1996-03-05 - Re: (Fwd) Gov’t run anon servers

Header Data

From: Hal <hfinney@shell.portal.com>
To: cypherpunks@toad.com
Message Hash: f893ae811455f7e7bb2660b3ad849e417f5c656d5057d005df99ecd073ec0abe
Message ID: <199603051656.IAA09065@jobe.shell.portal.com>
Reply To: N/A
UTC Datetime: 1996-03-05 19:43:44 UTC
Raw Date: Wed, 6 Mar 1996 03:43:44 +0800

Raw message

From: Hal <hfinney@shell.portal.com>
Date: Wed, 6 Mar 1996 03:43:44 +0800
To: cypherpunks@toad.com
Subject: Re: (Fwd) Gov't run anon servers
Message-ID: <199603051656.IAA09065@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


From: John Perry <perry@vishnu.alias.net>
> Well actually... The passphrase in a mixmaster remailer is defined as
> an environmental variable at compile time. The passphrase is not
> stored in any cleartext fashion but is embedded in the
> executable. Additionally the newer Ghio code (Matt's latest revision)
> has the passphrase defined as an environmental variable in
> remailer.c. Once remailer is compiled, you can delete the passphrase
> from the code. I can't speak for the freedom or other remailers as I
> haven't tried them. It's a little harder to get the key than just
> looking for a cleartext file that contains it. That is, if the
> remailer operator is being careful.

OK, I stand corrected regarding the operation of mixmaster.  However,
this does not gain much security, certainly not in comparison to the
effort involved to break a key.

It will be just as easy to steal the mixmaster executable as to steal a
script file containing a pass phrase.  And it might even be possible to
run the stolen mixmaster directly to decrypt intercepted incoming mail
messages, without even having to type in the pass phrase.  Failing that
the attacker could easily extract the pass phrase from the mixmaster
executable file.

The other suggestion that was made here, that the operator would have to
manually type in the pass phrase every time the computer rebooted, would
be a way of avoiding having the information in the clear on the disk.
However it would probably not be a practical method of operation given
the reliability of at least the Unix operating systems that I am familiar
with.  And even then the information is in memory.  An attacker who could
gain root privileges (and let's not pretend that the NSA can't do that)
can dump memory and later comb it for the key information.

My point remains that strong keys are pointless for remailers which run
on Unix systems connected to the net.

Now if you have your remailer on a PC at home, and you're not running
anything else on it (like http servers), maybe that is safe.  I am not
familiar enough with security holes in such a configuration to judge.
Probably it would depend on what mail-processing software you run, and
the nature of your net connection.

Recall that my original comments were in connection with the claim that
the government was running most of the remailers.  As I said, I still
think that is absurd when it would be so much easier to simply steal
their keys.

Hal





Thread