cjl at welchlink.welch.jhu.edu
Tue Oct 4 16:59:09 PDT 1994
On Tue, 4 Oct 1994, Frederic Halper wrote:
> What's the status of the penet.fi remailer. Is it secure?
I personally don't care for the penet type remailers. Their only true
virtue is to allow you to receive return mail to an anon-post. The
trade-off is that this is done by a form of identity escrow. Julf (who
runs penet.fi) has your e-mail address connected to the anonXXXXX
identity that you get issued automatically. As far as reputations go,
Julf has an excellent reputation in the C-punx community, and there is
little likelihood of Finnish govt. officials giving in to US Govt.
pressure to crack down on Julf to turn over his *little black book*.
There was recently an attack on the penet.fi remailer that depended upon
the ability to spoof the From: lines on messages, some unknown
person sent hundreds of messages to the anon at penet.fi remailer pretending
to be hundreds of other people and had those messages sent to alt.test or
misc.test with some phrase about tunafish in the subject, causing this to
be known as the *tunafish and spam sandwich attack*. What this did is
allocate alot of new anonxxx numbers to people who didn't really want
them, (also ultimately denying them the secure use of this service,
because someone knew the anonxxx - TrueName correspondence), for those
that already had an anonxxx and had set a password things were cool,
the messages were just rejected. For those who had an anonxxx and had
not set the password, this attack revealed the anonxxx corresponding to
their TrueNames to the person who conducted the attack. Not a
particularly secure form of identity escrow for the clueless-at-risk-of-
identification to be using for posting their wildest homo-erotic fantasies
I was allocated an anxxx I didn't want, and then assigned the password
in order to deny the attacker any further use of the anxxx with my
TrueName attached to it.
C. J. Leonard ( / "DNA is groovy"
\ / - Watson & Crick
<cjl at welchlink.welch.jhu.edu> / \ <-- major groove
Finger for public key \ )
Strong-arm for secret key / <-- minor groove
Thumb-screws for pass-phrase / )
More information about the cypherpunks-legacy