-----BEGIN PGP SIGNED MESSAGE-----
"Hal" == Hal <hfinney@shell.portal.com> writes:
Hal> However, if I were a computer-savvy law enforcement agent, Hal> and I wanted to track messages through one of my remailers, I Hal> would try a technological approach. I would first break the Hal> key for my remailer. That is trivial. The passphrase is in Hal> PLAINTEXT in the script file which runs the remailer!. It Hal> has to be. That is true of all automated remailers. Anyone Hal> who can break into the remailer server and acquire root Hal> permission can find the remailer secret key. My keys have Hal> been unchanged for three years. Surely some enterprising Hal> hackers have stolen the keys by now. Well actually... The passphrase in a mixmaster remailer is defined as an environmental variable at compile time. The passphrase is not stored in any cleartext fashion but is embedded in the executable. Additionally the newer Ghio code (Matt's latest revision) has the passphrase defined as an environmental variable in remailer.c. Once remailer is compiled, you can delete the passphrase from the code. I can't speak for the freedom or other remailers as I haven't tried them. It's a little harder to get the key than just looking for a cleartext file that contains it. That is, if the remailer operator is being careful. John Perry - KG5RG - perry@vishnu.alias.net - PGP-encrypted e-mail welcome! WWW - http://www.alias.net PGP 2.62 key for perry@vishnu.alias.net is on the keyservers. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMTwtPqghiWHnUu4JAQGN6wf+NWPn++V/D1kFCp71kDLTe/pNA97n+21L RLaOxWkq7+9K1zBIFHrzQYpJa9msud75gpNUq1s1LxzJAPY0BlCNIvqby9e7DMA/ aM6hhPUoQwljZ4SmE6ZmdFfPHz9ZchVclKUpepTv0melLEpc8Pv62eA9X1iFQMam exIbObjYD1AFYp/6O5tAKh4m+mC0bmH64O4zkXLp9tbDKUPDjdkdN9lOMfjO1oFj xJ+LCwtyA9YZxsD7GBklcd46ltiEQyrpV8PjwNJAvfIvPnplyfsvxBpg58zOF7t6 JGBj5DVk1Eyaw4sIMK6a9y/aDmkyVJVQVYozMigSS+UPKJsMCLQQFQ== =qrrn -----END PGP SIGNATURE-----