[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (Fwd) Gov't run anon servers



At 10:52 AM 3/4/96 -0800, Hal wrote:

>However, if I were a computer-savvy law enforcement agent, and I wanted
>to track messages through one of my remailers, I would try a
>technological approach.  I would first break the key for my remailer.
>That is trivial.  The passphrase is in PLAINTEXT in the script file
>which runs the remailer!.  It has to be.  That is true of all automated
>remailers. 

Maybe I just don't know much about automated remailers, but I don't 
understand why you said that the passphrase "has to be" in plaintext in the 
script file.  I find this hard to believe.  While I am far from an expert on 
cryptographic matters, I would assume that any received attempt at a 
password could be securely hashed (128 bits?) and compared with a pre-stored 
hash value.   If it's the same, it's assumed that the password was correct.

What's wrong with this?