On Tue, May 26, 2026 at 11:23:48AM +1200, Brian E Carpenter wrote: > > Assuming that means "breaking two algorithms is always harder than > breaking one algorithm", that is very hard to argue against, from > my point of view as a crypto ignoramus.
That depends on relative difficulty of breaking algorithms. If quantum attack against first algorithm is much cheaper than attacking the second algorithm, then the second algorithm is the bottleneck and adding the first to composite does not improve security. -Ilari _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
