>From: cyphrpunk <[EMAIL PROTECTED]>
>Sent: Oct 27, 2005 9:15 PM
>To: "James A. Donald" <[EMAIL PROTECTED]>
>Cc: cryptography@metzdowd.com, [EMAIL PROTECTED]
>Subject: Re: On Digital Cash-like Payment Systems

>On 10/26/05, James A. Donald <[EMAIL PROTECTED]> wrote:
>> How does one inflate a key?

>Just make it bigger by adding redundancy and padding, before you
>encrypt it and store it on your disk. That way the attacker who wants
>to steal your keyring sees a 4 GB encrypted file which actually holds
>about a kilobyte of meaningful data. Current trojans can steal files
>and log passwords, but they're not smart enough to decrypt and
>decompress before uploading. They'll take hours to snatch the keyfile
>through the net, and maybe they'll get caught in the act.

Note that there are crypto schemes that use huge keys, and it's
possible to produce simple variants of existing schemes that use
multiple keys.  That would mean that the whole 8GB string was
necessary to do whatever crypto thing you wanted to do.  A simple
example is to redefine CBC-mode encryption as

C[i] = E_K(C[i-1] xor P[i] xor S[C[i-1] mod 2^{29}])

where S is the huge shared string, and we're using AES.  Without
access to the shared string, you could neither encrypt nor decrypt.



Reply via email to