[19499] in cryptography@c2.net mail archive
[camera_lumina@hotmail.com: Tor-stored Pads]
daemon@ATHENA.MIT.EDU (Eugen Leitl)
Tue Jan 3 13:43:33 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 2 Jan 2006 13:08:58 +0100
From: Eugen Leitl <eugen@leitl.org>
To: Cryptography List <cryptography@metzdowd.com>
--zF+wQuhOjuULIEKq
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
----- Forwarded message from Tyler Durden <camera_lumina@hotmail.com> -----
=46rom: Tyler Durden <camera_lumina@hotmail.com>
Date: Sun, 01 Jan 2006 21:41:35 -0500
To: measl@mfn.org
Cc: coderman@gmail.com, jya@cryptome.net, cypherpunks@jfet.org
Subject: Tor-stored Pads
Alif the Terrible wrote...
>(3) Since all off the pieces have been stored - including both the
>encrypted messagetexts and the decryptors, what is to prevent a
>time-faking attack against this message? After all, if you have all the
>parts, you can just "reinstantiate" the network as it was was the messages
>were originally sent.
Yes, agreed, but I think this a MUCH bigger pain in the ass.
To wit: If they grab and deencrypt the "message" (ie the piece sent to the=
=20
receiver) prior to the expiration time, then they will have the message and=
=20
be able to read it. This is an improvement in that they have to do it prior=
=20
to the expiration time of the hidden piece. They can not grab and store thi=
s=20
piece alone because the other piece will not be there later.
If they do not deencrypt the message in time, then they have to grab a core=
=20
dump of the entire network (as well as the transmitted message), because=20
they do not know where the piece is located. Seems to me that's a much=20
harder thing to do then merely grabbing a sole message and de-encrypting it=
=20
at their leisure. Seems to me too that a Tor network that was sufficiently=
=20
dynamic could require network core dumps that could actually tax even NSA=
=20
facilities, given large Tor networks of the future.
It should also be pointed out that if the encryption on the "message" piece=
=20
is done extremely carefully, one can afford to be lax on the Tor piece, and=
=20
yet have a very difficult problem to crack (particularly if wrong guesses=
=20
set off boobytraps that kill the hidden message piece).
Again, it can be countered that an attack might merely require N=20
instantiations of the network, but now we are talking some very significant=
=20
resources. We've multiplied the originall cracking problem by N. Perhaps.
-TD
PS: I believe this is very close to having a one-time stored pad, but the=
=20
difference with traditional Pads is that this one is tored in an anonymous=
=20
location.(See Coderman's post.)
----- End forwarded message -----
--=20
Eugen* Leitl <a href=3D"http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
--zF+wQuhOjuULIEKq
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDuRfadbAkQ4sp9r4RAqZsAJ9xsZmawW34toEMsemjm7uruIm9mACguEo4
YGY804at3kjDSCzaCjx+xy4=
=XfC/
-----END PGP SIGNATURE-----
--zF+wQuhOjuULIEKq--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
