> Dave Bird wrote: > In article <[EMAIL PROTECTED]>, Dave Bird > <[EMAIL PROTECTED]> writes >> In article <[EMAIL PROTECTED]>, Pete Chown >> <[EMAIL PROTECTED]> writes > > P.S. I don't know exactly how mixmaster works, but you could > really mess up traffic analysis like this. Remailer#1 > gets a digest with say KByte plaintext blocks from different > messages encrypted to it. It can unwrap this and rearrange blocks > into each whole message. It now has a message pool from > packages various people sent it. Most have onward destinations > to other remailers, and it repeats the process of chopping up > messages and sending them a digest of blocks. This is a bit > more than mixmaster currently does (I think), because many > people don't start as mixmaster packages at the user. In and > out are always the weakest points, because then blocks will at > least assemble into messages from the same sender or to the > same recipient.
It might help, but if there are laws requiring _all_ ISP's, remailers, and mixmasters to reveal everything, which is where it seems we may be going, then it will do no good. Only public anonymity systems will work here (public refers to _all_ the workings of the communication system being public, with the exception of your own internal processing of data. I assume you trust yourself, and can secure your own computer/brain). All non-public systems (most of the usual anonymity systems except stego) rely on some function being _secretly_ done by a "trusted" third party, perhaps with only one out out many possible TTP's actually being trustable. This has in the past been a good assumption in many cases, but if worldwide leglislation imposes mass disclosure requirements it may no longer be tenable. Here public anonymity becomes important. In a good public anonymity system it should be possible for Alice to send Bob a message when all the other players are possible spies for (insert here), and for it to be impossible for anyone, _including Bob_, to prove Alice sent any messages at all. This is hard, it is much easier if Alice can trust Bob, but it may be necessary to assume Bob is potentially an enemy/traitor. (challenge for any budding cryptologists, or even established ones - describe a secure public anonymity system where Bob is not trusted. Case of beer for any better solutions than mine, or a case for the best solution anyway. I will post mine later, it's not that good, this is brainstorming not STO.) -- Peter Fairbrother [EMAIL PROTECTED] --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
