1998-12-07 - DSA for encryption

Header Data

From: Bennett Haselton <bennett@peacefire.org>
To: cypherpunks@sirius.infonex.com
Message Hash: 36d8e58d9aebde9238caab17bb249f0f02223246bf6d4d0a24400ea521e5159a
Message ID: <3.0.5.32.19981206222557.00913960@h.mail.vanderbilt.edu>
Reply To: N/A
UTC Datetime: 1998-12-07 06:06:40 UTC
Raw Date: Mon, 7 Dec 1998 14:06:40 +0800

Raw message

From: Bennett Haselton <bennett@peacefire.org>
Date: Mon, 7 Dec 1998 14:06:40 +0800
To: cypherpunks@sirius.infonex.com
Subject: DSA for encryption
Message-ID: <3.0.5.32.19981206222557.00913960@h.mail.vanderbilt.edu>
MIME-Version: 1.0
Content-Type: text/plain



Hi,

	I'm working on an enhancement to a Web-based program that allows you to
circumvent proxy server censorship by sending a request for a Web page to a
computer in the outside world that is not blocked by the proxy, and having
that computer re-send a copy of the banned page back to you.

	The current version of the software, written by Brian Ristuccia this past
summer, is at
	http://ians.ml.org:8801

where you type a URL into the form, submit it, and the resulting page has a
URL like:
	http://ians.ml.org:8801/aHR0cDovL3d3dy55YWhvby5jb20=
instead of
	http://anon.free.anonymizer.com/http://www.yahoo.com/
which is what Anonymizer gives you, which makes it obvious what you were
looking at to anyone who looks through the proxy server logs.

	Of course, any manufacturer of Internet censorship proxy server software
could easily add ians.ml.org to their list of blocked sites (as they have
all already done with Anonymizer), so the idea would be for people to get
their friends to set up port-forwarding programs on computers that were not
blocked by the censoring proxy, and those could be set up to relay requests
between the IANS server and the computer behind the proxy server.

	The general outline for this scheme is at
		http://www.peacefire.org/bypass/Proxy/
and the current version of IANS ("Internet Alternate Name Space") is part
of the way towards implementing this (theoretically) bulletproof solution.

The major pending improvements to the IANS software are (1) the URL is not
truly encrypted; the garbled characters in the URL above just represent
some basic scrambling to evade detection by people who sweep their proxy
server log files for keywords, (2) even if the URL were really encrypted,
when you first fill out the form, the URL is submitted to IANS in the
clear, so it could be detected by any censoring proxy server that logs data
submitted by GET or POST.  One Internet censorship proxy server called
SmartFilter already does this and blocks you from submitting *any* banned
URL's using GET or POST, so IANS does not work with SmartFilter, for example.

I am working on a JavaScript form that could be used on the client side to
solve this problem.  We would like to use DSA to encrypt the requests sent
using IANS, since I've heard DSA can be used for encryption without
royalties, unlike, for example, RSA.

Does anybody know of a Web page that explains how the DSA algorithm can be
used for encryption, as opposed to message signing and authentication?  I
found a page at
http://www1.shore.net/~ws/Extras/Security-Notes/lectures/authent.html

that describes the DSA algorithm for signature verification.  I have looked
very hard but have been unable to find a page about how to use DSA for
encryption.  Can anyone help?

I know there is software like GNU Privacy Guard that implements DSA for
encryption, but the source code is 3 megabytes and I was hoping there was a
page that explains the process more simply than that.

	-Bennett

bennett@peacefire.org    (615) 421 5432    http://www.peacefire.org





Thread