Chaffing and Winnowing: Confidentiality without Encryption (1998)

It&#x27;s cool but basically solves a problem that no longer exists. Once you&#x27;ve caused enough suspicion, they can simply dig up the records of all the data you&#x27;ve sent, both chaff and wheat, and serve you with an order to disclose your authentication key&#x2F;lawfully hack you computer and obtain it without asking&#x2F;apply some lead pipe cryptanalysis and get it anyway. In the end, it&#x27;s no better than regular encryption, at the cost of being at least twice more inefficient.<p>Still, for all the crypto export nonsense, 1998 appears to have been a more innocent time:<p>&gt; &quot;But access to authentication keys is one thing that government has long agreed that they don&#x27;t want to have.&quot;

See also &quot;Chaffinch: Confidentiality in the Face of Legal Threats&quot; by Richard Clayton and George Danezis from University of Cambridge, which has some more plausible deniability.<p>(<a href="http://www.cl.cam.ac.uk/~rnc1/Chaffinch.html" rel="nofollow">http:&#x2F;&#x2F;www.cl.cam.ac.uk&#x2F;~rnc1&#x2F;Chaffinch.html</a>)

I&#x27;ve thought about writing a Chrome plugin to do something similar. While on it would randomly chaff the low order bits of any image you upload, and would automatically add a chaff postscript to every Gmail. An adversary would have no clue which images&#x2F;messages contain ciphertext, and which contain nothing but random chaff.

Was unreachable for me, here&#x27;s the cached version: <a href="http://webcache.googleusercontent.com/search?q=cache:zgl1Lf25QRIJ:people.csail.mit.edu/rivest/Chaffing.txt" rel="nofollow">http:&#x2F;&#x2F;webcache.googleusercontent.com&#x2F;search?q=cache:zgl1Lf2...</a>

I&#x27;m probably misunderstanding this. The way I&#x27;m envisioning this is basically a half-dozen parallel conversations, with only one of them being the actual conversation.<p>Couldn&#x27;t it be easily defeated with contextual analysis? I mean, if it were English sentences, the attacker could just choose a set of packets that make grammatical sense. Or in more real-world examples, you&#x27;d just choose the packets that form a valid HTTP session.<p>To work around this, you&#x27;d have to choose your chaff packets to flow seamlessly from one to the other, which would make chaffing a really hard problem.

Kind of interesting scheme that doesn&#x27;t really work in 2013.<p>Wouldn&#x27;t this be vulnerable to replay attacks, or am I missing something?

Might be just me, but I&#x27;m thinking encryption is way easier than this.

Isn&#x27;t this still, in essence at least, Steganography?