Serpent-256 Encryption for PAE/PAE2



  • Hello.

    I believe it would be useful to implement Serpent-256 encryption for PAE/PAE2 formats, even though PowerArchiver offers strong encryption ciphers already.

    (deleted part advertising other software - admin)

    Do you think this will be a useful addition?

    Thank you for the consideration!


  • conexware

    btw, by far the most secure is to use PA format with secure option:

    Secure AES 256-bits - creates PA archives with AES 256-bit encryption. For added security, we use the BWTS algorithm to scramble the data before AES, so attackers can not use LZ compression redundancy and other plaintext attacks to quickly check if given password is valid. This makes .pa format considerably more secure than ZIP AES. For the AES encryption module, we use FIPS 140-2 validated modules from Windows so you can rest assured that AES implementation has been tested and validated (FIPS 140-2 encryption module is always used)"


  • Alpha Testers

    Are you hoping for the ability to open encrypted archives from PEA?


  • Alpha Testers

    Or is this just SPAM advertising PEA?


  • Alpha Testers

    My thoughts is the latter. Will wait for @spwolf to judge.


  • conexware

    btw, by far the most secure is to use PA format with secure option:

    Secure AES 256-bits - creates PA archives with AES 256-bit encryption. For added security, we use the BWTS algorithm to scramble the data before AES, so attackers can not use LZ compression redundancy and other plaintext attacks to quickly check if given password is valid. This makes .pa format considerably more secure than ZIP AES. For the AES encryption module, we use FIPS 140-2 validated modules from Windows so you can rest assured that AES implementation has been tested and validated (FIPS 140-2 encryption module is always used)"



  • Hi.

    I did not mean the link to be for advertising. The link was based on an open source software documentation/comparison that would support my request.

    Of course, everything was just for suggestion purposes, to see if you think it’s worth implementing this feature.

    My wish was centered on the encryption cipher itself. 🙂

    Thank you!


  • Alpha Testers

    @2Flo So, I ask again, are you hoping for the ability to open encrypted archives from PEA?



  • Hi.

    Essentially my wish would be to have the Serpent-256 encryption cipher as an option to encrypt any data.

    The archive format doesn’t matter for me, I wish I had the option to create and open Serpent-256 encrypted [any supported archive / file type] from PowerArchiver.

    Thank you! 🙂


  • Alpha Testers

    @2Flo Because you believe it’s more secure than AES256 ?
    I guess by some particular means of assessing the security of a cypher it may seem more secure.
    But it’s also less efficient to implement than AES256.
    PowerArchiver has chosen, IMHO quite reasonably, to go with the industry standard widely accepted and respected, more efficient, AES algorithm.😛



  • Hi.

    Indeed, while Serpent uses a more conservative approach than AES with regards to security margin, it is slower in implementation and not that much public cryptoanalysis has been done on it compared to AES.

    I was thinking about it for completion sake.
    The reference code is public domain software and the optimized code is under GPL license.

    Since PowerArchiver already supports AES, 3DES, RC2, RC4, Blowfish, and Twofish
    and Serpent was also an AES finalist, I wondered if it could join the list of supported encryption ciphers.

    Of course that Rijndael (AES) is still very secure, not broken, fast in implementation and universally supported.

    It will remain to the developers’ decision wether Serpent is worth implementing. Nevertheless, PowerArchiver supports strong encryption ciphers and the addition of another is purely optional.

    Thank you!


  • conexware

    @2Flo said in Serpent-256 Encryption for PAE/PAE2:

    Hi.

    Indeed, while Serpent uses a more conservative approach than AES with regards to security margin, it is slower in implementation and not that much public cryptoanalysis has been done on it compared to AES.

    I was thinking about it for completion sake.
    The reference code is public domain software and the optimized code is under GPL license.

    Since PowerArchiver already supports AES, 3DES, RC2, RC4, Blowfish, and Twofish
    and Serpent was also an AES finalist, I wondered if it could join the list of supported encryption ciphers.

    Of course that Rijndael (AES) is still very secure, not broken, fast in implementation and universally supported.

    It will remain to the developers’ decision wether Serpent is worth implementing. Nevertheless, PowerArchiver supports strong encryption ciphers and the addition of another is purely optional.

    Thank you!

    PAE format is there for legacy purposes these days… real meat is in Secure 256 AES implementation we do in PA format, with some extra work that makes brute force attacks harder to use.



  • @spwolf said in Serpent-256 Encryption for PAE/PAE2:

    @2Flo said in Serpent-256 Encryption for PAE/PAE2:

    Hi.

    Indeed, while Serpent uses a more conservative approach than AES with regards to security margin, it is slower in implementation and not that much public cryptoanalysis has been done on it compared to AES.

    I was thinking about it for completion sake.
    The reference code is public domain software and the optimized code is under GPL license.

    Since PowerArchiver already supports AES, 3DES, RC2, RC4, Blowfish, and Twofish
    and Serpent was also an AES finalist, I wondered if it could join the list of supported encryption ciphers.

    Of course that Rijndael (AES) is still very secure, not broken, fast in implementation and universally supported.

    It will remain to the developers’ decision wether Serpent is worth implementing. Nevertheless, PowerArchiver supports strong encryption ciphers and the addition of another is purely optional.

    Thank you!

    PAE format is there for legacy purposes these days… real meat is in Secure 256 AES implementation we do in PA format, with some extra work that makes brute force attacks harder to use.

    Does this apply to the previously mentioned BWTS algorithm? Or does this apply to increased number of rounds / cipher operation mode / key derivation algorithm / something else?


  • conexware

    @2Flo said in Serpent-256 Encryption for PAE/PAE2:

    @spwolf said in Serpent-256 Encryption for PAE/PAE2:

    @2Flo said in Serpent-256 Encryption for PAE/PAE2:

    Hi.

    Indeed, while Serpent uses a more conservative approach than AES with regards to security margin, it is slower in implementation and not that much public cryptoanalysis has been done on it compared to AES.

    I was thinking about it for completion sake.
    The reference code is public domain software and the optimized code is under GPL license.

    Since PowerArchiver already supports AES, 3DES, RC2, RC4, Blowfish, and Twofish
    and Serpent was also an AES finalist, I wondered if it could join the list of supported encryption ciphers.

    Of course that Rijndael (AES) is still very secure, not broken, fast in implementation and universally supported.

    It will remain to the developers’ decision wether Serpent is worth implementing. Nevertheless, PowerArchiver supports strong encryption ciphers and the addition of another is purely optional.

    Thank you!

    PAE format is there for legacy purposes these days… real meat is in Secure 256 AES implementation we do in PA format, with some extra work that makes brute force attacks harder to use.

    Does this apply to the previously mentioned BWTS algorithm? Or does this apply to increased number of rounds / cipher operation mode / key derivation algorithm / something else?

    mentioned in the wiki and my response above:

    For added security, we use the BWTS algorithm to scramble the data before AES, so attackers can not use LZ compression redundancy and other plaintext attacks to quickly check if given password is valid.

    it is done after compression and before AES.



  • Thank you for the insight on this! 🙂