Indeed using a 3-cascades algorithm offers the best protection on the long term, and any of the two available in VeraCrypt is OK.
As for the hash, there are those who stick with Whirlpool in order to avoid the NSA designed SHA-512. Personally I don't see any problem with using SHA-512 or SHA-256 even if the latest has smaller security margins.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2015-02-16
and which cascade and which hash would you recommend as the strongest enryption for the WHOLE SYSTEM?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The same answer I gave above applies to system encryption apart from the hash since only SHA-256 is recommended (RIPEMD-160 is also available by it's deprecated because of its age).
So AES(Twofish(Serpent)) or Serpent(Twofish(AES)) combined with SHA-256 is the strongest combination. However, you have to be aware that this will slow your system considerabely because of the cascade algorithm poor performance.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2015-02-16
is the old RIPEMD-160 still secure? or is it also hacked?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Well, there is no publicly known attack against the full RIPEMD-160 but because of its old design and its outdated bit size (160-bit), it is recommended to move to a more modern hash algorithm (256-bit minimum). Moreover, an interesting advancement in attacks of RIPEMD160 was published in 2013 (https://eprint.iacr.org/2013/600.pdf) which could lead to more practical attacks in the near future.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2015-02-19
Which of the three hashes would you personally prefer? (SHA-512, SHA-256, Whirlpool)
(I know you will say that all three are safe, but which one whould YOU prefer...)
Thanks...
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I am learning to customising verecrypt. I want to remove all algorithm visible on the drop list except AES using MVS 2008. Or to set AES as default without the user noticing which algorith is using without selecting when he creates volume. Another thing I want to put a picture when a user is rotating the mouse to get the key . Send the responce to kdmuthavhine@gmail.com. I am using MVS 2008
Encryption:
Customization of encryption algorithms is good idea. We can separate system logic and encryption. (create crypto plugins). It is possible but rather complex task.
Random:
Random generation is old and important problem. Several directions (plugins structure is important also)
1. Sources of random value (any noise like - mouse, keyboard, sound, even special hardware generator etc.)
2. Estimation of random quality (methods like entropy, MonteCarlo etc.)
Current conclusion:
Main problem is too solid architecture of VeraCrypt.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
What combination would I need to use, for maximum strength encryption on a VeraCrypt device or container?
My best guess is this:
AES-Twofish-Serpent with SHA-512. Is this correct?
Assume:
Not hidden
Speed isn't an issue
Indeed using a 3-cascades algorithm offers the best protection on the long term, and any of the two available in VeraCrypt is OK.
As for the hash, there are those who stick with Whirlpool in order to avoid the NSA designed SHA-512. Personally I don't see any problem with using SHA-512 or SHA-256 even if the latest has smaller security margins.
and which cascade and which hash would you recommend as the strongest enryption for the WHOLE SYSTEM?
The same answer I gave above applies to system encryption apart from the hash since only SHA-256 is recommended (RIPEMD-160 is also available by it's deprecated because of its age).
So AES(Twofish(Serpent)) or Serpent(Twofish(AES)) combined with SHA-256 is the strongest combination. However, you have to be aware that this will slow your system considerabely because of the cascade algorithm poor performance.
is the old RIPEMD-160 still secure? or is it also hacked?
Well, there is no publicly known attack against the full RIPEMD-160 but because of its old design and its outdated bit size (160-bit), it is recommended to move to a more modern hash algorithm (256-bit minimum). Moreover, an interesting advancement in attacks of RIPEMD160 was published in 2013 (https://eprint.iacr.org/2013/600.pdf) which could lead to more practical attacks in the near future.
Which of the three hashes would you personally prefer? (SHA-512, SHA-256, Whirlpool)
(I know you will say that all three are safe, but which one whould YOU prefer...)
Thanks...
I personally prefer using SHA-512: it's the most reviewed hash algorithm and it offers a strong security level.
I am learning to customising verecrypt. I want to remove all algorithm visible on the drop list except AES using MVS 2008. Or to set AES as default without the user noticing which algorith is using without selecting when he creates volume. Another thing I want to put a picture when a user is rotating the mouse to get the key . Send the responce to kdmuthavhine@gmail.com. I am using MVS 2008
Encryption:
Customization of encryption algorithms is good idea. We can separate system logic and encryption. (create crypto plugins). It is possible but rather complex task.
Random:
Random generation is old and important problem. Several directions (plugins structure is important also)
1. Sources of random value (any noise like - mouse, keyboard, sound, even special hardware generator etc.)
2. Estimation of random quality (methods like entropy, MonteCarlo etc.)
Current conclusion:
Main problem is too solid architecture of VeraCrypt.