Better than Truecrypt/Keepass

[feredim-924]

Is there anything out there better than Truecrypt/Keepass combo?

 

[SecurityTheatre]

There are things that are different. Better is pretty damn subjective when it comes to encryption and security.

Is there anything out there better than pizza (or sushi/curry/whatever)?

 

[feredim-924]

Do you live in a subjective universe?

Most people just go by encryption strength or algorithm cascade lol

 

[SecurityTheatre]

By encryption strength, "better" than Truecrypt.... hmmm, not really.

AES is pretty good. Serpent is arguably better. Twofish isn't bad too.

The strongest combination AES-Twofish-Serpent is probably pretty damn good.

As in... you know, heat death of the universe before its cracked....

You're looking for better than that?

 

[feredim-924]

Yes much better than that.

 

[Mr. Pedantic]

Yes much better than that.

Why?

 

[feredim-924]

i want one

 

[Mr. Pedantic]

i want one

That's not a reason. You want one because...?

 

[wirednuts]

i use trucrypt and keepass. love it. keepass has really changed my life, as i do everything digitally now. all i remember is just one complex password that i really dont even know- its just a big ass pattern on the keyboard that i remember.

just know that you must always use a standard layout keyboard to log in!

 

[blackangst1]

By encryption strength, "better" than Truecrypt.... hmmm, not really.

AES is pretty good. Serpent is arguably better. Twofish isn't bad too.

The strongest combination AES-Twofish-Serpent is probably pretty damn good.

As in... you know, heat death of the universe before its cracked....

You're looking for better than that?

Whether or not cascading ciphers weakens or strengthens data is still up for debate.

That said, to address the OP, if you take three separate programs that all use AES, and you use the same password for all three, they will be equal. The implementation of AES is pretty standard at this point. This excludes the possibility of hidden back doors, etc. Just speaking on the encryption itself.

Personally I prefer TC because its open source. Paranoid? Maybe. But whatever you choose, AES with a passphrase 20+ characters long = no one's gonna break it any time soon. Certainly not in your lifetime.

 

[SecurityTheatre]

Whether or not cascading ciphers weakens or strengthens data is still up for debate.

That said, to address the OP, if you take three separate programs that all use AES, and you use the same password for all three, they will be equal. The implementation of AES is pretty standard at this point. This excludes the possibility of hidden back doors, etc. Just speaking on the encryption itself.

Personally I prefer TC because its open source. Paranoid? Maybe. But whatever you choose, AES with a passphrase 20+ characters long = no one's gonna break it any time soon. Certainly not in your lifetime.

Theoretically, a one time pad is the most secure form of encryption, but it is not practical.

Every bit of practicality you add reduces the security. Examples of certain implementations (such as WEP) use tricks (such as very short initialization vectors) to make the stream less secure, but more practical to use and implement cheaply in hardware.

AES most certainly isn't the most secure algorithm, theoretically, but it is the one that has been subjected to (arguably) the most mathematical analysis. It's worth pointing out that a number of schemes that were considered theoretically secure in the past, were found to have very subtle mathematical flaws in them.

In fact, the strength of AES was discovered to be an order of magnitude lower than was originally thought, just a few years ago. But that doesn't really matter, since it is still beyond the combined processing capability of the entire world's computers combined to crack AES-256 via brute-force keyspace attacks within your lifetime. That's not to say there won't be a mathematical weakness found in AES (or any other algorithm) at some point that utterly destroys it, though most cryptographers find that highly unlikely given the strenuous study that goes into the math behind these algorithms.

But to be fair, there is always something more secure. But if you're talking about some tool that is going to encrypt your tax returns or your foot fetish porn, the weakness is not in the algorithm anyway. The weakness is in the implementation, in the password input method, in the password itself... there are theoretical weaknesses in the device drivers that mount the file system, there are theoretical risks in the hooks that place those drivers into kernel space so it can appear as removable media. There are risks in the operating system surrounding things like caching (Windows 7 WILL cache those foot fetish pictures in pretty high res format) and in your browsing and file history. Programs like Microsoft Word will leave temproary files with your tax return data all over the place.

