-----BEGIN PGP SIGNED MESSAGE----- As shown in Karl Barrus's very useful monthly postings, several people are running remailers that include encryption. This gives users the ability to send messages for which the destination is not visible even to someone monitoring their outgoing messages. By chaining through two or more remailers, no one site can see the mapping between source and destination. There is a big potential security weakness with most of these systems that people should be aware of. In order to run the decryption program (currently PGP) automatically, the pass phrase must be provided for the remailer's secret key. This means that the pass phrase has to exist, in the clear, in the scripts which implement the remailer. Anyone who has root privileges on the machine which is running the remailer therefore can get access both to the remailer's secret key file, and to the pass phrase that unlocks it. Even momentary acquisition of this power is enough to capture the secret key. Unfortunately, many of the encrypted remailers are running on multi-user systems over which we have only limited control. I believe that Miron's "Extropia" remailer is running on his personal system, so he should be relatively immune to this attack. But I think the others are all vulnerable. People should be aware of this when using the remailers. (This limitation is one reason I made my remailer keys only 512 bits; I felt there was little point in going to 1024 bits since the security of the remailer key can be broken so easily.) Until more of us are able to acquire personal Unix boxes it might be wise to include the Extropia remailer as part of a remailing chain for messages whose security we care about. Perhaps Karl could add a notation in his remailer lists about which machines are public and which are private. Hal -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBLAqxy6gTA69YIUw3AQG8TgP/eZNHVKw39VQWFK9reR9dFu36yIZtQQ/f wDKfvAPgkzCHxTIv3xrATCpVXd5CCbhWFLgi0/HSD2CV8uwVp5HOenjYnUu0AAZR kV2JYNJ2F2pAajnYnI5hkvDvnm9SUOC4JtNM7lLlNeJVf5hXsMw1YYkEDQfDPafr Yjs8AFodQUw= =5V+X -----END PGP SIGNATURE-----
This means that the pass phrase [for the remailer secret key] has to exist, in the clear, in the scripts which implement the remailer.
Currently that is the easiest way, to be sure. Another way would be to store the passphrase encrypted in a file so that at least it's not findable with strings(1). Here a quick hack for someone who's looking for a project: a passphrase storage process which accepts requests from a slightly modified PGP. Hal's basic point, however is not mitigated. Nothing is secure from a clever root.
Perhaps Karl could add a notation in his remailer lists about which machines are public and which are private.
An excellent suggestion. Eric
participants (2)
-
Eric Hughes -
root@extropia.wimsey.com