The symmetric ciphers

Johan Wevers johanw at
Thu Oct 31 00:20:29 CET 2013

On 30-10-2013 18:39, Robert J. Hansen wrote:

> If you first encrypt with ROT10 and then with ROT16, the final strength
> is not the maximum of (ROT10, ROT16).  You may think that's a silly
> example, and I grant that it is, but it illuminates the point pretty
> well and avoids a lot of difficult math.

That's because ROT(N) is a group. In a way, we already use a combination
cipher in the form of 3DES, which uses 3 times the same cipher (OK, 2
times and one time in the reverse) but that works because DES is not a

I don't know wether the other symmetric ciphers are a group though, but
I'm sure someone has investigated that.

> Cryptographic algorithms are extremely subtle and interact with each
> other in subtle ways.  As a general rule they should not be stacked
> unless there is (a) a clear necessity and (b) the particular stacking
> has been formally proven to not diminish the overall security of the
> system.  Otherwise, much as how ROT10+ROT16 has really awful security
> characteristics, your stacking may be similarly awful.

Assuming that the same key is used for all that is. Otherwise, if an
attacker knew how to make use of this, encrypting the encrypted message
would help decrypting it, and since any attacker could do that it should
not matterfor a decent encryption algorithm (which ROT(N) clearly is not).

ir. J.C.A. Wevers
PGP/GPG public keys at

More information about the Gnupg-users mailing list