3

In terms of security, would it be MORE or LESS secure to take, say, an RC4 output (or Serpent) or other, that is encrypted with one key, and to encrypt that output with AES (using a different key)?

> $Data -> Serpent ->  key: $s_key = HASH_HMAC(sha256, "1st Key" .
> $salt1, "HMAC KEY1") = $S_Output
> 
> $S_Output -> Rijndael (AES) -> key: $aes_key = HASH_HMAC(sha256, "2nd
> Key" . $salt1 . $s_key . $salt2, "HMAC KEY2") = $AES_Output

As long as I'm using good hashes as keys, would this be MORE secure than using a single key with AES? Is there a risk of the two ciphers colliding in some fashion? If so, would using a stream cipher instead of another xor-type cipher avoid this?

P.S. THIS IS PSUEDO-CODE -- I will be using truly random salts and keys for my data i.e. mcrypt / openssl

I will be using a software based token system like the RSA SecurID that is on a fingerprint-secured thumbdrive that opens a self-contained browser. Each keyholder has a 512 bit has to open the soft-token automatically. Once the token is posted to the auth site, it gives the pair (two people) 90 min to enter the keys.

Repeat the same thing for user# 2 with the second key.

AND THE REAL KICKER -- aside from the php thumb drive token gen, THIS HAS TO RUN ON PHP, killing the possibility of many other libs that are ideal.

Basically, two biometric token systems + two passphrases within 90 mins decrypts the file. But better to use Serpent + AES, AES + AES, or TWOFISH + AES?

Jeremy P
  • 79
  • 2
  • 5

2 Answers2

7

I don't think it's a bad idea - neither does Bruce Schneier. In his book Applied Cryptography, there is a section called "Cascading Multiple Block Algorithms". He basically states that provided that two distinct algorithms and two independent keys are used, then the result should be at least as difficult to break as the strongest algorithm.

If Alice and Bob do not trust each other’s algorithms, they can use a cascade. If these are stream algorithms, the order doesn’t matter. If they are block algorithms, Alice can first use Algorithm A and then use Algorithm B. Bob, who trusts Algorithm B more, can use Algorithm B followed by Algorithm A. They might even add a good stream cipher between the two algorithms; it can’t hurt and could very well increase security.

Remember that the keys for each algorithm in the cascade must be independent. If Algorithm A has a 64-bit key and Algorithm B has a 128-bit key, then the resultant cascade must have a 192-bit key. If you don’t use independent keys, then the pessimists are much more likely to be right.

Community
  • 1
hunter
  • 4,051
  • 6
  • 29
  • 42
3

An adversary would have to first break the first scheme and then the second, so in concrete terms there is slightly added security.If it takes time $2^{80}$ to break each scheme independently, it now takes time $2^{81}$ to break both encryptions. So there is minimal added security.

In computational terms, assuming the key-size are similar, this wouldn't add security. Say you are using a key of size $k$ for both and that each scheme can be broken in time $2^k$. To break both you need $2*2^k=2^{k+1}$ time and the same class of adversaries that can break the first can break the second.

user4544
  • 53
  • 5