[Cryptography] how to detect breakage -- lures etc.??

Alfie John alfie at alfie.wtf
Sun Dec 29 20:22:44 EST 2019

On 29 Dec 2019, at 19:44, John Denker via cryptography <cryptography at metzdowd.com> wrote:
> Question:
>  What is "best practice" for detecting breakage
>  of a supposedly-secure communication system?
> Returning to present day:  Suppose my phone were a wholly-pwned subsidiary
> of (say) Unit 61398.  How would I know?  Would the NSA know?  Would they
> tell me?
> Then send orders to several submarines directing them to "break off" and
> proceed "forthwith" to rendezvous with a milchcow at such-and-such location.
> This offers a highly tempting target to the opposition.  Obviously you do
> not want your subs to go to the indicated location; instead send a long-range
> patrol plane to see if ASW forces show up.  If they do, it is a strong
> indication that your cipher is broken.
> It is not easy to come up with lures like this, but not impossible.  I
> reckon the folks on this list can come up with schemes far cleverer than
> the examples I have given.
> Bottom line:  What's best practice?  It seems kinda unprofessional to put
> a system out there and not check whether it's working.

Thegrugq had a good one a while ago - leave an unprotected Bitcoin wallet on a box,
then monitor the blockchain at your leisure for the coins to be spent.


Alfie John

More information about the cryptography mailing list