Installing Quicksilver Lite in Whonix and Creating a Mixmin Nym

#1

Wilders Security Forums > Privacy Related Topics > privacytechnology

Installing Quicksilver Lite in Whonix andcreating a Mixmin nym

User Name User Name Remember Me?Password Log in

Register FAQ Members List Calendar Today's Posts Search

Thread Tools Search this Thread

March 30th, 2013, 02:27 AM

mirimirVery Frequent Poster

Join Date: Oct 2011Posts: 1,423

Installing Quicksilver Lite in Whonix and creating a Mixmin nym

These are instructions for creating a nym at mixnym.net, using Quicksilver Lite (QSL) in Whonix. QSLis Windows software, so it needs Wine to run in Whonix (based on Debian).

For background, please see Wikipedia, e.g. -https://en.wikipedia.org/wiki/Pseudonymous_remailer.

This is a first draft, so there may be mistakes. But I wanted to get it up as background reading. I'llupdate it ASAP after getting confirmation from mixnym.net that my nym was created. And then I'llpost a tutorial for installing and configuring QSA in Whonix.

Work in Tails or your current VPN/Tor setup if you want privacy.Download Whonix VMs from -http://sourceforge.net/p/whonix/wiki/Download/.Import gateway and workstation with VirtualBox.Edit gateway VM configuration:...By default, network adapter 1 is NAT....If you're using router VMs, change to appropriate internal network.

Change root and user passwords in gateway VM from default "changeme".Change root and user passwords in workstation VM from default "changeme".

Work from here on in Whonix workstation.

Tweak Kickoff | Favorites as desired.

Run in Terminal:...sudo apt-get update...sudo apt-get install wine...sudo apt-get install unzip

Choose a pseudonymous email address at mixnym....Pick something that's not likely to have been already taken....Pick something that's not associated with you or other pseudonyms....It could be a random string, or something more memorable....I'm using "[email protected]" for this, so you can test with me.

Installing Quicksilver Lite in Whonix and creating a Mix... http://www.wilderssecurity.com/showthread.php?t=344489

1 de 9 08/04/13 15:45

Run "gpg --key-gen" and create 4,096-bit key pair for [email protected] appropriate name ... here I'm "Jude Fawley" with comment "T.O.".

In KGpg, highlight your key, and:...Right click, and select "Set as Default Key"....Right click, and select "Export Public Key".

Download latest QSL from -https://www.quicksilvermail.net/qslite/.Download latest QSA from -https://www.quicksilvermail.net/qsaam/.

Get mixnym key 0x14D0C447 from -https://www.sks-keyservers.net/i/.Save as 14D0C447.asc.

In KGpg:...Import mixnym key 0x14D0C447....Sign it using the key that you just created....Set owner [your] trust for it.......Use button in KGpg "Key Properties", and choose at least "Marginally".

Unzip QSL and QSA in Download folder, autodetecting archive folders.

Run Wine configuration and click OK to create /home/.wine.Click "Show Hidden Files" in File Manager (Dolphin) | View.In /home/user/.wine/drive_c/, create folder "QS".

Copy all QSA files to /home/user/.wine/drive_c/QS/.Copy all QSL files to /home/user/.wine/drive_c/QS/ [check "Apply to All" and click "Skip"].

In /home/user/.wine/drive_c/QS/, create folder gpg-links.

Open Terminal and create links to allow QSL and QSA to use Debian gpg:...Run "cd .wine/drive_c/QS/gpg-links"....Run "link '/home/user/.gnupg/pubring.gpg' '/home/user/.wine/drive_c/QS/gpg-links/pubring.gpg'"....Run "link '/home/user/.gnupg/secring.gpg' '/home/user/.wine/drive_c/QS/gpg-links/secring.gpg'".

