OmniNegro 155 Posted ... No real rules about only discussing streaming ciphers or such. Talk about what you like. I used to peruse Wikipedia and try to learn at least one single new thing every day, but in time, I have gotten lazy. Perhaps some of you can spark a revitalized interest for me? I will start by saying that of all ciphers currently in use online, I like Blowfish the best. This may well shock some of you. I know it is typically a 128 bit cipher and cannot be extended by most users as it is. But the reason I like it the most is that after all this time, I cannot find one single example where it was successfully broken in full strength. (Most every cipher can be broken if reduced to a weaker strength, but the test of time is what shows how strong they really are.) If AirVPN were interested in experimenting with a new cipher, or even a cascading stack of older ciphers, what would be your suggestion and why? I would probably suggest Threefish. But that would simply wreck routers and weaker systems. So it is just not a good option for most users. But I suspect it would be highly resistant to brute forcing. Please join in and do not hold back. Opinions are welcomed here. Good day everyone. Quote Hide OmniNegro's signature Hide all signatures Debugging is at least twice as hard as writing the program in the first place.So if you write your code as clever as you can possibly make it, then by definition you are not smart enough to debug it. Share this post Link to post
zhang888 1066 Posted ... Blowfish is a 64 bit CBC mode cipher and it is outdated.Some vulnerabilities were discovered recently, one of them is Sweet32:https://sweet32.infohttps://community.openvpn.net/openvpn/wiki/SWEET32 ECDHE and ECDSA ciphers are a good option for the future, but they areonly supported on OpenVPN 2.4.0+ and thus will not be compatible with all users. Currently the service is configured to be pretty much on the level that is recommendedon the official hardening wiki for OpenVPN:https://community.openvpn.net/openvpn/wiki/Hardening 1 OmniNegro reacted to this Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
OmniNegro 155 Posted ... Interesting. I had not heard that Blowfish finally broke down. Schneier has been advocating Twofish for a very long time for good reason it seems. To think that it only takes 32GB of data in a single session to break it is more than a little surprising. But I guess it held out for a long time nonetheless. (From 1993 until 2016 when the Sweet 32 documents were published.) Thanks for the links. Good day everyone. Quote Hide OmniNegro's signature Hide all signatures Debugging is at least twice as hard as writing the program in the first place.So if you write your code as clever as you can possibly make it, then by definition you are not smart enough to debug it. Share this post Link to post
OmniNegro 155 Posted ... Anyone have some thoughts on when or if Serpent will ever be included in OpenVPN? For those who do not already know, this is an exact quote from Wikipedia of why AES was won by Rijndael instead of Serpent."Rijndael is a substitution-linear transformation network with ten, twelve, or fourteen rounds, depending on the key size, and with block sizes of 128 bits, 192 bits, or 256 bits, independently specified. Serpent is a substitution-permutation network which has thirty-two rounds, plus an initial and a final permutation to simplify an optimized implementation. The round function in Rijndael consists of three parts: a nonlinear layer, a linear mixing layer, and a key-mixing XOR layer. The round function in Serpent consists of key-mixing XOR, thirty-two parallel applications of the same 4×4 S-box, and a linear transformation, except in the last round, wherein another key-mixing XOR replaces the linear transformation. The nonlinear layer in Rijndael uses an 8×8 S-box whereas Serpent uses eight different 4×4 S-boxes. The 32 rounds means that Serpent has a higher security margin than Rijndael; however, Rijndael with 10 rounds is faster and easier to implement for small blocks. Hence, Rijndael was selected as the winner in the AES competition." Basically, if you use a mobile device or router to handle encryption, Serpent can only make things slower for you. But if you use a PC, Serpent greatly enhances the already impossible task of breaking the encryption. Good day everyone. Quote Hide OmniNegro's signature Hide all signatures Debugging is at least twice as hard as writing the program in the first place.So if you write your code as clever as you can possibly make it, then by definition you are not smart enough to debug it. Share this post Link to post
iwih2gk 94 Posted ... I use Serpent exclusively for crypto where I have a choice in algo. e.g. LUKS headers, GPG keys, etc... 1 OmniNegro reacted to this Quote Share this post Link to post