Anonymous Servers - PING Christian Danner - Omnimix Not working. Help Requested.

Author

PING Christian Danner - Omnimix Not working. Help Requested.

Tim Manners

2006-04-09, 6:59 pm

Hi,

I've just downloaded your latest version of Omnimix and installed it to a
directory in C:\Program Files\Omnimix. I note that it requires the older
version of Mixmaster v2.04b46. However, I'm already using a newer mixmaster
version v2.9b38 which I believe to be the most recent Windows port.
Unfortunately, it appears that Omnimix cannot work with this version. Is it
possible for you to update the program's mixmaster compatibility? When I
try to run Omnimix with now, I get the following error from Omnimix's
output:

0 NNTP message arrived
0 Message read
0 Message converted
0 -------> Mixmaster encryption failed

I'm also having an issue with Omnimix's initial window size. Omnimix always
open in a rather small-size console window which obscure only shows the
center of the whole Omnimix gui (scrollbars are present right and bottom),
making it necessary for me to drag and resize each time.

Thanks.

Christian Danner

2006-04-09, 6:59 pm

Hi Tim!

Tim Manners <me@privacy.net> - Mon, 3 Apr 2006 08:24:46 +0000 (UTC):

>I've just downloaded your latest version of Omnimix and installed it to a
>directory in C:\Program Files\Omnimix. I note that it requires the older
>version of Mixmaster v2.04b46. However, I'm already using a newer mixmaster
>version v2.9b38 which I believe to be the most recent Windows port.
>Unfortunately, it appears that Omnimix cannot work with this version. Is it
>possible for you to update the program's mixmaster compatibility? When I
>try to run Omnimix with now, I get the following error from Omnimix's
>output:
>
>0 NNTP message arrived
>0 Message read
>0 Message converted
>0 -------> Mixmaster encryption failed

No, I'm sorry. As I already mentioned in the enclosed text file, for
unknown reasons later versions of Mixmaster don't support the -o / -O
options (export of the resulting encrypted data to a file) any more.
That means, with them the way back to OmniMix is blocked. I hope, some
time there will be a 32bit version with stdin/stdout capability, so
that the whole interaction can take place in memory without the
security issues of having to use disk files at all.

>I'm also having an issue with Omnimix's initial window size. Omnimix always
>open in a rather small-size console window which obscure only shows the
>center of the whole Omnimix gui (scrollbars are present right and bottom),
>making it necessary for me to drag and resize each time.

I see, the window doesn't have to be resizable at all. Have now fixed
the size. Would you be so kind to check it again. Nevertheless on
creation the size of the window should be o.k.. I change only the
position according to the last value stored in the .ini file.

There's an important additional change in the latest version, which
now generates a 'mixrand.bin' file with random values if it finds none
in the mixmaster directory. So no more freezing with a virgin
mixmaster installation.

Regards

Christian

-=-
This message was sent via two or more anonymous remailing services.

Anonymous

2006-04-09, 6:59 pm

In article <S8ZZRZT038810.5693055556@anonymous>
Christian Danner <Anonymous-Remailer@See.Comment.Header> wrote:
>
> No, I'm sorry. As I already mentioned in the enclosed text file, for
> unknown reasons later versions of Mixmaster don't support the -o / -O
> options (export of the resulting encrypted data to a file) any more.
> That means, with them the way back to OmniMix is blocked. I hope, some
> time there will be a 32bit version with stdin/stdout capability, so
> that the whole interaction can take place in memory without the
> security issues of having to use disk files at all.

The 2.9/3.0 versions of Mixmaster is made up of two files. A dynamic
library that exposes various functions, and the mix.exe file that is
a frontend and calls the functions from the .DLL file.

You can use the .dll file like any other .dll file in your program,
with no need to write any unencrypted files to the disc at all.

Christian Danner

2006-04-09, 6:59 pm

Christian Danner

2006-04-09, 6:59 pm

Anonymous <nobody@invalid.org> - Mon, 3 Apr 2006 21:10:41 +0100 (BST):

>You can use the .dll file like any other .dll file in your program,
>with no need to write any unencrypted files to the disc at all.

Thanks for your annotation. But IMHO mixlib.dll also doesn't allow
access to the encrypted message. The only matching high level function
I'm aware of is

int mix_encrypt( int type, BUFFER *message, char *chain,
int numcopies, BUFFER *feedback);
This function creates a Mixmaster message and stores it in the
Mixmaster message pool.

and I'm not willing to create the encrypted message step by step by
myself. Am I missing something? Would be nice to use a dll.

