I am quite confident the majority of the people don't understand this, but they don't need to. Someone can prove wether AES / Twofish / ... / combinations of them is a group or not, and can then explain that combinations are safer / at least as safe / less safe.
Yes. But please remember how this entire subthread started. Someone proposed stacking ciphers. I answered that was not guaranteed to work, and used ROT as an example.
You responded that the only reason it fails with ROT is because ROT forms a group. To which I responded with: so what? To my knowledge nobody's proven AES does not form a group, either, and incidentally, let's avoid talk about abstract mathematics because it's unnecessary to the discussion and only serves to make our conversation opaque to people who are not mathematicians.
For non-speciallists you can stick with the conclusion: it has been proven that X is true of not true without giving details about the proof.
Yes. And I repeat: you cannot blithely stack ciphers together because doing so may be harmful to the overall security of the system. And that's all that most people on the list need to know, really, without a side discussion about group theory.
Any attacker can encrypt my message again with a nonrelated key (and only with a nonrelated key since they don't know the key I used). If that would make it easier to break AES then re-encrypting the message that would be a better than pure brute force attack on AES.
Yes, I know. Even if I didn't, you explained it quite well in your message and I would've learned.
I don't disagree with your conclusion. I disagree with your *certainty*. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
