From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/58303 Path: main.gmane.org!not-for-mail From: Florian Weimer Newsgroups: gmane.emacs.gnus.general Subject: Re: Spook MIME Boundaries Date: Fri, 20 Aug 2004 02:01:34 +0200 Sender: ding-owner@lists.math.uh.edu Message-ID: <87vffe3cf5.fsf@deneb.enyo.de> References: <87657fdmod.fsf@stark.xeocode.com> <87r7q2yi1n.fsf@deneb.enyo.de> <87oel6dd69.fsf@stark.xeocode.com> NNTP-Posting-Host: deer.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1092960131 25120 80.91.224.253 (20 Aug 2004 00:02:11 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Fri, 20 Aug 2004 00:02:11 +0000 (UTC) Cc: Gnus Mailing List Original-X-From: ding-owner+M6844@lists.math.uh.edu Fri Aug 20 02:02:02 2004 Return-path: Original-Received: from malifon.math.uh.edu ([129.7.128.13]) by deer.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 1Bxwr4-000149-00 for ; Fri, 20 Aug 2004 02:02:02 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu ident=lists) by malifon.math.uh.edu with smtp (Exim 3.20 #1) id 1Bxwqk-000137-00; Thu, 19 Aug 2004 19:01:42 -0500 Original-Received: from util2.math.uh.edu ([129.7.128.23]) by malifon.math.uh.edu with esmtp (Exim 3.20 #1) id 1Bxwqg-000132-00 for ding@lists.math.uh.edu; Thu, 19 Aug 2004 19:01:38 -0500 Original-Received: from justine.libertine.org ([66.139.78.221] ident=postfix) by util2.math.uh.edu with esmtp (Exim 4.30) id 1Bxwqf-0004sH-4d for ding@lists.math.uh.edu; Thu, 19 Aug 2004 19:01:37 -0500 Original-Received: from mail.enyo.de (mail.enyo.de [212.9.189.167]) by justine.libertine.org (Postfix) with ESMTP id AB00C3A0058 for ; Thu, 19 Aug 2004 19:01:36 -0500 (CDT) Original-Received: (debugging) helo=deneb.enyo.de ip=212.9.189.171 name=deneb.enyo.de Original-Received: from deneb.enyo.de ([212.9.189.171]) by mail.enyo.de with esmtp id 1Bxwqc-0000Ow-FZ; Fri, 20 Aug 2004 02:01:34 +0200 Original-Received: from fw by deneb.enyo.de with local (Exim 4.34) id 1Bxwqc-0000h3-46; Fri, 20 Aug 2004 02:01:34 +0200 Original-To: Greg Stark In-Reply-To: <87oel6dd69.fsf@stark.xeocode.com> (Greg Stark's message of "19 Aug 2004 17:35:10 -0400") Precedence: bulk Xref: main.gmane.org gmane.emacs.gnus.general:58303 X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:58303 * Greg Stark: >> More effective would be BEGIN PGP MESSAGE line, followed by random >> base64 encoded junk. > > At this point anybody listening would pretty much have to be able to base64 > decode at wirespeed anyways. No, you just look for "BEGIN PGP MESSAGE", and then you store the IP addresses involved (and, if possible, email addresses seen earlier on the same connection). Traffic analysis is an extremely effective tool for many applications, and concentrating on encrypted traffic reduces the data set very nicely. Something like -----BEGIN PGP MESSAGE----- jA0EAwMC4/o8ylG480Ngye38oMxjWBRvkIexOLnESJ07wjS18zZLJJnHkX8CBFG0 8CV61rhpf9CyIj/vZp3TZZhSRjPRuEhHgQ4fE+zUDY5xW4Kx4CffXzJSFEKMcTf6 in your signature would fool some *real* heuristics.