Encrypting files multiple times for stronger security

My question is in regard to the use of multiple encryption programs or algorithms. To secure very important documents...

or messages, we use encryption software like PGP. If we encrypt the same file with multiple encryption programs, selecting different algorithms and keys, will the encryption be stronger?

In theory, yes, this improves security. In practice, it's not worth adding in anything.

For example, let's suppose I encrypt a file to myself multiple times, using my own public key and several symmetric ciphers. The weak point in this is my passphrase. The same passphrase opens each one, and if you know that, you can do all the decryptions. If, however, Alice encrypts a file and hands it to Bob who encrypts it, and then Charlie does, you do have added strength in the encryption.

All modern ciphers are strong enough that the weak points in the system are elsewhere, usually in the human interface. The example above, where I use my own public key three times, has as its weakness the user interface, not the cryptography. It's like putting three locks on a door that all take the same key. If the same key opens all locks, they are stronger than one lock, but not three times stronger.

For more information on this topic, visit these other SearchSecurity.com resources:
Tech Tip: A primer on encryption
Strom's Security Tool Shed: File encryption made easy
Executive Security Briefing: Public key cryptography Q&A

This was last published in September 2002

Dig Deeper on Disk Encryption and File Encryption



Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: