On Fri, Aug 13, 2021, 6:07 AM grarpamp <grarpamp@gmail.com> wrote:
I heard people recently talking about using _multiple_ OTP's. Not sure how that helps anything but it sounds nice and paranoid.
That's probably describing "multiple encryption", cascade, or composition.
https://en.wikipedia.org/wiki/Multiple_encryption
In the case of properly used OTP's with TRNG's, multiple doesn't help anything since the info theoretic security of that system has been proven.
But for all other classes of algos such as the common asym/symm/hash, multiple can be used as a safety backup in case a sole use algo might be broken, but is no good if they all are fail... ie: md5 + sha1 != good or if use of all N of them was poor, thus = fail too.
I'm aware that xoring hashes reduces their security (more collisions, I believe). You want to concatenate them. PS: Now for the more interesting thing in this note...
Notice how GoldBug et al happened to sneak themselves onto that page too.
Similar to me saying "public input state" above. A dangerous error but doesn't appear malicious on anyone's part. publicly investigate and debunk or clear their I guess to take action on weird, sketchy public behaviors, one would need to figure out how to influence or satisfy whatever is stimulating them. Not sure how to do that.