[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

hashing emails is not secure (Re: avoiding anonymous emails)



Hashing emails is not very secure.  There are only a small number of
email addresses in the world.  A computer can try order of 4million
per second... and compare it to the small list of blocked hashes.

Also I view global block as undesirable.  Each operator can do their
own thing... this is not some unified service, they are individual
services operated by different people.  There is a reason for this:
distributed trust, and that reason is central to the security of
mixmaster/mixminion.

Adam

On Wed, Apr 12, 2006 at 08:37:57PM -0400, Gregory Maxwell wrote:
> On 4/12/06, Steve Crook <steve@xxxxxxxxxxxxxxxx> wrote:
> > On Wed, Apr 12, 2006 at 08:11:34PM -0400, Nick Mathewson wrote:
> > >
> > > Also, is it really a good idea to have a big list of everybody who
> > > doesn't want anonymous email?  It seems like a spam/abuse target.
> > > What do mixmaster operators do for cases like this?
> >
> > In general nothing.  Mixmaster operators each manage their own block
> > list and don't communicate it to other ops.
> 
> Perhaps it would be useful to have a list which is distributed as a
> cryptographic hash of the blocked username..  Mixmaster exit operators
> could publish a list of hashes they won't deliver to, and a list of
> hashes whom they have personally confirmed as not wanting mail. 
> Operators could examine the list of confirmed hashes, and add hashes
> to block based on the number of confirmed independent/trusted sources
> being over a threshold.
> 
> I.e. if you don't want mixmaster sourced mail you email any three from
> a list of server operators and then all other participants block too.