Re: (Fwd) Gov't run anon servers
I have run two remailers for about three years now, and I have never been contacted in any way by law enforcement or government people in relation to the operation of the remailers, or of any mail which has been sent through them. I get a fair number of complaints by private individuals, but I have never heard anything from the government. However, if I were a computer-savvy law enforcement agent, and I wanted to track messages through one of my remailers, I would try a technological approach. I would first break the key for my remailer. That is trivial. The passphrase is in PLAINTEXT in the script file which runs the remailer!. It has to be. That is true of all automated remailers. Anyone who can break into the remailer server and acquire root permission can find the remailer secret key. My keys have been unchanged for three years. Surely some enterprising hackers have stolen the keys by now. (That is why my keys are only < 512 bits.) Then the LEA has to insert mail-monitoring software somewhere either in the remailer system or on some connection to it. That is probably more difficult and may require cooperation from a system manager somewhere. I don't really know how hard it would be. But breaking the key is the easy part. Hal
-----BEGIN PGP SIGNED MESSAGE-----
"Hal" == Hal <hfinney@shell.portal.com> writes:
Hal> However, if I were a computer-savvy law enforcement agent, Hal> and I wanted to track messages through one of my remailers, I Hal> would try a technological approach. I would first break the Hal> key for my remailer. That is trivial. The passphrase is in Hal> PLAINTEXT in the script file which runs the remailer!. It Hal> has to be. That is true of all automated remailers. Anyone Hal> who can break into the remailer server and acquire root Hal> permission can find the remailer secret key. My keys have Hal> been unchanged for three years. Surely some enterprising Hal> hackers have stolen the keys by now. Well actually... The passphrase in a mixmaster remailer is defined as an environmental variable at compile time. The passphrase is not stored in any cleartext fashion but is embedded in the executable. Additionally the newer Ghio code (Matt's latest revision) has the passphrase defined as an environmental variable in remailer.c. Once remailer is compiled, you can delete the passphrase from the code. I can't speak for the freedom or other remailers as I haven't tried them. It's a little harder to get the key than just looking for a cleartext file that contains it. That is, if the remailer operator is being careful. John Perry - KG5RG - perry@vishnu.alias.net - PGP-encrypted e-mail welcome! WWW - http://www.alias.net PGP 2.62 key for perry@vishnu.alias.net is on the keyservers. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBMTwtPqghiWHnUu4JAQGN6wf+NWPn++V/D1kFCp71kDLTe/pNA97n+21L RLaOxWkq7+9K1zBIFHrzQYpJa9msud75gpNUq1s1LxzJAPY0BlCNIvqby9e7DMA/ aM6hhPUoQwljZ4SmE6ZmdFfPHz9ZchVclKUpepTv0melLEpc8Pv62eA9X1iFQMam exIbObjYD1AFYp/6O5tAKh4m+mC0bmH64O4zkXLp9tbDKUPDjdkdN9lOMfjO1oFj xJ+LCwtyA9YZxsD7GBklcd46ltiEQyrpV8PjwNJAvfIvPnplyfsvxBpg58zOF7t6 JGBj5DVk1Eyaw4sIMK6a9y/aDmkyVJVQVYozMigSS+UPKJsMCLQQFQ== =qrrn -----END PGP SIGNATURE-----
participants (2)
-
Hal -
John Perry