In File Manager, go to /home/user/.wine/drive_c/QS/....Double click qsa.exe, and create Desktop link....Close QSA windows, and check top link ... delete ".lnk" link....Copy link, and paste as "QuickSilver Lite.desktop"....Edit "QuickSilver Lite.desktop".......Rename as "QuickSilver Lite".......Open Properties..........Check that name in General tab is "QuickSilver Lite"..........Go to Application tab.............Change Comment to "QuickSilver Lite"..........In Command tab, change "...C:\\QS\\qsa.exe" to "...C:\\QS\\qsl.exe".

Double click Desktop QuickSilver Lite link and click "Setup".Draw randomly in window until "Ok" appears ... click "Ok".Paste your new email address in "Email Address" and click "Next"....I'm using [email protected] for this demo.Now you'll configure the SMTP server for QSL.For SMTP Server aka Host, use Mixnym's hidden service "gbhpq7eihle4btsn.onion"....Accept other defaults and click "Next".


2 de 9 08/04/13 15:45

Now you'll configure the proxies that QSL uses, in this case Tor....For SMTP Proxy, check "Enable" and "TOR"....Specify "192.168.0.10" as Proxy Server....Specify 9100 as Port....Accept other defaults and click "Next".Do the same for HTTP Proxy.Review configuration summary and accept.Open Tools | Options....In General tab:......Under "User Mode", check "Expert".......Under "On Start-up", check "Open Template Dialog"....In PGP tab:......Check "PGP Public Key Encryption".......For "Private Keyring", use "C:\QS\gpg-links\secring.gpg".......For "Public Keyring", use "C:\QS\gpg-links\pubring.gpg".......Click "Default key" and select it (will be just your new one).......If desired, choose to cache private-key passphrases for five minutes or so....In Mix tab:......Select "once a day" for "Update remailer stats"....Click "Ok" to finish.Open Tools | Stats manager....Click "Update"....When you see "done!" click "Ok"....If it stalls, there's something wrong with your Tor setup.......Check with Firefox, and also check Tor config in Tools | Proxies.Open Tools | Allpingers manager....Click "Update"....When you see "done!" click "Ok".

Now you'll configure the message that QSL uses to create a Mixnym nym.In the main compose pane, paste the following, in place of the default text:

Code:Fcc: nymsPgp: encrypt=0x14D0C447; sign=0x87B39720;Host: gbhpq7eihle4btsn.onionFrom: [email protected]: *,*,austria; copies=3;To: [email protected]: nonehsub: New Mail For Jude!-----BEGIN PGP PUBLIC KEY BLOCK-----mQINBFFP2l4BEACXJDUM6SxyjUk8K+MJ4fRJ5VMaE6hSsAD6n8eO04l9HMzSx26X

wnOpR4sYYD9MFLura6+YiHWtT8ih=ndP9-----END PGP PUBLIC KEY BLOCK-----~~

In the above:


3 de 9 08/04/13 15:45

#2

#3

...Replace the key ID in "sign=0x87B39720;" with yours.

......The mixnym server will only accept signed configuration requests.

...Replace "Jude" in "hsub: New Mail For Jude!" with your fake first name.

...Replace the public key block with your public key that you exported above.

...Be very careful near line ends ... Unix vs DOS newline can be buggy here.

...The "~~" at the bottom, preceeded by two blank lines, is crucial!Save as "mixnym create template"....You can reuse it with edits for creating other nyms.Now click "Send" and enter your key passphrase when prompted.After it finishes, you should see:

Code:0 in message queue0 in problem queue3 sentAll mail sent!

If it worked, the next step is configuring QSA.If it hangs, cancel out and go back through everything looking for errors.Close QSL when you're done (and ignore the crash error that you may see).

You can't get a reply from the mixnym server until you configure QSA.But that may take about a day, so there's no rush.If you get no reply, the nym may already be taken, so try again with another.

[to be continued]

Edit: I'm manually adding my new signature.

mirimir GnuPG Key ID: 0x17C2E43EFingerprint: BF24 D19E 7B33 536E 7512 BA47 620D 6551 17C2 E43ETutorials: http://vimeo.com/mirimir/Last edited by mirimir : March 31st, 2013 at 01:04 PM.