Regards

Christian

Anonymous

2006-04-09, 6:59 pm

In article <SLCX3U5O38811.1306944444@twistycreek.com>
Christian Danner <anon@comments.header> wrote:
>
> Thanks for your annotation. But IMHO mixlib.dll also doesn't allow
> access to the encrypted message. The only matching high level function
> I'm aware of is
>
> int mix_encrypt( int type, BUFFER *message, char *chain,
> int numcopies, BUFFER *feedback);
> This function creates a Mixmaster message and stores it in the
> Mixmaster message pool.
>
> and I'm not willing to create the encrypted message step by step by
> myself. Am I missing something? Would be nice to use a dll.

Sorry, I guess I misunderstood the situation.

I was under the impression that the reason you didn't use Mixmaster
2.9.0/3.0 is because you'd have to write the unencrypted message to the
disk to pass it to mixmaster.

If that's correct, then using the dll would fix that because only the
call to mix_encrypt would be passed the unencrypted message. You will
end up with the encrypted ready to send message written to the pool,
but not the unencrypted message.

Did you want to avoid the encrypted ready to go message being written
to the disk too?

Christian Danner

2006-04-09, 6:59 pm

Mail-To-News-Contact: abuse@dizum.com
Organization: mail2news@dizum.com
Lines: 34
Xref: number1.nntp.dca.giganews.com alt.privacy.anon-server:433722

Hi!

Anonymous <nobody@invalid.org> - Tue, 4 Apr 2006 10:42:11 +0100 (BST):

>I was under the impression that the reason you didn't use Mixmaster
>2.9.0/3.0 is because you'd have to write the unencrypted message to the
>disk to pass it to mixmaster.

It's about both ways. OmniMix has to keep control of the message up to
the delivery to the (external) smtp server to avoid local caching and
to be able to give a _valid_ 'mission completed' back to the client.

I experimented a lot with stdin/stdout, but finally failed with the
16bit exe not supporting pipes correctly. For this tactics a 32bit
exe of the 2.0.4 version might already be helpful.

>If that's correct, then using the dll would fix that because only the
>call to mix_encrypt would be passed the unencrypted message. You will
>end up with the encrypted ready to send message written to the pool,
>but not the unencrypted message.
>
>Did you want to avoid the encrypted ready to go message being written
>to the disk too?

For retrieval? Yes, of course, if some time it will be possible to get
the encrypted data back from the dll not seeing them vanish in some
pool. Besides (minor) security reasons it would make the communication
more robust (unequivocal error flags, no consideration of access
rights to disc areas etc.).

Regards

Christian

Nobody

2006-04-09, 6:59 pm

Anonymous-Remailer@See.Comment.Header (Christian Danner) wrote in
news:S8ZZRZT038810.5693055556@anonymous:

> Hi Tim!
>
> Tim Manners <me@privacy.net> - Mon, 3 Apr 2006 08:24:46 +0000 (UTC):
>
> No, I'm sorry. As I already mentioned in the enclosed text file, for
> unknown reasons later versions of Mixmaster don't support the -o / -O
> options (export of the resulting encrypted data to a file) any more.
> That means, with them the way back to OmniMix is blocked. I hope, some
> time there will be a 32bit version with stdin/stdout capability, so
> that the whole interaction can take place in memory without the
> security issues of having to use disk files at all.

Thanks for clarifying that. What I've done is to install Mixmaster 2.04
into the Omnimix directory and point Omnimix to it which seems to be
working. In this way, I'm letting Omnimix call Mixmaster 2.04 without
disturbing the 2.97 version.

>
> I see, the window doesn't have to be resizable at all. Have now
fixedhttp://img307.imageshack.us/img307/6498/omnimix0012dw.png
> the size. Would you be so kind to check it again. Nevertheless on
> creation the size of the window should be o.k.. I change only the
> position according to the last value stored in the .ini file.

I downloaded your immediate update after the original post and that one
was fixed. However, all subsequent versions including the current 0.91
exhibit the problem again. I've posted a screenshot of the problem at the
following URL:

http://img307.imageshack.us/img307/...nimix0012dw.png

As can be seen in the image, upon launch, the Omnimix window is badly
cropped and needing a resize.

Version 0.91 looks ok so far but I'm still trying it out. Thanks for
making this available and I'm sure I've more suggestions to offer in time
to come.

Regards,

Tim

Christian Danner

2006-04-09, 6:59 pm

Hi Tim!

>
>Thanks for clarifying that. What I've done is to install Mixmaster 2.04
>into the Omnimix directory and point Omnimix to it which seems to be
>working.

Or tidy it away into a subdirectory of OM.

