KeePass or any other password wallet to store and transport keys

Robert J. Hansen rjh at sixdemonbag.org
Thu Jul 26 10:40:56 CEST 2012


On 7/26/2012 4:05 AM, Ben McGinnes wrote:
> On a semi-related tangent, does this mean that utilising the three 
> symmetric ciphers available in TrueCrypt (AES, Serpent and Twofish)
> is a bad idea or do they play well together?

My understanding is they at least tolerate each other, but I'm unaware
of any serious analysis that suggests you enjoy increased cryptographic
strength by stacking them.  It wouldn't surprise me if you did, but at
the same time ... as I mentioned earlier, I really don't see the point.

> Also, if you had to pick one of those three, which would you choose 
> (for general purposes rather than a specific threat model and
> ignoring the possible speed differences between AES and Serpent)?

This presumes I'm competent to have an opinion.  I really don't think I
am.  Evaluating cryptographic algorithms is almost as hard as designing
them.  It's the sort of thing that's best done by a handful of experts
all looking at the algorithms through slightly different prisms of
experience and skill.

For instance, I don't like Serpent very much on account of how complex
it is.  My rule of thumb is, "if I don't believe an undergraduate in
computer science can understand this algorithm, how can I expect people
to implement this algorithm correctly?"  So, had I been on the AES
selection committee, I'd have given Serpent a thumbs-down.  Other people
with different perspectives would've given it thumbs-ups and
thumbs-down, and our ultimate recommendation would take into account all
the input of the different experts on the selection committee.

But whenever you ask one person for his or her opinion on a cipher, all
you're getting is one perspective, and you really need more perspectives
than that.

Still, you asked a question, and now that I've spent three paragraphs
explaining why you shouldn't trust my answer I'll give you my answer:
Twofish.

Most symmetric ciphers nowadays are built around Feistel networks.  We
have a lot of experience with Feistel networks: many algorithms built
around them have held up quite well over the years.  (3DES, for
instance, which pretty much every cryppie holds in a mixture of
distaste, disgust, fear, terror, awe and reverence, is built around a
Feistel network.  30+ years, no really meaningful results against it.)
Feistel networks make me happy: who doesn't like a track record of success?

Rijndael is not a Feistel cipher.  That doesn't mean it's bad, far from
it.  But if Feistel networks give me the warm fuzzies, then that means I
need to strike non-Feistel networks from my list.

I don't like Serpent's complexity: I think that leads to difficulty in
implementing it.  By comparison, I've implemented Twofish a couple of
times and have seen undergraduates implement it correctly.

So, yeah, for my money I prefer Twofish.  But I don't think you should
trust my opinion worth a damn.  :)



More information about the Gnupg-users mailing list