Re: When does repeated encryption linearly affect time to attack it?
 From: Tom St Denis <tom@xxxxxxx>
 Date: Mon, 21 Feb 2011 21:20:37 0800 (PST)
On Feb 21, 9:00 pm, Christoffer Lerno <christoffer.le...@xxxxxxxxx>
wrote:
Given a weak encryption algorithm E that can recover plaintext alt.
key with n bytes of cipher text in time t, when does repeated
encryption have any effect?
For instance, let us say that I have a key K. I then apply a one way
hash function with known salts S2 and S3 to create keys K' and K''.
I take my plaintext and encrypt it with K, then take that result and
encrypt it with K', take that result and encrypt with K''. Let's call
this encryption scheme E'
A naive assumption would be that you need n bytes of cipher text and
time 3t to recover the plaintext. In what cases (if any) is this true?
A simple case when time is constant t is a ceasar cipher. But what
about something like RC4? Would RC4 repeated 3 times with different
keys take the same time to successfully attack as RC4 without repeated
encryption?
Careful, "3 different keys" and K'/K'' are different things. In your
example of K/K'/K'' I really am only searching the space of K, though
you made it 3 times slower for the attacker you also made it three
times slower in general [for the user].
3 completely unique keys results in much more work. if each key were
128 bits, then in your scheme there is roughly 130 bits of "security"
to be had at most. If the three keys were totally unique it would be
384 bits [not that either isn't completely overkill].
It's better to use something like PKCS #5 with a fixed keygen cost
than a bulkrate cost. E.g. if I want to encrypt files with your tool
I'd rather it spent 1000 iterations of MD5 to gen a "password based
key" than run RC4 [or AES or whatever] 1000 times over the text. The
former really slows down an attacker while the latter just slows us
all down. If I'm encrypting a 1GB file a minor hiccup [running MD5
1000 times once isn't really that expensive] is better than encrypting
the 1GB file a 1000 times.
Tom
.
 FollowUps:
 Re: When does repeated encryption linearly affect time to attack it?
 From: Christoffer Lerno
 Re: When does repeated encryption linearly affect time to attack it?
 References:
 When does repeated encryption linearly affect time to attack it?
 From: Christoffer Lerno
 When does repeated encryption linearly affect time to attack it?
 Prev by Date: When does repeated encryption linearly affect time to attack it?
 Next by Date: Re: Test vectors HMACSHA512/256 and .../224
 Previous by thread: When does repeated encryption linearly affect time to attack it?
 Next by thread: Re: When does repeated encryption linearly affect time to attack it?
 Index(es):
Relevant Pages
