Veracrypt: Which encryption algorithm + hash algorithm to use?
Which between the two encryption algorithms
Serpent(Twofish(AES))is most secure and which hash algorithm to use between
And what would you personally use?
I know this probably isn't a good question, but I ask anyway because I'm curious to know, please don't bash me too hard guys..
I would only use SHA-512 for the hash, and would ditch the Serpent cascade because it is too slow
TL;DR, it doesn't matter. If someone really wants the contents of your drive, they're more likely to beat the password out of you, use a keylogger or camera to get the password, steal the device while it's unlocked, or one of a million other meatspace methods rather than bothering with anything cryptanalytic. Relevant xkcd.. I personally would simply use AES/SHA-512 — chaining incurs a severe performance penalty for negligible security benefit, and SHA-512 is likely to perform slightly faster on a 64-bit processor given typical file sizes.
As Stephen Touset already answered: The Algorithm might not be as important as you think.
The only way you would want several algorithms at once is longterm security. So your bet is: One of them will be broken some day and the others maybe won't. By theory thats a good way to go. But you might face several issues with it. Some of them are possibly:
- Size of the encrypted information
- Runtime Performance
I suggest you have a look at 'cascade encryption' e.g. at wikipedia or read something Bruce Schneier wrote about it. In case you decide to only have one layer of encryption: Use AES ( at least if you encrypt your OS). Because AES is so widely used it has been implemented as an extension to the x86 instruction set architecture used in INTEL and AMD processors. This means you can do it at almost no time cost and (assuming you wont change the number of rounds and so on) AES-256 is really a practically secure thing (afaik).
Just make sure you use a secure password ( > 30 chars, possibly random) and dont fiddle around with algorithm settings (but I'm not even sure veracrypt will let you).
Edit: Since @jondoe666 is pretty right in his criticism of my post this shall make it a little more complete:
Yes. For most of the things I wanted to do, AES was pretty sufficient. If your case requires some extra security feel free to apply as much extra layers as you want. Concerning the performance: Of course the tradeoff is performance for encryption. If you choose to encrypt using multiple layers your CPU will have to do more cycles for every de-/encryption than it has to cycle for just one layer. The question is not if it gets slower the question is: Will I notice. And for the poor thinkpad I am currently using the answer is: YES. I do notice. But since you asked:
And what would you personally use?
Thats it. I don't really care about the Hashes (unless you're trying to use SHA1 or MD5). I really prefer SHA-256 over SHA-512 but just because I think it is sufficient. Might really depend on your level of paranoia as well as what you have read about the other options.
Runtime performance ? Performance penalties? Really? In 2017, our processors are fast enough till the point it is negligible, and extra security is cheap, why not just use the maximum security settings possible? I should have also mentioned what I currently use: AES(Twofish(Serpent)) + Whirlpool + maximum allowed 63 characters randomly generated using pwgen for windows + 500 PIM rounds and I don't notice any performance penalties, it is super fast as if nothing, so what's all this stuff about performance penalties?