Re: Anonglish (was: Re: Authenticating Meat)
According to Schneier doing this is a bad idea - (or so I recall from the A.P. book which I've not reread in quite a while - I may be wrong) if you use the same (or similar) cypher. i.e.:
blowfish(blowfish(plaintext,key1),key2) is bad, but rsa(blowfish(plaintext,key1),privatekey) is ok.
Does it apply even if it is the same cipher but with different key length and/or block size? I was pondering such "encapsulation" for the situations when The Government forbids using ciphers stronger than <limit>. Then use as strong one as you wish, and encrypt the result in the legally-weak wrapper. Once they ask for your escrowed keys, or bruteforce it, they will figure out that you are a crypto-lawbreaker - but you will pass a routine automated screening. And once you catch their interest, you already have problems anyway.
I'm not sure, but in that case you can use some lame ass cypher like rc4-40 (don't bother with DES as it's too slow) and then use twofish 128 interally, with two unrelated keys. You can even set the key of the weaker one to be an MD5 hash of today's date (at GMT+0) + whatever constants you'd like, since you don't care about it. You don't want to make the weak cypher too easy to brute, but don't make the keys related. (If you crack/brute the outside cypher and the keys are related, you gave the oponents hints about your more important key.) I'm unsure what the reasoning against superencryption (even if the keys are unrelated) is, and weather different key sizes make a difference. You can check Applied Crypto (don't have it infront of me now, sorry.) Or you can try the Handbook of Applied Crypto (different book) - parts of which are online here: http://www.cacr.math.uwaterloo.ca/hac/ ----------------------Kaos-Keraunos-Kybernetos--------------------------- + ^ + :NSA got $20Bil/year |Passwords are like underwear. You don't /|\ \|/ :and didn't stop 9-11|share them, you don't hang them on your/\|/\ <--*-->:Instead of rewarding|monitor, or under your keyboard, you \/|\/ /|\ :their failures, we |don't email them, or put them on a web \|/ + v + :should get refunds! |site, and you must change them very often. --------_sunder_@_sunder_._net_------- http://www.sunder.net ------------ On Wed, 30 Apr 2003, Thomas Shaddack wrote:
According to Schneier doing this is a bad idea - (or so I recall from the A.P. book which I've not reread in quite a while - I may be wrong) if you use the same (or similar) cypher. i.e.:
blowfish(blowfish(plaintext,key1),key2) is bad, but rsa(blowfish(plaintext,key1),privatekey) is ok.
Does it apply even if it is the same cipher but with different key length and/or block size?
I was pondering such "encapsulation" for the situations when The Government forbids using ciphers stronger than <limit>. Then use as strong one as you wish, and encrypt the result in the legally-weak wrapper.
Once they ask for your escrowed keys, or bruteforce it, they will figure out that you are a crypto-lawbreaker - but you will pass a routine automated screening. And once you catch their interest, you already have problems anyway.
participants (2)
-
Sunder -
Thomas Shaddack