[mothran]

Hmmm I like this trick, but that means I would have to process and decode each 802.11 as is comes in. It would create quite a bit of overhead for each packet.

Maybe I am mis-understanding you. Where would you put the MAC data in a packet? would in be broken up or just stuffed in to a single location for each packet?

[marshray]

> It would create quite a bit of overhead for each packet.

Do some benchmarking to prove that it's a serious problem first before rejecting "the right way" as too expensive.

> Where would you put the MAC data in a packet? would in be broken up or just stuffed in to a single location for each packet?

If you use a long enough MAC, say 160 bits, you can split it up and stuff the individual bits anywhere you like. You're the expert in hiding stuff in Wifi packets, not me!

But as it stands (MODULUS = N.NN, REMAINDER = 0.NN) only has 5 decimal digits = 16 bits of entropy. Bunny traffic could be identified after observing just a handful of packets (not even knowing the actual values for M and R).

[mothran]

Very good points. I did some benchmarks a while ago and found the the decode routines (un-optimized) were some of the slower pieces of code in round trip life of a packet. But with some work it could be done.

> But as it stands (MODULUS = N.NN, REMAINDER = 0.NN) only has 5 decimal digits = 16 bits of entropy. Bunny traffic could be identified after observing just a handful of packets (not even knowing the actual values for M and R).

Very true, I will add this to my TODO list, thanks.

[gfodor]

Presumably, as with tor, a little slowness is acceptable when the data being transmitted is of a clandestine nature.