Anonglish (was: Re: Authenticating Meat)
John Kelsey
kelsey.j at ix.netcom.com
Thu May 1 08:10:53 PDT 2003
At 08:41 AM 4/30/03 -0400, Sunder wrote:
>According to Schneier doing this is a bad idea - (or so I recall from the
>A.P. book which I've not reread in quite a while - I may be wrong) if you
>use the same (or similar) cypher. i.e.:
>
>blowfish(blowfish(plaintext,key1),key2) is bad,
Nope. As long as key1 and key2 are independent, this can't make things
worse if the cipher is any good.
Suppose there is no attack on
blowfish(plaintext,key1),
but there is an attack on
blowfish(blowfish(plaintext,key1),key2)
when the two keys are independent. As an attacker, you automatically get
an attack on
blowfish(plaintext,key1)
from this, by just choosing a random key2, encrypting the ciphertext from
single-blowfish with that key, and then forgetting key2 and applying your
attack on double-blowfish.
--John Kelsey, kelsey.j at ix.netcom.com
PGP: FA48 3237 9AD5 30AC EEDD BBC8 2A80 6948 4CAA F259
More information about the cypherpunks-legacy
mailing list