[Qt-interest] cascaded encryption with AES, Twofish, Serpent - how to create keys in secure way
Brad Hards
bradh at frogmouth.net
Thu Feb 25 12:54:44 CET 2010
On Tuesday 23 February 2010 01:55:07 Hagon wrote:
> Hello!
> I'm developing a simple app using QT and Botan. I would like to implement
> "cascaded encryption" using AES, Twofish and Serpent (like in truecrypt).
> I know that I must create a "Pipe" or "Chain" with three cipher objects.
> The encryption scheme should use a single password for all the ciphers
> listed. How to create keys for these three ciphers from the password in
> secure way??? I know that using single key for multiple encryption
> algorithms is rather insecure... This will be an open-source app.
I would suggest not working at such a low level. It is very easy to make a
simple design mistake that renders the whole thing insecure. More crypto is
not better crypto.
If you still want to try it, I'd suggest generating the keys from a passphrase
using PBKDF2, which Botan supports, but QCA provides in a more convenient (Qt-
style API) form, although you'd probably be better off just using the OpenSSL
plugin for Qt.
If you still want to do it with Botan, just follow the Botan example code. Not
much Qt-specific stuff in the end.
Brad
More information about the Qt-interest-old
mailing list