lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.WNT.4.58.0309220900440.3972@grizzly>
From: chris at ngssoftware.com (Chris Anley)
Subject: Re: idea

There isn't much, apart from obscurity.

Reordering cyphertext blocks might help a little in crypto terms, since
there's then a pretty large number of potential arrangements (the
factorial of the number of blocks) but you'd have to work the arrangement
you were using into a key somehow, and use something like cipher block
chaining to make the arrangement matter. There'd be disadvantages in some
systems since in the worst case (first block transmitted last) you'd need
to cache the whole transmission before you could begin decryption. Also
the 'arrangement' key would be variable length, and the rearrangement
would only really help if the message was long (20! is still only 62
bits).

The port thing sounds a little like spread-spectrum radio transmission.
Just hopping ports is pretty pointless, since anyone who can sniff any of
the transmission can sniff all of it. If spread-spectrum is what you're
aiming at, I guess a closer analogy might be to select a different
*route* for each ciphertext block, that way the sniffer can only
probably see a portion of the ciphertext, which makes cbc attacks harder.
That said, anyone using an attack based on sniffing is likely to be very
close to either the source or destination of the transmission, so the
whole concept might well be flawed.

It's also tricky to implement, since source routing seems to be generally
frowned upon.

Fun idea though... :o)

     -chris.

On Sun, 21 Sep 2003, martin f krafft wrote:

> also sprach D B <geggam692000@...oo.com> [2003.09.19.2103 +0200]:
> > does an application exist that encrypts data via pgp (gpg) then
> > breaks that up into chunks .... then connects to a remote computer
> > via ssl and sends one chunk , the order picked at random, then
> > requests a different port to be opened ....sends the second chunk
> > ... so on to conclusion
>
> uh, and the advantage is?
>
> --
> martin;              (greetings from the heart of the sun.)
>   \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@...duck
>
> invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver!
>
> why is lemon juice made with artificial flavour,
> and dishwashing liquid is made with real lemons?
>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