Double Encryption

4

A colleague told me that he created a crypto class that implements 4 algorithms:

TripleDESCryptoServiceProvider Class

DESCryptoServiceProvider Class

RC2CryptoServiceProvider Class

RijndaelManaged Class

He told me that he did, or would, encrypt the other, for example:

  • would receive a text, would encrypt with the first algorithm
  • would get the encrypted result, and would encrypt with a second algorithm

On hearing this, I find it somewhat strange. I've never heard anything like it before. I researched some terms in English and found nothing. I wondered if this would be more of a hassle in trying to create a new encryption, or if it would be something well thought out that would really be difficult to break.

I think it will not be so performative because it has to process two encryptions. Is using this technique enhances security, or is it correct to choose only one algorithm?

    
asked by anonymous 04.01.2017 / 17:56

1 answer

5

This is called cascade encryption ( cascade encryption ), and is rather used in real systems (for example, the Truecrypt system offers the option of using up to 3 different algorithms - AES, Twofish and Serpent - including in different orders). The idea is that if one or more algorithms are broken in the future, it is more likely that at least one of them will remain secure, and so the array will remain intact.

Note: It is very important that each algorithm be used with a distinct key, generated independently of the others. Otherwise breaking any of them could reveal the key corresponding to the attacker, and then it would be enough to use that key to decipher the others, without needing to break them either.

On performance, in fact it is a slower solution than using a single algorithm, and in the absence of a cryptographic break provides no additional protection over using a single algorithm. A cost / benefit analysis is needed to decide whether to use or not to use, and this varies from case to case. In my personal experience, a 3-layer protected "virtual hard disk" did not degrade performance perceptibly, at least for a moderate volume of hits (disk creation, however, took several hours longer than using a single algorithm ).

    
28.03.2017 / 06:47