lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: biondi at cartel-securite.fr (Philippe Biondi) Subject: idea On Sat, 20 Sep 2003, Massimiliano Hofer wrote: > On Saturday 20 September 2003 4:31 pm, Philippe Biondi wrote: > > > What is the added security value of this ?? > > Sounds more like "security through complexity" to me. > > An IP flow does not have the properties that make FHSS have and added > > value to communications over radio frequencies. > > I agree with you. Even using differnet keys for the various chunks wouldn't > help much from a cryptographer's point of view. > An interesting variation, though, may be to send the information through > different routes altogether. > > For example I could encrypt a file, encode it so as to leave out a small but > significant portion, send the large part to you through my main connection, > then connect directly to a modem of yours and send the other part. > It would be hard for an attacker to monitor two defferent media and a file > that is not only encrypted, but incoherent, would be really hard to decode. > > This technique isn't new, but I've never seen it implemented in open source > tools. So easy to do with pppd. Suppose you have two IPs on a box, which are reached with two different pathes : run two different tunnels with two pppd inside with the multilink option. That's it : one aggregated interface with round robin over the two tunnels. But : parts of the path are always the same (at least the begining and the end of the two pathes). And because of the way internet works (AS, BGP, etc.), you cannot be sure two routes will be very differents. Last but not least : generally, communications are not intercepted, but stolen once they lay in a mailbox (or somewhere else on a hard disk). Moreover, this is not a good security layer. IMHO, only using PGP is the same strenght. As it is simplier, I'll even say it can be considered to have a better strength : what if, once you set up your 210 tunnels over ssl over cipe over ssh, you forget to encrypt your message ? -- Philippe Biondi <biondi@ cartel-securite.fr> Cartel S?curit? Security Consultant/R&D http://www.cartel-securite.fr PGP KeyID:3D9A43E2 FingerPrint:C40A772533730E39330DC0985EE8FF5F3D9A43E2
Powered by blists - more mailing lists