Post antiguos sobre encriptacion

Vaya, habia metido lo siguiente por error en otro weblog...

Sobre detección de un bloque encriptado

Del grupo scri.crypt. El thread.
Esta muy interesante el hilo.
Según dicen es posible detectarlo, pero siempre habrá errores. Se supone que la detección es automatica, mediante un programa.
El primer problema, es cuantos fallos habrá, pero más atún, cuantos megas al dia de fallos habrá.

Tambien comentan que se usa mucho el uuencode y uudecode. Esto añade la problematica de que no sabes eltipo de fichero que va.

Esta parrafada es muy interesante:

ne way to avoid encryption detection is by a variation of the old microdot

routine.



1.   Digitize some old, grainy photo

2.   Replace bit k*n of the photo with bit k of the encoded message; where n

is some constant ~ 60.



With even a modest computer, no need to securely transmit the constant n.  The

recipient just tries them all.



Clearly, this method does not conserve bandwith.



Our photo eMicrodot (tm) can be compressed anbd viewed as a regular photo.

For a special treat for the boys from Justice, use a picture of J. Edgar in

drag.

¡Ah! Al principio del thread, mencionana a 'Eve'. No se si se tratará de una aplicación.

Y este otro:

 ...probably wasn't even the first to propose this, but I wrote

articles in sci.crypt in 1988-89 about the "LSB method," wherein

messages, presumably encrypted, are placed in the least significant

bit of a GIF or other image, or in the LSBs of digital audio tapes.

(Cf. Kevin Kelly's article in "Whole Earth Review," Summer 1993, or in

his new book, "Out of Control," for a description.)



A version of this was hacked in PhotoShop, by me.



Several "stego" (steganography, which is of course what this is)

programs now exist, notably "JSTEG" (pun on JPEG) and "Stego."



Romana Machado's "Stego" program for the Mac has gotten a fair amount

of attention. I think it's available at the sumex.stanford.edu archive

site.



Interestingly, law enforcement types are speculating that the computer

porn folks using the Lawrence Livermore Labs computers were using the

LSB method to smuggle out defense secrets. I doubt it pretty strongly.

Y...

Otro thread, sobre detección de 'ciphertext'.

Esta parrafada es buena:

"Any decent crypto software produces a perfectly uniform distribution,

i.e. totally random-looking data. Any automatic crypto-detection

software would be looking for known crypto-headers or uniformly-

distributed data after all other headers.



To increase NSA's computers workload, you may simply add layers of

encoding or compression, like uuencode .zip .arj .tar etc.



Since there's a bewildering amount of data formats and software,

trying to match a file's distribution with the typical one is a

daunting task.  The file may be too small to detect a significant

difference, and many won't even be recogniced.



So it's possible to foil automatic cryptogram detection by padding

files with non-randomly distributed garbage.  The garbage may be

chosen to imitate the distribution of common formats (wich may be

difficult) or simply with a different pattern each time.



The bottom line is that *detecting* a message may be as hard as

cracking a cipher.  For that reason, personal-ads in papers and

even flower orders were forbidden in WWII. So what chances have"

spys against the gigantic Usenet?"

Y ya para acabr por hoy, un concepto, steganography. Es el hecho de ocultar un mensaje.