March 30th, 2013, 04:31 PM

adrelanosInfrequent Poster

Join Date: Sep 2012Posts: 28

Re: Installing Quicksilver Lite in Whonix and creating a Mixmin nym

Great. Just linked from the Whonix e-mail wiki page to this thread.__________________Whonix (Anonymous Operating System) | OnlineProfiles

OpenPGP key information | OpenPGP fingerprint: 9B15 7153 925C 303A 4225 3AFB 9C13 1AD3 713A AEEF

March 30th, 2013, 05:08 PM




4 de 9 08/04/13 15:45

#4

#5


Thanks And thanks too for linking from my first post about this.

So, are you going to test it?

You and Richard Christman would be awesome testers

March 30th, 2013, 05:22 PM

happyyarou666Frequent Poster

Join Date: Jan 2012Posts: 665


interesting ill check this out and see if its something to be added to the arsenal

so ive been reading the wiki on this

as much as ive understood it makes your emails untraceable but your allowed to have ausername to identify eachother including the proper and safely confirmed pgp keys on yourkeychain for authentication , its kinda like regular pgp encryption on regular emailLast edited by happyyarou666 : March 30th, 2013 at 05:42 PM.

March 30th, 2013, 10:44 PM

The_ScourInfrequent Poster

Join Date: Oct 2011Posts: 9


You're on the right track for sure, but nyms are much stronger than that.

The initial nym config request to the nymserver is done through a series of Mixmasterremailer chains. One would probably include Tor and a good VPN in the delivery mechanismas well.

The nymserver quite literally has no ability to know anything about you. Mixmaster itself,being highly resistant to a powerful adversary makes your messages impossible to trace.

Among the major differences between a nym and regular PGP encrypted email is this: Anemail is delivered to your machine. A nym message is delivered to a shared message poolwhich is: alt.anonymous.messages.Contents are encrypted. The subject line itself, is also encrypted, and can only be decryptedby the nym holder. Delivery can never be traced back to your machine. Major plausibledeniability.

A further difference is this: Nym messages are wrapped in multiple layers of encryption. Notjust one. A nym message is first encrypted to the nymserver's key. The user may then furtherencrypt the message body itself, to the key of the intended recipient. So what you really haveis: A message that is untraceable, and a message that is unreadable, except by yourrecipient.

What one has simultaneously achieved is: Both compete anonymity and privacy.


5 de 9 08/04/13 15:45

#6

#7

March 31st, 2013, 07:51 AM

PaulyDefranFrequent Poster

Join Date: Dec 2011Posts: 637


Thanks Mir! Will revisit and read this later.

PD

March 31st, 2013, 01:32 PM




Quote:Originally Posted by The_ScourYou're on the right track for sure, but nyms are much stronger than that.

Thanks for the explanation, The_Scour. Can I steal some of your language in the finalversion? I'll acknowledge you, of course

Quote:Originally Posted by The_ScourThe initial nym config request to the nymserver is done through a series of Mixmasterremailer chains. One would probably include Tor and a good VPN in the deliverymechanism as well.

Yes, the setup that I posted uses Tor hidden services for both SMTP (outgoing messages) andNNTP (incoming messages from Usenet newsgroup alt.anonymous.messages aka a.a.m).You're isolated from the SMTP server (gbhpq7eihle4btsn.onion) by Tor. The SMPT server sendsyour nym configuration request to [email protected] through chains of three Mixminremailers. That's serious isolation!

Then [email protected] sends the reply to a.a.m, rather than directly to you. And the NNTPserver that you use to get messages from a.a.m is also a Tor hidden service. So you're wellisolated on the receiving end as well.

Quote:Originally Posted by The_ScourThe nymserver quite literally has no ability to know anything about you. Mixmasteritself, being highly resistant to a powerful adversary makes your messages impossibleto trace.

