chaffing and winnowing

Chaffing and winnowing are dual components of a privacy-enhancement scheme that does not require encryption. The technique consists of adding false packets to a message at the source (sender end of the circuit), and then removing the false packets at the destination (receiver end). The false packets obscure the intended message and render the transmission unintelligible to anyone except authorized recipients.

At the source, each legitimate message packet is assigned a unique serial number and a message authentication code (MAC). Every serial number and MAC is known to the receiver in advance. Then the bogus packets are added at the source; this is the chaffing process (chaff is the undesirable part of a plant such as wheat that is separated during milling). The chaff packets have the same format as the legitimate ones, and they also have reasonable serial numbers, but they have invalid MACs. It is impossible to tell the difference between the legitimate packets and the chaff except by comparing MACs at the destination.

At the destination, the chaff packets are removed by comparing MACs. This is called winnowing. If an incoming packet has a bogus MAC, it is discarded; if it has a legitimate MAC, it is accepted. Thus, the original message is recovered.

This was last updated in September 2005

Continue Reading About chaffing and winnowing

Dig Deeper on Email Security Guidelines, Encryption and Appliances