08/24/2017 (Thu) 15:26:05
The best practice would be not to store your data in "the cloud" in the first place.
But if you insist, use AES-256.
>Should I consider non-standard ciphers?
Other ciphers, like Camellia and Serpent, probably offer similar security, but Rijndael (the cipher in AES) has been subjected to a lot more cryptanalytic effort _because_ it was chosen for AES, and it remains unbroken.
>Quantum comp apparently isn't the huge threat here that it is to public key.
Mostly correct. A quantum computer that is able to run Shor's algorithm efficiently will be able to quickly recover the private key for data encrypted with a public-key cryptosystem that relies on the factorization of large integers or the discrete logarithm problem. There are public-key cryptosystems that are not based on these problems, and are not vulnerable to Shor's algorithm, but they are not in common use. All of the ones in common use (e.g. in SSL/TLS and PGP) are vulnerable, so it's important to note that quantum computing is currently projected to be a threat to some kinds of public-key encryption, not _all_ public-key encryption per se.
The PQCrypto group is currently refining a number of public-key cryptosystems that will remain secure even if efficient quantum computing is realized.
Message too long. Click here to view full text.