Well, here's a (rough, and maybe naive) explanation of why I assumed that the effort is at least max(a, b):
If you first encrypt with ROT10 and then with ROT16, the final strength is not the maximum of (ROT10, ROT16). You may think that's a silly example, and I grant that it is, but it illuminates the point pretty well and avoids a lot of difficult math.
Cryptographic algorithms are extremely subtle and interact with each other in subtle ways. As a general rule they should not be stacked unless there is (a) a clear necessity and (b) the particular stacking has been formally proven to not diminish the overall security of the system. Otherwise, much as how ROT10+ROT16 has really awful security characteristics, your stacking may be similarly awful.
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
