[1810] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: "Flavors of Security Through Obscurity"

daemon@ATHENA.MIT.EDU (Andi Kleen)
Tue Jun 2 08:04:26 1998

To: linux-security@redhat.com
From: Andi Kleen <ak@muc.de>
Date: 01 Jun 1998 14:08:49 +0200
In-Reply-To: "Brandon K. Matthews"'s message of Sat, 30 May 1998 11:44:39 -0500
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

"Brandon K. Matthews" <bmatt@devils.eng.fsu.edu> writes:

> c) "Variable" ciphers.
> 
> The idea here is to implement a cipher that incorporates a huge
> number of different encryption functions. The objective is to
> overwhelm the analytic capability of an attacker. (At the end of
> this post you will find the outline of a proof about why a cipher
> of this type is intrinsically more secure.)

There are already lots of these ciphers. Examples are the Russian GOST or 
Bruce Schneier's Blowfish cipher where the SBOXes can be changed and kept 
secret. Most publicly available Blowfish and GOST implemenations use fixed,
known sboxes AFAIK (hexadecimal Pi in case of Blowfish, some standard set
for GOST), but the ciphers were really designed to work with variable SBoxes.

[mod: As I'm told, not just any S-boxes will do. You get a
cryptographically weak cypher if you don't choose your S-boxes just
right. Nobody knows how the DES people got it right, but they DID. 
Using PI might give you a good source of pseudorandom numbers, but
it is unlikely to provide good S-Boxes.  -- REW]

-Andi

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post