Doubled-up security??

Discussion in 'Computer Security' started by Livewire, Jan 4, 2005.

  1. Livewire

    Livewire Guest

    I've got 3 different encryption programs on my computer.

    If I encrypt a file using one program

    then encrypt the encrypted file again using another program

    then encrypt it again using a third program


    will it make it three time harder for someone to hack into?
    Livewire, Jan 4, 2005
    #1
    1. Advertising

  2. Livewire <> wrote:

    > I've got 3 different encryption programs on my computer.
    >
    > If I encrypt a file using one program
    >
    > then encrypt the encrypted file again using another program
    >
    > then encrypt it again using a third program
    >
    >
    > will it make it three time harder for someone to hack into?


    Depends totally on what encryption algorithms you use, and how good the
    passwords are.

    With a good algorithm and a good long passphrase a single encryption
    will be sufficient - if it takes longer than the future existence of
    the universe to crack the first encryption by brute force, then
    additional encryptions are a bit over the top ;-)


    Juergen Nieveler
    --
    Any ship can be a minesweeper... once.
    Juergen Nieveler, Jan 4, 2005
    #2
    1. Advertising

  3. Livewire

    sh4d03 Guest

    Livewire wrote:
    >
    > I've got 3 different encryption programs on my computer.
    >
    > If I encrypt a file using one program
    >
    > then encrypt the encrypted file again using another program
    >
    > then encrypt it again using a third program
    >
    >
    > will it make it three time harder for someone to hack into?
    >
    >

    Also be warned about corrupting your file. If you accidentally try and
    de-crypt your file with the wrong order of programs your could rapidly
    find yourself trying to re-de-encrypt your file and well... have fun
    with that.

    Sh4d03
    sh4d03, Jan 4, 2005
    #3
  4. Livewire

    Robsten Guest

    Livewire skrev:
    >
    > I've got 3 different encryption programs on my computer.
    >
    > If I encrypt a file using one program
    >
    > then encrypt the encrypted file again using another program
    >
    > then encrypt it again using a third program
    >
    >
    > will it make it three time harder for someone to hack into?
    >
    >

    God GUD!!! If you erase the file, no one at all will break into!

    --
    Robban Stenkvist
    http://w1.853.comhem.se/~u85329080/
    http://robsten.blogspot.com/
    Robsten, Jan 4, 2005
    #4
  5. Livewire

    Livewire Guest

    In article <zhzCd.13026$>,
    says...
    > Livewire skrev:
    > >
    > > I've got 3 different encryption programs on my computer.
    > >
    > > If I encrypt a file using one program
    > >
    > > then encrypt the encrypted file again using another program
    > >
    > > then encrypt it again using a third program
    > >
    > >
    > > will it make it three time harder for someone to hack into?
    > >
    > >

    > God GUD!!! If you erase the file, no one at all will break into!
    >
    >

    Well, maybe then I'd get three different file shredders and ask whether
    using each of them might be better than just one!!


    Not that I'm paranoid or anything . . .
    Livewire, Jan 4, 2005
    #5
  6. Livewire

    Robsten Guest

    Robsten, Jan 4, 2005
    #6
  7. Livewire

    Robsten Guest

    Robsten skrev:
    > Livewire skrev:
    >
    >>
    >> Not that I'm paranoid or anything . . .

    >
    >
    > Of course not, just normally security. You have the document of the holy
    > graal on your disc, better to contact Dan Brown.;-)


    Myself? I am too paranoid to use Limewire!

    --
    Robban Stenkvist
    http://w1.853.comhem.se/~u85329080/
    http://robsten.blogspot.com/
    Robsten, Jan 4, 2005
    #7
  8. Livewire

    bowgus Guest

    Why not just use one algorithm, 3 times ... wait a minute :)

    "Livewire" <> wrote in message
    news:...
    >
    >
    > I've got 3 different encryption programs on my computer.
    >
    > If I encrypt a file using one program
    >
    > then encrypt the encrypted file again using another program
    >
    > then encrypt it again using a third program
    >
    >
    > will it make it three time harder for someone to hack into?
    >
    >
    bowgus, Jan 4, 2005
    #8
  9. Livewire

    nemo outis Guest

    In article <>,
    Livewire <> wrote:
    >
    >
    >I've got 3 different encryption programs on my computer.
    >
    >If I encrypt a file using one program
    >
    >then encrypt the encrypted file again using another program
    >
    >then encrypt it again using a third program
    >
    >
    >will it make it three time harder for someone to hack into?
    >
    >



    Assuming there are no cross dependencies in the algorithms (and
    that the passwords are sufficiently strong and independent) then
    sequentially encrypting something with two algorithms of
    equivalent strength does indeed make it twice as difficult for
    the adversary to decrypt.

