Multiple Encryption Options

[starsoccer]

Missing feature

Multiple Encryption options, the ability to use one, or more encryption algorithms.

Justification

While I think AES is more then secure currently, encryption standards are always changing and being improved on. I would love to see more encryption methods supported in the chance there a attack vector discovered for AES or another type of encryption

Workarounds

The only real workaround would be to use encrypted passwords as your password on the device and then decrypt it manually

[targetdrone]

Sorry, but I completely disagree.

This change would decrease usability of the app by increasing the number of technical options that ordinary people would have to decide; it would add user confusion about security; and it would take up many extra precious bytes on the tiny Atmel chips (possibly driving up hardware costs if it grew so much more that it exceeded the memory of the current Mooltipass chips.)

Worse, this change would very likely decrease security. The added complexity of supporting multiple versions of anything in a security protocol often creates vulnerabilities in that protocol. This phenomenon is so common that there's even a name for the entire class of attacks made possible by it: downgrade attacks. Such a change would require an incredible amount of additional careful and thorough analysis and testing; even with enough testing and analysis to satisfy a trained cryptanalyst, protocol breaks are still much more common than cryptographic algorithm breaks.

And to what end? This feature would provide no additional security benefit today because there is no immediate threat to AES (apart from quantum computing, which supposedly poses virtually the same threat to every block cypher equally, except for the part where they can't actually keep them working as they try to add more bits.)

AES is also unlikely to fall to a sudden catastrophic break. Most serious cryptographic algorithms that had the same class of respect that AES has that have been cracked were pried apart slowly over a period of years, using a slow but methodical pattern of discovering weaknesses and building on earlier attacks. Historically, these attacks have given defenders years of advance notice that it's time to change algorithms (even if they didn't take advantage of the early warnings, *cough*MD5*cough*, they were still warned years in advance.) SHA-1 was in this boat a decade ago; the recent break surprised no one. Anyone caught unawares wasn't paying attention.

And if you doubt that AES is strong, why does the NSA contact developers of secure communications tools like Telegram and attempt to bribe them to weaken their encryption?

So if AES is ever even threatened in the future, at that time the Mooltipass could be altered to use a new algorithm. Until actual warnings arrive, though, this would be an expensive and risky change that adds no tangible benefit.