If AES is broken or found to be weak...

[barefootNH]

With all the security and privacy fears with the NSA and other 3-letter organizations, if AES is broken or found to be weak would you incorporate other encryption algorithms such as Twofish, Serpent, Blowfish, etc.?

How about doing it anyway?! Keepass and Truecrypt have those alternatives, and I always choose something other than AES, so I was just wondering what your thoughts are.

[paulej]

Yeah, this has definitely been something I've considered. The reason AES Crypt exists is primarily for two reasons:

• To satisfy my desire to have a brain-dead simple Windows encryption tool
• To have something I know will be around for a long time and work on a variety of platforms

If AES is compromised, I would personally implement something else, yes. However, until such time as there is evidence that AES is might be broken, there is really no reason to introduce another algorithm. It would only confuse most people using the tool and would not necessarily provide better security.

IMO, the better approach to security is not casting a wide net and hoping one thing works. Choose one path, make sure it's solid, but always remain open-minded that the one path might be flawed and work quickly to address such flaws.