key security for anon remailers

Bill Stewart stewarts at ix.netcom.com
Tue Mar 5 23:24:35 PST 1996 

We've been discussing the security problems with leaving your PGP key
around on anonymous remailers.  Mixmaster and the ghio2 remailers
have the key compiled in, but at least for ghio2 the string is sitting
there unencrypted and unmasked in the binary, where somebody who
can access the binary can run "strings" to steal it, without even the
bother of decompiling :-)  The primary alternative is to start up
the remailer with the PGP passphrase in its environment, but doing that
has its problems - the ghio2 remailer is made to run as a batch process
called for each message, rather than a permanent listener, and if
you did something like put the key into the sendmail daemon's environment,
it'd probably be even easier to steal (e.g. anybody on the machine
could do it by setting up their own mail-processor.)

A minor hack that I do with my remailer is to keep two versions
of the source - a vanilla one for distribution, and one with
all my customized information that I actually compile and run.

So how can you keep a persistent process that isn't part of the
mail empire?  One approach is to have a remailer daemon using sockets or
named pipes that does the decryption and feeds mail to a remailer
process (which _it_ calls) for delivery or has its own builtin remailing -
you'd input the key to the daemon when you start it up, and
wouldn't need to leave it in a file or environment, just in
the executing process itself.  Probably an hour's hack using PGP3.0,
or you can grind up the current I/O routines for PGP 2.6.2 and
ignore the fact that you void your RSAREF license that way.
You'd have to get rid of some of the code that overwrites the passphrase
and other sensitive data, though.

Another approach is to have a separate box that's not on the
network that the remailer runs on (obviously this is easier
on a machine you've got at home or work rather than at an ISP...)
You can take that old 8086 or 386, run a daemon to accept files
on the serial port and return them to the mail system on the serial port.
Uucp is probably secure enough.  (Does PGP run on Minix,
or on any of the old Xenix or Venix operating systems?
It's probably easier to build workable communications daemons
on one of them than on DOS, though there are DOS uucp and
kermits that you could hack up.  For a 386, Linux is the obvious choice.)
Since the entire remailer would be running on the box,
and you don't permit logins from the serial port,
it's probably pretty secure, even against someone with root
on the network-connected machine, assuming all your traffic is encrypted.

More information about the cypherpunks-legacy mailing list