1993-07-14 - Re: xor data hiding?

Header Data

From: J. Michael Diehl <mdiehl@triton.unm.edu>
To: dsinclai@acs.ucalgary.ca (Douglas Sinclair)
Message Hash: 58f47456bb59f7e81edba63efe175555445a77aabd89952c8beea4a32fe0c5be
Message ID: <9307140017.AA03238@triton.unm.edu>
Reply To: <9307131439.AA46888@acs1.acs.ucalgary.ca>
UTC Datetime: 1993-07-14 00:51:48 UTC
Raw Date: Tue, 13 Jul 93 17:51:48 PDT

Raw message

From: J. Michael Diehl <mdiehl@triton.unm.edu>
Date: Tue, 13 Jul 93 17:51:48 PDT
To: dsinclai@acs.ucalgary.ca (Douglas Sinclair)
Subject: Re: xor data hiding?
In-Reply-To: <9307131439.AA46888@acs1.acs.ucalgary.ca>
Message-ID: <9307140017.AA03238@triton.unm.edu>
MIME-Version: 1.0
Content-Type: text/plain


According to Douglas Sinclair:
> 
> What you are talking about sounds like the original Vernam cipher that Dave
> Kahn talks about in _CodeBreakers_.  There, he was using a teletype with two 
> XORing tapes.  One tape was 1000 characters long, the other was 999.  Thus,
> 999000 characters would have to go past before the system repeated.  HOWEVER,
> once it does repeat, all security is compromized.  Even before that time,
> I believe there are subtle attacks you can use based on the repetition of the 
> keys.  So, this is not a secure cipher method.  I would personally 
> suggest tacking an 128 bit IDEA key onto 4dos.com instead.  Or use
> DES even.

The point wasn't to be unbreakably secure; it was to be UNFINDABLY secure.  We
convolute an allready encrypted message to the point of not being recognizable
as cyphertext, then we hide it on the end of a file.  We want it to look like
garbage.

> BTW: Though you could come up with a 30Kb+ string which when XORed would
> give you any plaintext, you could not come up with a few small strings
> which when used over each other would give you that.  There just isn't enough
> information to make that possible.

Agreed.  This leaves us with several OTP's laying around in zip format.  This 
isn't so bad as long as we don't forget the original 7 keys.  The main purpose
of all of this is plausible deniability.

Thanx for your comments.  Still listening.

+-----------------------+-----------------------------+---------+
| J. Michael Diehl ;-)  | I thought I was wrong once. | PGP KEY |
| mdiehl@triton.unm.edu |   But, I was mistaken.      |available|
| mike.diehl@fido.org   |                             | Ask Me! |
| (505) 299-2282        +-----------------------------+---------+
|                                                               |
+------"I'm just looking for the opportunity to be -------------+
|            Politically Incorrect!"   <Me>                     |
+-----If codes are outlawed, only criminals wil have codes.-----+
+----Is Big Brother in your phone?  If you don't know, ask me---+




Thread