Re: [PracticalSecurity] Anonymity - great technology but hardly used
Travis H. wrote: Part of the problem is using a packet-switched network; if we had circuit-based, then thwarting traffic analysis is easy; you just fill the link with random garbage when not transmitting packets. I considered doing this with SLIP back before broadband (back when my friend was my ISP). There are two problems with this; one, getting enough random data, and two, distinguishing the padding from the real data in a computationally efficient manner on the remote side without giving away anything to someone analyzing your traffic. I guess both problems could be solved by using synchronized PRNGs on both ends to generate the chaff. The two sides getting desynchronzied would be problematic. Please CC me with any ideas you might have on doing something like this, perhaps it will become useful again one day. But this is trivial. Since the traffic is encrypted, you just have a bit that says this is garbage or this is traffic. OTOH, this can leave you open to traffic marking attacks. George Danezis and I wrote a paper on a protocol (Minx) designed to avoid marking attacks by making all packets meaningful. You can find it here: http://www.cl.cam.ac.uk/users/gd216/minx.pdf. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff
Re: [PracticalSecurity] Anonymity - great technology but hardly used
On Tue, 2005-10-25 at 23:40 -0500, Travis H. wrote: Many of the anonymity protocols require multiple participants, and thus are subject to what economists call network externalities. The best example I can think of is Microsoft Office file formats. I don't buy MS Office because it's the best software at creating documents, but I have to buy it because the person in HR insists on making our timecards in Excel format. 1) You have told your HR person what a bad idea it is to introduce a dependency on a proprietary file format, right? 2) OpenOffice can read Excel spreadsheets, and I would assume it can save the changes back to them as well. -- Shawn K. Quinn [EMAIL PROTECTED]
Re: [PracticalSecurity] Anonymity - great technology but hardly used
On Wed, Oct 26, 2005 at 08:41:48PM -0500, Shawn K. Quinn wrote: 1) You have told your HR person what a bad idea it is to introduce a dependency on a proprietary file format, right? Telling is useless. Are you in a sufficient position of power to make them stop using it? I doubt it, because that person will be backed both by your and her boss. Almost always. It's never about merit, and not even money, but about predeployed base and interoperability. In today's world, you minimize the surprise on the opposite party's end if you stick with Redmondware. (Businessfolk hate surprises, especially complicated, technical, boring surprises). 2) OpenOffice can read Excel spreadsheets, and I would assume it can save the changes back to them as well. OpenOffice Co usually supports a subset of Word and Excel formats. If you want to randomly annoy your coworkers, use OpenOffice to process the documents in MS Office formats before passing them on, without telling what you're doing. Much hilarity will ensue. -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07100, 11.36820http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE signature.asc Description: Digital signature
Re: [PracticalSecurity] Anonymity - great technology but hardly used
At 08:41 PM 10/26/05 -0500, Shawn K. Quinn wrote: On Tue, 2005-10-25 at 23:40 -0500, Travis H. wrote: Many of the anonymity protocols require multiple participants, and thus are subject to what economists call network externalities. The best example I can think of is Microsoft Office file formats. I don't buy MS Office because it's the best software at creating documents, but I have to buy it because the person in HR insists on making our timecards in Excel format. 1) You have told your HR person what a bad idea it is to introduce a dependency on a proprietary file format, right? 2) OpenOffice can read Excel spreadsheets, and I would assume it can save the changes back to them as well. Why don't you send her comma-delimited text, Excel can import it?