Re: Ecryption Cracking Tools

[Austin Murkland <amurkland () merydion com>]

I had a thought.  With all the talk of honeypot systems, and services.  
Wouldn't it make more sense to have a Crypto cipher that took into 
account the possibility of being brute forced and provided one or more 
sets of logical pseudo-information when cracked, but only the real 
information when actually cracked/authenticated?

at it's simplest level, have one set of data that is the actual message, 
and another set of data that is something that could be the actual 
message.  Security would increase given the number of sets of 
pseudo-data included in the encrypted message...so if it were cracked 
using brute force, how would they know it was actually what they were 
looking for.  My understanding is that brute force relies on there being 
only one possible true answer for it to work.  While this is still true 
with this idea, there also exists multiple pseudo-answers that provide 
information that may or may not look like the actual answer. 

This could be combined with further honeypot systems and ids to both 
make it difficult to get to the correct system, and to immediately be 
notified that someone is actively trying to brute force your encryption 
and it's time to change keys.  E.g. a password is encrypted using this 
method, and 30 sets of pseudo-data is included in the encrypted 
password.  lets say when properly brute forced it provides 20 deadend 
passwords that just don't work, 10 passwords that lead to honeypots 
systems, and 1 real password that gets them, or the authenticated user 
in.  if they try any of the 30, before the 1, an IDS could be easily 
configured to ban their IP, alert the admin, or even run a script that 
does all this and then changes the key.

i don't know if this is a new idea or not.. i guess it would be HoneyPot 
Encryption... ?

Austin Murkland

john () gmail com wrote:
> Use a Vernam cipher. If you do it right it will be fun to watch them try to crack it.
>
>
>