Cryptobox (was Re: Edupage, June 20, 2001)

Greg Broiles gbroiles at well.com
Thu Jun 21 12:25:47 EDT 2001 

At 02:36 PM 6/21/2001 +0100, R. A. Hettinga wrote:

> > PRIVATE LIFE
> > Researchers at Ottawa University are developing Cryptobox, a
> > program that encrypts e-mail, instant messages, and other Internet
> > communications. The program works by sending transmissions over
> > a peer-to-peer network, scrambling each end of the transmission
> > with an encryption code and hiding it underneath a stream of junk
> > traffic. The system automatically decodes the transmissions once
> > they reach their destinations. The researchers have already
> > tested Cryptobox in a network of 40 real and 200 virtual clients
> > and report that the test succeeded. Independent researchers are
> > skeptical, however. Richard Clayton, a computer scientist at
> > Cambridge University, noted, "It's unclear whether they can make
> > this work and keep it stable in the real world with millions of
> > systems." The program could, if successful on a large scale,
> > solve one of the main security vulnerabilities of the Internet.
> > Currently, e-mails, instant messages, and many other transmissions
> > can be easily intercepted by those with access to key areas of a
> > network.
> > (New Scientist Online, 18 June 2001)

The system has been discussed some on InfoAnarchy - 
<http://www.infoanarchy.org/?op=displaystory;sid=2001/6/11/144219/372>

It looks a lot like the principal designer(s) are unfamiliar with previous 
work on MIXes and Crowds, and haven't addressed the collusion-based attacks 
described in the literature. They also seem to believe they've got 
something called "compromised client detection" which prevents collusion 
through the use of digital certificates (!).

They're unwilling to release current source code or documentation, because 
they're planning to patent some aspects of their work; they've also said 
that the software will be released under the GPL and/or the LGPL.

Their design documents will apparently be available for review and comment 
after the implementation is finished.

--
Greg Broiles
gbroiles at well.com
"Organized crime is the price we pay for organization." -- Raymond Chandler




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list