[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (Fwd) Gov't run anon servers
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Hal" == Hal <[email protected]> writes:
Hal> However, if I were a computer-savvy law enforcement agent,
Hal> and I wanted to track messages through one of my remailers, I
Hal> would try a technological approach. I would first break the
Hal> key for my remailer. That is trivial. The passphrase is in
Hal> PLAINTEXT in the script file which runs the remailer!. It
Hal> has to be. That is true of all automated remailers. Anyone
Hal> who can break into the remailer server and acquire root
Hal> permission can find the remailer secret key. My keys have
Hal> been unchanged for three years. Surely some enterprising
Hal> hackers have stolen the keys by now.
Well actually... The passphrase in a mixmaster remailer is defined as
an environmental variable at compile time. The passphrase is not
stored in any cleartext fashion but is embedded in the
executable. Additionally the newer Ghio code (Matt's latest revision)
has the passphrase defined as an environmental variable in
remailer.c. Once remailer is compiled, you can delete the passphrase
from the code. I can't speak for the freedom or other remailers as I
haven't tried them. It's a little harder to get the key than just
looking for a cleartext file that contains it. That is, if the
remailer operator is being careful.
John Perry - KG5RG - [email protected] - PGP-encrypted e-mail welcome!
WWW - http://www.alias.net
PGP 2.62 key for [email protected] is on the keyservers.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQEVAwUBMTwtPqghiWHnUu4JAQGN6wf+NWPn++V/D1kFCp71kDLTe/pNA97n+21L
RLaOxWkq7+9K1zBIFHrzQYpJa9msud75gpNUq1s1LxzJAPY0BlCNIvqby9e7DMA/
aM6hhPUoQwljZ4SmE6ZmdFfPHz9ZchVclKUpepTv0melLEpc8Pv62eA9X1iFQMam
exIbObjYD1AFYp/6O5tAKh4m+mC0bmH64O4zkXLp9tbDKUPDjdkdN9lOMfjO1oFj
xJ+LCwtyA9YZxsD7GBklcd46ltiEQyrpV8PjwNJAvfIvPnplyfsvxBpg58zOF7t6
JGBj5DVk1Eyaw4sIMK6a9y/aDmkyVJVQVYozMigSS+UPKJsMCLQQFQ==
=qrrn
-----END PGP SIGNATURE-----