Passive Trojan (was:Re: HAZ-MAT virus)
Igor Chudov @ home
ichudov at algebra.com
Tue Sep 3 22:10:31 PDT 1996
Timothy C. May wrote:
> At 9:38 AM 9/3/96, Hans "Unicorn" Van de Looy, aka "Deep Throat," wrote:
> >::
> >Request-Remailing-To: remailer at huge.cajones.com
> >::
> >Request-Remailing-To: remailer at remailer.nl.com
> ....
> >::
> >Request-Remailing-To: furballs at netcom.com (Paul S. Penrod)
> >Deep Throat.
>
>
> Hey, Hans, ya gotta watch those "Cc: cypherpunks at toad.com" lines!
> At least now we know who the _other_ "Unicorn" is.
Which brings up the following question: what is the role of human
screwups in cryptosecurity? How "foolproof" (no pun intended) should
be remailer clients? How can we prevent people from forgetting to delete
unencrypted files after encryption?
Alternatively, let's think about this: premail always fingers
a certain user account at berkeley.edu to obtain remailer keys.
Suppose that Joe DrugUser uses remailers to talk to his
Columbian friends and the government wants to find out what he is doing.
They could just break into the computer at berkeley.edu and replace keys
with the government-provided keys. They could even modify the finger
server so that it would be lying only to Joe's computer and would
work just as before for all others (to prevent detection).
The government would then intercept Joe's communications and
decrypt them.
- Igor.
More information about the cypherpunks-legacy
mailing list