Timothy C. May wrote:
At 9:38 AM 9/3/96, Hans "Unicorn" Van de Looy, aka "Deep Throat," wrote:
:: Request-Remailing-To: remailer@huge.cajones.com :: Request-Remailing-To: remailer@remailer.nl.com .... :: Request-Remailing-To: furballs@netcom.com (Paul S. Penrod) Deep Throat.
Hey, Hans, ya gotta watch those "Cc: cypherpunks@toad.com" lines! At least now we know who the _other_ "Unicorn" is.
Which brings up the following question: what is the role of human screwups in cryptosecurity? How "foolproof" (no pun intended) should be remailer clients? How can we prevent people from forgetting to delete unencrypted files after encryption? Alternatively, let's think about this: premail always fingers a certain user account at berkeley.edu to obtain remailer keys. Suppose that Joe DrugUser uses remailers to talk to his Columbian friends and the government wants to find out what he is doing. They could just break into the computer at berkeley.edu and replace keys with the government-provided keys. They could even modify the finger server so that it would be lying only to Joe's computer and would work just as before for all others (to prevent detection). The government would then intercept Joe's communications and decrypt them. - Igor.