Most Secure Encryption algorithm

Question

I have been given this hypothetical problem:

"Osama returns from the dead and wants revenge. He now wants to communicate with his sleeper cells around the world and plan an attack. But he has to make sure know one else gets it and hence, will like to send it in an encrypted form. He's recruited you for the job. Design a system with encryption and decryption modules for the text message."

I am currently considering following scheme for encryption/decryption:

Now I want to know about the best PKC and SKC and Hash function for implementing above scheme.I did a bit of research over net on best algorithm and narrowed my algorithm choices to following:

Hash:MD5

PKC:RSA or Diffie-Hellman

SKC:DSA

Can you please suggest if there is something that I am missing or any better/new algorithem available.

I am planning to implement this in python.

EDIT:

After reading replies I think I should go with followings:

Hash:SHA-2

PKC:ECC

SKC:AES

Any advice on python library that will provide these algorithm.

Answer 1

Alot of asymmetric cryptography is vulnerable to quantum cryptography. If you're Osama your're going up against the NSA and it's a safe bet they've got a quantum computer sitting around somewhere.

The only system that is able to provide perfect secrecy is the One Time Pad and it is this reason that satalites use use it.

It is essentially a chunk of random data that you XOR a message with to produce a ciphertext with and XOR with the key key again to produce the plaintext.

**Pros:**Eliptic

• Perfect secrecy

Cons:

• Key is the length of the message.
• Unable to re-use a key without revealing the plaintext of both messages

Use a fallback of AES in feedback mode to encrypt your messageselliptic curve crypto for document signing and HMAC to ensure message integrity.

Pycrypto is a python library with everything you would need to implement this yourself.

Answer 2

The short answer is: it cannot be secure if you do it yourself.

Cryptography provides some basic tools, such as symmetric encryption or digital signatures. Assembling those tools into a communication protocol is devilishly difficult, and when I invoke the name of the Devil I mean it: it looks easy, but there are many details, and it is known that the Devil hides in the details.

Your problem here is akin to "secure emailing", and there are two main protocols for that: OpenPGP and CMS (as used in S/MIME). Look them up: you will see that the solution to your problem is not easy. For the implementation, just use an existing library, e.g. M2Crypto.

MD5 has been known to have weaknesses since 1996, and is considered to be utterly broken since 2004. You should try to get some more up-to-date sources.

Answer 3

For your SKC, AES is a more modern standard than DSA, though DSA isn't broken in the same way that MD5 is.

Strictly speaking, the question does not require sender authentication or nonrepudiation, so the digital signature is not necessary either.

Answer 4

If you really want "better" algorithms:

Hash: any of SHA-2 family (sha-224/256/384/512)

PKC: ECC (Elliptic Curve Cryptography)

Other related info: Elliptic curve Diffie–Hellman, Elliptic Curve DSA

Also read Applied Cryptography and other books by Bruce Schneier