Re: Is encrypting twice much more secure?



Phoenix wrote:
Well, is encrypting twice much more secure?

Yes or no?

Sometimes it's more secure. Sometimes it's about the same. Sometimes it's less secure.




Here are four of the usual reasons for encrypting twice (or more often). They all have pitfalls and disadvantages, and should only be used in specific, and usually rare, situations.



First, to increase effective keysize and the work needed for a brute-force attack. Usually the same cipher is used in all encryptions. This is unreliable unless you get all the details right, and triple encryption is usually needed to double the effective keysize. It doesn't work for all ciphers.

Cobbling these together is dangerous. The combination should have been analysed, as well as the single cipher - it can make things worse, not better, if you eg adapt 3-DES to use a different cipher.

Avoid completely - you don't need to do it, there's a better cipher out there.




Second, to protect against some "known unknown" attacks. This might be potential algebraic attacks on AES, or a potential general attack on all feistel ciphers, and you might use a combo of AES and Twofish. I'll call this belt-and-braces.

We generally assume, on statistical grounds but with no actual proof, that this is at least as secure as either one of the ciphers (when the keys are independently chosen at random) - it may be less, but that's unlikely if the ciphers are carefully chosen.

It isn't done to increase effective keysize, the work needed for a brute-force attack, or security against anything but some "known unknown" attacks.

The benefit is arguable, and some cryptologists don't like the idea - others do.

Personally I come down slightly on the side of using it when resources are always guaranteed to be plentiful and cheap.






Third, to be able to add or strip off layers of encryption. Usually the same cipher is used in all encryptions.

This is not done to increase cipher security or effective keysize, and we usually consider that it does neither. It may, but we discount that possibility.

We generally assume, on statistical grounds but with no actual proof, the security is as good as a single encryption (when the keys are independently chosen at random) - it may be less, but that's unlikely.

There are keysharing techniques which can divide a key into shares with provable security, and these are often more efficient for the required purposes.

In general, use keysharing instead - but there are a few circumstances where layering is justified. Mixmaster anonymous email is one, and onion routing. There are a couple more, but they aren't common.





Fourth, universal re-encryption, usually used to disguise ciphertext. This is where people can re-encrypt without knowing the original key used (roughly speaking), but someone who knows the decryption key can still decrypt the re-encrypted ciphertext.

Either partial layering, where the keys are universally re-encrypted and the ciphertext is layered, or special ciphers must be used. Multiple encryptions using the special ciphers can be provably as secure as a single encryption (when the keys are independently chosen at random), but multiple encryptions are not more secure than a single encryption.

Uses for this are rare.



There are also some vaguely similar public key techniques potentially usable in digital money, which might be called double encryption if viewed from some angles.




If you aren't doing one of the layering things, or belt-and-braces, or universal re-encryption, then don't double/multiple encrypt - it's usually not the best way to go.


-- Peter Fairbrother
.



Relevant Pages

  • RE: Email Encryption Between Servers
    ... Secure E-mail, PGP, secure web server, ... Are the doctors going to have separate keys for each provider, doctor, ... desktop e-mail encryption, enterprise e-mail encryption. ... manage key exchange, staff training, ...
    (Security-Basics)
  • RE: Email Encryption Between Servers
    ... It allows you to have a secure File and Messaging system. ... Subject: Email Encryption Between Servers ... Are the doctors going to have separate keys for each provider, doctor, ... manage key exchange, staff training, ...
    (Security-Basics)
  • Re: Bootstrapping secure communications
    ... Put the secure loader in the wired nodes also, ... but the wireless device would "see" a base station every ... encryption keys each day. ... data doesn't get stale very quickly so bigger keys ...
    (comp.arch.embedded)
  • Re: Red Pike cipher
    ... The two keys (one for encryption and one for decryption) is simply the ... The real Red Pike was *never* a secure cipher because the specified key ... The same process using cost data from the COPACOBANA project ...
    (sci.crypt)
  • Re: Encrypting again an already encrypted file increase security ?
    ... > If I encrypt exactly this file again with another encryption algorithm tool ... twice, with different keys. ... because every concatenation of cipher operations is a cipher ... On the other hand, if you do the same with DES, things are different. ...
    (sci.crypt)