Anonglish (was: Re: Authenticating Meat)
Thomas Shaddack
shaddack at ns.arachne.cz
Wed Apr 30 08:18:05 PDT 2003
> According to Schneier doing this is a bad idea - (or so I recall from the
> A.P. book which I've not reread in quite a while - I may be wrong) if you
> use the same (or similar) cypher. i.e.:
>
> blowfish(blowfish(plaintext,key1),key2) is bad,
> but rsa(blowfish(plaintext,key1),privatekey) is ok.
Does it apply even if it is the same cipher but with different key length
and/or block size?
I was pondering such "encapsulation" for the situations when The
Government forbids using ciphers stronger than <limit>. Then use as strong
one as you wish, and encrypt the result in the legally-weak wrapper.
Once they ask for your escrowed keys, or bruteforce it, they will figure
out that you are a crypto-lawbreaker - but you will pass a routine
automated screening. And once you catch their interest, you already have
problems anyway.
More information about the cypherpunks-legacy
mailing list