Path: ...!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: liz@poppyrecords.invalid.invalid (Liz Tuddenham)
Newsgroups: sci.electronics.design
Subject: Re: German state gov. dicthing Windows for Linux, 30k workers migrating.
Date: Mon, 8 Apr 2024 09:38:05 +0100
Organization: Poppy Records
Lines: 59
Message-ID: <1qroud8.1ot9y7y1yrh1ywN%liz@poppyrecords.invalid.invalid>
References: <uuqirt$6kgh$1@solani.org> <jgp21jl76nk0c3064ss3pbfq5pboav93hp@4ax.com> <5qb31j9c2ia9a6h2fr50onqa2vp4d4bsfm@4ax.com> <3hf31j9d0uq5b9imcq94b495c3hclbjv79@4ax.com> <1qrnmxu.99joma1j6s84iN%liz@poppyrecords.invalid.invalid> <uuuto0$2vka9$1@dont-email.me>
X-Trace: individual.net yeEJLCUlrLFr8RY4I9vq7g9iCVkjrZ5UmZE/xvd84uRx3tiAAj
X-Orig-Path: liz
Cancel-Lock: sha1:MYy9A30YyQ5TaBkaefqu3HgtdOY= sha256:z7pLOQ52z+PJFGkwbe280p7ijpEgGh7Dk6be7QgNqZc=
User-Agent: MacSOUP/2.4.6
Bytes: 3451

Don Y <blockedofcourse@foo.invalid> wrote:


>...  It costs relatively little to probe (and fingerprint)
> every accessible IP.  Then, throw a set of exploits *already* deemed LIKELY
> to compromise such a system at it and note the results.  The process can
> be automated (and likely would be given the sheer number of potential
> targets!)
[...]


I was thinking of a slightly different approach from the usual one.
With automated coding and decoding it is a relatively simple matter to
concatenate various processes such as:

Direct encipherment
Rearrangement by character or block
Insertion of dummy characters
Codes
Languages

Each of these could be broken individually, but used in succession they
become much more difficult.  This would be a system that was suitable
for small organisations where the daily arrangements could be
distributed by a separate communication -- for instance:

Today:  Shift by 5 letters - Reverse each block of 11 letters - Insert a
random character every 3rd and 17th position - shift back 7 letters -
Represent every 19th letter with it's Vail Cipher equivalent -  Arrange
letters on a 12 x 12 grid in rows and read them out by column.

Tomorrow:  Double a character every 7th position - Arrange letters on a
10 x 19 grid in rows and read them out by columns -Represent every 13th
letter with its ASCII equivalent -Reverse alternate blocks of 11
characters - Shift back 3 letters - Add a random character every 12th
position -  Arrange letters on a 9 x 17 grid in rows and read them out
by columns

Anyone trying to break into the system, even if they could guess at some
of the elements or intercept one of the distributions, would be faced
with a lot of work for very small returns.  The elements could be
changed around and new ones added to the repertoire quite easily.

> Can you enumerate all of the potential security vulnerabilities that
> you *have*?  Today?  Tomorrow??

No, but I can make life very difficult for would-be hackers in the hope
that they will turn to easier targets with better rewards.  For some
years I have had to store databases of personal information on computers
that are connected to the Web, so I have given the problem a lot of
thought.  Without access to the decoding programs (which are in an
obsolete format running on an obsolete OS) there is little chance of
anyone else decoding the information.


-- 
~ Liz Tuddenham ~
(Remove the ".invalid"s and add ".co.uk" to reply)
www.poppyrecords.co.uk