The problem in security as LITTLE to do with the encryption algorithm, which is one of the many reasons I came across as so dismissive in the first place.

More specific questions draw more specific answers.


Personally, I also agree about TrueCrypt. Tested algorithms, open source code, solid drivers. It's about as good as you can find (balancing usability with security).

 

[unokitty]

You can use mathematical set theory to demonstrate that a one time pad is the only cryptographic algorithm that is theoretically unbreakable. But security depends on more than the algorithm.

One example was the cold war Soviet Diplomatic traffic that utilized a double encryption system, with the second encryption being a one time pad.

You can read about how the NSA cracked it here.

Many believe that, given present technology, it is impossible to correctly implement a one time pad.

But you don't need a perfectly secure cryptosystem. You just need one that requires more time, or money, to break than your opponent.

As securitytheatre has pointed out, an algorithm is only part of the issue...

Another important issue is who is your opponent? And what resources do they have available?

My perception is that security only exists within a specific context. Attempting to ascertain what is best, without a context, doesn't seem to be a likely to be a productive endeavour...

But it can be fun to speculate...

Uno

 

[fastman]

Yes, http://en.wikipedia.org/wiki/Pretty_Good_Privacy

 

[SecurityTheatre]

Yes, http://en.wikipedia.org/wiki/Pretty_Good_Privacy

By what evidence to submit that PGP (RSA, or IDEA?) is more secure than AES?

I doubt that is the case for statically encrypted data. Certainly, PGP supports public/private keys and thereby can be used for public key cryptography, which TrueCrypt cannot. But for static encryption, it's far weaker by every measure I've ever seen.

In fact, I just ran across some discussion in the PGP mailing list a long time ago about implementing Twofish (and AES) into the software because, frankly, a block cypher with a shared keypair is more appropriate to encrypting static content than a public key algorithm like IDEA is.

It's laso worth pointing out that RSA and IDEA were developed in the 1970s and are entirely different (and difficult to compare) to something like AES or Twofish, but I don't see an argument for them being "more secure" (as it is very unlikely to be true).

In practice, though, the only way to break any of them is to attack the passphrase or other weakness in the encryption system. Most of the time this is done with keyloggers or via simple dictionary attacks, making this whole argument silly.

 

[fastman]

This for SecuirtyTheatre... the OP hurt my feelings in another thread

But in his original question:
"Is there anything out there better than Truecrypt/Keepass combo"
I took "better" as easier to use. I have used PGP Whole Disk Encryption and found it very easy to use and a good solution for privacy concerns. I attempted to use Truecypt a few times and failed everytime, so I base my statement on that alone.
As to which is more secure, I have no idea?
You seem well versed, welcome

 

[SecurityTheatre]

Thanks Mr Speedy.

Modern truecrypt is pretty easy to use to create both volume and file-image based containers and in Windows it does a great job of Full-Disk encryption with pre-boot authentication.

The OP seems to be pretty full of it. I'd guess he's probably a teenager. You know how it goes.

 

[fastman]

Yeah its been a few years since I tried it. I may look at it again thanks.

 

[Joepublic2]

I like diskcryptor better than truecrypt because it lets me use a 64 byte keyfile to boot the drive, which truecrypt can't do (as good of security as a 64 char ascii password and I don't have to type it in, only plug in a USB drive which can be unplugged after the machine starts booting). It's also more secure because it can install its unencrypted boot loader onto a cd or usb flash drive rather than into the MBR of the boot drive like truecrypt has to, removing an attack vector altogether. (It's also GPL)

Also, it's cryptographically stronger to fill the drive with random data before you encrypt it, although for all intents and purposes it's unessecary. dd if=/dev/frandom of="writeable LBA device" is the fastest way I've found to fill a block device with pseudorandom data (/dev/urandom is slowwwwwww).

http://www.billauer.co.il/download/frandom-1.1.tar.gz

There are much better (and more deniable) ways to hide data these days than on a fully encrypted hard drive, though. Yes, it's secure on the drive but having an encrypted hard drive in the first place destroys one's plausible deniability.