[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How do I know if its encrypted?



   From: [email protected] (Dale Harrison (AEGIS))

   It's an artificial example, but one that points out that merely doing a 
   frequency analysis on the datastream isn't enough to guantee the correct 
   answer.

You don't always need the correct answer.  You just need the correct
answer most of the time.  You're trying to create a presumption about
behavior.  Ensuring that you can't read almost all of the traffic is a
pretty good way to assure people that you don't try to make sense of
any of it.

The fundamental purpose here is social communication about intent.

   Reliable remailer software will have to worry about false postives 
   as well as false negatives; especially if it's a fee-for-service operation.

I just don't agree with this.  If you feel it needful to install an
entropy filter, expect that its failures will simply accrue to the
general unrealiability measurement for that remailer.

And there's no reason you couldn't publish the algorithm so that a
user couldn't check the entropy for themselves in advance.

   Of course the implicit assumption in that statement is that encrypted 
   traffic hasn't been outlawed or regulated, or that the sender doesn't want 
   to 'appear' to be sending encrypted traffic.

I don't design for the paranoid.

Eric