Stronger Than AES256 Encryption?
FedoraForum.org - Fedora Support Forums and Community
Page 1 of 2 1 2 LastLast
Results 1 to 15 of 16
  1. #1
    Join Date
    Jul 2017
    Location
    Israel
    Posts
    22

    Stronger Than AES256 Encryption?

    US residents are limited to 256bit encryption by law; but for non-us residents, I assume the sky can be the limit, in terms of encryption strength. Is there "any" form of encryption stronger than AES256 available for non-us residents, say for encrpting documents, emails and web-surfing?

  2. #2
    Join Date
    May 2017
    Location
    www
    Posts
    135

    Re: Stronger Than AES256 Encryption?

    Currently, there is no EU legislation that requires tech companies to disclose the keys to encrypted materials to law enforcement authorities, or to decrypt communications upon the request of a government.
    Source: Government Access to Encrypted Communications: European Union

    As for the sky is the limit, Quantum cryptography could be the most advanced level of encryption.

    HOW THE RANDOM NUMBER GENERATOR WORKS
    The random number generators used today are based on computer algorithms or the randomness of physical processes, meaning they are essentially complex versions of rolling dice over and over again to get random numbers.
    But while the numbers generated appear to be random, knowing certain information, such as how many ‘dice’ are being used, can allow hackers to work out the numbers, leaving secured data vulnerable.
    To overcome this problem, the new chip generates random numbers based on the quantum properties of light - a process that is inherently random and therefore impossible to predict no matter how much information is known.

  3. #3
    Join Date
    Nov 2008
    Posts
    415

    Re: Stronger Than AES256 Encryption?

    gpg secret keys are routinely 1024 or 2048 bits.

    If I flip one balanced coin 5000 times, no one is going to be able to guess that 5000 bit sequence, regardless of knowing that only one coin was used to generate it. If it is pseudo-random numbers that is being referred to, no one uses pseudo-random numbers for encryption these days (unless they are running ancient hardware).

    Additional comments:

    It seems like there is a confusion, at least to me, of symmetric key encryption vs. public-private key encryption. The "number of dice" observation makes sense if you're talking about symmetric encryption, but those comments are coupled with random key generation (i.e. public-private keys).

    Anyone know a reference for the law, which permits 2048+ bit encryption for public-private keys, but prohibits >256 bits for symmetric keys?
    Last edited by dswaner; 23rd August 2017 at 05:36 PM. Reason: Additional comments

  4. #4
    Join Date
    Jun 2005
    Location
    Montreal, Que, Canada
    Posts
    5,492

    Re: Stronger Than AES256 Encryption?

    Quote Originally Posted by r12jkf3
    US residents are limited to 256bit encryption by law; but for non-us residents, I assume the sky can be the limit, in terms of encryption strength. Is there "any" form of encryption stronger than AES256 available for non-us residents, say for encrpting documents, emails and web-surfing?
    Threefish (twofish) encryption is stronger than AES, and I am advised, it uses less cpu cycles. I was also advised that the reason AES was chosen, was because it's more easily crackable than the ones I mentioned.

    You could use threefish with some Cipher Block Chaining (CBC). Bruce Schnier is the one who developed these two. I have used them and 3des with CBC for software I sold to banks.
    Leslie in Montreal

    Interesting web sites list
    http://forums.fedoraforum.org/showth...40#post1697840

  5. #5
    Join Date
    Nov 2008
    Posts
    415

    Re: Stronger Than AES256 Encryption?

    I briefly looked around http://csrc.nist.gov/, and was not able to find anything about legal maximum key lengths or security strengths - but did find some requirements that specified just the opposite - that certain minimum key lengths and security strengths were unacceptable.

    I did learn to distinguish between key lengths and security strengths:

    The security strength is measured in bits and is, basically, a measure of the difficulty of discovering the key. ... For example, RSA using a key length of 1024 bits (i.e., 1024-bit RSA) has a security strength of 80 bits, as does 2-key Triple DES, while 2048-bit RSA and 3-key Triple DES have a security strength of 112 bits.

  6. #6
    Join Date
    Aug 2010
    Location
    Al Ain, UAE
    Posts
    2,010

    Re: Stronger Than AES256 Encryption?

    AFAIK, AES256 is secure.

    Problems with encryption usually reside in the implementation, not the algorithm itself.

    That being said, I am also not aware of issues with the Linux implementation thereof.

  7. #7
    Join Date
    Jun 2005
    Location
    Montreal, Que, Canada
    Posts
    5,492

    Re: Stronger Than AES256 Encryption?

    Quote Originally Posted by flyingfsck
    AFAIK, AES256 is secure.

    Problems with encryption usually reside in the implementation, not the algorithm itself.

