[0xDEAFBEAD]

This is a great point. If layering encryption really does introduce new attacks, that suggests encrypting single-layer ciphertext could allow you to perform that layered-ciphertext attack anyways. So I find myself skeptical of chowells' claim here.

Here's Wikipedia: https://en.wikipedia.org/wiki/Multiple_encryption

I'm no expert here, but if I understand Wikipedia correctly:

* Be sure to use distinct keys and IVs for each individual layer.

* Be aware that encrypting ciphertext could lead to a known-plaintext attack on the outer cipher, if the inner ciphertext starts in a standard way (file header etc.)