Debunking a Bogus Encryption Statement?

← Back to Stories (view on slashdot.org)

Debunking a Bogus Encryption Statement?

Posted by ryuzaki0 on Tuesday August 22, 2006 @02:45PM from the this-and-other-gems dept.

deviantphil asks: "Recently, a coworker tried to assert that encrypting a file twice with a 64 bit algorithm is equivalent to encrypting it once with a 128 bit algorithm. I know enough about encryption to know that isn't true, but I am having difficulties explaining why and how. Doesn't each pass of the encryption create a separate file header which makes this assertion untrue? Can anyone point me to references that would better help me explain this?" What other laughable claims have you heard attributed to encryption, and how were you able to properly lay them to rest?

2 of 215 comments (clear)

Min score:

Reason:

Sort:

Your keyspace wouldn't be that much bigger by Profane+MuthaFucka · 2006-08-22 14:54 · Score: 5, Insightful

Seems like encrypting twice with a 64-bit key just means that instead of breaking a 64-bit key once, you have to do it twice. That's like using a 65-bit key, instead of a 64-bit key. Every bit doubles your keyspace.

Plus, you have to realize that the amount of time needed to brute force a single key of a certain size goes up non-linearly with each additional bit. If you just double the number of times you encrypt, you're pretty much just increasing the effort to brute force the thing linearly.

--
Fascism trolls keeping me up every night. When I starts a preachin', he HITS ME WITH HIS REICH!
1. Re:Your keyspace wouldn't be that much bigger by Kadin2048 · 2006-08-22 16:16 · Score: 5, Insightful
  
  I think a big part of that comes down to the file headers and how you actually implement the cryptographic algorithms into a system.
  
  If you take a plaintext file and encrypt it into a file which has headers ("BEGIN ENCRYPTED CONTENT---"), and then encrypt the result again, assuming the attacker knows how you did it and that the intermediate file has plaintext headers, then they'll know the moment they broke the first 64-bit encryption layer. So in this example, you're basically at 65 bits.
  
  Now if you don't include any headers, so that there's no terribly good way to determine whether you've gotten the right key or not, as you're brute-forcing the first layer, then I think you're right -- the strength of the overall system is somewhere in a grey area between 65 and 128 bits.
  
  If someone was just thinking that they could use a file-encryption utility twice (which produces output files that have plaintext headers) and double the keyspace, they are dead wrong.
  
  --
  "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."