From: cactus@seabsd.hks.net (L. Todd Masco)
Date: Wed, 11 Jan 95 22:02:54 PST
To: cypherpunks@toad.com
Subject: Re: Multiple symetric cyphers
Message-ID: <199501120607.BAA19021@bb.hks.net>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

- -----BEGIN PGP SIGNED MESSAGE-----

In article <199501120502.VAA29808@largo.remailer.net>,
Eric Hughes <eric@remailer.net> wrote:
>   From: cactus@seabsd.hks.net (L. Todd Masco)
>
>   I'm wondering: would the strength be increased by using a randomly selected
>   symetric cypher? 
>
>Strength is not right aspect.  Global risk is reduced, simply because
>the aggregate cost of a breach is reduced.

Isn't it?  If an attacker does not know what cipher is used and breaking
each is computationally expensive (though not prohibitively so) doesn't
that add extra complexity?  IE, if cipher A, B, and C are attackable in
large but not prohibitive time, wouldn't an attacker have to spend more
cycles to break something that was randomly one of those?  I agree that
it's not a significantly large jump, but if an attacker has to go through
all the possibilities for A, B, before breaking something in C, it seems
that there's a small increase in strength (Not being argumentative,
really... I understand that this increase in strength isn't enough to
warrant any significant effort.  Just want to clarify the answer in
my mind).

>But selecting a single cipher is just as much a fixed policy as a
>randomly selected one is.  Far better to let the user pick a policy,
>both about sent and accepted ciphers.

Sure.  Ideally, a user could say "use A" or "use randomly A, C, or D" or
even "use A_x(C_x) or B_x(D_y)".   I'm not certain the "accept" is a great
idea, but what the hell... any theoretical general system should have
support for such a decision to be made, right?  As failure modes
multiply...

>   I guess this reduces to: do strong cyphers have "signatures" of some sort,
>   by which the type of encryption can be derived? 
>
>If they do, they're likely not _strong_ ciphers.

Great... that's the answer I was looking for, and what my gut feeling
was.  I'm trying to determine how much rope is too much for a first pass.

Related: is there, in general or in any known specific cases, any loss of
security in using sym. cipher A on ciphertext B (of another sym. cipher) with
the same key?  With different keys (I would think not, but I vaguely
remember mention of something here long ago)?
- - --
Todd Masco     | "life without caution/ the only worth living / love for a man/
cactus@hks.net |  love for a woman/ love for the facts/ protectless" - A Rich
Cactus' Homepage

- -----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBLxSMSBNhgovrPB7dAQECKQP/fqXwOcRmH6Z5dm8fsDnFzkCNyy5bc7Os
+/hWmyjlk6/qx2Ym0gvlIZaxMSVR68E1qQUaoiAaWY7SatskU8o6dZRI+SmON4NV
qSZnBh/+TnQwcTK0c0N+4m3Y8GhIk0ERX9modZfadv15Q07yfP7MXEj4yRQOse6e
WHmUg0WOhW4=
=GedZ
- -----END PGP SIGNATURE-----
- ---
[This message has been signed by an auto-signing service.  A valid signature
means only that it has been received at the address corresponding to the
signature and forwarded.]

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Gratis auto-signing service

iQBFAwUBLxTHISoZzwIn1bdtAQEUbAGAuX+ALOTHZkUd8vqsWzVZWKSKwnJ+03yW
alp18VGBGaM4PLQWU0OAFmbBP8wUxBEz
=U5tO
-----END PGP SIGNATURE-----