Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Another question about esub

0 views
Skip to first unread message

Anon

unread,
Nov 6, 2009, 7:01:47 PM11/6/09
to
I am trying to manually simulate the creation of an esub for
incorporation in a program. I am using aamfetch to try to find
the message, but with no luck. Here is what I am doing.

I made up my subject: 'This is my subject.'
I made up an encrypt string: 192fd81e54baefb61a94bc3d97eb
I made up an eight byte public string: 4ac91f2a5c24d0fe

I then connected them together in this (and other) sequence:
1st - public string
2nd - encrypt string
3rd - my subject

This produced:
4ac91f2a5c24d0fe192fd81e54baefb61a94bc3d97ebThis is my subject.

I then MD5'ed this string to get:
5fe75fda08e5295fa05f4be79127040f

I then re-added the public string to the front of this string to get:
4ac91f2a5c24d0fe5fe75fda08e5295fa05f4be79127040f
and sent it to aam.

I put 'my subject' and the 'encrypt string' in the appropriate places
in aamfetch, but it doesn't find the message.

Any suggestions?


Anonymous Remailer (austria)

unread,
Nov 9, 2009, 9:55:36 PM11/9/09
to

What's the point of encrypting the Subject: header ?
What secrets would it hide ?
Is it going to add useless overhead to the process ?

Zax

unread,
Nov 10, 2009, 5:21:50 AM11/10/09
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Tue, 10 Nov 2009 03:55:36 +0100 (CET), Anonymous Remailer (austria) wrote in
Message-Id: <5e6715acc5f2379e...@remailer.privacy.at>:

> What's the point of encrypting the Subject: header ?

It prevents all the messages for a single mailbox (nym account) from
being linked by an identical Subject header. Remember that the Subject
that shows up in a.a.m is defined in the Reply-Block, it's not the
actual subject of the message received.

> Is it going to add useless overhead to the process ?

Actually it does the opposite. Without the esub/hsub Subject, the
client would need to attempt decryption on every message in a.a.m. In
some respects this is the most secure option but only if all messages to
a.a.m had a common Subject.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEAREKAAYFAkr5Pr4ACgkQlKZ6CY7Vd0NevwCcDwEbzIM+62LV7dS566MuV1lg
ZZAAmwRtexs5UvDPhrwciSeolID+OFeD
=+fRT
-----END PGP SIGNATURE-----

--
pub 1024D/8ED57743 2003-07-08 Bananasplit Operator
Key fingerprint = 796F 67E0 E890 A0BB BDAE EBB4 94A6 7A09 8ED5 7743
uid Admin <admin.bananasplit.info>

Anonymous

unread,
Nov 10, 2009, 9:07:04 AM11/10/09
to
Scratch this question. I found the explanation at:
http://groups.google.com/group/alt.privacy.anon-server/browse_thread/thread/7fcab82538ed9bd8/6787f95966f7708c?lnk=raot

Anonymous

unread,
Nov 10, 2009, 6:01:38 AM11/10/09
to
Anonymous Remailer (austria) wrote in alt.privacy.anon-server on Mon
November 9 2009 21:55 in Message-ID:
<5e6715acc5f2379e...@remailer.privacy.at>


> What's the point of encrypting the Subject: header ?
> What secrets would it hide ?

Encrypting the subject header makes it harder for an opponent to carry out
a partition-attack against you. By partition attack, I mean an attack where
an opponent manages to separate-out your messages from the anonymous message
pool (alt.anonymous.messages).

For example, let's say you use a Subject header of: "Donald Rumsfeld blows
goats". If they suspect you are using a nym, e.g. lib...@nym.alias.net,
all an opponent would have to do is to send an arbitrary number of messages
to lib...@nym.alias.net and watch a.a.m. for the resultant message strings.

So, if they were able to send 17 messages to lib...@nym.alias.net and saw
17 messages with the Subject line of: "Donald Rumsfeld blows goats" it is
only reasonable to assume that the messages with the "Donald Rumsfeld blows
goats" subject line belong to lib...@nym.alias.net.

They still can't read your traffic, but a fair amount of information can be
gleaned from traffic analysis.

> Is it going to add useless overhead to the process ?

Not really.

0 new messages