Can we combine multiple algorithms such that having any one of them be secure is safe? For example, instead of encrypting with just RSA, do one pass with RSA and then another pass with ECC. Instead of just using AES, do one pass with AES, another pass with Twofish, and a third pass with RC4. Does that actually help?
You can do this but it will probably make it less secure, not more.
Nobody seems to know if the NSA actually has practical attacks against primitives like AES or SHA-2. We do know for sure that they go after higher level implementation flaws. The more complex your encryption scheme is, the more likely it is that you'll introduce a grave flaw. It only takes one.
I'd suggest that our best bet already exists: NaCl[1]. It's by Daniel Fucking Bernstein, so the implementation is as flawless as it gets. Better yet, it doesn't use a single US-approved primitive (not even the NIST curves Schneier was warning against in his Guardian piece).
Funnily, before the leaks Bernstein's use of all his own primitives was seen as a bit wacky and concerning, but now it seems almost sensible.
DJB has always been laughed off as an eccentric paranoiac, and yet as the years go by he almost always ends up being proven right. It's been kind of a funny pattern over the past few decades.
