1

First of all, I'm relatively new to encryption so please bear with me. I'm looking for a way to encrypt large amounts of data only on my device, no need to transfer my encrypted files/data (10-20GB or less), I don't really care about speed as long as the encryption is really strong. I have tried encryption with AES-GCM and using RSA for encrypting the AES Keys, but AES doesn't really give me that safety feeling like it's only 256bits maximum.

kelalaka
  • 48,443
  • 11
  • 116
  • 196
Ilkay Solotov
  • 13
  • 1
  • 3
  • 4
    There is no best option only advantages and disadvantages, after that the preferable choice. AES-256 is classical and quantum secure, RSA is very slow and not for encryption either! AES has CPU instruction that makes it very fast. You should consider the Veracrypt Volume that handles most of the problems that you did not consider, like how the encryption keys are handled, etc. – kelalaka Jan 03 '21 at 12:10
  • @kelalaka I meant that many people suggested me to use AES-GCM and encrypt the AES key with RSA – Ilkay Solotov Jan 03 '21 at 12:12
  • Have a strong password like dice were provided then use KDF to derive the encryption key. When we talk about the AES-GCM or any CTR based solution like ChaCha20-Poly1305, the first question is do you update the files? If so, an observer of both can extract some part of the plaintext. This means you need to provide all details about your files, your act on them, and the risks, too. – kelalaka Jan 03 '21 at 12:18
  • Most likely just encrypt any kind of file so it becomes unusable but which can be decrypted to make it usable again, i was looking for a very safe encryption to prevent cracking – Ilkay Solotov Jan 03 '21 at 12:26
  • This one includes updates "https://crypto.stackexchange.com/q/84439/18298", however, as I said use Veracrypt! – kelalaka Jan 03 '21 at 12:31
  • 5
    You may want to re-evaluate your feeling of safety with 256-bit keys given that it would take all of the the sun's energy to even count to $2^{192}$ within 32 years. And that's one $2^{64}$th of the required energy to count to $2^{256}$. – SEJPM Jan 03 '21 at 12:36
  • @SEJPM Well, what if a god wanted to decrypt my file in 32 years using the sun, huh? – Ilkay Solotov Jan 03 '21 at 12:52
  • 3
    If a god needs to decrypt your files then it is a false god. Be realistic about your risks! – kelalaka Jan 03 '21 at 12:56
  • 4
    You have a much higher risk of someone guessing the password used to protect the RSA key that's protecting the AES key than breaking the AES key. – Swashbuckler Jan 03 '21 at 14:23
  • @IlkaySolotov: 32 years of the Sun energy are needed to brute-force a 192-bit key. For 256-bit key 2^64 more time is needed, i.e. 600 000 000 000 000 000 000 years. It is extremely longer than the Universe exists, 14 000 000 000. AES is not breakable with current knowledge. – mentallurg Jan 03 '21 at 17:01
  • There is that theoretical "need"... especially implied around God or A God. The God may not need, but out of entertainment might want to do such things. – mrSidX Oct 05 '23 at 12:18

3 Answers3

2

Based on your comments I have a feeling that may be you don't really understand what a huge number of combinations a 256-bit key means. At the first glance 256 bit is "just" 16 bytes. But look at it closer. With 256 bits we can encode $2^{256} = 10^{77}$ numbers. It is 100 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 000 numbers.

Still too theoretical? You may get better feeling if you run a simple Python script:

i = 0
while i < 100000000000000000000000000000000000000000000000000000000000000000000000000000: # 2^256 ~= 10^77
    if (i % 100000000 == 0):
        print i
    i = i + 1

Every second, on weaker CPUs may be every 10 seconds, you will see a 9-digit number. In 1 day you will see the numbers are 10-digits. In 100 days you will see 12-digit numbers. In 3 years you will see 13-digit numbers. If you pay for 1 000 computers for 30 years, then you will get 16-digit numbers. Still extremely far from 77-digit numbers.

This script is very simple and fast. But brute-forcing of AES will be much slower. For every key candidate one would need to decrypt some considerable peace of data, then analyze if decrypted data mean anything like document, image, video.

Be realistic. Estimate how much money would an attacker obtain if your files are brute-forced and if they can sell your files to somebody. Will they get \$1 000, \$1 000 000? Nobody will brute-force your AES password (except checking against dictionary with typical weak passwords and their variations, which is very quick). If your secrets are worth \$1 000 000, then it may be much cheaper to pay hackers $500 000 to break into your system, read your passwords or install key loggers; or install spy cameras in your home, your car etc. and thus get your passwords; or steal your key if you have hardware token.

TLDR: AES with 256-bit key is more than sufficient.

mentallurg
  • 2,611
  • 1
  • 16
  • 22
  • Is this one PC going at it or a scaleable megacluster? What about quantum integrations? I wonder if there will be some clever ideas to getting a fast calculation as close to intinify as possible! – mrSidX Oct 05 '23 at 12:21
  • 1
    @mrSidX: Do the math and you get answers to your questions. Also this question can be helpful. It is about AES-128, not AES-256. But you get the idea. – mentallurg Oct 06 '23 at 14:45
0

As @mentallurg answered: use AES-256. Today, any cipher at or above 128-bit security level is very strong and as John Kelsey says: "Thare is no meaningful difference between 192-bit and 256-bit keys in terms of practical bruteforce attacks; impossible is impossible."

But, just to bear with you: you can use Threefish-1024. Threefish is a fast and secure tweakable block cipher with three different key/block sizes: 256, 512 and 1024 bits that is suitable for encrypting large data files, when is using with a block cipher mode like CMC or EME.

Hypatia
  • 355
  • 1
  • 6
0

I don't think you need RSA either. Where will you store the private key and how will you protect it from being stolen anyway? Use a good and hard to guess password, and a long enough salt and use a good KDF to derive an AES key to encrypt your data, I think it will work better? And 256 bits is huge, it will take many times longer than the age of current universe, using every single computer in this world to successfully crack 256 bit AES, as others have told already.

Manish Adhikari
  • 601
  • 5
  • 12