Re: Remailers and ecash
-----BEGIN PGP SIGNED MESSAGE----- Lucky Green wrote:
On Sun, 28 Sep 1997, Anonymous wrote:
Nonsense. Type 1 remailers offer a certain level of security. It is suitable for many applications. Type 1 remailers require a fairly determined attacker to thwart. They would certainly keep you safe from the IRS, but maybe not the NSA.
Even if you were running a child kidnapping ring and failing to report the income, you would be pretty safe using Type 1 remailers. The NSA would never take the chance of revealing their capabilities just to save a few kids.
I disagree. The entire Type 1 networks can be trivially analyzed. It doesn't require an NSA for this. A single person that understands mixes and a few hackers to compromise some of the upstream, downstream servers, not even the remailers themselves, could do it.
Type 1 remailers are fun toys. No more.
Please pardon my ignorance, but could you elaborate on this attack? Assuming the user's machine is not compromised, in which case the game is over, whose machines are being broken into? Are you saying that The Enemy just watches the messages going in and out of a particular site and then watches the site where they suspect the messages are going? Monty Cantsin Editor in Chief Smile Magazine http://www.neoism.org/squares/smile_index.html http://www.neoism.org/squares/cantsin_10.html -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAwUBNC/lZ5aWtjSmRH/5AQFZqQf+IDR2uv2cB77x0DmEb83Zqq1+a63MjLr1 jUB8v/sQoCXRX0WfoEls5FBqu19/13AVk8y1UdNdXz6oFwEZ0hlBeLBt6jOhSQcq nl49H1sFsYOuQKTAMioaO8srlENVETK5kUb0PUPrah9jgj3j66zR3FdDQWUeur5C +DcpCkjfrv9BwQt8PJ4PYtnmsaHDTuI1ESI1qpE5U0UdKUx2i2FtP9HtwUamWSA7 ZviDOfqlliVIhe3HWmC1rcr2VizqWA++HetEEehmPNVt2AwpWvUiIn15fnhL1HW4 vnOJAcxRx/ThI/ON5L4Y0af8Q1YowkNIvqWLU8vEaNFfgC8sxV50pQ== =IAPf -----END PGP SIGNATURE-----
On Mon, 29 Sep 1997, Anonymous wrote: [In reply to my claim that Type 1 remailers are fun toys. No more].
Please pardon my ignorance, but could you elaborate on this attack? Assuming the user's machine is not compromised, in which case the game is over, whose machines are being broken into? Are you saying that The Enemy just watches the messages going in and out of a particular site and then watches the site where they suspect the messages are going?
Correct. The adversary watches messages move in and out of the mix. [This is quite easy to acomplish, given the security or lack thereof, of much network infrastructure]. I really don't have the time to write an intro on this topic. Subscribe to the Bugtraq mailing list for a year and you'll understand what I mean. Once you have all the mail going in and out, you make use of the simple fact that Type 1 messages must shrink with each hop. See the classic essay "Mixmaster & Remailer Attacks" at http://www.obscura.com/~loki/remailer/remailer-essay.html IMHO, operating Type 1 remailers is doing the world a disfavor. It provides a compromised technology to a large number of people unaware of the fact while, if anything, slowing down development and deployment of better technology. Do you think it would have taken two (or more) years to port Mixmaster to DOS had there been no Type 1 remailers? Of course not. If you run a Type 1 remailer, do your users a favor: shut it down and replace it with a Type 2. Thanks, -- Lucky Green <shamrock@cypherpunks.to> PGP encrypted email preferred. "Tonga? Where the hell is Tonga? They have Cypherpunks there?"
Lucky Green wrote:
On Mon, 29 Sep 1997, Anonymous wrote: [In reply to my claim that Type 1 remailers are fun toys. No more].
Please pardon my ignorance, but could you elaborate on this attack? Assuming the user's machine is not compromised, in which case the game is over, whose machines are being broken into? Are you saying that The Enemy just watches the messages going in and out of a particular site and then watches the site where they suspect the messages are going?
Correct. The adversary watches messages move in and out of the mix. [This is quite easy to acomplish, given the security or lack thereof, of much network infrastructure]. I really don't have the time to write an intro on this topic. Subscribe to the Bugtraq mailing list for a year and you'll understand what I mean.
I run two Type 1 remailers on different machines which access different ISPs. I not only swap in/out messages between machines, I also send some of the email via separate machines on separate accounts. The remail I handle is not super-clandestine stuff, it is mostly for those who wish to post to health lists without insurance company narcs gathering information they can use to fuck them out of their coverage. I also employ some tactics which I will not reveal, as my stance is that one should proceed as if every spook in the world is monitoring them, regardless of the level of security that may be sufficient if one goes by surface appearances. If one is serious about anonymity, then one should always assume that each and every remail contains life and death information that should not be compromised. Fuck You ~~~~~~~~
participants (3)
-
Anonymous -
Fuck You -
Lucky Green