Which cipher is the most secure? (AES, Blowfish, CAST5, Serpent,
Triple DES, Twofish, AES-Twofish, AES-Twofish-Serpent, Serpent-AES,
Serpent-Twofish-AES, Twofish-Serpent)

---

Request for Question Clarification by siliconsamurai-ga on 13 Feb 2006 07:19 PST

Hi, if this is a serious question and you still want an answer, can
you answer the questions I posed the day you posted the question?

If not, I doubt anyone will attempt to answer this.

Will this be a one-time transmission, how long does it
need to be kept secure, what size is it, and what kind of data is it?

From whom do you want to make the information secure?

The question is too complex to answer without knowing more about the
situation - will this be a one-time transmission, how long does it
need to be kept secure, what size is it, and what kind of data is it?

This question doesn?t have a universal answer. To answer, I guess I
need to give you a little background. These encryption algorithms are
no different than any other complex mathematical equations. If you
have studied mathematics at your school, you should be remembering
questions which ask you to simplify a large equation to smaller ones.
The same rule could be applied to these encryption algorithms. There
could always be a possibility of simplifying the encryption function.
Any algorithm that has no simplified* function publicly known may be
considered secure. Secure here means when you encrypt using key of ?x?
bits in length, if some one wants to decrypt it with out the knowledge
of the key you used has to brute force all possible key values (2^x).
Any possibility of being able to reduce/eliminate searching the entire
key space could be considered as a flaw or weakness in encryption
algorithm.

Now coming back to your question, all the ones you mentioned have no
flaws known to the world so far. So the tie breaker here would be the
one algorithm that is most scrutinized for flaws then the rest.

National Institute of Standards and Technology (NIST), in 1997, called
for submissions to choose new algorithm as a successor to the DES. 
People and institutions from several different countries submitted 15
different algorithms and after 3 years of through scrutiny by the
worlds best cryptographers and cryptanalysts, NIST has chosen Rijndael
as the winner. Rijndael is the Advanced Encryption Standard.

For most practical purposes, AES could be the most secure algorithm
for you to choose. Apart from the algorithm, the key length would also
matter. As you might know, higher the key length, higher will be the
security, but will reduce the efficiency of the algorithm. If you are
working on huge volumes of data and have time constraints with the
throughput of the encryption/decryption, you may choose to use AES-128
or may wish to test benchmarking if higher key values will work for
your application. If you have no such constraints, you may straight
use AES-256.

It's true that there is no universal answer to it, but it depends on a
lot of factors as explained in the previous post.

As it goes with the common-sense, the more the no. of keys, the more
secured the encrytpion would. However, that comes with a price of a
performance hit. Moreover, US gov. has been restricting the use of
advance encryption techniques. So if you are developing a product, may
be you can check out if you abide by the export compliance rules.

Another factor could be whether the provider has implemented the
chosen  algorithm in JCE (Java), or NSS(C or C++) for that matter. It
doesn't make any sense to write it yourself when it's available
everywhere.

I use a 3DES algorithm with 3 different keys which effectively gives
me 3* 56=168 bits of encryption. And I believe that only AES has a
superior encoding technique to this.

It suffices most of my needs and it's widely available through all the
libraries also.

AES has become the de facto standard nowadays though.. You may want to
use an AES-256 if the encryption/decryption is not processed for every
cycle. In the sense, if you process something everytime that needs to
be encrypted/decrypted, using 256-bit encryption may not be a right
choice. However, if you wanna use it for archiving or something like
that, it's certainly the best choice.

I say that Blowfish and he is used a lot in FreeBSD operating system
that is a very very secure :) operating system and it's free

The situation is:
- daily use of encrypted container
- sensitive business information
- size of the container: max 2Gb
- the data needs to be kept secure permanently

Hi, just FYI, the researcher doesn't know you responded to a request
for more info unless you reply to the question instead of posting a
comment. We don't get notified for comments.

No problem since I was monitoring this every day but just so you know
in the future if a researcher doesn't respond that may be the problem.

But to address your question -

You say the data must be kept secure permanently so unfortunately
there is a very simple answer.

There is NO known or even theoretical encryption method which
guarantees permenent security except for one-time use code books
(which can be used only for short messages) and there are ways to
break those if the message is long.

Every system in use depends on various mathematical functions and are
merely difficult to break, not impossible - faster computers or new
discoveries are always comming along to make them less secure and all
will eventually become easy to break.

Permanent data protection is only possible if the data isn't
transmitted electronically.

There are even some theoretical concerns over the latest encryption
method, quantum encryption.

Sorry but "permanent" protection just isn't possible, you need to
either determine whether the data really isn't so sensitive that it
must be kept secure permanently, or accept the fact that it will
eventually be broken and physically secure the data.

For most business and even government secrets 10 or 20 years is
usually long enough.

Otherwise, just pick the easiest, cheapest, and fastest "reasonably"
secure encryption method available.

Good luck and sorry I couldn't be more help.

Remember, you aren't charged for comments.

I saw that someone answered that there is no known algorithm to keep
data secure permanently, but when we say permanently, most of us don't
usually mean until the year 3010. As most data is not that sensitive,
not even Department of Defense data if I remember correctly. Even at
the current rate of computer enhancement, you would be well into 3010
before you could brute-force crack a modern symmetric cipher. Yet, if
you wanted even more strength you would look at a asymmetric cipher
like RSA, or even a elliptic curve cipher.

So, the next best thing would be an algorithm that has had the
greatest number of eyes on it. That would be Rijandel, or AES. The
U.S. government asked had multiple applicants apply with algorithms.
AES replaced DES, and in a sense replace triple-DES which is by far
more secure than DES. AES provides higher protection than 3-DES, but
is much faster.

The only algorithm that I would look at beyond AES would be RC5. RC5,
stands for Rivest Cipher 5, named after Ron Rivest, which was one of
the founders of the RSA algorithm (RSA mentioned above provides much
security, but is slower compared to symmetric ciphers). Still, RC5 was
declined by the government as a DES replacement, but part of that had
to do with RSA Inc's inability to release the cipher into the public
domain.