Hi all, Recently there has been some discussion off-list about a possible alternative to the eSub function in Mixmaster I thought it would be a good idea to open these discussions to a broader audience and hopefully stimulate some useful discussion.
What is eSub: ------------- eSub is an abbreviation for Encrypt Subject. Its function is to produce a seemingly random Subject header that acts to identify messages in a shared mailbox to their owner without an observer being able to link messages by ownership. The eSub function produces a 192bit hex encoded Subject header as follows: _______________________________________________________ | | | | random iv | encrypt(md5(subject),md5(key),iv) | | 64 bits | 128 bits | |_______________|_______________________________________| Type-I is considered broken from an anonymity perspective but no practical alternative currently exists for two-way pseudonymous Email. A shared mailbox, (such as the Usenet group alt.anonymous.messages) provides the best practical solution for current pseudonym account holders. Without eSub functionality these messages can be linked to a common owner simply by comparing the plain-text Subject. What's wrong with eSub? ----------------------- eSub relies on the International Data Encryption Algorithm (IDEA). Due to patent issues this cipher is usually not compiled into pre-built packages, (such as OpenSSL) that Mixmaster and other applications require to support eSub. This leaves Mixmaster remailer operators with the choice of not supporting eSub or compiling their own packages. Not to mention the issue of actually using the patented cipher. eSub is also odd in that it uses encryption to produce a form of secure Hash. The encrypted subject is never decrypted, each one in a common mailbox is simply compared against another eSub generated using the same IV. If the plain text Subject and key match, the generated eSub and the one being compared will match. Proposed alternative: --------------------- As an alternate option to the existing eSub, we are considering hSub (Hashed Subject). The hSub is constructed as follows: _________________________________ | | | | random iv | SHA1 'iv + subject' | | 64bit | 160bit | |___________|_____________________| This functions much like the eSub but without the need for a separate Subject and key. An example hSub generator and checker in Python can be found here: http://www.bananasplit.info/nymgrind/news2maildir/hsub.py Questions: ---------- Is SHA1 secure enough? In this instance, SHA1 is fine. If someone wanted to spend the time and effort of generating a colliding hSub, the only result would be tricking a nymuser into trying to decrypt a message that wasn't their own. Hey, there's no secret key in hSub! Where's the security in that? In eSub, the Encrypt-Subject key serves little purpose as it's known to the remailer performing the eSub, just like the Subject it is encrypting. Neither hSub nor eSub solve the problem that a node in the Reply-Block is in possession of all the information required to link messages to a specific owner. There's little point in solving this when the entire message arrives at the nymserver in plain-text anyway. The length of hSub and eSub encoded subjects is different, does this partition users? Yes it does. For this reason we're considering trimming the SHA1 element of the hSub to 128bits so it's indiscernible from an eSub. The other option is to live with the partitioning until such time as eSub can be retired. -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments
signature.asc
Description: Digital signature
------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects
_______________________________________________ Mixmaster-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/mixmaster-devel
