[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Remailer Reply Blocks

To: [email protected]
Subject: Remailer Reply Blocks
From: Matthew J Ghio <[email protected]>
Date: Thu, 14 Apr 1994 20:29:37 -0400 (EDT)
Sender: [email protected]

from finger [email protected]:

>This feature currently uses the DES cypher, which is considered non-secure.
>Not only that, but this system greatly facilitates a chosen plaintext
>attack, which is a strong attack.  This is not a cryptographically optimal
>system in this respect.  In other words, a determined adversary with
>suffecient resources could probably decrypt the response block, and thus
>break your anonymity, fairly easily.  I will soon switch from DES to IDEA,
>which is thought to be a more secure cypher...

Which is why my remailer uses 3DES and adds random padding to the
address before encrypting it.  Random padding will thwart many chosen
plaintext attacks, especially if you do some transpositions prior to
encrypting it.  Since the text to encrypt is so small, doing five or ten
consecutive DES encryptions with different keys would not use up much
CPU time, but could dramatically increase security.  Also I compress the
address slightly by stripping off the high bits so that 8 bytes fit into
7.  Just a few suggestions to keep in mind...

Overall, looks pretty good.  BTW, what's the number that it prepends to
your email address when you get a reply?

Prev by Date: APPLIED CRYPTOGRAPHY errata version 1.5.8
Next by Date: Re: Remailer Reply Blocks
Prev by thread: APPLIED CRYPTOGRAPHY errata version 1.5.8
Next by thread: Re: Remailer Reply Blocks
Index(es):
- Date
- Thread