3/21 Ron Rivest is at it again: he's invented a technique to achieve
message confidentiality with hash functions and no encryption,
simple, intuitive, and completely non-export-controlled.
http://theory.lcs.mit.edu/~rivest/chaffing.txt
\_ note that he's just rephrased steganography to have a more dynamic
method of mixing the message bits into another data stream, and he
relies on message authentication to reject the superfluous data.
old mechanical crypto systems in the 60s did stuff like that
but filtered by using the same psuedo-random sequence as the
sender. Rivest's method will require a good random generator at
the sender (to permute packet order for the chaff). it will
\_ why do you think that? my reading of his text didn't imply
any packet order changes, just one or more chaff mesgs per
valid packet. please mail me --oj
\_ The packets go out in the same order, but you have to send
chaff too, and the chaff has to be in an unpredictable
order with respect to the wheat. If you always do
wheat1-chaff1-chaff1 wheat2-chaff2-chaff2 wheat3-chaff3-chaff3
it's not hard to figure out where the wheat is.
also probably make everybody's exportable authentication code
get reclassified as munitions, now that someone's pointed out
how it "really is encryption" (the way regulators think). --karlcz
p.s. he also requires that the secret authentication key get
transported by some other secure means (public-key encryption
for those of us without exploding-attache-case couriers ;-).
\_ I'm not too terribly impressed. As karlcz pointed out there's
still this secret-key business thats required to create valid MACs
and I'm not really psyched about the typical CSUA idiot adding
300 chaff packets per wheat packet to keep their email and porn
URLs secret from "Them". The net is slogged enough as it is.
What really needs to happen is to drop the ridiculous export
controls. If I'm a terrorist or in the mafia, I _am_ going to
\_ That was exactly Rivest's point, though. Obviously a block
cipher is much more effective than chaffing, but it's currently
in a very different political position. But Rivest's own
conclusion is: "Mandating government access to all communications
is not a viable alternative. The cryptography debate should
proceed by mutual education and voluntary actions only." That
goes for international controls as well as domestic.
use the best possible encryption for all communications, and
be damned the US law. Hello, duh, a terrorist or high powered
mafioso is already going away for life. Going to add 3 months
of consecutive time for an encryption export violation?!?
\_ you miss the point. If encryption were export legal, then it'd
be easy to market via consumer channels. Once that happens,
you can pretty much kiss good-bye law enforcement's ability to
wire-tap even the petty criminals.
\_ So the point wasn't to make a decent and reasonable secure
communications method, but was simply to snub law enforcement
with a hacked end run?
\_ Yeah, kinda looks that way. |
http://csua.com/feed/