Papers about "Algorithm hiding" ?

Steve Furlong demonfighter at gmail.com
Thu Jun 2 08:50:25 EDT 2005


On 5/31/05, Ian G <iang at systemics.com> wrote:
> I don't agree with your conclusion that hiding algorithms
> is a requirement.  I think there is a much better direction:
> spread more algorithms.  If everyone is using crypto then
> how can that be "relevant" to the case?

This is so, in the ideal. But "if everyone would only..." never seems
to work out in practice. Better to rely on what you can on your own or
with a small group.

In response to Hadmut's question, for instance, I'd hide the crypto
app by renaming the executable. This wouldn't work for a complex app
like PGP Suite but would suffice for a simple app. Rename the
encrypted files as well and you're fairly safe. (I've consulted with
firms that do disk drive analysis. From what I've seen, unless the
application name or the data file extensions are in a known list, they
won't be seen. But my work has been in the realm of civil suits,
contract disputes, SEC claims, and the like; the investigators might
be more thorough when trying to nail someone for kiddie porn.)

Or use another app which by the way has crypto. Winzip apparently has
some implementation flaws
(http://www.cse.ucsd.edu/users/tkohno/papers/WinZip/ ) but a quick
google doesn't show anything but brute force and dictionary attacks
against WinRar.

-- 
There are no bad teachers, only defective children.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list