understanding encryption options in PA

[Socrates]

My question goes somewhat beyond the functions of PA; but since it directly includes those functions (and it is those functions that prompt this inquiry), I assumed that it is legitimate to ask it here.

The more I read about encryption, the more confused I become. I am not really asking about encryption in general, but about the encryption options within PA (including the soon to be released 2013).

As I recall from earlier posts, Spywolf, you described PAE as an encryption "wrapper." The impression I draw from that language is that the archive itself is not encrypted, but rather it is contained within what is presumably an impenetrable electronic wall which keep snooping eyes and keyboards out.

At the same time, your 7zip and zipx formats include their own encryption options. These appear to be internal to the archive structure. Hence, these engines not only compress the files, but, at the same time, they encrypt the contents of that compressed file.

Correct so far? If not, where I am going off the rails?

If I am correct, then (a) it seems that internal encryption would be better that encryption of the wrapper (since, for lack of a better phrase, it seems the encryption is through and through), and perhaps (b) the strongest encryption would be to have both through and through encryption AND an encrypted wrapper.

Still correct? Or not?

Finally, it seems that if a user employs double encryption [b above], then 1) there is a greater chance for the data to become corrupted, and 2) it will also take longer even for the owner to access to the data (since she will have to decrypt it twice — although I thought I once saw—but no longer see—an option to view archives inside a PAE wrapper transparently).

Why do I ask? I am trying to decide which encryption methods to use? In my reading online (which is not always entirely reliable) I seem to find a consensus that AES 256 (SPECIFICALLY Rijndeal AES 256) is the best, although Serpent 256 clearly has its devoted followers.

Direction? Clues about how to decide?

[spwolf]

for maximum security use pae, for convenience use zip or 7zip aes.

AES is unbroken standard... it was selected among various different codecs as the best.

[Socrates]

So PAE's AES is stronger than ZIPX's and 7ZIP's?

I infer, then, I just completely misunderstood the difference: PAE is more than just an encryption wrapper and ZIPX and 7ZIP do not encrypt through and through (the interior of the archive).

One last question. Will PAE be changing in 2013?

FYI. I did find this:
http://www.theregister.co.uk/2011/08...crypto_attack/

[spwolf]

Quote:

It's impressive work but there's no better cipher to use than AES for now.

:-)

If you use proper password (different characers, +10), it is impossible to break AES.

Encryption is always an wrapper, so in that sense, it is the same... for PAE there is no tools that brute force it, and we have made it on purpose very slow to check the password.

For AES encryption, only possible way to crack it is to brute force the password - which means trying every possible combination. So making it slower to check if password is correct, means less combinations can be tried at the same time.

Most important part is the password, something like greece3 is bad, while 9E:,a?_ is much better.

It does depend on what are you trying to encrypt... if it is nothing that some spy agency will want, then it might be better to use some "normal" password or else you might forget it and then damage is ever bigger.

For instance, we have received countless emails from students that encrypted their papers and forgot the password.... sorry guys!

[Socrates]

THANKS.

Remembering complex PW is tough. Years ago I tried RoboForm to help remember hundreds of of complex passwords. But I didn't care for it. So I tried CP-labs Password Manager XP, and have used it since. (I do not work for them or get a kick back from them.)

You can secure the database with multiple cyphers . . . including more than one at the same time. But some things I have been reading claim that multiple encryption formats at the same time might actually make it easier to break the encryption.


BTW, I did notice PAE was quite slow relative to other forms. Would speeding it up a bit still make it more secure without the loss of time?

[spwolf]

Quote:

Originally Posted by Socrates

THANKS.

Remembering complex PW is tough. Years ago I tried RoboForm to help remember hundreds of of complex passwords. But I didn't care for it. So I tried CP-labs Password Manager XP, and have used it since. (I do not work for them or get a kick back from them.)

You can secure the database with multiple cyphers . . . including more than one at the same time. But some things I have been reading claim that multiple encryption formats at the same time might actually make it easier to break the encryption.


BTW, I did notice PAE was quite slow relative to other forms. Would speeding it up a bit still make it more secure without the loss of time?

new version will be faster, while keeping all the advantages.

Keep in mind that AES itself is a standard, so it is same in every program (or it should be), it is everything else thats different and that may make the difference in speed or cracking or speed of cracking i guess :-).

I think for vast majority of population who simply dont want their docs easily available, some relatively simple yet unassuming password is fine... just dont use dates and names, because thats how dictionary attacks are done and are used for faster crack of the password.

[Socrates]

I had read (and, of course, we should be skeptical of what we read) indicates that the National Security Agency reviewed a number of AES 256 cyphers, and chose the Rijndeal cypher as the best -- and therefore, set it as THEIR standard.

So at least when the process began early this decade, it seems that no all AES 256 cyphers were the same.

I gather from your comment, that the losing candidates just disappeared. Right? A bit surprising, I must confess. But certainly possible.

If not -- if there are still some cypher want-to-be's -- , does PA use the Rijndeal 256 cypher in all functions, PAE, and, when selected, for ZIP and 7 ZIP?

[spwolf]

Quote:

Originally Posted by Socrates

I had read (and, of course, we should be skeptical of what we read) indicates that the National Security Agency reviewed a number of AES 256 cyphers, and chose the Rijndeal cypher as the best -- and therefore, set it as THEIR standard.

So at least when the process began early this decade, it seems that no all AES 256 cyphers were the same.

I gather from your comment, that the losing candidates just disappeared. Right? A bit surprising, I must confess. But certainly possible.

If not -- if there are still some cypher want-to-be's -- , does PA use the Rijndeal 256 cypher in all functions, PAE, and, when selected, for ZIP and 7 ZIP?

there were several ciphers submitted to become AES standard... Rijndael won, so Rijndael is AES.... no other candidates were called AES at any point in time. So whenever you see AES, it is Rijndael cipher.

[Socrates]

I just wanted to be sure.

I was thrown off a bit by the fact that some of your encryption drop down options include "Rijndeal" and some didn't. So I wondered if you were using two different cyphers. Just wanted to make certain.

Sorry to be a pest about this.

[spwolf]

Quote:

Originally Posted by Socrates

I just wanted to be sure.

I was thrown off a bit by the fact that some of your encryption drop down options include "Rijndeal" and some didn't. So I wondered if you were using two different cyphers. Just wanted to make certain.

Sorry to be a pest about this.

they were added at the time when Rijndael was proposed candidate, so everyone was asking about which one it is... however after all this time, now most people dont know what Rijndael is and they just recognize AES... back then, i think maybe 8-9 years ago, it was important to clarify that it is Rijndael.

[Socrates]

Given that, you might want to just use "Rijndeal" in all instances . . . or none at all. The fact that PA has it listed differently could be confusing.