Hello (and Merry Christmas):
I was reading in the 'help' section of my CS program about passwords and keys and that there are differences. I am wondering, does double encrypting a message in any way enhance security? For what purpose would someone double encrypt? Would it still be the case that any encryption is only as strong as its key? As usual, Thanks very much for your time/input...ns51

Hi ns51, And the seasons greetings to you:)

From the CS helpfile:
Layered encryption in CryptoSuite provides over twice as much protection, meaning if one of the algorithms that CryptoSuite uses is broken, it is still well protected by the other algorithm

Choosing a password

The most valuable item in encryption is the key used to encrypt the data. CryptoSuite allows you to enter a passphrase which will automatically be turned into a reproducable key. CryptoSuite has advanced methods which add a lot of work for bruteforcers of the passphrase, but it is still important to choose a good and strong password to encrypt your data.

When choosing a password you need to make sure it meets or exceeds the following criteria :-
* It is of sufficient length. For 256bit encryption that CryptoSuite uses, passwords should be at minimum 20 characters in length to gain maximum protection of 256bit encryption.
* It contains random elements in it. Don't just use simple words. Break them up with numbers and symbols.
* The password doesn't contain information that is easily attainable about you. Such as family members names, date of birth, etc.
* After deciding your password commit it to your memory so you won't forget it. It is harder to remember 16+ character passwords so spend some time commiting it to memory. You cannot retrieve the data without your password.

CryptoSuite allows upto 128 different characters to be used for any element of the password, so remember not just to use the letters a to z and numbers, there is a wide range of possible characters you can use.

Your password is the key to your data. When deciding your password think of yourself as a locksmith. The more complicated password (key) you make the harder it is for people to retrieve what you are trying to protect.


For further reading we have provided a link to a site which has even more coverage on passwords.
http://geodsoft.com/howto/password/password_basics.htm

HTH Pilli

Hi Pilli:
Thanks for the reply. Yes I was aware of most of what's stated in the help section of CS. I wasn't referring to CS specifically. I meant it in the more general sense, as in why would someone take ANY encrypting system and 1.) encrypt their message and then 2.) encrypt THAT already once encrypted message again and would that in and of itself serve any useful purpose? Hopefully you can "decrypt" my meaning on this. (Sorry, couldn't help myself! lol)...

{QUOTE-> Hopefully you can "decrypt" my meaning on this. (Sorry, couldn't help myself! lol)... <-QUOTE}I'm not an enctryption expert but I suppose it may give you more security though probably no more than the doubly encrypted method used by CS. The encryption is only as strong as the pasphrase protecting it and in your scerario you would have to remember two ;D Though I suppose you could just note them down on a sticky affixed to your monitor :P

Cheers. Pilli

Hi Pilli:
Thanks again for your reply.Good idea with the sticky notes. Don't think it will be necessary though. I keep a notebook clearly marked "Passwords" on my computer desk so I know where to find it at all times. Happy New Year...ns51

ROFL! ;D

Happy New Year mate :)

Thanks for the wishes Pilli. And Happy New Year to you as well...ns51

DO NOT DOUBLE ENCRYPT!

Encrypting again to with the SAME PASSWORD can generate a file which will easily reveal the password in some crytographic factoring routines. If I knew the exact reason for this (or would just explain it) the NSA would either arrest me or offer me a job.

If you are that concerned about security, double encrypt with a different password.

Now that's nasty.

Sorry about the last post,

It should have read double encrypt with a different algorithm and not a different password.

I will be quite now.

DA:
Thanks for your input. That's a good point about using different algorithms. Re passwords: It's just me, but I have thought for some time now that another program DiamondCs could develop would be a password generator. Just my opinion, but I think a program like that would nicely complement Cryptosuite...