-----BEGIN PGP SIGNED MESSAGE----- [ To: Cypherpunks ## Date: 01/30/98 ## Subject: Re: Chaining ciphers ]

Date: Thu, 29 Jan 98 09:47:52 PST From: jim@mentat.com (Jim Gillogly) Subject: Re: Chaining ciphers

Yes, that's definitely better for high-confidence long-term archival stuff than relying on one cipher. Carl Ellison's suggestion was DES | tran | nDES | tran | DES, where "tran" is an unkeyed large-block transposition.

I believe Dave Wagner broke this, and posted his attack to cypherpunks, a few months ago; if I recall correctly, his attack reduced the final security of this to that of a little more than one DES operation. (The attack worked when n=1.) This reenforces what we already knew: When you chain multiple encryption algorithms, you can prove that your result is no *weaker* than any one of those algorithms, but that doesn't mean it's any *stronger* than the strongest of them.

Jim Gillogly Trewesday, 8 Solmath S.R. 1998, 17:22 12.19.4.15.18, 9 Edznab 16 Muan, Third Lord of Night

- --John Kelsey, kelsey@counterpane.com / kelsey@plnet.net NEW PGP print = 5D91 6F57 2646 83F9 6D7F 9C87 886D 88AF -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBNNQz8yZv+/Ry/LrBAQGuAQP/fbUH4GeY5MJ9McLcgt6siGofTd9ZskYz vl1DBVv3TNbOhdoSU4MH8OesCxckc+7vHbBHawxP/FzeDysAGrtVnjvAsyKKglAL aIVQp3qQlCpbtEgKj9z5AZZbilipnpB+/2X6BSaradfreCRUk7N6sKcigITD2HSE KREbqrftNK4= =wWQS -----END PGP SIGNATURE-----