[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Chaining ciphers

To: "cypherpunks" <[email protected]>
Subject: Re: Chaining ciphers
From: "John Kelsey" <[email protected]>
Date: Sun, 1 Feb 1998 00:37:08 -0600
Sender: [email protected]


-----BEGIN PGP SIGNED MESSAGE-----

[ To: Cypherpunks ## Date: 01/30/98 ##
  Subject: Re: Chaining ciphers ]

>Date: Thu, 29 Jan 98 09:47:52 PST
>From: [email protected] (Jim Gillogly)
>Subject: Re: Chaining ciphers

>Yes, that's definitely better for high-confidence long-term
>archival stuff than relying on one cipher.  Carl Ellison's
>suggestion was DES | tran | nDES | tran | DES, where "tran"
>is an unkeyed large-block transposition.

I believe Dave Wagner broke this, and posted his attack to
cypherpunks, a few months ago; if I recall correctly, his
attack reduced the final security of this to that of a
little more than one DES operation.  (The attack worked when
n=1.)  This reenforces what we already knew:  When you chain
multiple encryption algorithms, you can prove that your
result is no *weaker* than any one of those algorithms, but
that doesn't mean it's any *stronger* than the strongest of
them.

>	Jim Gillogly
>	Trewesday, 8 Solmath S.R. 1998, 17:22
>	12.19.4.15.18, 9 Edznab 16 Muan, Third Lord of Night

- --John Kelsey, [email protected] / [email protected]
NEW PGP print =  5D91 6F57 2646 83F9 6D7F 9C87 886D 88AF

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNNQz8yZv+/Ry/LrBAQGuAQP/fbUH4GeY5MJ9McLcgt6siGofTd9ZskYz
vl1DBVv3TNbOhdoSU4MH8OesCxckc+7vHbBHawxP/FzeDysAGrtVnjvAsyKKglAL
aIVQp3qQlCpbtEgKj9z5AZZbilipnpB+/2X6BSaradfreCRUk7N6sKcigITD2HSE
KREbqrftNK4=
=wWQS
-----END PGP SIGNATURE-----

Next by Date: Eureka! Sun Feb 1 '98
Next by thread: Re: Chaining ciphers
Index(es):
- Date
- Thread