LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 08-08-2007, 02:45 AM   #1
mistersnorfles
Member
 
Registered: Aug 2007
Distribution: Gentoo 2007.0
Posts: 51

Rep: Reputation: 15
Multiple Ciphers To Prevent Known Plaintext Attacks


I'm just starting to learn about how encryption works, so forgive me if this is a senseless question...

Let's say somebody wants to read a file that I have written, placed in an archive. I have encrypted the archive, using a "computationally secure" algorithm.

From what I understand, if the attacker knows which algorithm I have used AND knows a bit about the data (i.e. it is .RAR format archive containing ASCII text written in English), they can use a known-plaintext attack against the encrypted data to try to figure out the key.

But if I were to encrypt it using one computationally secure algorithm, and then encrypt the encrypted file with a different algorithm, would that not render the known plaintext attacks useless by moving the data away from it's "known" location?

I figure because the known plaintext attacks work on data that has parts which are known, and a "secure" encryption algorithm will not have data that is known to be in a certain spot, they would have to crack the outer layer of encryption by brute force, before being able to run a known plaintext attack on the inner encrypted file.

Is this sound reasoning?

Thanks,
Mr. Snorfles

PS:
And by the way, I am worried about encrypting all of my backups and losing the key. Would the above method be a safe way for me to back something up, and be able to store a private key (with a good passphrase) along with the backups?

Why, if you need a passphrase to use the key, is it so necessary to guard the private key so closely? Would it render the encryption completely useless if the passphrase protected private key was stored on the backup disk?

Last edited by mistersnorfles; 08-08-2007 at 05:43 AM.
 
Old 08-08-2007, 08:21 PM   #2
stress_junkie
Senior Member
 
Registered: Dec 2005
Location: Massachusetts, USA
Distribution: Ubuntu 10.04 and CentOS 5.5
Posts: 3,873

Rep: Reputation: 331Reputation: 331Reputation: 331Reputation: 331
It turns out that you are not the first person to think of using multiple encryption passes on a chunk of data. If you use True Crypt for your encryption engine you can encrypt a chunk of data up to three times using three different algorithms. This is transparent to you so it is very convenient.

www.truecrypt.org

True Crypt works on entire disk partitions or on container files, not on individual files. You encrypt your backups by putting them on an encrypted partition. That's very different than something like PGP or GPG that encrypts individual files.

Worried about losing your encryption key and losing access to your data? You should be. Consider this. If it were possible to gain access to your encrypted data without knowing the key then the encryption would be worthless. Once you encrypt data you absolutely must remember the key. Period. No exceptions.

You might put your encryption key on a removable Flash memory device in order to remember it. That would also allow you to use a more random sequence in the key rather than some spoken phrase. But if you lose the Flash memory device and you don't remember the key then you cannot gain access to the data. That's it.

Last edited by stress_junkie; 08-08-2007 at 08:30 PM.
 
Old 08-09-2007, 01:38 AM   #3
mistersnorfles
Member
 
Registered: Aug 2007
Distribution: Gentoo 2007.0
Posts: 51

Original Poster
Rep: Reputation: 15
I'm not talking about losing the passphrase. I am talking about losing the key file. I can easily remember a 12+ character password, just not a 256-bit encryption key... So what I'm asking is how much security, if any, is lost by using conventional encryption where there is not a keyfile, and is only a password (like using gpg -c --cipher-algo AES256 FILENAME)?

Truecrypt seems interesting - there is a lot of interesting reading about cryptography on their page. Thanks for the link.

--Mr. Snorfles
 
  


Reply

Tags
encryption, known, truecrypt


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Prevent a single user from multiple simultaneous logins MichaelP Linux - Networking 6 03-12-2008 10:11 AM
SSH - Problem with ciphers HaPagan Linux - Security 7 11-28-2005 05:49 AM
How to prevent DoS attacks m_thangbk Linux - Security 13 07-19-2005 07:19 AM
How can I prevent multiple instances of Mplayer / Kmplayer? vinbob Linux - Newbie 3 06-01-2005 08:43 AM
weak ssl ciphers in webmin hari_seldon99 Linux - Security 2 12-04-2004 06:33 AM


All times are GMT -5. The time now is 09:21 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration