Is layered encryption more secure than long passwords?Is there a limit on the layers of encryption a file can...
How does a single engine tail wheel landing gear airplane turn when it is on the ground?
Sci fi book, man buys a beat up spaceship and intervenes in a civil war on a planet and eventually becomes a space cop
Ethernet cable only works in certain positions
Mathematica seems confused about Kilograms vs KilogramsForce
Workplace intimidation due to child's chronic health condition
What prevents people from lying about where they live in order to reduce state income taxes?
Why Third 'Reich'? Why is 'reich' not translated when 'third' is? What is the English synonym of reich?
Manager has noticed coworker's excessive breaks. Should I warn him?
Headless horseman claims new head
How to write a character overlapping another character
How can I ensure that advanced technology remains in the hands of the superhero community?
Father gets chickenpox, but doesn't infect his two children. How is this possible?
Does an increasing sequence of reals converge if the difference of consecutive terms approaches zero?
Why are recumbent bicycles and velomobiles illegal in UCI bicycle racing?
Why does finding small effects in large studies indicate publication bias?
Rigorous Geometric Proof That dA=rdrdθ?
Is it appropriate to give a culturally-traditional gift to a female coworker?
Is the following statement true, false, or can't be determined? Why?
Why is Bernie Sanders maximum accepted donation on actblue 5600$?
Can a rabbi conduct a marriage if the bride is already pregnant from the groom?
If an area is covered in both Ball Bearings and Caltrops, does the creature need to move at half speed or quarter speed to avoid both their effects?
How do I add numbers from two txt files with Bash?
Would life expectancy increase if we replaced healthy organs with artificial ones?
Is it possible to detect 100% of SQLi with a simple regex?
Is layered encryption more secure than long passwords?
Is there a limit on the layers of encryption a file can have?Using dynamic keysSecurity of PGP for Long-Term StorageHow secure is GPG symmetric encryption?How to Conceal/Detect PGP Symmetric Algorithm UsedSecure self-concealing symmetric encryption (non-verifiable decryption)?OpenPGP (RFC4880) - do you agree with my SimpleS2K (string-to-key) implementation?What is the most robust available algo for GPG symmetric encryption?Seeking Review for Authentication and Message Encryption ApproachSecurely storing AES key with public key cryptographyIs there a limit on the layers of encryption a file can have?
The comments in this question debate about the added security of multi-layered encryption. There seems to be some disagreement, and I thought a proper question would be helpful here.
So, to provide some common background, consider the following two scenarios:
I apply symmetric encryption to a given file, as follows:
gpg --symmetric --cipher-algo AES256 my_file.txt
to which I add the password "mydogisamazing"
I apply four layers of encryption to a given file, as follows:
gpg --symmetric --cipher-algo AES256 my_file.txt
gpg --symmetric --cipher-algo AES256 my_file.txt.gpg
gpg --symmetric --cipher-algo AES256 my_file.txt.gpg.gpg
gpg --symmetric --cipher-algo AES256 my_file.txt.gpg.gpg.gpg
where the passwords supply to each are, respectively: "amazing" "is" "dog" "my" (so, when I decrypt all the layers, I have entered "my" "dog" "is" "amazing")
Is option 2 more secure than option 1? Knowing almost nothing about encryption security, it seems to me it is, because anyone wanting to break in would have to run some password algorithm four times, whereas in option 1 the algorithm needs to be run 1 time only. What if different chiper-algo were used instead of the same?
All in all, it seems also obvious to me that the answer does depend on the nature of the passwords. For instance, if I have 15 layers of encryption and each layer's password is merely one letter, it seems "trivial" to break the code.
encryption gnupg
asked 7 hours ago
luchonacholuchonacho
6451312
add a comment |
The comments in this question debate about the added security of multi-layered encryption. There seems to be some disagreement, and I thought a proper question would be helpful here.
So, to provide some common background, consider the following two scenarios:
I apply symmetric encryption to a given file, as follows:
gpg --symmetric --cipher-algo AES256 my_file.txt
to which I add the password "mydogisamazing"
I apply four layers of encryption to a given file, as follows:
gpg --symmetric --cipher-algo AES256 my_file.txt
gpg --symmetric --cipher-algo AES256 my_file.txt.gpg
gpg --symmetric --cipher-algo AES256 my_file.txt.gpg.gpg
gpg --symmetric --cipher-algo AES256 my_file.txt.gpg.gpg.gpg
where the passwords supply to each are, respectively: "amazing" "is" "dog" "my" (so, when I decrypt all the layers, I have entered "my" "dog" "is" "amazing")
Is option 2 more secure than option 1? Knowing almost nothing about encryption security, it seems to me it is, because anyone wanting to break in would have to run some password algorithm four times, whereas in option 1 the algorithm needs to be run 1 time only. What if different chiper-algo were used instead of the same?
All in all, it seems also obvious to me that the answer does depend on the nature of the passwords. For instance, if I have 15 layers of encryption and each layer's password is merely one letter, it seems "trivial" to break the code.
encryption gnupg
asked 7 hours ago
luchonacholuchonacho
6451312
5
If you were playing Hangman, which would be harder? Guessing the word one letter at a time, or guessing the entire word each time?
– John Wu
2 hours ago
add a comment |
The comments in this question debate about the added security of multi-layered encryption. There seems to be some disagreement, and I thought a proper question would be helpful here.
