chaffing and winnowing + gpg?

Karl Fogel kfogel at
Fri Jun 26 10:20:30 CEST 1998

I feel obligated to point out that the implementation referred to
below is essentially a toy, a "demo" implementation we made because we
were thought Rivest's idea was very cute.  It would need to be
substantially rewritten to be secure, however.  The other co-author
and I are considering re-writing it in C, using a better hash (MD5),
and smaller chunk sizes.

Karl Fogel

Sen Nagata wrote:
>  have you read the following rivest paper:
>  i think it would be very interesting to have a way of doing this in
>gnu pg -- it's seems pretty easy conceptually.
>  0) start w/ a message that A wants to send to B
>  1) create a session key as usual (perhaps size might need to be different?)
>  2) perform the transformation mentioned in the paper on the message
>  3) split the message up into 1024 (or other size) bytes
>  4) 'authenticate' each of the pieces made in step 3) using the session key
>  5) create an appropriate amount of 'chaff'
>  6) assemble a single resulting message from the 'authenticated' pieces
>     and 'chaff'
>  someone has done an implementation of chaffing and winnowing, which can 
>be found at:
>  one of the great things about the chaffing and winnowing method is that 
>there is no encyrption/decryption involved (note: for the specific idea 
>mentioned above there would be because the session key must be encrypted 
>using B's public key).
>  the paper is really very interesting -- it was worth losing sleep over.  
>there are a number of other exciting points, but i won't spoil that fun by 
>mentioning them here :-)

More information about the Gnupg-devel mailing list