[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

OTP for remailers?



I hope this isn't redundant; if this idea has been covered, sorry.

Wouldn't it make sense for remailers to use OTP's for encryption?
Public keys are great, but they can be black-bagged.  I'd imagine
that a copy of the private key to a popular remailer could be
very valuable to anyone who could monitor remailer traffic
transparently.

A one-time pad on CD-ROM should hold enough pad data to last
for several days' worth of data sent between remailers, even at
high message volumes.  So OTP's could be used practically between
friendly remailers.

Do existing remailers change their public keys often enough to
limit exposure by their users in the event of the key being
compromised?  If so, perhaps I should be less concerned than I am.

Nevertheless, I'd like to be able to talk to a remailer via a
one-time pad.  The OTP could be sold to remailer users as a means
of generating revenue (a OTP CD-ROM could be made for about $20
and sold for a very reasonable price but still be profitable!)

Once the OTP is used, it can (and should) be destroyed.  On the
other hand, data encrypted with a public key is vulnerable to
black bag attacks on that key, as I just said.

The cost of burning CD-ROMs is going down pretty rapidly.  Wholesale
cost of a burning mechanism should be well under $1,000 within the
next year or two, and RNG hardware is coming online too.  Blank media
runs $15-$20, although Kodak sells PhotoCD media cheaper, at a loss,
to developers who promise to use the discs for PhotoCD images ;)

I don't really have anything in principle against the use of public
keys for remailers; it would just make me feel a bit easier about
their security if the private key couldn't be black-bagged with a
using them if my communication to them couldn't be black-bagged with
a simple bug that transmits the private key.

I'd imagine a bus snooper chip could be made easily enough that
could look for instruction and data flow corresponding to keys,
and transmit it over low bandwidth channels to a listening station.
I find it harder to imagine a device that could tap an entire
data stream from a hard drive and transmit the complete contents
undetected (assuming the remailer operator checks for bugs.)

Now for a discussion on how to get a OTP CD from Finland without
having the mail intercepted... nahh, never mind.

- Jim Nitchals