ANON: revealing penet id
Karl Lui Barrus
klbarrus at owlnet.rice.edu
Fri Oct 22 15:43:00 PDT 1993
Hm...
this topic seems to come up every few months - just today I was
reading the newest Risks digest and an32153 (or something like that)
was announcing the "risk" of using penet. I mailed off a submission
describing how to avoid this. I think people don't know about this
because it isn't published anywhere. Or is it?
Maybe somebody could help Julf out and offer to write a new help file
that specifically mentions the an/na trick. Last time I looked at the
penet help file, this wasn't mentioned.
It only takes a bit of work to avoid blowing your id - you just can't
hit 'r' and reply to the addressee; instead you must type in the
address manually (and be sure to type na#### instead of an####). Last
week I responded to some email from a penet user. I was careful to
respond to na####, or penet would have allocated me an id for
klbarrus at owlnet.rice.edu (since I don't have one for this account) and
thus someone would have been able to correlate my penet id and this
account. As a matter of fact, I think that I revealed the penet id
for an old account of mine (elee9sf at menudo.uh.edu) this exact way,
although this was before the an/na functionality.
--
Karl L. Barrus: klbarrus at owlnet.rice.edu
keyID: 5AD633 hash: D1 59 9D 48 72 E9 19 D5 3D F3 93 7E 81 B5 CC 32
"One man's mnemonic is another man's cryptography"
- my compilers prof discussing file naming in public directories
More information about the cypherpunks-legacy
mailing list