Hacker News new | ask | show | jobs
by kbns 1235 days ago
"roll your own crypto" means writing a new encryption scheme. But here i'm just using multiple schemes without connection to one another by using different encryption keys.

What if AES-256 gets compromised?

Basically i'm storing my encrypted data online. Anyone can see it but only i can decrypt it.
1 comments
zgs 1235 days ago
You *are* inventing a new crypto algorithm.

A symmetric cipher is a permutation, multiple symmetric ciphers in sequence is still a permutation. There has been no analysis done on the latter to determine if the sequence you use hides a weakness. I'd much prefer a well analysed system to an unanalysed one.

link
kbns 1235 days ago
> multiple symmetric ciphers in sequence is still a permutation.

No its not. The data feeding to the next algorithm is an already encrypted data from the previous algorithm. Theres 0 connection b/w them.

For example . step 1 . encrypt message (M) with key (K1) using AES to produce cipher text (C1) step 2 . encrypt message C1 with key K2 using TripleDES to produce C2. step n . and so on using all algorithms with different Keys.

I don't see any connections b/w them. 0 entropy. Please correct me if i'm wrong.

link
zgs 1235 days ago
It's still a permutation: shuffling a deck of cards again doesn't make it any more random (apologies to Diaconis). A symmetric cipher is just a shuffle -- no more, no less. Sure, it "feels" unlikely that there would be a problem but can you prove that or prove at least some level of confidence in it?

The bottom line is just AES is good enough. Your data almost certainly isn't worth the effort involved for an attacker even if there was a substantial breakthrough against AES. If it was worth enough, there are far cheaper and easier ways to get access than breaking the crypto: https://xkcd.com/538/

Modern symmetric crypto is secure enough: any problems you hear about are not in the algorithms. Cracking crypto as seen in movies is a complete fiction, it doesn't work like that.

I suggest reading some introductory texts on cryptography to fill knowledge gaps.

link
kbns 1235 days ago
Thank you. i will learn more about it.
link