[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

REMAIL: Attacks on remailers



Samuel Pigg wrote:

>	A delay function would be useful also. (ie delay(15000) to
>tell the remailer to hold the message 15 minutes before sending on.)

Well, I tried to implement this on a test remailer as follows:

1) file incoming mail in a spool directory
2) at midnight, pick a random file in the spool directory, operate on
   it, mail it out, and delete
3) keep on going until the directory is empty

Naturally, you could make the interval larger: say a week.

With no root privs on the machine, I tried using the at command to
perform the above function and then reschedule itself for tomorrow.
Problem: if the machine reboots then the mailing out portion is killed.

I'll fiddle with it some more.

>	Socket connections for talking to other remailers;

Yes!  This might help avoid some log files.

>	Encrypt using other remailers keys to insure that
>		two identical messages going into a remailer come out
>		differently (random session key).

If you add random stuff to the end of an encrypted message and encrypt
again, when you decrypt will PGP throw away the ending junk?  If so,
maybe the routing software could include random bits between each
nested encryption instead.

If the remailers encrypt then the operators will have to keep adding
to the remailer's pubring.

-- 
/--------------------------------------------------\
| Karl L. Barrus: [email protected]         |
| D1 59 9D 48 72 E9 19 D5  3D F3 93 7E 81 B5 CC 32 |
\--------------------------------------------------/