# Re: When does repeated encryption linearly affect time to attack it?

• From: Tom St Denis <tom@xxxxxxx>
• Date: Mon, 21 Feb 2011 21:20:37 -0800 (PST)

On Feb 21, 9:00 pm, Christoffer Lerno <christoffer.le...@xxxxxxxxx>
wrote:
Given a weak encryption algorithm E that can recover plaintext alt.
key with n bytes of cipher text in time t, when does repeated
encryption have any effect?

For instance, let us say that I have a key K. I then apply a one way
hash function with known salts S2 and S3 to create keys K' and K''.
I take my plaintext and encrypt it with K, then take that result and
encrypt it with K', take that result and encrypt with K''. Let's call
this encryption scheme E'

A naive assumption would be that you need n bytes of cipher text and
time 3t to recover the plaintext. In what cases (if any) is this true?

A simple case when time is constant t is a ceasar cipher. But what
about something like RC4? Would RC4 repeated 3 times with different
keys take the same time to successfully attack as RC4 without repeated
encryption?

Careful, "3 different keys" and K'/K'' are different things. In your
example of K/K'/K'' I really am only searching the space of K, though
you made it 3 times slower for the attacker you also made it three
times slower in general [for the user].

3 completely unique keys results in much more work. if each key were
128 bits, then in your scheme there is roughly 130 bits of "security"
to be had at most. If the three keys were totally unique it would be
384 bits [not that either isn't completely overkill].

It's better to use something like PKCS #5 with a fixed key-gen cost
than a bulk-rate cost. E.g. if I want to encrypt files with your tool
I'd rather it spent 1000 iterations of MD5 to gen a "password based
key" than run RC4 [or AES or whatever] 1000 times over the text. The
former really slows down an attacker while the latter just slows us
all down. If I'm encrypting a 1GB file a minor hiccup [running MD5
1000 times once isn't really that expensive] is better than encrypting
the 1GB file a 1000 times.

Tom
.

## Relevant Pages

• Re: rotor alternative?
... your cipher is doing, ... you encrypt the same plaintext twice with the same key, ... Being loosely inspired by RC4 is unreassuring on several grounds. ... WEP with a very limited amount of captured traffic. ...
(comp.lang.python)
• Re: Portable hard drive through airport security?
... encrypt using the built-in MS system. ... How do you make sure you export all the keys? ... For example, if you're traveling between offices, simply transferring ... "With AEFSDR (Advanced EFS Data Recovery), ...
(rec.travel.air)
• Re: Java Security
... (We can pick a private algorithm but decompiling ... Never give encrypt keys on an application. ... give them by phone or letter, or use a SSL http website with the user login, ...
(comp.lang.java.help)
• Re: Encryption software?
... TKLM is IBMs recommended ... key manager and serves up keys to whatever hardware that requests them. ... In our environment our Java EKM serves up keys and utilizes RACF as the ... to request keys from the EKM and encrypt the data accordingly. ...
(bit.listserv.ibm-main)
• Re: Is encrypting twice much more secure?
... If you aren't doing one of the layering things, or belt-and-braces, or universal re-encryption, then don't double/multiple encrypt - it's usually not the best way to go. ... the lawyer can give his customers the keys and they can get the ... He wants the encrypted source code to be public. ... What I'd do is use two 256-bit block, 256-bit keyed ciphers chosen to be as dissimilar as possible. ...
(sci.crypt)