Path: ...!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail From: liz@poppyrecords.invalid.invalid (Liz Tuddenham) Newsgroups: sci.electronics.design Subject: Re: German state gov. dicthing Windows for Linux, 30k workers migrating. Date: Mon, 8 Apr 2024 09:38:05 +0100 Organization: Poppy Records Lines: 59 Message-ID: <1qroud8.1ot9y7y1yrh1ywN%liz@poppyrecords.invalid.invalid> References: <5qb31j9c2ia9a6h2fr50onqa2vp4d4bsfm@4ax.com> <3hf31j9d0uq5b9imcq94b495c3hclbjv79@4ax.com> <1qrnmxu.99joma1j6s84iN%liz@poppyrecords.invalid.invalid> X-Trace: individual.net yeEJLCUlrLFr8RY4I9vq7g9iCVkjrZ5UmZE/xvd84uRx3tiAAj X-Orig-Path: liz Cancel-Lock: sha1:MYy9A30YyQ5TaBkaefqu3HgtdOY= sha256:z7pLOQ52z+PJFGkwbe280p7ijpEgGh7Dk6be7QgNqZc= User-Agent: MacSOUP/2.4.6 Bytes: 3451 Don Y wrote: >... It costs relatively little to probe (and fingerprint) > every accessible IP. Then, throw a set of exploits *already* deemed LIKELY > to compromise such a system at it and note the results. The process can > be automated (and likely would be given the sheer number of potential > targets!) [...] I was thinking of a slightly different approach from the usual one. With automated coding and decoding it is a relatively simple matter to concatenate various processes such as: Direct encipherment Rearrangement by character or block Insertion of dummy characters Codes Languages Each of these could be broken individually, but used in succession they become much more difficult. This would be a system that was suitable for small organisations where the daily arrangements could be distributed by a separate communication -- for instance: Today: Shift by 5 letters - Reverse each block of 11 letters - Insert a random character every 3rd and 17th position - shift back 7 letters - Represent every 19th letter with it's Vail Cipher equivalent - Arrange letters on a 12 x 12 grid in rows and read them out by column. Tomorrow: Double a character every 7th position - Arrange letters on a 10 x 19 grid in rows and read them out by columns -Represent every 13th letter with its ASCII equivalent -Reverse alternate blocks of 11 characters - Shift back 3 letters - Add a random character every 12th position - Arrange letters on a 9 x 17 grid in rows and read them out by columns Anyone trying to break into the system, even if they could guess at some of the elements or intercept one of the distributions, would be faced with a lot of work for very small returns. The elements could be changed around and new ones added to the repertoire quite easily. > Can you enumerate all of the potential security vulnerabilities that > you *have*? Today? Tomorrow?? No, but I can make life very difficult for would-be hackers in the hope that they will turn to easier targets with better rewards. For some years I have had to store databases of personal information on computers that are connected to the Web, so I have given the problem a lot of thought. Without access to the decoding programs (which are in an obsolete format running on an obsolete OS) there is little chance of anyone else decoding the information. -- ~ Liz Tuddenham ~ (Remove the ".invalid"s and add ".co.uk" to reply) www.poppyrecords.co.uk