Double encryption

This topic was created by LeeE .

  1. Anonymous Coward
    Anonymous Coward

    Double encryption

    As I understand it, the idea behind strong encryption is that the keys should be unbreakable, so a single key should be sufficient but if that key becomes compromised then you're stuffed.

    So, just asking out of curiosity, would double encrypting data, with two different keys i.e. encrypting the data with one key and then encrypting that encrypted data once more, with another different key provide protection against the compromise of one of the keys?

    It seems to me that it should but it's not an area in which I've much experience.

  2. steve-b

    check out the wiki article on 3des encryption. It's probably applicable to any type of encryption.

    It mentions that double encryption is not as strong as you would think, and goes on to explain the thinking behind 3des: encrypt with key 1, decrypt with key 2, encrypt with key 3.

    1. Anonymous Coward
      Anonymous Coward

      Ta - will have a read.

  3. patrickstar

    The keyspace doesn't increase as much as you'd expect (if you encrypt with two 128 bit ciphers in sequence, you need 2**129 steps to bruteforce it, not 2**256 as with a single 256 bit key), but it does indeed protect against one of the keys getting compromised.

    Potentially, at least, as chances are any attack that lets you read out one of the keys would let you read out both. I'd imagine you'd need two entirely separate sets of hardware for each key storage and encryption, without any commonalities.

    Another variant on this theme is "splitting" a key into multiple parts to avoid it getting compromised in transit or by a single person. I say "splitting", because it's generally done by generating several different random values, each the length of the final key, and then XORing them together to get the actual key used for encryption. This way, having anything except all "parts" doesn't give you any information about the actual key.

    This is how the keys for transmitting the encrypted PIN are traditionally loaded into ATMs, for example.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021