Re: Multiple symetric cyphers
-----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN PGP SIGNED MESSAGE----- In article <199501120502.VAA29808@largo.remailer.net>, Eric Hughes <eric@remailer.net> wrote:
From: cactus@seabsd.hks.net (L. Todd Masco)
I'm wondering: would the strength be increased by using a randomly selected symetric cypher?
Strength is not right aspect. Global risk is reduced, simply because the aggregate cost of a breach is reduced.
Isn't it? If an attacker does not know what cipher is used and breaking each is computationally expensive (though not prohibitively so) doesn't that add extra complexity? IE, if cipher A, B, and C are attackable in large but not prohibitive time, wouldn't an attacker have to spend more cycles to break something that was randomly one of those? I agree that it's not a significantly large jump, but if an attacker has to go through all the possibilities for A, B, before breaking something in C, it seems that there's a small increase in strength (Not being argumentative, really... I understand that this increase in strength isn't enough to warrant any significant effort. Just want to clarify the answer in my mind).
But selecting a single cipher is just as much a fixed policy as a randomly selected one is. Far better to let the user pick a policy, both about sent and accepted ciphers.
Sure. Ideally, a user could say "use A" or "use randomly A, C, or D" or even "use A_x(C_x) or B_x(D_y)". I'm not certain the "accept" is a great idea, but what the hell... any theoretical general system should have support for such a decision to be made, right? As failure modes multiply...
I guess this reduces to: do strong cyphers have "signatures" of some sort, by which the type of encryption can be derived?
If they do, they're likely not _strong_ ciphers.
Great... that's the answer I was looking for, and what my gut feeling was. I'm trying to determine how much rope is too much for a first pass. Related: is there, in general or in any known specific cases, any loss of security in using sym. cipher A on ciphertext B (of another sym. cipher) with the same key? With different keys (I would think not, but I vaguely remember mention of something here long ago)? - - -- Todd Masco | "life without caution/ the only worth living / love for a man/ cactus@hks.net | love for a woman/ love for the facts/ protectless" - A Rich Cactus' Homepage - -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBLxSMSBNhgovrPB7dAQECKQP/fqXwOcRmH6Z5dm8fsDnFzkCNyy5bc7Os +/hWmyjlk6/qx2Ym0gvlIZaxMSVR68E1qQUaoiAaWY7SatskU8o6dZRI+SmON4NV qSZnBh/+TnQwcTK0c0N+4m3Y8GhIk0ERX9modZfadv15Q07yfP7MXEj4yRQOse6e WHmUg0WOhW4= =GedZ - -----END PGP SIGNATURE----- - --- [This message has been signed by an auto-signing service. A valid signature means only that it has been received at the address corresponding to the signature and forwarded.] -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Gratis auto-signing service iQBFAwUBLxTHISoZzwIn1bdtAQEUbAGAuX+ALOTHZkUd8vqsWzVZWKSKwnJ+03yW alp18VGBGaM4PLQWU0OAFmbBP8wUxBEz =U5tO -----END PGP SIGNATURE-----
From: cactus@seabsd.hks.net (L. Todd Masco)
Strength is not right aspect. Global risk is reduced, simply because the aggregate cost of a breach is reduced.
Isn't it? If an attacker does not know what cipher is used and breaking each is computationally expensive (though not prohibitively so) doesn't that add extra complexity? Suppose that several symmetric ciphers are used and that one of them is broken. You then attempt to break all of the messages; the ones that don't break are presumed to be one of the other ciphers. So it does nothing to improve strength. Note, though, that the _rest_ of the messages remain unbroken. I am assuming that it's unlikely that all of the ciphers will be broken simultaneously. Related: is there, in general or in any known specific cases, any loss of security in using sym. cipher A on ciphertext B (of another sym. cipher) with the same key? With different keys (I would think not, but I vaguely remember mention of something here long ago)? If you use the same key, the size of exhaustive search does not increase. Eric
Strength is not right aspect. Global risk is reduced, simply because the aggregate cost of a breach is reduced.
On Thu, 12 Jan 1995, L. Todd Masco wrote:
Isn't it? If an attacker does not know what cipher is used and breaking each is computationally expensive (though not prohibitively so) doesn't that add extra complexity?
The increase in strength, if each cypher was roughly equal, is merely order n, where n is the number of cyphers. If, as is likely, one of the cyphers required a billionfold less power to break than the others, you have decreased strength by an enormous factor. The way to increase strength is to use a cypher, such as IDEA, which has a large key. Key size will increase strength by a factor of billions, not a factor of n. Current key sizes are such that computationally expensive attacks do not work on symmetric cyphers. An attack has to be clever. --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we http://nw.com/jamesd/ are. True law derives from this right, not from James A. Donald the arbitrary power of the omnipotent state. jamesd@netcom.com
participants (3)
-
cactus@seabsd.hks.net -
eric@remailer.net -
James A. Donald