Re: Should be in crypto for John E. Hadstate Re: just stupid?
From: Terry Ritter (ritter_at_ciphersbyritter.com)
Date: 8 Aug 2005 13:38:31 -0700
> Terry Ritter wrote:
> >>I stress, however, that I am _not_ defending multiple encryption for
> >>general or common use.
> > Really? Why not?
> > My guess would be, from your examples, that you
> > *believe* that the issue Multiple Encryption
> > protects against (the failure of the main cipher)
> > is "unlikely." I would like to know on exactly
> > what facts you base that belief, and exactly how
> > you calculate those probabilities.
> This plays only a small part in my reasoning.
> My main argument is that the added protocol complexity of using multiple
> ciphers carries a potential security cost that has to be weighed against
> the potential security advantage that multiple ciphers can offer.
While "added protocol complexity" might be an
argument against selecting from a wide range of
ciphers, as I advocate, it has little to do
with Multiple Encryption. One could pre-select
which ciphers were to be used, in which case
there would be no selection protocol. But
there would be added redundancy.
Moreover, the idea that Multiple Encryption
is no advantage contains the assumption that
the alternative single cipher is secure. But
that is not known. Cryptanalysis does not
tell us that. So there is and can be no value
to "weigh against." Implying otherwise is not
an argument, it is belief. It is wishes and
hopes, and if that were sufficient, we would
not need cryptography at all.
> And in my experience the balance of advantage for common applications
> lies with the simpler single algorithm approach.
Of course, unless you are an opponent, you
could not know about "the balance of advantage."
> Brian Gladman
--- Terry Ritter 1.3MB Crypto Glossary http://www.ciphersbyritter.com/GLOSSARY.HTM