Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] How secure is Bitlbee?

StealthMonger StealthMonger at nym.mixmin.net
Sun Dec 23 15:38:25 PST 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Uncle Zzzen <unclezzzen at gmail.com> writes:

> Lately I've discovered http://www.bitlbee.org/ and I feel a lot more
> comfy with it.  My question is, how secure is Bitlbee compared to
> Jitsi or Pidgin?

bitlbee appears to be a low-latency, connection-based technology and
will therefore have the same security defects as any other low-latency
technology, such as Tor.  Low latency implies that an observer who can
monitor both sides of the connection can swiftly detect that they are
in communication, just by the packet timing and volume.

To avoid this defect, security has to be message-based rather than
connection-based, and the messages have to be encrypted and travel via
a channel having high, random latency so that they get mixed with
other such messages, thwarting traffic analysis.  An example is the
mixmaster anonymizing remailer network [1].

Tor documentation [2] is relevant here:

   ... for low-latency systems like Tor, end-to-end traffic
   correlation attacks [8, 21, 31] allow an attacker who can observe
   both ends of a communication to correlate packet timing and volume,
   quickly linking the initiator to her destination.

[1] http://www.banana.mixmin.net/ 

[2] http://tor.eff.org/cvs/tor/doc/design-paper/challenges.pdf

- -- 


 -- StealthMonger <StealthMonger at nym.mixmin.net>
    Long, random latency is part of the price of Internet anonymity.

   anonget: Is this anonymous browsing, or what?
   http://groups.google.ws/group/alt.privacy.anon-server/msg/073f34abb668df33?dmode=source&output=gplain

   stealthmail: Hide whether you're doing email, or when, or with whom.
   mailto:stealthsuite at nym.mixmin.net?subject=send%20index.html


Key: mailto:stealthsuite at nym.mixmin.net?subject=send%20stealthmonger-key

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.9 <http://mailcrypt.sourceforge.net/>

iEYEARECAAYFAlDXchEACgkQDkU5rhlDCl7sQACgyD92iBtJD3XLREPb1OFmxGZc
bXcAni+10N/j5y3PGR7QR90CqxkwYgLx
=H0Cc
-----END PGP SIGNATURE-----




More information about the liberationtech mailing list