[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Chaining ciphers
> Jim Gillogly skribis:
> > One word of caution (which should be obvious, but can't hurt to repeat it):
> > if you chain ciphers (e.g. DES | IDEA | 3DES | CAST | Blowfish), be sure to
> > use separate keys for each of them; otherwise breaking the last one will
> > give the key to the whole lot.
>
Matthew Ghio rispondis:
> Only if the cryptanalyst knows that the decryption of the last one was
> correct, which shouldn't be possible without also decrypting all the other
> layers.
If the person strapping those systems together writes them from scratch
and the penultimate cipher gives a flat distribution, then I agree
100%. However, many (most?) standalone encryption programs will put a
magic number or other identification at the beginning (e.g. encrypted
PKZIP) or will do a sanity check that actually tells you whether you've
decrypted with the right key, whether you see garbage or not (e.g.
EAY's stand-alone 'idea', 'des', etc.). PGP also has distinctive headers,
I think.
In the world of existing cipher packages it's usually possible to tell what
you've got. Assume Kerckhoff's principle, of course: the attacker knows
which packages you're using and which order you're doing them in.
Jim Gillogly
Hevensday, 9 Solmath S.R. 1998, 17:52
12.19.4.15.19, 10 Cauac 17 Muan, Fourth Lord of Night