"paul a. bauerschmidt" <[EMAIL PROTECTED]> writes:
> neat question:
>
> http://www.arcot.com/arcot_ieee.pdf
>
> a method of protecting private keys using camouflage, in software, to
> prevent dictionary attacks.
>
> one password will decrypt correctly, many other passwords will produce
> alternate, valid-looking keys to fool an attacker.
>
> is this an example of security through obscurity (a thought which many
> frown upon, it seems)?
>
>
> please feel free to mail me personally if you want to shred/shed light.
>
> .paul bauerschmidt
The trade off here is that if the attacker can get it wrong 1/n times,
so can the user (from miss-keying (i.e typing mistakes)). Depending on
the application, a low n might be disastrous.
--
Stefan Kahrs in [Kah96] discusses the
notion of completeness--programs which never go wrong can be
type-checked--which complements Milner's notion of
soundness--type-checked programs never go wrong [Mil78].
