Re: Cryptography problem

From: Ken (s4010237_at_student.uq.edu.au)
Date: 06/23/04 

Date: Wed, 23 Jun 2004 10:47:19 +1000

Dean, random padding would help at the start, and or end of your packet
or, you could simply use SSL and get it to do authentication using
certificates or something like that.

Ken

"Dean Hallman" <deanh@sc.rr.com> wrote in message
news:us2Cc.65466$2o2.3732388@twister.southeast.rr.com...
> I have what I believe is a bit unique as cryptography problems go. I was
> hoping someone on this board might be able to offer some advice or
pointers
> to a suitable crypto solution.
>
> Basically, I have a web server that can process search strings, and
clients
> that submit search strings.
>
> However, the client software must be *my* software (rich clients). I
don't
> want imposters, masquerading as my software and sending search packets the
> server can't distinguish from my own
>
> So, I need to packetize and encrypt the search string in my rich clients
and
> send it across the internet to the server, without hackers figuring out
the
> packet format and encryption method.
>
> So, a search request would contain:
>
> [ UserName, password, "search string" ]
>
> So, a hacker can figure out the original data being encrypted. Doesn't
that
> compromise my encryption method? If you know the original data, can't you
> reverse engineer the encryption method?
>
> I know I could add less obvious stuff to the packet, but I don't think
that
> adds much security. People will still eventually guess the packet
contents
> and layout.
>
> So,
>
> Q: How can I keep the encryption method secure (non-reproducable), while
at
> the same time, exposing for all to see the payload being encrypted?
>
>

Relevant Pages

  • Cryptography problem
    ... Basically, I have a web server that can process search strings, and clients ... the client software must be *my* software (rich clients). ... packet format and encryption method. ...
    (comp.security.misc)
  • Cryptography problem
    ... Basically, I have a web server that can process search strings, and clients ... the client software must be *my* software (rich clients). ... packet format and encryption method. ...
    (alt.computer.security)
  • Re: Cryptography problem
    ... Dean, random padding would help at the start, and or end of your packet ... > that submit search strings. ... > server can't distinguish from my own ... > packet format and encryption method. ...
    (alt.computer.security)
  • Packet cap diff... for classic dhcp over winxp s/w bridge prob.
    ... the server simultaneously. ... DHCP Discover - Transaction ID 0xe5448fbb ... Time delta from previous packet: ... Time since reference or first frame: ...
    (comp.os.linux.networking)
  • Interesting TCP behaviour with large sends/small buffers
    ... The server, upon connection, sends a configurable number of bytes to ... I set the client's receive buffer size to 1MBps, ... packet before sending the next packet. ... ACK, according to the delayed ACK algorithm - 50KB bytes means 34 MSS- ...
    (microsoft.public.win32.programmer.networks)