Re: Compressible encryption

From: Ernst Lippe (ernstl-at-planet-dot-nl_at_ignore.this)
Date: 09/15/03 

Date: Mon, 15 Sep 2003 18:36:11 +0200

On Fri, 12 Sep 2003 21:21:38 +0000, John E. Hadstate wrote:

>
> "Ernst Lippe" <ernstl-at-planet-dot-nl@ignore.this> wrote in message
> news:3f61cd7e$0$20755$48b97d01@reader20.wxs.nl...
>> Most log files contain highly stereotyped patterns, e.g. they generally
>> start with a date/time and consist of a few templates that are filled
>> in with the actual values. When an attacker knows the format of the
>> log file it is generally very easy to write a program that can recover
>> the substitution automatically.
>
> Yep. I did preface my remarks with the warning that it was a "dangerous
> thought." It's not what I'd do. But the OP is trying to work under what
> appears to me to be a set of unreasonable constraints.
In that case, it is often wiser to explain this point, and not try to
find "solutions".

> My proposal is an
> improvement on his, and it gave him certain properties he was seeking. It
> was also designed to show something about the peculiar relationship between
> compression and encryption.

I have two problems with your solution:
* It does not solve anything, but can only give a false sense of
security.

* It requires additional implementation work (how do you synchronize
the permutations between sender and receiver), and it may even reduce
the overall availability of the system due to programming errors
(which in my book means that it reduces the security of the system).

greetings,

Ernst Lippe

Relevant Pages

  • [NT] OpenFile Win32 API Log Overwriting/Rewriting
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... to modify log files and obfuscate attacks. ... Though Microsoft's IIS 5 opens its log files with the same ... Norton Internet Security 2001 logs attacks and alerts to the files, ...
    (Securiteam)
  • Re: Norton Internet Security 4.03 patch released
    ... If you are going to lock the log files, then please give us something that ... Fixed a problem where a NIS protected system would show as a security ...
    (comp.security.firewalls)
  • Re: Network Security
    ... R Martins wrote: ... > noticed that log files are no longer there, ... > responsible perpetrator who logged in and changed the ... improve your security so this can't happen in the first place. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: unsual entry using ipchains -nL
    ... I wonder which log files. ... Looks output policy is ACCEPT. ... are a really security paranoid, to change ipchains to iptables is good ... : all ports ...
    (comp.os.linux.security)