DSA for encryption
Hi, I'm working on an enhancement to a Web-based program that allows you to circumvent proxy server censorship by sending a request for a Web page to a computer in the outside world that is not blocked by the proxy, and having that computer re-send a copy of the banned page back to you. The current version of the software, written by Brian Ristuccia this past summer, is at http://ians.ml.org:8801 where you type a URL into the form, submit it, and the resulting page has a URL like: http://ians.ml.org:8801/aHR0cDovL3d3dy55YWhvby5jb20= instead of http://anon.free.anonymizer.com/http://www.yahoo.com/ which is what Anonymizer gives you, which makes it obvious what you were looking at to anyone who looks through the proxy server logs. Of course, any manufacturer of Internet censorship proxy server software could easily add ians.ml.org to their list of blocked sites (as they have all already done with Anonymizer), so the idea would be for people to get their friends to set up port-forwarding programs on computers that were not blocked by the censoring proxy, and those could be set up to relay requests between the IANS server and the computer behind the proxy server. The general outline for this scheme is at http://www.peacefire.org/bypass/Proxy/ and the current version of IANS ("Internet Alternate Name Space") is part of the way towards implementing this (theoretically) bulletproof solution. The major pending improvements to the IANS software are (1) the URL is not truly encrypted; the garbled characters in the URL above just represent some basic scrambling to evade detection by people who sweep their proxy server log files for keywords, (2) even if the URL were really encrypted, when you first fill out the form, the URL is submitted to IANS in the clear, so it could be detected by any censoring proxy server that logs data submitted by GET or POST. One Internet censorship proxy server called SmartFilter already does this and blocks you from submitting *any* banned URL's using GET or POST, so IANS does not work with SmartFilter, for example. I am working on a JavaScript form that could be used on the client side to solve this problem. We would like to use DSA to encrypt the requests sent using IANS, since I've heard DSA can be used for encryption without royalties, unlike, for example, RSA. Does anybody know of a Web page that explains how the DSA algorithm can be used for encryption, as opposed to message signing and authentication? I found a page at http://www1.shore.net/~ws/Extras/Security-Notes/lectures/authent.html that describes the DSA algorithm for signature verification. I have looked very hard but have been unable to find a page about how to use DSA for encryption. Can anyone help? I know there is software like GNU Privacy Guard that implements DSA for encryption, but the source code is 3 megabytes and I was hoping there was a page that explains the process more simply than that. -Bennett bennett@peacefire.org (615) 421 5432 http://www.peacefire.org
participants (1)
-
Bennett Haselton