[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: An idea for refining penet-style anonymous servers
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, 25 Apr 1996, Alan Bostick wrote:
> My scheme is the design of the address database. It consists of two
> hash tables, one for sending messages (which maps anonymous IDs onto
> sender's addresses), and one for receiving them (mapping recipient's
> addresses onto anonymous IDs). A cryptographically secure hash (say,
> MD5) is used for the index of both tables.
Funny. I had the *exact* same idea a couple of months ago. However, I
did find several flaws in it.
>
> The index of the sending message table is the MD5 hash of the sender's
> address. The table entry the index points to is the sender's anonymous
> ID, encrypted by a symmetric algorithm (maybe IDEA). The encryption key
> would be a different hash, by another algorithm (let's suppose it's
> SHA), of that same address.
Perhaps the address could be hashed several times for the table look-up and
then the address could be hashed a less number of times for decryption with
the IDEA key. This reduces the amount of code needed and also eliminates
any problems with only using 128 bits of SHA output.
>
> In forwarding a message, the server MD5-hashes the sender's address and
> looks at the table. If it doesn't find a corresponding entry, it
> creates one. If it *does* find an entry, it SHA-hashes the sender's
> address and uses this key to decrypt the anonymous ID. In the unlikely
> event of collision the decrypted ID will be gibberish and the server
> does something sensible (like appending padding to the address and
> trying again). The header information is filtered and the anonymous ID
> inserted in the From: line.
In the scheme I thought of, a password would be sent with the message, which
would be hashed, appended to the hash of the address, and then hashed again
to get the decryption key.
> There is a way that attackers who have seized or copied the database can
> search it - by trying it out on anonymous IDs, or user addresses, until
> they hit paydirt. And of course such an anonymous server can be no more
> trustworthy than its operator; and the fundamental security limitations of
> the penet-style anonymous server are well-understood.
Searching for the real address behind a pseudonym is not hard at all. Just
hash the anonymous address, look it up in the table, then decrypt the
cooresponding encrypted address. This was the major flaw that I spotted with
this scheme.
>
> So what do people think of this scheme of mine? Are there drawbacks or
> weaknesses that I'm not seeing? Is it a good idea? I'd really like it
> if *something* good came out of being laid up with the flu.
The only other problem I found is a pretty minor one: the address database
would be twice as large as it would be if it was stored in plaintext. I
don't think that much security is gained by using this scheme.
- -- Mark
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
[email protected] | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
"The concept of normalcy is just a conspiracy of the majority" -me
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv
iQCVAwUBMX/727Zc+sv5siulAQGbwgP/XfQ2qw4HrzRX/DtFq542EnwnDuE+ACYk
OG3/dlCzqn4mmXNBB1QAh3K7tzNS0Gah46fODI/5lTHRqwyFehFIC96X3L45mEPO
QJWcvu2mqf6KhR5QnanB6jNw+okp1NAvTRJA2QhIZtPBBS3Xm3NfhrtHF8BKdxdu
WqjXM4HMjxs=
=gpZ8
-----END PGP SIGNATURE-----