[Cryptography] [FORGED] Re: millions of Ashley Madison bcrypt hashes cracked efficiently

Phillip Hallam-Baker phill at hallambaker.com
Mon Sep 14 14:36:54 EDT 2015

On Mon, Sep 14, 2015 at 3:33 AM, Ray Dillinger <bear at sonic.net> wrote:

> On 09/13/2015 07:28 PM, Phillip Hallam-Baker wrote:
> > Still, how do we do AM right with cryptography? That should be the thing
> we
> > look at!
> Hmmm.  What set of services are needful to provide?
> Obviously people want to be able to use their browsers to see
> HTML pages that get regularly updated.  And they want deniability,
> which is specifically an avoidance of anything like authentication,
> so SSL certificates on the server side are okay but not on the
> client side.
> But those HTML pages, images, etc, can be on their own filesystems,
> yes?  So they could get a big encrypted package daily-or-so that
> contains the site updates - probably via bittorrent or equivalent,
> which gets unpacked directly onto their filesystem in encrypted
> form.  Then they can browse using their browser with a local-system
> proxy that decrypts the material without ever writing the plaintext
> to the filesystem.  If and as they answer or write ads, their proxy
> uploads a relatively tiny update, no more than once per hour, to
> the server - possibly via Tor or encrypted and tucked into an ICMP
> packet.
> Obviously this won't work if the site services need to include very
> time sensitive things like live chat, and very heavy datastreams
> like streaming movies, but it would certainly work for a relatively
> simple private website a heck of a lot more resistant to traffic
> analysis and account hacks than AM ever was.
> If the central server sees your searches in plaintext, then it could
> tailor an update for you depending on your searches - but there's a
> privacy issue with the trusted central server where someone can
> demand to see those searches.  Otherwise, users would need to select
> a subsite to browse (a torrent seed, basically) based strictly on
> statistical data or general interests, and have searches be local-
> only.
> Obviously anybody will be able to subscribe and get the daily update
> bundles, so the ads people place should not be considered to be
> private material.  But who placed which ad, I believe, is information
> that is legitimately private and should be withheld from anyone who
> declines to answer the ad and meet face to face.

This is at a lower level than I was thinking. Sure Tor is an OK technology.
But lets architect on a clean sheet of paper and then decide on the best

I see a number of requirements here:

1) Ability to advertise a service / interest / etc. anonymously.

2) Ability to review advertisements anonymously.

3) Ability to express an initial interest in connecting to someone via some
sort of restricted, reputation filtered channel designed to mitigate spam.

4) Ability to respond to such requests with accept / reject.

I think 1 & 2 can be served by any old Web / Blog hosting service. So all
we need is the link in to 3. Which I think need be no more than a handle on
some network that binds to a public key:

MB2GK-6DUF5-YGYYL-JNY5E-RWSHZ at cheaters-r-us.com

So I pull the profile for MB2GK-6DUF5-YGYYL-JNY5E-RWSHZ from 'somewhere'
(doesn't need to be the hook-up point). That gives me a description of how
to contact that person that is signed by a key that is signed under the
root of trust with the UDF fingerprint MB2GK-6DUF5-YGYYL-JNY5E-RWSH.

The contact details could simply be, 'here is a dead drop box, send me a
message'. Or it could require a proof of work to deter spam and so on.

Hard one to deal with is reputation. Sites that work tend to use
reputation. If you use reputation it becomes very easy to map out the
social network and that tells you everything.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150914/f9f5dfaa/attachment.html>

More information about the cryptography mailing list