>In this way, I'm letting Omnimix call Mixmaster 2.04 without
>disturbing the 2.97 version.

Yep, they shouldn't interfere.

>fixedhttp://img307.imageshack.us/img307/6498/omnimix0012dw.png
>
>I downloaded your immediate update after the original post and that one
>was fixed. However, all subsequent versions including the current 0.91
>exhibit the problem again. I've posted a screenshot of the problem at the
>following URL:
>
>http://img307.imageshack.us/img307/...nimix0012dw.png
>
>As can be seen in the image, upon launch, the Omnimix window is badly
>cropped and needing a resize.
>
>Version 0.91 looks ok so far but I'm still trying it out. Thanks for
>making this available and I'm sure I've more suggestions to offer in time
>to come.

Please excuse me causing you trouble. With my parallel developments I
forgot porting the fix to v.91. Hope this 0.9.1.2 version will be o.k.
now.

Are you already using OM on a regular basis?

BTW: If the known link doesn't work any longer, then I got time to
write a few lines of html code and you'll find OmniMix residing at a
website of it's own at http://www.danner-net.de/om.htm (still a dead
link).

New additions: Header filters separately for mail and news messages
(also functioning in normal proxy mode, but still some problems with
standard headers like 'Date', so check the output), freely definable
header switch to choose the pathway (w/o mixmaster) overruling the OM
presets. Fixed an Indy bug with the timezone part of the 'Date' header
not set.

With kind regards to the brave tester(s?)

Christian

Nobody

2006-04-09, 7:00 pm

Christian Danner <anon@comments.header> wrote in
news:EGTUVWP738814.3188194444@twistycreek.com:

Hi Christian,

>
> Or tidy it away into a subdirectory of OM.

Good idea. This should be tidier than dumping the mixmaster files into
the main OM directory.

As an aside, is Mixmaster 2.04 less secure in any way than the latest
version since it's really quite old and outdated?

> Please excuse me causing you trouble. With my parallel developments I
> forgot porting the fix to v.91. Hope this 0.9.1.2 version will be o.k.
> now.

The latest 0.91 has fixed the initial window size/cropped bug again.
However, the minimise button is gone. Could you look into that?

> Are you already using OM on a regular basis?

Yes, I'm testing it regularly.

Some suggestions:

1. The 3 tabs of "Log", "Plain data" and "Mixmaster" could be organised
better, especially "Plain data" which currently has everything dumped
into it. This makes it very inconvenient for the user to scroll through
the whole thing to find, say, the most recent remailer stats. It would be
much faster and easier if you could put each page of data in its own tab,
eg., mlist under mlist tab, pubring under pubring tab etc. Actually this
is how Quicksilver does it.

Regards,

Tim

Christian Danner

2006-04-18, 12:11 am

Hi Tim!

Nobody <nowhere@nowhere.no> - 8 Apr 2006 06:04:29 -0000:

>As an aside, is Mixmaster 2.04 less secure in any way than the latest
>version since it's really quite old and outdated?

First - where are the experts on this topic?

For message conversion (chain generation and subsequent encryption) OM
only uses a small core portion of the tools MM offers. MM itself
doesn't have to deliver the messages, so it isn't exposed to the
internet. IMNO that's why as long as the encryption part of MM isn't
broken, there should be no security problem.

>
>The latest 0.91 has fixed the initial window size/cropped bug again.
>However, the minimise button is gone. Could you look into that?

Done. Please check whether is works correctly now.

>
>Yes, I'm testing it regularly.

Are you aware of any problems with the data processed by the news
proxy? That's currently my main concern, though there's no evidence.

>Some suggestions:
>
>1. The 3 tabs of "Log", "Plain data" and "Mixmaster" could be organised
>better, especially "Plain data" which currently has everything dumped
>into it.

I did this for debugging purposes.

>This makes it very inconvenient for the user to scroll through
>the whole thing to find, say, the most recent remailer stats. It would be
>much faster and easier if you could put each page of data in its own tab,
>eg., mlist under mlist tab, pubring under pubring tab etc. Actually this
>is how Quicksilver does it.

Was planned for later on, anyway now I added them - besides some
TLS/SSL items and rewriting the parameter handling for a more robust
multithreading behaviour. But with that after modifying the config
data it's necessary to reload the server params by restarting them!

BTW: You now find OmniMix at http://www.danner-net.de/om.htm.

