Re: Is encrypting twice much more secure?



On Jan 12, 11:05 pm, unruh <un...@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
On 2010-01-13, Michael B Allen <iop...@xxxxxxxxx> wrote:
So if the escrow agent leaks the password that would be a drag but
it's not a big deal. But if AES256 is miraculously cracked next month,
I don't want to make it easy for people with the encrypted packages to
recover the source.

?? But if the agent leaks the password, they have the source. That is
like the encryption being cracked ( an dfar far more probable).
You security concerns are completely ass backwards.

Not really. If 1 of 100 customers manages to get the password, the
other 99 still do not have it. If the encryption algorithm is cracked,
all 100 can recover the plaintext.

I hear you - 1 pass of AES is enough. But it's trivial to do 3 passes
so why not? The only reason not to would be if it somehow made it
*less* secure. That is what I'm asking and I think the question has
been answered well (although I have to go back and understand
Maaartin's master password bit). Thanks sci.crypt.

It does make it less secure. It makes it more complex and means that the
probablility of problems, so that when you die noone can decrypt anyway,
is far far higher.

Nonsense. Encrypting a file in multiple passes is hardly much more
complex than doing one pass. My impression from reading the answers to
my question is that, if I completely screwed up the implementation,
multiple passes would simply be no more secure than one pass.
.



Relevant Pages

  • Re: Unbreakable Encryption ? Scenarios - What encryption method would be best?
    ... DES is a well-known algorithm so there are good reasons to have a good ... > risk it by storing one of the best possible passwords (or encryption ... > Ok lets say there will be a secure channel but it will happen only ... > because the decrypting method yielded a plain text message and vice ...
    (sci.crypt)
  • Re: [fw-wiz] Re: Firewalls breaking stuff: [Was re: fwtk]
    ... > access to the mail server's private keys and thus the monitor can follow the ... > in a way that's more secure rather than less secure. ... for service level encryption versus VPN access. ... >> reducing bugs reduces the number of sever bugs. ...
    (Firewall-Wizards)
  • Re: Best secure surfing solution
    ... I have set up a service with companies providing secure web ... the product would have to install a keylogger. ... If we caught anyone in> IS or elsewhere in our company sniffing our communications, even if they> were encrypted, they'd get laid off or, at least, suspended. ... If e-mails are sensitive then> the sender should be using encryption. ...
    (alt.computer.security)
  • Re: Best secure surfing solution
    ... I have set up a service with companies providing secure web ... the product would have to install a keylogger. ... If we caught anyone in> IS or elsewhere in our company sniffing our communications, even if they> were encrypted, they'd get laid off or, at least, suspended. ... If e-mails are sensitive then> the sender should be using encryption. ...
    (sci.crypt)
  • Re: Symmetric encryption algorithm with group like properties
    ... >> Solutions that exist today are not as secure as they can be. ... I wouldn't expect more than PGP / GPG type encryption, ... > versions - with the key, protected by RSA encryption under a RSA public key ... > Alice needs a secure decryption mechanism to read her emails, ...
    (sci.crypt)