Hi Bill,
On 17/09/13 01:20 AM, Bill Frantz wrote:
The idea is that when serious problems are discovered with one algorithm, you don't have to scramble to replace the entire crypto suite. The other algorithm will cover your tail while you make an orderly upgrade to your system. Obviously you want to chose algorithms which are likely to have different failure modes -- which I why I suggest that RC4 (or an extension thereof) might still be useful. The added safety also allows you to experiment with less examined algorithms.
The problem with adding multiple algorithms is that you are also adding complexity. While you are perhaps ensuring against the failure of one algorithm, you are also adding a cost of failure in the complexity of melding.
E.g., as an example, look at the current SSL search for a secure ciphersuite (and try explaining it to the sysadms). As soon as you add an extra algorithm, others are tempted to add their vanity suites, the result is not better but worse.
And, as we know, the algorithms rarely fail. The NSA specifically targets the cryptosystem, not the algorithms. It also doesn't like well-constructed and well-implemented systems. (So before getting too exotic with the internals, perhaps we should get the basics right.)
In contrast to the component duplication approach, I personally prefer the layering duplication approach (so does the NSA apparently). That is, have a low-level cryptosystem that provides the base encryption and authentication properties, and over that, layer an authorisation layer that adds any additional properties if desired (such as superencryption).
One could then choose complementary algorithms at each layer. Having said all that, any duplication is expensive. Do you really have the evidence that such extra effort is required? Remember, while you're building this extra capability, customers aren't being protected at all, and are less likely to be so in the future.
iang _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
