2

Good day everyone! Please bear with me as this is my first post on the crypto exchange. An interesting question was raised in a meeting recently about the double-encryption problem (i.e. same algorithm used on same message block twice yields weaker results). However, the team was concerned that database encryption (such as Oracle or SQL Server's TDE) along-side SAN encryption might cause weaknesses.

For example, Wikipedia states (en.wikipedia.org/wiki/Multiple_encryption): "Picking any two ciphers, if the key used is the same for both, the second cipher could possibly undo the first cipher, partly or entirely. This is true of ciphers where the decryption process is exactly the same as the encryption process—the second cipher would completely undo the first."

However, my understanding is that TDE protects against a SAN admin decrypting the disks and walking out with a copy of the database. Not having TDE would be frowned upon by infosec unless it demonstrably causes weaknesses.

So when does double-encryption issues apply, or does it not at all here? I am more hoping to understand the rationale behind when this does/does not apply.

PrometheusRising
  • 31
  • 2
  • 1
    Welcome to crypto.stackexchange - Can you elaborate on exactly what the "double-encryption issue" you're concerned about is? – Ella Rose May 08 '19 at 14:24
  • https://en.wikipedia.org/wiki/Multiple_encryption - take a look at the section on Independent Keys: "Picking any two ciphers, if the key used is the same for both, the second cipher could possibly undo the first cipher, partly or entirely. This is true of ciphers where the decryption process is exactly the same as the encryption process—the second cipher would completely undo the first." – PrometheusRising May 12 '19 at 17:53
  • You can use the edit button to include that information into the body of your question - a more precise explanation of the problem will tend to yield more/better answers. – Ella Rose May 13 '19 at 04:08

1 Answers1

2

If we presume that the two encryption methods are secure by themselves, then having double encryption will not introduce any weaknesses. Sure, the security of the encryption may be smaller than key size of the keys combined, but if you use two different keys then the security should not be smaller than the key strength of the smallest key used.

Of course, if the same symmetric key (and IV) are used then you could get into trouble as for some operations the encryption and decryption are identical. This is, for instance, the case for stream ciphers and counter mode encryption. However, if the same symmetric key is used for two different purposes then your key management is the issue rather than the methods of encryption. I presume though that key reuse is not performed as the SAN admin should not possess the TDE decryption key, according to the info in your question.

In short, as long as you don't presume that performing additional encryption makes the initial encryption stronger, then you should be OK. The double encryption problem as you state is mainly concerned about the fact that the key strength may not double even if you encrypt with two separate keys. But as far as I see, doubling the key strength is not your goal in the first place.

Maarten Bodewes
  • 92,551
  • 13
  • 161
  • 313