[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Anonymity: A Modest Proposal
At 04:58 10.18.1995 -0700, Modemac wrote:
> 1) A person writes a message and encrypts it with PGP.
Using a set public key? Which would mean the remailers all share the same
pub/pri key pair (or pieces thereof)? You'll have to come up with a good
way of maintaining this secret, since if you're not careful it could be
compromised by something as simple as an attacker's trying to attach a new
remailer to the remailer group or physically attack any existing remailer.
> 2) That person then posts his message to the "anonymous messages"
> 3) A remailer scanning the newsgroup picks up the message,
> decrypts it, strips the headers and makes it anonymous, and
> sends it to its destination.
Not only is the anonymity of the entire traffic load compromised if the
single shared private key is compromised, but even if the secret is kept the
newsgroup articles' headers being posted in the clear still opens this
scheme to traffic analysis (even if you put it a short random remailer
delay, as you say later on; computers are very good at sifting through large
volumes of data to find this kind of pattern, especially if the remailer
delay's upper bound is known (you proposed two hours)).
>The actual remailer code, involving scanning the newsgroup for
>PGP-encrypted messages and stripping headers, could be written with
>PERL scripts. This would keep it portable, and it would be easy for
>a person to tell if it has been tampered with. This code would be
...and if someone installs their own remailer and adds it to the group, and
therefore it must get the complete shared private key at some point (of
necessity, else it couldn't decrypt the messages), and then the attacker can
just look at the key and decrypt all traffic...?
Herb Sutter 2228 Urwin, Suite 102 voice (416) 618-0184
Connected Object Solutions Oakville ON Canada L6L 2T2 fax (905) 847-6019