From: Lucky Green <shamrock@cypherpunks.to>
Date: Tue, 30 Sep 1997 05:06:47 +0800
To: cypherpunks@cyberpass.net
Subject: Re: Remailers and ecash
In-Reply-To: <aebdbed8f7d662facb0d7258bb0f6c3f@anon.efga.org>
Message-ID: <Pine.BSF.3.96.970929221644.4831A-100000@pakastelohi.cypherpunks.to>
MIME-Version: 1.0
Content-Type: text/plain



On Mon, 29 Sep 1997, Anonymous wrote:
[In reply to my claim that Type 1 remailers are fun toys. No more].

> Please pardon my ignorance, but could you elaborate on this attack?
> Assuming the user's machine is not compromised, in which case the game
> is over, whose machines are being broken into?  Are you saying that
> The Enemy just watches the messages going in and out of a particular
> site and then watches the site where they suspect the messages are
> going?

Correct. The adversary watches messages move in and out of the mix. [This
is quite easy to acomplish, given the security or lack thereof, of much
network infrastructure]. I really don't have the time to write an intro on
this topic. Subscribe to
the Bugtraq mailing list for a year and you'll understand what I mean.

Once you have all the mail going in and out, you make use of the simple
fact that Type 1 messages must shrink with each hop. See the classic
essay "Mixmaster & Remailer Attacks" at
http://www.obscura.com/~loki/remailer/remailer-essay.html

IMHO, operating Type 1 remailers is doing the world a disfavor. It
provides a compromised technology  to a large number of people unaware of
the fact while, if anything, slowing down development and deployment of
better technology. Do you think it would have taken two (or more) years to
port Mixmaster to DOS had there been no Type 1 remailers? Of course not.

If you run a Type 1 remailer, do your users a favor: shut it down and
replace it with a Type 2.

 Thanks,
-- Lucky Green <shamrock@cypherpunks.to> PGP encrypted email preferred.
   "Tonga? Where the hell is Tonga? They have Cypherpunks there?"