On Fri, 11 Oct 2002, Tyler Durden wrote: > And indeed, in a world where most messages are fairly weakly encrypted, > bursts of strongly-encrypted messages will stand out all the more and > possibly flag the need for other methods of investigation.
Doesn't figure: while it's easy to screen for high information entropy (archives have a signature), telling weak encryption from strong is nontrivial, unless it's conveniently labeled, and you're limiting the attack to a tiny fraction of the entire traffic, not realtime. And of course you can package 'strong' encryption into a 'weak' encryption envelope, so you will only know that 'strong' encryption has been used after you've broken the 'weak' envelope.