30 Apr
2003
30 Apr
'03
2:34 p.m.
At 01:40 PM 4/30/03 -0400, Trei, Peter wrote:
blowfish(blowfish(plaintext,key1),key2) is bad, but rsa(blowfish(plaintext,key1),privatekey) is ok.
It really depends on the cipher. If the cipher is a group, then case 1 is bad - since
blowfish(blowfish(plaintext,key1),key2) = blowfish(plaintext, key3)
Some ciphers, such as DES, are not groups. This is why double and triple DES are stronger than single DES.
Also if you don't trust a given algorithm then chaining it doesn't help. You can also increase robustness by adding noise, at a cost of bandwith, see US patent 6,351,539, which both chains dissimilar ciphers and adds noise (doubling bandwidth requirements).