On Wed, Oct 30, 2013 at 06:19:27PM +0100, Philipp Klaus Krause wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Am 10.09.2013 15:30, schrieb Robert J. Hansen: > > On 9/10/2013 6:35 AM, Philipp Klaus Krause wrote: > >> I wonder if it would be a good idea to have an option to combine > >> symmetric ciphers, e.g. users could state a preference list > >> like this: > > > > No. This idea gets floated every few years and the answers never > > change. It's not a good idea. If you look in the list archives > > you can find some pretty long, detailed writeups on why. > > I just tried googling a bit, but the only posts I found are those that > assume that the effort to break A+B would be a+b. I did not find the > detailed writeups you mentoned, or even anything else about the > assumption that breaking A+B takes at least effort max(a,b).
I often worry about the assumption that there are no unfortunate interactions between the structures of A and B such that the effort to break A+B < min(a,b). Consider a composition of *three* ciphers: A := ROT13 B := ROT10 C := ROT3 Each different from the others, though similar in operation. But (when the symbol set is the Roman alphabet) A(B(C(x))) = x. Composing these three ciphers produces a cipher worse than any of its components. Any order of composition will do the same. Compose any two of them and the result is no stronger than any single one. Obviously this should not be assumed to hold true for all possible functions, but it provides a counterexample: composing ciphers does not necessarily produce a stronger cipher. -- Mark H. Wood, Lead System Programmer [email protected] Machines should not be friendly. Machines should be obedient.
signature.asc
Description: Digital signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
