Re: JAP back doored

[Adam Shostack <adam () homeport org>]

On Fri, Aug 22, 2003 at 01:46:23AM +0200, Florian Weimer wrote:
| Adrian Nutz <list () nutz ch> writes:

| > There should be mixes in many different countries, if possible most of
| > them shouldn't have any kind of treaties that allow a fast reaction from
| > the police in this countries if some other country wants logs.
| 
| Performance would suck, too.  That's why the Dresden-Dresden cascade
| is so popular, despite it's principal problem.

A couple of comments, which I'll then connect.

Performance was the number one complaint about Zero-Knowledge's
Freedom network.

There is no exponential term in MIX traffic.  That means that if you
try to ensure that all traffic leaves the network quickly (so you can
say, web browse), then your attacker only needs to analyze traffic
over a few seconds, and that's easy.

Simple attacks work really well on real time mix chains of any length
that TCP timeouts are likely to allow.

As such, I'm actually very suprised that the German police bothered
with this compelled back door stuff.  Perhaps they failed to talk to
their national technical experts, or their experts failed to tell them
how easy traffic analysis is for them.

Is there a political motive?  Are we about to see legal attacks on
high latency mixes?

Adam

-- 
"It is seldom that liberty of any kind is lost all at once."
                                                       -Hume


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html