Alternating ciphers (block cipher and stream cipher)

Question

I am reviewing the code for a product our team developed where credit card information is stored in a local database. This database can be accessed in the event of no internet connection. I came across the encryption methods.

The developer who wrote this portion of our code encrypted AES over RABBIT over AES. I have seen implementations with AES over AES (same concept I suppose as Triple DES) but I've never seen or researched stacking block over stream. I don't know if the results from this are going to be consistent (i.e. without data corruption) or secure.

I would assume they would be because I assume stacking encryption with different keys can never be less secure than one time encryption. Below is a sample of the code I found.

function classSecureMessage(message){
	this.secretA=security.randomAlphaNum(56);
	this.secretB=security.randomAlphaNum(56);
	this.secretC=security.randomAlphaNum(56);
	var passStr=message;
	passStr=CryptoJS.AES.encrypt(passStr, this.secretA);
	passStr=CryptoJS.Rabbit.encrypt(passStr.toString(), this.secretB);
	passStr=CryptoJS.AES.encrypt(passStr.toString(), this.secretC);
	this.message=passStr;	
	this.decrypt= function(){
		var passStr=CryptoJS.AES.decrypt(this.message, this.secretC).toString( CryptoJS.enc.Utf8 );
		passStr=CryptoJS.Rabbit.decrypt(passStr, this.secretB).toString( CryptoJS.enc.Utf8 );
		passStr=CryptoJS.AES.decrypt(passStr, this.secretA).toString( CryptoJS.enc.Utf8 );
		return(passStr);
	}
}

EDIT: To add the performance of this is not horrible. it takes 0.012 seconds to encrypt and decrypt credit card data.

Answer 1

I can see a reference to having a block-stream-block cypher here, which mentions Bruce Schneier's book Applied Cryptography.

I've never seen stacking of the same cypher as (as it says on the link) the idea is that each party trusts a different cypher... so there's no added security in stacking AES over AES, except in the case of a brute force attack.

I would swap one of the AES cyphers with another block cypher, so in the case that one of the 2 ciphers is compromised, your data will still be secure.