Viewing a single comment thread. View all comments

Heijoshinn t1_j9xom8a wrote

I replied to another comment of yours regarding encryption. But this statement you made gives much more clarity on your issue of "trust" in [insert company here].

Encryption works depending on it's implementation. Take AES for example. It's a standard that's wisely recognized and widely used by virtually everyone on the encryption scene. As a result, it's been tested, used in multitude of ways and is regularly attempted to be broken. That's because AES is the standard. Since this is the case, it's less likely to have side channel attack weakness due to it's wide spread application and audit.

Compare that to something like TwoFish. It's strong like AES and is built differently. You could use this method of encryption and likely be safe. However, it's not widely used. This means it's likely not audited or scrutinized as much as AES and since it's not used as much, it's implementation is also at higher risk of side channel attacks. Without players routinely executing TwoFish encryption, it's level of progress is much lower than AES by comparison. This doesn't mean TwoFish is necessarily inferior but that it doesn't have the "run time" that AES has.