Advice Request Double (or triple) encryption - Is it advisable?

[HarborFront]

Hi

Is double (or triple) encryption advisable? Will it double (or triple) the security? Or will it weaken it?

Let's say you compose a message with a text editor and encrypts it. Then you attach the password-protected file to your secure email (like ProtonMail or Tutanota) which further encrypts it.

Another example would be if you encrypt your file and then store it on your external HDD/SSD which is further disk encrypted.

Would using the same encryption or different encryption methods be better?

Thanks

 

[XhenEd]

I assume that doubling or tripling encryption may improve the security of the protected file because one must decrypt the first encryption (the outer layer) before decrypting the second, and then the third.

VeraCrypt (and TrueCrypt) has this option. For instance, it has an option for Serpent+AES, which would mean that the file is first encrypted in the AES format, then this encrypted file is encrypted again using Serpent.

But in normal circumstances, I believe one encryption is enough. Doubling or tripling encryption is only for criminals, big businesses, and top gov, especially security, agencies.

 

[iangcarroll]

No, layering encryption algorithms does not weaken anything. It technically protects you against any one layer being weak if you use multiple algorithms, but realistically you are fine using one trustworthy one and switching as needed.

Google (more or less) does this to test out post-quantum cryptography; the PQ algorithm CECPQ1 is used over an already secure connection established with ECDH, a "safe" key exchange algorithm.

 

[HarborFront]

However, someone over at Wilders Security Forums got screwed up with double encryption. A possibility here

Does dual-encryption weakens the encryption?

 

[iangcarroll]

However, someone over at Wilders Security Forums got screwed up with double encryption. A possibility here

Does dual-encryption weakens the encryption?

Don't buy the flash drive he was using!

I do not know what happened there. But the cryptographic construct itself ( such as doing ChaCha(AES(data)) ) is safe, provided at least one is securely implemented. You literally just get random data from (properly designed) ciphers, so there is nothing special about encrypting encrypted bytes.

 

[iangcarroll]

Having read a bit more, there are a couple of asterisks for my previous statement. I won't regurgitate the entirety of Matthew Green's article, but essentially:

• If you use the same key, you may seriously screw yourself over. He gives AES-CTR as an example, where CTR(K, CTR(K, M)) (where M is the message and K is the key) will not actually encrypt anything, because encryption and decryption are the same operation.
• The construct might become somewhat malleable if one algorithm is weak. Malleability is not too relevant for the encryption of documents and such.
• The construct may not be stronger than its first layer, assuming you can coerce patterns into it. It is _extremely_ unlikely you are going to be able to do that with a modern cipher like AES-CBC, but the point is there.

But yeah, if you upload an encrypted document to ProtonMail and it's re-encrypted by them, the worst case is that ProtonMail did nothing to encrypt it.

 

[HarborFront]

Having read a bit more, there are a couple of asterisks for my previous statement. I won't regurgitate the entirety of Matthew Green's article, but essentially:

• If you use the same key, you may seriously screw yourself over. He gives AES-CTR as an example, where CTR(K, CTR(K, M)) (where M is the message and K is the key) will not actually encrypt anything, because encryption and decryption are the same operation.
• The construct might become somewhat malleable if one algorithm is weak. Malleability is not too relevant for the encryption of documents and such.
• The construct may not be stronger than its first layer, assuming you can coerce patterns into it. It is _extremely_ unlikely you are going to be able to do that with a modern cipher like AES-CBC, but the point is there.

But yeah, if you upload an encrypted document to ProtonMail and it's re-encrypted by them, the worst case is that ProtonMail did nothing to encrypt it.

But if the encryption method for the attached file is different from ProtonMail would that strengthen the overall?

 

[iangcarroll]

But if the encryption method for the attached file is different from ProtonMail would that strengthen the overall?

Theoretically, yes. Encrypting it yourself may be more helpful to protect against ProtonMail getting hacked and not actually encrypting your files than to protect against whatever they're using being broken.

 

[Zero Knowledge]

Most cryptographers don't recommend using 2 ciphers 1 on top of each other to encrypt files.

Using 2 ciphers to encrypt the same file does not offer more security.

AES 256 is fine by itself. Even with Quantum computers AES 256 would still be fine because the key length would only get cut in half to 128.

 

[HarborFront]

H

Most cryptographers don't recommend using 2 ciphers 1 on top of each other to encrypt files.

Using 2 ciphers to encrypt the same file does not offer more security.

AES 256 is fine by itself. Even with Quantum computers AES 256 would still be fine because the key length would only get cut in half to 128.

However, encryption software like VeraCrypt allows the use of up to 3 encryption algorithms. Of course speed will be affected in the process. See below

VeraCrypt & how-to basics - BestVPN.com

I think if you encrypt a file with AES and then stored in a HDD/SSD which is disk encrypted again with AES then the benefit will not be there. But if you store the AES-encrypted file in a HDD/SSD with Serpent-Twofish encryption then I believe this will strengthen the file overall.

What do you think?

Thanks