2.2.4 semi-released!
October 3, 2013
Google Malaysia falls victim to DNS hijacking
October 11, 2013
Show all

What data encryption algorithm should we use?

There’s been this whole hullabaloo and a lot of fear mongering given the recent Snowden leaks. In light of this we are re-looking at our data encryption algorithm to see if it would be worthwhile to change this.

We have narrowed it down to the following:

  1. Blowfish 128 bit
    This is what we are using currently. Blowfish is fast but seen by experts as a weaker algorithm than AES though this is debatable. One of the perceived benefits is that Blowfish is not used by the NSA, however this is purely an association issue. The cipher is still deemed to be secure.
  2. AES 128 bit
    On modern systems (newer than Pentium 4) this runs faster than Blowfish and may be more secure than Blowfish. It is generally seen as secure up to the year 2030. Some experts claim it’s more secure than 256 bit AES. It is also widely used and has greatest compatibility.
  3. AES 192 bit
    In many cases, still faster than Blowfish 128 bit. Gives a little bit more headroom for bruteforcing. However employs a weaker key schedule than AES 128 bit so may NOT be necessarily more secure (weakness is still theoretical and debatable). This is debatable still but generally is seen as more secure than 128 bit since a higher bit means more protection from brute-forcing (though even 128 bit offers crazy crazy protection against brute forcing).
  4. AES 256 bit
    Generally seen as highest level security, and used for top secret communications by the US government. However also employs a weaker key schedule than AES 128 (weakness is theoretical and debatable still). Tends to be the slowest of all the ciphers evaluated. Theoretically provides protection against quantum computing (which doesn’t quite exist just yet).

In general, our opinion is that the reason why people are moving to 256 bit AES is mostly marketing in that they can claim they are using maximum top secret grade encryption and the frequent misguided approach of ‘higher is better’. Some experts actually view 128 bit AES as more secure than 256 bit.

Our personal take is that 128 bit or 192 bit AES is more than enough without affecting performance too much. We have yet to see how well supported is 192 bit AES in certain systems though.

Here are some relevant sources for you to read to help you evaluate:

Guess why we’re moving to 256-bit AES keys

Cryptographic Key Length Recommendation

Another New AES Atttack

9 Comments

  1. Traith says:

    And yet, most entities will eventually go to AES 256. You might as well follow suit. For although, most of the people in the know will tell you AES128 is the optimum choice,using either 128 or 256 still means that the encryption is good enough.

    Will having both ‘128 performance’ and ‘256 TSA special’ options be a big hassle?

    Going AES 256 might get your more sales and will help with compatibility issues down the road. That AES 256 is not superior to AES128… the average user will incorrectly beg to differ.

    • Reuben says:

      Dear Traith,

      I think with proper education we rather make the right choice than the incorrect one to pander to perceived notions.

      Not all our customers are privacy cryptographic maniacs and when explained and via our informal Facebook poll, almost everyone chose AES 128 when presented with the facts.

      The main reason we don’t want to have more options to choose is that it further complicates our product and also AES 256 will raise additional load on our servers for no real good reason. Of course as the time comes when we do need an upgrade, we will of course do it but we believe in not going overboard with theoretical encryption strength at the cost of speed and usability.

  2. Indingo says:

    Blowfish 128 bit.

    I would continue using this. It has been tried and tested for many years and even with the Snowden documents holds strong. Also the possibility that the Snowden documents are a ruse to get people to use less secure AES algorithms.

    I vote Blowfish 128 bit every day.

  3. zero says:

    How about elliptic curve cryptography (ECC) with 256 bit?

  4. Traith says:

    … or Twofish or Threefish? Either way, in most cases, you’re as well protected as your choice of keys anyway.

    AES256 slow? One of my company’s secure servers does AES 256 (client’s specification)… almost half of the CPU time is spent doing the encrypt/decrypt when I send/receive the day’s files. Granted it’s an old server but… it pretty much kills my laptop when I’m transferring to/fro. Funny thing, it actually reassures the client when they hear that.

    Whichever one we eventually go with is good enough for me. If I were that paranoid… I can always send stuff on a 3″ floppy wrapped in copper foil attached to a pigeon’s leg. I’d go with AES 128 personally. Pigeons… bird flu.

  5. Indingo says:

    I still say Blowfish 128. I don’t trust the NSA but I do trust Bruce Schneier. I would be happy with BlowFish/TwoFish/ThreeFish, anything that Bruce works on is trust worthy to me, anything funded and researched by the NSA is dodgy, I don’t favor AES in any form.

  6. Dano says:

    What about increasing the public keys from 1024 to 2048? Would that help security a bit more?

  7. My Name says:

    Please AES 256 for symmetric encryption and something like RSA 2048 or even 4096 for asymmetric.

Leave a Reply

Your email address will not be published. Required fields are marked *