[cryptography] Repeated Encryptions Considered.... ?

Marsh Ray marsh at extendedsubset.com
Sun Jun 19 17:36:05 EDT 2011

On 06/18/2011 10:44 PM, Tom Ritter wrote:
> I got in a discussion recently about this, in the specific case of
> encrypting something in javascript, and then again in SSL.  Trying to
> avoid the argument over javascript crypto I thought it was absurd that
> NOT using SSL was a reasonable decision.  The response was the 'don't
> double encrypt' argument, without any real facts to back it up.

Now I've heard everything. Javascript crypto proponents using it as an 
argument against SSL. Tell them that they should use SSL properly and 
consider that an argument against Javascript crypto instead. And hold on 
to your wallet.

People spend too much time thinking about encryption and waay too little 
thinking about authentication.

> Applied Crypto shows how it doesn't always provide the security you
> expect it - but it doesn't go so far as to say it *decreases*
> security.

If encrypting something again with an unrelated key made the ciphertext 
weaker then the attacker could simply do that as part of his attack.

There's the meet-in-the-middle attack with double-DES, which is still an 
example of the worst case of it not gaining significant security.

Where it's likely to hurt is where juggling additional code and 
additional keys gives additional opportunities for error. It would also 
be a mistake to think you've built a strong cipher out of two weak ones.

As long as the keys are truly unrelated and the processing of one block 
cipher doesn't leak any information about the other (timing, etc) 
wearing a belt does not imply that it's harmful to also wear suspenders.

- Marsh

More information about the cryptography mailing list