Re: Risks of running mixmaster on dialup account?

Andy Dustman (adustman@comstar.net)
Mon, 26 Apr 1999 13:49:16 -0400 (EDT)

• Next message: Mj Dascombe: "Remote Harware Key Generation?"
• Previous message: James H. Cloos Jr.: "Re: (x * x) % y"
• In reply to: Olivier Langlois: "(x * x) % y"

On Sun, 25 Apr 1999, William H. Geiger III wrote:

> I am currently looking at ways to re-establish these remailers in a manor
> that will be more secure than my previous setup. I am looking at using an
> openpgp.net mailbox for mixmaster messages but have the actual remailer
> software running on my local machine.
>
> I am curious as to what potential security risks may be involved in
> operating a mixmaster remailer in this fashion. My biggest concern is the
> affects on mixing & latency times. Below is how I plan on setting things
> up:
>
> -- Mailbox on openpgp.net (remailer@openpgp.net)
>
> -- Messages would stay on server until I connected from local machine to
> retreive mail.
>
> -- Once messages were downloaded they would be fed to the mixmaster
> software running locally.
>
> -- Any messages in the outbound queue would be delivered on next
> reconnect.

My first suggestion is, if you can use SSH (1.2.26), use it. The channel
between the maildrop and the remailer does not have to be particularly
secure: The transport between remailers is not secure anyway. But, you can
save yourself some bandwith by employing SSH port forwarding and
compression. The following advice is, of course, UNIX-centric:

For security, add a restrictive SSH key which only allows execution of
that formail command to the authorized_keys file:

command="formail -ds /usr/sbin/sendmail -t" from="securebox"
no-agent-forwarding no-X11-forwarding no-pty 1024 35 ...

(All this one line with the RSA key. See man page for sshd.)

At the beginning of your run, establish an ssh connection:

ssh -C -L11010:localhost110 ssh -C -L11010:localhost110 remailer@dropbox

This will require you to POP off port 11010 (need to be root to forward
local port 110). "localhost" is relative to the remote host, i.e. it IS
the remote host. Write outgoing messages into this as a pipe.

I used something similar to this on the old dustbin remailer. Received:
headers on outgoing message will show as originating at localhost and will
not show the secure box.

-- 
andy dustman  | programmer/analyst |  comstar communications corporation
telephone: 770.485.6025 / 706.549.7689 | icq: 32922760 | pgp: 0xc72f3f1d

• Next message: Mj Dascombe: "Remote Harware Key Generation?"
• Previous message: James H. Cloos Jr.: "Re: (x * x) % y"
• In reply to: Olivier Langlois: "(x * x) % y"