Re: Arcfour in Ada

["Julian Morrison" <julian@extropy.demon.co.uk>]

"Thomas Boschloo" <nospam@multiweb.nl> wrote:

> That makes sense. I believe you could perhaps use an escape character to
> identify the end of a string. Like (and I have to dig deep into my
> memory now) when you send a bit string, you could say that '000' marks
> the end of your bit string. If you need to actualy send '000' you pad it
> like '0010' or something like that. I am a bit rusty, have to look it up
> in my old study books.

Problems with that: you have to scan and escape, scan and de-escape every
byte or byte-pair. Also over any nontrivial length of binary data, you are
likely to need many escaped characters. Worst case, this can double your
packet length. Contrast this with say a 64 bit "expect thus many bytes"
header.

Either way tho, you need to waste some overheads on that.

> [...] I don't know much about implementing TCP. I
> do know that the freedom network stopped using fixed sized packages in
> version 2.1 or something, because it took up too much bandwidth.

Yeah. Likely because most network traffic is small, so padding up to a
fixed packet size mostly wastes space. The idea of padding is to make it
impossible to use packet sizes to do traffic analysis.

The way I'm thinking of doing that for my system, is:

- each machine has a queue of multiple "inboxes", and one "outbox".

- there is one inbox per intended recipient

- inboxes are created on a first come first served basis

- any packets recieved for a recipient with an existing inbox, go into
that existing inbox

- the sender part moves the first inbox off the queue and sends it all,
then discards it and moves on to the next, etc

- to send packets, they are crammed together but then padded at
then end to an integer number of fixed size blocks.

Then the bandwith wastage is only at most a block minus one byte. Of
course in reality the algorithm will be a tad more complex, for example
having a maximum size for inboxes to prevent popular recipients typing up
the outbound line.

This relies on the assumption that in most cases, although traffic is
small, it's going repetitively to the same recipient.

> I seem to remember that they also use UDP for something but I am
> confusing myself now. The good thing about UDP is that you don't have to
> set up a connection to send data. It doesn't have to point back to you
> (which is good if you want to be anonymous).

Thanks, you gave me a useful idea there - UDP outbound can have a forged
"from" IP. Although I don't know how useful it will be in this system;
each relay needs to send an "ack" back upstream after sending its
messages. But it might be useful; I'll give it some thought.
 
> Well, who do I think I am :-) I'm sure you already know all you need to
> know and more ;-)

Heh, I'm much of a newbie too. I built my Arcfour code from the
ciphersaber cookbooks online; I'm no mathematician. Just a coder with an
algorithm and some test data to validate against.