No Subject

Eric Hughes hughes at soda.berkeley.edu
Tue Jun 1 08:41:02 PDT 1993


>This means that the pass phrase [for the remailer secret key] has to
>exist, in the clear, in the scripts which implement the remailer.

Currently that is the easiest way, to be sure.  Another way would be
to store the passphrase encrypted in a file so that at least it's not
findable with strings(1).  Here a quick hack for someone who's looking
for a project: a passphrase storage process which accepts requests
from a slightly modified PGP.

Hal's basic point, however is not mitigated.  Nothing is secure from a
clever root.

>Perhaps Karl could add a notation in his
>remailer lists about which machines are public and which are private.  

An excellent suggestion.

Eric






More information about the cypherpunks-legacy mailing list