Veracrypt: Which encryption algorithm + hash algorithm to use?
As Stephen Touset already answered: The Algorithm might not be as important as you think.
The only way you would want several algorithms at once is longterm security. So your bet is: One of them will be broken some day and the others maybe won't. By theory thats a good way to go. But you might face several issues with it. Some of them are possibly:
- Size of the encrypted information
- Runtime Performance
I suggest you have a look at 'cascade encryption' e.g. at wikipedia or read something Bruce Schneier wrote about it. In case you decide to only have one layer of encryption: Use AES ( at least if you encrypt your OS). Because AES is so widely used it has been implemented as an extension to the x86 instruction set architecture used in INTEL and AMD processors. This means you can do it at almost no time cost and (assuming you wont change the number of rounds and so on) AES-256 is really a practically secure thing (afaik).
Just make sure you use a secure password ( > 30 chars, possibly random) and dont fiddle around with algorithm settings (but I'm not even sure veracrypt will let you).
Edit: Since @jondoe666 is pretty right in his criticism of my post this shall make it a little more complete:
Yes. For most of the things I wanted to do, AES was pretty sufficient. If your case requires some extra security feel free to apply as much extra layers as you want. Concerning the performance: Of course the tradeoff is performance for encryption. If you choose to encrypt using multiple layers your CPU will have to do more cycles for every de-/encryption than it has to cycle for just one layer. The question is not if it gets slower the question is: Will I notice. And for the poor thinkpad I am currently using the answer is: YES. I do notice. But since you asked:
And what would you personally use?
Thats it. I don't really care about the Hashes (unless you're trying to use SHA1 or MD5). I really prefer SHA-256 over SHA-512 but just because I think it is sufficient. Might really depend on your level of paranoia as well as what you have read about the other options.
Cheers