[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Improving Remailers




>> It is very simple for a nym server like
>> nym.alias.net to determine approximately the maximum number of
>> remailers used in a reply chain by examining the size of the reply
>> block being used.
>
>Possibly, then, there is a case for allowing a certain amount of
>garbage to be added to the end of a reply block.  

If an attacker controls the nym server, he can ignore nym creation 
requests with long reply blocks or more subtly delete random incoming
messages to this account with the long reply block(causing a lot of
hassle
and unreliability) and allow the accounts with shorter reply blocks
to work
well.  A nym with a long reply block is assumed to be 

1.  having a longer reply chain(and more secure)
2.  having a lot of garbage to hide the chain length(more secure)

and is thus tagged as being a nym to attack by making it more
unreliable.

>Information about
>the length of the remailer chain should probably be kept secret,
>since it gives an attacker an approximate idea of how secure a nym
>is.  

In addition, info about the number of remailer chains should also be
kept 
secret.  The chains need not branch out at the first public nym
server.  If an 
attacker knows that there are 2 reply chains, this gives him extra
info that 
should be kept secret.  OTOH, if the nym server forwards a message to
the first remailer which has a private nym account, the messages can 
branch out from there into 2 chains.

I suppose one could have garbage reply chains  which go through
several remailers and then are discarded, but the attacker could
simply 
delete random messages to this nym since the nym creator is
attempting
to create a more secure nym.

>That said, this is probably "nice to have" rather than "essential".

True.  But a secure reply chain is no good if it is unreliable,
discards 
messages, etc.  The nym server operator can create a lot of hassle
for
anyone attempting to create a secure nym.

>> Why not have
>> all anonymous remailers support some kind of nym-like capability
>> where the reply block/s can be spread out over several remailers
>> so that it is impossible to determine the size or number of reply
>> blocks? 
>
>Probably because it makes the remailer operators a target.  At the
>moment, if the Bad Guys break down your door, you just say you've no
>logs and that is the end of it.  Nym information has to be stored
>permanently, so makes the remailer operators more vulnerable.

But in the case of the private nym accounts I suggested, the "Bad
Guys"
 would not know(esp not in the being-able-to-get-a-court-order sense)
that 
there is a particular private nym account there unless they can break
the 
remailers public key.  The remailer can deny that the accounts exist,
or 
turn in the encrypted reply block of just that account that is
wanted.