chaffing and winnowing + gpg?
Sen Nagata
sen_ml at eccosys.com
Fri Jun 26 15:01:14 CEST 1998
hi-
have you read the following rivest paper:
http://theory.lcs.mit.edu/~rivest/chaffing.txt
i think it would be very interesting to have a way of doing this in
gnu pg -- it's seems pretty easy conceptually.
0) start w/ a message that A wants to send to B
1) create a session key as usual (perhaps size might need to be different?)
2) perform the transformation mentioned in the paper on the message
3) split the message up into 1024 (or other size) bytes
4) 'authenticate' each of the pieces made in step 3) using the session key
5) create an appropriate amount of 'chaff'
6) assemble a single resulting message from the 'authenticated' pieces
and 'chaff'
someone has done an implementation of chaffing and winnowing, which can
be found at:
ftp://ftp.red-bean.com/pub/chaffwin/chaffwin.tar.gz
one of the great things about the chaffing and winnowing method is that
there is no encyrption/decryption involved (note: for the specific idea
mentioned above there would be because the session key must be encrypted
using B's public key).
the paper is really very interesting -- it was worth losing sleep over.
there are a number of other exciting points, but i won't spoil that fun by
mentioning them here :-)
-sen
More information about the Gnupg-devel
mailing list