    That being said, I am also not aware of issues with the Linux implementation thereof.
    Yes, AES is secure, no doubting that. And there is no issues with using AES anywhere. I believe it was chosen because it was "secure enough", and because some of the AES code can be implemented in more recent Intel/AMD chip firmware.

    Still, Twofish can produce a stronger encryption (meaning it's more difficult to determine the encryption key).

    AES with CBC would take the American NSA or British MI5 security agency multiple heavy parallel computing in order to solve for the key. You or I with our fastest home computers would take us years. And by the time we solve it, someone would have changed keys for the subsequent message.
    Leslie in Montreal

    Interesting web sites list
    http://forums.fedoraforum.org/showth...40#post1697840

  8. #8
    Join Date
    Aug 2010
    Location
    Al Ain, UAE
    Posts
    2,010

    Re: Stronger Than AES256 Encryption?

    BTW, AES256 is used by military up to the level of Secret. The only difference with regular Linux AES256, is that the military version was audited. If you want to test it yourself, you can get the AES test vectors from the NIST web site.

    If you are really paranoid, then you can encrypt something and then test it for compressibility with zip and if it doesn't compress, do a chi square test for randomness.

    This is how the problem with cryptoloop implementation was found. Somebody did a compression test and then raised the alarm.

  9. #9
    Join Date
    Nov 2008
    Posts
    415

    Re: Stronger Than AES256 Encryption?

    It seems odd that the gpg default cipher algorithm (for symmetric keys and for protecting secret keys) is AES [128], if AES256 is superior.

  10. #10
    Join Date
    Jun 2005
    Location
    Montreal, Que, Canada
    Posts
    5,492

    Re: Stronger Than AES256 Encryption?

    University of Maryland has a great encryption course, offered by a Dr. Katz
    I followed it. I recommend it.
    Leslie in Montreal

    Interesting web sites list
    http://forums.fedoraforum.org/showth...40#post1697840

  11. #11
    Join Date
    Jul 2017
    Location
    Israel
    Posts
    22

    Re: Stronger Than AES256 Encryption?

    Great comments everyone. I hope to be able to take an encryption course, in the near future.

    I discovered that 256 bit encrption was the US limit years ago, when I applied for an export license. I had to read about 40 pages of stuff that couldn't be exported from the US. At the time it was illegal to export or import anything stronger than 128 bit.

    A very relevant BTW. "D-WAVE SYSTEMS" of Canada has been shipping 512qbit quantum computers since 2011 and is now shipping 2048qbit quantum computers. The age of quantum craking is upon us "now," so I've been thinking that an upgrade to at least NTRU or something similar that can withstand some quantum attacks is reasonable. Especially in the crypto-currency sector.

    https://www.dwavesys.com/

    https://www.youtube.com/watch?v=60OkanvToFI

    Quantum computing is not tomorrow's news, it's yesterday's. It's probably time to address this.

  12. #12
    Join Date
    Mar 2017
    Location
    Buenos Aires, Argentina
    Posts
    17

    Re: Stronger Than AES256 Encryption?

    Quote Originally Posted by dswaner
    gpg secret keys are routinely 1024 or 2048 bits.
    You are comparing Apples to Oranges. AES to RSA, and those RSA keys you are referring to, are actually weaker than 256 bit AES encryption. I used to know how to convert them down, but I forget, maybe someone else can chime in.

  13. #13
    Join Date
    Mar 2017
    Location
    Buenos Aires, Argentina
    Posts
    17

    Re: Stronger Than AES256 Encryption?

    At the current moment, you don't need anything stronger than 128 bit AES encryption, certainly not stronger than 256 bit AES. It should be more than adequate.

  14. #14
    Join Date
    Nov 2008
    Posts
    415

    Re: Stronger Than AES256 Encryption?

    Quote Originally Posted by jjstorm
    You are comparing Apples to Oranges. AES to RSA, and those RSA keys you are referring to, are actually weaker than 256 bit AES encryption....
    You are correct - my understanding then was too simplistic. The length of the key and the number of bits in the security strength of the algorithm are measuring two different things.

  15. #15
    Join Date
    Nov 2008
    Posts
    415

    Re: Stronger Than AES256 Encryption?

    Quote Originally Posted by dswaner
    It seems odd that the gpg default cipher algorithm (for symmetric keys and for protecting secret keys) is AES [128], if AES256 is superior.
    The explanation is likely that 128 is still adequate, and that changing long standing default behavior may break lots of scripts.

Page 1 of 2 1 2 LastLast

Similar Threads

  1. Replies: 9
    Last Post: 10th January 2009, 12:54 AM
  2. Encryption on FC4
    By magicdawg29 in forum Servers & Networking
    Replies: 0
    Last Post: 2nd August 2005, 06:10 PM
  3. Cryptoloop: AES256
    By cdyson37 in forum Security and Privacy
    Replies: 1
    Last Post: 7th December 2004, 07:04 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •