wrapping encryption in encryption?

wrapping encryption in encryption?

Post by Anonymou » Wed, 09 Jul 2003 21:50:55



How much extra security do you get by encrypting a file and then
encrypting the result to a different key?
 
 
 

wrapping encryption in encryption?

Post by Gamma300 » Thu, 10 Jul 2003 01:32:31



Quote:> How much extra security do you get by encrypting a file and then
> encrypting the result to a different key?

Assuming the keys are kept secure, etc etc, then the time required to crack
the encryption increases exponentially for each encryption (assuming a
standard brute force method is used). However, with PGP, the encryption is
already good enough for it not to matter. If it's been cracked, then you
could encrypt it a million times and it would not help, and if it hasn't,
then one encryption using a reasonable key size is sufficient to withstand a
brute force attack for several million years using current technology.

Encrypting twice to two keys that are stored in different locations, have
different passphrases, and preferably are owned by different people,
however, would increase security against other forms of attack, since if one
of the keys is compromised, the other(s) are still required to decrypt the
data (this is one of the principles behind key sharing).

 
 
 

wrapping encryption in encryption?

Post by Julian Y. Ko » Fri, 11 Jul 2003 01:30:41


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



>How much extra security do you get by encrypting a file and then
>encrypting the result to a different key?

I think it depends on the algorithm, but it's not a linear scale usually.
Witness how 3DES uses 3 different 56-bit keys but only ends up with 112-bit
effective protection.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2
Comment: <http://c*te.at.northwestern.edu/julian/pgppubkey.html>

iQA/AwUBPww1Hg5UB5zJHgFjEQKoLQCfYrjBBpBaLgJ6eJlILj4Np9xlo94AnR6Y
CVKlAArUVBpNznYxiWi1DluA
=531I
-----END PGP SIGNATURE-----

--

Network Engineer                                       <phone:847-467-5780>
Telecommunications and Network Services             Northwestern University
PGP Public Key:<http://c*te.at.northwestern.edu/julian/pgppubkey.html>

 
 
 

wrapping encryption in encryption?

Post by Scott22 » Sun, 20 Jul 2003 13:56:07




Quote:> How much extra security do you get by encrypting a file and then
> encrypting the result to a different key?

As long as you do it to a diffrent key.  You should not use the same key
again to encrypt the encrypted data.  I read in a book about .NET
Cryptography that in some cases this could actually weeken the secuity of
the encrypted data.
 
 
 

wrapping encryption in encryption?

Post by Jason Ti » Mon, 21 Jul 2003 07:12:07


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

| I think it depends on the algorithm, but it's not a
| linear scale usually.  Witness how 3DES uses 3 different
| 56-bit keys but only ends up with 112-bit effective
| protection.

Isn't this because of DES's bit complement property?

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
Comment: My Key: 6ACE DC2C 4C5A 9911 96F3  DDEB C7EC A953 ADE5 0951

iQIVAwUBPxnCNcfsqVOt5QlRAQKZmg//e//ccSSC9SUnYruiobqhvRj6s1tyunx5
fJKc5oFGsL76kdYzm5Mwn/RtdfiTmsyHW6FqTYih+GcLxgUyYOhPyAZfL/HoFSQt
QE5cu25nKsCSHRP84uTBUG7XcaWhrqJrMCpkyszQ4Dh0qg9yoeT7NVSTVPnfJElY
qFa1UkELUsSg1bDHYXvz6Fc/JLvzNX5U/+WHKyyx39hxx5Ix5iE4pCf53IBKVPN4
hMYNrSfPL8zSUPJkk+b4HRStDR6PTLukg+DZw4GgJiwck4u7ewzZvJGkV486W3aB
i9CaQ7IJXchmeoSLe2lGgFOmGHXudGij2eck++bojk4kYYa5cXlJJ8YC9Bh+x5Ge
r0lvfydz0oQ9/Vgyu9fNBcUOgA8Sa8wHit5NMKw0rIhMktrMl/MbQuredb6jucSd
PE6SDFtlLWwn4rybwsn/h4JcydXFkCgGSEzTu2vOCJCVSv4BUOFVhxA0JcBJ+GVG
cZ1gr2CfexRTWtiD95q5VmifgYBjsl5KCU00Jt/ND+2K1tFXkG2MDY6XXc/PLMSj
5Dju+pp2U/0EzuGKwsdoYgwyBaRwSpkk1KLpZvqJH7IxjqQ0v29JqpzT2pa1hZcC
zqjVhLFg4J8Kd4MYHiE+tfdcaTPPNG7nwlF0WeQj4CmeczcG9ZZnLkmS5uhJqpGE
oHhPbjuFyeM=
=C09M
-----END PGP SIGNATURE-----