At 10:52 AM 3/4/96 -0800, Hal wrote:
However, if I were a computer-savvy law enforcement agent, and I wanted to track messages through one of my remailers, I would try a technological approach. I would first break the key for my remailer. That is trivial. The passphrase is in PLAINTEXT in the script file which runs the remailer!. It has to be. That is true of all automated remailers.
Maybe I just don't know much about automated remailers, but I don't understand why you said that the passphrase "has to be" in plaintext in the script file. I find this hard to believe. While I am far from an expert on cryptographic matters, I would assume that any received attempt at a password could be securely hashed (128 bits?) and compared with a pre-stored hash value. If it's the same, it's assumed that the password was correct. What's wrong with this?