There is a really neat paper written by CS guru Ron Rivest at MIT regarding this sort of "secret hiding". Find it at: http://theory.lcs.mit.edu/~rivest/chaffing.txt I found this a few months ago and found it quite interesting...enjoy! R. Brian Manley [log in to unmask] eXegeSys, Inc. 144 E. 500 S. Salt Lake City, UT 84102 Phone: (801)538-0222 Fax: (801)538-0228 > -----Original Message----- > From: Gavin Scott [SMTP:[log in to unmask]] > Sent: Friday, June 12, 1998 5:42 PM > To: [log in to unmask] > Subject: Encryption (Was: New version of QCTerm...) > > Sorry if this is a dup. My mail client choked on some spam while I was > trying to send it the first time. > > Wirt again: > > With equal respect, let me disagree. All that you have to do to > really make > > something "obfuscated" is intermix a great deal of randomness into > an > > encrypted signal, paying special attention to make the random > symbols carry > > the same informational entropy as the encoded data. > > Ok, but are you willing to decrease the S/N ratio of your > communications > link by an order of magnitude (or whatever) in order to do this? Will > the > customer be willing to pay for 10x the network bandwidth between the > client and 3000? > > You still need to have some shared secret to initialize your pseudo- > random number generator with so that both ends agree on where the > signal > is amongst all the noise. Without something like this the signal will > be > in the same place every time you start a new connection, and it > becomes > relatively easy to figure out with a known plaintext attack. > Especially > at the start of a connection when the least information is available > for > generating randomness but the most sensitive information (logon > passwords) > are being exchanged. > > G.