I'm wondering if anyone is aware of any security issues of double encryption in this setup:
has anyone ever heard of any security vulnerabilities where mixing the two (NaCl and gpg) might have led to effectively weaker encryption?
what do mean by that, rclone crypt remote or what?
well, encryption using key -> encryption using passwords, should be stronger, not weaker.
to decrypt, first need the passwords, then need the key
maybe i am wrong, but what would make you think otherwise?
Yes, I meant creating a crypt remote (on top of another, e.g. google drive).
maybe i am wrong, but what would make you think otherwise?
I've been reading Applied Cryptography by Bruce Schneier and in chapter 15.7, page 305 on cascading cyphers he mentions that
There may be subtle interactions between the two algorithms that actually decrease security.
, which corroborated other anecdotal evidence gathered throughout the internet that there are certain unexpected paterns when encryption is overlaid. However, given how much time I spent looking for real-world examples of it and I couldn't find any I'm leaning towards giving up and just assuming that nobody is able to exploit such setups.
imho, your posted example is not at all the same as the link you shared.
you: key -> password + password
link: key -> key
and even if it was key -> key, the next paragraph seem clear
"Reality is much rosier. The previous warnings are true only if the different keys are related to each
other."
let's see what other forum members think?