[camera_lumina at hotmail.com: Tor-stored Pads]
eugen at leitl.org
Mon Jan 2 07:08:58 EST 2006
----- Forwarded message from Tyler Durden <camera_lumina at hotmail.com> -----
From: Tyler Durden <camera_lumina at hotmail.com>
Date: Sun, 01 Jan 2006 21:41:35 -0500
To: measl at mfn.org
Cc: coderman at gmail.com, jya at cryptome.net, cypherpunks at jfet.org
Subject: Tor-stored Pads
Alif the Terrible wrote...
>(3) Since all off the pieces have been stored - including both the
>encrypted messagetexts and the decryptors, what is to prevent a
>time-faking attack against this message? After all, if you have all the
>parts, you can just "reinstantiate" the network as it was was the messages
>were originally sent.
Yes, agreed, but I think this a MUCH bigger pain in the ass.
To wit: If they grab and deencrypt the "message" (ie the piece sent to the
receiver) prior to the expiration time, then they will have the message and
be able to read it. This is an improvement in that they have to do it prior
to the expiration time of the hidden piece. They can not grab and store this
piece alone because the other piece will not be there later.
If they do not deencrypt the message in time, then they have to grab a core
dump of the entire network (as well as the transmitted message), because
they do not know where the piece is located. Seems to me that's a much
harder thing to do then merely grabbing a sole message and de-encrypting it
at their leisure. Seems to me too that a Tor network that was sufficiently
dynamic could require network core dumps that could actually tax even NSA
facilities, given large Tor networks of the future.
It should also be pointed out that if the encryption on the "message" piece
is done extremely carefully, one can afford to be lax on the Tor piece, and
yet have a very difficult problem to crack (particularly if wrong guesses
set off boobytraps that kill the hidden message piece).
Again, it can be countered that an attack might merely require N
instantiations of the network, but now we are talking some very significant
resources. We've multiplied the originall cracking problem by N. Perhaps.
PS: I believe this is very close to having a one-time stored pad, but the
difference with traditional Pads is that this one is tored in an anonymous
location.(See Coderman's post.)
----- End forwarded message -----
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820 http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: Digital signature
More information about the cryptography