[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New attack on mixminion (& fix)

To: mixminion-dev@freehaven.net
Subject: Re: New attack on mixminion (& fix)
From: Roger Dingledine <arma@mit.edu>
Date: Mon, 26 Aug 2002 10:56:21 -0400
Delivered-To: archiver@seul.org
Delivered-To: mixminion-dev-outgoing@seul.org
Delivered-To: mixminion-dev@seul.org
Delivery-Date: Mon, 26 Aug 2002 10:56:22 -0400
In-Reply-To: <Pine.LNX.4.44.0208151435170.18206-100000@blackbird.lcs.mit.edu>; from gd@theory.lcs.mit.edu on Thu, Aug 15, 2002 at 02:45:11PM -0400
References: <Pine.LNX.4.44.0208151435170.18206-100000@blackbird.lcs.mit.edu>
Reply-To: mixminion-dev@freehaven.net
Sender: owner-mixminion-dev@freehaven.net
User-Agent: Mutt/1.2.5.1i

On Thu, Aug 15, 2002 at 02:45:11PM -0400, George Danezis wrote:
> It concerns the classic tagging attack problem. If a mix touches the 
> second header of the message on the first leg of its journey then the 
> second header will come out as junk at the cross over point, BUT the 
> payload will still be in clear. The attack therefore proceeds as follows:
[snip]
> - The attacker then does not tag the first leg of the message, but waits 
> until one of the crossover points sees the same payload as the old 
> discarded message. 

Out of curiosity, is our encryption deterministic? That is, if I
encrypt a given payload along a given path and then do it again, will
the ciphermessages be linkable?

In any case, I think this is an ok fix to add.

--Roger

Follow-Ups:
- Re: New attack on mixminion (& fix)
  - From: Nick Mathewson <nickm@alum.mit.edu>

References:
- New attack on mixminion (& fix)
  - From: George Danezis <gd@theory.lcs.mit.edu>

Prev by Date: Re: K-of-N information dispersal for Mixmaster
Next by Date: Re: New attack on mixminion (& fix)
Prev by thread: New attack on mixminion (& fix)
Next by thread: Re: New attack on mixminion (& fix)
Index(es):
- Date
- Thread