[Remops] Encrypting Remailer filesystem
gtaylor at tnetconsulting.net
Wed May 29 19:54:25 BST 2019
On 5/29/19 12:42 PM, Lance Cottrell wrote:
> So, we have two choices, store the message encrypted, which will match
> the known incoming message and can be decrypted to see the outgoing, or
> we can store the decrypted message and have no stored information about
> which incoming message it was related to. The later sounds better to me.
> I am implying that an attacker with access to the drive probably has
> access to keys, memory, etc.
> Yes, that is exactly the conclusion.
> Ok, I see where you are coming from. If this is an ongoing situation,
> then the attacker can probably get exact mapping between incoming and
> outgoing messages by watching them in real time on the disk. This is
> effectively a compromised node.
> For chmod to be a problem, Mixmaster needs to be running on a
> multi-tenant server along with untrusted other users. That is a bad
> situation already. Given a privilege escalation attack, they can
> probably start modifying the code, and grabbing all sorts of info. It
> seems like an edge case where they just get limited access to the files
> in the pool.
> Ideally, the operator will discover and fix this. It is also why one
> should use a good number of hops.
Thank you for the reply confirming ~> explaining things Lance. :-)
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4008 bytes
Desc: S/MIME Cryptographic Signature
More information about the Remops