-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I am surprised no one has observed the combination of ciphers A and B may be
no better, or even worse, than either A or B by themselves. As a trivial
example, double ROT13 is much worse than single ROT13. As a real-world
example, double DES is no better than single DES.
It appears to me, at my present level of ignorance, that an abundance of
caution is appropriate.
To be pedantic, the example you're giving is not A+B, but A+A, which is in fact
proven to be only as strong as A. That's why it's 3DES, not 2DES.
And you're right that there's no guarantee that it's stronger, which is
probably why no one does it. If someone is worried about RSA-2048 and AES-128,
then the obvious step up is RSA-4096 and AES-256. Or perhaps Elgamal-4096 and
Twofish-256. That's easy and you can *measure* how much stronger it is.
But a few years ago, there was some new crypto thingie that I can't remember
the name of. They specifically double encrypted with different symmetric and
asymmetric ciphers. They got some very nice security analysis from Niels
Ferguson and Russ Housley as well. It was very nice work. But the
counter-argument is precisely that we can't measure how much stronger it is.
Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.10.0 (Build 554)
Charset: us-ascii
wj8DBQFMd/V5sTedWZOD3gYRAl25AJ9+1y8FQf07NhYVIrslM7yG1dX5ZwCg4A+i
H531DZLJXlIqoB7wkHq/JgQ=
=6Cz4
-----END PGP SIGNATURE-----