There are some situations when this can be dangerous. It's a matter of implementation. I can directly come up with one trivial scenario that will end you up in trouble:
Assume that you are using AES-CTR (AES in Counter mode) and do not change the IV between the two encryptions. In this case you will correctly encrypt the data, but the second encryption will leave A unprotected. /Pehr Söderman COMINT wrote: > Quick system scenario: > > You have packet [A]. > > It gets encrypted using an AES algo in a particular mode and we are > left with [zA]. > > More data [B] is added to that encrypted packet. > > Now I have [zA]+[B] in one packet and I re-encrypt it with the same > algo/key/mode. > > Have I just compromised the security somehow? I wasn't aware of > anything but something about this double encryption made something > ring in my mind so I wanted to double check... > > Many thanks, > > Mr Pink > > --------------------------------------------------------------------- > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] > > --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
