Multiple symetric cyphers

Patrick Lamb pdlamb at iquest.com
Thu Jan 12 14:32:59 PST 1995


>In article <199501120502.VAA29808 at largo.remailer.net>,
>Eric Hughes <eric at remailer.net> wrote:
>>   From: cactus at seabsd.hks.net (L. Todd Masco)
(bunch of stuff deleted)

>>   I guess this reduces to: do strong cyphers have "signatures" of some sort,
>>   by which the type of encryption can be derived? 
>>
>>If they do, they're likely not _strong_ ciphers.
>
>Great... that's the answer I was looking for, and what my gut feeling
>was.  I'm trying to determine how much rope is too much for a first pass.
>
>Related: is there, in general or in any known specific cases, any loss of
>security in using sym. cipher A on ciphertext B (of another sym. cipher) with
>the same key?  With different keys (I would think not, but I vaguely
>remember mention of something here long ago)?

Is this asking the question, "Does DES form a group with IDEA?"  (Substitute
your favorite cipher.)  Since it took about 15 years to figure out DES is
_not_ a group, I suspect it will take a long time to figure out the answer
to that question for each pair of ciphers you're going to substitute.

Seems to me it's a good basic idea.  If it costs, for example, a million
bucks to crack a cipher; you have three ciphers that can be used; then the
best-case cost to crack a message just tripled!  Of course, if you choose
two ciphers stronger than DES, it probably went up a little more (g).

If the ciphers don't form a group, you just made your system unbreakable.
Just use two ciphers.  Then a brute-force attacker has to check each key for
each cipher once when it is applied first, and once for each of the possible
keys for the other cipher when it is applied second!

Sounds too good to be true.  Am I missing something?

        Pat







More information about the cypherpunks-legacy mailing list