Cypherpunk remailer

A Cypherpunk remailer (also type I remailer) is an anonymizing remailer that accepts and forwards encrypted or unencrypted messages.

The messages themselves, typically e-mail or posts for the Usenet , are addressed to the final recipient or a discussion group. The remailer can be installed on the same computer, on a computer in the local area network ( LAN ), or on a computer on the Internet .

Origin and development

In the early 1990s , a group of Internet users interested in cryptography , who called themselves Cypherpunks , designed the remailer model. They incorporated some of David Chaum's suggestions .

In the period that followed, various remailer programs emerged, including server types that had in common the support of the Cypherpunk protocol, some of which differed greatly in details. With the introduction of newer algorithms in encryption software, new PGP versions and derivatives and, above all, the experience gained in operating the remailer, differences have arisen in the use of encryption. At times there were incompatibilities between remailers.

method

Before a message is forwarded by the remailer, the so-called message header is modified and the sender-related information is removed. The final recipient of an email treated in this way receives the remailer's only sender information.

Extensions

Some of the techniques for securing e-mail, found in all types of remailers, have already been introduced for Cypherpunk remailers. The sender of a remailer largely controls how his e-mail is handled by the remailer network . Some possibilities:

• Chaining several remailers to make it impossible for the operators of the remailer services or eavesdropping attackers to identify the anonymous communication partners.
• Encryption of messages and recipient information with PGP or GnuPG , also between the remailers in a chain.
• Adding and removing random data to prevent the identification of a message by its changing size.
• Intermediate storage of messages over any period of time (normally up to a maximum of 1 day) in order to counteract the analysis of the message traffic.

Procedure (exemplary)

1. Write a message
2. Add additional lines to the text:
   ::
Anon-To: remailer@cypherremailer.de
3. This text is encrypted with the remailer's public key.
4. If encryption is selected, the remailer receives information about this by prefixing the encrypted message part with the following information:
   ::
Encrypted: PGP
5. The last steps are repeated depending on the number of chained remailers.

Attacks against the Cypherpunk Remailer

Cypherpunk remailers have several vulnerabilities.

The messages are sent on immediately after they are received by the remailer. If an attacker can track incoming and outgoing messages from the remailer, it is possible for him to assign messages according to time and size and thus to infer the recipient and sender.

Furthermore, the attacker could intercept a message and import it back into the system in a targeted manner. If this re-import takes place in large numbers, an attacker can also find out the path to the recipient.

Both problems were recognized by Lance Cottrell and described in the essay "Mixmaster & Remailer Attacks".

Cypherpunk remailers can be combined with a Mixmaster , which processes the messages from the Cypherpunk remailer. The security of the system benefits from the Mixmaster protocol, which is generally considered to be more secure and robust.

See also

• Remailer , Mixmaster Remailer , Nym Remailer
• Anonymity on the Internet , anonymizer
• goal

literature

• E-Mail Security , Bruce Schneier ( ISBN 0-471-05318-X )
• Computer Privacy Handbook , Andre Bacard ( ISBN 1-56609-171-3 )

Web links

• Mixmaster & Remailer Attacks
• A remailer FAQ
• Remailer Vulnerabilities
• Anonymous email via remailer (FAQ)
• Anonymous sending of emails and Usenet postings