Georges wrote1- TrueCrypt is indeed a good choice. I've been using it for almost 4 years now. But i never worried about the level of security when encrypting my data. (it's private, but ain't important enough to care about protecting it against advanced attacks).
That's not answering the original poster. For once, I'd love that people on Lebgeeks started helping and answering questions instead of going into useless rants/trolls of this software is better than the other.
Georges wrote2- You said you're familiar with AES algorithm. Did you do any research about it ? Do you have any advanced information (and perhaps references, books, etc..) about it. I'm asking because i'm interested too.
Here's one :)
Georges wrote3- An algorithm that is known and released to public use ain't a good algorithm. (That's only my opinion). Good algorithms are always kept hidden and classified... I presume that all known algorithms nowadays can be decrypted in RealTime.
That's completely wrong. If an algorithm needs to be kept hidden to be effective, that means it is not safe at all. In other words, I only trust algorithms that are considered safe despite the fact that they're public like AES, SHA or RSA.
Georges wrote4- The bigger the better. Unfortunately my friend, this is a common mistake. Choosing a large key ain't always a good solution. And 2 factors must be taken into consideration before choosing the encryption key/method.
a. the sensivity of data to be encrypted:
If data ain't that important, why wasting time and resources on encrypting with large keys and complicated methods.
b. The performance factor: it is essential to know the time required to encrypt/decrypt a message. This depends on the key used.
The longer the key is, the more time is required to decrypt the message. This is not suitable for real-life applications (exp: A UAV flying at 5000 KM away from base and controlled by a pilot. Sending/Receiving encrypted commands/information should be as fast as possible). Also, the processing power of the device sending/receiving data is crucial. For instance, i won't be using DES algorithm on a server (which is a silly choice of course - Low security algorithm on high performance system), nor AES on a mobile device with low processing power.
In my opinion, you should compromise between the 2 points discussed above (performance vs complexity). Which one to prefer over the other depends solely on application you're dealing with.
That's only partially true. The original poster meant to ask if the bigger the key the
safer the encryption. In that case, it is true.
However, and this is what Georges says that is correct, the more complex the encryption, the more difficult the decoding. The reason why we don't always use long keys (and mutliple encryptions like you asked) is a performance issue.
Think about encrypting a phone conversation. How aweful would it be if you had to wait for something as low as 3 sec to decode?