I had a thought. With all the talk of honeypot systems, and services.
Wouldn't it make more sense to have a Crypto cipher that took into
account the possibility of being brute forced and provided one or more
sets of logical pseudo-information when cracked, but only the real
information when actually cracked/authenticated?
at it's simplest level, have one set of data that is the actual message,
and another set of data that is something that could be the actual
message. Security would increase given the number of sets of
pseudo-data included in the encrypted message...so if it were cracked
using brute force, how would they know it was actually what they were
looking for. My understanding is that brute force relies on there being
only one possible true answer for it to work. While this is still true
with this idea, there also exists multiple pseudo-answers that provide
information that may or may not look like the actual answer.
This could be combined with further honeypot systems and ids to both
make it difficult to get to the correct system, and to immediately be
notified that someone is actively trying to brute force your encryption
and it's time to change keys. E.g. a password is encrypted using this
method, and 30 sets of pseudo-data is included in the encrypted
password. lets say when properly brute forced it provides 20 deadend
passwords that just don't work, 10 passwords that lead to honeypots
systems, and 1 real password that gets them, or the authenticated user
in. if they try any of the 30, before the 1, an IDS could be easily
configured to ban their IP, alert the admin, or even run a script that
does all this and then changes the key.
i don't know if this is a new idea or not.. i guess it would be HoneyPot
Encryption... ?
Austin Murkland
john@gmail.com wrote:
Use a Vernam cipher. If you do it right it will be fun to watch them try to
crack it.
