The symmetric ciphers
Mark H. Wood
mwood at IUPUI.Edu
Thu Oct 31 14:36:12 CET 2013
On Wed, Oct 30, 2013 at 06:19:27PM +0100, Philipp Klaus Krause wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Am 10.09.2013 15:30, schrieb Robert J. Hansen:
> > On 9/10/2013 6:35 AM, Philipp Klaus Krause wrote:
> >> I wonder if it would be a good idea to have an option to combine
> >> symmetric ciphers, e.g. users could state a preference list
> >> like this:
> > No. This idea gets floated every few years and the answers never
> > change. It's not a good idea. If you look in the list archives
> > you can find some pretty long, detailed writeups on why.
> I just tried googling a bit, but the only posts I found are those that
> assume that the effort to break A+B would be a+b. I did not find the
> detailed writeups you mentoned, or even anything else about the
> assumption that breaking A+B takes at least effort max(a,b).
I often worry about the assumption that there are no unfortunate
interactions between the structures of A and B such that the effort to
break A+B < min(a,b). Consider a composition of *three* ciphers:
A := ROT13
B := ROT10
C := ROT3
Each different from the others, though similar in operation. But
(when the symbol set is the Roman alphabet) A(B(C(x))) = x. Composing
these three ciphers produces a cipher worse than any of its
components. Any order of composition will do the same. Compose any
two of them and the result is no stronger than any single one.
Obviously this should not be assumed to hold true for all possible
functions, but it provides a counterexample: composing ciphers does
not necessarily produce a stronger cipher.
Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu
Machines should not be friendly. Machines should be obedient.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 198 bytes
Desc: Digital signature
More information about the Gnupg-users