|
Home > Archive > Anonymous Servers > January 2006 > Chaining - What's the bottom line?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Chaining - What's the bottom line?
|
|
| Anonymous 2006-01-16, 5:48 pm |
| The very good thread re WSP and chaining gets me thinking again.
There are some principles we hold true:
Trust none.
Chain many.
Choose randomly.
Some say:
Hardcode the first and/or last hop.
I'm trying to imagine the Grand Unified Theory of chaining in the *current*
state of the network and would like your opinions.
Currently I choose a chain like this:
[specified],*,*,*[specified]
with no eelbashes and a broken chain section in mlist for breaking up the
WSP group. Ok, it all seems well. I could use a longer random chain but
I'm trying to keep latency down a bit.
By choosing specified entries and exits, am I breaking the principle of
trusting none? Obviously I have chosen them by *some* criteria, perhaps
they might be reliability or gut feelings. Bad? Good?
Any opinions on improving my mix.cfg, which right now stands at
DISTANCE 2
MINREL 97
RELFINAL 98
MAXLAT 90m
According to the stats I'm using, this cfg excludes 13 remailers on the
basis of reliability/latency. Too restrictive?
Thanks for any response!
| |
| TwistyCreek 2006-01-16, 8:46 pm |
| >Currently I choose a chain like this: [specified],*,*,*[specified]
To my way of thinking the best possible approach is to decide on a couple
of entry remailers, a couple of exit remailers, and a few (3 to 5)
middleman remailers that you trust (for whatever reasons you can find).
Then manually select chains built from them only. Never, ever, use a *. To
do so means that at least some of the time you will be including a
remailer that you (rightly or wrongly) just don't trust. The one honest
remailer principal means that you only need to be right about trusting one
of them to be covered. The only reason I've ever heard for not wanting to
do this involves partitioning attacks.
Having said that... I hate people who give advise without understanding
the consequences so I attempted to find out about partitioning attacks.
(I read http://archives.seul.org/mixminion/.../msg00010.html,
http://archives.seul.org/mixminion/.../msg00031.html,
http://www.ietf.org/internet-drafts...xmaster-03.txt,
http://svn.noreply.org/cgi-bin/view...ster.1?rev=924,
http://mixminion.net/spec-issues.txt,
http://tor.eff.org/cvs/tor/doc/desi...or-design.html,
http://petmail.lothar.com/design.html, and
http://tor.eff.org/cvs/tor/doc/desi.../challenges.pdf
well not entirely, but the parts about partitioning attacks at least )
It's my conclusion that this degree of shuffling, for a person who sends
lets say less than a dozen anonymous emails a day, and isn't in the top 10
of interpol's most actively tracked and monitored list is more than adequet.
I too am interested in this whole question and sincerely would like to be
corrected if I am giving bad advise.
Thanks for raising the issue!
| |
| Borked Pseudo Mailed 2006-01-16, 8:46 pm |
| Anonymous wrote:
> The very good thread re WSP and chaining gets me thinking again. There are
> some principles we hold true:
>
> Trust none.
> Chain many.
> Choose randomly.
>
> Some say:
> Hardcode the first and/or last hop.
Bad advice in principal. In an ideal world every remailer would be equally
reliable, have the same features, and be trusted exactly the same. In the
real world there's a difference in all three so deviating from the "ideal"
of totally random chains is almost a necessity if you want to do things
like guarantee delivery, or use a custom From: header. These things are
compromises, not best case scenarios.
> I'm trying to imagine the Grand Unified Theory of chaining in the
> *current* state of the network and would like your opinions.
>
> Currently I choose a chain like this:
>
> [specified],*,*,*[specified]
Hard wiring entry and exit nodes is bad. Increases the ability of someone
to traffic analyze and "replay" messages considerably. You want to stay as
close to totally random as possible, while addressing things like
reliability, features, and any little "beef" you might have with a
remailer. A better chain might be...
*,[specified],*,*,[specified]
That mixes up the entry node and helps obscure your usage patterns from a
single, mistakenly chosen entry node. Also, you should be generating some
amount of dummy traffic and it should be random. Using a hard wired entry
for real traffic and random entry nodes for dummy messages makes the two
discernible.
An even better solution IMO would be to insert remailers from a group
of trusted remailers at certain key points. Have a "subset" for entry,
middles, and exits, and mix these with totally random choices. like....
RandomSpecifiedEntry,*,RandomSpecifiedMi
ddle,*,*,RandomSpecifiedExit
I'm working on something that would maybe modify mix.cfg directly with
random choices from a configuration file, possibly at scheduled intervals
by way of a cron job or whatever task scheduling a user might have. I
don't know if this would impact security too negatively though, or if
something that modified messages individually might be more appropriate
and secure.
> with no eelbashes and a broken chain section in mlist for breaking up the
> WSP group. Ok, it all seems well. I could use a longer random chain but
I think you've addressed one problem and created another (the hard wired
entry and exit). I honestly believe dropping Eelbash and ignoring the WS
thing might be better. Six one way, half a dozen the other. Maybe you
should let the entry node be random, and stick a hard wired choice in the
middle to break up the "WS effect", like the above or even....
*,[specified],*,[specified]*[specified]
> I'm trying to keep latency down a bit. By choosing specified entries and
> exits, am I breaking the principle of trusting none? Obviously I have
> chosen them by *some* criteria, perhaps they might be reliability or gut
> feelings. Bad? Good?
>
> Any opinions on improving my mix.cfg, which right now stands at DISTANCE
> 2 MINREL 97
> RELFINAL 98
You can increase reliability considerably by setting RELFINAL to 100, and
picking stats sources with a decent number of remailers with that
reliability. Stats sources vary quite a bit in this respect. Again, this
is a compromise between security and reliability. You roll the dice, you
take the chances.
> MAXLAT 90m
>
> According to the stats I'm using, this cfg excludes 13 remailers on the
> basis of reliability/latency. Too restrictive?
Depends on what's more important to you, reliability or security. I don't
think your configuration is restrictive to the point you're easy to out,
but prefer to do things a bit differently.
| |
| Borked Pseudo Mailed 2006-01-16, 8:46 pm |
| TwistyCreek wrote:
> To my way of thinking the best possible approach is to decide on a couple
> of entry remailers, a couple of exit remailers, and a few (3 to 5)
> middleman remailers that you trust (for whatever reasons you can find).
> Then manually select chains built from them only. Never, ever, use a *. To
See, now that's taking things to the opposite extreme of being "cautious"
about shared operator nodes. there's no reason in the world to never allow
a random selection, and doing so impacts security in a negative way. even
the dreaded Eelbash is useful in a middle position, as long as you're not
using two of the miscreant's remailers together. And ANY control or
restriction you exercises over random selections reduces security to some
extent.
The key is to find a happy medium between the risks of suspected "bad"
nodes and security. Simply injecting known "good" nodes in strategic
points along the way should be enough.
> do so means that at least some of the time you will be including a
> remailer that you (rightly or wrongly) just don't trust.
You shouldn't trust any of the implicitly, and to be sure, it's not
necessary. It's necessary that untrusted nodes not work in conjunction
with each other, and that you not feed ANY node or group of nodes too much
information. The more you hard code and restrict your chains, the more
likely you are to break the second rule.
> The one honest
> remailer principal means that you only need to be right about trusting
> one of them to be covered.
No it doesn't. If a nefarious rempop owns the entry and exit of a three
node chain it's not difficult at all to resend a given message repeatedly
and determine through volume as well as timing who the originator of a
specific clear text is. That's regardless of who the middle node is, even
if it's as trusted as you yourself running a node. And yes, the remailer
network takes steps against that sort of attack, but they're not perfect
by any stretch of the imagination.
> I read...
<snip>
> well not
> entirely, but the parts about partitioning attacks at least ) It's my
> conclusion that this degree of shuffling, for a person who sends lets
> say less than a dozen anonymous emails a day, and isn't in the top 10 of
It only take ONE compromised message to "blow your privacy" (I can't
believe I just said that). <grin>
> interpol's most actively tracked and monitored list is more than
> adequet. I too am interested in this whole question and sincerely would
> like to be corrected if I am giving bad advise.
