3

Recently I started wondering about multiple encryption and found pages upon pages of posts and debates about the security of cascades.

Now, don’t worry – I'm not looking for someone to discuss a homebrew cascade encryption scheme. What I do wonder about is the dangers of multiple layers of encryption.

I keep most of my sensitive files on a LUKS encrypted USB stick – and most of the files are encrypted themselves. There are AES encrypted password wallets, password protected LibreOffice documents (using AES if I have understood the documentation correctly) and lately I have been developing a growing folder of Camellia encrypted files (thanks to a colleague that discovered that GPG now included the cipher).

In short: does storing these encrypted files in an encrypted partition/folder create the same potential weaknesses as cascade encryption? If not, what about encrypting a .tar of encrypted documents?

Pardon my ignorance, and thank you in advance.

Mike Edward Moras
  • 18,161
  • 12
  • 87
  • 240
Aaron W.
  • 35
  • 4

1 Answers1

2

In short: does storing these encrypted files in an encrypted partition/folder create the same potential weaknesses as cascade encryption? If not, what of encrypting a .tar of encrypted documents?

An encrypted file inside an encrypted container is a cascade of ciphers, almost by definition.

Is that a problem? Not really. A cascade of ciphers shouldn't be weaker than a single layer of encryption, unless something is wrong – e.g. the keys are not independent.

Concerns about cascades are mostly theoretical – I wouldn't expect the cascade to ever be weaker when you have two different ciphers. There is no easy way to prove that for real world ciphers, however, and there's always the risk of sidechannel attacks and bugs, so it isn't something to recommend as a way to strengthen a system.

In your case it's still the best thing to do, since you don't want all those files to be visible decrypted when the filesystem is mounted.

Community
  • 1
otus
  • 32,462
  • 5
  • 75
  • 167