[Remops] mixmaster's 1024-bit RSA is getting old

Lance Cottrell loki at obscura.com
Tue Oct 29 16:39:41 GMT 2013 

This is an excellent proposal.

In practice, no one uses more than a few hops for real messages. I suspect that 5 is the realistic upper limit to ensure reasonable delivery time and reliability.
I really went over the top in using 20 header blocks.

Roll out will be a key. One does not want client software that only has one or two servers through which it could route, nor would one want to be one of only a few few users of the new key size, since that would be easily tracked as well.

	-Lance 

--
Lance Cottrell
loki at obscura.com



On Oct 29, 2013, at 2:34 AM, Steve Crook <steve at mixmin.net> wrote:

> On Tue, Oct 29, 2013 at 02:15:09AM +0000, lists at notatla.org.uk wrote:
>> Mixmaster has long used 1024-bit RSA with a packet format that allows
>> a maximum of 20 hops; each encrypted with a different RSA key.  The
>> data for each hop occupies 512 bytes.
>> 
>> Given the declining protection offered by a key size from the 1990s I
>> decided to investigate adapting mixmaster to use 2048-bit keys (each
>> in a larger header block) at a cost of reducing the longest chain to
>> 10 hops.
>> 
>> It turned out possible to exceed this goal.  By using a header of
>> 1024 bytes (max 10 hops) new code can use key sizes of 2048, 3072
>> and 4096 for RSA.  E.g. 10 hops of 4096; or 2 of 1024 and 9 of 4096.
>> (Key generation might be "mixmaster -G --size=4096 --lifetime=90".)
>> The default size in the new code is 2048 bits.
> Coincidentally we appear to have arrived at very similar solutions.
> I've also got a working Mixmaster alternative that uses 10 headers of
> 1024 bytes each.  This adds support for up to 4096-bit RSA keys and
> maintains the same overall packet size of 20480 bytes.
> 
> My spec is:
> 
> Packet Info (256 Bytes):-
> Packet type 0 (intermediate hop):
>    [ 9 Initialization vectors     144 bytes ]
>    [ Next address                 112 bytes ]
> 
> Packet type 1 (final hop):
>    [ Chunk number                   1 byte  ]
>    [ Number of chunks               1 byte  ]
>    [ Message ID                    16 bytes ]
>    [ Initialization vector         16 bytes ]
>    [ Padding                      222 bytes ]
> 
> Mixmaster currently has three Packet Types but I couldn't see the point
> of seperating Exit and Chunked Exit when Exit can just be a single Chunk.
> 
> Encrypted Header (384 Bytes):
>    [ Packet ID                     16 bytes ]
>    [ AES key                       32 bytes ]
>    [ Packet type identifier         1 byte  ]
>    [ Packet Info                  256 bytes ]
>    [ Timestamp                      2 bytes ]
>    [ Padding                       13 bytes ]
>    [ SHA2-512 Message digest       64 bytes ]
> 
> Header (1024 Bytes):
>    [ Public key ID                 16 bytes ]
>    [ Length of RSA-encrypted data   2 bytes ]
>    [ RSA-encrypted session key    512 bytes ]
>    [ Initialization vector         16 bytes ]
>    [ Encrypted header part        384 bytes ]
>    [ Padding                       30 bytes ]
>    [ SHA2-512 Message digest       64 bytes ]
> 
> Payload:
>    [ Length                         2 bytes ]
>    [ SHA2-512 Message Digest       64 bytes ]
>    [ Content                    10174 bytes ]
> 
> This is currently only something I'm playing with so it should be easy
> to modify it to concur with your specification.
> 
> I'm also looking at using HTTP as a transport instead of SMTP.  The
> justification for this being that HTTP is used extensively on the Tor
> network.  This should make it very easy to run remailers as Tor Location
> Hidden Services.
> 
>> Actions:
>> 1.  To review and discuss the code please use Mixmaster-devel at lists.sourceforge.net
>>    (still a  useful place to hold discussion although the SF maintainers are inactive ).
>> 2.  To discuss testing and deployment use Remops at lists.mixmin.net (it would be helpful
>>    to have some short-term test remailers even if they were not to remain long term.)
>>    Some traffic may be relevant on both those lists and maybe also cryptography at metzdowd.com .
>> 3.  Development of a more advanced remailer needs a lead maintainer:
>>    mixminion-dev at seul.org
>>    http://mixminion.net/
>>    https://github.com/nmathewson/mixminion
>> 4.  Restore freedom to the galaxy!
>> 
>> Code location:
>> http://www.zen19351.zen.co.uk/mixmaster302/mixmaster-3.0.2.tar.gz
>> SHA256(mixmaster-3.0.2.tar.gz)= a88b93ea21c42ff588db6bc506b3e6eea4e8eb666d5a90beb1dd785b7e0920ed
> Thanks very much for your efforts, I'll take a look and provide some
> feedback.
> _______________________________________________
> Remops mailing list
> Remops at lists.mixmin.net
> http://lists.mixmin.net/mailman/listinfo/remops

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mixmin.net/pipermail/remops/attachments/20131029/0cadc233/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4877 bytes
Desc: not available
URL: <http://lists.mixmin.net/pipermail/remops/attachments/20131029/0cadc233/attachment.bin>

More information about the Remops mailing list