Anonglish (was: Re: Authenticating Meat)

Trei, Peter ptrei at rsasecurity.com
Wed Apr 30 10:40:42 PDT 2003


> Sunder[SMTP:sunder at sunder.net] writes:
> On Wed, 30 Apr 2003, Thomas Shaddack wrote:
> 
> > Layer the encryptions then. A good ciphertext looks random. Take a
> > ciphertext and encrypt it again, you get a - say - cipher2text. A
> > decryption of cipher2text with any key then looks like a potential
> > ciphertext.
> > 
> > Is there a hole in this claim?
> 
> According to Schneier doing this is a bad idea - (or so I recall from the
> A.P. book which I've not reread in quite a while - I may be wrong) if you
> use the same (or similar) cypher.  i.e.:
>   
> blowfish(blowfish(plaintext,key1),key2) is bad, 
> but rsa(blowfish(plaintext,key1),privatekey) is ok.
> 
[don't top-post]

It really depends on the cipher. If the cipher is a group, then case 1 is
bad - since

> blowfish(blowfish(plaintext,key1),key2) = blowfish(plaintext, key3)
> 
Some ciphers, such as DES, are not groups. This is why double
and triple DES are stronger than single DES.

Peter Trei





More information about the cypherpunks-legacy mailing list