CDR: Re: Re: Anonymous Remailers cpunk
Bill Stewart
bill.stewart at pobox.com
Tue Oct 3 20:48:58 PDT 2000
At 10:26 PM 10/3/00 -0500, Jim Choate wrote:
>On Tue, 3 Oct 2000, Bill Stewart wrote:
>> Remember that we're talking about detecting spam on *outgoing* messages -
>
>No, we're not. We ARE talking bout checking incoming messages to ensure
>the body of the message is encrypted. No unencrypted traffic. End to end
>crypto, all the way baby...
Sure are - it's a followon to Peter Trei's message dated
Tue, 3 Oct 2000 10:48:07 -0400 which said
= I would like to suggest that a remailer could eliminate nearly all it's
= problems by only sending out encrypted mails - that is, if after
= removing the encryption that was applied using it's own private
= key, it finds that the result is plaintext, it simply drops the message.
That's a remailer checking outgoing mail to be sure it's encrypted,
as well as checking incoming mail.
>What algorithm is proposed that can reliably determine the difference
>between plaintext and cyphertext, note that we don't know what algorithm
>is used, with only 20 bytes/char's?
On incoming messages, it's easy to tell if it's encrypted to *you* -
decrypt it with your private keys, job's done. If you don't recognize
the algorithm, the message wasn't for you.
>Another question I have is, does this mean that anonymous stego isn't
>possible now with this approach.
Hmmm. That's a more interesting problem - this does seem to have the
tradeoff that if you want to get messages sent to you using stego,
you shouldn't use a remailer that has a PGP-out-only policy.
On the other hand, mail from a known Cypherpunks Anonymous Secret
Message Remailer adds a certain amount of suspiciousness anyway.
You want to get your stego messages from "Fred's GIF-of-the-Day" or
"Pirate-Muzick-R-Us" or something that's a better cover story -
so make sure those sites accept incoming PGP mail.
>What algorithm will reliably find stego data?
If you can reliably find it, it's not very good stego :-)
Open source stego that's not key-based has inherent weaknesses -
the eavesdroppers can easily extract the message from the cover text,
so the message needs to be binary random-looking noise which
somewhat plausibly belongs in the message (e.g. low bits of sound samples.)
Thanks!
Bill
Bill Stewart, bill.stewart at pobox.com
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
More information about the cypherpunks-legacy
mailing list