Inspired by this thread, as a TrueCrypt user, I was wondering what the advantage of double or triple encryption is over single.
TC offers AES, twofish and serpent encryption methods. I use the basic TC containers to create mountable virtual drives and use triple encryption (AES, twofish and serpent). But if someone trying to hack one of my drives only needs to guess the password, what is the point of using more than one encryption method on the same set of data?
A separate question is how secure do you think a long phrase is as a password rather than a shorter set of random characters. I normally use phrases that are 20-30 characters long (including spaces and punctuation).
I work in secure IT and don’t know the answer to the rest of your questions. However, there are two sides to the question above. One is provable by math which should show that your password as described is incredibly secure. Most hacking doesn’t happen that way though. The math for a random attack is incredibly more unlikely than just social hacking. That is, long and complex passwords tend to get written down on notes and reused over and over so it doesn’t matter how long or complex they are past a reasonable limit. Computers can’t crack moderately complex passwords in any reasonable amount of time yet the IT security types keep trying to make them more and more complicated and it is completely counterproductive.
I am a systems administrator and could probably hack into just about everything some of our employees have based on what they tell me when dealing with my systems alone (that isn’t going to happen BTW because I try to help them learn and protect themselves). Computers have vastly outclassed people’s habits when it comes to real security.
My IT experience leads me to also agree with shagnasty – such long phrases are LESS secure than a short random password.
Something that long can’t be random & still easily memorized, so people will choose some phrase meaningful to them. So it’s not random, thus figuring it out is NOT the mathematical process of checking all possible combinations of characters (generally not possible in a reasonable time) but the sociological process of finding out enough about the person to guess what phrase they used. That’s much easier.
Just like when people are allowed to use short passwords of all letters – you can guess the majority of them by trying info about that person – their spouse’s name, kids names, pets names, mothers maiden name, etc.
Superencryption increases mathematical complexity and makes plain-text attacks much harder (the second encryption hides any possible plaintext generated by the first). Stacking encryption methods is not trivial, though. Algorithms must be analysed to ensure that the second encryption does not actually weaken the first, and different keys must be used at each stage. This requirement makes passphrase restrictions more important (the passphrase must generate two or three independent keys, not just one).
There can be a difference between a password and a passphrase - a password is complete of itself, but a passphrase may be used to generate cryptographic keys for encryption/decryption - in this situation the passphrase must contain sufficient bits to generate the keys with enough entropy to make them unpredictable and distributed across the key-space. Short passphrases must use key-expansion to generate the required bits - this key-expansion process may reduce security.
Even if the same password is used at each stage, an attacker trying to guess the password will have to decode the message three times. This triples the load on his computer and makes brute force attacks harder.
Because the person attacking your data may not be attempting a dictionary attack on the password. If they are attacking the crypt itself (with or without some plaintext knowledge/assumptions) then multiple layers of encryption will hide the weaknesses of a single layer (as long as the stacked encryptions meet the requirements I mentioned above).
I don’t know if this helps, but one of the things you have to do for Trucrypt is to make random mouse movements to generate a hash-something or other. Maybe the random string it creates from this (you can see the letters being generated as you do it) is used to obscure the password some how? Does that make sense?
I’m not sure I’ve understood everything so let me try to deconstruct the process and see how close I get.
When I mount a drive using my password, I would guess that this unlocks the random number pool that was generated by some combination of my passphrase and random mouse movements. The algorithm then knows where to look in this decrypted string to get the keys for either the next level of encryption or both of the next levels. Does that sound right?
I yield to your experience as a general proposition, but I have been using long pass phrases for years, and not a one of them would be reasonably discoverable by a “sociological process of finding out enough” about me.
When you create a volume, Truecrypt builds the random number pool, and asks you to provide additional input into this process (by moving the mouse to add entropy). This random pool contributes to the generation of the master key (and other keys) used to encrypt the data. Your passphrase (I use passphrase because it is the actual decryption key) is used to encrypt the volume header, which contains all the other keys and information about the volume (including any bits selected from the Random Number Pool).
When you mount a volume, Truecrypt asks for the passphrase. This is used to decrypt the volume header, and the keys within that is used to decrypt the volume. You can use a keyfile to provide the keys, and point it at your favourite MP3, or a pin protected Smartcard or other device. This means that multiple people can store the key/access the volume without sharing a single passphrase - they use their own password/pin to access the smartcard.
I’m a long-time TrueCrypt user (I even used its predecessor, E4M). si_blakely did a good job of explaining this, but I thought I’d try in more layman-speak.
Your data is actually encrypted with a random 128-bit key. The mouse movements help TC make this key “more random.” The key is stored near the beginning of the TC volume file, but it’s encrypted with your password.
When you enter your password, TC uses your password to decrypt this 128-bit key, and then that key is what’s used to decrypt all the data on the volume. Your password isn’t used after that, only the random 128-bit key is.
Let’s assume you use the maximum number of random characters for your password and there is no way anyone would ever be able to guess it.
I believe one of the reasons Truecrypt gives you the ability to use multiple encryption algorithms is so that if any one or two of the three standards become publicly compromised and therefore easily cracked, you may still be able to rely on the third at least until such time that it too is cracked.
I’m not a cryptography expert, but to me the obvious reason for using triple encryption is that if one of the algorithms becomes compromised your data will still be protected, whereas if you are relying on only on encryption algorithm and it is compromised your data is now compromised until you can re-secure it with an encryption algorithm that has not been compromised.