At 07:25 PM 1/9/95, dfloyd@io.com wrote:
... Of course, the DH will be hidden by a good remailer (anon.penet.fi), but it is trivial to use traffic analysis to find where the DH lies. Just monitor traffic from/to the remailer and do a series of store/retrives. Then for confirmation, forge a mail from the dh site to the remailer with the password (obtained from sniffing) to yourself. ...
Hmm, hmm. Using c'punk remailers with encrypted send blocks fixes one problem, especially if the c'punk mailers do some sort of file splitting and reassembly along the lines of what happens to IP packets that are too large for a given link. What would also help would be a mechanism for randomly varying the encrypted send-to block. The password replay attacks can be fixed by encrypting the transmitted password along with a timestamp/sequence number. One problem that remains would be a trail left by the increased traffic to/from a DH vs a normal user. That could only be fixed by a multitude of DH sites. --Paul J. Ste. Marie pstemari@well.sf.ca.us, pstemari@erinet.com