So, to provide some common background, consider the following two scenarios:
I apply symmetric encryption to a given file, as follows:
gpg --symmetric --cipher-algo AES256 my_file.txt
to which I add the password "mydogisamazing"
I apply four layers of encryption to a given file, as follows:
gpg --symmetric --cipher-algo AES256 my_file.txt
gpg --symmetric --cipher-algo AES256 my_file.txt.gpg
gpg --symmetric --cipher-algo AES256 my_file.txt.gpg.gpg
gpg --symmetric --cipher-algo AES256 my_file.txt.gpg.gpg.gpg
where the passwords supply to each are, respectively: "amazing" "is" "dog" "my" (so, when I decrypt all the layers, I have entered "my" "dog" "is" "amazing")
Is option 2 more secure than option 1? Knowing almost nothing about encryption security, it seems to me it is, because anyone wanting to break in would have to run some password algorithm four times, whereas in option 1 the algorithm needs to be run 1 time only. What if different chiper-algo were used instead of the same?
All in all, it seems also obvious to me that the answer does depend on the nature of the passwords. For instance, if I have 15 layers of encryption and each layer's password is merely one letter, it seems "trivial" to break the code.
encryption gnupg
asked 7 hours ago
luchonacholuchonacho
6451312
The comments in this question debate about the added security of multi-layered encryption. There seems to be some disagreement, and I thought a proper question would be helpful here.
So, to provide some common background, consider the following two scenarios:
I apply symmetric encryption to a given file, as follows:
gpg --symmetric --cipher-algo AES256 my_file.txt
to which I add the password "mydogisamazing"
I apply four layers of encryption to a given file, as follows:
gpg --symmetric --cipher-algo AES256 my_file.txt
gpg --symmetric --cipher-algo AES256 my_file.txt.gpg
gpg --symmetric --cipher-algo AES256 my_file.txt.gpg.gpg
gpg --symmetric --cipher-algo AES256 my_file.txt.gpg.gpg.gpg
where the passwords supply to each are, respectively: "amazing" "is" "dog" "my" (so, when I decrypt all the layers, I have entered "my" "dog" "is" "amazing")
Is option 2 more secure than option 1? Knowing almost nothing about encryption security, it seems to me it is, because anyone wanting to break in would have to run some password algorithm four times, whereas in option 1 the algorithm needs to be run 1 time only. What if different chiper-algo were used instead of the same?
All in all, it seems also obvious to me that the answer does depend on the nature of the passwords. For instance, if I have 15 layers of encryption and each layer's password is merely one letter, it seems "trivial" to break the code.
encryption gnupg
encryption gnupg
asked 7 hours ago
luchonacholuchonacho
6451312
asked 7 hours ago
luchonacholuchonacho
6451312
asked 7 hours ago
luchonacholuchonacho
6451312
asked 7 hours ago
luchonacholuchonacho
6451312
asked 7 hours ago
luchonacholuchonacho
6451312
6451312
5
If you were playing Hangman, which would be harder? Guessing the word one letter at a time, or guessing the entire word each time?
– John Wu
2 hours ago
add a comment |
5
If you were playing Hangman, which would be harder? Guessing the word one letter at a time, or guessing the entire word each time?
– John Wu
2 hours ago
5
5
If you were playing Hangman, which would be harder? Guessing the word one letter at a time, or guessing the entire word each time?
– John Wu
2 hours ago
If you were playing Hangman, which would be harder? Guessing the word one letter at a time, or guessing the entire word each time?
– John Wu
2 hours ago
add a comment |
4 Answers
4
active
oldest
votes
Option 1 is more secure. In option 2, we can guess each word seperately. When we guess "amazing", we get confirmation that this word is correct and we can continue to the second word. In option 1, we have to guess all four words at the same time.
You may think that one GPG offers some security, and four GPGs offer four times that security, but it doesn't work like that. GPG offers near total security, and applying it more times does not improve security.
There are uses for applying encryption multiple times, for example when both signing and encrypting, or when encrypting for multiple parties. However, encrypting things several times does not in general makes them several times more secure.
answered 6 hours ago
SjoerdSjoerd
18.8k84361
3
In addition, even if you assumed that correct intermediate decryptions are near indistinguishable from random until you have all passwords correct (making it harder to guess partial passwords), it's still weaker due to meet-in-the-middle attacks.
– Natanael
6 hours ago
5
@luchonacho the reason is that you only double the security AT MOST, it is NOT exponentially increased. Every additional random character in the password does however MORE than double the difficulty to crack the password.
– Natanael
5 hours ago
1
@luchonacho There's a scale you're just not comprehending - 4 vs 1 sounds good, but the 4 are vastly smaller than the 1. Assuming just lowercase alphabet, there are 26^8 possible 8-letter passwords. If I have to guess 4 2-letter passwords though, 26^2^4 is the ideal case - equivalent iff intermediate steps are indistinguishable from garbage. Meet-in-the-middle attacks make it so that even this "best case" of needing to guess the same number of passwords takes less time by storing intermediate values. Wikipedia has a better explanation.
– Delioth
4 hours ago
1
@Natanael Goodluck with the IV's of the middle layers for meet-in-the-middle-attack. Also, Weiner showed that double encryption is more secure than the single of course not by 2-times.
– kelalaka
4 hours ago
1
Are there encryption schemes where you cannot confirm if a guess was correct? I imagine being able to confirm a guess was correct when deciphering AES has to do with padding.
– Vaelus
1 hour ago
|
show 2 more comments
This doesn't add security, but makes it easier to guess the passphrase one word at a time (N⁴ vs. N+N+N+N, where N is the symbol count of the word list). Even when you encrypt a file or a message to multiple recipients using PGP, the payload is encrypted only once using symmetric encryption, and then the key for that is encrypted separately for every recipient. This way every recipient has equal access to the payload without multiplying the message size.
What you suggest might be useful in two scenarios, but all the passphrases should be strong in themselves.
