I’ll give you an example. Skipjack was a classified algorithm, the day it was declassified two attacks were published on the algorithm. One of them broke 31 out of the 32 rounds that were supposed to provide enough cryptographic strength to beat out hackers. I would trust non-government public open source algorithms. The five best algorithms currently are RC6, MARS, Serpent, Twofish, and Rijndael (AES). These were five algorithms that were submitted to compete for the Advanced Encryption Standard (AES) title. Rijndael was chosen because it could encrypt and decrypt at a faster rate than the other algorithms. It was a trade off on security and speed. The reason they needed speed was to implement the algorithm in hardware and on smart cards. If you are truly interested in security go with one of the hybrid algorithms like AES-Twofish or Serpent-Twofish, both of which are in TrueCrypt.

TrueCrypt is a highly secure application and encryption program that is open source. The only attack I know that is successful against TrueCrypt is the Cold Boot attack. This attack requires that you cut the power to the device suddenly. You then go to the cache on the computer and you’ll find encrypted keys on there. Once you have obtained the hash, it is then possible to break the keys using the method of Rainbow Tables. This is found in the open source Windows application Cain & Abel Cracker. But you have to create the Rainbow Tables first.

If you are a hacker I suggest you do the following. Create a large Rainbow Table with the mixcase-alpha-numeric-symbol key space (you can generate a Rainbow Table using Winrtgen). So you take a large external hard drive (I’m not joking a Rainbow Table can be as large as 5.5 TB if you are searching for keys of a specific length), and generate a large Rainbow Table. This could take days to create, but it is worth it. For Windows it uses LM hashes (at least that is what I’ve read).

So to the White Hat Hackers out there (that is the benign hackers interested in security) whenever you leave a computer unattended DISMOUNT the TrueCrypt drive. I recommend for every TrueCrypt volume you create, use a different algorithm and a different key. It reduces the chances of all keys being compromised. If one key is compromised the rest will be safe (choose strong keys that have mixed case letters, numbers & symbols. For example $tRonGK3y$ROOle if you couldn’t figure it out it said StrongKeysRule). These guidlines prevent confidential information from being divulged easily.

Also if you have multiple TrueCrypt volumes make a master key volume. You then put a word document or text file in the master key volume with all the passwords in plaintext form. The password for this volume must be very strong and you must be able to remember it. If you forget the password to a TrueCrypt volume it becomes highly difficult to recover a key (not impossible though: Cold Boot Attack only works if drive is mounted). So for security freaks (I’m one) I recommend you encrypt the entire hard drive. Do not use insecure connections for remote terminals (don’t use telnet, rlogin or raw connection in PuTTY) use SSH. Be very careful about remote connections.

ie: if i make a simple Hex query that encode the encryption, it won’t take long but the pass will be easy to find.

if i make a hex query that is comming from a key generated with multiple alteration on parameters that varry (ie take username and other info and merge them…) the algorythm is harder to decode.

making one isn’t hard, the problem is making an efficient one that wont be easy to decode and fast to use.