|
Home > Archive > Anonymous Servers > February 2007 > Patent-free esub alternative
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Patent-free esub alternative
|
|
| Christian Danner 2007-01-31, 1:12 pm |
| Hi all!
To make Mixmaster and Reliable become unrestricted pieces of software
for any kind of usage I see the necessity of alternatives to all
(Cypherpunk / Type-I) applications of the patented IDEA(TM) block
cipher algorithm. 'Encrypt-Key' (ek) can be avoided since
'Encrypt-CAST' and 'Encrypt-3DES (ekx) were added. But how about
'Esub'? Is there a chance to supplement the remailer software with
e.g. a Triple-DES/SHA-1/Base64 based subject encryption ('Dsub')?
PS: Please don't refer to Mixminion, it's still a long way off.
Kind regards
Christian
--
OmniMix .. protect your privacy
http://www.danner-net.de/om.htm
| |
| Thomas J. Boschloo 2007-01-31, 1:12 pm |
| -----BEGIN PGP SIGNED MESSAGE-----
Christian Danner wrote:
> Hi all!
>
> To make Mixmaster and Reliable become unrestricted pieces of software
> for any kind of usage I see the necessity of alternatives to all
> (Cypherpunk / Type-I) applications of the patented IDEA(TM) block
> cipher algorithm. 'Encrypt-Key' (ek) can be avoided since
> 'Encrypt-CAST' and 'Encrypt-3DES (ekx) were added. But how about
> 'Esub'? Is there a chance to supplement the remailer software with
> e.g. a Triple-DES/SHA-1/Base64 based subject encryption ('Dsub')?
>
> PS: Please don't refer to Mixminion, it's still a long way off.
Go for it!
It is a pity you have to instruct the remailer to use it since the
decryptor could just try all its strings with every algo.
Maybe remailers could use Encrypt-Key with 3DES instead of dropping a
message or ignoring it (not sure what they do now)
Thomas
- --
Life will not break your heart
It'll crush it
- Rollins Band
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQB5AwUBRcCsRwEP2l8iXKAJAQEQkQMgg9qvXVqb
VM/0t4cPckN9yvzz94jJG/dh
U6T0va5kRFSWmcb4s75xCiwstKBAIp5KJScNcX+W
XowTauFebitXsvWPLWu9BTg1
+oBd4svzcBnDkE9Dd8qeI6UvLdP/uI8mbeenJQ==
=OivI
-----END PGP SIGNATURE-----
| |
| Christian Danner 2007-01-31, 1:12 pm |
| Hi Thomas!
"Thomas J. Boschloo" <nospam@hccnet.nl> wrote:
>Go for it!
As a layman in Cpp that's my way to go for it. ;-)
>It is a pity you have to instruct the remailer to use it since the
>decryptor could just try all its strings with every algo.
As there are no Type-I random chains it's up to the originator of a
message to select only remailers with all necessary capabilities. Thus
a few exits with a software update supporting a different 'Xsub'
method would suffice.
>Maybe remailers could use Encrypt-Key with 3DES instead of dropping a
>message or ignoring it (not sure what they do now)
Sure. The body encryption part is solved. A silent switch over to a
supported algorithm would do no harm, as the decrypting software, is
it PGP or GnuPG, in any case selects the appropriate decoding method
on its own.
Regards
Christian
--
OmniMix .. protect your privacy
http://www.danner-net.de/om.htm
| |
| StealthMonger 2007-02-05, 1:14 am |
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Christian Danner <---@---.---> writes:
> To make Mixmaster and Reliable become unrestricted pieces of software
> for any kind of usage I see the necessity of alternatives to all
> (Cypherpunk / Type-I) applications of the patented IDEA(TM) block
> cipher algorithm. 'Encrypt-Key' (ek) can be avoided since
> 'Encrypt-CAST' and 'Encrypt-3DES (ekx) were added. But how about
> 'Esub'? Is there a chance to supplement the remailer software with
> e.g. a Triple-DES/SHA-1/Base64 based subject encryption ('Dsub')?
Source code and Debian executables for blowfish-based alternatives to
IDEA-based Encrypt-Subject are available at
http://stealthsuite.afflictions.org
This would still have to be incorporated into the remailer software,
but at least part of the work is done.
Here is the package description:
Package: esubbf
Architecture: any
Description: encrypted subject for alt.anonymous.messages articles
Functions like the traditional encrypted subject software, but uses
blowfish instead of (patented) IDEA.
--
Use stealthmail: Scripts to hide whether you're doing email, or when,
or with whom. Available at http://stealthsuite.afflictions.org.
