Papers about "Algorithm hiding" ?

astiglic at okiok.com astiglic at okiok.com
Fri Jun 3 16:14:18 EDT 2005 

Well, everyone who has Windows on their machine (at least a Windows 95
updated version and up, I think) has at least Microsoft's crypto provider,
 and MS CAPI to use it!  Most broswers implement HTTPS, so you have crypto
there as well.

I think we are already in a state where practically everybody that has a
computer has crypto available, and it's not difficult to use it!

Another alternative is the cyphersaber type of thing, where you could just
implement your crypto-code on the fly, as needed.

--Anton

> On 5/31/05, Ian G <iang at systemics.com> wrote:
>> I don't agree with your conclusion that hiding algorithms
>> is a requirement.  I think there is a much better direction:
>> spread more algorithms.  If everyone is using crypto then
>> how can that be "relevant" to the case?
>
> This is so, in the ideal. But "if everyone would only..." never seems
> to work out in practice. Better to rely on what you can on your own or
> with a small group.
>
> In response to Hadmut's question, for instance, I'd hide the crypto
> app by renaming the executable. This wouldn't work for a complex app
> like PGP Suite but would suffice for a simple app. Rename the
> encrypted files as well and you're fairly safe. (I've consulted with
> firms that do disk drive analysis. From what I've seen, unless the
> application name or the data file extensions are in a known list, they
> won't be seen. But my work has been in the realm of civil suits,
> contract disputes, SEC claims, and the like; the investigators might
> be more thorough when trying to nail someone for kiddie porn.)
>
> Or use another app which by the way has crypto. Winzip apparently has
> some implementation flaws
> (http://www.cse.ucsd.edu/users/tkohno/papers/WinZip/ ) but a quick
> google doesn't show anything but brute force and dictionary attacks
> against WinRar.
>
> --
> There are no bad teachers, only defective children.
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to
> majordomo at metzdowd.com
>



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list