Subject: | |
From: | |
Reply To: | |
Date: | Sun, 14 Jun 1998 13:03:40 -0600 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
There is a really neat paper written by CS guru Ron Rivest at MIT
regarding this sort of "secret hiding". Find it at:
http://theory.lcs.mit.edu/~rivest/chaffing.txt
I found this a few months ago and found it quite interesting...enjoy!
R. Brian Manley
[log in to unmask]
eXegeSys, Inc.
144 E. 500 S.
Salt Lake City, UT 84102
Phone: (801)538-0222
Fax: (801)538-0228
> -----Original Message-----
> From: Gavin Scott [SMTP:[log in to unmask]]
> Sent: Friday, June 12, 1998 5:42 PM
> To: [log in to unmask]
> Subject: Encryption (Was: New version of QCTerm...)
>
> Sorry if this is a dup. My mail client choked on some spam while I was
> trying to send it the first time.
>
> Wirt again:
> > With equal respect, let me disagree. All that you have to do to
> really make
> > something "obfuscated" is intermix a great deal of randomness into
> an
> > encrypted signal, paying special attention to make the random
> symbols carry
> > the same informational entropy as the encoded data.
>
> Ok, but are you willing to decrease the S/N ratio of your
> communications
> link by an order of magnitude (or whatever) in order to do this? Will
> the
> customer be willing to pay for 10x the network bandwidth between the
> client and 3000?
>
> You still need to have some shared secret to initialize your pseudo-
> random number generator with so that both ends agree on where the
> signal
> is amongst all the noise. Without something like this the signal will
> be
> in the same place every time you start a new connection, and it
> becomes
> relatively easy to figure out with a known plaintext attack.
> Especially
> at the start of a connection when the least information is available
> for
> generating randomness but the most sensitive information (logon
> passwords)
> are being exchanged.
>
> G.
|
|
|