Q

Encrypting files multiple times for stronger security

My question is in regard to the use of multiple encryption programs or algorithms. To secure very important documents...

or messages, we use encryption software like PGP. If we encrypt the same file with multiple encryption programs, selecting different algorithms and keys, will the encryption be stronger?


In theory, yes, this improves security. In practice, it's not worth adding in anything.

For example, let's suppose I encrypt a file to myself multiple times, using my own public key and several symmetric ciphers. The weak point in this is my passphrase. The same passphrase opens each one, and if you know that, you can do all the decryptions. If, however, Alice encrypts a file and hands it to Bob who encrypts it, and then Charlie does, you do have added strength in the encryption.

All modern ciphers are strong enough that the weak points in the system are elsewhere, usually in the human interface. The example above, where I use my own public key three times, has as its weakness the user interface, not the cryptography. It's like putting three locks on a door that all take the same key. If the same key opens all locks, they are stronger than one lock, but not three times stronger.


For more information on this topic, visit these other SearchSecurity.com resources:
Tech Tip: A primer on encryption
Strom's Security Tool Shed: File encryption made easy
Executive Security Briefing: Public key cryptography Q&A


This was last published in September 2002

Dig Deeper on Disk Encryption and File Encryption

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Hi,
I disagree to the line "It's like putting three locks on a door that all take the same key."

My point is: its not like there are three different locks which open with one key. Its like there is only one lock but to open it you have to turn the key three times. So if the thief doesn't know how many times to turn the key, it makes its job much more difficult.
Please correct me if I am wrong.
Cancel
Well, if you don't have the door open after one turn, you can simply keep turning until it unlocks.

So, if you still keep receiving cyphertext, you can keep using the key until you don't anymore.

Since you are using 3 different algorithms, I think that the 3 lock analogy holds. Furthermore, I'd say that the types of lock matters as well. If your key works in all the locks but the locks work in different ways, it might take a little extra time to figure out how to work the key in all the locks (as in, figure out which algo's have been used).
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close