Re: Remailer passphrases
At 5:43 AM 3/12/96 -0500, Gary Howland wrote:
On Mon, 11 Mar 1996, Gary Howland wrote:
root access to the system, something like "strings /dev/kmem" could narrow the search for the passphrase down significantly. Of course one could obfuscate the passphrase by XOR'ing it with 0x80, but that's only security through obscrurity.
Sure, _if_ they were able to gain root access without rebooting the machine, but the usual scenario is that the filth turn up with black bin liners, not men from the NSA.
The bottom line of all cryptography is that there is something that must be kept secret. Since it must be kept secret, there is always a significant level of paranoia about the means to keep the secret. For example, one could imagine an attacker attaching a logic analyzer to the CPU chip, unloading the on-chip caches and then rummaging thru the system memory for the secret. One of the reasons classical (government) crypto users change keys frequently is to minimize the amount of data compromised by a broken key. We keep hearing about NSA decrypting 20 year old cyphertext and showing more of the workings of the atomic spy rings operating in the 40s and 50s. If an opponent can rubber hose the key, her job is easy. If she has to perform cryptoanalysis, it is much harder. Remailers should regularly change their keys to avoid compromising previously recorded traffic. (They can have a long lived key for signing their traffic keys.) Regards - Bill ------------------------------------------------------------------------ Bill Frantz | The CDA means | Periwinkle -- Computer Consulting (408)356-8506 | lost jobs and | 16345 Englewood Ave. frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA
Bill Frantz writes:
One of the reasons classical (government) crypto users change keys frequently is to minimize the amount of data compromised by a broken key. We keep hearing about NSA decrypting 20 year old cyphertext and showing more of the workings of the atomic spy rings operating in the 40s and 50s. If an opponent can rubber hose the key, her job is easy. If she has to perform cryptoanalysis, it is much harder. Remailers should regularly change their keys to avoid compromising previously recorded traffic. (They can have a long lived key for signing their traffic keys.)
Signed Diffie-Hellman key exchanges have the property known as "Perfect Forward Secrecy". Even if the opponent gets your public keys it still will not decrypt any traffic for him at all -- it just lets him pretend to be you. Thats one reason why protocols like Photuris and Oakley use the technique. Perry
On Tue, 12 Mar 1996, Perry E. Metzger wrote:
Signed Diffie-Hellman key exchanges have the property known as "Perfect Forward Secrecy". Even if the opponent gets your public keys
Just to clarify Perry's statement- Diffie-Helman key exchanges can provide Perfect forward secrecy if fresh parameters are used each time- protocols like the old version of SKIP, which do not use fresh paramaters each time, do not provide perfect forward secrecy. Simon --- They say in online country So which side are you on boys There is no middle way Which side are you on You'll either be a Usenet man Which side are you on boys Or a thug for the CDA Which side are you on? National Union of Computer Operatives; Hackers, local 37 APL-CPIO
-----BEGIN PGP SIGNED MESSAGE----- [To: perry@piermont.com] [cc: cypherpunks@toad.com] [Subject: Re: Remailer passphrases ] [In-reply-to: Your message of Tue, 12 Mar 96 14:51:47 EST.] <199603121951.OAA02237@jekyll.piermont.com> "Perry E. Metzger" <perry@piermont.com> enscribed:
Bill Frantz writes:
One of the reasons classical (government) crypto users change keys frequently is to minimize the amount of data compromised by a broken key. We keep hearing about NSA decrypting 20 year old cyphertext and showing more of the workings of the atomic spy rings operating in the 40s and 50s. If an opponent can rubber hose the key, her job is easy. If she has to perform cryptoanalysis, it is much harder. Remailers should regularly change their keys to avoid compromising previously recorded traffic. (They can have a long lived key for signing their traffic keys.)
Signed Diffie-Hellman key exchanges have the property known as "Perfect Forward Secrecy". Even if the opponent gets your public keys it still will not decrypt any traffic for him at all -- it just lets him pretend to be you. Thats one reason why protocols like Photuris and Oakley use the technique.
True, but when the problem at hand is sending mail to a remailer, the technique is of little or no value, since there is no initial exchange, right? So this is a misleading argument. At least it is related to cryptography and The Cypherpunk Agenda(tm)! Chris McAuliffe <cmca@alpha.c2.org> (No, not that one.) -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBMUX9UIHskC9sh/+lAQGItwP+IfITBi+LUAcV9O1w6071zvmNaDQNC5nG OVe34+h5kKDyBnb2bLuVX5zEtuS56tiE0mgEaD5nevoRLijW1qqCRAsxi9/pfKcp tjWzU1qbUptkJn8LBZPzFXGsXuHh6cF/W1Zk1q+81KURRkH0glYI2u0HY740YF7J dxidEBZRQKc= =8F6m -----END PGP SIGNATURE-----
participants (4)
-
cmca@alpha.c2.org -
frantz@netcom.com -
Perry E. Metzger -
Simon Spero