Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#17 Include PGP Comments Header

closed
Len Sassaman
None
5
2007-06-11
2007-06-11
Steve Crook
No

Users of Type-I Pseudonyms often terminate them on the Usenet group alt.anonymous.messages. Many of these are being lost due to news servers running default Cleanfeed installations that perform 'Fuzzy MD5' to filter Excessive Multi-Posting.

Cleanfeed's Fuzzy MD5 performs the following filtering prior to hashing the message payload:
$mbody = lc $hdr{__BODY__};
$mbody =~ s/^(?!http)\S{7,70}\r?$//mg;
$mbody =~ s/\r{3}.*$//mg;
$mbody =~ s/\s+$//;
$mbody =~ s/^[^\n]*\Z//m if $lines > 5;
$mbody =~ tr/a-z0-9//cd;
This results in virtually all PGP encrypted messages having the same MD5 hash and subsequently being dropped.

Resolution:
During encryption, add a PGP Comments header that contains 8 blocks of 6 random a-z characters separated by a whitespace character. This will ensure that each PGP payload will generate a different Fuzzy MD5 hash.

Discussion

  • Len Sassaman
    Len Sassaman
    2007-06-11

    Logged In: YES
    user_id=29569
    Originator: NO

    Cleanfeed's proceedure is the problem here, not Mixmaster's behavior. Normally I would work around someone else's broken code rather than stick to principles, but what you're asking for is a wide-open side-channel. I can't do that.

     
  • Len Sassaman
    Len Sassaman
    2007-06-11

    • assigned_to: nobody --> rabbi
    • status: open --> closed