Originally Posted by g34rfr34k
Thanks again, The Hundred Gunner
. Here's what I found out about the encryption methods used for both tools listed in my previous post.CTI Text Encryption
uses AES and then hashes it with SHA512.Source: http://ctiencrypt.codeplex.com/discussions/429459Romaco Text Encryptionator
uses a digital adaptation of the One Time Pad encryption technique to encrypt messages.More info: http://en.wikipedia.org/wiki/One-time_pad
I'm a newbie when it comes to Cryptography but after doing some research today, both tools seem secure (or should I say secure enough) to me. These tools will do the job for what I'm using them for. The encryption should buy me enough time for me to change the encrypted passwords if I ever lose my journal. I guess the ultimate encryption method is to create your own algorithm and adding one or more non-English languages and signs. That's bound to throw them off. If that isn't secure, I don't know what is!
CTI sounds good with AES. With Romaco, that will totally depend on what that "digital adaptation" is. Stream ciphers in general are "digital adaptations" of the one-time pad, and there are many of them such as RC4, A5/1, etc. Hopefully they're using an "open-source" one.
I'm sure I'm probably overstating the importance of all of this, but these are just the general rules for "maximum security." And actually, your idea of creating your own algorithm for maximum security is exactly the opposite of what is done in practice! Kerckhoff's principle states that encryption algorithms should be completely open to the public. Everyone should be able to know how it works. However, messages should only be recoverable by means of a secret key which nobody but the parties involved should know. Just like a vault with a lock: you know how the vault works, but you can't get what's inside without the key.
I think DVD encryption is a popular example that people use: the developers used their own "secret" encryption scheme and didn't reveal it to anyone. Eventually, it was cracked. There's always someone who's really, really good at math (*cough cough* NSA) that's going to be able to crack an algorithm it if it's no good, so you might as well let everybody take a look at it to find flaws.
If you haven't noticed, I love talking crypto