"paul a. bauerschmidt" wrote:
> neat question:
>
> http://www.arcot.com/arcot_ieee.pdf
>
> a method of protecting private keys using camouflage, in software, to
> prevent dictionary attacks.
>
> one password will decrypt correctly, many other passwords will produce
> alternate, valid-looking keys to fool an attacker.
>
> is this an example of security through obscurity (a thought which many
> frown upon, it seems)?
No, it is IMO a valid example of security through ambiguity. Side-tracking
attackers is a useful method employed for example in a more direct form
in the UNIX crypt salt method -- which also reduces the efficiency of dictionary
attacks.
Cheers,
Ed Gerck
