Velocity Reviews > Doubled-up security??

# Doubled-up security??

nemo outis
Guest
Posts: n/a

 01-05-2005
In article <(E-Mail Removed)>, "bowgus" <(E-Mail Removed)> wrote:
>If a key length were say 56 bits, and an algorithm was applied say 3 times,
>then effective key length would be 168 bits.

Uhhh, no. 56 bits applied three times would be equivalent to
57.585 bits.

A 256-bit algorithm (AES, say) is not twice as difficult to crack
as a 128-bit version, but rather 2^128 times as hard!

Regards,

nemo outis
Guest
Posts: n/a

 01-05-2005
In article <w1KCd.700323\$nl.119542@pd7tw3no>, nemo http://www.velocityreviews.com/forums/(E-Mail Removed) (nemo outis) wrote:
>In article <(E-Mail Removed)>, "bowgus" <(E-Mail Removed)>
> wrote:
>>If a key length were say 56 bits, and an algorithm was applied say 3 times,
>>then effective key length would be 168 bits.

>
>
>Uhhh, no. 56 bits applied three times would be equivalent to
>57.585 bits.
>
>A 256-bit algorithm (AES, say) is not twice as difficult to crack
>as a 128-bit version, but rather 2^128 times as hard!
>
>Regards,
>

A clarification:

Triple DES, however, uses three separate keys, one for each
encryption. In that case doing 56 bit encryption three times
DOES result in (effective) 192-bit encryption.

Regards,

John
Guest
Posts: n/a

 01-05-2005
nemo outis wrote:
>
> A clarification:
>
> Triple DES, however, uses three separate keys, one for each
> encryption. In that case doing 56 bit encryption three times
> DOES result in (effective) 192-bit encryption.
>

Unless you use a TDES-variant that uses one key twice, resulting in a
112 bit version of TDES...

Groetjes
John

bowgus
Guest
Posts: n/a

 01-06-2005
Exactly ... and that was the "humor" in my original response ... "Why not
just use one algorithm, 3 times ... wait a minute ... referring to 3DES
(using 3 keys of 64 bits less the 8 bits parity) is 168 bits.

<nemo (E-Mail Removed) (nemo outis)> wrote in message
news:J6KCd.700364\$nl.161279@pd7tw3no...
> In article <w1KCd.700323\$nl.119542@pd7tw3no>, nemo (E-Mail Removed) (nemo

outis) wrote:
> >In article <(E-Mail Removed)>, "bowgus"

<(E-Mail Removed)>
> > wrote:
> >>If a key length were say 56 bits, and an algorithm was applied say 3

times,
> >>then effective key length would be 168 bits.

> >
> >
> >Uhhh, no. 56 bits applied three times would be equivalent to
> >57.585 bits.
> >
> >A 256-bit algorithm (AES, say) is not twice as difficult to crack
> >as a 128-bit version, but rather 2^128 times as hard!
> >
> >Regards,
> >

>
> A clarification:
>
> Triple DES, however, uses three separate keys, one for each
> encryption. In that case doing 56 bit encryption three times
> DOES result in (effective) 192-bit encryption.
>
> Regards,
>
>
>
>

EDOOD
Guest
Posts: n/a

 01-07-2005
My Opinion (everyone has one).....
The whole reason for encryption is to avoid someone exploiting the
plaintext. So, if someone used a brute force (try all PW's) and breaks the
first layer, how will they recognize whether the cyphertext is good or
not.....Even the Fort Meade (NSA) computers would have to recognize the
cypher pattern of the second encryption method.
The real question is 1) Who are you trying to keep secrets from 2) If your
computer is not shielded, the NSA Sattelites can just pick the plaintext off
of your screen. 3) What is the duration of the time you think that this
secret cypher text will remain relavent.
The Archives of the U.S. still have classified "SECRET" troop movements from
the Civil War. I am sure it has to do more with revealing "Methods" of
Intelligence, rather than the actual position of the troops today (All Dead,
most likely).
Why stop at 3...why not 5, or 10. What is the point....Would it be more
secure? Hmmmmmmmm!!!!

IPGrunt
Guest
Posts: n/a

 01-08-2005
Livewire <(E-Mail Removed)> confessed in
news:(E-Mail Removed) :

>
>
> I've got 3 different encryption programs on my computer.
>
> If I encrypt a file using one program
>
> then encrypt the encrypted file again using another program
>
> then encrypt it again using a third program
>
>
> will it make it three time harder for someone to hack into?
>
>

Not if you use the same password everytime!

Seriously, your idea is sound statistically, as running through the algorithm
twice will increase your security geometrically. IE, if algoritm A offers a
protection factor of n, then running through A twice (using a fresh,
unrelated password), theoretically offers n-squared protection.

In practice, using a good algorithm like 3DES or Rijndael combined with sound
IVs and good passwords will survive any brute-force hack attempt.

that consist of upper and lower case letters, numeric digits, and punctuation
characters, and that are at least 8-characters long. Avoid dictionary words,
common names, and personal information.

Stay safe.

