Encrypting encryption is doubly encrypted?

If I encrypt an encrypted file have I increased how securely encrypted it is? If I encrypt something using 64-bit’s a dozen times will it be more secure than something encrypted once at 128 bits?

I’m not an ecryption expert, but that approach is already in use. For exmple, there is an algorithm called DES and another called Triple DES. If I remember, I have various bookmarks at work that talk more about it.

Not necessarily. The answer depends on the precise alorithms that you use.
See Wikipedia on triple DES

You would definitely want to use different keys for each encryption stage.

Triple DES uses three keys, and I believe the strategy used is to encrypt with the first key, decrypt that ciphertext with the second key, and then re-encrypt it with the third key.

Because the second key is different from the first key, the decryption step in the middle does not produce the original plaintext.

As Squink says, it depends on the algorithm involved. Running some algorithms again may gain much more security, some not much more at all. For example, I recently came to the conclusion that quadruple Rot-13 just wasn’t worth the extra CPU cycles required.

Some simple encryption schemes use a simple x-or of the data with an encrypted stream. In that case, doing it twice (with the same password) would decrypt it.

Quite the contrary!

It was only after having my massively parallel room full of cheap 486 boxes running a highly customized Linux OS chew on that message for the past two hours (and think how many hundreds of CPU hours that was, given the array I used :)) that I was able to discern the few subtle clues you left (foolishly) in your message and apply the quadruple ROT-13 to reveal the plaintext. It was worth every cycle you expended!

On the other hand, it can be rigorously mathematically proven that 17 successive applications of rot-13 is much more secure than 2, easily enough more so to justify the extra clock cycles. 17 seems to be a key number in this regard, though… Neither 16 nor 18 is really worthwhile.

I forget exactly what it was called but awhile back (years) the federal government toyed with putting an encryption chip into computers. This would allow encryption for the ordinary guy but with suitable oversight (presumably) the feds could get the key to your messages and decrypt it for law enforcement purposes. This all met with a hail of criticism but one notable thing pointed out was that someone could just encrypt the encrypted data with whatever they like and the feds would be no better off. So at least in this case double encryption was more secure.

“And the Lord spake, saying, 'First shalt thou take out the Holy Encryption Key. Then, shalt thou count to seventeen. No more. No less. Seventeen shalt be the number thou shalt count, and the number of the counting shall be seventeen. Eighteen shalt thou not count, nor either count thou sixteen, excepting that thou then proceed to seventeen. Nineteen is right out. Once the number seventeen, being the seventeenth number, be reached, then, lobbest thou thy Holy Encryption Grenade of ROT-13 towards thy foe, who, being naughty in My sight, shall snuff it.”

[sub]Thanks to Monty Python for this adaptation of a scene from The Holy Grail.[/sub]

Clipper, I think.

Can you please all stop posting in quadruple ROT-13. I haven’t cracked it yet.

There’s a simple workaround for this. Hold up a pair of mirrors, and angle them so you’re reading the monitor through both of them.

Voila! All is revealed!

It was called Clipper and also had a companion called LEAF, or Law Enforcement Access Field. The scheme used the Skipjack algorithm and thankfully, the idea existed for only about three years before it was revealed in 1994 to be rather weak against brute-force attacks.

It was also stupid - US manufacturers would have been required to implement it, but foreign manufacturers could not be made to implement it, which presumably would have led to the decline of companies like HP and Dell, while the likes of Toshiba and Lenovo would be enjoying brisk sales.

It’s worth noting that, even if you use different passwords, if you use the same algorithm, then you’re still vulnerable to someone breaking that algorithm with a less-than brute force solution. Triple DES may be more secure than single DES against brute force attacks, but if someone cracks DES, then they (probably) crack 3DES just as easily.

I used to encrypt all my posts with quadruple ROT-13, but then I re-evaluated the effectiveness of this and did a 720-degree course change.

I’ve just discovered this is also true for 23 and 29 cycles.
In fact, this is true for all primes 2^n-1! I have a truly marvelous proof, but sadly this post is too narrow to contain it.

I’d heard that primes were important for cryptography; now I understand.