[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Chaining ciphers




> Jim Gillogly skribis:
> > One word of caution (which should be obvious, but can't hurt to repeat it):
> > if you chain ciphers (e.g. DES | IDEA | 3DES | CAST | Blowfish), be sure to
> > use separate keys for each of them; otherwise breaking the last one will
> > give the key to the whole lot.
> 
Matthew Ghio rispondis:
> Only if the cryptanalyst knows that the decryption of the last one was
> correct, which shouldn't be possible without also decrypting all the other
> layers.

If the person strapping those systems together writes them from scratch
and the penultimate cipher gives a flat distribution, then I agree
100%.  However, many (most?) standalone encryption programs will put a
magic number or other identification at the beginning (e.g. encrypted
PKZIP) or will do a sanity check that actually tells you whether you've
decrypted with the right key, whether you see garbage or not (e.g.
EAY's stand-alone 'idea', 'des', etc.).  PGP also has distinctive headers,
I think.

In the world of existing cipher packages it's usually possible to tell what
you've got.  Assume Kerckhoff's principle, of course: the attacker knows
which packages you're using and which order you're doing them in.

	Jim Gillogly
	Hevensday, 9 Solmath S.R. 1998, 17:52
	12.19.4.15.19, 10 Cauac 17 Muan, Fourth Lord of Night