cryptoanarchy.wiki

Arise, you have nothing to lose but your barbed wire fences!

1993-12-02 - Re: NSA Insecure Remailers

Header Data

From: hfinney@shell.portal.com (Hal Finney)
To: cypherpunks@toad.com
Message Hash: 9ca30183de3be56c9874917a1c98773e9dfbea95e0d1c5fb0262394488615478
Message ID: <9312021630.AA28878@jobe.shell.portal.com>
Reply To: N/A
UTC Datetime: 1993-12-02 16:32:36 UTC
Raw Date: Thu, 2 Dec 93 08:32:36 PST

Raw message

From: hfinney@shell.portal.com (Hal Finney)
Date: Thu, 2 Dec 93 08:32:36 PST
To: cypherpunks@toad.com
Subject: Re: NSA Insecure Remailers
Message-ID: <9312021630.AA28878@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


As Tim says, it is no secret on this list that the remailers are not
presently secure.  I posted a long message a few months ago outlining
possible attacks on the remailers.  It's worth noting that Karl Barrus'
remailer does batch up messages and send them out once a day.  If enough
people use it that will help mix them up.  There is still the message size
to match them up, though (and, believe it or not, the Subject: line!).
Karl is working on padding code.

Really, fixing these problems is not hard.  There will be some penalties
in terms of usability of the systems.  Subject lines will have to be
embedded in the encrypted message blocks, so the software which sets up
cascaded message commands will need to do this.  More intrusively, I think
all messages will have to be padded to be the same size everywhre in the
remailer network.  We need to pick a size large enough to accomodate most
messages yet not so large that padding all messages to that size will be
too expensive or wasteful.  Then messages bigger than that size will either
be rejected or at least some warning given to the user that his message will
be trackable.

The traffic volume problem should be solved by having a source of random
messages which traverse the network, mixing in with user messages.  This
will help, but you still have the problem that only user messages will leave
the network.

The biggest problem is that many remailers are on unsecure systems.  The PGP
keys and passwords for these remailers are on the disk IN THE CLEAR.  Anyone
who can get privileges on these systems (many hackers, these days, not to
mention the NSA) can get the remailer's keys and decrypt any messages sent
to those remailers.  Karl's monthly posting shows which remailers are on
private machines; those are the only ones which have any hope of being secure
against the NSA.

As I said, I think most of these problems are fixable, or at least can be
significantly improved.  Perhaps after the holidays interested parties can
set up a sub-list to discuss "Mark II" remailers which will more closely
approximate Chaum's vision.

Hal Finney
hfinney@shell.portal.com

Thread