undefined | Better HN

0 pointstptacek8y ago0 comments

Anything that uses Blowfish since 2010 is incompetently designed (Blowfish has an 8-byte block size).

AES-Serpent is probably not less safe than AES; it's just not necessarily as much more safe as you'd expect.

A much bigger concern than which precise ciphers you're using is which block cipher mode you're operating under; Truecrypt/Veracrypt uses XTS --- like most disk encryption --- which (among other things) isn't authenticated.

The funniest thing about TC/VC's cascades is that the keys are derived from passwords anyways: a giant clunking complicated block cipher cascade resting on top of a low-entry password secret. It's just a silly design.

0 comments

wakkaflokka8y ago

What would be your ultimate recommendation on storing sensitive data, if not TC/VC?

j / k navigate · click thread line to collapse

0 pointstptacek8y ago0 comments

Anything that uses Blowfish since 2010 is incompetently designed (Blowfish has an 8-byte block size).

AES-Serpent is probably not less safe than AES; it's just not necessarily as much more safe as you'd expect.