Anonglish (was: Re: Authenticating Meat)

Sunder sunder at sunder.net
Wed Apr 30 06:52:14 PDT 2003 

I'm not sure, but in that case you can use some lame ass cypher like
rc4-40 (don't bother with DES as it's too slow) and then use twofish 128
interally, with two unrelated keys.

You can even set the key of the weaker one to be an MD5 hash of today's
date (at GMT+0) + whatever constants you'd like, since you don't care
about it.  You don't want to make the weak cypher too easy to brute, but
don't make the keys related.  

(If you crack/brute the outside cypher and the keys are related, you gave
the oponents hints about your more important key.)


I'm unsure what the reasoning against superencryption (even if the keys
are unrelated) is, and weather different key sizes make a difference.  
You can check Applied Crypto (don't have it infront of me now, sorry.)

Or you can try the Handbook of Applied Crypto (different book) - parts of
which are online here: http://www.cacr.math.uwaterloo.ca/hac/


----------------------Kaos-Keraunos-Kybernetos---------------------------
 + ^ + :NSA got $20Bil/year |Passwords are like underwear. You don't /|\
  \|/  :and didn't stop 9-11|share them, you don't hang them on your/\|/\
<--*-->:Instead of rewarding|monitor, or under your keyboard, you   \/|\/
  /|\  :their failures, we  |don't email them, or put them on a web  \|/
 + v + :should get refunds! |site, and you must change them very often.
--------_sunder_ at _sunder_._net_------- http://www.sunder.net ------------

On Wed, 30 Apr 2003, Thomas Shaddack wrote:

> > According to Schneier doing this is a bad idea - (or so I recall from the
> > A.P. book which I've not reread in quite a while - I may be wrong) if you
> > use the same (or similar) cypher.  i.e.:
> >
> > blowfish(blowfish(plaintext,key1),key2) is bad,
> > but rsa(blowfish(plaintext,key1),privatekey) is ok.
> 
> Does it apply even if it is the same cipher but with different key length
> and/or block size?
> 
> I was pondering such "encapsulation" for the situations when The
> Government forbids using ciphers stronger than <limit>. Then use as strong
> one as you wish, and encrypt the result in the legally-weak wrapper.
> 
> Once they ask for your escrowed keys, or bruteforce it, they will figure
> out that you are a crypto-lawbreaker - but you will pass a routine
> automated screening. And once you catch their interest, you already have
> problems anyway.

More information about the cypherpunks-legacy mailing list