You have to send a file to someone using a symmetric encryption, but you don't have a channel for trustworthy key exchange. You could send the passphrase for one layer using email, for second layer using SMS and for third layer using mail. Any of these could be stolen, but it's way harder to steal them all.
You have information for a group of people you can't meet, but no-one should know it before the others. You send them all the encrypted file containing the information, but a different password to each. Now they need to be together to reveal the contents. That's a fair way to leave inheritance as a Bitcoin wallet!
answered 6 hours ago
Esa JokinenEsa Jokinen
1,53149
6
Worth noting: The split-key group scenario is more versatilely accomplished with Shamir's Secret Sharing.
– Michael
4 hours ago
add a comment |
Another perspective to what the others said (that guessing single words 4 times is much less expensive than guessing a combination of 4 words at once):
In cryptography, there is the concept of having completely open algorithms, and completely closed secrets. As long as the secret stays (sic!) secret, it does not matter whether the attacker knows anything at all about the algorithm. This is the opposite of "security by obscurity", and it is well. It means that you can put up the algorithm to the scrutiny of the whole world (quite literally, in a popular scheme like AES) without compromising anything.
The algorithm "just" needs to be uncrackable; you need to convince yourself that there is neither an algorithmic or a brute force way to crack it. If you can come to that conclusion, then you're finished, and only need to care about your secret. You and me probably cannot analyze AES to this extent, but we can decide that having it an open/public algorithm with great exposure to many presumably "good" cryptanalysts makes it safe enough for us.
So. Assume you have such an algorithm. By definition, once you have a safe password, it is 100%, perfectly safe (until someone discovers a crack in the algorithm or creates a computer fast enough - both of which does, of course happen regularly, e.g., MD5).
Anything you do with the algorithm afterwards would need very thorough inspection by a large community of cryptologists. Your proposed "repeat AES 4 times" algorithm is a completely new thing. Throw it to the community (like you did here), and people immediately find weaknesses. That's why you don't (as a layman, or as a lone programmer in some company) fool around with the algorithm, and don't ever bother with security by obscurity.
In this particular case: if applying AES 4 times would increase security, then AES would already do that. This would be such a trivial change compared to the complexity of the field.
answered 3 hours ago
AnoEAnoE
2,1121311
add a comment |
Imagine a Hollywood film where they're cracking a password or a security code, with all the spinning digits on a fancy UI, and they have elite hackers who crack one digit of the code at a time, and the good guys have to work to blow up the hackers' computer or something before they crack that last digit. Of course, in real life it isn't like that — for a reasonably secure system, you basically either know you've got the right password, or you know you've not got the right password — there's no way to see if a password is in any way "close".
What you've suggested is making your security system work like the ones in Hollywood. An attacker would be able to run a trivial dictionary attack on your encryption, and know that they've successfully decrypted the first layer immediately. They could then simply repeat this four times to recover the file. By comparison, running a trivial dictionary attack wouldn't discover your "mydogisamazing" password, and there would be absolutely no indication when the word "my" came up in their attack that this was "close" to the final password.
answered 3 hours ago
MuzerMuzer
1512
New contributor
Muzer is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
3
Collecting IVs from a WEP protected wireless network is a real life situation that works similarly to these Hollywood movie scenes, though. Likewise, it has nothing to do with password strength, but looks cool on the screen.
– Esa Jokinen
3 hours ago
@EsaJokinen agreed, but hence "for a reasonably secure system" - wired equivalent privacy my arse!
– Muzer
2 hours ago
It's equivalent to zero privacy.
– Esa Jokinen
2 hours ago
1
running a trivial dictionary attack wouldn't discover your "mydogisamazing" password Well, according to haveibeenpwned.com, "mydogisamazing" appeared three times in password breaks already ...
– Dubu
2 hours ago
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f203830%2fis-layered-encryption-more-secure-than-long-passwords%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
Option 1 is more secure. In option 2, we can guess each word seperately. When we guess "amazing", we get confirmation that this word is correct and we can continue to the second word. In option 1, we have to guess all four words at the same time.
You may think that one GPG offers some security, and four GPGs offer four times that security, but it doesn't work like that. GPG offers near total security, and applying it more times does not improve security.
There are uses for applying encryption multiple times, for example when both signing and encrypting, or when encrypting for multiple parties. However, encrypting things several times does not in general makes them several times more secure.
answered 6 hours ago
SjoerdSjoerd
18.8k84361
3
In addition, even if you assumed that correct intermediate decryptions are near indistinguishable from random until you have all passwords correct (making it harder to guess partial passwords), it's still weaker due to meet-in-the-middle attacks.
– Natanael
6 hours ago
5
@luchonacho the reason is that you only double the security AT MOST, it is NOT exponentially increased. Every additional random character in the password does however MORE than double the difficulty to crack the password.
– Natanael
5 hours ago
1
@luchonacho There's a scale you're just not comprehending - 4 vs 1 sounds good, but the 4 are vastly smaller than the 1. Assuming just lowercase alphabet, there are 26^8 possible 8-letter passwords. If I have to guess 4 2-letter passwords though, 26^2^4 is the ideal case - equivalent iff intermediate steps are indistinguishable from garbage. Meet-in-the-middle attacks make it so that even this "best case" of needing to guess the same number of passwords takes less time by storing intermediate values. Wikipedia has a better explanation.
– Delioth
4 hours ago
1
@Natanael Goodluck with the IV's of the middle layers for meet-in-the-middle-attack. Also, Weiner showed that double encryption is more secure than the single of course not by 2-times.
– kelalaka
4 hours ago
1
Are there encryption schemes where you cannot confirm if a guess was correct? I imagine being able to confirm a guess was correct when deciphering AES has to do with padding.
