Hi, As some of you are aware, part of the discussion over here: https://www.wilderssecurity.com/showthread.php?t=321583 Has to do with the feasibility of using more than one cipher to encrypt the same data. As Justin and others have pointed out, doing this would most likely substantially increase the risk of there being an exploitable cipher implementation flaw, which could be far more serious than the mathematical weakness of each individual cipher by itself. While I think that I do understand this concept in theory, I'm finding it difficult to imagine a practical example. Let's say that data A is encrypted with AES, and later the output from AES (the ciphertext) is encrypted again with, say, Serpent. In what way could this increase the chance of there being an implementation flaw? Would the implementation design flaws of AES and Serpent somehow 'merge' together, revealing even more implementation flaws? The way I see it, nothing has really changed; a potential attacker would first need to separately break AES (using different kinds of attacks and/or exploiting a possible implementation design flaw unique to the given AES encryption software). After the attacker manages to do that, he would have to repeat the whole process entirely separately for Serpent. If anything, it seems to me that this would increase security, but I cannot think of a way of how it might lower it. My request: could someone give me an example of how using two ciphers might, in practice, lower security instead of increase it? Please note that the example doesn't have to be "real"; it should just be detailed enough so me and others can understand the actual mechanism that is taking place when 2 or more ciphers are being used. Thanks.