[Cryptography] BLAKE2: "Harder, Better, Faster, Stronger" Than MD5

[ianG]

On 25/03/2014 22:08 pm, tpb-crypto at laposte.net wrote:
>> Message du 24/03/14 19:09
>> De : "Jerry Leichter" 
>> A : tpb-crypto at laposte.net
>>> Some of my customers demand such solutions, shouldn't we develop a protocol for piggy-backing crypto over crypto? It would be a cool thing.
>> Maybe. And maybe we should have a protocol for those super-secure million-bit-key ciphers we keep hearing about. :-(
>>
>> Just because people demand it doesn't mean it's a good idea. First you need to find a piggy-backing method that has meaningful security benefits. Then we can talk about a protocol.
> 
> Since I'm merely a code monkey and not a cryptographer,...


This is no weakness, this is a strength.  You are closer to what matters.

> I know you guys don't like this approach, yet I have got no references on how to make it better. All I know is that if the first layer is broke, the would-be attacker will get another jumbled stream and will have to start all over again.


In terms of directly combining two ciphers, the common approach is to do
two stream ciphers and to xor them.


> The idea of my question is, can we do that in a proper manner? What proper manner is that, exactly?


There is academic work to combine ciphers at block level, which in
general shows that it is tricky to do, has a few surprising effects, and
often doesn't really help more than picking a good cipher.  Others will
write about that, I'm sure, and see the comment previously about DES-X.

However, there is a top tip from the NSA:  you should use two systems,
not two ciphers.  That is, you should use an underlying p2p system such
as IPSec or TLS or SSH, and then layer an application security system
over the top of it.

Which is to say;  if you are going to do super-encryption, the best
thing is to separate the layers as much as possible.

my 2c.

iang