| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20030822124642.GA35469@lightship.internal.homeport.org> From: adam at homeport.org (Adam Shostack) Subject: JAP back doored On Fri, Aug 22, 2003 at 01:46:23AM +0200, Florian Weimer wrote: | Adrian Nutz <list@...z.ch> writes: | > There should be mixes in many different countries, if possible most of | > them shouldn't have any kind of treaties that allow a fast reaction from | > the police in this countries if some other country wants logs. | | Performance would suck, too. That's why the Dresden-Dresden cascade | is so popular, despite it's principal problem. A couple of comments, which I'll then connect. Performance was the number one complaint about Zero-Knowledge's Freedom network. There is no exponential term in MIX traffic. That means that if you try to ensure that all traffic leaves the network quickly (so you can say, web browse), then your attacker only needs to analyze traffic over a few seconds, and that's easy. Simple attacks work really well on real time mix chains of any length that TCP timeouts are likely to allow. As such, I'm actually very suprised that the German police bothered with this compelled back door stuff. Perhaps they failed to talk to their national technical experts, or their experts failed to tell them how easy traffic analysis is for them. Is there a political motive? Are we about to see legal attacks on high latency mixes? Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
Powered by blists - more mailing lists