[cryptography] Repeated Encryptions Considered.... ?
decoy at iki.fi
Sun Jun 19 16:21:59 EDT 2011
On 2011-06-18, Tom Ritter wrote:
> Applied Crypto shows how it doesn't always provide the security you
> expect it - but it doesn't go so far as to say it *decreases*
Security, or the hardness of the cipher? Those are two different things.
It's rather unlikely that repeated encryption would lead to weakened
But that is the least of our worries today. Symmetric block ciphers
especially are so strong now that the weak link in overall security is
pretty much *always* somewhere else. After that, multiple encryption
does multiply the possibilities for other kinds of security breaks, like
side channel attacks and what not. Not to mention how much more
difficult it makes the overall system to analyze and attack, which of
course remain the single strongest guarantee that it's not leaky.
Architecturally it might make sense to multiple encrypt, sometimes, if
you just have to use interfaces which encourage that by design. In that
case, it probably does little harm on the margin. But if you find
yourself in a situation where that is tempting, you should probably ask
yourself why that is, precisely? A well thought out crypto architecture
usually doesn't need that sort of thing, and shouldn't be encouraging it
without an explicit reason, based on a carefully analyzed threat model,
which suggests it is necessary.
If that reasoning cannot be found, you might be dealing with a bad
crypto architecture. That is *much* worse than any attack we currently
have on standard, modern, symmetric ciphers. Cascaded or not.
Sampo Syreeni, aka decoy - decoy at iki.fi, http://decoy.iki.fi/front
+358-50-5756111, 025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2
More information about the cryptography