    However, lest you become too excited about this, note that by
    doubling the difficulty you have only added one bit to the
    "effective" encryption. That is, if each algorithm was 256-bit
    then their use together is equivalent to 257 bits.

    Not so impressive when put that way, eh?

    RTegards,
    nemo outis, Jan 5, 2005
    #9
  10. Livewire

    bowgus Guest

    If a key length were say 56 bits, and an algorithm was applied say 3 times,
    then effective key length would be 168 bits.

    <nemo (nemo outis)> wrote in message
    news:CGHCd.699611$nl.49910@pd7tw3no...
    > In article <>,
    > Livewire <> wrote:
    > >
    > >
    > >I've got 3 different encryption programs on my computer.
    > >
    > >If I encrypt a file using one program
    > >
    > >then encrypt the encrypted file again using another program
    > >
    > >then encrypt it again using a third program
    > >
    > >
    > >will it make it three time harder for someone to hack into?
    > >
    > >

    >
    >
    > Assuming there are no cross dependencies in the algorithms (and
    > that the passwords are sufficiently strong and independent) then
    > sequentially encrypting something with two algorithms of
    > equivalent strength does indeed make it twice as difficult for
    > the adversary to decrypt.
    >
    > However, lest you become too excited about this, note that by
    > doubling the difficulty you have only added one bit to the
    > "effective" encryption. That is, if each algorithm was 256-bit
    > then their use together is equivalent to 257 bits.
    >
    > Not so impressive when put that way, eh?
    >
    > RTegards,
    >
    bowgus, Jan 5, 2005
    #10
  11. Livewire

    nemo outis Guest

    In article <>, "bowgus" <> wrote:
    >If a key length were say 56 bits, and an algorithm was applied say 3 times,
    >then effective key length would be 168 bits.



    Uhhh, no. 56 bits applied three times would be equivalent to
    57.585 bits.

    A 256-bit algorithm (AES, say) is not twice as difficult to crack
    as a 128-bit version, but rather 2^128 times as hard!

    Regards,
    nemo outis, Jan 5, 2005
    #11
  12. Livewire

    nemo outis Guest

    In article <w1KCd.700323$nl.119542@pd7tw3no>, nemo (nemo outis) wrote:
    >In article <>, "bowgus" <>
    > wrote:
    >>If a key length were say 56 bits, and an algorithm was applied say 3 times,
    >>then effective key length would be 168 bits.

    >
    >
    >Uhhh, no. 56 bits applied three times would be equivalent to
    >57.585 bits.
    >
    >A 256-bit algorithm (AES, say) is not twice as difficult to crack
    >as a 128-bit version, but rather 2^128 times as hard!
    >
    >Regards,
    >


    A clarification:

    Triple DES, however, uses three separate keys, one for each
    encryption. In that case doing 56 bit encryption three times
    DOES result in (effective) 192-bit encryption.

    Regards,
    nemo outis, Jan 5, 2005
    #12
  13. Livewire

    John Guest

    nemo outis wrote:
    >
    > A clarification:
    >
    > Triple DES, however, uses three separate keys, one for each
    > encryption. In that case doing 56 bit encryption three times
    > DOES result in (effective) 192-bit encryption.
    >


    Unless you use a TDES-variant that uses one key twice, resulting in a
    112 bit version of TDES...

    Groetjes
    John
    John, Jan 5, 2005
    #13
  14. Livewire

    bowgus Guest

    Exactly ... and that was the "humor" in my original response ... "Why not
    just use one algorithm, 3 times ... wait a minute :) ... referring to 3DES
    (using 3 keys of 64 bits less the 8 bits parity) is 168 bits.


    <nemo (nemo outis)> wrote in message
    news:J6KCd.700364$nl.161279@pd7tw3no...
    > In article <w1KCd.700323$nl.119542@pd7tw3no>, nemo (nemo

    outis) wrote:
    > >In article <>, "bowgus"

    <>
    > > wrote:
    > >>If a key length were say 56 bits, and an algorithm was applied say 3

    times,
    > >>then effective key length would be 168 bits.

