[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New attack on mixminion (& fix)



On Thu, Aug 15, 2002 at 02:45:11PM -0400, George Danezis wrote:
> It concerns the classic tagging attack problem. If a mix touches the 
> second header of the message on the first leg of its journey then the 
> second header will come out as junk at the cross over point, BUT the 
> payload will still be in clear. The attack therefore proceeds as follows:
[snip]
> - The attacker then does not tag the first leg of the message, but waits 
> until one of the crossover points sees the same payload as the old 
> discarded message. 

Out of curiosity, is our encryption deterministic? That is, if I
encrypt a given payload along a given path and then do it again, will
the ciphermessages be linkable?

In any case, I think this is an ok fix to add.

--Roger