My question is related to using cascading ciphers to encrypt files (specifically using Truecrypt.) I am considering using Serpent > Twofish > AES. I've heard a couple of different theories on this approach: 1. The resulting encryption will only be as strong as the weakest algorithm. 2. The resulting encryption will be as strong as the strongest algorithm. Which theory is right? Truecrypt uses the same passphrase for each cascading cipher. I've ben thinking that as soon as one cipher is cracked (probably the one which was used last in the encryption sequence) the plain text passphrase would be able to be simply used against the remaining two ciphers. Am I right? Finally, is Truecrypt encrypting the data with one cipher, then encrypting the resulting encrypted data with another cipher, and then another? Or are the three ciphers being used to encrypt different sections of data?
It's a very good question. Possibly a better idea to ask in the suitably opaque TrueCrypt forums. They're very cagey in general, those blokes. We wanted to license something specific - no dice. Hope you find the answers.
Turns out that each cipher uses a different key hashed from the same password, so even when one key is decrypted, the others remain secure, since the has can't be used against the other algorithms and can't be converted back to plain text (with the exception of a brute force attack.)