[cryptography] Potential funding for crypto-related projects

James A. Donald jamesd at echeque.com
Mon Jul 1 17:41:49 EDT 2013


On 2013-07-01 9:50 PM, Ben Laurie wrote:
> On 1 July 2013 12:32, Tom Ritter <tom at ritter.vg> wrote:
>> On 1 July 2013 05:04, Ben Laurie <ben at links.org> wrote:
>>> On 1 July 2013 01:55, Jacob Appelbaum <jacob at appelbaum.net> wrote:
>>>> So then - what do you suggest to someone who wants to leak a document to
>>>> a press agency that has a GlobaLeaks interface?
>>> I would suggest: don't use GlobalLeaks, use anonymous remailers.
>>> Bottom line: Tor is weak against powerful adversaries because it is
>>> low latency. High latency mixes are a lot safer.
>>>
>>> GlobalLeaks should have an email API, IMO.
>> Having looked a lot at the current remailer network, and a bit at
>> GlobaLeaks - I'm going to wade in and disagree here. (Although this
>> thread has gotten woefully off topic after I've bumped it. =/)  Ben: I
>> love mix networks. I've been learning everything I can about them, and
>> have been researching them voraciously for a couple years.[0]  But IMO
>> the theoretical gains of high latency *today* are weaker than the
>> actual gains of low latency *today*.
>>
>> Virtually all remailer use is Mixmaster, not Mixminion.  If you want
>> to use anything but a CLI on Linux - you're talking Mixmaster.  So I'm
>> assuming you mean that.  Mixmaster uses a very, very recognizable SMTP
>> envelope, that often goes out with no TLS, let alone no PFS.  There's
>> also precious few people actually using it.  And finally, if you look
>> at the public attacks on remailers (the unfortunate bombing threats of
>> last summer) and Tor (the Jeremy Hammond case) - you see that Feds are
>> willing to go on fishing expeditions for remailers, but less so Tor.
>> Tor was traffic confirmation, Remailers was fishing.[1]
>>
>> Compare to GlobaLeaks.  Tor Hidden Service, Tor network.  The two
>> biggest threats are Traffic Correlation and the recent attacks on
>> Hidden Services.
>>
>> Assume a Globally Passive Adversary logging all SMTP envelopes
>> (because... they are. So don't assume, know.).  Now assume a leak
>> arrives over email.  Light up all the nodes who sent a message via
>> Mixmaster within a couple days, and you'll get at most, a couple
>> hundred.  Now dim all the lights who've never sent a mixmaster message
>> before.  You'll get a couple.  That's enough to investigate them all
>> using traditional methods.
>>
>> Now you *do* have to assume a GPA who's logging all Tor traffic.  It's
>> possible.  Some would even say it's probable.  But we've seen no
>> evidence. Do the same light-up.  You get a hundreds if not thousands
>> of nodes.  Too many to investigate traditionally.  And to do Traffic
>> Confirmation, you need to identify the Hidden Service.  And there's
>> the issue that it's not trivial to do traffic confirmation.
>>
>> Oh and there's also the little problem of sending anything over 10,236
>> bytes via Mixmaster splits the message into multiple messages that all
>> emanate from your machine which makes it wildly probable some won't
>> arrive, and also drastically makes you stand out the crazy person
>> who's trying to send anything other than text through Mixmaster.
>>
>> I'm not saying GlobaLeaks+Tor is safe.  I'm saying I think our current
>> remailer network is wildly unsafe.  (Now what I think about fixing
>> it... that's a whole other story, for a whole other time.)
> You are probably right - remailers are not what they used to be.
>
> The more interesting point is high vs low latency. I really like the
> idea of having a high-latency option in Tor. It would still need to
> have a lot of users to actually be useful, though. But it seems there
> are various protocols that would be ore high-latency-friendly than
> HTTP - SMTP, of course, and XMPP spring to mind.

One solution would be to have an anonymizing remailer inside  tor as a 
hidden service.  You send emails to that service.  A random time later, 
they are sent to their destination.



>
>> -tom
>>
>> [1] https://crypto.is/blog
>> http://defcon.org/html/defcon-21/dc-21-speakers.html#Ritter
>> [1] If you don't like my last argument, fine, ignore it, and work with
>> the others.
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
>



More information about the cryptography mailing list