[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] JAP back doored
- To: list@nutz.ch, error <error@lostinthenoise.net>, full-disclosure@lists.netsys.com
- Subject: Re: [Full-Disclosure] JAP back doored
- From: Adam Shostack <adam@homeport.org>
- Date: Fri, 22 Aug 2003 08:46:42 -0400
On Fri, Aug 22, 2003 at 01:46:23AM +0200, Florian Weimer wrote:
| Adrian Nutz <list@nutz.ch> writes:
| > There should be mixes in many different countries, if possible most of
| > them shouldn't have any kind of treaties that allow a fast reaction from
| > the police in this countries if some other country wants logs.
|
| Performance would suck, too. That's why the Dresden-Dresden cascade
| is so popular, despite it's principal problem.
A couple of comments, which I'll then connect.
Performance was the number one complaint about Zero-Knowledge's
Freedom network.
There is no exponential term in MIX traffic. That means that if you
try to ensure that all traffic leaves the network quickly (so you can
say, web browse), then your attacker only needs to analyze traffic
over a few seconds, and that's easy.
Simple attacks work really well on real time mix chains of any length
that TCP timeouts are likely to allow.
As such, I'm actually very suprised that the German police bothered
with this compelled back door stuff. Perhaps they failed to talk to
their national technical experts, or their experts failed to tell them
how easy traffic analysis is for them.
Is there a political motive? Are we about to see legal attacks on
high latency mixes?
Adam
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html