Re: Chaffing and Winnowing

mgraffam@mhv.net
Fri, 8 May 1998 20:15:47 -0400 (EDT)

• Next message: geeman@best.com: "Re: RSA's SecurPC not-so-"Secur""
• Previous message: staym@accessdata.com: "Re: FYI"

-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 8 May 1998, Aaron D. Gifford wrote:
> Michael J. Graffam (mgraffam@mhv.net) already mentioned the problems that can
> be created by leaving out the serial no. for the packet. He also described a
> possible solution, but I am NOT convinced that the solution is secure.

Neither am I. I'd much rather see SHA(Byte+Phrase+Sequence_number) with
all other possible bytes (with the same sequence number and a random
MAC). But, if we are limiting ourselves to 20 chaff packets and no
sequence number, I'd like to see that we can't use a simple frequency
count to get some wheat, and using a random phrase this is the only way I
could think of doing it without the sequence number.

> As I
> understood the chaffing process, a truly secure chaffing of a data stream
> should include all possible combinations?

Yeah, such a set up would make winnowing/chaffing about as difficult as
reversing the hash or bruting the secret key.

Anything less than this, and I think we open the door to theoretical
attacks.

I would not mind the 20 chaff-packet thing so much if the sequence number
were in there. This means the attacker needs to guess each byte out of
20 for the length of the message. Not trivial, so long as the distribution
of the plaintext looks like the distribution of the chaff.

> By using the original system Rivest describes, Mark would also have the
> advantage of a serial number, which in my opinion is vital to be truly
> secure.

I tend to agree.

Michael J. Graffam (mgraffam@mhv.net)
http://www.mhv.net/~mgraffam -- Philosophy, Religion, Computers, Crypto, etc
"Two things fill the mind with ever new and increasing admiration and awe
the more often and steadily we reflect upon them: the starry heavens
above and the moral law within me. I do not seek or conjecture either of
them as if they were veiled obscurities or extravagances beyond the horizon
of my vision; I see them before me and connect them immediately with the
consciousness of my existence." - Immanuel Kant "Critique of
Practical Reason"

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv

iQCVAwUBNVOgOAKEiLNUxnAfAQFIwQP7BsTnneN0d+RoWZpe9au8+7wVK23JiF42
mk+tidyp45K86s7lnW0BHcAgF1ujmZxG/nAzJo+OmE1odBb3kjeGlVWHK0noISrv
oL6G+PRztlv8Awp2Y3BjvLguV9f/kQveANmaSXnOcQ9sMM5pmb0YixENB2YdWaZf
BOG2DOU+f6M=
=PJ+3
-----END PGP SIGNATURE-----

• Next message: geeman@best.com: "Re: RSA's SecurPC not-so-"Secur""
• Previous message: staym@accessdata.com: "Re: FYI"