Chaining ciphers
John Kelsey
kelsey at plnet.net
Sat Jan 31 23:11:34 PST 1998
-----BEGIN PGP SIGNED MESSAGE-----
[ To: Cypherpunks ## Date: 01/30/98 ##
Subject: Re: Chaining ciphers ]
>Date: Thu, 29 Jan 98 09:47:52 PST
>From: jim at mentat.com (Jim Gillogly)
>Subject: Re: Chaining ciphers
>Yes, that's definitely better for high-confidence long-term
>archival stuff than relying on one cipher. Carl Ellison's
>suggestion was DES | tran | nDES | tran | DES, where "tran"
>is an unkeyed large-block transposition.
I believe Dave Wagner broke this, and posted his attack to
cypherpunks, a few months ago; if I recall correctly, his
attack reduced the final security of this to that of a
little more than one DES operation. (The attack worked when
n=1.) This reenforces what we already knew: When you chain
multiple encryption algorithms, you can prove that your
result is no *weaker* than any one of those algorithms, but
that doesn't mean it's any *stronger* than the strongest of
them.
> Jim Gillogly
> Trewesday, 8 Solmath S.R. 1998, 17:22
> 12.19.4.15.18, 9 Edznab 16 Muan, Third Lord of Night
- --John Kelsey, kelsey at counterpane.com / kelsey at plnet.net
NEW PGP print = 5D91 6F57 2646 83F9 6D7F 9C87 886D 88AF
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBNNQz8yZv+/Ry/LrBAQGuAQP/fbUH4GeY5MJ9McLcgt6siGofTd9ZskYz
vl1DBVv3TNbOhdoSU4MH8OesCxckc+7vHbBHawxP/FzeDysAGrtVnjvAsyKKglAL
aIVQp3qQlCpbtEgKj9z5AZZbilipnpB+/2X6BSaradfreCRUk7N6sKcigITD2HSE
KREbqrftNK4=
=wWQS
-----END PGP SIGNATURE-----
More information about the cypherpunks-legacy
mailing list