    > >
    > >
    > >Uhhh, no. 56 bits applied three times would be equivalent to
    > >57.585 bits.
    > >
    > >A 256-bit algorithm (AES, say) is not twice as difficult to crack
    > >as a 128-bit version, but rather 2^128 times as hard!
    > >
    > >Regards,
    > >

    >
    > A clarification:
    >
    > Triple DES, however, uses three separate keys, one for each
    > encryption. In that case doing 56 bit encryption three times
    > DOES result in (effective) 192-bit encryption.
    >
    > Regards,
    >
    >
    >
    >
    bowgus, Jan 6, 2005
    #14
  15. Livewire

    EDOOD Guest

    My Opinion (everyone has one).....
    The whole reason for encryption is to avoid someone exploiting the
    plaintext. So, if someone used a brute force (try all PW's) and breaks the
    first layer, how will they recognize whether the cyphertext is good or
    not.....Even the Fort Meade (NSA) computers would have to recognize the
    cypher pattern of the second encryption method.
    The real question is 1) Who are you trying to keep secrets from 2) If your
    computer is not shielded, the NSA Sattelites can just pick the plaintext off
    of your screen. 3) What is the duration of the time you think that this
    secret cypher text will remain relavent.
    The Archives of the U.S. still have classified "SECRET" troop movements from
    the Civil War. I am sure it has to do more with revealing "Methods" of
    Intelligence, rather than the actual position of the troops today (All Dead,
    most likely).
    Why stop at 3...why not 5, or 10. What is the point....Would it be more
    secure? Hmmmmmmmm!!!!
    EDOOD, Jan 7, 2005
    #15
  16. Livewire

    IPGrunt Guest

    Livewire <> confessed in
    news::

    >
    >
    > I've got 3 different encryption programs on my computer.
    >
    > If I encrypt a file using one program
    >
    > then encrypt the encrypted file again using another program
    >
    > then encrypt it again using a third program
    >
    >
    > will it make it three time harder for someone to hack into?
    >
    >


    Not if you use the same password everytime!

    Seriously, your idea is sound statistically, as running through the algorithm
    twice will increase your security geometrically. IE, if algoritm A offers a
    protection factor of n, then running through A twice (using a fresh,
    unrelated password), theoretically offers n-squared protection.

    In practice, using a good algorithm like 3DES or Rijndael combined with sound
    IVs and good passwords will survive any brute-force hack attempt.

    Remember, your encryption is only as good as your password. Use passwords
    that consist of upper and lower case letters, numeric digits, and punctuation
    characters, and that are at least 8-characters long. Avoid dictionary words,
    common names, and personal information.

    Stay safe.

    -- ipgrunt
    IPGrunt, Jan 8, 2005
    #16
  17. Livewire

    @(none) Guest

    IPGrunt wrote:
    > Livewire <> confessed in
    > news::
    >
    >
    >>
    >>I've got 3 different encryption programs on my computer.
    >>
    >>If I encrypt a file using one program
    >>
    >>then encrypt the encrypted file again using another program
    >>
    >>then encrypt it again using a third program
    >>
    >>
    >>will it make it three time harder for someone to hack into?
    >>
    >>

    >
    >
    > Not if you use the same password everytime!
    >
    > Seriously, your idea is sound statistically, as running through the algorithm
    > twice will increase your security geometrically. IE, if algoritm A offers a
    > protection factor of n, then running through A twice (using a fresh,
    > unrelated password), theoretically offers n-squared protection.
    >
    > In practice, using a good algorithm like 3DES or Rijndael combined with sound
    > IVs and good passwords will survive any brute-force hack attempt.
    >
    > Remember, your encryption is only as good as your password. Use passwords
    > that consist of upper and lower case letters, numeric digits, and punctuation
    > characters, and that are at least 8-characters long. Avoid dictionary words,
    > common names, and personal information.
    >
    > Stay safe.
    >
    > -- ipgrunt

    It does not make it any harder to crack a message if you encrpt the
    cyphertext. The crack would seek to determine the composite transfer
    function. The only thing to improve the strength is to increae the key size.

    Cheers

    M^2
    @(none), Jan 24, 2005
    #17
  18. Livewire

    @(none) Guest

    IPGrunt wrote:
    > Livewire <> confessed in
    > news::
    >
    >
    >>
    >>I've got 3 different encryption programs on my computer.
    >>
    >>If I encrypt a file using one program
    >>
    >>then encrypt the encrypted file again using another program
    >>
    >>then encrypt it again using a third program
    >>
    >>
    >>will it make it three time harder for someone to hack into?
    >>
    >>

    >
    >
    > Not if you use the same password everytime!
    >
    > Seriously, your idea is sound statistically, as running through the algorithm
    > twice will increase your security geometrically. IE, if algoritm A offers a
    > protection factor of n, then running through A twice (using a fresh,
    > unrelated password), theoretically offers n-squared protection.
    >
    > In practice, using a good algorithm like 3DES or Rijndael combined with sound
    > IVs and good passwords will survive any brute-force hack attempt.
    >
    > Remember, your encryption is only as good as your password. Use passwords
    > that consist of upper and lower case letters, numeric digits, and punctuation
    > characters, and that are at least 8-characters long. Avoid dictionary words,
    > common names, and personal information.
    >
    > Stay safe.
    >
    > -- ipgrunt

    It does not make it any harder to crack a message if you encrpt the
    cyphertext. The crack would seek to determine the composite transfer
    function. The only thing to improve the strength is to increase the key
    size.

