Article <vtbl8h$28c0n$1@dont-email.me>

Warning: mysqli::__construct(): (HY000/1203): User howardkn already has more than 'max_user_connections' active connections in D:\Inetpub\vhosts\howardknight.net\al.howardknight.net\includes\artfuncs.php on line 21
Failed to connect to MySQL: (1203) User howardkn already has more than 'max_user_connections' active connections
Warning: mysqli::query(): Couldn't fetch mysqli in D:\Inetpub\vhosts\howardknight.net\al.howardknight.net\index.php on line 66
Article <vtbl8h$28c0n$1@dont-email.me>

Deutsch English Français Italiano

<vtbl8h$28c0n$1@dont-email.me>

View for Bookmarking (what is this?)
Look up another Usenet article

Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail
From: Peter Fairbrother <peter@tsto.co.uk>
Newsgroups: sci.crypt
Subject: Re: What are the chances of this encrytion being broken?
Date: Fri, 11 Apr 2025 18:58:40 +0100
Organization: A noiseless patient Spider
Lines: 83
Message-ID: <vtbl8h$28c0n$1@dont-email.me>
References: <vrrh0h$nscg$1@dont-email.me>
 <fCwjUEYVF8eg0zhdLcl3X+q7CCGal0Ox3PTmngktqnw=@writeable.com>
 <vrrovm$11oms$1@dont-email.me> <vrs7tj$1faj3$1@dont-email.me>
 <4c1bfc3d01c8a48ad81d1fbf4587e5431cd9389b@i2pn2.org>
 <vs2jp5$38vc4$2@dont-email.me> <a6c553f535.1744220411@qzxrj.pi>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 11 Apr 2025 19:58:42 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="7e3c321158d16db6d2d158f6e91c62ef";
	logging-data="2371607"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX19wyqxb6WHGiwO2F8jKa3xve1jHXEMnnog="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:r3rVXsUNsPafEpfqddpculed2bI=
In-Reply-To: <a6c553f535.1744220411@qzxrj.pi>
Content-Language: en-GB
Bytes: 4401

On 09/04/2025 18:40, Mini Mailer wrote:
> Peter Fairbrother wrote:
>> On 24/03/2025 19:07, Stefan Claas wrote:
>>
>>> If the
>>> sender uses [...] anonymous Networks, which it
>>> seems you guys are not using (yet), how would be rubberhose applied, if
>>> they can't find the sender?
>>
>> Unfortunately there aren't any effective anonymous networks. At least
>> none I would trust against NSA/GCHQ/SCA/SCS.
> 
> Isn't the Tor Network not a solid foundation, which can be build up from?

No.

TOR falls to a global passive adversary (eg the NSA) who can watch the 
traffic to and from the 1,000 or so entrance/exit nodes *. The 
intermediate nodes are irrelevant in this attack. There are many other 
attacks.

The problem is latency (and to a lesser extent lack of dummy 
covertraffic and small fixed packet sizes). For good <5s web latency the 
amount of traffic to-from the set of exit nodes which needs to be 
examined and compared is 5s worth, not a lot.

As there is no dummy covertraffic, and packets are split into 512-byte 
cells, if Alice's sends 4,586 cells to Bob there will be 4,586 cells 
entering the network from Alice's IP, and somewhere in the next 5s of 
traffic there will be an exit node which is sending 4,586 cells to Bob's 
IP.

Not too hard to find a correlation. Especially if repeated into a session.

As for building on TOR, you'd pretty much have to build an anonymous 
network on top of TOR - which would be better built elsewhere as TOR 
traffic is slow and closely watched.

TOR was designed by a serving US navy officer (Paul is a nice guy, but I 
wouldn't ever trust him not to be on the Navy's side); and initial 
development of TOR was paid for by the US defence establishment.

* all of them, or most of them, or many of them, or just a few of them - 
the more the easier, but the statistics for even 10% of watched nodes 
are horrifying

>   
>> Mixmaster might have been effective once, if properly used, but it is
>> now moribund and never had enough traffic.
> 
> The successor of Mixmaster is YAMN, but nowadays people are working
> also on Katzenpost and Nym.

Actually the successor to Mixmaster should have been Mixminion, but TOR 
stole the coders and some of the theory guys who were working on 
Mixminion and it never got finished. Or later Panoramix or Loopix or 
some other Goscinny/Uderzo characters.

I'm a bit out of date, so I'm not intimately familiar with Nym and 
katzenpost (though I know most of the developers and their work), but 
while they have some clever tricks to partly overcome TOR's weakness 
against a global adversary they don't do much more than make things 
harder. Not impossible or too hard or too expensive**.

Plus I am skeptical of the security of bandwidth credentials etc, they 
may give adversaries information.

I don't know anything about YAMN. Would Lance/Len approve?

** "Never underestimate the attention, risk, money, and time that an 
opponent will put into reading traffic" - Robert Morris, former Chief 
Scientist NCSC NSA

Peter Fairbrother