[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: anonymous remailers



-----BEGIN PGP SIGNED MESSAGE-----

[ To: Cypherpunks ## Date: 07/02/96 03:36 pm ##
  Subject: Re:  anonymous mailing lists ]

>Date: Sat, 29 Jun 1996 09:40:51 -0700
>From: Hal <[email protected]>
>Subject: Re:  anonymous mailing lists

>Wei Dai did some nice statistical analysis of this type of attack
>sometime a year or two ago.  Even with countermeasures such as you
>suggest, if they are not perfect, so some information leaks correlating
>incoming and outgoing messages, Wei showed that it was possible to
>deduce the owners of the nyms surprisingly quickly.

Yes, this makes sense.  As I said before, this is related to the way
timing attacks work.  A little correlation that shouldn't be there,
over many messages, turns out to be enough to unravel a lot of
information.

>The countermeasures do work - if you get and send exactly 50 pieces of
>4K byte email every day, no matter what, then correlations don't exist
>- but they are expensive to do perfectly.

At the very least, this is susceptible to a flooding attack.  At any
rate, this is analogous to the fixed-delay solution to timing
attacks.  (Make all PK operations with long-term secret keys take
the same amount of time.)  Unfortunately, I can't see a solution to
this that's analogous to blinding out the values in the timing
attacks.

>Hal

Note:  Please respond via e-mail as well as or instead of posting,
as I get CP-LITE instead of the whole list.

   --John Kelsey, [email protected] / [email protected]
 PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMds0LUHx57Ag8goBAQHPeQP+JH4b7bJCLW3ttqQ+v0XzEcbCaeOg9LqR
e+xuaLx2AjCx5N+V2q3xeJTAldfZZ5YFwCUq3KgpnBAbDvJ1my0hCGmKj+1uXQTp
SFSciq5oItMo2kwncbez2RaN/0aqcDSOGnc4ddfO4Ur7H7k+aLOQuaAUvcvDpV1p
C8up+1PSPW0=
=60Zh
-----END PGP SIGNATURE-----