From: Hal <hfinney@shell.portal.com>
To: cypherpunks@toad.com
Message Hash: 481a65df88ece03803f35a88608844e45e5aef481b5eee8add4c4b7c44197620
Message ID: <199603041852.KAA01295@jobe.shell.portal.com>
Reply To: N/A
UTC Datetime: 1996-03-04 21:37:10 UTC
Raw Date: Tue, 5 Mar 1996 05:37:10 +0800
From: Hal <hfinney@shell.portal.com>
Date: Tue, 5 Mar 1996 05:37:10 +0800
To: cypherpunks@toad.com
Subject: Re: (Fwd) Gov't run anon servers
Message-ID: <199603041852.KAA01295@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain
I have run two remailers for about three years now, and I have never been
contacted in any way by law enforcement or government people in relation
to the operation of the remailers, or of any mail which has been sent
through them. I get a fair number of complaints by private individuals,
but I have never heard anything from the government.
However, if I were a computer-savvy law enforcement agent, and I wanted
to track messages through one of my remailers, I would try a
technological approach. I would first break the key for my remailer.
That is trivial. The passphrase is in PLAINTEXT in the script file
which runs the remailer!. It has to be. That is true of all automated
remailers. Anyone who can break into the remailer server and acquire
root permission can find the remailer secret key. My keys have been
unchanged for three years. Surely some enterprising hackers have
stolen the keys by now.
(That is why my keys are only < 512 bits.)
Then the LEA has to insert mail-monitoring software somewhere either in
the remailer system or on some connection to it. That is probably more
difficult and may require cooperation from a system manager somewhere. I
don't really know how hard it would be. But breaking the key is the easy
part.
Hal
Return to March 1996
Return to “John Perry <perry@vishnu.alias.net>”