From: jim bell <jimbell@pacifier.com>
Date: Tue, 5 Mar 1996 08:33:57 +0800
To: Hal <cypherpunks@toad.com
Subject: Re:  (Fwd) Gov't run anon servers
Message-ID: <m0tthV7-000915C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 10:52 AM 3/4/96 -0800, Hal wrote:

>However, if I were a computer-savvy law enforcement agent, and I wanted
>to track messages through one of my remailers, I would try a
>technological approach.  I would first break the key for my remailer.
>That is trivial.  The passphrase is in PLAINTEXT in the script file
>which runs the remailer!.  It has to be.  That is true of all automated
>remailers. 

Maybe I just don't know much about automated remailers, but I don't 
understand why you said that the passphrase "has to be" in plaintext in the 
script file.  I find this hard to believe.  While I am far from an expert on 
cryptographic matters, I would assume that any received attempt at a 
password could be securely hashed (128 bits?) and compared with a pre-stored 
hash value.   If it's the same, it's assumed that the password was correct.

What's wrong with this?