[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Improvement of remailer security



Lance Cottrell, quoting Axel Boldt:


> >Even the current pgp encryption scheme offered by some remailers
> >doesn't help much, once the incoming and outgoing messages are known:
> >just take the outgoing message from the remailer, encrypt it with the
> >remailer's public key, compare this to the incoming messages and you
> >know who sent this message (repeat if a chain of remailers was used).
> 
> This is incorrect. The message is not encrypted with the public key. It is
> encrypted with an IDEA key which is encrypted with the remailers public
> key. Since the remailer does not forward that key (obviously), this attack
> is not possible.

Indeed, but I think Axel Boldt deserves commendation for thinking
about remailer security and looking in detail (though not enough, as
two posters have noted) at the possible attacks that may be used for
traffic analysis.

Generally, it makes sense to ask if an attacker can make any
correlations between incoming and outgoing messages. In this case,
where PGP is using a random session key, it looks like no correlation
can be made (except for message length and timing correlatins, which
we've discussed before, vis-a-vis message padding and latency).

This list is sometimes harsh on points raised, but I think we're far
less flamish than the Usenet groups in general. 

So, don't give up!

--Tim May


-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
[email protected]       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^859433 | Public Key: PGP and MailSafe available.
"National borders are just speed bumps on the information superhighway."