[2345] in cryptography@c2.net mail archive
RE: GeeK: Re: Rivest's Chaffing and Winnowing
daemon@ATHENA.MIT.EDU (Karl A. Siil)
Tue Mar 24 13:33:51 1998
Date: Tue, 24 Mar 1998 10:32:42 -0500
To: Matt Thomlinson <mattt@microsoft.com>, "'Philicious'" <philen@monkey.org>,
Matt Blaze <mab@crypto.com>
From: "Karl A. Siil" <karl@invengen.com>
Cc: Bill Stewart <bill.stewart@pobox.com>, coderpunks@toad.com,
cryptography@c2.net
In-Reply-To: <5CEA8663F24DD111A96100805FFE658705449B54@red-msg-51.dns.mi
crosoft.com>
Actually, I think you miss Rivest's point. The paper describes an, albeit interesting, system that in a world without export controls would go unused; possibly uninvented. The paper may fire investigations that produce more useful technology, but to use C/W to bootstrap a secret-key system defeats the primary intent.
At 05:40 PM 3/23/98 -0800, Matt Thomlinson wrote:
>you miss the point. Just use winnowing chaffing for what it is best at:
>bootstrapping a secure channel from an authenticated one. After that, resume
>normal crypto usage.
>
>Exchanging a 128-bit key (and then assuming your 200x blowup) = 26000 bits/8
>~~= 3kbytes. Large, but not undoable in terms of bootstapping a new channel.
>
>mattt
>
>-----Original Message-----
>From: Philicious [mailto:philen@monkey.org]
>Sent: Monday, March 23, 1998 2:45 PM
>To: Matt Blaze
>Cc: Bill Stewart; coderpunks@toad.com; cryptography@c2.net
>Subject: Re: GeeK: Re: Rivest's Chaffing and Winnowing
>
>
>On Sun, 22 Mar 1998, Matt Blaze wrote:
>
>> It's a cute idea. While it's not clear that it's especially
>> practical as described, it does provide a nice proof-of-concept
>> that traditional encryption isn't the only way to achieve message
>> secrecy. It also illustrates a basic internal conflict in government
>
>Highly impractical, if you ask me. Chaffing single bit packets results in
>a message 200 times larger than the original ('each wheat packet may end
>up being, say about 100 bits long, but only transmits one bit' -Rivest).
>Not only that, but how cheaply can one generate all those wheat packet
>MACs, not to mention believeable chaff packet MACs.
>
>Perhaps chaffing half-byte packets would be secure enough (only
>quadrupling the size of the message), but I am skeptical.
>
>Still, it is a nifty idea with interesting legal implications.
>
> -phil
>
Karl
