Hi, On Sam, 29 Okt 2005, Jan Luehr wrote: > I recently wondered if multiple encryption can decrease the security of > encrypted information. > Imho we can basically think of two different scenarios: > 1st. Encrypting information twice. > For instance: An RSA encrypted mail is stored on a loop-aes encrypted > harddrive. (If you think of XOR, you run into serious problems, if using same > keys, but I guess RSA and AES won't be a problem at all.) > > 2nd. Encrypting information more times. > For instance: Backups are done on removeable media. Each one is encrypted with > a different set of keys for loop-aes, but also containing very similar data. > > Do you know, serious studies or trust-/helpful reports, etc. on what > algorithmens / implementations can / should / mustn't be combined and how > multiple encryption effects security? i don't know the name of the papers.. but here you can find everything :-) http://www.cacr.math.uwaterloo.ca/hac/ there are some criterias for ciphers by design which answer your querstion: - the cipher output should be random, so there is no way to guess the cipher itself, nor the original content - none of the content should act as a "neutral" element, think of numbers where a multiply with 1 results in the orig. number, this clearly should not happen. - your question mixes ciphers and implemenations, some ciphers have their weak spots, but normally "clever" implementations cover them. So do not try to build your own encryption system, the results normally are fatal unuseable. -- Florian Reitmeir - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/