Re: none

Somone who think's she's "Anonymous" wrote:
> you encrypt a file and call it abc.dll. You have another dll, xyz.dll.
> That could also be an encrypted file.
> You run a little program that exchanges every other byte between the two
> files

And someone claiming to be George Orwell replied:
> There would be a huge entropy difference in "every other byte"
> sequences in two files. Plus, you'd have two completely useless
> DLL's. ...

I think everyone here missed the point that the two files being mixed
are already encrypted. So there won't be an entropy difference to
exploit.

What happens when your (presumed) adversary comes across a program on
your machine that takes two files and swaps every other byte. That
just might give them a clue. What you might do to make that more
obscure is write several hundred programs that perform similar but
different transformations on two files.

"Goerge continued:
> You're describing a form of "security through obscurity". something
> that's long been looked on as utterly useless in the crypto world.

Exactly the case. But I've long thought that security by obscurity is
more useless on a large scale than on a small one. If I'm trying to
protect a lot of valuable stuff via obscurity, it will be worth
someone's while to try to crack the obscurity (e.g. if SSH was using
obscurity to protect web traffic). If instead I am protecting one
thing of relatively little value, why not add some obscurity to make
the attacker's job harder (more costly)?

Bob H
Received on Thu Jan 19 03:45:08 2006