>> That depends on relative difficulty of breaking algorithms. If quantum >> attack against first algorithm is much cheaper than attacking the second >> algorithm, then the second algorithm is the bottleneck and adding the >> first to composite does not improve security. > > Last time I checked, 1000+1 > 1000, which is all I was asserting. If I’d > asserted "breaking two algorithms is always *significantly* harder than > breaking one algorithm", I would have been wrong.
You keep ignoring or forgetting that the above “+1” is not free, so one has to evaluate the cost/trouble of adding that “1” against the benefits it’s going to add. For example, nobody argues that if we super-encrypt AES ciphertext with , e.g., ARIA — we’ll increase the overall security. But, for reasons quite obvious, nobody seems willing to add that “+1” to the “1000” that AES already provided.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
