Re: triple algorithms

They already know how to do that. The data requirements for advance
cryptographic attacks are impossible to meet. So it has to be brute
force - and as many people have already mentioned for a 2**128 bit key is
just not possible (I would bet brute forcing a 2^128 bit key will never be
possible but I can't figure out how to collect)

did DES need to be brute forced because all other attacks were not viable?

The ciphers already have generous security margins. There is no point
unless these margins are insufficient - which has not yet been shown.

i'm thinking along the lines of DES and 3DES... eventually, sometime in the
future, a situation may arise where AES may need to be used in a similar
way... sometime in the distant future i'm sure, but the possability is still
there.

Also, doubling the amount of work is exactly equal to adding one bit of
entropy to the key. If a single bit is the difference between broken or
not then you are already hosed.

the layer i wrote uses a passphrase which is used to generate a passcode
equal to the length of m, i wont go into detail on how this passcode is
produced because it's long and boring.
m and the passphrase are broken up into 128 bit blocks, and then further
into 32 bit blocks for the purpose of the passkey mixing.

assume that you have a long array called DWORD and CWORD with 4 elements in
each

where i indicates a counter
DWORD(i) holds exactly 4 bytes of data
CWORD(i) holds exactly 4 bytes of key

the passkey mixing is like this

DWORD(0) = UnsignedAdd(DWORD(0), CWORD(3))
DWORD(1) = UnsignedAdd(DWORD(1), CWORD(2))
DWORD(2) = UnsignedAdd(DWORD(2), CWORD(0))
DWORD(3) = UnsignedAdd(DWORD(3), CWORD(1))

so that each 128 bits of key is mixed in a non sequential order with 128
bits of data.

twofish uses a passkey that is an XOR between the first and second half of
the passphrase entered by the user and is either 64, 128, 192 or 256 bits
long depending on the length of the passphrase.

the AES layer uses the passphrase as is.


In any case you will get a better result than that by doing any of these -
adding one more letter or number to a password, or changing a password to
a pass phrase, or getting a key from a CSRNG rather than a pass phrase or
getting a key from a TRNG rather than a CSRNG.

what about using a different passcode with a different length of passcode
for each layer?


.