At 08:41 AM 4/30/03 -0400, Sunder wrote:
According to Schneier doing this is a bad idea - (or so I recall from the A.P. book which I've not reread in quite a while - I may be wrong) if you use the same (or similar) cypher. i.e.:
blowfish(blowfish(plaintext,key1),key2) is bad,
Nope. As long as key1 and key2 are independent, this can't make things worse if the cipher is any good. Suppose there is no attack on blowfish(plaintext,key1), but there is an attack on blowfish(blowfish(plaintext,key1),key2) when the two keys are independent. As an attacker, you automatically get an attack on blowfish(plaintext,key1) from this, by just choosing a random key2, encrypting the ciphertext from single-blowfish with that key, and then forgetting key2 and applying your attack on double-blowfish. --John Kelsey, kelsey.j@ix.netcom.com PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259