- Forum
- Fedora 38 & 39
- Security and Privacy
- Stronger Than AES256 Encryption?
Results 1 to 15 of 16
Thread Tools
Search Thread
Display
23rd August 2017,08:11 AM #1
- Join Date
- Jul 2017
- Location
- Israel
- Posts
- 22
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Stronger Than AES256 Encryption?
US residents are limited to 256bit encryption by law; but for non-us residents, I assume the sky can be the limit, in terms of encryption strength. Is there "any" form of encryption stronger than AES256 available for non-us residents, say for encrpting documents, emails and web-surfing?
23rd August 2017,10:53 AM #2
- Join Date
- May 2017
- Location
- www
- Posts
- 135
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Re: Stronger Than AES256 Encryption?
Source: Government Access to Encrypted Communications: European UnionCurrently, there is no EU legislation that requires tech companies to disclose the keys to encrypted materials to law enforcement authorities, or to decrypt communications upon the request of a government.
As for the sky is the limit, Quantum cryptography could be the most advanced level of encryption.
HOW THE RANDOM NUMBER GENERATOR WORKS
The random number generators used today are based on computer algorithms or the randomness of physical processes, meaning they are essentially complex versions of rolling dice over and over again to get random numbers.
But while the numbers generated appear to be random, knowing certain information, such as how many dice are being used, can allow hackers to work out the numbers, leaving secured data vulnerable.
To overcome this problem, the new chip generates random numbers based on the quantum properties of light - a process that is inherently random and therefore impossible to predict no matter how much information is known.23rd August 2017,04:19 PM #3
- Join Date
- Nov 2008
- Posts
- 415
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Re: Stronger Than AES256 Encryption?
gpg secret keys are routinely 1024 or 2048 bits.
If I flip one balanced coin 5000 times, no one is going to be able to guess that 5000 bit sequence, regardless of knowing that only one coin was used to generate it. If it is pseudo-random numbers that is being referred to, no one uses pseudo-random numbers for encryption these days (unless they are running ancient hardware).
Additional comments:
It seems like there is a confusion, at least to me, of symmetric key encryption vs. public-private key encryption. The "number of dice" observation makes sense if you're talking about symmetric encryption, but those comments are coupled with random key generation (i.e. public-private keys).
Anyone know a reference for the law, which permits 2048+ bit encryption for public-private keys, but prohibits >256 bits for symmetric keys?
Last edited by dswaner; 23rd August 2017 at 05:36 PM.Reason: Additional comments
24th August 2017,03:49 AM #4
- Join Date
- Jun 2005
- Location
- Montreal, Québec, Canada
- Posts
- 8,830
- Mentioned
- 22 Post(s)
- Tagged
- 0 Thread(s)
Re: Stronger Than AES256 Encryption?
Threefish (twofish) encryption is stronger than AES, and I am advised, it uses less cpu cycles. I was also advised that the reason AES was chosen, was because it's more easily crackable than the ones I mentioned.US residents are limited to 256bit encryption by law; but for non-us residents, I assume the sky can be the limit, in terms of encryption strength. Is there "any" form of encryption stronger than AES256 available for non-us residents, say for encrpting documents, emails and web-surfing?
You could use threefish with some Cipher Block Chaining (CBC). Bruce Schnier is the one who developed these two. I have used them and 3des with CBC for software I sold to banks.
Leslie in Montreal
Interesting web sites list
http://forums.fedoraforum.org/showth...40#post169784024th August 2017,03:00 PM #5
- Join Date
- Nov 2008
- Posts
- 415
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Re: Stronger Than AES256 Encryption?
I briefly looked around http://csrc.nist.gov/, and was not able to find anything about legal maximum key lengths or security strengths - but did find some requirements that specified just the opposite - that certain minimum key lengths and security strengths were unacceptable.
I did learn to distinguish between key lengths and security strengths:
The security strength is measured in bits and is, basically, a measure of the difficulty of discovering the key. ... For example, RSA using a key length of 1024 bits (i.e., 1024-bit RSA) has a security strength of 80 bits, as does 2-key Triple DES, while 2048-bit RSA and 3-key Triple DES have a security strength of 112 bits.
24th August 2017,03:04 PM #6
- Join Date
- Aug 2010
- Location
- Al Ain, UAE
- Posts
- 2,028
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Re: Stronger Than AES256 Encryption?
AFAIK, AES256 is secure.
Problems with encryption usually reside in the implementation, not the algorithm itself.
That being said, I am also not aware of issues with the Linux implementation thereof.
24th August 2017,06:15 PM #7
- Join Date
- Jun 2005
- Location
- Montreal, Québec, Canada
- Posts
- 8,830
- Mentioned
- 22 Post(s)
- Tagged
- 0 Thread(s)
Re: Stronger Than AES256 Encryption?
