The symmetric ciphers
Robert J. Hansen
rjh at sixdemonbag.org
Wed Oct 30 18:39:07 CET 2013
> Well, here's a (rough, and maybe naive) explanation of why I assumed
> that the effort is at least max(a, b):
If you first encrypt with ROT10 and then with ROT16, the final
strength is not the maximum of (ROT10, ROT16). You may think that's a
silly example, and I grant that it is, but it illuminates the point
pretty well and avoids a lot of difficult math.
Cryptographic algorithms are extremely subtle and interact with each
other in subtle ways. As a general rule they should not be stacked
unless there is (a) a clear necessity and (b) the particular stacking
has been formally proven to not diminish the overall security of the
system. Otherwise, much as how ROT10+ROT16 has really awful security
characteristics, your stacking may be similarly awful.
More information about the Gnupg-users
mailing list