[<prev] [next>] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.44.0309201809350.3068-100000@deneb.intranet.cartel-securite.net>
From: biondi at cartel-securite.fr (Philippe Biondi)
Subject: idea
On Sat, 20 Sep 2003, Massimiliano Hofer wrote:
> On Saturday 20 September 2003 4:31 pm, Philippe Biondi wrote:
>
> > What is the added security value of this ??
> > Sounds more like "security through complexity" to me.
> > An IP flow does not have the properties that make FHSS have and added
> > value to communications over radio frequencies.
>
> I agree with you. Even using differnet keys for the various chunks wouldn't
> help much from a cryptographer's point of view.
> An interesting variation, though, may be to send the information through
> different routes altogether.
>
> For example I could encrypt a file, encode it so as to leave out a small but
> significant portion, send the large part to you through my main connection,
> then connect directly to a modem of yours and send the other part.
> It would be hard for an attacker to monitor two defferent media and a file
> that is not only encrypted, but incoherent, would be really hard to decode.
>
> This technique isn't new, but I've never seen it implemented in open source
> tools.
So easy to do with pppd. Suppose you have two IPs on a box, which
are reached with two different pathes : run two different tunnels with two
pppd inside with the multilink option. That's it : one aggregated
interface with round robin over the two tunnels.
But : parts of the path are always the same (at least the begining and the
end of the two pathes). And because of the way internet works (AS, BGP,
etc.), you cannot be sure two routes will be very differents.
Last but not least : generally, communications are not intercepted, but
stolen once they lay in a mailbox (or somewhere else on a hard disk).
Moreover, this is not a good security layer. IMHO, only using PGP is the
same strenght. As it is simplier, I'll even say it can be considered to
have a better strength : what if, once you set up your 210 tunnels over
ssl over cipe over ssh, you forget to encrypt your message ?
--
Philippe Biondi <biondi@ cartel-securite.fr> Cartel S?curit?
Security Consultant/R&D http://www.cartel-securite.fr
PGP KeyID:3D9A43E2 FingerPrint:C40A772533730E39330DC0985EE8FF5F3D9A43E2
Powered by blists - more mailing lists