Yes, AES is secure, no doubting that. And there is no issues with using AES anywhere. I believe it was chosen because it was "secure enough", and because some of the AES code can be implemented in more recent Intel/AMD chip firmware.Still, Twofish can produce a stronger encryption (meaning it's more difficult to determine the encryption key).
AES with CBC would take the American NSA or British MI5 security agency multiple heavy parallel computing in order to solve for the key. You or I with our fastest home computers would take us years. And by the time we solve it, someone would have changed keys for the subsequent message.
Leslie in Montreal
Interesting web sites list
http://forums.fedoraforum.org/showth...40#post169784024th August 2017,06:25 PM #8
- Join Date
- Aug 2010
- Location
- Al Ain, UAE
- Posts
- 2,028
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Re: Stronger Than AES256 Encryption?
BTW, AES256 is used by military up to the level of Secret. The only difference with regular Linux AES256, is that the military version was audited. If you want to test it yourself, you can get the AES test vectors from the NIST web site.
If you are really paranoid, then you can encrypt something and then test it for compressibility with zip and if it doesn't compress, do a chi square test for randomness.
This is how the problem with cryptoloop implementation was found. Somebody did a compression test and then raised the alarm.
24th August 2017,08:54 PM #9
- Join Date
- Nov 2008
- Posts
- 415
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Re: Stronger Than AES256 Encryption?
It seems odd that the gpg default cipher algorithm (for symmetric keys and for protecting secret keys) is AES [128], if AES256 is superior.
25th August 2017,01:03 AM #10
- Join Date
- Jun 2005
- Location
- Montreal, Québec, Canada
- Posts
- 8,830
- Mentioned
- 22 Post(s)
- Tagged
- 0 Thread(s)
Re: Stronger Than AES256 Encryption?
University of Maryland has a great encryption course, offered by a Dr. Katz
I followed it. I recommend it.Leslie in Montreal
Interesting web sites list
http://forums.fedoraforum.org/showth...40#post16978403rd September 2017,03:23 PM #11
- Join Date
- Jul 2017
- Location
- Israel
- Posts
- 22
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Re: Stronger Than AES256 Encryption?
Great comments everyone. I hope to be able to take an encryption course, in the near future.
I discovered that 256 bit encrption was the US limit years ago, when I applied for an export license. I had to read about 40 pages of stuff that couldn't be exported from the US. At the time it was illegal to export or import anything stronger than 128 bit.
A very relevant BTW. "D-WAVE SYSTEMS" of Canada has been shipping 512qbit quantum computers since 2011 and is now shipping 2048qbit quantum computers. The age of quantum craking is upon us "now," so I've been thinking that an upgrade to at least NTRU or something similar that can withstand some quantum attacks is reasonable. Especially in the crypto-currency sector.
https://www.youtube.com/watch?v=60OkanvToFI
Quantum computing is not tomorrow's news, it's yesterday's. It's probably time to address this.
22nd May 2018,04:53 PM #12
- Join Date
- Mar 2017
- Location
- A Galaxy Far Far Away...
- Posts
- 35
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Re: Stronger Than AES256 Encryption?
You are comparing Apples to Oranges. AES to RSA, and those RSA keys you are referring to, are actually weaker than 256 bit AES encryption. I used to know how to convert them down, but I forget, maybe someone else can chime in.
22nd May 2018,05:02 PM #13
- Join Date
- Mar 2017
- Location
- A Galaxy Far Far Away...
- Posts
- 35
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Re: Stronger Than AES256 Encryption?
At the current moment, you don't need anything stronger than 128 bit AES encryption, certainly not stronger than 256 bit AES. It should be more than adequate.
22nd May 2018,07:40 PM #14
- Join Date
- Nov 2008
- Posts
- 415
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Re: Stronger Than AES256 Encryption?
You are correct - my understanding then was too simplistic. The length of the key and the number of bits in the security strength of the algorithm are measuring two different things.
23rd May 2018,01:44 PM #15
- Join Date
- Nov 2008
- Posts
- 415
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Re: Stronger Than AES256 Encryption?
