Ask the Expert

Encrypting files multiple times for stronger security

My question is in regard to the use of multiple encryption programs or algorithms. To secure very important documents or messages, we use encryption software like PGP. If we encrypt the same file with multiple encryption programs, selecting different algorithms and keys, will the encryption be stronger?


    Requires Free Membership to View

In theory, yes, this improves security. In practice, it's not worth adding in anything.

For example, let's suppose I encrypt a file to myself multiple times, using my own public key and several symmetric ciphers. The weak point in this is my passphrase. The same passphrase opens each one, and if you know that, you can do all the decryptions. If, however, Alice encrypts a file and hands it to Bob who encrypts it, and then Charlie does, you do have added strength in the encryption.

All modern ciphers are strong enough that the weak points in the system are elsewhere, usually in the human interface. The example above, where I use my own public key three times, has as its weakness the user interface, not the cryptography. It's like putting three locks on a door that all take the same key. If the same key opens all locks, they are stronger than one lock, but not three times stronger.


For more information on this topic, visit these other SearchSecurity.com resources:
Tech Tip: A primer on encryption
Strom's Security Tool Shed: File encryption made easy
Executive Security Briefing: Public key cryptography Q&A


This was first published in September 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: