Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Mixmin encryption (who can see the cleartext?)

12 views
Skip to first unread message

Ewald Böhm

unread,
Sep 3, 2015, 7:26:02 AM9/3/15
to
I'm confused about how mixmin encryption works.

Let's say there are just two different scenarios.
Who can see the cleartext in those two scenarios?

Scenario 1:
- I post, using Mixmin, from home, to a newsgroup.
Scenario 2:
- Same as above, but using a public vpn server.

In those two scenarios, who can "see" the cleartext of the
post?

Steve Crook

unread,
Sep 3, 2015, 11:25:27 AM9/3/15
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Thu, 3 Sep 2015 11:26:01 +0000 (UTC), Ewald Böhm wrote in
Message-Id: <ms9ao9$8bq$1...@news.mixmin.net>:
In both scenarios, everyone can see it as you're posting to a public
newsgroup.

If the server required authentication, the encrypted session would serve
to protect the login details. (Mixmin doesn't require authentication)

Encryption helps to hide who posts what. Your messages might be public
but you may prefer them not to be linked to you. This is a vague and
untrustable form of anonymity for various reasons. I can explain if you
would like more details.

In the case of Mixmin, it serves to hinder the spammers as only
encrypted users are allowed to post. For this reason, the average
spammer finds it easier to use Google. I'm very happy about that as
abuse complaints have to be addressed so the fewer I receive, the
happier I am.


I'm planning to drop the support for NNTPS soon as it's awkward running
a dedicated listener on a different port (563). This needs to be
started by root and doesn't get restarted along with the other server
components. This frequently causes me pain when upgrading. INN has
supported STARTTLS for a few years now so I'll probably stick with that.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJV6GZmAAoJEC3jHKG+PvqnDQAQAKx4LJ1Cf0tv/u/WY00SGdvG
hLkaA7FXMqcJ+PyC03LQ6Is2De5evOLCfVs1xaQIOyNj4c0pahGrindOFhYU3zAg
3CcEjZTGHsLI9zLarQqych6hayKTr4y9ApjN6UfEhb+J+gpdT6yF+HDq9udnXoKy
lZq1Tq4GyF6FiRAYZNkJu7BRJB54IoLqYKzmmbTWKQflDxIdVWviHL0TQXPeG6po
a6qq55QNSfwd5vziyHY4uEcnQq4rq2WWiT11cqfpX/Lf3G1uDPeFO25sreHUCNfe
BQufu2qQUf2RlFX3hqNW/CwqPahN4Tvx2Ohnqe7VJQPHs54d22tydOs70atiVBN+
YWG38YAjrQ9nA9Jjyl8YrGPoE9FDbQN/lWuundSMjkMRuznPZjDJvoZI6XfFfsW7
x14ihlCibNytmRBJM9SgbdOY/7iTB4o8t4shPodVa8nw55/LUUJxxmcQdB2LcXXE
NodkcWGmI7qrLKCX1Dq5N633GHIwljS9uoTObODHzqPzJrUnRvSQ8jznDgv4RTzl
956kZ05MFnW0cdGkTBJ1a20jToba6TGRAN8pFqaRdntSRRUxcZOuQSusyMhcyFPE
cufGeHfoRvk2vvtnlGxMJUCxD+hEoi/35qlPUhYL0mu4lAlvqVZp9FSZl/xjrmUW
9clm05Z3KGJ9GcSXeq77
=agXT
-----END PGP SIGNATURE-----

--
And with glasses high we raised a cry for freedom had arrived

Sir Gregory Hall, Esq.

unread,
Sep 3, 2015, 2:02:08 PM9/3/15
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA276
You are so full of it, Steve! You make me laugh with your little
Usenet fetish.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJV6GZmAAoJEC3jHKG+PvqnDQAQAKx4LJ1Cf0tv/u/WY00SGdvG
hLkaA7FXMqcJ+PyC03LQ6Is2De5evOLCfVs1xaQIOyNj4c0pahGrindOFhYU3zAg
3CcEjZTGHsLI9zLarQqych6hayKTr4y9ApjN6UfEhb+J+gpdT6yF+HDq9udnXoKy
Zq1Tq4GyF6FiRAYZNkJu7BRJB54IoLqYKzmmbTWKQflDxIdVWviHL0TQXPeG6po1
a6qq55QNSfwd5vziyHY4uEcnQq4rq2WWiT11cqfpX/Lf3G1uDPeFO25sreHUCNfe
BQufu2qQUf2RlFX3hqNW/CwqPahN4Tvx2Ohnqe7VJQPHs54d22tydOs70atiVBN+
7YWG38YAjrQ9nA9Jjyl8YrGPoE9FDbQN/lWuundSMjkMRuznPZjDJvoZI6XfFfsW
x14ihlCibNytmRBJM9SgbdOY/7iTB4o8t4shPodVa8nw55/LUUJxxmcQdB2LcXXE
NodkcWGmI7qrLKCX1Dq5N633GHIwljP9uoTObODHzqPzJrUnRvSQ8jznDgv4RTzl
956kZ05MFnW0cdGkTBJ1a20jTobaT6GRAN8pFqaRdntSRRUxcZOuQSusyMhcyFPE
cufGeHfoRvk2vvtnlGxMJUCxD+hEoi/35qlPUhYL0mu4lAlvqVZp9FSZl/xjrmUW
9clm05Z3KGJ9GcSXeq77
=agXT
-----END PGP SIGNATURE-----

