> If you encrypt something twice with different keys,you can decrypt it with
> both keys - but mathematically, there is another
> key of a similar length that can decrypt that message equally well.
The probability that the result is strong is increased (consider the
case where 1/1000 keys is weak).
Also, if you do a bit more work, you can come up with something like 3des.
[mod: Now lets stop this cryptography discussion. - Weak keys should
be prohibited: You don''t want to allow weak keys. If you think
you''re
using 3DES to get a 112bit key (Because you don''t trust 56 bits), then
it is highly unfortunate if one of the keys turns out to be a no-op.
Why does 3DES only use 2 keys and not three? Because you could use 3
keys and still only get 112 bits of security. Why does DES use 56 bits
of key, and not say 64? Because DES has close to 56 bits of real
security. (Differential cryptanalysis has a complexity comparable to
54 bits, right?) It is easy to make more bits "influence" the output
of your cryptographic algorithms, but it is hard to make them actually
cryptographically matter. -- REW]
--
Raul
