From eugen@leitl.org Sat Sep 7 04:37:06 2013 From: Eugen Leitl To: cypherpunks@lists.cpunks.org Subject: Re: [cryptography] Compositing Ciphers? Date: Sat, 07 Sep 2013 10:37:03 +0200 Message-ID: <20130907083703.GS29404@leitl.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3404570502523161993==" --===============3404570502523161993== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit ----- Forwarded message from Natanael ----- Date: Sat, 7 Sep 2013 02:53:22 +0200 From: Natanael To: noloader(a)gmail.com Cc: Cryptography List Subject: Re: [cryptography] Compositing Ciphers? http://blog.cryptographyengineering.com/2012/02/multiple-encryption.html Apparently it's called "cascade encryption" or "cascade encipherment", and the implementations are apparently called "robust combiners". And by the way, Truecrypt already lets you pick your chosen combo of AES and two other ciphers. I think you should worry about your PRNG and it's seed before you focus on AES. Your key should both have enough entropy and be secret. Is your PRNG backdoored already? And I'm guessing the cipher mode probably matters a bit more than the exact choice of algorithm. On Sat, Sep 7, 2013 at 2:27 AM, Jeffrey Walton wrote: > Hi All, > > With all the talk of the NSA poisoning NIST, would it be wise to > composite ciphers? (NY Times, Guardian, Dr. Green's blog, et seq). > > I've been thinking about running a fast inner stream cipher (Salsa20 > without a MAC) and wrapping it in AES with an authenticated encryption > mode (or CBC mode with {HMAC|CMAC}). > > I'm aware of, for example, NSA's Fishbowl running IPSec at the network > layer (the "outer" encryption") and then SRTP and the application > level (the "inner" encryption). But I'd like to focus on hardening one > cipherstream at one level, and not cross OSI boundaries. > > I'm also aware of the NSA's lightweight block ciphers > (http://eprint.iacr.org/2013/404). I may have been born at night, but > it was not last night.... > > Has anyone studied the configuration and security properties of a > inner stream cipher with an outer block cipher? > > Jeff > _______________________________________________ > cryptography mailing list > cryptography(a)randombit.net > http://lists.randombit.net/mailman/listinfo/cryptography _______________________________________________ cryptography mailing list cryptography(a)randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 --===============3404570502523161993==--