[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (Fwd) Gov't run anon servers



-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "Hal" == Hal  <[email protected]> writes:


    Hal> However, if I were a computer-savvy law enforcement agent,
    Hal> and I wanted to track messages through one of my remailers, I
    Hal> would try a technological approach.  I would first break the
    Hal> key for my remailer.  That is trivial.  The passphrase is in
    Hal> PLAINTEXT in the script file which runs the remailer!.  It
    Hal> has to be.  That is true of all automated remailers.  Anyone
    Hal> who can break into the remailer server and acquire root
    Hal> permission can find the remailer secret key.  My keys have
    Hal> been unchanged for three years.  Surely some enterprising
    Hal> hackers have stolen the keys by now.

Well actually... The passphrase in a mixmaster remailer is defined as
an environmental variable at compile time. The passphrase is not
stored in any cleartext fashion but is embedded in the
executable. Additionally the newer Ghio code (Matt's latest revision)
has the passphrase defined as an environmental variable in
remailer.c. Once remailer is compiled, you can delete the passphrase
from the code. I can't speak for the freedom or other remailers as I
haven't tried them. It's a little harder to get the key than just
looking for a cleartext file that contains it. That is, if the
remailer operator is being careful.

 John Perry - KG5RG - [email protected] -  PGP-encrypted e-mail welcome!
 WWW - http://www.alias.net
 PGP 2.62 key for [email protected] is on the keyservers.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMTwtPqghiWHnUu4JAQGN6wf+NWPn++V/D1kFCp71kDLTe/pNA97n+21L
RLaOxWkq7+9K1zBIFHrzQYpJa9msud75gpNUq1s1LxzJAPY0BlCNIvqby9e7DMA/
aM6hhPUoQwljZ4SmE6ZmdFfPHz9ZchVclKUpepTv0melLEpc8Pv62eA9X1iFQMam
exIbObjYD1AFYp/6O5tAKh4m+mC0bmH64O4zkXLp9tbDKUPDjdkdN9lOMfjO1oFj
xJ+LCwtyA9YZxsD7GBklcd46ltiEQyrpV8PjwNJAvfIvPnplyfsvxBpg58zOF7t6
JGBj5DVk1Eyaw4sIMK6a9y/aDmkyVJVQVYozMigSS+UPKJsMCLQQFQ==
=qrrn
-----END PGP SIGNATURE-----