1993-02-23 - anon.penet.fi hacking

Header Data

From: Hal <74076.1041@CompuServe.COM>
To: Cypherpunks <cypherpunks@toad.com>
Message Hash: 6262fe6ef0ec074e1ea0035604cabfe531169e94b3e189f0d910e5373ee9084e
Message ID: <93022307474374076.1041_DHJ21-1@CompuServe.COM>
Reply To: _N/A

UTC Datetime: 1993-02-23 07:55:33 UTC
Raw Date: Mon, 22 Feb 93 23:55:33 PST

Raw message

From: Hal <74076.1041@CompuServe.COM>
Date: Mon, 22 Feb 93 23:55:33 PST
To: Cypherpunks <cypherpunks@toad.com>
Subject: anon.penet.fi hacking
Message-ID: <930223074743_74076.1041_DHJ21-1@CompuServe.COM>
MIME-Version: 1.0
Content-Type: text/plain

Well, I think I have deduced the identity of "Deadbeat" from his posting
style.  I don't think Julf should say who he is.  This was an important
demonstration of a weakness in the security of the remailers.
The Penet remailer seems now to require a password for all messages; at
least, I wasn't able to send to an5877@anon.penet.fi ("Deadbeat") without
using my password.  So chaining through Cypherpunks remailers to Penet would
seem not to be possible now.
Unless Eli's suggestion works - having our remailers put out a random
"From:" line (perhaps just on mail to Penet?) might cause Penet to issue a
new pseudonym for that apparent new user.  This would be kind of wasteful
from Penet's perspective - all those pseudonyms are never going to be
re-used.  But it might allow this form of chaining, without compromising the
pseudonym of the remailer operator.
(I had put my patch into the maildelivery file before Johan instituted his
password system, when I realized this weakness existed.  I forgot to mention
it here at the time.  My motivation was to protect my own Penet pseudonym.)
Another possibility would be for there to be a command to Penet to allow
users to send truly anonymous mail, mail which does not have a meaningful
"From" line (and in particular which does not have the user's Penet
pseudonym displayed as the "From" address).  We could set our remailers to
use that command for any mail sent to Penet.  Mail sent with that command
would not need a password.  This would be an alternative way for users to
deal with some of the other attacks, such as the one Deadbeat demonstrated.
P.S. - My, the list has sure been lively today.  Looks like we beat
Extropians again on volume!