Article 16353 of alt.security: Path: jac.zko.dec.com!crl.dec.com!crl.dec.com!bloom-beacon.mit.edu!spool.mu.edu!usenet.eel.ufl.edu!gatech!howland.reston.ans.net!cs.utexas.edu!swrinde!ihnp4.ucsd.edu!network.ucsd.edu!cthulhu.extern.ucsd.edu!user From: lcottrell@popmail.ucsd.edu (Lance Cottrell) Newsgroups: alt.security Subject: Announcement: Mixmaster 2.0 remailer released! Date: Thu, 04 May 1995 00:07:20 -0700 Organization: Obscura Lines: 99 Message-ID: NNTP-Posting-Host: cthulhu.extern.ucsd.edu -----BEGIN PGP SIGNED MESSAGE----- Announcing the release of Mixmaster 2.0!!! May 3, 1995 Mixmaster is the most advanced anonymous remailer in the world by far. It has several advantages over previous remailers. The most important are: * Standard Messages Size. * Message Reordering * Resistance to Replay Attacks Mixmaster remailers can recognize and forward "cypherpunk" (type 1) remailer messages to any type 1 remailer the operator chooses to install. A reordering package (included with Mixmaster) allows reordering of the type 1 messages as well. Mixmaster requires a client to build the remailer messages. The client and remailer software are available by WWW from and by FTP from nately.ucsd.edu in /pub/remail Read the readme file to find out how to access the export-controlled directory. Mixmaster runs on almost all UNIX platforms. It is only known not to run on Dec Alpha. A detailed analysis of the security of Mixmaster remailers, and a discussion of how they work, is available on http://nately.ucsd.edu/~loki/ Here, briefly, is why message size, reordering, and resistance to replay are important: If remailer messages vary in size, it is trivial for an attacker to follow messages through the remailer net by watching the size of each message into and out of each remailer. Even if "cutmarks" are used, only a fraction of all messages passing through a remailer could be confused with yours. Mixmaster handles messages larger than the standard size (10K) by breaking them up into multiple parts which travel separately to the final remailer in the chain, where they are re-assembled. Before the last remailer there is no way to identify which packets are part of the same message. They are remailed and reordered separately. Without reordering messages can be followed by watching a message enter, and immediately emerge from the remailer. The remailer is even vulnerable after the fact if the system keeps mail logs. The coincidence in time, between incoming and outgoing mail will allow the attacker to see the source and destination of each message through the remailer. Mixmaster reorders messages using a "reordering pool". The remailer stores messages in a pool, rather than mailing them immediately. Periodically the remailer checks the number of messages in the pool. If it is larger than some minimum number, random messages from the pool are mailed until the pool is at the minimum size again. This reordering scheme provides the maximum amount of reordering for the average amount of delay caused. Replay attacks are more complicated, but no other remailer offers any protection against them. If an attacker intercepts your message, it can be followed by sending many copies to the next remailer in the chain, and watching the large number of identical messages exiting the remailer. These will point to the next remailer. The attacker can intercept one of these and repeat the attack until the destination is known. Mixmaster messages have a unique 16 byte identifier for each step in each chain for each message. The Mixmaster remailer keeps a log of these numbers (this information poses no risk and can not be used to track the messages). If the same number is seen again, the remailer will not forward it. Only one copy of any given message will ever be processed by the remailer. Please post this announcement in any group with significant anonymous posting, where this announcement has not been posted before. Do not repost after May 10, 1995. -Lance Cottrell -----BEGIN PGP SIGNATURE----- Version: 2.6 iQCVAwUBL6h8WlVkk3dax7hlAQEJBQP+J8wnLPNu+b91ihtuVpQuouukHTE3mH+c 1zo9JYMqZFDj9OPCuouLwafeDjoWuI2H42S4DLv1RyBEOcePNTN5p5hRnLIDd32I bb7B8TzwBdUKcPp69BE967+tTpeuBT6fS+HOzEhbZL8dnzA/uCZ2aOVUsHw2o/GV 2kI+HbLOLP4= =pr+b -----END PGP SIGNATURE----- -- Lance Cottrell loki@obscura.com PGP 2.6 key available by WWW or server. Encrypted mail welcome. Home page http://nately.ucsd.edu/~loki/ Mixmaster 2.0, the most secure remailer, is available on my WWW page "Love is a snowmobile racing across the tundra. Suddenly it flips over, pinning you underneath. At night the ice weasels come." --Nietzsche