Re: Encrypting again an already encrypted file increase security ?

From: Alun Jones (alun@texis.com)
Date: 02/11/03


From: alun@texis.com (Alun Jones)
Date: Tue, 11 Feb 2003 20:30:56 GMT

In article <1gb2a.10$As2.387@paloalto-snr1.gtei.net>, Barry Margolin
<barry.margolin@level3.com> wrote:
>But I'm not a cryptologist, so that's just from my general understanding of
>cryptography. Perhaps if you asked in sci.crypt you would get a more
>informed answer from real cryptologists.

I hope Eric Rescorla won't mind if I quote verbatim from his "SSL and TLS"
book:

"Because DES has withstood such aggressive analysis, when the key length
became too short a very attractive prospect was just to run the data through
more than once, a process called superencryption. Unfortunately, just using
DES twice (2DES) turns out not to be that much more secure than DES. There's
an attack called the meet-in-the-middle attack that allows you to break 2DES
in the same time as DES if you have 2^56 blocks of memory to work with. As a
consequence, people were forceed to encrypt the data three times (3DES). 3DES
has an effective strength of 112 bits, the strength that you would naively
expect 2DES to have."

There's an obvious note to make, that doubly encrypting something may be less
secure than singly encrypting it, depending on the algorithm in use. Let's
say, for instance, that your algorithm is "add the key to each character,
modulo 256". So, say you encrypt once with the key 192, then again with the
key 64. End result, you've produced an output that matches exactly the
original text. As to whether doubly encrypting is better than singly
encrypting (let alone doubly better), you'd have to analyse the particular
algorithm chosen to say whether that's true.

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.]

-- 
Texas Imperial Software   | Try WFTPD, the Windows FTP Server. Find us at
1602 Harvest Moon Place   | http://www.wftpd.com or email alun@texis.com
Cedar Park TX 78613-1419  | VISA/MC accepted.  NT-based sites, be sure to
Fax/Voice +1(512)258-9858 | read details of WFTPD Pro for XP/2000/NT.