I am still fairly new to encryption. I really never had a need to use it, still don't actually, but it is fun to do. So please bare with me while I try and learn, understand and do this.

I have a hypothetical question. I hope I can explain this clearly.


So in the below example, what is wrong with it, or right with it for that matter?


Lets say I have a file called bankinfo.txt. I want to encrypt this and keep it on my computer. Now lets also say I am a very, very, very paranoid person.

Ok. Now I have a few encryption options (programs) that use different algorithms. We will call them, encrypt1, encrypt2, encrypt3. I will also be using TrueCrypt and creating a file container, which will be the final step.


First I encrypt bankinfo.txt with Encrypt1.
Then Encrypt2
Then I tar the file
Then I use Encrypt1 again, then Encrypt2
Then I zip the file
Then I use Encrypt3
Then I create a TrueCrypt File container and choose the Hidden TrueCrypt Volume.

Edit: I forgot to add. During the steps above, if there are any extensions added, for ex. .tar, .zip or .bfe, I would be taking those out before I go to the next step.

Now with all of this I will use long upper case and lower case passwords that are all different (Wow would that be hard to remember, lol.)

I am not saying I would actually do this, seems to be a bit much to me. This is more of a way for me to learn, hands on, and get others thoughts on this.

So what is wrong, or right, with the above example.... Well other then it being over kill, lol.


Edit: I am also aware that TrueCrypt uses algorithm combinations such as Serpent-Twofish-AES, etc.

What is it that you are trying to achieve rather than waste your time?

Say you encrypt something with AES with 256 key length - it's impossible to brute-force ( of course you can be brute-forced to give up the key ). All other steps are unnecessary.

As pointed out, the multiple encryptions are probably pointless. But what is especially pointless is zipping it after encrypting. To compress a file, you need repeating patterns. The encryption process will (should) remove all repeated strings etc, and just give you what looks like a collection of random bytes. If it doesn't, then the encryption method is flawed. You can't compress random bytes, since there's no pattern to the data. Always compress BEFORE you encrypt. Also, you've got a step where you 'tar' a single file. This is also pointless, since a tar is an archive of a collection of files. Just compress it and be done.

This is what I was trying to achieve, input on the example I gave so I can learn and understand. I already know doing more is not necessarily better or even useful.

I have no reasons at all for adding zip or tar into it. It just popped into my head as a way to confuse someone if they got a hold of the bankinfo.txt file, so I ran with it and decided to ask about it here.

Since there is no 100% security with computers and OS's, then I wonder what is the best approach to encryption and security. With that I will learn, ask and experiment.

The things I thought of while I was doing this was that it was over kill, that remembering so many different passwords would be more then a little difficult, unless they where written down which would defeat the purpose of it all, and data loss from doing all of those above steps.

If someone really wanted to keep things secure, wouldn't confusing someone be a good part of it?

If someone was clever enough to break the encryption on your file, do you really think they'd be confused to find a compressed archive and wouldn't know what to do with it? Filename extensions are meaningless in UNIX, the encoding type on the file is what matters, and you can trivially discover that with the file(1) command (man 1 file).

"Security through obscurity" is really no security at all, and most of the time it just makes your situation worse because either a) it gives you a false sense of security or b) it just makes things more difficult for you without accomplishing anything.

As for encrypting a file with multiple different algorithms, that's pretty much pointless. As others have pointed out, if you use sufficiently strong encryption it cannot be brute-forced, so the two most likely ways someone would access your data would be either a) recovering your passphrases (most likely with a key logger), or b) brute-forcing your passphrase. A would give the attacker all your passphrases, so having multiple steps would be pointless, and if you choose weak passphrases then multiple layers isn't going to change the inevitable outcome (although it might delay the attacker for a while, but they'd already have your file and be conducting an "off-line" attack, so that really doesn't even matter).

All the replies here have helped. If the example I gave above was worth the effort and was secure, etc, then my guess is that others would have done it already and a quick Google search would have shown it, which it didn't.

So a strong encryption would work, but the bigger issue would be to safe guard the passphrase as well as making sure there are nothing like keyloggers, etc, on ones system.

Thanks everyone. I am now on to the next step. I am sure I will be back asking some more questions, I know sorry in advance, LOL.