[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Servers Should Use a Secure Mix Algorithm



Colin Tuckley writes:
> While I have to agree with you on this in theory, I feel it's rather
> premature in practice for the following reasons:
>
> 1) Mixminion *is* still in alpha, there is a lot of testing going on
> and having the timed algorithm made that easier/quicker.

Using the timed algorithm, however, gives a falsely positive picture
of how the system performs.  Applications using Mixminion should be
developed and tested using the real thing.  If the system is not
usable with a real mix algorithm, then we need to solve that problem.

> 2) Using a "real" algorithm might make people think the system is
> secure. We shouldn't be encouraging that while we call the software
> "alpha".

The way to express that a system is not secure is to say "This system
is not secure", not by introducing weaknesses.

> If Nick thinks it's time for real algorithms then it's also time for
> the software to be Beta. (Comments Nick?)

It is actually quite reasonable to use a real mix algorithm during the
Alpha or even development phases.  There's simply no other way to get
a feel for how the real system will perform.

> It would have been better if you had talked about this in public on
> the list *before* you unilateraly made the change.

My judgment was and is that it's time to move forward.  We might as
well try the system out with a real mix.  Mixminion is beautifully
designed, but we've never really tried it out.

> If you want to help with testing then please consider running
> miniontest to give the system a better workout.

I think this is the right approach.

In any event, Wiredyne is sticking with a real mix.

Peter