Encryption Algorithms and Modes

Algorithms

AES (Rijndael)

This algorithm was invented by Joan Daemen and Vincent Rijmen. Its original name, Rijndael, is a portmanteau of its authors' surnames. The National Institute of Standards and Technology (http://www.nist.gov) selected the algorithm as the Advanced Encryption Standard (AES) in 2001.

The cipher has a variable block length and key length. The authors of the algorithm currently specify how to use keys with a length of 128, 192, or 256 bits to encrypt blocks with a length of 128 bits.

BestCrypt uses AES (Rijndael) with a 256-bit key in LRW and XTS modes.

For more information on the AES (Rijndael) algorithm, visit the Rijndael home page: http://csrc.nist.gov/archive/aes/rijndael/wsdindex.html

Blowfish

Blowfish is a fast encryption algorithm designed by Bruce Schneier. Bruce Schneier is well known as the president of Counterpane Systems, a security consulting firm, and the author of Applied Cryptography: Protocols, Algorithms, and Source Code.

The Blowfish encryption algorithm was specially designed to encrypt data on 32-bit microprocessors. Blowfish is significantly faster than DES and GOST when implemented on 32-bit microprocessors, such as the Pentium or Power PC.

The original Blowfish paper was presented at the first Fast Software Encryption workshop in Cambridge, UK (proceedings published by Springer-Verlag, Lecture Notes in Computer Science #809, 1994) and in the April 1994 issue of Dr. Dobb's Journal. In addition, "The Blowfish Encryption Algorithm—One Year Later" appeared in the September 1995 issue of Dr. Dobb's Journal.

BestCrypt uses Blowfish with 448-bit key length, 16 rounds and 128-bit blocks in LRW mode.

For more information on the Blowfish algorithm, visit http://www.counterpane.com/blowfish.html

CAST

CAST-128 (described in the RFC-2144 document http://www.faqs.org/rfcs/rfc2144.html) is a popular 64-bit block cipher allowing key sizes up to 128 bits. The name CAST stands for Carlisle Adams and Stafford Tavares, the inventors of CAST.

BestCrypt uses CAST with 128-bit key in LRW mode.

GOST 28147-89

The Government Standard of the USSR 28147-89 (GOST 28147-89) appears to have played a role in the former Soviet Union (not only in Russia) similar to that played by the United States' Data Encryption Standard (FIPS 46). When issued, GOST bore the minimal classification "For Official Use," but is now said to be widely available in software both in the former Soviet Union and elsewhere. The introduction to GOST 28147-89 contains an intriguing remark that the algorithm "does not put any limitations on the secrecy level of the protected information."

The GOST 28147-89 standard includes output feedback and cipher feedback modes of operation, both limited to 64-bit blocks, and a mode for producing message authentication codes.

BestCrypt uses GOST 28147-89 with 256-bit key in LRW mode.

Twofish

The Twofish encryption algorithm was designed by Bruce Schneier, John Kelsey, Chris Hall, Niels Ferguson, David Wagner and Doug Whiting.

Twofish is a symmetric block cipher; a single key is used for encryption and decryption. Twofish has a block size of 128 bits and accepts keys of any length up to 256 bits.

NIST investigated Twofish as one of the candidates for the replacement of the DES encryption algorithm. As the authors of the algorithm state, "We have spent over one thousand hours cryptanalyzing Twofish, and have found no attacks that go anywhere near breaking the full 16-round version of the cipher."

BestCrypt uses a full 16-round version of Twofish and a maximum possible 256-bit encryption key length in LRW and XTS modes.

For more information about the Twofish algorithm, visit http://www.schneier.com/twofish.html

RC6

The RC6 block cipher was designed by Ron Rivest in collaboration with Matt Robshaw, Ray Sidney, and Yiqun Lisa Yin from RSA Laboratories and was selected among other finalists to become the new federal advanced encryption standard (AES). Visit (emc.com/emc-plus/rsa-labs/historical/rc6-block-cipher.htm) to get more information on the algorithm.

Serpent

Serpent is a block cipher that can work with different combinations of key lengths. Developed by Ross Anderson, Eli Biham and Lars Knudsen, Serpent was selected among five other finalists to become the new federal advanced encryption standard (AES).

Encryption Modes

LRW Encryption Mode

BestCrypt uses LRW encryption mode with all encryption algorithms supported by the software. The three-letter acronym is derived from the names of its three authors, Liskov, Rivest and Wagner. The Institute of Electrical and Electronics Engineers (IEEE) has published a description of the LRW mode in IEEE P1619 document.

LRW mode is less susceptible to attack or being compromised than other current techniques such as counter-mode encryption or cipher block chaining (CBC) encryption. The mode addresses threats such as copy-and-paste and dictionary attacks. LRW mode is specially designed for encryption of storage at the sector level.

LRW mode uses its own secret secondary encryption key that is completely different from a primary encryption key used by certain encryption algorithms. The size of an LRW secondary key is equal to the block size of the particular encryption algorithm. For example, if the block size of an AES encryption algorithm is 128 bits, the LRW mode requires a 128-bit secondary key.

As a result, the effective key length for the pairing of LRW mode with AES becomes higher than what AES originally had. While the AES key length is 256 bits, a LRW-AES pair uses a 384-bit key (LRW's 256 bits plus AES's 128 bits).

Depending on your system, there can be some read/write performance degradation when using LRW. Please use the Benchmark Utility to test.

XTS Encryption Mode

BestCrypt uses XTS encryption mode with AES (Rijndael), RC6, Serpent, and Twofish encryption algorithms.

IEEE has approved XTS mode for protection of information on block storage devices according to the IEEE 1619 standard released on December 19, 2007. The IEEE 1619 document states the following for AES encryption algorithm used as subroutine in XTS mode:

"XTS-AES is a tweakable block cipher that acts on data units of 128 bits or more and uses the AES block cipher as a subroutine. The key material for XTS-AES consists of a data encryption key (used by the AES block cipher) as well as a 'tweak key' that is used to incorporate the logical position of the data block into the encryption. XTS-AES is a concrete instantiation of the class of tweakable block ciphers described in [P. Rogaway, "Efficient Instantiations of Tweakable Blockciphers and Refinements to Modes OCB and PMAC," Lecture Notes in Computer Science 3329, 16–31]. The XTS-AES addresses threats such as copy-and-paste and dictionary attacks, while allowing parallelization and pipelining in cipher implementations."

Like LRW mode, XTS mode uses its own secret key (a "tweak key") that is completely different from the primary encryption key used by certain encryption algorithms.

As a result, the effective key length for the pairing of XTS mode with AES becomes higher than AES originally had. While the AES key length is 256 bits, an XTS-AES pair uses a 384-bit key (XTS's 256 bits plus AES's 128 bits).

The size of an XTS key is equal to the block size of the encryption algorithm, and the IEEE 1619 standard states that it must be 128 bits or more. This is the reason why BestCrypt uses XTS mode only with encryption algorithms with block sizes not less than 128 bits.