Hal Finney writes:
From: mccoy@communities.com (Jim McCoy) [...]
The point is not to make a system which is absolutely, positively, no doubt about it, secure against any attacker. If cypherpunks could do this they would be working for defense contractors and others who make certified systems. The objective is to make a system which is difficult to attack, one which costs the attacker time/money. [...]
I was speaking of present conditions. If and when proven-secure Unix systems start being used as remailer servers on the net then it may be worthwhile having a larger key.
You are correct in stating that having a huge key on a remailer is as silly as putting a $500 lock on a door made of balsa wood. OTOH, the key selected is vulnerable from attacks which you cannot protect yourself against. No amount of detailed security analysis for a host is going to prevent someone else from factoring the keys, and there is nothing that can be done to prevent this from happening. To prevent this is seesm reasonable to select a key which is at least somewhat outside the range of most attackers, 510 bits seems to be pushing the lower bounds of this range a bit (while more than 1024 is probably useless overkill.) With fairly decent logging and auditing at least you know that you have been screwed when it comes to standard system break-ins, you do not know that you have a problem when your key is factored. [...]
The unix hosts running remailers also have the advantage in that they have been subjected to attack for quite a while now and most of the obvious problems (and some of the non-obvious problems) have been fixed.
I am not sure what you mean by this. My experience is that new CERT advisories come out every few months which represent security holes big enough to steal remailer keys.
Well, most of the announcements in the past year have been attacks through subsystems which a remailer should not be running in the first place (e.g. the recent chargen/daytime/etc attacks.) The fact that the announcements come out in the first place is a "good thing" because it makes you aware of the problem. The timid will then think that the system which is the subject of the announcement is insecure and place their trust in a system which is not under the same sort of public scrutiny (e.g. Windows NT, or a VM/CMS system) but which is even easier to hack. At least people are aware of security issues on Unix hosts... (a quick walk through a Computer Literacy bookstore last night turned up twelve books on Unix/internet-server security and none dealing specifically with Windoze95 or NT security, does that mean that my NT test box is perfectly secure? :) Otherwise, I agree that assuming you have a secure remailer just because you use a big key is a foolish attitude. jim