On Tue, 6 Jan 2009 18:37:32 +0100, Arno Wagner wrote: >That is a good question and very hard to answer. It is also >not the right way to do it. The right way is to use several >ciphers in stream mode and then to combine the streams using XOR. >This is at least as secure as the most secure cipher used >(as long as the leys are independent) and likely better. >Layering encryption can decrease security, however not >below the level of a known-plaintext attack. Modern ciphers >are expected to be able to resist such an attack and the >decrease in security may be insubstantial. > >Personally I think that if AES gets broken, the world has >far bigger problems than looking at your data. > >If you choose to do this anyways, I would propose that >you use the best cipher closest to the date, e.g. encrypt >with AES first and then with Twofish. Personally, I would suggest randomly ordering the cyphers used (obviously using the same order for the same data every time!) This *should* increase an attacker's workload. Instead of "we know the next layer's encrypted with X; attack it using the cypher X attacking method", the "problem" becomes "the next layer's encrypted with X, Y or Z; attack first using the cypher X attacking method, if that fails fallback to the cypher Y attacking method, falling back to the cypher Z attacking method" (the attack order can be determined more intelligently, but you get the idea). i.e. Less information is available to the attacker. Encrypting with the "most secure" cypher first, would probably be better than a less secure one. If data encrypted with the first cypher could be identified as data encrypted with the first cypher; it could be possible to identify a successful decryption of the second cypher. By using a "more secure" cypher first, the decryption of the second cypher would look like garbage even if it was successfully decrypted; giving no indication of success/failure. Probably for the paranoid, but... -- Sarah Dean FreeOTFE site: http://www.FreeOTFE.org/ Personal site: http://www.SDean12.org/ For information on SecureTrayUtil, Shredders, On-The-Fly Encryption (OTFE) systems, etc, see the URLs above. --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