– Vaelus
1 hour ago
|
show 2 more comments
Option 1 is more secure. In option 2, we can guess each word seperately. When we guess "amazing", we get confirmation that this word is correct and we can continue to the second word. In option 1, we have to guess all four words at the same time.
You may think that one GPG offers some security, and four GPGs offer four times that security, but it doesn't work like that. GPG offers near total security, and applying it more times does not improve security.
There are uses for applying encryption multiple times, for example when both signing and encrypting, or when encrypting for multiple parties. However, encrypting things several times does not in general makes them several times more secure.
answered 6 hours ago
SjoerdSjoerd
18.8k84361
3
In addition, even if you assumed that correct intermediate decryptions are near indistinguishable from random until you have all passwords correct (making it harder to guess partial passwords), it's still weaker due to meet-in-the-middle attacks.
– Natanael
6 hours ago
5
@luchonacho the reason is that you only double the security AT MOST, it is NOT exponentially increased. Every additional random character in the password does however MORE than double the difficulty to crack the password.
– Natanael
5 hours ago
1
@luchonacho There's a scale you're just not comprehending - 4 vs 1 sounds good, but the 4 are vastly smaller than the 1. Assuming just lowercase alphabet, there are 26^8 possible 8-letter passwords. If I have to guess 4 2-letter passwords though, 26^2^4 is the ideal case - equivalent iff intermediate steps are indistinguishable from garbage. Meet-in-the-middle attacks make it so that even this "best case" of needing to guess the same number of passwords takes less time by storing intermediate values. Wikipedia has a better explanation.
– Delioth
4 hours ago
1
@Natanael Goodluck with the IV's of the middle layers for meet-in-the-middle-attack. Also, Weiner showed that double encryption is more secure than the single of course not by 2-times.
– kelalaka
4 hours ago
1
Are there encryption schemes where you cannot confirm if a guess was correct? I imagine being able to confirm a guess was correct when deciphering AES has to do with padding.
– Vaelus
1 hour ago
|
show 2 more comments
Option 1 is more secure. In option 2, we can guess each word seperately. When we guess "amazing", we get confirmation that this word is correct and we can continue to the second word. In option 1, we have to guess all four words at the same time.
You may think that one GPG offers some security, and four GPGs offer four times that security, but it doesn't work like that. GPG offers near total security, and applying it more times does not improve security.
There are uses for applying encryption multiple times, for example when both signing and encrypting, or when encrypting for multiple parties. However, encrypting things several times does not in general makes them several times more secure.
answered 6 hours ago
SjoerdSjoerd
18.8k84361
Option 1 is more secure. In option 2, we can guess each word seperately. When we guess "amazing", we get confirmation that this word is correct and we can continue to the second word. In option 1, we have to guess all four words at the same time.
You may think that one GPG offers some security, and four GPGs offer four times that security, but it doesn't work like that. GPG offers near total security, and applying it more times does not improve security.
There are uses for applying encryption multiple times, for example when both signing and encrypting, or when encrypting for multiple parties. However, encrypting things several times does not in general makes them several times more secure.
answered 6 hours ago
SjoerdSjoerd
18.8k84361
answered 6 hours ago
SjoerdSjoerd
18.8k84361
answered 6 hours ago
SjoerdSjoerd
18.8k84361
answered 6 hours ago
SjoerdSjoerd
18.8k84361
18.8k84361
3
In addition, even if you assumed that correct intermediate decryptions are near indistinguishable from random until you have all passwords correct (making it harder to guess partial passwords), it's still weaker due to meet-in-the-middle attacks.
– Natanael
6 hours ago
5
@luchonacho the reason is that you only double the security AT MOST, it is NOT exponentially increased. Every additional random character in the password does however MORE than double the difficulty to crack the password.
– Natanael
5 hours ago
1
@luchonacho There's a scale you're just not comprehending - 4 vs 1 sounds good, but the 4 are vastly smaller than the 1. Assuming just lowercase alphabet, there are 26^8 possible 8-letter passwords. If I have to guess 4 2-letter passwords though, 26^2^4 is the ideal case - equivalent iff intermediate steps are indistinguishable from garbage. Meet-in-the-middle attacks make it so that even this "best case" of needing to guess the same number of passwords takes less time by storing intermediate values. Wikipedia has a better explanation.
– Delioth
4 hours ago
1
@Natanael Goodluck with the IV's of the middle layers for meet-in-the-middle-attack. Also, Weiner showed that double encryption is more secure than the single of course not by 2-times.
– kelalaka
4 hours ago
1
Are there encryption schemes where you cannot confirm if a guess was correct? I imagine being able to confirm a guess was correct when deciphering AES has to do with padding.
– Vaelus
1 hour ago
|
show 2 more comments
3
In addition, even if you assumed that correct intermediate decryptions are near indistinguishable from random until you have all passwords correct (making it harder to guess partial passwords), it's still weaker due to meet-in-the-middle attacks.
– Natanael
6 hours ago
5
@luchonacho the reason is that you only double the security AT MOST, it is NOT exponentially increased. Every additional random character in the password does however MORE than double the difficulty to crack the password.
– Natanael
5 hours ago
1
@luchonacho There's a scale you're just not comprehending - 4 vs 1 sounds good, but the 4 are vastly smaller than the 1. Assuming just lowercase alphabet, there are 26^8 possible 8-letter passwords. If I have to guess 4 2-letter passwords though, 26^2^4 is the ideal case - equivalent iff intermediate steps are indistinguishable from garbage. Meet-in-the-middle attacks make it so that even this "best case" of needing to guess the same number of passwords takes less time by storing intermediate values. Wikipedia has a better explanation.