Regards

Christian

Anon

2006-04-18, 12:11 am

Christian Danner <---@---.---> wrote in
news:1EDHNO9Z38819.3489930556@anonymous.poster:

Hi Christian,

> First - where are the experts on this topic?
>
> For message conversion (chain generation and subsequent encryption) OM
> only uses a small core portion of the tools MM offers. MM itself
> doesn't have to deliver the messages, so it isn't exposed to the
> internet. IMNO that's why as long as the encryption part of MM isn't
> broken, there should be no security problem.

Thanks for the clarification.

>
> Done. Please check whether is works correctly now.

Yes, the minimise button works properly. However, I find that the whole
Omnimix window is not-resizable. Could you make it resizable so that the
user doesn't need to horizontally/vertically scroll to see the stats/data
if the window is big enough? I think that would be an improvement.

>
>
> Are you aware of any problems with the data processed by the news
> proxy? That's currently my main concern, though there's no evidence.

I'm unaware of any problems. Can you specify in more details which areas
I should be looking at?

>
>
> Was planned for later on, anyway now I added them - besides some
> TLS/SSL items and rewriting the parameter handling for a more robust
> multithreading behaviour. But with that after modifying the config
> data it's necessary to reload the server params by restarting them!
>
> BTW: You now find OmniMix at http://www.danner-net.de/om.htm.

Thanks. The new interface is more usable. I'm still unclear about a few
things:

1. What's the Anon-Switch all about and how do I use it?
2. How does the Anon SMTP Host differ from the SMTP Host and how and when
do I use one or the other?
3. Under Anon, if I uncheck "Always use Mixmaster for News/Mail", does it
mean that my post/email will be sent unencrypted and in plaintext?
4. What does the "Mix Files" field do and how do I use it?

A couple of suggestions:

1. Implement a logging function to allow the user to log to file. I know
this reduces security and increases chances of a slip-up by user-error.
However, I think anyone who uses an program of this kind must already
assume some responsibility to practise basic security.

2. Provide the ability to store "profiles" for multiple NNTP and SMTP
Hosts as well as multiple user "Identities" (although this one may be
redundant since Mixmaster should strip identifying headers before
sending).

3. Make it possible to choose remailers/gateways/NNTP and SMTP
Hosts/Identities via dropdown menus.

Sorry if I seem too greedy. These are mere suggestions which I think
would enhance Omnimix's usability. For your consideration.

Regards,

Tim

--

Christian Danner

2006-04-18, 12:11 am

Hi Tim,

first of all thanks for your review.

Anon <anon@anon.com> - 13 Apr 2006 01:53:12 -0000:

>
>Yes, the minimise button works properly. However, I find that the whole
>Omnimix window is not-resizable. Could you make it resizable so that the
>user doesn't need to horizontally/vertically scroll to see the stats/data
>if the window is big enough? I think that would be an improvement.

We'll see.

>
>I'm unaware of any problems. Can you specify in more details which areas
>I should be looking at?

Nothing special. So I'm reassured.

>Thanks. The new interface is more usable. I'm still unclear about a few
>things:
>
>1. What's the Anon-Switch all about and how do I use it?

>3. Under Anon, if I uncheck "Always use Mixmaster for News/Mail", does it
>mean that my post/email will be sent unencrypted and in plaintext?

You're right. Unchecking the items means sending the messages directly
to the recipient. You need that option.

There are two (meanwhile three - see below) ways to tell OM whether an
incoming message has to be processed by the MM system or not.

- With 'Always use Mixmaster for News / Mail' you have a preset for
all messages, where the path isn't specified individually within the
message itself.

- That's where the 'Anon Switch' comes into play, which, if present,
overrides the general settings. With a message header item like
'<My_Anon_Switch>: Yes' you definitely route your message through MM,
whereas '<My_Anon_Switch>: No' always delivers it directly,
independent from the 'Always use ...' settings (and any other header
entries). So you're able to construct an opt-in- or opt-out solution,
whatever fits better to your security needs. To prevent any
incompatibilities with existing header names you're allowed to choose
your own term for this header item, to be put into the 'Anon Switch'
field. Of course 'Yes'/'No' are not case-sensitive. I added an option
to automatically remove this header from the message without having to
activate the built-in header filter to do the job.

Furthermore I recently added an 'Anon Header' List. The strategy to
decide whether to involve Mixmaster now is the following:

- If there's a '<My_Anon_Switch>' in the header
-> take that to definitively decide the routing
Else:
- If the 'Anon Headers' box is checked and at least one header matches
an entry in the 'Anon Headers' list (e.g. 'X-Anon-To:' or 'Null:')
-> go the Mixmaster way
Else:
- If the 'Always use Mixmaster for ...' checkbox for your type of
message is set
-> direct it to Mixmaster
Else:
-> send the message directly.

