-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 26/04/12 06:44, Jacob Appelbaum wrote: > Practically, I also think that mixmaster is an example of "great on > paper" and soon we'll see how it works out in the real world. Now > that the FBI is taking nodes left (in New York last week) and right > (in Austria this week) - we'll note that some of these anonymity > properties are coming up for a serious test. For example, if you > don't compose Tor and Mixmaster together, what happens when you're > the only person to ever connect to Mixmaster? I think the answer is > that you're a suspect, cryptographic evidence be damned.
While your point about the importance of non-cryptographic evidence is well taken, the FBI's behaviour in this case is consistent with an investigation looking for cryptographic evidence. Mixmaster doesn't provide forward secrecy - if you've recorded the messages entering and leaving a remailer (which seems plausible for the FBI, especially during the investigation of a long series of bomb threats), you can seize the remailer and use its private key to match incoming and outgoing messages. If the message you're interested in came from another remailer, seize it and repeat. If not, you've found the sender. This attack against Mixmaster has been known about for ten years. If nothing else, I hope this case revives interest in Mixminion... Cheers, Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJPmYTvAAoJEBEET9GfxSfM9akH/0hK+YL20YcLAh3gNRFwliv4 Kuz6kHRzZML4G8lqzjObE/sbEPzEgwZFcgDIi33uflkd5Gzhd2JHyV41BsgRqynC gFKUgUT52Fw4TFKdJvU5S+ww2BT7ejsveG6XKabzJpaHnVG+vj94YhMNED+CjPRt 5fKgkQfAge/NQ9UF0mkigawGGgXTNylcddBN3DJSJ/oWCXOuzMTjZpVMmeKCt/R6 zOGY8uLfaA1VV6YWkMf81suNdPy/ll3nPWF/ipLtGIqDpfefOzGPjbXXsUpW76AD panCl+sMIT0wbbsPwhf//2KEwkRae0h7dIiwYD4kMhIQaH5oKbj3X2VuJBghbt8= =OQTa -----END PGP SIGNATURE----- _______________________________________________ liberationtech mailing list liberationtech@lists.stanford.edu Should you need to change your subscription options, please go to: https://mailman.stanford.edu/mailman/listinfo/liberationtech If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?" You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech Should you need immediate assistance, please contact the list moderator. Please don't forget to follow us on http://twitter.com/#!/Liberationtech
