[cryptography] Compositing Ciphers?

Jeffrey Walton noloader at gmail.com
Fri Sep 6 21:05:12 EDT 2013


On Fri, Sep 6, 2013 at 8:53 PM, Natanael <natanael.l at gmail.com> wrote:
> http://blog.cryptographyengineering.com/2012/02/multiple-encryption.html
> Apparently it's called "cascade encryption" or "cascade encipherment",
> and the implementations are apparently called "robust combiners". And
> by the way, Truecrypt already lets you pick your chosen combo of AES
> and two other ciphers.
Ah, right. I knew that was called cascading. I'm not sure why I called
it compositing (it sucks getting old).

I did not know Truecrypt provided it.

> I think you should worry about your PRNG and it's seed before you
> focus on AES. Your key should both have enough entropy and be secret.
> Is your PRNG backdoored already? And I'm guessing the cipher mode
> probably matters a bit more than the exact choice of algorithm.
I believe the PRNG is good. The PRNG fetches from the OS, fetches from
device sensors (accelerometers, gyroscopes, magnetometers), and
practices hedging.

I'm more worried about key exchange or agreement.

Jeff

> On Sat, Sep 7, 2013 at 2:27 AM, Jeffrey Walton <noloader at gmail.com> wrote:
>> Hi All,
>>
>> With all the talk of the NSA poisoning NIST, would it be wise to
>> composite ciphers? (NY Times, Guardian, Dr. Green's blog, et seq).
>>
>> I've been thinking about running a fast inner stream cipher (Salsa20
>> without a MAC) and wrapping it in AES with an authenticated encryption
>> mode (or CBC mode with {HMAC|CMAC}).
>>
>> I'm aware of, for example, NSA's Fishbowl running IPSec at the network
>> layer (the "outer" encryption") and then SRTP and the application
>> level (the "inner" encryption). But I'd like to focus on hardening one
>> cipherstream at one level, and not cross OSI boundaries.
>>
>> I'm also aware of the NSA's lightweight block ciphers
>> (http://eprint.iacr.org/2013/404). I may have been born at night, but
>> it was not last night....
>>
>> Has anyone studied the configuration and security properties of a
>> inner stream cipher with an outer block cipher?


More information about the cryptography mailing list