1994-03-11 - Re: Improvement of remailer security

Header Data

From: boldt@math.ucsb.edu (Axel Boldt)
To: Matthew J Ghio <mg5n+@andrew.cmu.edu>
Message Hash: 1351851bbdf6d2905aed48c5bcc0d09cd1ba81cf9d93d84ccb5a04d75f6fc073
Message ID: <9403112246.AA14599@emile>
Reply To: <0hU0Y5y00awMF4PmwP@andrew.cmu.edu>
UTC Datetime: 1994-03-11 22:49:41 UTC
Raw Date: Fri, 11 Mar 94 14:49:41 PST

Raw message

From: boldt@math.ucsb.edu (Axel Boldt)
Date: Fri, 11 Mar 94 14:49:41 PST
To: Matthew J Ghio <mg5n+@andrew.cmu.edu>
Subject: Re: Improvement of remailer security
In-Reply-To: <0hU0Y5y00awMF4PmwP@andrew.cmu.edu>
Message-ID: <9403112246.AA14599@emile>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 11 Mar 1994 01:00:37 -0500 (EST), Matthew J Ghio
<mg5n+@andrew.cmu.edu> said:

> boldt@math.ucsb.edu (Axel Boldt):

>> Even the current pgp encryption scheme offered by some remailers
>> doesn't help much, once the incoming and outgoing messages are
>> known: just take the outgoing message from the remailer, encrypt
>> it with the remailer's public key, compare this to the incoming
>> messages and you know who sent this message (repeat if a chain
>> of remailers was used).

> Nope...  PGP encrypts the message with a random IDEA key, and then
> encrypts the IDEA key with RSA.  You'd have to guess which IDEA key was
> used, and encrypt that with RSA.  The SS couldn't guess 2^128 possible
> IDEA keys [...]

Thanks for pointing this out. I wasn't aware of the fact that pgp
encrypting is not deterministic in the sense that encrypting the same
message with the same public key need not result in the same output.

I guess that makes my whole suggestion pointless.

Axel


P.S. Pardon my ignorance: Doesn't this scheme you describe above make
the random generator the most attackable part of pgp encryption,
thereby sidestepping the whole RSA stuff?





Thread