[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: anonymous remailers
-----BEGIN PGP SIGNED MESSAGE-----
[ To: Cypherpunks ## Date: 07/02/96 03:36 pm ##
Subject: Re: anonymous mailing lists ]
>Date: Sat, 29 Jun 1996 09:40:51 -0700
>From: Hal <[email protected]>
>Subject: Re: anonymous mailing lists
>Wei Dai did some nice statistical analysis of this type of attack
>sometime a year or two ago. Even with countermeasures such as you
>suggest, if they are not perfect, so some information leaks correlating
>incoming and outgoing messages, Wei showed that it was possible to
>deduce the owners of the nyms surprisingly quickly.
Yes, this makes sense. As I said before, this is related to the way
timing attacks work. A little correlation that shouldn't be there,
over many messages, turns out to be enough to unravel a lot of
information.
>The countermeasures do work - if you get and send exactly 50 pieces of
>4K byte email every day, no matter what, then correlations don't exist
>- but they are expensive to do perfectly.
At the very least, this is susceptible to a flooding attack. At any
rate, this is analogous to the fixed-delay solution to timing
attacks. (Make all PK operations with long-term secret keys take
the same amount of time.) Unfortunately, I can't see a solution to
this that's analogous to blinding out the values in the timing
attacks.
>Hal
Note: Please respond via e-mail as well as or instead of posting,
as I get CP-LITE instead of the whole list.
--John Kelsey, [email protected] / [email protected]
PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMds0LUHx57Ag8goBAQHPeQP+JH4b7bJCLW3ttqQ+v0XzEcbCaeOg9LqR
e+xuaLx2AjCx5N+V2q3xeJTAldfZZ5YFwCUq3KgpnBAbDvJ1my0hCGmKj+1uXQTp
SFSciq5oItMo2kwncbez2RaN/0aqcDSOGnc4ddfO4Ur7H7k+aLOQuaAUvcvDpV1p
C8up+1PSPW0=
=60Zh
-----END PGP SIGNATURE-----