1996-03-05 - Re: (Fwd) Gov’t run anon servers

Header Data

From: tcmay@got.net (Timothy C. May)
To: cypherpunks@toad.com
Message Hash: 33169e2c3787e3485dff3ea5b38694cb3fc6a90ea762016567b0e6d378126a26
Message ID: <ad60b7a50a0210048ed0@[205.199.118.202]>
Reply To: N/A
UTC Datetime: 1996-03-05 02:59:32 UTC
Raw Date: Tue, 5 Mar 1996 10:59:32 +0800

Raw message

From: tcmay@got.net (Timothy C. May)
Date: Tue, 5 Mar 1996 10:59:32 +0800
To: cypherpunks@toad.com
Subject: Re:  (Fwd) Gov't run anon servers
Message-ID: <ad60b7a50a0210048ed0@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


At 9:10 PM 3/4/96, jim bell wrote:
>At 10:52 AM 3/4/96 -0800, Hal wrote:

>>That is trivial.  The passphrase is in PLAINTEXT in the script file
>>which runs the remailer!.  It has to be.  That is true of all automated
>>remailers.
>
>Maybe I just don't know much about automated remailers, but I don't
>understand why you said that the passphrase "has to be" in plaintext in the
>script file.  I find this hard to believe.  While I am far from an expert on
>cryptographic matters, I would assume that any received attempt at a
>password could be securely hashed (128 bits?) and compared with a pre-stored
>hash value.   If it's the same, it's assumed that the password was correct.

The "passphrase" is not for access to the remailer, but so that the
remailer can itself decrypt incoming messages encrypted to its public key.
An automated remailer is like a little guy sitting at the machine, taking
in incoming messages, decrypting the ones that are addressed to him, and
taking furhter actions.

In Chaum's hardware-based "digital mix," the scripts, etc., for this are
stored in tamper-resistant hardware, making the attack Hal describes much
harder. (Chaum was thinking that mixes needed hardware security about 15
years ago.)

Unix-based remailers, and the like, don't rely on secure hardware.

We've talked about possible hardware security measures, even those that
only rely on physical box security. A box that does decryption, mixing,
readdressing, etc., without being part of a Unix file system/network, could
be a useful "Mom and Pop remailer" (the idea being that small shop owners,
"Mom and Pop," could set this up, collect a little bit of spare change as a
remailing fee, and not even have access to the internal state of the
machine themselves.

At a Cypherpunks meeting a couple of years ago we spent some time
brainstorming this. It seemed plausible that a small outfit could make such
"remailer boxes" and sell them cheaply. (Hardware prices have plunged even
further.)

--Tim May

Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









Thread