Hacker News new | ask | show | jobs
by JoachimSchipper 5466 days ago
To condense a long reply: AES works just fine. If you're really paranoid, use SALSA-after-Blowfish-after-AES or something like that. Designing your own cipher is a bad idea, and I'm pretty sure you couldn't buy a sufficient number of the handful of truly competent people in this area (and even if you could, you should prefer a battle-tested algorithm.)
1 comments
marshray 5466 days ago
SALSA-after-Blowfish-after-AES or something like that

Still you could easily end up with something much less secure than any of them used independently. For example, read about the "meet-in-the-middle" attack.

link
JoachimSchipper 5466 days ago
We obviously use three independent keys. The security of the composition is then at least as good as the security of the best of these algorithms. (You're right that it's not much better, but it doesn't need to be; I don't see how you get "much less", were you thinking of using the same key for each algorithm?)

If you somehow convince yourself that the NSA can break many well-known encryption algorithms and that it's willing to risk exposing this ability to shut down your botnet (which is the counterfactual I'm working off in this thread), this may give you some peace of mind: Blowfish and AES are well-tested designs by separate teams and SALSA is a very simple, very different design that you can easily implement yourself and that's pretty resistant to side-channel attacks. It seems likely that any agency that can break all three can break anything you can come up with.

link
marshray 5465 days ago
When you said "something like that" I began imagining the type of liberties a well-meaning developer might take with that advice. For example, he might use the same key for all algorithms. He might use two block ciphers with two keys. The effective security you get from these constructions is notoriously counterintuitive.

We obviously use three independent keys. The security of the composition is then at least as good as the security of the best of these algorithms.

That's not obvious at all to an implementer. For example, there are NIST standards for 1-, 2-, and 3-key variations on triple-DES. http://en.wikipedia.org/wiki/Triple_DES#Keying_options

link