On Mon, 30 Oct 1995, Mark wrote:
The conclusion to take away from this is simple: double encryption doesn't give you much extra security over single encryption. Don't use double encryption.
That doesnt make sense. If one accepts that double encryption is securer than single encryption, wether marginally or twice as secure, why not use it?
Ah yes, but the vagarities of crypto don't lend themselves to real-world analogies so easily. With crypto schemes, if you use double-encryption, you effectively halve the amount of time needed to crack them. This is because of the "man in the middle attack." Schneier talks about it in Applied Crypto, and I am sure others on this list know the technical details better than I. What Schneier says has been proven to be secure is, instead, a triple encryption scheme. Using two different keys, it goes something like this (if memory serves): Cipertext = P1xorEK1 -> C1xorDK1 -> C2xorEK1 Where P1 is the plaintext, EK1 is encrypt key 1, and DK1 is decrypt key 1. That doesn't look right the longer I consider it, but the basic idea is there. Encrypt, decrypt, then encrypt again. "Freedom is meaningless unless | ic58@jove.acs.unt.edu - James Childers you can give to those with whom| No man's freedom is safe you disagree." - Jefferson | while Congress is in session EA 73 53 12 4E 08 27 6C 21 64 28 51 92 0E 7C F7