– Delioth
4 hours ago
1
@Natanael Goodluck with the IV's of the middle layers for meet-in-the-middle-attack. Also, Weiner showed that double encryption is more secure than the single of course not by 2-times.
– kelalaka
4 hours ago
1
Are there encryption schemes where you cannot confirm if a guess was correct? I imagine being able to confirm a guess was correct when deciphering AES has to do with padding.
– Vaelus
1 hour ago
3
3
In addition, even if you assumed that correct intermediate decryptions are near indistinguishable from random until you have all passwords correct (making it harder to guess partial passwords), it's still weaker due to meet-in-the-middle attacks.
– Natanael
6 hours ago
In addition, even if you assumed that correct intermediate decryptions are near indistinguishable from random until you have all passwords correct (making it harder to guess partial passwords), it's still weaker due to meet-in-the-middle attacks.
– Natanael
6 hours ago
5
5
@luchonacho the reason is that you only double the security AT MOST, it is NOT exponentially increased. Every additional random character in the password does however MORE than double the difficulty to crack the password.
– Natanael
5 hours ago
@luchonacho the reason is that you only double the security AT MOST, it is NOT exponentially increased. Every additional random character in the password does however MORE than double the difficulty to crack the password.
– Natanael
5 hours ago
1
1
@luchonacho There's a scale you're just not comprehending - 4 vs 1 sounds good, but the 4 are vastly smaller than the 1. Assuming just lowercase alphabet, there are 26^8 possible 8-letter passwords. If I have to guess 4 2-letter passwords though, 26^2^4 is the ideal case - equivalent iff intermediate steps are indistinguishable from garbage. Meet-in-the-middle attacks make it so that even this "best case" of needing to guess the same number of passwords takes less time by storing intermediate values. Wikipedia has a better explanation.
– Delioth
4 hours ago
@luchonacho There's a scale you're just not comprehending - 4 vs 1 sounds good, but the 4 are vastly smaller than the 1. Assuming just lowercase alphabet, there are 26^8 possible 8-letter passwords. If I have to guess 4 2-letter passwords though, 26^2^4 is the ideal case - equivalent iff intermediate steps are indistinguishable from garbage. Meet-in-the-middle attacks make it so that even this "best case" of needing to guess the same number of passwords takes less time by storing intermediate values. Wikipedia has a better explanation.
– Delioth
4 hours ago
1
1
@Natanael Goodluck with the IV's of the middle layers for meet-in-the-middle-attack. Also, Weiner showed that double encryption is more secure than the single of course not by 2-times.
– kelalaka
4 hours ago
@Natanael Goodluck with the IV's of the middle layers for meet-in-the-middle-attack. Also, Weiner showed that double encryption is more secure than the single of course not by 2-times.
– kelalaka
4 hours ago
1
1
Are there encryption schemes where you cannot confirm if a guess was correct? I imagine being able to confirm a guess was correct when deciphering AES has to do with padding.
– Vaelus
1 hour ago
Are there encryption schemes where you cannot confirm if a guess was correct? I imagine being able to confirm a guess was correct when deciphering AES has to do with padding.
– Vaelus
1 hour ago
|
show 2 more comments
This doesn't add security, but makes it easier to guess the passphrase one word at a time (N⁴ vs. N+N+N+N, where N is the symbol count of the word list). Even when you encrypt a file or a message to multiple recipients using PGP, the payload is encrypted only once using symmetric encryption, and then the key for that is encrypted separately for every recipient. This way every recipient has equal access to the payload without multiplying the message size.
What you suggest might be useful in two scenarios, but all the passphrases should be strong in themselves.
You have to send a file to someone using a symmetric encryption, but you don't have a channel for trustworthy key exchange. You could send the passphrase for one layer using email, for second layer using SMS and for third layer using mail. Any of these could be stolen, but it's way harder to steal them all.
You have information for a group of people you can't meet, but no-one should know it before the others. You send them all the encrypted file containing the information, but a different password to each. Now they need to be together to reveal the contents. That's a fair way to leave inheritance as a Bitcoin wallet!
answered 6 hours ago
Esa JokinenEsa Jokinen
1,53149
6
Worth noting: The split-key group scenario is more versatilely accomplished with Shamir's Secret Sharing.
– Michael
4 hours ago
add a comment |
This doesn't add security, but makes it easier to guess the passphrase one word at a time (N⁴ vs. N+N+N+N, where N is the symbol count of the word list). Even when you encrypt a file or a message to multiple recipients using PGP, the payload is encrypted only once using symmetric encryption, and then the key for that is encrypted separately for every recipient. This way every recipient has equal access to the payload without multiplying the message size.
What you suggest might be useful in two scenarios, but all the passphrases should be strong in themselves.
You have to send a file to someone using a symmetric encryption, but you don't have a channel for trustworthy key exchange. You could send the passphrase for one layer using email, for second layer using SMS and for third layer using mail. Any of these could be stolen, but it's way harder to steal them all.
You have information for a group of people you can't meet, but no-one should know it before the others. You send them all the encrypted file containing the information, but a different password to each. Now they need to be together to reveal the contents. That's a fair way to leave inheritance as a Bitcoin wallet!
answered 6 hours ago
Esa JokinenEsa Jokinen
1,53149
6
Worth noting: The split-key group scenario is more versatilely accomplished with Shamir's Secret Sharing.
– Michael
4 hours ago
add a comment |
This doesn't add security, but makes it easier to guess the passphrase one word at a time (N⁴ vs. N+N+N+N, where N is the symbol count of the word list). Even when you encrypt a file or a message to multiple recipients using PGP, the payload is encrypted only once using symmetric encryption, and then the key for that is encrypted separately for every recipient. This way every recipient has equal access to the payload without multiplying the message size.
