AES or Serpent-Twofish-AES

Question

I want to encrypt my private stuff like credit cards, money, RSA private keys (and so on) but I don't know if I should use AES-256 only or in combo like Serpent-Twofish-AES (I am using Veracrypt).

And, does the US government really only use AES encryption?

@schroeder technically, Bitcoin is a form of money encryption. — , Mar 26 '15 at 17:33
@AndréDaniel You are absolutely correct. But I'm of the opinion that the OP would have said "bitcoin wallet" or similar. — schroeder, Mar 26 '15 at 17:38
possible duplicate of [Is multiple encryption a good idea?](http://security.stackexchange.com/questions/18087/is-multiple-encryption-a-good-idea) — Xander, Mar 26 '15 at 17:48
@AndréDaniel *ducks while the joke flies over my head* sorry :) — schroeder, Mar 26 '15 at 17:49

score 1 · Accepted Answer · answered Mar 26 '15 at 17:01

To answer your questions:

Using serpent-twofish-aes only makes sense if you believe there is a cryptographic break which will work for one but not all three. Using this idea, if one is broken, the others will continue to protect your information.

In order to be practical to decrypt your data assuming a model where the attacker has no known plaintext/ciphertext pairs, I would suggest that any technique capable of this on one algorithm would likely render all three broken. This is my gut feeling; others may disagree.

In any case both AES, Serpent and Twofish have received extensive cryptanalysis and there are no practical breaks to any of them. Those that exist reduce the claimed security to less than brute force, but still require several billion years and a number of known plaintext/ciphertext pairs to be available to occur.

So to summarize, I see no practical advantage to using three algorithms given one is more than sufficient and as far as we know unbreakable, whereas I see a practical reason to use just AES: AES-NI will make decryption faster.
I take my intepretation of the US government state from this video as well as wikipedia. Suite B specifies a set of approved algorithms for government; internally, I take from the video the NSA modifies the constants to produce algorithms they feel will better resist cryptanalysis. The remarks in the video seem to suggest this and also reference the DES differential cryptanalysis critera, where the NSA changed the S-Box of DES to improve its resistance to cryptanalysis.

It is also possible suite A contains algorithms of entirely novel design. I doubt we will ever really know accurately, therefore, I will conclude with the obvious:

According to the NSA Suite B scheme, AES is the approved symmetric cipher in Counter or GCM mode. We have no idea what other classified symmetric ciphers may exist. Your next question should probably be about XTS... :)

AES or Serpent-Twofish-AES

1 Answers1