From: John Perry <perry@vishnu.alias.net>
To: Hal <hfinney@shell.portal.com>
Message Hash: 265e4fcc2f20558f17b4a81547d359ffddcc1c46894db6ec6775ac66cd655c36
Message ID: <199603051202.GAA21522@vishnu.alias.net>
Reply To: <199603041852.KAA01295@jobe.shell.portal.com>
UTC Datetime: 1996-03-05 12:14:45 UTC
Raw Date: Tue, 5 Mar 1996 20:14:45 +0800
From: John Perry <perry@vishnu.alias.net>
Date: Tue, 5 Mar 1996 20:14:45 +0800
To: Hal <hfinney@shell.portal.com>
Subject: Re: (Fwd) Gov't run anon servers
In-Reply-To: <199603041852.KAA01295@jobe.shell.portal.com>
Message-ID: <199603051202.GAA21522@vishnu.alias.net>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Hal" == Hal <hfinney@shell.portal.com> writes:
Hal> However, if I were a computer-savvy law enforcement agent,
Hal> and I wanted to track messages through one of my remailers, I
Hal> would try a technological approach. I would first break the
Hal> key for my remailer. That is trivial. The passphrase is in
Hal> PLAINTEXT in the script file which runs the remailer!. It
Hal> has to be. That is true of all automated remailers. Anyone
Hal> who can break into the remailer server and acquire root
Hal> permission can find the remailer secret key. My keys have
Hal> been unchanged for three years. Surely some enterprising
Hal> hackers have stolen the keys by now.
Well actually... The passphrase in a mixmaster remailer is defined as
an environmental variable at compile time. The passphrase is not
stored in any cleartext fashion but is embedded in the
executable. Additionally the newer Ghio code (Matt's latest revision)
has the passphrase defined as an environmental variable in
remailer.c. Once remailer is compiled, you can delete the passphrase
from the code. I can't speak for the freedom or other remailers as I
haven't tried them. It's a little harder to get the key than just
looking for a cleartext file that contains it. That is, if the
remailer operator is being careful.
John Perry - KG5RG - perry@vishnu.alias.net - PGP-encrypted e-mail welcome!
WWW - http://www.alias.net
PGP 2.62 key for perry@vishnu.alias.net is on the keyservers.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQEVAwUBMTwtPqghiWHnUu4JAQGN6wf+NWPn++V/D1kFCp71kDLTe/pNA97n+21L
RLaOxWkq7+9K1zBIFHrzQYpJa9msud75gpNUq1s1LxzJAPY0BlCNIvqby9e7DMA/
aM6hhPUoQwljZ4SmE6ZmdFfPHz9ZchVclKUpepTv0melLEpc8Pv62eA9X1iFQMam
exIbObjYD1AFYp/6O5tAKh4m+mC0bmH64O4zkXLp9tbDKUPDjdkdN9lOMfjO1oFj
xJ+LCwtyA9YZxsD7GBklcd46ltiEQyrpV8PjwNJAvfIvPnplyfsvxBpg58zOF7t6
JGBj5DVk1Eyaw4sIMK6a9y/aDmkyVJVQVYozMigSS+UPKJsMCLQQFQ==
=qrrn
-----END PGP SIGNATURE-----
Return to March 1996
Return to “John Perry <perry@vishnu.alias.net>”