Find solution
what encryption is used?

Cryptography: How can encryption be broken if standard methods are used two or more times on the same text?

  • I have anything but a deep understanding of cryptography.  It appears from what I read that orgaizations like the NSA use powerful computers to undertake brute force attacks, and that the way they know when the succeed is that the output looks like text instead of gibberish.  It seems to me that if a document were encrypted and then the encrypted document encrypted again, that it would not be possible to recognise when the first level of encryption had been broken because the output would still look like gibberish.  I am fairly sure that there is a flaw in this thinking.  What is the flaw?  How does it really work?

  • Answer:

    In short: layering would make it harder to break that part of the crypto by brute force, but it's probably not the weak link anyway. Most symmetric ciphers are already repeated several times.  AES internally does the same thing 10-14 times depending on strength.  Serpent does something else 32 times, and so on.  Doing one of these things more times, or alternating between them, would make a direct attack on the cipher more difficult at the cost of making it slower.  But this sort of attack is already very hard.  Nobody in the public sector knows how to break AES.  Even if NSA can break it, they'll try something easier first. The main questions are, how did you generate the key for AES or Serpent or whatever, how did the other party get it, and are the computers both parties used secure?  If your encryption program derived the key from a password, then the attacker could just guess that password.  If all the encryption layers are keyed on that password, then every one of them will fall at once. Likewise, if you generated the key at random, and your random number generator is weak or has a backdoor in it, then all your encryption falls at once. Maybe you sent the key to the other party by encrypting it with a public-key cryptosystem like RSA.  Then if the attacker knows his public key, she has a straightforward math problem to solve (eg factoring).  If the public key is too short or the attacker knows more about how to attack it than the outside world, then your message could be compromised there. Or the attacker could pose as a legitimate recipient ("man in the middle"), or she could have a backdoor in your computer or your partner's computer.  Or she could use a side channel based on the noise your computer makes while it's encrypting.  The point is, the symmetric stuff is usually not the weak link. Counterexample: RC4 is now considered broken, and could be the weak link all by itself. Edits: wordsmithing; add summary and counterexample.

Michael Hamburg at Quora Visit the source

Was this solution helpful to you?

Other answers

As Michael points out, it depends on what encryption you are using. Depending on the system and keys you use, you might end up with a worse encryption than before. The most obvious example is ROT13 of course - doing it twice doesn't mean it's twice as safe ;-) Similarly, any Caesar cipher you do twice with different keys equates to doing it once with a different key... The same can happen with transposition ciphers, given the right key.

Juergen Nieveler

Related Q & A:

Just Added Q & A:

Find solution

For every problem there is a solution! Proved by Solucija.

  • Got an issue and looking for advice?

  • Ask Solucija to search every corner of the Web for help.

  • Get workable solutions and helpful tips in a moment.

Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.