[2332] in cryptography@c2.net mail archive
Re: Chaffing and winnowing - efficiency improvements
daemon@ATHENA.MIT.EDU (Ian Goldberg)
Mon Mar 23 18:09:32 1998
To: cryptography@c2.net
From: iang@cs.berkeley.edu (Ian Goldberg)
Date: 23 Mar 1998 20:32:07 GMT
In article <199803231813.LAA10397@nyx10.nyx.net>,
Colin Plumb <colin@nyx.net> wrote:
>I can make a couple of observations. One is that since the MAC
>attached to chaff packets is arbitrary, you might as well use the
>wheat's MAC. E.g. you'd send (0,0,4529), (0,1,4529), (1,0,2752),
>(1,1,2752), (2,0,9136), (2,1,9136), etc.
>
>This, however, lends itself to the obvious compression technique of
>omitting the actual data bits and sending just (0,4529), (1,2752),
>(2,9136), etc. Rivest's Charles, along with a friend (Dawn) at Bob's
>end, could easily convert Alice And Bob's legitimate communications to
>this form, and Dawn could generate the redundant packets to try at the
>far end.
>
>This is getting *closer* to practical. Of course, anything is
>practical if nothing better is available due to GAK.
Yup. There's also a convenient knob to twist here. If you have kick-ass
processors communicating via a slow serial link, just up the number of bits
you MAC in each packet (actually, only the receiver needs to be kick-ass).
The sender transmits just the serial number and the MAC of the (8, 16,
whatever bits) and the receiver tries all (256, 65536, whatever) combinations.
The higher your compute power-to-throughput ratio is, the further you
can twist this knob.
Of course, this is starting to look less like chaffing and more like
symmetric-key crypto.
- Ian
--
Run this on your export version of netscape 4.04 to enable strong crypto!
#!/usr/bin/perl -0777pi
s/ITS:.*?\0/$_=$&;y,a-z, ,;s, {4}$,true,gm;s, 512,2048,;$_/es
