-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 El 25-07-2012 1:12, Robert J. Hansen escribió: > On 7/24/2012 10:21 PM, Faramir wrote: >> Clearly I'm out of my league there. I had heard about that, but >> later I also heard about stacking different algos (with different >> keys of course) to increase security. > > I'm unaware of any reputable reference that recommends this > practice. That's not to say no such reference exists, only that if > one exists I'm unaware of it.
If I even saw a reputable reference, I forgot it. I know TrueCrypt can stack up to 3 different encryption algorithms, but that is not the same as if Schneier, Shamir or that kind of professionals say it is a good measure. I know Schneier adviced to be careful, because you don't know if you will improve security or decrease it, but that was a long time ago, maybe now they know a bit more, but if they do, I could not find a reference. Now I found this article, with some references to papers: http://blog.cryptographyengineering.com/2012/02/multiple-encryption.html >> Anyway, do you know about any list of "compatible" encryption >> algorithms? I mean, pairs that work well together. > > The better question, to me at least, is "why would I want to do > this?" Probably because some software offers the option to do it, it would be good to know what to avoid, other than "avoid everything". > Cryptosystems tend to fail predominantly due to human error, then > to software bugs. Consider that since PGP 2.6 was released in ... > what was it, '91? ... not one single encryption algorithm used by > PGP has ever been broken. Although IDEA is not well-regarded by > modern standards it's still a safe cipher; and RSA is still, well, > RSA. In that case, it might make a sense to, lets say, compress and encrypt a file using winzip, and then compress and encrypt it using 7zip, in case one implementation fails, the other might hold. Or in the case of the original question, storing the private keyring inside a keepass database. If there is a bug in GnuPG, maybe keepass will hold. If there is not a bug in gpg, then it doesn't matter if keepass is bug-free or not. It might make a sense using cascade encryption in truecrypt, just in case there is a bug in the implementation of one of the encryption algorithms. But if the bug is elsewhere, since it is the same program, the bug would affect both ciphers, and there is no gain in using cascade. > If the algorithms are unlikely to be broken but the likelihood of > security-impacting software bugs is essentially certain, then > stacking algorithms would seem to be ill-advised. Stacking > algorithms increases the complexity of the code, increases the > number of keys which must be True. If we combine 2 different systems (lets say, winrar and keepass) would avoid the danger of more bugs, but of course, won't help with the increase of keys. Best Regards -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJQEJH8AAoJEMV4f6PvczxA+C0H/iCHeAdwUTdyUAFFbyHBl0vU M6eiG3S7vM+QoU5YKFol16IqVBH0rdZpUNFVe0IgWLLX0CPsyaLuMCit2QWUZlYT eXRV86O2gwPg+qlbd9JNB1gW25otjwJDbCOQckvhz05N/MELSQ0ft7OydiIs45FO 8EM6oxIahiqky8tb3EFm6b0o/JMxkz6rzmi5vojwoDi7PF1p32JO+L6oYw+0nzha zqlEkg3/ZlRIUGgMdNj/4+ibAw3N4ze6S2pUuw7+yKaXBYAl0yqxv2m/T2PKAV1y NxqZJHju6154JAxdT4V+pDhGKWIu+a4hwsGye9McBK9m1B4BvkOvkMgdB92keJk= =fAFT -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
