From: Bill Stewart <stewarts@ix.netcom.com>
Date: Sat, 4 Oct 1997 11:47:59 +0800
To: "Robert A. Costner" <pooh@efga.org>
Subject: Re: Traffic Analysis
In-Reply-To: <3.0.3.32.19971002232810.03514efc@rboc.net>
Message-ID: <3.0.3.32.19971003111250.0069ee68@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



At 11:28 PM 10/02/1997 -0400, you wrote:
>On the other side, if Cracker were to send out more messages that it takes
>in, or just replace these thrown away messages with random noise messages,
>perhaps encrypted, would this foil traffic analysis?

All those things help, but Eric Hughes and Raph Levien are doing some work
that looks like it's possible to do traffic analysis as long as you can
tell when messages begin and end.  I don't know if their analysis depends on
the fact that messages get smaller as they go through the remailer chain,
or whether it will also affect Mixmaster-style remailers, which split their
messages into constant-sized blocks and mix blocks from different messages.

Some things that could be done include having each remailer add 
random-sized padding and re-encrypting before sending to another remailer,
but once you get into that level of work it probably makes sense just to
switch to Mixmaster for most uses.

				Thanks!
					Bill
Bill Stewart, stewarts@ix.netcom.com
Regular Key PGP Fingerprint D454 E202 CBC8 40BF  3C85 B884 0ABE 4639