1995-11-09 - Re: PGP Comment feature weakens remailer security

Header Data

From: Raph Levien <raph@CS.Berkeley.EDU>
To: stewarts@ix.netcom.com
Message Hash: f0fab3a8b4b6fb05444de92fd8749681b2bdff04275b46f0fe029cc1ee302660
Message ID: <199511081943.LAA24863@kiwi.cs.berkeley.edu>
Reply To: <199511080454.UAA05765@jobe.shell.portal.com>
UTC Datetime: 1995-11-09 00:44:18 UTC
Raw Date: Thu, 9 Nov 1995 08:44:18 +0800

Raw message

From: Raph Levien <raph@CS.Berkeley.EDU>
Date: Thu, 9 Nov 1995 08:44:18 +0800
To: stewarts@ix.netcom.com
Subject: Re: PGP Comment feature weakens remailer security
In-Reply-To: <199511080454.UAA05765@jobe.shell.portal.com>
Message-ID: <199511081943.LAA24863@kiwi.cs.berkeley.edu>
MIME-Version: 1.0
Content-Type: text/plain


   Point well taken.

   I'm seriously considering completely disabling the PGP comment
feature when invoked from premail. In fact, that's what the new code
does right now.

   On an unrelated topic... cypherpunks like to count bits, right?
What is the correct number of pseudorandom bits to use in a MIME
multipart separator? If the data has a line which matches the
separator, the message is corrupted. Of course, if you can take
multiple passes through the data, you can simply verify that it does
not contain a line which matches the separator. But if you're
restricted to a single pass, then the only way to do it is to use a
randomly generated separator.
   I figure that 128 bits should _definitely_ be enough (that's what
is in the new premail code now). Even 64 bits should ensure that it is
unlikely that anyone will ever experience message corruption over the
expected lifetime of premail. However, it makes me nervous. What do
people think?

Raph

Thread

• Return to November 1995

• Return to “Andreas Bogk <andreas@artcom.de>”
• Return to “anonymous-remailer@shell.portal.com”
• Return to “Jon Lasser <jlasser@rwd.goucher.edu>”
• Return to “Lance Cottrell <loki@obscura.com>”
• Return to “Laurent Demailly <dl@hplyot.obspm.fr>”
• Return to “NetSurfer <netsurf@pixi.com>”
• Return to ““Perry E. Metzger” <perry@piermont.com>”

• Return to “Raph Levien <raph@CS.Berkeley.EDU>”

• 1995-11-08 (Wed, 8 Nov 1995 13:21:55 +0800) - PGP Comment feature weakens remailer securityPGP Comment feature weakens remailer security - anonymous-remailer@shell.portal.com
  • 1995-11-09 (Thu, 9 Nov 1995 08:44:18 +0800) - Re: PGP Comment feature weakens remailer security - Raph Levien <raph@CS.Berkeley.EDU>
    • 1995-11-09 (Thu, 9 Nov 1995 09:52:24 +0800) - Re: PGP Comment feature weakens remailer security - Lance Cottrell <loki@obscura.com>
    • 1995-11-09 (Thu, 9 Nov 1995 10:44:36 +0800) - Re: PGP Comment feature weakens remailer security - Raph Levien <raph@CS.Berkeley.EDU>
      • 1995-11-09 (Thu, 9 Nov 1995 22:34:33 +0800) - Re: PGP Comment feature weakens remailer security - “Perry E. Metzger” <perry@piermont.com>
        • 1995-11-09 (Fri, 10 Nov 1995 02:20:49 +0800) - Small keysizes do make sense (was PGP Comment weakens…) - Raph Levien <raph@CS.Berkeley.EDU>
          • 1995-11-09 (Fri, 10 Nov 1995 04:32:17 +0800) - Re: Small keysizes do make sense (was PGP Comment weakens…) - “Perry E. Metzger” <perry@piermont.com>
            • 1995-11-09 (Fri, 10 Nov 1995 06:03:59 +0800) - Re: Small keysizes do make sense (was PGP Comment weakens…) - Raph Levien <raph@CS.Berkeley.EDU>
          • 1995-11-10 (Sat, 11 Nov 1995 01:45:44 +0800) - Re: Small keysizes do make sense (was PGP Comment weakens…) - Andreas Bogk <andreas@artcom.de>
        • 1995-11-09 (Fri, 10 Nov 1995 05:56:29 +0800) - Re: PGP Comment feature weakens remailer security - Jon Lasser <jlasser@rwd.goucher.edu>
  • 1995-11-09 (Thu, 9 Nov 1995 08:54:31 +0800) - Re: PGP Comment feature weakens remailer security - NetSurfer <netsurf@pixi.com>
  • 1995-11-09 (Thu, 9 Nov 1995 22:15:26 +0800) - Mime/multipart (was Re: PGP Comment feature weakens remailer security) - Laurent Demailly <dl@hplyot.obspm.fr>
    • 1995-11-09 (Fri, 10 Nov 1995 02:10:07 +0800) - Re: Mime/multipart (was Re: PGP Comment feature weakens remailer security) - Raph Levien <raph@CS.Berkeley.EDU>