lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20030920224505.GC18319@dreams.soze.net>
From: justin-fulldisclosure at soze.net (Justin)
Subject: idea

D B (2003-09-20 17:20Z) wrote:

> what the port hopping tries to achieve is making it
> even more difficult to sniff because one cant just
> sniff a certain port.... with a random range u have to
> suck in garbage data and this increases the time it
> takes to reassemble if it is even possible

But radios that listen to more than one frequency (simultaneously or
not) are (still) more difficult to construct, while popular packet
sniffers already capture everything.

I'm not sure there's anything to gain unless you have other streams that
have port (pairs) picked in a similar manner, introducing into the
collected packets 1) junk or 2) other encrypted streams undifferentiable
from the primary stream by an eavesdropper.

At that point, Isn't it just as effective to insert junk into the
original stream, which prevents attackers from 1) knowing the size of
the message and 2) being able to get a pure ciphertext stream?

The utility of obfuscating message lengths isn't clear.  If you pick a
random number n over a wide range (1-1000) and transmit it in the
encrypted stream at the beginning, and if every packet except a multiple
of n is junk, an eavesdropper has virtually no idea of the message
length (but has a maximum possible message length assuming n=1,
obviously).  But the more streams/messages you transmit, if they can be
assumed to be roughly the same length, the better an idea attacker gets
of the minimum and maximum n, and also the length of the messages.

And if you don't like that possibility, there are mix networks, but they
assume no sniffing at the source or at all/most of the ingress nodes in
the network.

-- 
No man is clever enough to          Times are bad.  Children no longer
know all the evil he does.          obey their parents, and everyone
-Francois de la Rochefoucauld       is writing a book.  -Cicero


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