23 Jul
2003
23 Jul
'03
6:32 a.m.
Had a random thought and was curious if anyone had an opinion on this: Would message-ID, and other realated mail headers that contain pseudo-random data, make a good covert channel? Eg: instead of choosing a pseudo-random value for the message ID, encrypt a block of data of the same length as the ID with a preshared secret key. Issues that spring to mind: * small, you would need quite a few overt messages to transfer anything sizeable over the covert channel. * Is it possible to tell the difference between pseudo-randomly picked values (typical mail client), encrypted data (depending on algorithm), and real randomness? (I suppose this could make the channel detectable) Thanks, Adam Lydick