On the encryption software page for Veracrypt it is stated that:

When encrypting with VeraCrypt, you have the option to select from different hash functions. We suggest you only select SHA-512 and stick to the AES block cipher.

I’m just wanting to know a bit more detail on why this is the recommendation.

My guesses are either:

  1. It has a “good enough” security to speed ratio.
  2. The cipher has been around longer than the others, so it has greater reputation points/history.
  3. Something to do with other cipher’s impact on app stability due to extra processing required.

Any insight/clarification is appreciated.

There’s cause for question surrounding some of the Russian encryption algorithms VeraCrypt supports: Cryptanalyzing a Pair of Russian Encryption Algorithms - Schneier on Security

AES has an excellent reputation, and is typically supported natively by the CPU so there is minimal performance impact compared to the alternatives.

I don’t know exactly why SHA-512 was recommended off the top of my head now, but my understanding is that theoretically if quantum computing becomes mainstream, SHA security is roughly “halved” (oversimplification, but you can read this for details if you want: Grover's algorithm - Wikipedia) if that makes sense, i.e. SHA-256 security in a quantum world is about the same as SHA-128 today, which is technically still considered secure but a bit questionable, whereas SHA-512 security in a quantum world is about the same as SHA-256 today, which is definitely still considered secure.

1 Like

That being said, of course you could use cascaded encryption like AES–Twofish–Serpent if you don’t trust AES alone, but many cryptographers agree that it’s largely unnecessary. We don’t recommend it mainly because of the performance impact from using Twofish and/or Serpent, but as long as you’re still using AES as one of the encryption methods it can’t hurt from a pure security perspective.

1 Like

Thanks, this is exactly the extra details I was looking to understand. Thank you for your reply.

1 Like

Fun bit of bonus info: back when they where choosing which algorithm was going to be the next standaard, rijndael was chosen ( which is now called AES). However rijndael wasn’t the strongest algorithm , Serpent was considered the most secure, rijndael was chosen as it had a better speed to security tradeoff, which made it easier to embed in weak platforms like smartcards.

However even though Serpent is theoritically more secure, I would still recommend you use AES(rijndael) as after all these years as THE standard, it has had a lot more scrutiny and is a lot more battle tested than serpent.

1 Like