How can you protect a remailer's keys?
lcs Mixmaster Remailer
mix at anon.lcs.mit.edu
Wed Jun 5 19:21:23 PDT 1996
-----BEGIN PGP SIGNED MESSAGE-----
> From: loki at infonex.com (Lance Cottrell)
> Date: Tue, 4 Jun 1996 22:02:11 -0700
>
> The best solution I could come up with (and was willing to write and use)
> is to specify the passphrase on the command line argument to the compiler
>
> make solaris -DPASS="foozooblue"
>
> -Lance
A far better solution would be to have a long-running daemon hold the
secret key. The mixmaster client could talk to the key daemon through
a unix-domain socket with the permission bits set such that only the
mixmaster user can connect. Each time the machine is rebooted, the
operator must start the daemon and give it a passphrase.
This has two advantages. First, it's a lot harder to back up the key
by accident. If the key ever starts making it only your daily
backups, you are completely hosed because erasing a bunch of mag tapes
would take a lot of time--and maybe you also want to keep your
backups.
Second, if your machine is seized or someone gains unauthorized
physical access to it, the easiest way to get a root shell is by
rebooting single-user. However, if the only cleartext copy of a key
is in memory rather than in the filesystem, once the machine is
rebooted the secret key is lost.
- - mix-admin at anon.lcs.mit.edu
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
iQCVAwUBMbWrj0TBtHVi58fRAQEkdQP/e7mouEmphgDmn0NKbaCM4lYnT2WbCFsk
irM2GjttiBdpQxr2QDJKBgmHnuGc09xdiexnGnn4bDFie70YDH2Zma3xF/0OvZeQ
DcgAz/0XwkAGPeLCSg8gfeykWwC0HUJlvGtmOwTQKFn5XtlqFM7pKIYF7lnFtoGY
AX/GoGauum4=
=rhyW
-----END PGP SIGNATURE-----
More information about the cypherpunks-legacy
mailing list