What you suggest might be useful in two scenarios, but all the passphrases should be strong in themselves.
You have to send a file to someone using a symmetric encryption, but you don't have a channel for trustworthy key exchange. You could send the passphrase for one layer using email, for second layer using SMS and for third layer using mail. Any of these could be stolen, but it's way harder to steal them all.
You have information for a group of people you can't meet, but no-one should know it before the others. You send them all the encrypted file containing the information, but a different password to each. Now they need to be together to reveal the contents. That's a fair way to leave inheritance as a Bitcoin wallet!
answered 6 hours ago
Esa JokinenEsa Jokinen
1,53149
This doesn't add security, but makes it easier to guess the passphrase one word at a time (N⁴ vs. N+N+N+N, where N is the symbol count of the word list). Even when you encrypt a file or a message to multiple recipients using PGP, the payload is encrypted only once using symmetric encryption, and then the key for that is encrypted separately for every recipient. This way every recipient has equal access to the payload without multiplying the message size.
What you suggest might be useful in two scenarios, but all the passphrases should be strong in themselves.
You have to send a file to someone using a symmetric encryption, but you don't have a channel for trustworthy key exchange. You could send the passphrase for one layer using email, for second layer using SMS and for third layer using mail. Any of these could be stolen, but it's way harder to steal them all.
You have information for a group of people you can't meet, but no-one should know it before the others. You send them all the encrypted file containing the information, but a different password to each. Now they need to be together to reveal the contents. That's a fair way to leave inheritance as a Bitcoin wallet!
answered 6 hours ago
Esa JokinenEsa Jokinen
1,53149
edited 5 hours ago
answered 6 hours ago
Esa JokinenEsa Jokinen
1,53149
answered 6 hours ago
Esa JokinenEsa Jokinen
1,53149
answered 6 hours ago
Esa JokinenEsa Jokinen
1,53149
1,53149
6
Worth noting: The split-key group scenario is more versatilely accomplished with Shamir's Secret Sharing.
– Michael
4 hours ago
add a comment |
6
Worth noting: The split-key group scenario is more versatilely accomplished with Shamir's Secret Sharing.
– Michael
4 hours ago
6
6
Worth noting: The split-key group scenario is more versatilely accomplished with Shamir's Secret Sharing.
– Michael
4 hours ago
Worth noting: The split-key group scenario is more versatilely accomplished with Shamir's Secret Sharing.
– Michael
4 hours ago
add a comment |
Another perspective to what the others said (that guessing single words 4 times is much less expensive than guessing a combination of 4 words at once):
In cryptography, there is the concept of having completely open algorithms, and completely closed secrets. As long as the secret stays (sic!) secret, it does not matter whether the attacker knows anything at all about the algorithm. This is the opposite of "security by obscurity", and it is well. It means that you can put up the algorithm to the scrutiny of the whole world (quite literally, in a popular scheme like AES) without compromising anything.
The algorithm "just" needs to be uncrackable; you need to convince yourself that there is neither an algorithmic or a brute force way to crack it. If you can come to that conclusion, then you're finished, and only need to care about your secret. You and me probably cannot analyze AES to this extent, but we can decide that having it an open/public algorithm with great exposure to many presumably "good" cryptanalysts makes it safe enough for us.
So. Assume you have such an algorithm. By definition, once you have a safe password, it is 100%, perfectly safe (until someone discovers a crack in the algorithm or creates a computer fast enough - both of which does, of course happen regularly, e.g., MD5).
Anything you do with the algorithm afterwards would need very thorough inspection by a large community of cryptologists. Your proposed "repeat AES 4 times" algorithm is a completely new thing. Throw it to the community (like you did here), and people immediately find weaknesses. That's why you don't (as a layman, or as a lone programmer in some company) fool around with the algorithm, and don't ever bother with security by obscurity.
In this particular case: if applying AES 4 times would increase security, then AES would already do that. This would be such a trivial change compared to the complexity of the field.
answered 3 hours ago
AnoEAnoE
2,1121311
add a comment |
Another perspective to what the others said (that guessing single words 4 times is much less expensive than guessing a combination of 4 words at once):
In cryptography, there is the concept of having completely open algorithms, and completely closed secrets. As long as the secret stays (sic!) secret, it does not matter whether the attacker knows anything at all about the algorithm. This is the opposite of "security by obscurity", and it is well. It means that you can put up the algorithm to the scrutiny of the whole world (quite literally, in a popular scheme like AES) without compromising anything.
The algorithm "just" needs to be uncrackable; you need to convince yourself that there is neither an algorithmic or a brute force way to crack it. If you can come to that conclusion, then you're finished, and only need to care about your secret. You and me probably cannot analyze AES to this extent, but we can decide that having it an open/public algorithm with great exposure to many presumably "good" cryptanalysts makes it safe enough for us.
So. Assume you have such an algorithm. By definition, once you have a safe password, it is 100%, perfectly safe (until someone discovers a crack in the algorithm or creates a computer fast enough - both of which does, of course happen regularly, e.g., MD5).
Anything you do with the algorithm afterwards would need very thorough inspection by a large community of cryptologists. Your proposed "repeat AES 4 times" algorithm is a completely new thing. Throw it to the community (like you did here), and people immediately find weaknesses. That's why you don't (as a layman, or as a lone programmer in some company) fool around with the algorithm, and don't ever bother with security by obscurity.
