Add alternative encryption algorithms #895
Comments
|
AES (Rijndael) was adopted by the US as the standard encryption algorithm, not designed by the US like your other issue claims. Xchacha20 was not approved by the US, it is just becoming more standard across the industry. If you claim they have backdoors, please post the proof. They have been known for quite some time to be secure. With a lot of different encryption software on the market, I would say it is a bigger concern with what software your using for encryption, open-source vs proprietary, strength of your password... Do you have any proof that the US government made such a threat to this projects developer? Carrying through with such a threat though, in the US would be a big constitutional violation if you understand US law, so I'm sure the people would love to know of this one. Adding more ciphers to the software will increase the codebase, make it a bigger maintenance burden and possibility of introducing security issues. I would not recommend this being done. If you want extra options like more ciphers, VeraCrypt is probably better suited. |
|
@CodeCracker-oss ok mr police man, i see your point. I don't buy it. AES encryption forced by the US government as and Xchacha20, since they have backdoors there.
That is irrelevant argument. If i would have knowledge about backdoors in AES it is obvious i would never tell about it to the random person on the internet for free, because this knowledge have high price.
The purpose of tool for encryption is to ensure data will be encrypted with a way that ensure nobody can decrypt it in reasonable time frame. When AES is the only encryption option - this purpose is missed. So there are reasons to add more ciphers if this tool purpose to serve security rather than be a honeypot of US government |
|
Hm, I'm actually far from a policeman. You have no proof it is a honey pot, more like making acusations based on a mis guided belief in cryptography, or because your upset of missing options. There is more than just gocryptfs on the market, like securefs, cryfs, veracrypt..maybe one of those you would prefer. Every developer of software has there own ideas, and reason for creation.
If I had knowledge, i would tell for free. Why? Because it betters the community.
That is correct, but adding risk of implementing security vulnerabilties is not worth it. See the audit performed on veracrypt soon after they added new ciphers, they had to remove because of security issues. Risk vs reward I believe in user choice, it is why I do support veracrypt. Though there are some projects like cryptomator which were specifically created for ease of use, and secure by default which would be out of scope for that project. Do you see my point yet?
How so? You still have not proven AES is broken, or backdoored. In fact, AES has had the most cryptanalysis, no one has even cracked it yet, any data decrypted was always done through other means like bruteforce against the password, but never a successful direct attack. There is a lot more to cryptography than just the cipher alone, are you concerned of potential backdoors in those (i.e hash functions and key derivitation functions)? What about government backdoors in your computer on a hardware level? No software could help you there. |
I've opened issue #894 but it has been closed with no attention, it looks that my suspicious is justified.
What about add more secure ciphers/encryption algorithms like twofish, serpent, kuznyechik to let user choose encryption they trust?
You've mentioned that currently implemented AES and XChaCha20-Poly1305, but your answer looks like USA government approved just these 2 algorithms to use in gocryptfs because they have some backdoors there and told you "reject all issues about new ciphers, or you will be jailed" and this is why you pretend my feature request is not about new encryption algorithms, but about something else.
The text was updated successfully, but these errors were encountered: