[Remops] Encrypting Remailer filesystem

Grant Taylor gtaylor at tnetconsulting.net
Wed May 29 19:54:25 BST 2019

On 5/29/19 12:42 PM, Lance Cottrell wrote:
> So, we have two choices, store the message encrypted, which will match 
> the known incoming message and can be decrypted to see the outgoing, or 
> we can store the decrypted message and have no stored information about 
> which incoming message it was related to. The later sounds better to me.


> I am implying that an attacker with access to the drive probably has 
> access to keys, memory, etc.
> Yes, that is exactly the conclusion.


> Ok, I see where you are coming from. If this is an ongoing situation, 
> then the attacker can probably get exact mapping between incoming and 
> outgoing messages by watching them in real time on the disk. This is 
> effectively a compromised node.


> For chmod to be a problem, Mixmaster needs to be running on a 
> multi-tenant server along with untrusted other users. That is a bad 
> situation already. Given a privilege escalation attack, they can 
> probably start modifying the code, and grabbing all sorts of info. It 
> seems like an edge case where they just get limited access to the files 
> in the pool.


> Ideally, the operator will discover and fix this. It is also why one 
> should use a good number of hops.


> -Lance

Thank you for the reply confirming ~> explaining things Lance.  :-)

Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4008 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.mixmin.net/pipermail/remops/attachments/20190529/8b1a0308/attachment.bin>

More information about the Remops mailing list