In this particular case: if applying AES 4 times would increase security, then AES would already do that. This would be such a trivial change compared to the complexity of the field.
answered 3 hours ago
AnoEAnoE
2,1121311
add a comment |
Another perspective to what the others said (that guessing single words 4 times is much less expensive than guessing a combination of 4 words at once):
In cryptography, there is the concept of having completely open algorithms, and completely closed secrets. As long as the secret stays (sic!) secret, it does not matter whether the attacker knows anything at all about the algorithm. This is the opposite of "security by obscurity", and it is well. It means that you can put up the algorithm to the scrutiny of the whole world (quite literally, in a popular scheme like AES) without compromising anything.
The algorithm "just" needs to be uncrackable; you need to convince yourself that there is neither an algorithmic or a brute force way to crack it. If you can come to that conclusion, then you're finished, and only need to care about your secret. You and me probably cannot analyze AES to this extent, but we can decide that having it an open/public algorithm with great exposure to many presumably "good" cryptanalysts makes it safe enough for us.
So. Assume you have such an algorithm. By definition, once you have a safe password, it is 100%, perfectly safe (until someone discovers a crack in the algorithm or creates a computer fast enough - both of which does, of course happen regularly, e.g., MD5).
Anything you do with the algorithm afterwards would need very thorough inspection by a large community of cryptologists. Your proposed "repeat AES 4 times" algorithm is a completely new thing. Throw it to the community (like you did here), and people immediately find weaknesses. That's why you don't (as a layman, or as a lone programmer in some company) fool around with the algorithm, and don't ever bother with security by obscurity.
In this particular case: if applying AES 4 times would increase security, then AES would already do that. This would be such a trivial change compared to the complexity of the field.
answered 3 hours ago
AnoEAnoE
2,1121311
Another perspective to what the others said (that guessing single words 4 times is much less expensive than guessing a combination of 4 words at once):
In cryptography, there is the concept of having completely open algorithms, and completely closed secrets. As long as the secret stays (sic!) secret, it does not matter whether the attacker knows anything at all about the algorithm. This is the opposite of "security by obscurity", and it is well. It means that you can put up the algorithm to the scrutiny of the whole world (quite literally, in a popular scheme like AES) without compromising anything.
The algorithm "just" needs to be uncrackable; you need to convince yourself that there is neither an algorithmic or a brute force way to crack it. If you can come to that conclusion, then you're finished, and only need to care about your secret. You and me probably cannot analyze AES to this extent, but we can decide that having it an open/public algorithm with great exposure to many presumably "good" cryptanalysts makes it safe enough for us.
So. Assume you have such an algorithm. By definition, once you have a safe password, it is 100%, perfectly safe (until someone discovers a crack in the algorithm or creates a computer fast enough - both of which does, of course happen regularly, e.g., MD5).
Anything you do with the algorithm afterwards would need very thorough inspection by a large community of cryptologists. Your proposed "repeat AES 4 times" algorithm is a completely new thing. Throw it to the community (like you did here), and people immediately find weaknesses. That's why you don't (as a layman, or as a lone programmer in some company) fool around with the algorithm, and don't ever bother with security by obscurity.
In this particular case: if applying AES 4 times would increase security, then AES would already do that. This would be such a trivial change compared to the complexity of the field.
answered 3 hours ago
AnoEAnoE
2,1121311
answered 3 hours ago
AnoEAnoE
2,1121311
answered 3 hours ago
AnoEAnoE
2,1121311
answered 3 hours ago
AnoEAnoE
2,1121311
2,1121311
add a comment |
add a comment |
Imagine a Hollywood film where they're cracking a password or a security code, with all the spinning digits on a fancy UI, and they have elite hackers who crack one digit of the code at a time, and the good guys have to work to blow up the hackers' computer or something before they crack that last digit. Of course, in real life it isn't like that — for a reasonably secure system, you basically either know you've got the right password, or you know you've not got the right password — there's no way to see if a password is in any way "close".
What you've suggested is making your security system work like the ones in Hollywood. An attacker would be able to run a trivial dictionary attack on your encryption, and know that they've successfully decrypted the first layer immediately. They could then simply repeat this four times to recover the file. By comparison, running a trivial dictionary attack wouldn't discover your "mydogisamazing" password, and there would be absolutely no indication when the word "my" came up in their attack that this was "close" to the final password.
answered 3 hours ago
MuzerMuzer
1512
New contributor
Muzer is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
3
Collecting IVs from a WEP protected wireless network is a real life situation that works similarly to these Hollywood movie scenes, though. Likewise, it has nothing to do with password strength, but looks cool on the screen.
– Esa Jokinen
3 hours ago
@EsaJokinen agreed, but hence "for a reasonably secure system" - wired equivalent privacy my arse!
– Muzer
2 hours ago
It's equivalent to zero privacy.
– Esa Jokinen
2 hours ago
1
running a trivial dictionary attack wouldn't discover your "mydogisamazing" password Well, according to haveibeenpwned.com, "mydogisamazing" appeared three times in password breaks already ...
– Dubu
2 hours ago
add a comment |
Imagine a Hollywood film where they're cracking a password or a security code, with all the spinning digits on a fancy UI, and they have elite hackers who crack one digit of the code at a time, and the good guys have to work to blow up the hackers' computer or something before they crack that last digit. Of course, in real life it isn't like that — for a reasonably secure system, you basically either know you've got the right password, or you know you've not got the right password — there's no way to see if a password is in any way "close".
