Title says it. A friend and I were wondering what the most difficult to break encryption is that’s available to install on a computer. And a second question, what is the strongest one that’s free (no high-end enterprise stuff)?
The one-time pad is the strongest possible encryption, and is an almost trivial algorithm available to anyone. However, it does have certain practical difficulties relating to the exchange of the key.
You might set up a one-time pad.
Most probably, the “strongest” one will be one of the newest methods. But, since they are new, it’s somewhat unknown which is actually strong and didn’t introduce new flaws while correcting those of previous methods.
In general, I would say that you’re fine to just accept anything that’s been accepted as a standard by some organization which knows what it’s doing, and from there just worry about which software has a decent user interface.
AES-256 is probably your best bet for modern algorithms. 3DES if you want something that has stood up to attack for many years.
Keep in mind, though, that there’s no guarantee that these won’t both be cracked tomorrow.
There’s also no guarantee that we won’t be invaded by Martians.
There’s no such thing as “high-end enterprise stuff”. The quality of an encryption algorithm is not determined by how much you pay for it.
Another member has already mentioned AES256 and 3DES. These algorithms are well-known and widely implemented in free software (and by “free” I mean free of charge as well as free to modify, study, copy, and redistribute). Other popular ciphers include CAST5 and Blowfish. All four of these are implemented by free encryption programs such as GnuPG. If you want a free, high-quality encryption tool on your computer, you should consider getting GnuPG, plus one of the GUI front-ends and/or e-mail software plugins. But remember to read the documentation—an encryption tool is effective only if it is used properly and if you take the necessary steps to guard your private keys, to guard your passphrases, and to select secure passphrases. The strongest encryption tool in the world isn’t going to protect your data if you leave your private key lying around, or if you choose a short or easily-guessed passphrase.
That’s a terrible idea; how do you know that the software you are using properly implements the algorithm it says it does, or that it even implements it at all? How do you know it doesn’t accidentally leave plaintext copies of your secret keys and passphrases on your hard drive, or worse yet, surreptitiously send all your passphrases and secret keys to the program’s author? Clearly there is a more important criterion to consider than whether the program has a nice interface, and that criterion is whether the program is subject to peer review. If the author won’t let anyone else examine the source code of his program, then you have only his word that the program does not function improperly or maliciously. On the other hand, if the author makes the source code available to independent third parties (or preferably the public at large), then they will have a chance to scrutinize it, and can report their analyses and criticisms. In this way insecure algorithms, or insecure implementations of algorithms believed to be secure, can be exposed and the public warned.
Regrettably, most people don’t care whether the source code is available for their day-to-day software. But when it comes to high-quality encryption software, you’d be a fool not to insist on a Free (i.e., open-source) tool, especially considering the preponderance of snake-oil cryptography and spyware.
GnuPG is good for encrypting email messages or other communications - for encrypting your own files, it is somewhat clunky.
Another option is Truecrypt, which lets you create virtual encrypted disks stored in files on your computer, that you access through an unused drive letter (like W:, for example). Every file you copy to the virtual drive is stored, in encrypted form, in the virtual drive’s file - which you can copy, email, or distribute like any other file.
When not in use, the virtual drive files are unidentifiable as anything but random data.
You can also encrypt entire hard drives, USB keys, and the like. The software lets you choose from a large number of different encryption algorithms, as well. It really is a great piece of software - there is a Mac OS X version coming soon as well.
Being a command-line tool, GnuPG is pretty clunky at everything—hence my suggestion to get a third-party GUI or an application plugin. A file browser extension, for example, will make it easy to encrypt or decrypt individual files on disk using a symmetric cipher. For encrypting an entire filesystem, however, I agree that a dedicated tool like Truecrypt is the way to go. It would help if the OP would indicate how (s)he intends to use the encryption tool; this would help us make more specific recommendations.
For the truly paranoid, get 10 different encryption programs each using a different encryption scheme. Encrypt your data using all 10 programs, while using a different passcode each time.
I don’t know what the difference might be, but Mac OS X Disk Utility has already has an encryption scheme. I can make an encrypted disk image with no problem. Perhaps this is something different.
And then for extra security, expose your hard drive to an 8.21 gigawatt electric field to randomize the encryption!
I’d just like to point out here that, although you are allowed to modify such a program, I wouldn’t recommend it, unless you know a heck of a lot about encryption and computer security. There are a lot of subtleties involved, and a naïve user might think e’s improving the security, when e’s actually destroying it.
This message has been rot-13 encrypted twice, for added security.
Unless you can code it yourself, it doesn’t make a difference one way or the other. Even if it’s open source, you would still need to be capable of implementing it just to be able to verify that it was properly implemented. For an average Joe, that’s pretty well out of the realm of feasibility.
Obviously, the more research you do on whatever package you are going to go for is better, but at some point you have to assume that the package does what it says, or do it yourself.
And then call your buddy to tell him the passwords.
Sure it does. With proprietary software, you have only the word of the original implementor, or copyright holder, that the program is secure. And if they’re trying to sell you the product with a view to making a profit, that automatically calls their neutrality and honesty into question. With free software, you often have multiple, independent, and impartial assessments of the program’s security. And even if not, if you can’t program yourself but have some money, you can pay someone else to make such an assessment.
Oh man, you got it wrong! You need to use 3R26 encryption - triple rot-26 - or any Cub Scout with a copy of Boy’s Life will be able to crack your stuff.
For those who might not realize it, this suggestion is a joke.
In many encryption systems, running your plaintext message thru the encryption twice, or running it thru 2 separate encryption algorithims one after the other, generally makes the encryption weaker. As I understand it, this tends to expose repeated patterns & shifts that make it easier for an expert analyst to break your encryption.
People might have realized that from the follow-up comments, but we should make it clear that this is not a real suggestion.