On Sun, 28 May 2006, Gisle Sælensminde wrote:
Peter_22@xxxxxx wrote:
Thanks a lot for bailing me out:-) I did not know what to answer to Gisle
Sælensminde. The outlook that a double layer of loop-aes could decrease
security is rather shocking.
Yes, "decreased security" *just because* of 2 ciphers is just..well,
silly. How many ciphers does it take to break your data ;)
But read Giseles notes below which should clear up this misunderstanding.
concentrate on things like a proper & easy to handle environment. Storing
keys and tools on a usb-stick has nothing to do with strong ciphers but it
is the ultimate opportunity to keep keys away from your attackers *and*
encrypt all your data, not just larger parts.
And exactly this and a few other implementation details is what I think
Gisele had in mind and what is often forgotten, although it's crypto 101:
a 2048 bit key does not help at all if it's pinned next to the
monitor or even stored in plaintext on an unencrypted disk....
As all ciphers can and will be broken
um, in the (hopefully more distant) future, yes. but then your tiny 500 GB
hard-disk is long gone and loop-aes's successor (?) is finally included in
linux-3.1 ;)
alternatives on how to cover encryption. Where could the data be on a drive
with no partition table?
tricky, methinks. AFAIK, today's ciphers are quite good in letting the
ciphertext look like "random". and a big disk filled with random data is
just...suspicious ;)
Where to start a brute force attack if there is no end and no beginning?
i don't know much about the implemention details of successful attacks to
answer this...
Is it a successfull attack if you get encrypted data
after you break the first layer of encryption?
hm, you'd have to *know* that this key was right and the gibberish you're
looking at is in fact the underlying 2nd ciphertext...1 more to go.
I still suppose double encryption and mixing up more than one cipher in
deed does slow down attackers.
IIRC, this was done in PGPphone (or its successor? gotta look it up
somewhere): they've used 2 different ciphers, for performance purposes, i
think.
different parts are combined to get a system that is secure as a whole, and
this is more than just the security of the ciphers used. If the ciphersystem
Gisele, I was under the assumption that the OP know that it takes more
than just "ciphers" to be "secure", so I just wanted to say (again):
-> "decreased security" *just because* of 2 ciphers would mean that we
could break ciphers by chaining them together often enough?
change the cryptosystem. This means that some of the analysis done on the
single encryption system now are invalid.
sure: the findings of cipher_a do not apply for cipher_b.
This may actually introduce a possibility for an attack, for instance it
"possibility for an attack"? so, do you mean if it's labelled
"comes with double-encryption (only 49,99 ;))"
more people would attack the ciphertext?
may introduce a weakness that let an attacker exploiting the fact that
the two ciphers use the same key or some other attack that you could not
different ciphers, different keys, methinks. otherwise we really had
problems like known-ciphertext attacks or sth. like that. again: if "more
ciphers" do mean "decreased encrpytion", then I'd be really curious about
the how-many-ciphers-to-break-this issue ;)
My point with these examples, is that the whole cryptosystem must be
considered, not just the ciphers
ACK, again.
analyzed AES than the loop-aes system, so I would be more worried about how
loop-aes is designed than the strength of the cipher.
hm, makes sense too. we just have to enlarge the loop-aes userbase and get
it all reviewed...
cheers.
Christian.
--
BOFH excuse #435:
Internet shut down due to maintenance