[5866] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: crypto camouflage in software

daemon@ATHENA.MIT.EDU (Ed Gerck)
Fri Oct 8 20:25:15 1999

Message-ID: <37FE887F.9D8DFBF1@nma.com>
Date: Fri, 08 Oct 1999 17:12:47 -0700
From: Ed Gerck <egerck@nma.com>
MIME-Version: 1.0
To: "paul a. bauerschmidt" <bauersc@bauerschmidt.com>
Cc: cryptography@c2.net
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

"paul a. bauerschmidt" wrote:

> neat question:
>
> http://www.arcot.com/arcot_ieee.pdf
>
>  a method of protecting private keys using camouflage, in software, to
>  prevent dictionary attacks.
>
>  one password will decrypt correctly, many other passwords will produce
>  alternate, valid-looking keys to fool an attacker.
>
>  is this an example of security through obscurity (a thought which many
>  frown upon, it seems)?

No, it is IMO a valid example of security through ambiguity.  Side-tracking
attackers is a useful method employed for example in a more direct form
in the UNIX crypt salt method -- which also reduces the efficiency of dictionary
attacks.

Cheers,

Ed Gerck


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[5866] in cryptography@c2.net mail archive

Re: crypto camouflage in software

daemon@ATHENA.MIT.EDU (Ed Gerck)Fri Oct 8 20:25:15 1999

daemon@ATHENA.MIT.EDU (Ed Gerck)
Fri Oct 8 20:25:15 1999