[cryptography] Repeated Encryptions Considered.... ?

Jon Callas jon at callas.org
Sun Jun 19 20:01:16 EDT 2011


On Jun 18, 2011, at 8:44 PM, Tom Ritter wrote:

> I'm wondering what the general opinion of folks is for repeated
> encryptions - either accidentally or on purpose.  Applied Cryptography
> devotes a chapter to it, and I'm more interested in cascades -
> multiple algorithms: RC4 k1(AES k2(plaintext)) .  The general opinion
> I've heard is "It's a bad idea, you shouldn't do it" - but I want to
> revisit that.

I think it comes down to my old mentor Larry Kenah's question: what problem are you trying to solve?

If you don't trust AES, what makes you think that RC4 will fix the problem? Similarly, if you don't trust RC4 as a good crypto algorithm, why not just use base64, which is not a good crypto algorithm, either?

Looking at it another way, let's presume you like AES. Let's presume that means you think there is no better attack on the algorithm than brute force, why would putting another algorithm on top of it help at all? It just slows things down.

I presume that you're considering it because there's some nagging part of your head that says, "but what if...." and you're hedging your bet. But at the end of the day, it's hard to know what an effective hedge is going to be. Very rarely is crypto actually broken. It's almost always that the *system* is broken. Two ciphers create a key management issue, or you use a KDF and then you've just created a more complex cipher.

If you take a key and run in through a KDF to get two subkeys each passed to a cipher, it's just a big cipher with a fancy key schedule.

That brings us back to the main question: what problem are you trying to solve?

	Jon




More information about the cryptography mailing list