From: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Message Hash: 9e51604b0a2e775005024a0354422dc7673973f12a56010020fbfbb3a8ee2820
Message ID: <ad6127500102100411d6@[132.162.233.188]>
Reply To: N/A
UTC Datetime: 1996-03-09 05:13:27 UTC
Raw Date: Sat, 9 Mar 1996 13:13:27 +0800
From: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
Date: Sat, 9 Mar 1996 13:13:27 +0800
To: cypherpunks@toad.com (Cypherpunks Mailing List)
Subject: Remailer Security
Message-ID: <ad6127500102100411d6@[132.162.233.188]>
MIME-Version: 1.0
Content-Type: text/plain
At 11:06 PM 03/04/96, lmccarth@cs.umass.edu wrote:
>Bottom line: if you can crack (say) the 8-character Unix passphrase for a
>remailer account, you have full access to the remailer's secrets and all the
>opportunities that presents. Good remailer account passphrases are
>important.
Um, there's no reason why your remailer's account needs to be logged into
interactively, is there? Seems like remailer ops should disable login to
remailer accounts, putting '*' into the password field in /etc/passwd, or
however unix lets you disable login (I know it does).
Obviously, the general security risk of someone gaining unauthorized access
to the remailer executable or data files is still there, and important to
keep in mind. But this would seem to be a fairly logical security measure.
Return to March 1996
Return to “jrochkin@cs.oberlin.edu (Jonathan Rochkind)”
1996-03-09 (Sat, 9 Mar 1996 13:13:27 +0800) - Remailer Security - jrochkin@cs.oberlin.edu (Jonathan Rochkind)