A bit complicated, but you have the option to deactivate it all.

Speaking of the headers, I just remember another topic, where an
insider opinion would be of interest: I have to provide MM with a
dummy header (has to be short due to the command line restriction) to
circumvent the request for further information. So I hand over an
'X-No-Archive:' header, even if it's 'No', what isn't common practice.
That might be an 'individual note', unwanted for anon messages. Are
there any further security concerns - or alternatives?

>2. How does the Anon SMTP Host differ from the SMTP Host and how and when
>do I use one or the other?

The 'SMTP Host' and the 'Anon SMTP Host' work exactly the same way. By
setting 'Use ASH for Anon Messages' you're able to send your normal
mail via your ISP while using a different mail host for anon messages,
e.g. the mail service (w/o tla/ssl support) of the entry remailer you
specified in your chain.

>4. What does the "Mix Files" field do and how do I use it?

As OM is capable of processing more than one message at a time,
ascending numbers are internally assigned to them. You've certainly
already noticed those numbers in the first column of the 'Log' list
entries. In this chronologicaly ordered list they allow you to assign
the entries to the messages they belong to. The 'Mix Files' list now
shows nothing more than the numbers of the currently processed
messages. So in a system with a low turnover rate you won't see a lot
here. But this may change, when some time all messages have to wait
for their hashcash values...

>A couple of suggestions:
>
>1. Implement a logging function to allow the user to log to file. I know
>this reduces security and increases chances of a slip-up by user-error.
>However, I think anyone who uses an program of this kind must already
>assume some responsibility to practise basic security.

I'll consider that.

>2. Provide the ability to store "profiles" for multiple NNTP

to extend the capability of a news client not able to connect to
multiple servers? For that 'Hamster' would be the better solution. On
the other hand with a news client that supports multiple news servers
you wouldn't have to route the data retrieval through OM at all.

>and SMTP
>Hosts

I appreciate that (multiple accounts for personalized mail).

>as well as multiple user "Identities" (although this one may be
>redundant since Mixmaster should strip identifying headers before
>sending).

If you think of the 'From:' header, there some time will be an option
to use the original header of the message. But using that would be
very risky! If you only once forget to use an anon 'From:' your
identity might be uncovered. Alternatively I'll introduce a dropdown
list offering the recently used anon 'From's.

>3. Make it possible to choose remailers/gateways/NNTP and SMTP
>Hosts/Identities via dropdown menus.

So here also a history list - some time. I'm sorry, but my time's
limited!

>Sorry if I seem too greedy. These are mere suggestions which I think
>would enhance Omnimix's usability. For your consideration.

You're right. And there are so much more items to be covered,
beginning with hashcash support (btw: has anyone already ported the
dll interface to delphi?).

But please consider that OM primarily was designed to become a
'configure and forget' solution for the Windows crowd, as in such a
sensitive area for unexperienced users every modification of a running
system brings new uncertainties and testings with it. Complexity
deters them. Apart from the current capacity of the remailer nets it's
urgently needed to make those people habitually use remailers. With
them it would be less difficult to withstand threatening attacks on
the rights of anonymity.

Now let's wait for a relevant user base (maybe forever in these
'naive' times) - and find some time for further improvements.

Kind regards

Christian

PS: There may be changes in the naming of the .ini file entries. So
please inspect the settings each time before using a new version.

Christian Danner

2006-04-18, 12:11 am

>Yes, the minimise button works properly. However, I find that the whole
>Omnimix window is not-resizable. Could you make it resizable so that the
>user doesn't need to horizontally/vertically scroll to see the stats/data
>if the window is big enough? I think that would be an improvement.

Done in 0.9.2.2.

Christian

Anon

2006-04-18, 12:11 am

Christian Danner <---@---.---> wrote in
news:WAZHNYHR38820.3602199074@anonymous.poster:

>
> Done in 0.9.2.2.
>
> Christian
>
>

Oops. We have the minimise button in 0.9.2.2 but the crop bug is back.

Regards,

Tim

Christian Danner

2006-04-18, 12:11 am

Hi Tim!

Anon <anon@127.0.0.1> - 14 Apr 2006 04:32:45 -0000:
>Christian Danner <---@---.---> wrote in
>news:WAZHNYHR38820.3602199074@anonymous.poster:
>
>
>Oops. We have the minimise button in 0.9.2.2 but the crop bug is back.

Really weird. Aren't you able to expand the window to whatever size
you want and get this layout back on a restart?

BTW: To be able to reproduce your problems, I'd like do know what OS /
OS extension you use. Your screenshot doesn't seem to show usual
windows gadgets.

Regards

Christian