From: mccoy@communities.com (Jim McCoy)
Date: Thu, 7 Mar 1996 16:06:57 +0800
To: cypherpunks@toad.com
Subject: Re: (Fwd) Gov't run anon servers
Message-ID: <v02140b00ad623c93a62d@[199.2.22.124]>
MIME-Version: 1.0
Content-Type: text/plain



Hal Finney writes:

>From: mccoy@communities.com (Jim McCoy)
[...]
>> The point is not to make a system which is absolutely, positively, no
>> doubt about it, secure against any attacker.  If cypherpunks could do
>> this they would be working for defense contractors and others who make
>> certified systems.  The objective is to make a system which is difficult
>> to attack, one which costs the attacker time/money.
[...]
>
>I was speaking of present conditions.  If and when proven-secure Unix
>systems start being used as remailer servers on the net then it may be
>worthwhile having a larger key.

You are correct in stating that having a huge key on a remailer is
as silly as putting a $500 lock on a door made of balsa wood.  OTOH,
the key selected is vulnerable from attacks which you cannot protect
yourself against.  No amount of detailed security analysis for a host
is going to prevent someone else from factoring the keys, and there is
nothing that can be done to prevent this from happening.  To prevent
this is seesm reasonable to select a key which is at least somewhat
outside the range of most attackers, 510 bits seems to be pushing the
lower bounds of this range a bit (while more than 1024 is probably
useless overkill.)  With fairly decent logging and auditing at least
you know that you have been screwed when it comes to standard system
break-ins, you do not know that you have a problem when your key is
factored.

[...]
>> The unix hosts running remailers also have the advantage in
>> that they have been subjected to attack for quite a while now and
>> most of the obvious problems (and some of the non-obvious problems)
>> have been fixed.
>
>I am not sure what you mean by this.  My experience is that new CERT
>advisories come out every few months which represent security holes big
>enough to steal remailer keys.

Well, most of the announcements in the past year have been attacks
through subsystems which a remailer should not be running in the
first place (e.g. the recent chargen/daytime/etc attacks.)  The fact
that the announcements come out in the first place is a "good thing"
because it makes you aware of the problem.  The timid will then think
that the system which is the subject of the announcement is insecure
and place their trust in a system which is not under the same sort of
public scrutiny (e.g. Windows NT, or a VM/CMS system) but which is
even easier to hack.  At least people are aware of security issues on
Unix hosts... (a quick walk through a Computer Literacy bookstore
last night turned up twelve books on Unix/internet-server security
and none dealing specifically with Windoze95 or NT security, does
that mean that my NT test box is perfectly secure? :)

Otherwise, I agree that assuming you have a secure remailer just
because you use a big key is a foolish attitude.

jim