According to Schneier doing this is a bad idea - (or so I recall from the A.P. book which I've not reread in quite a while - I may be wrong) if you use the same (or similar) cypher. i.e.: blowfish(blowfish(plaintext,key1),key2) is bad, but rsa(blowfish(plaintext,key1),privatekey) is ok. ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :NSA got $20Bil/year |Passwords are like underwear. You don't /|\ \|/ :and didn't stop 9-11|share them, you don't hang them on your/\|/\ <--*-->:Instead of rewarding|monitor, or under your keyboard, you \/|\/ /|\ :their failures, we |don't email them, or put them on a web \|/ + v + :should get refunds! |site, and you must change them very often. --------_sunder_@_sunder_._net_------- http://www.sunder.net ------------ On Wed, 30 Apr 2003, Thomas Shaddack wrote:
Layer the encryptions then. A good ciphertext looks random. Take a ciphertext and encrypt it again, you get a - say - cipher2text. A decryption of cipher2text with any key then looks like a potential ciphertext.
Is there a hole in this claim?