DATA
03-22-2002, 01:20 AM
Hi,
Its about hiding cipher text in cipher text.
Here is an example where hiding cipher text in cipher
text is ideal.
Alice uses a very strong crytographic algorithm.The
secret police has been sniffing these encrypted packets
for a very long time.How ever do u to the strong
nature of the algorithm.
So the secret police turns to rubber-horse-cryptanalysis
They black mail Alice or capture Alice & asks her to
reveal the keys.
If Alice doesnt reveal the key-she might have a harrowing
experience with the secret police.
Now if Alice could give another key k` such that the
cipher text (c) decrypts to another dummy plain text(D)
That would be kool,since the secret police gets to read
the dummy plain text(D) using the surrendered key k`
without compramising the real plain text(P).
Ok it goes like this.
p=plain text
c=cipher text
D=dummy plain text
k=oiginal key
k`=dummy key.
Now alice encrypt using a good asymmetric key
algorithm.
Now she has cipher text C.
Now she takes her Dummy plain text (D) and she,
C (xor) D=k`
Now to the secret police she can surrender k`.
The secret police decrypts dummy plain text D as
D=c(xor)k`
She can now say that she used k` as one time pads to
encrypt C.
There is no way to prove that k` is not a valid key unless
they ever get hold of k.
Since one time pads are the most secure cryptographic
process ever,when using true random numbers and when
the key is not ever repeated while encrytion.
What digi secret can do is...
after obtaining C frm its Feistel Network Algorithms
take dummy plain text(D),make D-a fake secret that
needed to be encrypted.
then k`=C (xor) D
eg: D=This is highly secret
the only thing is that to make them appear as * time
pads is that the length of D should be equal to length
of C.
if length of C>D
then use only that much bits of D as length of C to
generate k`
so that
D=C(xor)D
if length of D>C
then pad C with a few random bits such that length of
c is equal to length of D.
It is not important that one need to use a highly relaiable
random number generator.
A bad pseudo-random number generator with not so
random numbers work because any way it is used to make
a one time pad for the secret police to break.
The best thing any way is to promp the user to generate
a dummy plain text (D) of the same length of C.
After sep.** th,the voice for those who supported
strong cryptography were drowned.
I saw a n interview with an ex-C|A agent on BBC.he was
saying that the FB| was heavily dependent collecting
information from the internet and used lesser methods
of intelligence gathering the conventional way.
Thanx to products like digi secret,who take the atmost
care for the privacy of individuals...the word 'privacy'
still has a meaning.
If they are not able to get ur keys,they will try rubber
horse cryptanalysis & it might be a good idea to hide
cipher text in cipher text.
I have never seen any product till date using this tactic.
Using this idea might give an edge of other similar products.
Also are any of the algorithms in digisecret pure or
near to a group depnding upon which double or triple
encrytion using 2 or * keys can be used.
Any comments?
Regards Data.
Its about hiding cipher text in cipher text.
Here is an example where hiding cipher text in cipher
text is ideal.
Alice uses a very strong crytographic algorithm.The
secret police has been sniffing these encrypted packets
for a very long time.How ever do u to the strong
nature of the algorithm.
So the secret police turns to rubber-horse-cryptanalysis
They black mail Alice or capture Alice & asks her to
reveal the keys.
If Alice doesnt reveal the key-she might have a harrowing
experience with the secret police.
Now if Alice could give another key k` such that the
cipher text (c) decrypts to another dummy plain text(D)
That would be kool,since the secret police gets to read
the dummy plain text(D) using the surrendered key k`
without compramising the real plain text(P).
Ok it goes like this.
p=plain text
c=cipher text
D=dummy plain text
k=oiginal key
k`=dummy key.
Now alice encrypt using a good asymmetric key
algorithm.
Now she has cipher text C.
Now she takes her Dummy plain text (D) and she,
C (xor) D=k`
Now to the secret police she can surrender k`.
The secret police decrypts dummy plain text D as
D=c(xor)k`
She can now say that she used k` as one time pads to
encrypt C.
There is no way to prove that k` is not a valid key unless
they ever get hold of k.
Since one time pads are the most secure cryptographic
process ever,when using true random numbers and when
the key is not ever repeated while encrytion.
What digi secret can do is...
after obtaining C frm its Feistel Network Algorithms
take dummy plain text(D),make D-a fake secret that
needed to be encrypted.
then k`=C (xor) D
eg: D=This is highly secret
the only thing is that to make them appear as * time
pads is that the length of D should be equal to length
of C.
if length of C>D
then use only that much bits of D as length of C to
generate k`
so that
D=C(xor)D
if length of D>C
then pad C with a few random bits such that length of
c is equal to length of D.
It is not important that one need to use a highly relaiable
random number generator.
A bad pseudo-random number generator with not so
random numbers work because any way it is used to make
a one time pad for the secret police to break.
The best thing any way is to promp the user to generate
a dummy plain text (D) of the same length of C.
After sep.** th,the voice for those who supported
strong cryptography were drowned.
I saw a n interview with an ex-C|A agent on BBC.he was
saying that the FB| was heavily dependent collecting
information from the internet and used lesser methods
of intelligence gathering the conventional way.
Thanx to products like digi secret,who take the atmost
care for the privacy of individuals...the word 'privacy'
still has a meaning.
If they are not able to get ur keys,they will try rubber
horse cryptanalysis & it might be a good idea to hide
cipher text in cipher text.
I have never seen any product till date using this tactic.
Using this idea might give an edge of other similar products.
Also are any of the algorithms in digisecret pure or
near to a group depnding upon which double or triple
encrytion using 2 or * keys can be used.
Any comments?
Regards Data.