An idea for refining penet-style anonymous servers

Bill Frantz frantz at netcom.com
Fri Apr 26 22:21:17 PDT 1996


At  8:15 AM 4/25/96 -0700, Alan Bostick wrote:
>The other night, while sick and feverish with the flu, a scheme popped
>into my head that would seem to make penet-style anonymous servers less
>vulnerable to compromise through seizure of the remailer equipment or of
>the address database...
>
>My scheme is the design of the address database.  It consists of two
>hash tables, one for sending messages (which maps anonymous IDs onto
>sender's addresses), and one for receiving them (mapping recipient's
>addresses onto anonymous IDs).  A cryptographically secure hash (say,
>MD5) is used for the index of both tables.
>
>The index of the sending message table is the MD5 hash of the sender's
>address.  The table entry the index points to is the sender's anonymous
>ID, encrypted by a symmetric algorithm (maybe IDEA).  The encryption key
>would be a different hash, by another algorithm (let's suppose it's
>SHA), of that same address.
>
>...
>
>The receiving message hash table is designed similarly, in reverse.  The
>index of the hash table is the MD5 hash of the anonymous ID; the entry
>in the table is the recipient's email address, encrypted with the SHA
>hash of the anonymous ID...

Assuming you have obtained the address database, it seems to me that this
scheme is subject to known address attacks:

(1) If you want to find out what newbie at slowresponse.com's anon ID is, you
just look it up.

(2) If you want to find out the real email addresses of all the users, you
test all the anon-ids with the reverse lookup table.  This attack could be
defeated by using sufficiently long random anon-ids.  If we assume 5 bits
of information/character, a 96 bit anon-id (sufficient to preclude
exhaustive search attacks) would require 19 character anon-ids.

Regards - Bill


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz at netcom.com | dead teenagers | Los Gatos, CA 95032, USA








More information about the cypherpunks-legacy mailing list