Official Documentation for Chaffing/Winnowing Perl Scripts =========================================================== Ben Sussman Karl Fogel April 1998 What's chaffing and winnowing? ------------------------------ Check out . These perl scripts implement a version of the algorithms described by the famous Ronald Rivest (the "R" in "RSA"), in March 1998. In brief, Rivest has devised a method of "hiding" a message within a larger message that does *not* involve encryption. Rather, the text of the message is transmitted in the clear; the catch is that it's surrounded by hundreds of random decoy words, making it incomprehensible. By means of a shared secret password, the recipient can sift through the mess and figure out exactly which words are the "true" words of the message. How is this possible? Each word has an ASCII-hash attached to it, which is derived from the word and the password. The "true" words' hashes resolve correctly when the recipient uses the correct password. The "decoy" words' hashes are always bogus.. hence the metaphor of "separating the wheat from the chaff." What do I need to try this stuff? --------------------------------- - perl 5 - chaff.pl and winnow.pl - a standard Unix dictionary chaff.pl needs a dictionary to generate random words from time to time. Most versions of Unix keep plaintext dictionaries (wordlists) in /usr/dict. The first line of chaff.pl contains a pointer to "/usr/dict/words", which you can change to whatever you like. How do I install? ----------------- `make install' This simply copies the two perl scripts to /usr/local/bin and prints a message about using the emacs elisp interface. Also be sure to point chaff.pl toward a dictionary (see above.) How do I create a secret message? --------------------------------- The perl script "chaff.pl" takes a password as its first argument, followed by the name of a file to "add chaff to". (If the second argument is omitted, chaff.pl will read the file from stdin.) Example (using "foobar" as a password): [bsussman@minos:~]$ cat > text Hello, world. It's a nice day. [bsussman@minos:~]$ chaff.pl foobar text (1, "not", bkzVvDWFct0NQbk2LV26zgDFTo) (1, "the", bkiPbipLTB.xQbk2LV26zgDFTo) (1, "all", bkq8X69W/C052bk2LV26zgDFTo) (1, "Hello,", bkr8CMHFyb3bAbk6fW8TQSH3qE) (2, "her.", bkIjlnjHlIlzkbkLmKxyWxh1B.) (2, "garbed", bkGbJLXKGJfQobkBFOWYgNkx/w) (2, "contemptuous", bkxrroj8vIKsEbkd3msX2DqgDcbkLmKxyWxh1B.) (2, "world.", bkdQeWAKvsQrkbk6fW8TQSH3qE) (2, "The", bknll5Ul.0MsUbk2LV26zgDFTo) (3, "that", bkPCyF0O8XgSQbkLmKxyWxh1B.) (3, "No.", bkEGUh9uEw9Zgbk2LV26zgDFTo) (3, "which", bkww871uOQeX2bkv8R1LhPcfh2) (3, "Coffey", bkBbWT.gDWTi2bkBFOWYgNkx/w) (3, "It's", bkzhIkF2kx8dQbkKnCkUESKZx2) (4, "Gnat,", bk/aP8mGpEVn2bkv8R1LhPcfh2) (4, "a", bkO8kJJseTDQk) (4, "gilded?", bkhtYx3i2ynlAbkMGSvN4h9.sA) (5, "nice", bkEsmtNKYPYoobkKnCkUESKZx2) (5, "It", bkDoL0EftSVNobkvghbF20xsWY) (5, "\"freshest", bk2JH0vcOtlUMbkMozSsyageo.bkvghbF20xsWY) (5, "and.", bkhjBqPwtwJU6bkLmKxyWxh1B.) (6, "Masonite", bkFtilO6mAQuIbklhCp1klutIYbkZ2WdMbToqyc) (6, "futile", bkzhTrTfEkkEcbkBFOWYgNkx/w) (6, "And", bkfnANcrqrgaEbk2LV26zgDFTo) (6, "lacerated.", bkTlmWCO9J2.MbkfIX0LEnBjs6bkvghbF20xsWY) (6, "day.", bkrnHV73HrxVgbkKnCkUESKZx2) How do I decode a secret message? --------------------------------- Once you've received some chaffed text, you can "winnow" the wheat-words out of it with winnow.pl. Just like chaff.pl, it takes a password and a filename as arguments: [bsussman@minos:~]$ winnow.pl foobar chafftext Hello, world. It's a nice day. Using the wrong password yields nothing, since every hash then appears bogus to the script. Can I use these scripts with emacs? ----------------------------------- Darn tootin'! Karl wrote a nice elisp file included in this package (chaffwin.el) that can be loaded in your .emacs. Look at the Makefile (or run `make install') for more instructions. What are the terms of usage? ---------------------------- All source code in this package is released under the terms of the GNU General Public License (GPL). For more information, see and the GPL license "COPYING" included in this package. If you make changes, please let us know! It's more than likely we'd like to merge the improvements back into our CVS repository. Why did you write this? ----------------------- C'mon. Every kid wants to make his own secret decoder ring. :) And besides, the algorithm is new and interesting. Why does/doesn't the script do X? --------------------------------- We've got a long list of deficiencies/improvements to tackle in the TO_DO file. Top priorities include preserving whitespace faithfully and increading the "quality" of the chaff. Feel free to chip in! DISCLAIMER ========== This code is for amusement and educational purposes only. We make no claim to its fitness for any particular purpose, especially privacy. If you are a large government or a top-secret spy, we do not recommend this software for anything, and we never met you. Last updated: 4/22/98