[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: pgp tools
Michael Johnson wrote, appearantly quoting someone else:
> Is there an approved of pool or newsgroup to send messages to Pr0duct
> Cypher? I hate to add to the cypherpunks traffic with comments directly
> to him/her. (We NEED to get the return addresses working, or Pr0duct
>
> Try posting to alt.test, with the subject "ignore Pr0duct Cipher"
Well, s/he could get an anonymous address thru my Andrew remailer... if
e's willing to trust me. :) I'd like to see some more sites offer
anonymous return addresses, so people wouldn't have to rely on a single
remailer.
Anyway, the address is: [email protected]
On the subject of return addresses, let me know what you think of this:
It would be theoretically possible to write a RSA key generation program
that would create keys in which all the moduli matched, except for the
last 20-30 digits. This was discussed awhile ago in the discussion of
how to forge keyids. (You could also create keys which had the last
digits the same, but the first digits different so that they'd have
different PGP key IDs.)
What if a remailer was designed such that it would accept addresses of
the format:
<modulus first 50 bits><exponent>@anon.pool.org
The remailer would then take that information, append a pre-defined
ending to form the modulus, then use the exponent (which could be
relatively small) to encrypt the message in PGP format, and then post it
to a mail pool. This would allow you to make PGP public keys small
enough to easily fit inside the To: header, something which can't be
done with current PGP-encrypted return addresses. That way, even the
most crypto-illiterate technophobe could send a message to an anonymous
person simply by hitting the R key. The remailer operator would not
have to keep a database of anonymous addresses, either, (a problem with
anon.penet.fi, which has over 75000 users)
Key generation would be somewhat more difficult, but I don't see how
generating keys with similiar moduli could be a security problem.