Re: (Fwd) Gov't run anon servers
At 9:10 PM 3/4/96, jim bell wrote:
At 10:52 AM 3/4/96 -0800, Hal wrote:
That is trivial. The passphrase is in PLAINTEXT in the script file which runs the remailer!. It has to be. That is true of all automated remailers.
Maybe I just don't know much about automated remailers, but I don't understand why you said that the passphrase "has to be" in plaintext in the script file. I find this hard to believe. While I am far from an expert on cryptographic matters, I would assume that any received attempt at a password could be securely hashed (128 bits?) and compared with a pre-stored hash value. If it's the same, it's assumed that the password was correct.
The "passphrase" is not for access to the remailer, but so that the remailer can itself decrypt incoming messages encrypted to its public key. An automated remailer is like a little guy sitting at the machine, taking in incoming messages, decrypting the ones that are addressed to him, and taking furhter actions. In Chaum's hardware-based "digital mix," the scripts, etc., for this are stored in tamper-resistant hardware, making the attack Hal describes much harder. (Chaum was thinking that mixes needed hardware security about 15 years ago.) Unix-based remailers, and the like, don't rely on secure hardware. We've talked about possible hardware security measures, even those that only rely on physical box security. A box that does decryption, mixing, readdressing, etc., without being part of a Unix file system/network, could be a useful "Mom and Pop remailer" (the idea being that small shop owners, "Mom and Pop," could set this up, collect a little bit of spare change as a remailing fee, and not even have access to the internal state of the machine themselves. At a Cypherpunks meeting a couple of years ago we spent some time brainstorming this. It seemed plausible that a small outfit could make such "remailer boxes" and sell them cheaply. (Hardware prices have plunged even further.) --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 - 1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
We've talked about possible hardware security measures, even those that only rely on physical box security. A box that does decryption, mixing, readdressing, etc., without being part of a Unix file system/network, could be a useful "Mom and Pop remailer" (the idea being that small shop owners, "Mom and Pop," could set this up, collect a little bit of spare change as a remailing fee, and not even have access to the internal state of the machine themselves.
While a solution like that would be optimal, even just a version of Mixmaster that can use a secure RSA card would do wonders for security. The secret key is protected in the card and can't be stolen, even by root, without physically stealing the card. As long as the most of the remailers in your chain don't have compromised secret keys, it probably won't matter too much if the individual ops can examine the messages flowing through their remailer. The cards are getting cheaper and can be bought off the shelf (for now). The hardest part of retrofitting existing remailer software would probably be extracting the data from the remailer packet and formatting it properly for the card to do encryption operations on it (and back). andrew
participants (2)
-
Andrew Loewenstern -
tcmay@got.net