On Wed, 30 Apr 2003, Sunder wrote:
According to Schneier doing this is a bad idea - (or so I recall from the A.P. book which I've not reread in quite a while - I may be wrong) if you use the same (or similar) cypher. i.e.:
blowfish(blowfish(plaintext,key1),key2) is bad,
I believe it doesn't gain you anything, but it isn't "bad" in the sense of weakening anything. If it were, analysts would start off by encrypting the message again. It has been a while since I've read on this, too, so please correct me if I'm wrong, but what is important for multiple encryption is whether or not the cypher in question is a group (as in closed under composition). DES, for example, is not, so multiple DES cycles is not equivalent to single DES. Again, I probably shouldn't be talking about this, as I haven't refreshed my memory on it in a while. -j -- Jamie Lawrence jal@jal.org "The current pursuit of American supremacy reminds me of the the boom-bust process, or a stock market bubble. Whatever the outcome in Iraq, I dare to predict that the Bush policies are bound to fail." - George Soros