Re: Needle in a haystack--or is this just stupid?

The needle in a haystack idea is good, it will make the attacker's work
a little harder. IF you need that much security. Modern crypto is good
enough for the security levels a normal person would need. If you are
inventing something that you wish to copywrite and would make you 2
billion dollars richer, then by all means add stuff to your crypto
system.

A better way to do the needle technique would be encrypt 15 files of
various types Say 5 random junk files,.5 text files, and 5 executable
files. Encrypt all these with your system, (Lets assume AES). Lets say
your REAL file is file A, and file A is a text file. You want to make
these 5 encrypted 'needle' files near the size of your real file A.
Hell just make them all 1 MB if your file A is 1 MB. Encrypt them by
choosing random passwords that are over 25 bytes long (you could make a
program to choose junk passwords that you will never need again).
Now make sure your 16 files (15 plus the real file) have no file names
that are revealing, and timestamps that dont give away info (make the
timestamps all the same). Make sure you dont encrypt your real file
with the same password that you encrypted your 'needle' files with, and
make sure your password is about or over 25 characters long.
If you are really paranoid, you can create a virtual disk, and use
superencryption to encrypt your file A, then add your dummy files!
Superencryption just means you are encrypting your file A twice or more
with the same cipher, or twice or more with different ciphers. I would
choose twice with two DIFFERENT ciphers. If you do this, make SURE you
do not choose the same password for both encryptions!

Have fun!
Received on Thu Sep 29 21:44:33 2005