[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-crypto
Subject:    Re: (AES) loopback crypto questions
From:       Dale Amon <amon () vnl ! com>
Date:       2001-07-11 17:40:45
[Download RAW message or body]

On Wed, Jul 11, 2001 at 07:24:53PM +0200, peter k. wrote:
> can a known plaintext attack be made impossible by creating 2 loopback
> crypto devices, one on the other one? for example:
> 

This boils down to f(k2, f(k1,x)) where x is the known
plaintext and k1 and k2 are the two symmetric keys.

You would need a real cryptographer to answer this
question. But I'll hazard a couple guesses and make
a few wild statements:

1) If there is known plaintext you always decrease the
security by some small amount.

2) Good ciphers depend on non-linearities, so even a totally
known plaintext probably does not hand you the original
key on a platter.

3) Encrypting sequentially with two different symmetric
keys of 256 bits will have an end result that has a
security of 256 <= equivkeysize <= 512.

Two is a copout that says I haven't a clue if it will
make it better, but I'm certain it won't be worse and
it's conceivable it could be as effective as doubling
the keysize and encrypting once.

This is all just my own mathematical intuition: you 
really need a mathematician to give a definitive answer.

-- 
------------------------------------------------------
Use Linux: A computer        Dale Amon, CEO/MD
is a terrible thing          Village Networking Ltd
to waste.                    Belfast, Northern Ireland
------------------------------------------------------

Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

[prev in list] [next in list] [prev in thread] [next in thread]