On 2011-06-18, Tom Ritter wrote:
Applied Crypto shows how it doesn't always provide the security you expect it - but it doesn't go so far as to say it *decreases* security.
Security, or the hardness of the cipher? Those are two different things. It's rather unlikely that repeated encryption would lead to weakened ciphers.
But that is the least of our worries today. Symmetric block ciphers especially are so strong now that the weak link in overall security is pretty much *always* somewhere else. After that, multiple encryption does multiply the possibilities for other kinds of security breaks, like side channel attacks and what not. Not to mention how much more difficult it makes the overall system to analyze and attack, which of course remain the single strongest guarantee that it's not leaky.
Architecturally it might make sense to multiple encrypt, sometimes, if you just have to use interfaces which encourage that by design. In that case, it probably does little harm on the margin. But if you find yourself in a situation where that is tempting, you should probably ask yourself why that is, precisely? A well thought out crypto architecture usually doesn't need that sort of thing, and shouldn't be encouraging it without an explicit reason, based on a carefully analyzed threat model, which suggests it is necessary.
If that reasoning cannot be found, you might be dealing with a bad crypto architecture. That is *much* worse than any attack we currently have on standard, modern, symmetric ciphers. Cascaded or not.
-- Sampo Syreeni, aka decoy - [email protected], http://decoy.iki.fi/front +358-50-5756111, 025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2 _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
