No, The Nsa Can't Really Bruteforce Your Encryption!

should be at least as good as AES. It along with blowfish and several other ciphers were finalists in the AES encryption stadard contest, i.e. the cipher than won the vote (rijndael) became what is now known as AES.

AES has certainly been under the most scrutiny, meaning that nearly everyone in the crypto field have been trying to break it, so what flaws it has are likely to known (i.e. its likely that far more is known about flaws existing in AES) simply because it is the most commonly used, and most interest, or harm caused by any security flaws. There's nothing to suggest any of the other candidates are less secure, but have been under much less scrutiny so could have flaws that havent been discovered simply due to less scrutiny.

It makes sense that AES being the nost commonly used cipher it would be subject to more interest in finding cryptographic breaks. AES was chosen because it was voted as having the best balance of computational speed and security.

Crypto adds computational overhead, moden CPUs implement AES instructions in hardware, making it faster with less overhead than other ciphers if software utilizes these AES instruction in its code.

 

how much performance penalty would I expect to see using blowfish, serpent etc vs AES (you know, the whole "security triangle thing")? Because thats really the only reason I would pick AES over a different cipher, throughput overhead. Actually might consider twofish, or AES for the main volume and something like serpent or twofish for more sensitive volumes where performance isn't an issue. .. or none of the above .. I usually just use AES-xts-plain64 ... essiv might be better, but complex IV algorithms aren't needed with xts, though I don't think they could hurt anything.

social engineering and literal bruteforce attacks (physical or psychological torture, etc) are likely the most effective attacks on crypto.

I would imagine that they could build ASICs for any crypto.. but when we're talking numbers like 2^256 a few orders of magnitude is not really as significant as it seems. And then there is cost, ASICs arent cheap. The general consensus seems to be that being able to break it enough to allow decryption of all AES ciphertext just isnt possible ... at least not now or for the forseeable future. This would probably be only a concern for high profile terrorists; like, how likely is that the NSA is going to spend their resources trying to break a block device image from YOUR computer (probably not likely at all)... i think you know what I'm saying. They have big fish to fry, and we're not even fish at all, so I'd think they'd spend those enormous resources trying to fry the big fish.

Good to see you lode, havent seen you in a while Im supposed to be asleep but awoke and couldnt go back to sleep so here I am. I will read the link you provided, when im not half asleep anymore so hopefully I can understand at least a bit of it .. I read through it quickly, the math is way over my head and wasnt able to come to any real conclusion about how severe the implications of this attack are. I may leave it with the crypto math majors and let them help me decipher it (no pun intended)

How do you feel about XTS with ESSIV, ciphers aside?

I will provide a link to a thread on reddit about this very same topic .. no idea who the OP of this thread is but I found it pretty interesting
https://www.reddit.com/r/cryptography/comments/3yqy6n/related_key_attacks_can_reduce_computational/

oh btw .. it seems a new link has been posted to reddit regarding the article you linked. Someone was interested in this same article but there doesn't seem to be any comments yet
https://www.reddit.com/r/cryptography/comments/3yvrlk/schramm_kai_gregor_leander_and_patrick_felke_a/

understanding this stuff is pretty important, in fields like ours, at least if you want a good GPA, or job security

 

I found this interesting:
http://postits4tga4cqts.onion/index.php?cat=pub&date=2015-12-31&id=76394543

 

Here's some more info:

The bolded parts are what is the most relevent: Halderman, J. Alex, and Nadia Heninger. "How Is NSA Breaking so Much Crypto?" Freedom to Tinker. N.p., n.d. Web. 31 Dec. 2015.

J. Alex Halderman is an associate professor of Computer Science and Engineering at the University of Michigan and director of Michigan’s Center for Computer Security and Society.
Nadia Heninger is an assistant professor of Computer and Information Science at the University of Pennsylvania.

 

Great post IRQ42, very interesting. It's funny how you mention how learned and intelligent the people who invent these kind of things are. It sort of reminds me, I'm looking to switch jobs at the moment so get a lot emails about training courses. One I keep getting sent is 'Learn to be an ethical hacker!'. Really?! If I was anything like techy enough to work as a pen tester, I'd probably have gone to university and studied computing and been one already, not bought some over priced course from the internet .