Mike Johnson wrote:
Or for the rabid, clinically paranoid:
3des | tran | IDEA | tran | Diamond | tran | Blowfish | prngxor |
[11 iterations deleted]
... about 500 more lines of the same ...
with a memorized 5 megabyte key.
And I thought 15 round Diamond with a 256 bit key was overkill worse than 3 key triple DES!
Seriously, folks, the weakest links of most cryptosystems are not in the symmetric key cipher (provided you pick one of the good ones), but in the key management, associating people with keys, and in picking good pass phrases.
There's always a trade-off, and you've just demonstrated one of the extremes. In the final analysis, it's sort of like deciding whether to spend $1000 on a security system to protect a $500 car, for "security", or leave the doors unlocked and "hide" the ignition key under the mat for "ease of use". Probably something in between makes the most sense. HOWEVER ... I was merely demonstrating one possible permutation on the triple DES method. (More precisely, a permutation to someone else's permutation.) Replacing the middle layer of DES with IDEA seems to be a feasible alternative, since IDEA is as fast as DES, or slightly faster. If a user is concerned enough about security to want to use 3DES in the first place, then an extra 64 bits of keying material is not an unreasonable burden. It also "diversifies" the overall protection in case either DES or IDEA should eventually be found to be exceptionally weak when attacked in a certain, previously unknown, manner. IMHO, "paranoid" would be saying that people *MUST* protect their data to this level, regardless of its actual "value", as opposed to merely presenting options for an end-user the choose from, including some common-sense key management guidelines as well. A single iteration of the 512 layer "overkill" scenario might even make sense, actually, under certain extraordinary circumstances. Unless the various algorithms react in some sort of strange way to actually *WEAKEN* each other, your final security is equal to that of the STRONGEST of the mix. OTOH, if we *KNEW* that the best attack against IDEA was brute force, then single IDEA would suffice for just about any conceivable application. What would you like to suggest in the way of key management to make that "link" at least as strong as the algorithmic one? Your point is certainly a valuable one, but the two aren't mutually exclusive. That would be like saying that I won't buy a lock for my front door until I've first replaced all my windows with something more sturdy than glass. It depends on the nature and source of any potential attacks. To follow the analogy, some "burglars" are better at lock picking than glass-smashing. /--------------+------------------------------------\ | | Internet: davesparks@delphi.com | | Dave Sparks | Fidonet: Dave Sparks @ 1:207/212 | | | BBS: (909) 353-9821 - 14.4K | \--------------+------------------------------------/