.o
Next by thread:
Re: Encryption Ciphers
Previous by date:
(intet emne)
Next by date:

Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.