Encryption Algorithms and Modes

Algorithms

AES (Rijndael)

The algorithm was invented by Joan Daemen and Vincent Rijmen. The National Institute of Standards and Technology (http://www.nist.gov) has recently selected the algorithm as an Advanced Encryption Standard (AES).

The cipher has a variable block length and key length. Authors of the algorithm currently specify how to use keys with a length of 128, 192, or 256 bits to encrypt blocks with a length of 128 bits.

BestCrypt uses Rijndael with a 256-bit key in LRW and XTS modes.

To get more information on the algorithm, visit the Rijndael Home Page: http://csrc.nist.gov/archive/aes/rijndael/wsdindex.html

Blowfish

The Blowfish is a fast encryption algorithm designed by Bruce Schneier. Bruce Schneier is well known as the president of Counterpane Systems, a security consulting firm, and the author of Applied Cryptography: Protocols, Algorithms, and Source Code.

The Blowfish encryption algorithm was specially designed to encrypt data on 32-bit microprocessors. Blowfish is significantly faster than DES and GOST when implemented on 32-bit microprocessors, such as the Pentium or Power PC.

The original Blowfish paper was presented at the First Fast Software Encryption workshop in Cambridge, UK (proceedings published by Springer-Verlag, Lecture Notes in Computer Science #809, 1994) and in the April 1994 issue of Dr. Dobbs Journal. In addition, "Blowfish--One Year Later" appeared in the September 1995 issue of Dr. Dobb's Journal.

BestCrypt uses the Blowfish with 448-bit key length, 16 rounds and 128-bit blocks in LRW mode.

Additional information about the Blowfish algorithm is also available on World-Wide-Web at: http://www.counterpane.com/blowfish.html

CAST

CAST-128 (described in RFC-2144 document http://www.faqs.org/rfcs/rfc2144.html) is a popular 64-bit block cipher allowing key sizes up to 128 bits. The name CAST stands for Carlisle Adams and Stafford Tavares, the inventors of CAST.

BestCrypt uses CAST with 128-bit key in LRW mode.

GOST 28147-89

The Government Standard of the USSR 28147-89, Cryptographic protection for Data Protection Systems, appears to have played the role in the former Soviet Union (not only in Russia) similar to that played by the US Data Encryption Standard (FIPS 46). When issued, GOST bore the minimal classification 'For Official Use,' but is now said to be widely available in software both in the former Soviet Union and elsewhere. The introduction to GOST 28147-89 contains an intriguing remark that the cryptographic transformation algorithm "does not put any limitations on the secrecy level of the protected information."

The GOST 28147-89 standard includes output feedback and cipher feedback modes of operation, both limited to 64-bit blocks, and a mode for producing message authentication codes.

BestCrypt uses GOST 28147-89 with 256-bit key in LRW mode.

Twofish

The Twofish encryption algorithm was designed by Bruce Schneier, John Kelsey, Chris Hall, Niels Ferguson, David Wagner and Doug Whiting.

Twofish is a symmetric block cipher; a single key is used for encryption and decryption. Twofish has a block size of 128 bits and accepts keys of any length up to 256 bits.

The National Institute of Standards and Technology (NIST) investigated Twofish as one of the candidates for the replacement of the DES encryption algorithm. As the authors of the algorithm state, "we have spent over one thousand hours cryptanalyzing Twofish, and have found no attacks that go anywhere near breaking the full 16-round version of the cipher."

BestCrypt uses a full 16-round version of Twofish and a maximum possible 256-bit encryption key length in LRW and XTS modes.

Additional information about the Twofish algorithm is available also on the World-Wide-Web from: http://www.schneier.com/twofish.html

Encryption Modes

LRW Encryption Mode

BestCrypt uses LRW encryption mode with all encryption algorithms supported by the software. "LRW" is derived from the names Liskov, Rivest, Wagner - the authors of the encryption mode. The Institute of Electrical and Electronics Engineers (IEEE) has published a description of the LRW mode in IEEE P1619 document.

LRW mode is less susceptible to attack or being compromised than other current techniques such as Counter-Mode encryption or Cipher Block Chaining (CBC) encryption. The mode addresses threats such as copy-and-paste and dictionary attacks. LRW mode is specially designed for encryption of storage at the sector level.

LRW mode uses its own secret Secondary Encryption Key that is completely different from a Primary Encryption Key used by certain encryption algorithms. The size of an LRW Secondary Key is equal to the block size of the particular encryption algorithm. For example, if the block size of an AES encryption algorithm is 128 bits, the LRW mode requires a 128-bit Secondary Key.

As a result, the effective key length for the pair LRW mode + AES becomes higher than AES originally has. While the AES key length is 256 bits, LRW+AES pair uses 256+128 = 384 bits key.

Depending on your system, there can be some read /write performance degradation when using LRW. Please use the Benchmark Utility to test.

XTS Encryption Mode

BestCrypt uses XTS encryption mode with AES (Rijndael), RC6, Serpent, and Twofish encryption algorithms.

The Institute of Electrical and Electronics Engineers (IEEE) has approved XTS mode for protection of information on block storage devices according to IEEE 1619 standard released on 19th December, 2007. The IEEE 1619 document states the following for AES encryption algorithm used as subroutine in XTS mode:

"XTS-AES is a tweakable block cipher that acts on data units of 128 bits or more and uses the AES block cipher as a subroutine. The key material for XTS-AES consists of a data encryption key (used by the AES block cipher) as well as a "tweak key" that is used to incorporate the logical position of the data block into the encryption. XTS-AES is a concrete instantiation of the class of tweakable block ciphers described in Rogaway article (Phillip Rogaway - author of the mode). The XTS-AES addresses threats such as copy-and-paste attack, while allowing parallelization and pipelining in cipher implementations."

XTS mode uses its own secret key (a "tweak key") that is completely different from Primary Encryption Key used by certain encryption algorithm.

For example, if block size of AES encryption algorithm is 128 bits, XTS mode requires 128-bit key. As a result, the effective key length for the pair XTS mode + AES becomes higher than AES originally has. While AES key length is 256 bits, XTS+AES pair uses 256+128 = 384 bits key.

The size of XTS key is equal to block size of the certain encryption algorithm, and IEEE 1619 standard states that it must be 128 bits or more. It is the reason why BestCrypt uses XTS mode only with encryption algorithms with block sizes not less than 128 bits.