CNN.com on Remailers

Jim Choate ravage at einstein.ssz.com
Mon Dec 31 22:09:06 PST 2001 


On Mon, 31 Dec 2001, Bill Stewart wrote:

> Depending on the recipient, you might or might not be encrypting the message.
> But the important security you're protecting is the connection between
> the sender and the recipient.

Agreed, assuming that something in the text itself wouldn't be
identifiable or traceable. In any sort of real world application such a
breach of security is considered incompetent.

Since most real world assume that something in the text itself is
incriminating (it's sort of axiomatic to the whole point of encrypting in
my mind) we can assume it is encrypted at the source, using the
destination keys. Then one takes the string of remailers that one wishes
to chain through in reverse order, encrypting each step along the way. So
that all that would be visible to any MINTM is a header with the next To:
and a block of encrypted text.

> you only have that security if you can trust the remailer system
> not to divulge the relationships.

Agreed. It's the primary weakness (at least in my mind) of the current
approach, too few numbers by several orders of magnitude. I also think
that a major underestimation made by the vast majority is the actual
estimation of cost. When one considers that most real world examples will
have outside issues that will at least direct Mallet to one of the
participants. At that point it would not be that expensive to grab a
snapshot across some time window (say 24 hours) of the remailer network
given some sort of 'trigger'. The cost would probably be well within the
range organized crime, third world countries, and some of the wealtheir
individuals. It wouldn't be cheap but I doubt it would cost $1BUS for a 24
hour snapshot via black bag jobs (I'd be so bold as to say that a few
million might be enough if the planning and skillset are there).


 --
    ____________________________________________________________________

             Day by day the Penguins are making me lose my mind.

                                             Bumper Sticker

       The Armadillo Group       ,::////;::-.          James Choate
       Austin, Tx               /:'///// ``::>/|/      ravage at ssz.com
       www.ssz.com            .',  ||||    `/( e\      512-451-7087
                           -====~~mm-'`-```-mm --'-
    --------------------------------------------------------------------

More information about the cypherpunks-legacy mailing list