-- ipgrunt

@(none)
Guest
Posts: n/a

 01-24-2005
IPGrunt wrote:
> Livewire <(E-Mail Removed)> confessed in
> news:(E-Mail Removed) :
>
>
>>
>>I've got 3 different encryption programs on my computer.
>>
>>If I encrypt a file using one program
>>
>>then encrypt the encrypted file again using another program
>>
>>then encrypt it again using a third program
>>
>>
>>will it make it three time harder for someone to hack into?
>>
>>

>
>
> Not if you use the same password everytime!
>
> Seriously, your idea is sound statistically, as running through the algorithm
> twice will increase your security geometrically. IE, if algoritm A offers a
> protection factor of n, then running through A twice (using a fresh,
> unrelated password), theoretically offers n-squared protection.
>
> In practice, using a good algorithm like 3DES or Rijndael combined with sound
> IVs and good passwords will survive any brute-force hack attempt.
>
> that consist of upper and lower case letters, numeric digits, and punctuation
> characters, and that are at least 8-characters long. Avoid dictionary words,
> common names, and personal information.
>
> Stay safe.
>
> -- ipgrunt

It does not make it any harder to crack a message if you encrpt the
cyphertext. The crack would seek to determine the composite transfer
function. The only thing to improve the strength is to increae the key size.

Cheers

M^2

@(none)
Guest
Posts: n/a

 01-24-2005
IPGrunt wrote:
> Livewire <(E-Mail Removed)> confessed in
> news:(E-Mail Removed) :
>
>
>>
>>I've got 3 different encryption programs on my computer.
>>
>>If I encrypt a file using one program
>>
>>then encrypt the encrypted file again using another program
>>
>>then encrypt it again using a third program
>>
>>
>>will it make it three time harder for someone to hack into?
>>
>>

>
>
> Not if you use the same password everytime!
>
> Seriously, your idea is sound statistically, as running through the algorithm
> twice will increase your security geometrically. IE, if algoritm A offers a
> protection factor of n, then running through A twice (using a fresh,
> unrelated password), theoretically offers n-squared protection.
>
> In practice, using a good algorithm like 3DES or Rijndael combined with sound
> IVs and good passwords will survive any brute-force hack attempt.
>
> that consist of upper and lower case letters, numeric digits, and punctuation
> characters, and that are at least 8-characters long. Avoid dictionary words,
> common names, and personal information.
>
> Stay safe.
>
> -- ipgrunt

It does not make it any harder to crack a message if you encrpt the
cyphertext. The crack would seek to determine the composite transfer
function. The only thing to improve the strength is to increase the key
size.

Cheers

M^2

winged
Guest
Posts: n/a

 01-25-2005
none wrote:
> IPGrunt wrote:
>
>> Livewire <(E-Mail Removed)> confessed in
>> news:(E-Mail Removed) :
>>
>>
>>>
>>> I've got 3 different encryption programs on my computer.
>>>
>>> If I encrypt a file using one program
>>>
>>> then encrypt the encrypted file again using another program
>>>
>>> then encrypt it again using a third program
>>>
>>>
>>> will it make it three time harder for someone to hack into?
>>>
>>>

>>
>>
>> Not if you use the same password everytime!
>>
>> Seriously, your idea is sound statistically, as running through the
>> algorithm twice will increase your security geometrically. IE, if
>> algoritm A offers a protection factor of n, then running through A
>> twice (using a fresh, unrelated password), theoretically offers
>> n-squared protection.
>>
>> In practice, using a good algorithm like 3DES or Rijndael combined
>> with sound IVs and good passwords will survive any brute-force hack
>> attempt.
>> passwords that consist of upper and lower case letters, numeric
>> digits, and punctuation characters, and that are at least 8-characters
>> long. Avoid dictionary words, common names, and personal information.
>>
>> Stay safe.
>>
>> -- ipgrunt

>
> It does not make it any harder to crack a message if you encrpt the
> cyphertext. The crack would seek to determine the composite transfer
> function. The only thing to improve the strength is to increase the key
> size.
>
> Cheers
>
> M^2
>

Concur with M^2, multiplying the encryption does not by itself make the
message any harder to crack, in fact it can, depending on the algorithm
used, it may make the message easier to crack, depending on noise of the
algorithm pads etc. Expanding key length is the most cost effective
method. Ensuring the key used is longer than the encrypted data ensures
the data is not compromised by repeating patterns. Short encrypted
messages where the key is unique for each communication, random, and
longer than the encrypted data are the most effective.

Randomizing the keys used to utilize all allowable chars is another.

But I would go with M^2's recommendations unless one is plotting
something very bad where someone will be looking very hard....then I
would not use a computer, audit trails encrypted or otherwise are
probably not the best methodologies.

If it involves money, one doesn't just have to worry about governmental
types, they follow the rules. Its the wildcards companies hire to track
the money down that may have no compunctions about rules, depending on
the wildcard entity and/or countries involved. I would very nervous of
those types, they don't need any stinkin keys, and don't require evidence.

Of course even the Kryptos message has been 90% broken in just 15 years
and it used some pretty sophisticated unknown keys.

Boy I gotta get me a secret.

Winged