On 06/18/2011 10:44 PM, Tom Ritter wrote:
I got in a discussion recently about this, in the specific case of encrypting something in javascript, and then again in SSL. Trying to avoid the argument over javascript crypto I thought it was absurd that NOT using SSL was a reasonable decision. The response was the 'don't double encrypt' argument, without any real facts to back it up.
Now I've heard everything. Javascript crypto proponents using it as an argument against SSL. Tell them that they should use SSL properly and consider that an argument against Javascript crypto instead. And hold on to your wallet.
People spend too much time thinking about encryption and waay too little thinking about authentication.
Applied Crypto shows how it doesn't always provide the security you expect it - but it doesn't go so far as to say it *decreases* security.
If encrypting something again with an unrelated key made the ciphertext weaker then the attacker could simply do that as part of his attack.
There's the meet-in-the-middle attack with double-DES, which is still an example of the worst case of it not gaining significant security.
Where it's likely to hurt is where juggling additional code and additional keys gives additional opportunities for error. It would also be a mistake to think you've built a strong cipher out of two weak ones.
As long as the keys are truly unrelated and the processing of one block cipher doesn't leak any information about the other (timing, etc) wearing a belt does not imply that it's harmful to also wear suspenders.
- Marsh _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
