[schoen]

By "don't build elaborate cascades (all cascades qualify)", do you mean "no cascade construction is preferable to any other", or "every cascade is too elaborate to be worthwhile"? (The second implies the first, but the first doesn't imply the second.)

[tptacek]

Every symmetric cipher cascade is bad.

[_qbxp]

So the cascading cypher options (AES-Serpent-Blowfish) for VeraCrypt volumes are less safe than a simple AES encrypted volume?

Serious question. I know nothing about crypto, just assumed "more is better, but slower".

[tptacek]

Anything that uses Blowfish since 2010 is incompetently designed (Blowfish has an 8-byte block size).

AES-Serpent is probably not less safe than AES; it's just not necessarily as much more safe as you'd expect.

A much bigger concern than which precise ciphers you're using is which block cipher mode you're operating under; Truecrypt/Veracrypt uses XTS --- like most disk encryption --- which (among other things) isn't authenticated.

The funniest thing about TC/VC's cascades is that the keys are derived from passwords anyways: a giant clunking complicated block cipher cascade resting on top of a low-entry password secret. It's just a silly design.

[wakkaflokka]

What would be your ultimate recommendation on storing sensitive data, if not TC/VC?