Chris Walters at Wednesday 25 June 2008, 17:14:20 > | Rumor has it that the three-letter agencies (CIA, KGB, M.A.V.O. [2], > | etc) can break those algorithms relatively easy. On the other hand even > | weaker algorithms can protect your data against laptop thieves. You had better used the acronym FUD instead of the word "rumor". US government itself has declared Rijndael 256 sufficient for classified information up to top secret. This level of security is shared among all AES finalists like RC6 or Serpent. > That's more than a rumor. Another three letter agency (NSA) has networks > of supercomputers that can brute force a passphrase is little time. Bruteforcing a _passphrase_ is not the same as bruteforcing a key. An both of these don't have nothing to do with the algorithm itself. They are side-attacks ... a weak passphrase is user idiocity, not a cipher weakness. > It is not that I'm terribly paranoid about people getting my data, I just > want to make it a little harder. What's the point in making the impossible even harder? > Of course, it is always possible to insert code that will send the > unencrypted data, once you've logged on - not easy for the casual user, > but for the guru, an easy thing. That's operating system security and has nothing to do with cryptology. Someone having only your hard disk can't inject a rootkit into the system. -- Freedom is always the freedom of dissenters. (Rosa Luxemburg)