ietf-openpgp
[Top] [All Lists]

Re: SERPENT in OpenPGP?

2010-08-27 12:45:53

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


I am surprised no one has observed the combination of ciphers A and B may be 
no better, or even worse, than either A or B by themselves.  As a trivial 
example, double ROT13 is much worse than single ROT13.  As a real-world 
example, double DES is no better than single DES.

It appears to me, at my present level of ignorance, that an abundance of 
caution is appropriate.

To be pedantic, the example you're giving is not A+B, but A+A, which is in fact 
proven to be only as strong as A. That's why it's 3DES, not 2DES.

And you're right that there's no guarantee that it's stronger, which is 
probably why no one does it. If someone is worried about RSA-2048 and AES-128, 
then the obvious step up is RSA-4096 and AES-256. Or perhaps Elgamal-4096 and 
Twofish-256. That's easy and you can *measure* how much stronger it is.

But a few years ago, there was some new crypto thingie that I can't remember 
the name of. They specifically double encrypted with different symmetric and 
asymmetric ciphers. They got some very nice security analysis from Niels 
Ferguson and Russ Housley as well. It was very nice work. But the 
counter-argument is precisely that we can't measure how much stronger it is.

        Jon


-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.10.0 (Build 554)
Charset: us-ascii

wj8DBQFMd/V5sTedWZOD3gYRAl25AJ9+1y8FQf07NhYVIrslM7yG1dX5ZwCg4A+i
H531DZLJXlIqoB7wkHq/JgQ=
=6Cz4
-----END PGP SIGNATURE-----

<Prev in Thread] Current Thread [Next in Thread>