    Cheers

    M^2
    @(none), Jan 24, 2005
    #18
  19. Livewire

    winged Guest

    none wrote:
    > IPGrunt wrote:
    >
    >> Livewire <> confessed in
    >> news::
    >>
    >>
    >>>
    >>> I've got 3 different encryption programs on my computer.
    >>>
    >>> If I encrypt a file using one program
    >>>
    >>> then encrypt the encrypted file again using another program
    >>>
    >>> then encrypt it again using a third program
    >>>
    >>>
    >>> will it make it three time harder for someone to hack into?
    >>>
    >>>

    >>
    >>
    >> Not if you use the same password everytime!
    >>
    >> Seriously, your idea is sound statistically, as running through the
    >> algorithm twice will increase your security geometrically. IE, if
    >> algoritm A offers a protection factor of n, then running through A
    >> twice (using a fresh, unrelated password), theoretically offers
    >> n-squared protection.
    >>
    >> In practice, using a good algorithm like 3DES or Rijndael combined
    >> with sound IVs and good passwords will survive any brute-force hack
    >> attempt.
    >> Remember, your encryption is only as good as your password. Use
    >> passwords that consist of upper and lower case letters, numeric
    >> digits, and punctuation characters, and that are at least 8-characters
    >> long. Avoid dictionary words, common names, and personal information.
    >>
    >> Stay safe.
    >>
    >> -- ipgrunt

    >
    > It does not make it any harder to crack a message if you encrpt the
    > cyphertext. The crack would seek to determine the composite transfer
    > function. The only thing to improve the strength is to increase the key
    > size.
    >
    > Cheers
    >
    > M^2
    >

    Concur with M^2, multiplying the encryption does not by itself make the
    message any harder to crack, in fact it can, depending on the algorithm
    used, it may make the message easier to crack, depending on noise of the
    algorithm pads etc. Expanding key length is the most cost effective
    method. Ensuring the key used is longer than the encrypted data ensures
    the data is not compromised by repeating patterns. Short encrypted
    messages where the key is unique for each communication, random, and
    longer than the encrypted data are the most effective.

    Randomizing the keys used to utilize all allowable chars is another.

    But I would go with M^2's recommendations unless one is plotting
    something very bad where someone will be looking very hard....then I
    would not use a computer, audit trails encrypted or otherwise are
    probably not the best methodologies.

    If it involves money, one doesn't just have to worry about governmental
    types, they follow the rules. Its the wildcards companies hire to track
    the money down that may have no compunctions about rules, depending on
    the wildcard entity and/or countries involved. I would very nervous of
    those types, they don't need any stinkin keys, and don't require evidence.

    Of course even the Kryptos message has been 90% broken in just 15 years
    and it used some pretty sophisticated unknown keys.

    Boy I gotta get me a secret.

    Winged
    winged, Jan 25, 2005
    #19
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Devo

    Outlook Express Doubled messages

    Devo, Jul 1, 2004, in forum: Computer Support
    Replies:
    3
    Views:
    4,365
    Jim Byrd
    Jul 1, 2004
  2. Terry Pinnell

    Doubled up taskbar

    Terry Pinnell, Sep 15, 2004, in forum: Computer Support
    Replies:
    2
    Views:
    1,714
    Terry Pinnell
    Sep 15, 2004
  3. John

    All pictures are doubled up

    John, Jan 8, 2004, in forum: Digital Photography
    Replies:
    9
    Views:
    357
    ONEStar
    Jan 20, 2004
  4. Bolshoy Huy

    4mp doubled = 16mp!?

    Bolshoy Huy, Mar 21, 2006, in forum: Digital Photography
    Replies:
    22
    Views:
    869
    All Things Mopar
    Mar 22, 2006
  5. Rich

    What if Fuji doubled the sensor size?

    Rich, Apr 16, 2007, in forum: Digital Photography
    Replies:
    21
    Views:
    714
    AZ Nomad
    Apr 18, 2007
Loading...

Share This Page