Re: GeeK: Re: Rivest's Chaffing and Winnowing

Aaron D. Gifford (agifford@infowest.com)
Tue, 24 Mar 1998 15:50:49 -0500

• Next message: Austin Mann: "Re: Chaffe variation- random sequence numbers"
• Previous message: Lewis McCarthy: "[Fwd]: Privacy Development Project"

Philicious [mailto:philen@monkey.org] wrote:
>Sent: Monday, March 23, 1998 2:45 PM
>To: Matt Blaze
>Cc: Bill Stewart; CodherPlunks@toad.com; cryptography@c2.net
>Subject: Re: GeeK: Re: Rivest's Chaffing and Winnowing
>
>
>On Sun, 22 Mar 1998, Matt Blaze wrote:
>
>> It's a cute idea. While it's not clear that it's especially
>> practical as described, it does provide a nice proof-of-concept
>> that traditional encryption isn't the only way to achieve message
>> secrecy. It also illustrates a basic internal conflict in government
>
>Highly impractical, if you ask me. Chaffing single bit packets results in
>a message 200 times larger than the original ('each wheat packet may end
>up being, say about 100 bits long, but only transmits one bit' -Rivest).
>Not only that, but how cheaply can one generate all those wheat packet
>MACs, not to mention believeable chaff packet MACs.
>
>Perhaps chaffing half-byte packets would be secure enough (only
>quadrupling the size of the message), but I am skeptical.

Hmm, I wouldn't think half-byte packets would be effective unless you
threw in 15 chaff packets for every wheat, otherwise it seems (off the
top of my head) that you'd run the risk of revealing useful information
to someone trying to winnow without the auth. key, which would seem to
indicate that whether 1 bit or 4 bit, the cost would be similar to
totaly chaff the data stream.

>
>Still, it is a nifty idea with interesting legal implications.
>
> -phil

Aaron out.

• Next message: Austin Mann: "Re: Chaffe variation- random sequence numbers"
• Previous message: Lewis McCarthy: "[Fwd]: Privacy Development Project"