Re: Encrypting again an already encrypted file increase security ?

From: Bill Unruh (unruh@string.physics.ubc.ca)
Date: 02/20/03 

From: unruh@string.physics.ubc.ca (Bill Unruh)
Date: 20 Feb 2003 04:36:12 GMT

"Andrew Swallow" <am.swallow@eatspam.btinternet.com> writes:

]"Alun Jones" <alun@texis.com> wrote in message
]news:jiW4a.1164$FH1.553474223@newssvr11.news.prodigy.com...
]> In article <3e53eb2a.84625264@news21.on.aibn.com>, Lew_Pitcher@td.com
]wrote:
]> >Yah, /I/ was thinking of encrypting some data with my private key, then
]> >encrypting the encrypted data with my public key, but I realized that,
]> >instead of doubly-encrypted data, the end result would be the unencrypted
]> >data <grin>.
]>
]> Okay, so we have obvious examples of where applying a process described as
]> "encryption", followed by another process also described as "encryption"
]> results in a null encryption - we've also seen (with 2DES) a process
]wherein
]> two encryptions result in significantly less than the expected twice the
]> effective key length. This suggests that, without careful analysis, a
]random
]> or naive application of encryption followed by more encryption is, at the
]very
]> least, not "twice as strong", and at worst, may be less strong, and
]possibly
]> even, in the pathological case, return the plaintext. My point is simply
]that
]> encrypting and encrypting again is only worth relying on to be more secure
]> than either encryption if the effect of the "double encryption" has been
]> analysed in as much depth as either encryption.
]>
]> The fact that the pathological examples sound stupid doesn't invalidate
]that
]> point.
]>

]An interesting example is applying the Caesar cipher twice. This moves
]each letter on by 2 * 3 = 6 characters. This has the same strength as a
]single
]encryption, just a different key variable.

Except it is hard to double encrypt and make the result weaker-- you
have to try hard, and be particularly stupid.

Relevant Pages