Full Disclosure mailing list archives
Re: Re: idea
From: Chris Anley <chris () ngssoftware com>
Date: Mon, 22 Sep 2003 09:39:33 +0100 (GMT Daylight Time)
There isn't much, apart from obscurity. Reordering cyphertext blocks might help a little in crypto terms, since there's then a pretty large number of potential arrangements (the factorial of the number of blocks) but you'd have to work the arrangement you were using into a key somehow, and use something like cipher block chaining to make the arrangement matter. There'd be disadvantages in some systems since in the worst case (first block transmitted last) you'd need to cache the whole transmission before you could begin decryption. Also the 'arrangement' key would be variable length, and the rearrangement would only really help if the message was long (20! is still only 62 bits). The port thing sounds a little like spread-spectrum radio transmission. Just hopping ports is pretty pointless, since anyone who can sniff any of the transmission can sniff all of it. If spread-spectrum is what you're aiming at, I guess a closer analogy might be to select a different *route* for each ciphertext block, that way the sniffer can only probably see a portion of the ciphertext, which makes cbc attacks harder. That said, anyone using an attack based on sniffing is likely to be very close to either the source or destination of the transmission, so the whole concept might well be flawed. It's also tricky to implement, since source routing seems to be generally frowned upon. Fun idea though... :o) -chris. On Sun, 21 Sep 2003, martin f krafft wrote:
also sprach D B <geggam692000 () yahoo com> [2003.09.19.2103 +0200]:does an application exist that encrypts data via pgp (gpg) then breaks that up into chunks .... then connects to a remote computer via ssl and sends one chunk , the order picked at random, then requests a different port to be opened ....sends the second chunk ... so on to conclusionuh, and the advantage is? -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver! why is lemon juice made with artificial flavour, and dishwashing liquid is made with real lemons?
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- idea D B (Sep 19)
- Re: idea Timo Schoeler (Sep 19)
- Re: idea D B (Sep 19)
- Re: idea Valdis . Kletnieks (Sep 19)
- Re: idea martin f krafft (Sep 21)
- Re: Re: idea Chris Anley (Sep 22)
- Re: idea Timo Schoeler (Sep 19)