Other than the two extremes of "forget about it" and "burn WS operators at
the stake" I don't think there's really and seriously "bad" advice to
give. The problem needs assessed by each individual with their own beliefs
and requirements because there's really no sort of hard evidence that
anything shady is going on. It's just a possibility. The "good enough"
solution is probably to make sure you stick a non-WS remailer somewhere in
your chains, and not allow WS remailers to be both your entry and exit at
the same time.
| |
| Thrasher Remailer 2006-01-17, 2:48 am |
| In <CKZZ2R0138733.7870833333@twistycreek.com>, anon@comments.header wrote:
>To my way of thinking the best possible approach is to decide on a couple
>of entry remailers, a couple of exit remailers, and a few (3 to 5)
>middleman remailers that you trust (for whatever reasons you can find).
>Then manually select chains built from them only. Never, ever, use a *. To
>do so means that at least some of the time you will be including a
>remailer that you (rightly or wrongly) just don't trust. The one honest
>remailer principal means that you only need to be right about trusting one
>of them to be covered. The only reason I've ever heard for not wanting to
>do this involves partitioning attacks.
I use a partly random selection of three entry machines that I trust, a chain of four to eight random machines, followed by one of three exits that I trust. (NO, I'm not telling which ones).
Part of the formula is that entry machines are NEVER used for exit, and exit machines are NEVER used for entry.
>Having said that... I hate people who give advise without understanding
>the consequences so I attempted to find out about partitioning attacks.
>(I read http://archives.seul.org/mixminion/.../msg00010.html,
>http://archives.seul.org/mixminion/.../msg00031.html,
>http://www.ietf.org/internet-drafts...xmaster-03.txt,
>http://svn.noreply.org/cgi-bin/view...ster.1?rev=924,
>http://mixminion.net/spec-issues.txt,
>http://tor.eff.org/cvs/tor/doc/desi...or-design.html,
>http://petmail.lothar.com/design.html, and
>http://tor.eff.org/cvs/tor/doc/desi.../challenges.pdf
>well not entirely, but the parts about partitioning attacks at least )
>It's my conclusion that this degree of shuffling, for a person who sends
>lets say less than a dozen anonymous emails a day, and isn't in the top 10
>of interpol's most actively tracked and monitored list is more than adequet.
>I too am interested in this whole question and sincerely would like to be
>corrected if I am giving bad advise.
>Thanks for raising the issue!
| |
| Anonymous 2006-01-17, 7:46 am |
| Thrasher Remailer <thrasher@reece.net.au> wrote:
> Part of the formula is that entry machines are NEVER used for exit, and
> exit machines are NEVER used for entry.
This is a stupid formula. You restrict yourself to nine possible chains.
Middle remailers don't weigh much in traffic analysis.
This puts you into a fairly small subset of remailer users.
| |
| Borked Pseudo Mailed 2006-01-17, 5:47 pm |
| Anonymous wrote:
> Thrasher Remailer <thrasher@reece.net.au> wrote:
>
>
> This is a stupid formula. You restrict yourself to nine possible chains.
Total bullshit. The number of possible chains depends on the number of
remailers IN the chain and the poster said it varied. Not to mention
no scenario the poster described could leave him with only 9 possible
chains. Even limiting your choices to 4 remailers leaves you more
possibilities than that. A group of 3 would too if you didn't stick to
the "minimum of three" rule.
You're talking out your XXX and not doing a very good job of it.
It's fascinating that there's people who want to spread an obvious layer
of FUD over any conversation about keeping your chains under a bit of
control and not letting messages travel through "problem" areas in certain
ways that would make them easier to track.
I wonder who would not want people doing things like this?
<rest of FUD snipped>
| |
| Thrasher Remailer 2006-01-17, 5:47 pm |
| On Tue, 17 Jan 2006 11:52:01 -0700, Borked Pseudo Mailed wrote:
> Anonymous wrote:
>
>
> Total bullshit. The number of possible chains depends on the number of
> remailers IN the chain and the poster said it varied. Not to mention
> no scenario the poster described could leave him with only 9 possible
> chains. Even limiting your choices to 4 remailers leaves you more
> possibilities than that. A group of 3 would too if you didn't stick to
> the "minimum of three" rule.
>
> You're talking out your XXX and not doing a very good job of it.
>
> It's fascinating that there's people who want to spread an obvious layer
> of FUD over any conversation about keeping your chains under a bit of
> control and not letting messages travel through "problem" areas in certain
> ways that would make them easier to track.
>
> I wonder who would not want people doing things like this?
Who?
>
> <rest of FUD snipped>
|
|
|
|
|