Multiple encryption: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 21:33, 13 February 2025 edit Comp.arch (talk \| contribs) Extended confirmed users 41,513 edits m DNB, likely misplaced, note: https://d-nb.info/110368003X i.e. they do use ISBN, I could only look that up not "DNB" number Tag: 2017 wikitext editor ← Previous edit		Latest revision as of 08:56, 9 August 2025 edit undo CortexFiend (talk \| contribs) 91 edits Link suggestions feature: 2 links added. Tags: Visual edit Newcomer task Suggested: add links
(4 intermediate revisions by 4 users not shown)
Line 2: '''Multiple encryption''' is the process of [[encryption\|encrypting]] an already encrypted message one or more times, either using the same or a different algorithm. It is also known as '''cascade encryption''', '''cascade ciphering''', '''multiple encryption''', and '''superencipherment'''. '''Superencryption''' refers to the outer-level encryption of a multiple encryption. Some cryptographers, like Matthew Green of [[Johns Hopkins University]], say multiple encryption addresses a problem that mostly doesn't exist: {{Blockquote Line 37: ==The Rule of Two== The '''Rule of Two''' is a [[data security]] principle from the [[National Security Agency\|NSA's]] Commercial Solutions for Classified Program (CSfC).<ref>{{cite web \|url=http://www.nsa.gov/ia/programs/csfc_program/ \|title=Commercial Solutions for Classified Program \|publisher=US National Security Agency \|access-date=24 December 2015 \|quote= \|archive-url=https://web.archive.org/web/20151225183650/https://www.nsa.gov/ia/programs/csfc_program/ \|archive-date=25 December 2015 \|url-status=dead }}</ref> It specifies two completely independent layers of cryptography to protect data. For example, data could be protected by both hardware encryption at its lowest level and software encryption at the application layer. It could mean using two [[Federal Information Processing Standards\|FIPS]]-validated software cryptomodules from different vendors to en/decrypt data. The importance of vendor and/or model diversity between the layers of components centers around removing the possibility that the manufacturers or models will share a vulnerability. This way if one components is compromised there is still an entire layer of encryption protecting the information at rest or in transit. The CSfC Program offers solutions to achieve diversity in two ways. "The first is to implement each layer using components produced by different manufacturers. The second is to use components from the same manufacturer, where that manufacturer has provided NSA with sufficient evidence that the implementations of the two components are independent of one another."<ref>{{cite web \|url=https://www.nsa.gov/Portals/70/documents/resources/everyone/csfc/capability-packages/MACPv2_1.pdf/ \|title=Mobile Access Capability Package \|publisher=US National Security Agency \|access-date=28 February 2020 \|quote=}}</ref> The principle is practiced in the NSA's secure mobile phone called Fishbowl.<ref name=":0">{{cite book \| last=Adams \| first=David \| last2=Maier \| first2=Ann-Kathrin \| title=Big Seven Study (2016): 7 open source Crypto-Messengers to be compared (English/Deutsch) \| publisher=BoD – Books on Demand \| publication-place=Norderstedt \| date=2019-10-23 \| isbn=978-3-7504-0897-5 \| url=https://phoenixnap.dl.sourceforge.net/project/goldbug/bigseven-crypto-audit.pdf}}</ref> The phones use two layers of encryption protocols, [[IPsec]] and [[Secure Real-time Transport Protocol]] (SRTP), to protect voice communications. The Samsung [[Galaxy S9]] Tactical Edition is also an approved CSfC Component. ~~==Examples==~~ The figure shows from inside to outside the process of how the encrypted capsule is formed in the context of Echo Protocol, used by the Software Application GoldBug Messenger.<ref>{{cite web \|url=https://goldbug.sourceforge.net \|title = GoldBug – Secure E-Mail-Client & Instant Messenger}}</ref> GoldBug has implemented a hybrid system for authenticity and confidentiality.<ref name=":0">Adams, David / Maier, Ann-Kathrin (2016): BIG SEVEN Study, open source crypto-messengers to be compared – or: Comprehensive Confidentiality Review & Audit of GoldBug, Encrypting E-Mail-Client & Secure Instant Messenger, Descriptions, tests and analysis reviews of 20 functions of the application GoldBug based on the essential fields and methods of evaluation of the 8 major international audit manuals for IT security investigations including 38 figures and 87 tables, URL: https://sf.net/projects/goldbug/files/bigseven-crypto-audit.pdf – English / German Language, Version 1.1, 305 pages, June 2016 (ISBN: 110368003X – DNB: 2016B14779)</ref> ~~'''<u>First layer of the encryption:</u>'''~~ ~~The ciphertext of the original readable message is hashed, and subsequently the symmetric keys are encrypted via the asymmetric key – e.g. deploying the algorithm RSA.~~ ~~In an intermediate step the ciphertext, and the hash digest of the ciphertext are combined into a capsule, and packed together.~~ It follows the approach: [[w:Authenticated encryption#Encrypt-then-MAC\|Encrypt-then-MAC]]. In order for the receiver to verify that the ciphertext has not been tampered with, the digest is computed before the ciphertext is decrypted. ~~'''<u>Second layer of encryption:</u>'''~~ Optionally it is still possible, therefore to encrypt the capsule of the first layer in addition with an [[w:Advanced Encryption Standard\|AES-256]], – comparable to a commonly shared, 32-character long symmetric password. Hybrid Encryption is then added to multiple encryption.{{Citation needed\|date=September 2022}} ~~'''<u>Third layer of the encryption:</u>'''~~ ~~Then, this capsule is transmitted via a secure [[w:Transport Layer Security\|SSL/TLS]] connection to the communication partner.~~ ==References== {{Reflist}} ~~https://github.com/JuliaLang/julia/pull/57258#issuecomment-2657475954 ISBN: DNB 110368003X~~ ==Further reading ==