Corrupting files

Ingo Klöcker kloecker at kde.org
Mon Jun 12 23:55:54 CEST 2006 

On Monday 12 June 2006 22:15, Tom Thekathyil wrote:
> Hi Robert,
>
> Thanks for your response: that was for a trivial case :)
>
> Now let's try a curveball.  We substitute lines 9 to 12 for the
> equivalent _somewhere else_ in the code, so it won't be a simple
> transform.  This is based on a rule that a message sent on the 12th
> day of June would have certain properties, so no memorizing is
> required.

Memorizing the rule and, more importantly, keeping the rule secret is 
required.

>
> 8   JuNi0jiIA6
> 9             nS1MSGrUoLv0VInSrfTKpEJtHCN7aksVxIOuiYgJySp6nWM0o8zpVL
> 10  1g5g8ipqHD45e5cDQOB2bRxqPLF+oUPHE0daaGtzUiccUGlKmuikOPjGlZKpqHQx
> 11  zVkrE/uEQil6UJMM/lhGXLI+pg4FzleotlWz0Dhc2lLqjqMHGTzt7uxcR6IFsqJT
> 12  HNkl21JswgxN0DlZaWLhBQeoAKKFbZWpZz4kbN9vYjTsqGhsMnNplH
> 13                                                        GZvEnQ2oGy
> 14  qGlhUpW75BKVXgp2SWVqIkWJkws5VUofMQrblF19Pma1rKiK4GXUBK20k36sOj5y
>
> Let's consider another scenario where lines 9 to 12 are meaningless
> code inserted into the message. B has the rule to dispose of it but
> no one else would know the location and length of corruption.
>
> My gut feeling is that the human element throws a spanner into the
> algorithm.

No, it doesn't. You are still believing in security-by-obscurity meaning 
that your additional "encryption" only works as long as you and the 
recipient are the only ones who know the secret rule.

Anyway, why do you actually think that what you want to do would make 
any sense? If the encryption algorithm you use is too weak so that 
additional "encryption" methods are necessary then you probably 
shouldn't use this encryption algorithm in the first place. And if the 
encryption algorithm you use is strong enough (e.g. AES) then you gain 
nothing by additional "encyrption" methods unless those additional 
"encryption" methods are an even stronger encryption algorithm than the 
first one (but then why apply the first one).

Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20060612/5f627314/attachment.pgp

More information about the Gnupg-users mailing list