lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.44.0309201809350.3068-100000@deneb.intranet.cartel-securite.net>
From: biondi at cartel-securite.fr (Philippe Biondi)
Subject: idea

On Sat, 20 Sep 2003, Massimiliano Hofer wrote:

> On Saturday 20 September 2003 4:31 pm, Philippe Biondi wrote:
>
> > What is the added security value of this ??
> > Sounds more like "security through complexity" to me.
> > An IP flow does not have the properties that make FHSS have and added
> > value to communications over radio frequencies.
>
> I agree with you. Even using differnet keys for the various chunks wouldn't
> help much from a cryptographer's point of view.
> An interesting variation, though, may be to send the information through
> different routes altogether.
>
> For example I could encrypt a file, encode it so as to leave out a small but
> significant portion, send the large part to you through my main connection,
> then connect directly to a modem of yours and send the other part.
> It would be hard for an attacker to monitor two defferent media and a file
> that is not only encrypted, but incoherent, would be really hard to decode.
>
> This technique isn't new, but I've never seen it implemented in open source
> tools.

So easy to do with pppd. Suppose you have two IPs on a box, which
are reached with two different pathes : run two different tunnels with two
pppd inside with the multilink option. That's it : one aggregated
interface with round robin over the two tunnels.

But : parts of the path are always the same (at least the begining and the
end of the two pathes).  And because of the way internet works (AS, BGP,
etc.), you cannot be sure two routes will be very differents.

Last but not least : generally, communications are not intercepted, but
stolen once they lay in a mailbox (or somewhere else on a hard disk).

Moreover, this is not a good security layer. IMHO, only using PGP is the
same strenght. As it is simplier, I'll even say it can be considered to
have a better strength : what if, once you set up your 210 tunnels over
ssl over cipe over ssh, you forget to encrypt your message ?


-- 
Philippe Biondi <biondi@ cartel-securite.fr> Cartel S?curit?
Security Consultant/R&D                      http://www.cartel-securite.fr
PGP KeyID:3D9A43E2  FingerPrint:C40A772533730E39330DC0985EE8FF5F3D9A43E2



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