What you've suggested is making your security system work like the ones in Hollywood. An attacker would be able to run a trivial dictionary attack on your encryption, and know that they've successfully decrypted the first layer immediately. They could then simply repeat this four times to recover the file. By comparison, running a trivial dictionary attack wouldn't discover your "mydogisamazing" password, and there would be absolutely no indication when the word "my" came up in their attack that this was "close" to the final password.
answered 3 hours ago
MuzerMuzer
1512
New contributor
Muzer is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
3
Collecting IVs from a WEP protected wireless network is a real life situation that works similarly to these Hollywood movie scenes, though. Likewise, it has nothing to do with password strength, but looks cool on the screen.
– Esa Jokinen
3 hours ago
@EsaJokinen agreed, but hence "for a reasonably secure system" - wired equivalent privacy my arse!
– Muzer
2 hours ago
It's equivalent to zero privacy.
– Esa Jokinen
2 hours ago
1
running a trivial dictionary attack wouldn't discover your "mydogisamazing" password Well, according to haveibeenpwned.com, "mydogisamazing" appeared three times in password breaks already ...
– Dubu
2 hours ago
add a comment |
Imagine a Hollywood film where they're cracking a password or a security code, with all the spinning digits on a fancy UI, and they have elite hackers who crack one digit of the code at a time, and the good guys have to work to blow up the hackers' computer or something before they crack that last digit. Of course, in real life it isn't like that — for a reasonably secure system, you basically either know you've got the right password, or you know you've not got the right password — there's no way to see if a password is in any way "close".
What you've suggested is making your security system work like the ones in Hollywood. An attacker would be able to run a trivial dictionary attack on your encryption, and know that they've successfully decrypted the first layer immediately. They could then simply repeat this four times to recover the file. By comparison, running a trivial dictionary attack wouldn't discover your "mydogisamazing" password, and there would be absolutely no indication when the word "my" came up in their attack that this was "close" to the final password.
answered 3 hours ago
MuzerMuzer
1512
New contributor
Muzer is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Imagine a Hollywood film where they're cracking a password or a security code, with all the spinning digits on a fancy UI, and they have elite hackers who crack one digit of the code at a time, and the good guys have to work to blow up the hackers' computer or something before they crack that last digit. Of course, in real life it isn't like that — for a reasonably secure system, you basically either know you've got the right password, or you know you've not got the right password — there's no way to see if a password is in any way "close".
What you've suggested is making your security system work like the ones in Hollywood. An attacker would be able to run a trivial dictionary attack on your encryption, and know that they've successfully decrypted the first layer immediately. They could then simply repeat this four times to recover the file. By comparison, running a trivial dictionary attack wouldn't discover your "mydogisamazing" password, and there would be absolutely no indication when the word "my" came up in their attack that this was "close" to the final password.
answered 3 hours ago
MuzerMuzer
1512
New contributor
Muzer is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 3 hours ago
MuzerMuzer
1512
New contributor
Muzer is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 3 hours ago
MuzerMuzer
1512
answered 3 hours ago
MuzerMuzer
1512
1512
New contributor
Muzer is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Muzer is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Muzer is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
3
Collecting IVs from a WEP protected wireless network is a real life situation that works similarly to these Hollywood movie scenes, though. Likewise, it has nothing to do with password strength, but looks cool on the screen.
– Esa Jokinen
3 hours ago
@EsaJokinen agreed, but hence "for a reasonably secure system" - wired equivalent privacy my arse!
– Muzer
2 hours ago
It's equivalent to zero privacy.
– Esa Jokinen
2 hours ago
1
running a trivial dictionary attack wouldn't discover your "mydogisamazing" password Well, according to haveibeenpwned.com, "mydogisamazing" appeared three times in password breaks already ...
– Dubu
2 hours ago
add a comment |
3
Collecting IVs from a WEP protected wireless network is a real life situation that works similarly to these Hollywood movie scenes, though. Likewise, it has nothing to do with password strength, but looks cool on the screen.
– Esa Jokinen
3 hours ago
@EsaJokinen agreed, but hence "for a reasonably secure system" - wired equivalent privacy my arse!
– Muzer
2 hours ago
It's equivalent to zero privacy.
– Esa Jokinen
2 hours ago
1
running a trivial dictionary attack wouldn't discover your "mydogisamazing" password Well, according to haveibeenpwned.com, "mydogisamazing" appeared three times in password breaks already ...
– Dubu
2 hours ago
3
3
Collecting IVs from a WEP protected wireless network is a real life situation that works similarly to these Hollywood movie scenes, though. Likewise, it has nothing to do with password strength, but looks cool on the screen.
– Esa Jokinen
3 hours ago
Collecting IVs from a WEP protected wireless network is a real life situation that works similarly to these Hollywood movie scenes, though. Likewise, it has nothing to do with password strength, but looks cool on the screen.
– Esa Jokinen
3 hours ago
@EsaJokinen agreed, but hence "for a reasonably secure system" - wired equivalent privacy my arse!
– Muzer
2 hours ago
@EsaJokinen agreed, but hence "for a reasonably secure system" - wired equivalent privacy my arse!
– Muzer
2 hours ago
It's equivalent to zero privacy.
– Esa Jokinen
2 hours ago
It's equivalent to zero privacy.
– Esa Jokinen
2 hours ago
1
1
running a trivial dictionary attack wouldn't discover your "mydogisamazing" password Well, according to haveibeenpwned.com, "mydogisamazing" appeared three times in password breaks already ...
– Dubu
2 hours ago
running a trivial dictionary attack wouldn't discover your "mydogisamazing" password Well, according to haveibeenpwned.com, "mydogisamazing" appeared three times in password breaks already ...
– Dubu
2 hours ago
add a comment |
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f203830%2fis-layered-encryption-more-secure-than-long-passwords%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
5
If you were playing Hangman, which would be harder? Guessing the word one letter at a time, or guessing the entire word each time?
– John Wu
2 hours ago