[usr1106]

Where does the keyspace come from? rot13 has no keys.

Of course you could do rot2 - rot24 and all the other combinations. Is that were the factor 25 comes from?

The deep inspection needs to look only at the first couple of bytes of each new a TCP connection. So it's not that disrupting. After 2 bytes you can already skip for a vast fraction of other traffic.

[jortr0n]

You'r right, the rot13 command is a shell wrapper around: ` exec /usr/bin/caesar 13 "$@" ` Forcing the key to be 13. You can obviously invoke /usr/bin/caesar with any of the 25 keys.

[hedora]

The underlying tool (caesar) will infer the key if you forget to pass it in. It does so without brute forcing.

Applying this to DPI wouldn't be too bad.