Cryptography problem

From: Dean Hallman (deanh_at_sc.rr.com)
Date: 06/23/04

• Next message: Ken: "Re: Cryptography problem"
• Previous message: N1POP: "Re: e5n0e"
• Next in thread: Ken: "Re: Cryptography problem"
• Reply: Ken: "Re: Cryptography problem"
• Reply: Mailman: "Re: Cryptography problem"
• Reply: Lassi Hippeläinen: "Re: Cryptography problem"
• Reply: Jim Grimmett: "Re: Cryptography problem"
• Reply: Gerard Bok: "Re: Cryptography problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Tue, 22 Jun 2004 22:32:58 GMT

I have what I believe is a bit unique as cryptography problems go. I was
hoping someone on this board might be able to offer some advice or pointers
to a suitable crypto solution.

Basically, I have a web server that can process search strings, and clients
that submit search strings.

However, the client software must be *my* software (rich clients). I don't
want imposters, masquerading as my software and sending search packets the
server can't distinguish from my own

So, I need to packetize and encrypt the search string in my rich clients and
send it across the internet to the server, without hackers figuring out the
packet format and encryption method.

So, a search request would contain:

  [ UserName, password, "search string" ]

So, a hacker can figure out the original data being encrypted. Doesn't that
compromise my encryption method? If you know the original data, can't you
reverse engineer the encryption method?

I know I could add less obvious stuff to the packet, but I don't think that
adds much security. People will still eventually guess the packet contents
and layout.

So,

Q: How can I keep the encryption method secure (non-reproducable), while at
the same time, exposing for all to see the payload being encrypted?

---

• Next message: Ken: "Re: Cryptography problem"
• Previous message: N1POP: "Re: e5n0e"
• Next in thread: Ken: "Re: Cryptography problem"
• Reply: Ken: "Re: Cryptography problem"
• Reply: Mailman: "Re: Cryptography problem"
• Reply: Lassi Hippeläinen: "Re: Cryptography problem"
• Reply: Jim Grimmett: "Re: Cryptography problem"
• Reply: Gerard Bok: "Re: Cryptography problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Cryptography problem ... Basically, I have a web server that can process search strings, and clients ... the client software must be *my* software (rich clients). ... packet format and encryption method. ... (alt.computer.security) Re: Cryptography problem ... Dean, random padding would help at the start, and or end of your packet ... > that submit search strings. ... > server can't distinguish from my own ... > packet format and encryption method. ... (comp.security.misc) Re: Cryptography problem ... Dean, random padding would help at the start, and or end of your packet ... > that submit search strings. ... > server can't distinguish from my own ... > packet format and encryption method. ... (alt.computer.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.misc  > 2004-06