There is a really neat paper written by CS guru Ron Rivest at MIT
regarding this sort of "secret hiding". Find it at:

http://theory.lcs.mit.edu/~rivest/chaffing.txt


I found this a few months ago and found it quite interesting...enjoy!


R. Brian Manley
[log in to unmask]

eXegeSys, Inc.
144 E. 500 S.
Salt Lake City, UT 84102
Phone: (801)538-0222
Fax: (801)538-0228

> -----Original Message-----
> From: Gavin Scott [SMTP:[log in to unmask]]
> Sent: Friday, June 12, 1998 5:42 PM
> To:   [log in to unmask]
> Subject:      Encryption (Was: New version of QCTerm...)
>
> Sorry if this is a dup. My mail client choked on some spam while I was
> trying to send it the first time.
>
> Wirt again:
> > With equal respect, let me disagree. All that you have to do to
> really make
> > something "obfuscated" is intermix a great deal of randomness into
> an
> > encrypted signal, paying special attention to make the random
> symbols carry
> > the same informational entropy as the encoded data.
>
> Ok, but are you willing to decrease the S/N ratio of your
> communications
> link by an order of magnitude (or whatever) in order to do this?  Will
> the
> customer be willing to pay for 10x the network bandwidth between the
> client and 3000?
>
> You still need to have some shared secret to initialize your pseudo-
> random number generator with so that both ends agree on where the
> signal
> is amongst all the noise.  Without something like this the signal will
> be
> in the same place every time you start a new connection, and it
> becomes
> relatively easy to figure out with a known plaintext attack.
> Especially
> at the start of a connection when the least information is available
> for
> generating randomness but the most sensitive information (logon
> passwords)
> are being exchanged.
>
> G.