Does dual-encryption weakens the encryption?

Discussion in 'privacy technology' started by rpk2006, Aug 23, 2016.

  1. rpk2006

    rpk2006 Registered Member

    Joined:
    Jan 29, 2003
    Posts:
    35
    Location:
    India
    I have several encrypted files which I want to store to Mega Cloud Storage (Mega.nz). These files are already encrypted using AES-256 cipher.

    Since Mega also encrypts the files using AES-256 before storing on it's cloud, I want to know whether dual encryption weakens the encryption or not.

    Encryption keys are different.
     
    Last edited: Aug 23, 2016
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    5,057
    I didn't read any research that would show that multiple encryption would be weaker than single. Following logic I would say it's harder to decrypt more-than-once encrypted files (using different keys) - but I might be wrong.
     
  3. haakon

    haakon Registered Member

    Joined:
    May 25, 2015
    Posts:
    752
    Location:
    SW USA
    I do the same with another cloud service using AES. But I encrypt my files with Serpent256 just to make life difficult for anyone who might have success in stealing the files from the service.

    I agree with Minimalist. Encrypting an encrypted file would enhance the hardening given different keys. If it didn't, or if it would cause problems, it certainly would have risen to the top side of the Bad Practice List long ago.

    Then again, you could pose the question to Mega Cloud Storage and post up their reply here. No?
     
  4. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,592
    Let me offer a real world example supported by years of coding virtual perfection. Enter TrueCrypt: they mostly perfected what is referred to as "cascade" of algo's. Using even their public binary it is possible to encrypt volumes where you the basic user can cascade up to 3 unique and seperate algo's for each volume. In order to decrypt or access the volume an adversary would have to "break" currently unbroken algo's ---- ALL THREE --- would need to be compromised to gain anything. Severing 2 algo's, and by the way none have been publicly broken in any way, would give you nothing.

    Having used Cascades for years, just know the downside is speeds are highly affected due to computational requirements as each and every byte requires mathematical "crunching" to derive the end product --- or decryption!

    For purposes here, you are manually encrypting at separate times so the software protocol is not quite as important as it is/was during our coding with TrueCrypt binaries. Cascading's weak point is that the hand-off or "way" in which the progression through the algo scheme is handled has to be monitored so as to not allow a vulnerability. Randomness, Salts, etc... Don't know why I am rambling but I remember behind the scenes and we discussed this more than would seem obvious on the front end.
     
  5. rpk2006

    rpk2006 Registered Member

    Joined:
    Jan 29, 2003
    Posts:
    35
    Location:
    India
    @haakon

    Which tool you are using for encryption with Serpent 256?
     
  6. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    No. If both encryption systems work as they should (without bugs/vulnerabilities/etc.) then you have nothing to worry about.
     
  7. quietman

    quietman Registered Member

    Joined:
    Dec 27, 2014
    Posts:
    490
    Location:
    Earth .... occasionally
    From my own experiences , results may be unpredictable ..... at best !

    I was playing with some USB sticks that featured "on-board " encryption ( AES-256 ) and copied a bunch of unimportant files to them ,
    along with some files that I had encrypted myself , just for fun ( also AES-256 based ).

    Those double-encrypted files were gone , forever .

    I was already in contact with the manufacturer on another matter , so I described the situation and asked about a fix.
    " No chance " was the answer , no back-doors , nothing .... their policy was that double-encryption is not recommended,
    but I didn't really get an explanation in terms of technical or mathematical detail .... not surprising I guess , " proprietary info etc "

    Just to be stubborn , I tried again with several different encryption methods , and I always got my files back ... go figure !

    I made a " mental note to self " ..... never double-encrypt anything that isn't backed -up elsewhere. :)
     
  8. oliverjia

    oliverjia Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    1,517
    What do you mean your double-encrypted files were gone forever? You deleted them, or they just disappeared by themselves?
     
  9. haakon

    haakon Registered Member

    Joined:
    May 25, 2015
    Posts:
    752
    Location:
    SW USA
    PeaZip. I use the 64-bit portable.

