[Remops] Encrypting Remailer filesystem
Grant Taylor
gtaylor at tnetconsulting.net
Wed May 29 19:54:25 BST 2019
On 5/29/19 12:42 PM, Lance Cottrell wrote:
> So, we have two choices, store the message encrypted, which will match
> the known incoming message and can be decrypted to see the outgoing, or
> we can store the decrypted message and have no stored information about
> which incoming message it was related to. The later sounds better to me.
ACK
> I am implying that an attacker with access to the drive probably has
> access to keys, memory, etc.
>
> Yes, that is exactly the conclusion.
ACK
> Ok, I see where you are coming from. If this is an ongoing situation,
> then the attacker can probably get exact mapping between incoming and
> outgoing messages by watching them in real time on the disk. This is
> effectively a compromised node.
Agreed.
> For chmod to be a problem, Mixmaster needs to be running on a
> multi-tenant server along with untrusted other users. That is a bad
> situation already. Given a privilege escalation attack, they can
> probably start modifying the code, and grabbing all sorts of info. It
> seems like an edge case where they just get limited access to the files
> in the pool.
Fair.
> Ideally, the operator will discover and fix this. It is also why one
> should use a good number of hops.
Agreed.
> -Lance
Thank you for the reply confirming ~> explaining things Lance. :-)
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4008 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.mixmin.net/pipermail/remops/attachments/20190529/8b1a0308/attachment.bin>
More information about the Remops
mailing list