From: "John Kelsey" <kelsey@plnet.net>
Date: Sun, 1 Feb 1998 15:11:34 +0800
To: "cypherpunks" <cypherpunks@Algebra.COM>
Subject: Re: Chaining ciphers
Message-ID: <199802010705.BAA20059@email.plnet.net>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

[ To: Cypherpunks ## Date: 01/30/98 ##
  Subject: Re: Chaining ciphers ]

>Date: Thu, 29 Jan 98 09:47:52 PST
>From: jim@mentat.com (Jim Gillogly)
>Subject: Re: Chaining ciphers

>Yes, that's definitely better for high-confidence long-term
>archival stuff than relying on one cipher.  Carl Ellison's
>suggestion was DES | tran | nDES | tran | DES, where "tran"
>is an unkeyed large-block transposition.

I believe Dave Wagner broke this, and posted his attack to
cypherpunks, a few months ago; if I recall correctly, his
attack reduced the final security of this to that of a
little more than one DES operation.  (The attack worked when
n=1.)  This reenforces what we already knew:  When you chain
multiple encryption algorithms, you can prove that your
result is no *weaker* than any one of those algorithms, but
that doesn't mean it's any *stronger* than the strongest of
them.

>	Jim Gillogly
>	Trewesday, 8 Solmath S.R. 1998, 17:22
>	12.19.4.15.18, 9 Edznab 16 Muan, Third Lord of Night

- --John Kelsey, kelsey@counterpane.com / kelsey@plnet.net
NEW PGP print =  5D91 6F57 2646 83F9 6D7F 9C87 886D 88AF

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNNQz8yZv+/Ry/LrBAQGuAQP/fbUH4GeY5MJ9McLcgt6siGofTd9ZskYz
vl1DBVv3TNbOhdoSU4MH8OesCxckc+7vHbBHawxP/FzeDysAGrtVnjvAsyKKglAL
aIVQp3qQlCpbtEgKj9z5AZZbilipnpB+/2X6BSaradfreCRUk7N6sKcigITD2HSE
KREbqrftNK4=
=wWQS
-----END PGP SIGNATURE-----