'Re: (AES) loopback crypto questions'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-crypto
Subject:    Re: (AES) loopback crypto questions
From:       Dale Amon <amon () vnl ! com>
Date:       2001-07-12 10:13:43
[Download RAW message or body]

> Stephen wrote:
> On Wed, Jul 11, 2001 at 06:40:45PM +0100, Dale Amon wrote:
> > 3) Encrypting sequentially with two different symmetric
> > keys of 256 bits will have an end result that has a
> > security of 256 <= equivkeysize <= 512.
> 
> The worst (and most obvious) example would be two algorithms X, Y where
> X(P) -> C
> and
> Y(C) -> P
> 

First, I'm finding this one of the more interesting discussions
that I've seen here, so in that spirit of friendly (and
perhaps insufficiently knowledgeable) argument for the fun of it...

Not to disagree too much, but I was assuming

	y = f(k1,f(k2,x)

where k1 != k2 and f(k,x) is the same in both cases. I
avoided  saying 

	y = f(k, g(k,x))

because as you point out, you can define f and g as 
inverses. I am also assuming symmetric keys.

Most writers seem to be saying that reapplication of the
same algorithm gains you 1b. I'm not sure I followed why
any of the common ciphers would lose bits by applying
them twice with different keys.

I accept that mainstream ciphers are fairly immune to
a known plaintext attack; I do know there was some 
discussion of this sort of attack against DES some
years back that put banks at risk.

Can you really say with confidence that if an attacker
knows a few megabytes of content on your encrypted disk
that they actually gain zero information about the
encryption key? Is this mathematically provable?

I'm not even suggesting enough information to break the
key, only whether the search space of possible values has
been constrained in any way at all.

-- 
------------------------------------------------------
Use Linux: A computer        Dale Amon, CEO/MD
is a terrible thing          Village Networking Ltd
to waste.                    Belfast, Northern Ireland
------------------------------------------------------

Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic