Geek Answers Handbook

Is there any benefit to encrypting twice with pgp?

I ask for a "safer" perspective. I can imagine a scenario with the two necessary secret keys needed for decryption scenarios that can make this attractive model. I believe that this does not add any additional security besides the need to compromise two different secret keys. I think that if it were more secure than encryption, then a million times would be the best way to protect information.

Update after a couple of years: As Rasmus Faber said, 3DES encryption was added to DESES encryption, which widely used DES encryption. Encryption twice using the same key suffers from Encounter in an average attack , while encryption for the third time really provides more security / p>

+6
security encryption pgp
source share
8 answers

I understand that it is more secure if you use different keys. But do not take my word for it. I am not a cryptanalyst. I don’t even play on TV.

The reason I understand that this is safer is because you use additional information for encoding (with both multiple keys and an unknown number of keys (unless you publish the fact that there are two).

Double encryption using the same key makes it easy to split many codes. I heard this for some codes, but I know this is true for ROT13 :-)

I think the security scheme used by Kerberos is better than simple double encryption.

In fact, they have one master key, the sole purpose of which is to encrypt the session key and use the entire master key. The session key is used to encrypt real traffic, and it has a limited lifespan. This has two advantages.

  • The evil guys don't have time to crack the session key, because by the time they succeed, these session keys are no longer in use.
  • The same villains do not get the opportunity to crack the master key simply because it is so rarely used (they would need a lot of encrypted packets to crack the key).

But, as I said, take this with plenty of salt. I do not work at the NSA. But then I had to tell you that even if I worked at the NSA. Oh no, you don’t hack me that easily, my pretty.

A semi-useful snippet: Kerberos (or Cerberus, depending on your line) is a mythological three-headed dog that guards the gates of Hell, a well-chosen talisman for this security protocol. This same dog is called "Fluffy" in the world of Harry Potter (I once had a girlfriend whose massive German shepherd was called Sugar, similarly named a beast).

+9
source share

It is safer, but not by much. The analogy with physical locks is pretty good. By putting two physical locks of the same type on the door, you guarantee that a thief who can choose one lock in five minutes should spend ten minutes. But you could be much better by buying a castle that was twice as expensive that a thief could not choose at all.

It works differently in cryptography: in general, you cannot guarantee that encryption twice makes it more than twice as difficult to break encryption. Therefore, if the NSA can usually decrypt your message in five minutes, with double encryption, they need ten minutes. You will probably be much better off, instead doubling the length of the key, which might make them take 100 years to break the encryption.

In some cases, it makes sense to repeat the encryption, but you need to work with math with a specific algorithm to prove it. For example, Triple-DES is basically DES repeated three times with three different keys (except that you encrypt-decrypt-encrypt, and not just encrypt three times). But it also shows how it works unintuitively, because while Triple-DES triple the number of ciphers, it doubles the effective key length of the DES algorithm.

+6
source share

Multiple-key encryption is more secure than single-key encryption; this is common sense.

My vote is that it does not add extra security

Not.

except the need to compromise two different private keys.

Yes, but you see that if you are encrypting something with two ciphers, each of which uses a different key, and one of the ciphers is weak and can be cracked, the second cipher must also be weak so that the attacker can recover something sometime.

+1
source share

Double encryption does not increase security.

There are two modes of using PGP: asymmetric (public key, private key for decryption) and symmetric (with a passphrase). In any mode, the message is encrypted with a session key, which is usually a randomly generated 128-bit number. The session key is then encrypted with a passphrase or public key.

There are two ways to decrypt a message. One of them is that the session key can be canceled. This will be either a brute force attack on the passphrase or an adversary who has your secret key. The second way is algorithmic weakness.

If the adversary can get your private key, then if you have two secret keys, the adversary will get both.

If an adversary can overdo your passphrase or catch it with a keystroke recorder, then an adversary can almost certainly get both of them.

If there is an algorithmic weakness, then it can be used twice.

So, although it may seem that double encryption helps, in practice it does not help against any real threat.

+1
source share

The answer, like most things, is "dependent on." In this case, it depends on how the encryption scheme is implemented.

In general, the use of double encryption with different keys increases security, but does not protect it, because of the meet-in-medium attack .

Basically, an attacker should not break all possible combinations of the first key and the second key (security square). They can break each key in turn (double security). This can be done twice as fast as breaking a single key.

Doubling the time it takes is not a significant improvement, as others have noted. If they can break 1 in 10 mines, they can break two in 20 miles, which is still entirely up to the possibility. What you really want is to increase security by an order of magnitude, so that instead of taking 10 minutes, it takes 1000 years. This is done by choosing the best encryption method that does not perform it twice.

The Wikipedia article describes this well.

+1
source share

Using brute force to break the encryption, the only way to find out that they have a key is when the document they decrypted makes sense. When a document is encrypted twice, it still looks like garbage, even if you have the correct key - therefore, you do not know that you have the correct key.

Is this too obvious or am I missing something?

0
source share

It depends on situation.

For those who have given poor comparisons, such as “door locks,” think twice before writing anything. This example is far from the reality of encryption. My road is better =)

When you wrap something, you can wrap it in two different ways, and it will become more secure from the outside ... true. Imagine that to get to your wrapped sandwich, instead of unwrapping it, you cut the wrapping material. Double packaging no longer makes sense; you get it.

-one
source share

WinRAR is VERY safe. There is a case where the government could not get into the files on the laptop worn by a guy from Canada. He used WinRAR. They tried to get him to give them a password, and he took 5th place. This was on appeal for 2 years, and the courts finally said that he did not need to speak (each court said that during this process). I could not believe that someone would even think that he could not accept the fifth. The government dismissed the case when they lost their appeal because they still hadn't cracked the files.

-3
source share

More articles:


All Articles