Jump to content
Not connected, Your IP: 54.197.64.207
OmniNegro

What ciphers do you like and why?

Recommended Posts

No real rules about only discussing streaming ciphers or such. Talk about what you like. I used to peruse Wikipedia and try to learn at least one single new thing every day, but in time, I have gotten lazy. Perhaps some of you can spark a revitalized interest for me?

 

I will start by saying that of all ciphers currently in use online, I like Blowfish the best. This may well shock some of you. I know it is typically a 128 bit cipher and cannot be extended by most users as it is. But the reason I like it the most is that after all this time, I cannot find one single example where it was successfully broken in full strength. (Most every cipher can be broken if reduced to a weaker strength, but the test of time is what shows how strong they really are.)

 

If AirVPN were interested in experimenting with a new cipher, or even a cascading stack of older ciphers, what would be your suggestion and why? I would probably suggest Threefish. But that would simply wreck routers and weaker systems. So it is just not a good option for most users. But I suspect it would be highly resistant to brute forcing.

 

Please join in and do not hold back. Opinions are welcomed here. Good day everyone.


Debugging is at least twice as hard as writing the program in the first place.

So if you write your code as clever as you can possibly make it, then by definition you are not smart enough to debug it.

Share this post


Link to post

Blowfish is a 64 bit CBC mode cipher and it is outdated.

Some vulnerabilities were discovered recently, one of them is Sweet32:

https://sweet32.info

https://community.openvpn.net/openvpn/wiki/SWEET32

 

ECDHE and ECDSA ciphers are a good option for the future, but they are

only supported on OpenVPN 2.4.0+ and thus will not be  compatible with all users.

 

Currently the service is configured to be pretty much on the level that is recommended

on the official hardening wiki for OpenVPN:

https://community.openvpn.net/openvpn/wiki/Hardening


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

Interesting. I had not heard that Blowfish finally broke down. Schneier has been advocating Twofish for a very long time for good reason it seems.

 

To think that it only takes 32GB of data in a single session to break it is more than a little surprising. But I guess it held out for a long time nonetheless. (From 1993 until 2016 when the Sweet 32 documents were published.)

 

Thanks for the links. Good day everyone.


Debugging is at least twice as hard as writing the program in the first place.

So if you write your code as clever as you can possibly make it, then by definition you are not smart enough to debug it.

Share this post


Link to post

Anyone have some thoughts on when or if Serpent will ever be included in OpenVPN?

 

For those who do not already know, this is an exact quote from Wikipedia of why AES was won by Rijndael instead of Serpent.

"Rijndael is a substitution-linear transformation network with ten, twelve, or fourteen rounds, depending on the key size, and with block sizes of 128 bits, 192 bits, or 256 bits, independently specified. Serpent is a substitution-permutation network which has thirty-two rounds, plus an initial and a final permutation to simplify an optimized implementation. The round function in Rijndael consists of three parts: a nonlinear layer, a linear mixing layer, and a key-mixing XOR layer. The round function in Serpent consists of key-mixing XOR, thirty-two parallel applications of the same 4×4 S-box, and a linear transformation, except in the last round, wherein another key-mixing XOR replaces the linear transformation. The nonlinear layer in Rijndael uses an 8×8 S-box whereas Serpent uses eight different 4×4 S-boxes. The 32 rounds means that Serpent has a higher security margin than Rijndael; however, Rijndael with 10 rounds is faster and easier to implement for small blocks. Hence, Rijndael was selected as the winner in the AES competition."

 

Basically, if you use a mobile device or router to handle encryption, Serpent can only make things slower for you. But if you use a PC, Serpent greatly enhances the already impossible task of breaking the encryption.

 

Good day everyone.


Debugging is at least twice as hard as writing the program in the first place.

So if you write your code as clever as you can possibly make it, then by definition you are not smart enough to debug it.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...