Anonglish (was: Re: Authenticating Meat)
Major Variola (ret)
mv at cdc.gov
Wed Apr 30 11:19:53 PDT 2003
At 01:40 PM 4/30/03 -0400, Trei, Peter wrote:
>> blowfish(blowfish(plaintext,key1),key2) is bad,
>> but rsa(blowfish(plaintext,key1),privatekey) is ok.
>
>It really depends on the cipher. If the cipher is a group, then case 1
is
>bad - since
>
>> blowfish(blowfish(plaintext,key1),key2) = blowfish(plaintext, key3)
>>
>Some ciphers, such as DES, are not groups. This is why double
>and triple DES are stronger than single DES.
Also if you don't trust a given algorithm then chaining it doesn't help.
You can also increase robustness by adding noise,
at a cost of bandwith, see US patent 6,351,539,
which both chains dissimilar ciphers and adds noise
(doubling bandwidth requirements).
More information about the Testlist
mailing list