Problem solve Get help with specific problems with your technologies, process and projects.

Encrypting files multiple times for stronger security

My question is in regard to the use of multiple encryption programs or algorithms. To secure very important documents or messages, we use encryption software like PGP. If we encrypt the same file with multiple encryption programs, selecting different algorithms and keys, will the encryption be stronger?

In theory, yes, this improves security. In practice, it's not worth adding in anything.

For example, let's suppose I encrypt a file to myself multiple times, using my own public key and several symmetric ciphers. The weak point in this is my passphrase. The same passphrase opens each one, and if you know that, you can do all the decryptions. If, however, Alice encrypts a file and hands it to Bob who encrypts it, and then Charlie does, you do have added strength in the encryption.

All modern ciphers are strong enough that the weak points in the system are elsewhere, usually in the human interface. The example above, where I use my own public key three times, has as its weakness the user interface, not the cryptography. It's like putting three locks on a door that all take the same key. If the same key opens all locks, they are stronger than one lock, but not three times stronger.

For more information on this topic, visit these other SearchSecurity.com resources:
Tech Tip: A primer on encryption
Strom's Security Tool Shed: File encryption made easy
Executive Security Briefing: Public key cryptography Q&A

This was last published in September 2002

Dig Deeper on Disk and file encryption tools

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

I disagree to the line "It's like putting three locks on a door that all take the same key."

My point is: its not like there are three different locks which open with one key. Its like there is only one lock but to open it you have to turn the key three times. So if the thief doesn't know how many times to turn the key, it makes its job much more difficult.
Please correct me if I am wrong.
Well, if you don't have the door open after one turn, you can simply keep turning until it unlocks.

So, if you still keep receiving cyphertext, you can keep using the key until you don't anymore.

Since you are using 3 different algorithms, I think that the 3 lock analogy holds. Furthermore, I'd say that the types of lock matters as well. If your key works in all the locks but the locks work in different ways, it might take a little extra time to figure out how to work the key in all the locks (as in, figure out which algo's have been used).