<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">This is an excellent proposal.<div><br></div><div>In practice, no one uses more than a few hops for real messages. I suspect that 5 is the realistic upper limit to ensure reasonable delivery time and reliability.</div><div>I really went over the top in using 20 header blocks.</div><div><br></div><div>Roll out will be a key. One does not want client software that only has one or two servers through which it could route, nor would one want to be one of only a few few users of the new key size, since that would be easily tracked as well.</div><div><br></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>-Lance </div><div><br><div apple-content-edited="true">
<span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; "><div>--</div><div>Lance Cottrell</div><div><a href="mailto:loki@obscura.com">loki@obscura.com</a></div><div><br></div></span><br class="Apple-interchange-newline">
</div>
<br><div><div>On Oct 29, 2013, at 2:34 AM, Steve Crook <<a href="mailto:steve@mixmin.net">steve@mixmin.net</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">On Tue, Oct 29, 2013 at 02:15:09AM +0000, <a href="mailto:lists@notatla.org.uk">lists@notatla.org.uk</a> wrote:<br><blockquote type="cite">Mixmaster has long used 1024-bit RSA with a packet format that allows<br>a maximum of 20 hops; each encrypted with a different RSA key. The<br>data for each hop occupies 512 bytes.<br><br>Given the declining protection offered by a key size from the 1990s I<br>decided to investigate adapting mixmaster to use 2048-bit keys (each<br>in a larger header block) at a cost of reducing the longest chain to<br>10 hops.<br><br>It turned out possible to exceed this goal. By using a header of<br>1024 bytes (max 10 hops) new code can use key sizes of 2048, 3072<br>and 4096 for RSA. E.g. 10 hops of 4096; or 2 of 1024 and 9 of 4096.<br>(Key generation might be "mixmaster -G --size=4096 --lifetime=90".)<br>The default size in the new code is 2048 bits.<br></blockquote>Coincidentally we appear to have arrived at very similar solutions.<br>I've also got a working Mixmaster alternative that uses 10 headers of<br>1024 bytes each. This adds support for up to 4096-bit RSA keys and<br>maintains the same overall packet size of 20480 bytes.<br><br>My spec is:<br><br>Packet Info (256 Bytes):-<br>Packet type 0 (intermediate hop):<br> [ 9 Initialization vectors 144 bytes ]<br> [ Next address 112 bytes ]<br><br>Packet type 1 (final hop):<br> [ Chunk number 1 byte ]<br> [ Number of chunks 1 byte ]<br> [ Message ID 16 bytes ]<br> [ Initialization vector 16 bytes ]<br> [ Padding 222 bytes ]<br><br>Mixmaster currently has three Packet Types but I couldn't see the point<br>of seperating Exit and Chunked Exit when Exit can just be a single Chunk.<br><br>Encrypted Header (384 Bytes):<br> [ Packet ID 16 bytes ]<br> [ AES key 32 bytes ]<br> [ Packet type identifier 1 byte ]<br> [ Packet Info 256 bytes ]<br> [ Timestamp 2 bytes ]<br> [ Padding 13 bytes ]<br> [ SHA2-512 Message digest 64 bytes ]<br><br>Header (1024 Bytes):<br> [ Public key ID 16 bytes ]<br> [ Length of RSA-encrypted data 2 bytes ]<br> [ RSA-encrypted session key 512 bytes ]<br> [ Initialization vector 16 bytes ]<br> [ Encrypted header part 384 bytes ]<br> [ Padding 30 bytes ]<br> [ SHA2-512 Message digest 64 bytes ]<br><br>Payload:<br> [ Length 2 bytes ]<br> [ SHA2-512 Message Digest 64 bytes ]<br> [ Content 10174 bytes ]<br><br>This is currently only something I'm playing with so it should be easy<br>to modify it to concur with your specification.<br><br>I'm also looking at using HTTP as a transport instead of SMTP. The<br>justification for this being that HTTP is used extensively on the Tor<br>network. This should make it very easy to run remailers as Tor Location<br>Hidden Services.<br><br><blockquote type="cite">Actions:<br>1. To review and discuss the code please use <a href="mailto:Mixmaster-devel@lists.sourceforge.net">Mixmaster-devel@lists.sourceforge.net</a><br> (still a useful place to hold discussion although the SF maintainers are inactive ).<br>2. To discuss testing and deployment use <a href="mailto:Remops@lists.mixmin.net">Remops@lists.mixmin.net</a> (it would be helpful<br> to have some short-term test remailers even if they were not to remain long term.)<br> Some traffic may be relevant on both those lists and maybe also <a href="mailto:cryptography@metzdowd.com">cryptography@metzdowd.com</a> .<br>3. Development of a more advanced remailer needs a lead maintainer:<br> <a href="mailto:mixminion-dev@seul.org">mixminion-dev@seul.org</a><br> <a href="http://mixminion.net/">http://mixminion.net/</a><br> <a href="https://github.com/nmathewson/mixminion">https://github.com/nmathewson/mixminion</a><br>4. Restore freedom to the galaxy!<br><br>Code location:<br><a href="http://www.zen19351.zen.co.uk/mixmaster302/mixmaster-3.0.2.tar.gz">http://www.zen19351.zen.co.uk/mixmaster302/mixmaster-3.0.2.tar.gz</a><br>SHA256(mixmaster-3.0.2.tar.gz)= a88b93ea21c42ff588db6bc506b3e6eea4e8eb666d5a90beb1dd785b7e0920ed<br></blockquote>Thanks very much for your efforts, I'll take a look and provide some<br>feedback.<br>_______________________________________________<br>Remops mailing list<br><a href="mailto:Remops@lists.mixmin.net">Remops@lists.mixmin.net</a><br>http://lists.mixmin.net/mailman/listinfo/remops<br></blockquote></div><br></div></body></html>