[cryptography] Repeated Encryptions Considered.... ?

James A. Donald jamesd at echeque.com
Sun Jun 19 18:35:05 EDT 2011

On 2011-06-20 8:12 AM, Sampo Syreeni wrote:
> Now that you gave me the opportunity, I do have to add one point about
> cascaded cipher strength which I forgot to mention. Namely, one of the
> simplest, most common, oldest, and also most fatal mistakes here is that
> symmetric ciphers *can* leak information about the key. Thus, if you
> happen to place a leaky cipher last, it might enable somebody to figure
> out the key, in *particular* if the earlier cipher is strong, so that
> pseudorandomness assumptions apply, statistically speaking. Often you'd
> be using the same key, or the same source data for the key derivation
> function, all over your cascade, which could jeopardize even the
> strongest one in the chain if the last one leaked.

Typically one derives a shared secret by public key operations, and then 
encryption and authentication keys by hashing the shared secret.  If the 
hash is truly one way, then leaking one encryption key will not endanger 
the others.

More information about the cryptography mailing list