-- StealthMonger
<StealthMonger@nym.panta-rhei.eu.org>
<StealthMonger@nym.alias.net>
<StealthMonger@hod.aarg.net>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/>
iD8DBQFFxm20DkU5rhlDCl4RAqkpAJwIq7zrhoWF
XIjLRGoJgg1DxN2g+gCePvyI
SPId+z9Hgx1zNka1FPwN4rU=
=tmQO
-----END PGP SIGNATURE-----
| |
| Anonymous 2007-02-06, 1:13 am |
| In article <20070205022016.344E863958@remailer-debian.panta-rhei.eu.org>
StealthMonger <Use-Author-Supplied-Address-Header@[127.1]> wrote:
>
> Use stealthmail: Scripts to hide whether you're doing email, or when,
> or with whom. Available at http://stealthsuite.afflictions.org.
Amazing stuff! Why hadn't we heard of this
before? you need to post here more often 
| |
| Echeloff 2007-02-13, 1:12 pm |
| >> Use stealthmail: Scripts to hide whether you're doing email, or when,
>
>Amazing stuff! Why hadn't we heard of this
>before? you need to post here more often
Won't there be a problem with dummy messages flooding a.a.m?
Echeloff
| |
| StealthMonger 2007-02-13, 7:13 pm |
| -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Echeloff <echeloff@null.dev> writes:
[vbcol=seagreen]
[vbcol=seagreen]
> Won't there be a problem with dummy messages flooding a.a.m?
Yes, when the number of users grows large. Dummy messages should use
the mixmaster "dummy" feature so that they don't reach a.a.m at all.
Fixing this is high on my to-do list.
Be informed that the default message interval is four hours. Per
user, this does not constitute a flood.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/>
iD8DBQFF0jrkDkU5rhlDCl4RAqIaAKCOmVHZGY4b
xRWi3EaWtUoasnhP7ACeMe48
hFPOgBNmIB/VBrjgj3Zk7Q8=
=3DUd
-----END PGP SIGNATURE-----
| |
| Cyberiade.it Anonymous Remailer 2007-02-16, 7:12 pm |
|
Christian Danner wrote:
> To make Mixmaster and Reliable become unrestricted pieces of software
> for any kind of usage I see the necessity of alternatives to all
> (Cypherpunk / Type-I) applications of the patented IDEA(TM) block
> cipher algorithm. 'Encrypt-Key' (ek) can be avoided since
> 'Encrypt-CAST' and 'Encrypt-3DES (ekx) were added. But how about
> 'Esub'? Is there a chance to supplement the remailer software with
> e.g. a Triple-DES/SHA-1/Base64 based subject encryption ('Dsub')?
That's important not only for users, but particularly for the exposed
remops offering CP functionality! It has to be fixed asap. Otherwise,
for years to come it would threaten all remops, who in principal are
defenseless, as there's no chance to differentiate between the
forwarding of personal and commercial messages. Moreover, the IDEA
license emphasizes, that even non-profit organizations have a
commercial status and thereby are bound to pay license fees.
<quote>
This Software/Hardware product contains the algorithm IDEA(tm) as
described and claimed in US Patent No. 5,214,703, EPO Patent No.
0482154 and filed Japanese Patent Application No. 508119/1991 "Device
for the conversion of a digital block and use of same" (hereinafter
referred to as "Algorithm"). Any use of the Algorithm for Commercial
Purposes is thus subject to a license from Ascom Systec Ltd. of
CH-5506 Mägenwil (Switzerland), being the patentee and sole owner of
all rights, including the term IDEA(tm). Commercial Purposes shall
mean any revenue generating purpose including but not limited to
i) using the Algorithm for company internal purposes (subject to a
Site License).
ii) incorporating an application software containing the Algorithm
into any hardware and/or software and distributing such hardware
and/or software and/or providing services related thereto to others
(subject to a Product License).
iii) using a product containing an application software that uses the
Algorithm (subject to an End-User License), except in case where such
End-User has acquired an implied license by purchasing the said
product from an authorized licensee or where the End-User has already
signed up for a Site License.
All such commercial license agreements are available exclusively from
Ascom Systec Ltd. and may be requested via the Internet World Wide Web
at http://www.ascom.ch/systec/infosec.html or by sending an electronic
mail to IDEA@ascom.ch. Any misuse will be prosecuted.
Use other than for Commercial Purposes is strictly limited to data
transfer between private individuals and not serving Commercial
Purposes. The use by government agencies, non-profit organizations
etc. is considered as use for Commercial Purposes but may be subject
to special conditions. Requests for waivers for non-commercial use
(e.g. by software developers) are welcome.
</quote>
There's no reason to take such a risk for no practical advantage. So
I'd demand to be on the safe side by having an opportunity to
deactivate IDEA (ek and esub) as a whole after reaching an agreement
on an esub replacement.
Tia
..
| |
| Echeloff 2007-02-18, 7:12 pm |
| StealthMonger wrote:
>
>Yes, when the number of users grows large. Dummy messages should use
>the mixmaster "dummy" feature so that they don't reach a.a.m at all.
>Fixing this is high on my to-do list.
>
>Be informed that the default message interval is four hours. Per
>user, this does not constitute a flood.
Thanks for that confirmation and good luck.
Echeloff
|
|
|
|
|