    For Google Drive and MS Sky storage, I create a 7z AES256 self-extracting archive and then an ARC Serpent256 self-extracting archive of that. This scheme allows for archives containing a portable app and personal files (i.e. Thunderbird) that I can download and self-extract to a friend's or family or new or any Windows system should some disaster happen to all my systems.

    For cross-platform archiving of data only (docs, spreadsheets... um, art videos), one can forego the self-extraction.

    Nice wrap-up of the cascade feature. :thumb:

    I use Twofish and Serpent for my VeraCrypt containers. I takes about 35 seconds to mount a 1 GB container on my i7 3rd gen system. Though a third algo wouldn't add too much more, I do need to use the same container(s) on i5 2nd gen and E8400 systems, the latter taking about 2 minutes. So, two are Good Enough.

    08/28 EDIT: The mount times I cited are expected and a direct result of optional hardening available in VeraCrypt chosen on purpose for my needs. They are not representative of the program's typically exceptional performance.

    BTW, containers are great for syncing. Work with one on the E8400, copy the container to the i7 and i5 using a transfer method of your choice.

    Separate encryption, not quit as important but much better than trusting a service's HTTPS setup and your browser to protect unencrypted files as they transverse teh webbunetz to the encrypted servers.

    My thinking out loud: The cloud services using encryption would have long ago discovered that dropping encrypted (regardless of method) files into their storage would be a problem and we'd be seeing warnings like, "Don't encrypt your files or don't use AES." I haven't see that and could stand to be corrected.

    Sidebar for the noobs and uninitiated: None of this has any relevance to encryption security if your password is M0reBeer!
     
    Last edited: Aug 28, 2016
  10. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,592

    The write time of large files is highly affected by the use of multiple algo's, and to some extent the processor matters because again its mathematical functions that have to be concluded along the way.

    You mentioned that you are using VeraCrypt so I cannot determine how "hardened" you have made your headers on the volume(s) in question. The PIM value (if you employ that feature) will drastically determine the time to open the volume. Once opened the volume will work as the older TC volumes did. However; high PIM values necessitate tremendous computational tasking to open the volumes. Your tradeoff presents itself clearly ----- high PIM and hardened headers mean nobody is getting in. But, you will sit by for 5-10 seconds while your machine computes the needed functions to open the volume. Once open its all good. We still get folks complaining that their volumes don't open instantly like TrueCrypt used to, but once I delineate why that is a good thing they understand and usually determine they will pick safety over speed. Very clear tradeoff.
     
  11. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Maybe you should use some reliable tools to encrypt/decrypt your files instead on blaming it on the double encryption itself.
     
  12. quietman

    quietman Registered Member

    Joined:
    Dec 27, 2014
    Posts:
    490
    Location:
    Earth .... occasionally
    Neither !

    My apologies , my post was lacking some details .
    When I said " gone " I meant it was impossible to decrypt them , but the double-encrypted files were still present .

    I never stated which tools were used , nor did I "blame" anything or anyone .
    I can not "see" inside the USB sticks in question , so I only have the manufacturer's scant information on the encryption method used .

    I simply stated a set of circumstances which caused me the irrecoverable loss of data , and made me wary of double-encryption.
    As stated in my post , this was an experiment using worthless test files , so no harm done :)

    On the more abstract question of the merits of double-encryption , the notion is as ancient as cryptography itself ,
    which has been around almost as long as written language .
     
    Last edited: Aug 28, 2016
  13. haakon

    haakon Registered Member

    Joined:
    May 25, 2015
    Posts:
    752
    Location:
    SW USA
    From that I take it you have something to do with VeraCrypt? If so: Thanks for VeraCrypt!

    In reporting those times I failed to impart that they were expected as such. I use a 4 digit PIM in the 4000-5000 range. (I would certainly re-think that if I were running a N3700 or G4400 proc and I'd use AES.) And I have other volumes not so hardened which mount quite rapidly.

    I edited my post #9 accordingly.

    As for VeraCrypt's sitting by "for 5-10 seconds while your machine computes," there are other things my machine makes me sit by for, too. :D
     
    Last edited: Aug 28, 2016
Loading...