Re: Security through authentication

Harvey Newstrom (harv@gate.net)
Thu, 26 Mar 1998 11:43:11 -0500


Alexander 'Sasha' Chislenko wrote:
> More info is available at http://theory.lcs.mit.edu/~rivest/chaffing.txt

Interesting paper on the theoretical level. I used a similar technique
in 1984 to simulate allow dumb asni terminals to enter clear-text
passwords without the passwords appearing over the network clear text.
It was not encryption, but added enough garbage going to and from the
dumb terminal from the host, that only the host could easily determine
which characters were typed from the user.

The drawbacks to the paper you cite are:
1. Huge bandwith overhead. Adding equal amounts of chaff and real
message doubles the message size. More chaff increases it further.

2. Huge packet overhead. Whole words or names would be visible in
individual packets, unless the packets are extremely small. The paper
gives an example of 1-bit messages inside 100 bit packets. This turns a
one-minute transmission into a 100 minute transmission! More
accurately, the minimum TCP packet size is more like 100 BYTES, which
would be 1000 bits over a modem (with start and stop bits). This makes
that one minute transmission time 1000 minutes, or 16 hours and 40
minutes!

3. This method still includes secret authentication keys that must be
exchanged between the participants and known only to them. It would be
just as easy to exchange encryption keys. This method does not seem to
add any security, does not simplify procedures or difficulties, but does
greatly increases bandwith.

4. The proposal seems to be based on the idea that "encryption" is
export-controlled, but this new method would not be because it is not
"encryption". The various laws I have seen do not use a scientific
definition of "encryption". They describe any means to hide, encode, or
make unreadable a secret message. I think that this form of
reformatting a message to make it unreadable would be considered the
same as "encryption" by government and law enforcement agencies.

This seems to be a lawyer's trick to bypass export laws rather than a
technical solution to securing communications.

--
Harvey Newstrom <mailto:harv@gate.net>
PGP 5.5 Fingerprint:  F746 7A20 EB7D 27BA 80A5  4473 D8E1 6A54 1EB0 56F7
PGP Public Key available from <ldap://certserver.pgp.com>