cryptoanarchy.wiki

Arise, you have nothing to lose but your barbed wire fences!

1995-11-09 - Re: PGP Comment feature weakens remailer security

Header Data

From: Lance Cottrell <loki@obscura.com>
To: Raph Levien <raph@CS.Berkeley.EDU>
Message Hash: 87abd966f189d3466ae6c808668ef0f6d9b249e7955cebd08eb5744d886755b4
Message ID: <Pine.3.89.9511081605.A20339-0100000@obscura.com>
Reply To: <199511081943.LAA24863@kiwi.cs.berkeley.edu>
UTC Datetime: 1995-11-09 01:52:24 UTC
Raw Date: Thu, 9 Nov 1995 09:52:24 +0800

Raw message

From: Lance Cottrell <loki@obscura.com>
Date: Thu, 9 Nov 1995 09:52:24 +0800
To: Raph Levien <raph@CS.Berkeley.EDU>
Subject: Re: PGP Comment feature weakens remailer security
In-Reply-To: <199511081943.LAA24863@kiwi.cs.berkeley.edu>
Message-ID: <Pine.3.89.9511081605.A20339-0100000@obscura.com>
MIME-Version: 1.0
Content-Type: text/plain


I think you are fine if the odds of corrupting the message are less than 
the odds of getting hit by a a falling meteor while running the program. 
In general there is little point in making any one part of the system 
many orders of magnitude more reliable than any other part.

	-Lance


On Wed, 8 Nov 1995, Raph Levien wrote:

>    Point well taken.
> 
>    I'm seriously considering completely disabling the PGP comment
> feature when invoked from premail. In fact, that's what the new code
> does right now.
> 
>    On an unrelated topic... cypherpunks like to count bits, right?
> What is the correct number of pseudorandom bits to use in a MIME
> multipart separator? If the data has a line which matches the
> separator, the message is corrupted. Of course, if you can take
> multiple passes through the data, you can simply verify that it does
> not contain a line which matches the separator. But if you're
> restricted to a single pass, then the only way to do it is to use a
> randomly generated separator.
>    I figure that 128 bits should _definitely_ be enough (that's what
> is in the new premail code now). Even 64 bits should ensure that it is
> unlikely that anyone will ever experience message corruption over the
> expected lifetime of premail. However, it makes me nervous. What do
> people think?
> 
> Raph
> 

----------------------------------------------------------
Lance Cottrell   loki@obscura.com
PGP 2.6 key available by finger or server.
Mixmaster, the next generation remailer, is now available!
http://obscura.com/~loki/Welcome.html or FTP to obscura.com

"Love is a snowmobile racing across the tundra.  Suddenly
it flips over, pinning you underneath.  At night the ice
weasels come."
                        --Nietzsche
----------------------------------------------------------

Thread