--
Sir Gregory

The Sorceress of Qar

unread,
Sep 4, 2015, 10:35:16 AM9/4/15
to
I use news.mixmin.net:563

Works great.

Keep up the good work, change whatever makes sense to change.

--
A Paradoxial World, for Sure.

Ewald Böhm

unread,
Sep 15, 2015, 12:41:29 AM9/15/15
to
On Thu, 03 Sep 2015 15:25:26 +0000, Steve Crook wrote:

> Encryption helps to hide who posts what. Your messages might be public
> but you may prefer them not to be linked to you. This is a vague and
> untrustable form of anonymity for various reasons. I can explain if you
> would like more details.

Hi Steve,
I just saw this, as I had a setup problem with my subscriptions.
Sorry I hadn't responded sooner.

I'm very confused, so, what I say below may be all wrong, but, it's
what I *thought* was the advantage of Mixmin over the others, but,
then, when I started thinking about it - I got confused.

1. I set up stunnel on my localhost & set up mixmin on my newsreader.
2. I sit at Starbucks & compose this message on my newsreader.
3. I hit "Send" and the cleartext is sent to the mixmin server.
4. If there was a login, it'd be encrypted, but you don't require a login.
5. Anyone at Starbucks & at its ISP can "see" the cleartext I just sent.
6. Your mixmin server then gives me a "posting-host" based on other
header information and my NNTP Posting Host IP address.
7. Anyone picking up your feed sees my cleartext & your hashed "posting-host".

Is that reasonably correct?
If so, why the need for stunnel?
Where's the encryption?

Steve Crook

unread,
Sep 15, 2015, 4:05:28 AM9/15/15
to
On Tue, 15 Sep 2015 04:41:29 +0000 (UTC), Ewald Böhm wrote in
Message-Id: <mt87ho$5iv$1...@news.mixmin.net>:

> On Thu, 03 Sep 2015 15:25:26 +0000, Steve Crook wrote:
>
>> Encryption helps to hide who posts what. Your messages might be public
>> but you may prefer them not to be linked to you. This is a vague and
>> untrustable form of anonymity for various reasons. I can explain if you
>> would like more details.
>
> Hi Steve,
> I just saw this, as I had a setup problem with my subscriptions.
> Sorry I hadn't responded sooner.
>
> I'm very confused, so, what I say below may be all wrong, but, it's
> what I *thought* was the advantage of Mixmin over the others, but,
> then, when I started thinking about it - I got confused.
>
> 1. I set up stunnel on my localhost & set up mixmin on my newsreader.
> 2. I sit at Starbucks & compose this message on my newsreader.
> 3. I hit "Send" and the cleartext is sent to the mixmin server.
At this point, your newsreader sends the cleartext to your local stunnel
that is masquarading as a newsserver. It encrypts your message and
sends it to Mixmin.

> 4. If there was a login, it'd be encrypted, but you don't require a login.
> 5. Anyone at Starbucks & at its ISP can "see" the cleartext I just sent.
No, they can only "see" the encrypted communication between your stunnel
and news.mixmin.net.

> 6. Your mixmin server then gives me a "posting-host" based on other
> header information and my NNTP Posting Host IP address.
Mixmin takes your IP address and salts it
(https://en.wikipedia.org/wiki/Salt_(cryptography)). The result is
SHA1 hashed and posted, as hex, in the posting-host field.

> 7. Anyone picking up your feed sees my cleartext & your hashed "posting-host".
Correct.

> Is that reasonably correct?
> If so, why the need for stunnel?
> Where's the encryption?
Hopefully I've explained those elements above. Let me know if it's not
clear and I'll try again.
0 new messages