Remailers We've Got
05 Jan 2013 23:45:00 EST

This blog post originally appeared on crypto.is. We've since shut down that website, so I have copied the blog post back to my own for archival purposes.

There are two main implemented remailer networks in operation: Mixmaster and Mixminion. Mixmaster was written in the early 90s by Lance Cottrell, and was maintained for a number of years by Len Sassaman. Mixminion was written in the early 2000s by Nick Mathewson, based on a research paper he wrote with George Danezis and Roger Dingledine. A third, Cypherpunk Remailers, exists as well, although is mostly supported as a compatibility layer in the Mixmaster software. Although conceptually they all do the same thing - allow the sending of anonymous emails - there are a number of design and implementation differences.

In Mixmaster, when you compose your russian-doll nested messages to each remailer, you will send the message to the first node using normal email - SMTP. Each node will subsequently send it to each following node using an email message over SMTP.

There disadvantages of this.

However, in Mixminion, when you compose your nested message, you will send the message to the first node using a binary protocol inside a SSL connection. That SSL connection uses Ephemeral Encryption - which provides Perfect Forward Secrecy (PFS). PFS means that if an attacker compromised the server's SSL certificate - they would not be able to decrypt that conversation. And, if an attacker breaks that conversation - they cannot read any other conversation. This is a very nice and robust property to provide, and by using SSL as a transport mechanism - we get it essentially for free, without having to write any additional code.

The advantages of Mixminion's approach compared to Mixmaster's:

Another major difference between Mixmaster and Mixminion is that Mixmaster is one-way. You can send an email anonymously to an individual, but if you want them to be able to reply, you would have to give them a reply address. Even if you choose a free email service and lie to them about your real name - this can still de-anonymize you, for example through a subpoena to the email provider. Mixminion however allows replies through what are called 'Single Use Reply Blocks' or SURBs. When I receive a message with a SURB, I can reply to the sender without know who the sender is. We'll talk more about SURBs and reply-block based designs later also.

There are a number of other differences between Mixmaster and Mixminion, including directory services, exit policies, dummy traffic. And there are a number of other topics and developments in anonymous email including packet formats (like Sphinx) and nym-based reply methods (like Pynchon Gate). We'll be covering more about these topics in the future.

Finally, before signing off, it's important to note that there are practical issues with both Mixmaster and Mixminion today. Neither one of these should be relied on for strong anonymity. Mixmaster, for example, makes use of 1024-bit RSA keys; and Mixminion has not been actively developed for years.

This blog post is licensed under Creative Commons Attribution 3.0 United States License and is inspired by, and makes heavy use of, the images produced by the EFF & Tor Project here.

Add a comment...
required, hidden, gravatared

required, markdown enabled (help)
you type:you see:
[stolen from reddit!](http://reddit.com)stolen from reddit!
* item 1
* item 2
* item 3
  • item 1
  • item 2
  • item 3
> quoted text
quoted text
Lines starting with four spaces
are treated like code:

    if 1 * 2 < 3:
        print "hello, world!"
Lines starting with four spaces
are treated like code:
if 1 * 2 < 3:
    print "hello, world!"