Reply With Quote
Originally Posted by r12jkf3Quick NavigationSecurity and PrivacyTop
- Site Areas
- Settings
- Private Messages
- Subscriptions
- Who's Online
- Search Forums
- Forums Home
- Forums
- Fedora Resources
- Fedora 38 & 39
- Other Versions
- Community Lounge
- Exploring Open Source
- The Dungeon
- Archived (Click Header To See Sub-Forums)
- F39 Development Forum
- Fedora Project Elections
- F38 Development Forum
- F37 Development Forum
- F36 Development Forum
- F35 Development Forum
- F34 Development Forum
- F33 Development Forum
- F32 Development Forum
- F31 Development Forum
- F30 Development Forum
- F29 Development Forum
- F28 Development Forum
- F27 Development Forum
- F26 Development Forum
- F25 Development Forum
- F24 Development Forum
- F23 Development Forum
- F22 Development Forum
- F21 Development Forum
- F-20 Development Forum
- F19 Development
- F18 Development
- F17 Development Forum
- F16 Development
- F15 Development
- F14 Development
- Fedora 13 Development Branch
- Fedora 12 Alpha, Beta & Release Candidates
- Alpha, Beta & Snapshots Discussions (Fedora 11 Only)
- Alpha, Beta & Snapshots Discussions (Fedora 10 Only)
- Alpha - Beta (Fedora 9 Only)
- Fedora Core 2 Test Releases
- Fedora Core 3 Test Releases
- Fedora Core 4 Test
- Fedora Core 5 - Dev
- Links
- Advisories & Updates
- Gallery
- Archived (Click Header To See Sub-Forums)
Similar Threads
-
Red Hat CEO: From the economic rubble, open source will emerge stronger
By Demz in forum Wibble
Replies: 9
Last Post: 10th January 2009, 12:54 AM
-
Encryption on FC4
By magicdawg29 in forum Servers & Networking
Replies: 0
Last Post: 2nd August 2005, 06:10 PM
-
Cryptoloop: AES256
By cdyson37 in forum Security and Privacy
Replies: 1
Last Post: 7th December 2004, 07:04 AM
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
[[template footer(Guest)]]
User Alert System provided by Advanced User Tagging (Lite) - vBulletin Mods & Addons Copyright © 2023 DragonByte Technologies Ltd.
Google Authenticator verification provided by Two-Factor Authentication v1.1.0 (Free) -vBulletin Mods & Addons Copyright © 2023 DragonByte Technologies Ltd.
As an expert in cryptography and computer security, it's clear that the discussion in the provided forum revolves around the strength of encryption algorithms, particularly focusing on whether there are encryption methods stronger than AES256. I'll break down the concepts discussed in the forum and provide additional insights:
-
AES256 Encryption:
- Advanced Encryption Standard (AES) with a key size of 256 bits (AES256) is widely considered secure for various applications, including document encryption, emails, and web-surfing.
-
Legal Limitations on Encryption Key Lengths:
- The forum mentions that U.S. residents are limited to 256-bit encryption by law. It's important to note that export restrictions on encryption technologies were prevalent in the past, but these limitations have evolved, and the legal landscape may have changed since the forum's date in 2017.
-
EU Legislation and Encryption:
- According to a forum member, there is no EU legislation requiring tech companies to disclose encryption keys to law enforcement authorities. This information emphasizes the importance of understanding regional differences in encryption-related regulations.
-
Quantum Cryptography:
- Quantum cryptography is highlighted as a potential advancement in encryption. The forum suggests that quantum properties of light can be used to generate random numbers, providing a form of encryption that is inherently random and resistant to predictability.
-
GPG and Key Lengths:
- The forum discusses the key lengths of GPG (GNU Privacy Guard), indicating that GPG secret keys are routinely 1024 or 2048 bits. There is also a distinction made between symmetric key encryption and public-private key encryption.
-
Threefish (Twofish) Encryption:
- A forum member suggests that Threefish (a variant of Twofish) encryption is stronger than AES and uses fewer CPU cycles. Twofish is mentioned as having been developed by Bruce Schneier.
-
Security Strength vs. Key Length:
- The forum delves into the difference between security strength and key length. For example, RSA with a key length of 1024 bits has a security strength of 80 bits, while 2048-bit RSA has a security strength of 112 bits.
-
Discussion on AES256 and Twofish Security:
- Members discuss the security of AES256, stating that it is used by the military up to the level of Secret. Twofish is mentioned as potentially providing stronger encryption, and the forum emphasizes that issues with encryption often reside in the implementation rather than the algorithm itself.
-
Quantum Computing and NTRU:
- The forum participant raises concerns about the advent of quantum computing and suggests considering an upgrade to encryption methods like NTRU that can withstand quantum attacks.
-
Encryption Course Recommendation:
- A forum member recommends a cryptography course offered by the University of Maryland, indicating its usefulness.
In conclusion, the forum provides a diverse range of perspectives on encryption, including legal aspects, quantum computing, key lengths, and the strengths of specific encryption algorithms such as AES256 and Twofish. The participants demonstrate a depth of knowledge in cryptography and engage in discussions regarding the evolving landscape of encryption technologies.
