On Mon, Jun 12, 2006 at 11:55:54PM +0200, Ingo Klöcker wrote: > No, it doesn't. You are still believing in security-by-obscurity meaning > that your additional "encryption" only works as long as you and the > recipient are the only ones who know the secret rule.
Please Ingo, _all_ encryption is based on "security-by-obscurity" if an attacker finds the secret key _any_ encryption system is toast. > Anyway, why do you actually think that what you want to do would make > any sense? If the encryption algorithm you use is too weak so that > additional "encryption" methods are necessary then you probably > shouldn't use this encryption algorithm in the first place. And if the > encryption algorithm you use is strong enough (e.g. AES) then you gain > nothing by additional "encyrption" methods unless those additional > "encryption" methods are an even stronger encryption algorithm than the > first one (but then why apply the first one). I can think of some possible scenarios; if an attacker is has automated the attacks, especially with attacks tailored for each known algorithm, then making the message not conform to known algorithms and structure should break the automation. Another could be, how would an attacker tell the difference between a random intercepted file that has been corrupted in transit and one with an additional human decryption step, e.g. during the window between key compromise and revocation. In this case we are dealing with humans that does not necessarily have huge amounts of resources and patience. I'd be impressed by any people communicating that actually had the patience to keep up this kind of scheme, since any communication needs manual intervention. //Samuel _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