There have been deanonymization attacks on Mixmaster itself using message flooding. Butusing a.a.m as the inbox, and doing everything via Tor hidden services, eliminates that threat,I believe.

Quote:Originally Posted by The_Scour


6 de 9 08/04/13 15:45

#8

Among the major differences between a nym and regular PGP encrypted email is this:An email is delivered to your machine. A nym message is delivered to a sharedmessage pool which is: alt.anonymous.messages.

Right.

Quote:Originally Posted by The_ScourContents are encrypted. The subject line itself, is also encrypted, and can only bedecrypted by the nym holder. Delivery can never be traced back to your machine.Major plausible deniability.

Right.

Quote:Originally Posted by The_ScourA further difference is this: Nym messages are wrapped in multiple layers ofencryption. Not just one. A nym message is first encrypted to the nymserver's key.The user may then further encrypt the message body itself, to the key of theintended recipient. So what you really have is: A message that is untraceable, and amessage that is unreadable, except by your recipient.

Right.

Quote:Originally Posted by The_ScourWhat one has simultaneously achieved is: Both compete anonymity and privacy.

Well, I'm impressed, and that's why I posted it

I used this system for a while about 15 years ago. But it was much harder then. Finding yourmessages in a.a.m was extremely tedious. While this implementation is undeniably morecomplicated than using Thunderbird with Enigmail, it's quite usable once you become familiarwith how it works.__________________mirimir GnuPG Key ID: 0x17C2E43EFingerprint: BF24 D19E 7B33 536E 7512 BA47 620D 6551 17C2 E43ETutorials: http://vimeo.com/mirimir/

March 31st, 2013, 02:49 PM

The_ScourInfrequent Poster

Join Date: Oct 2011Posts: 9


Great post, mirimir.

IMHO, this is important stuff.

Feel free to tear off pieces of language, as appropriate if it serves the cause.


7 de 9 08/04/13 15:45

I'm just an average Joe trying to learn, just like everyone else.

Yes, Nyms are technically challenging. But it's much easier today than in days of yore. Andespecially in this day and age, of increasing surveillance and monitoring, they are moreimportant than ever.

Before getting lost in a sea of technical details, it may be important to understand somethingof the Mixmaster protocol, as an overview, and what it accomplishes:

http://tools.ietf.org/html/draft-sassaman-mixmaster-03

"This document describes a mail transfer protocol designed to protectelectronic mail against traffic analysis. Most e-mail securityprotocols only protect the message body, leaving useful informationsuch as the identities of the conversing parties, sizes of messagesand frequency of message exchange open to adversaries.

Message transmission can be protected against traffic analysis by themix-net protocol. A mix (remailer) is a service that forwardsmessages, using public key cryptography to hide the correlationbetween its inputs and outputs. If a message is sent through asequence of mixes, one trusted mix is sufficient to provide anonymityand unobservability of communications against a powerful adversary.Mixmaster is a mix-net implementation for electronic mail.

Viewed from a high level, Mixmaster is like a packet network, whereeach node in the network is known as a "remailer." The originalcontent is split into pieces, and an independent path is determinedfor each piece, with the only requirement that all paths must end atthe same remailer. Each piece is multiply encrypted so that anyintermediate remailer can only decrypt enough information todetermine the next hop in the path. When all pieces have arrived atthe final remailer, the original content is re-created and sent toits final destination."

This is the system that delivers nym messages.

It's perhaps important to note that like Tor, Mixmaster is a system of distrust.Mixmaster assumes that there may be colluding adversaries on the wire, yet with one secureMix, anonymity and privacy are preserved.

Like every other anonymity system such as Tor, i2P, Mixmaster is subect to theoreticalattacks.

Nonetheless, it is a powerful system and quite worthy of consideration.

Wilders Security Forums > Privacy Related Topics > privacy technology Previous Thread | NextThread

Posting SettingsYou may not post new threads

Forum Jump privacy technology Go


8 de 9 08/04/13 15:45

Posting SettingsYou may not post repliesYou may not post attachmentsYou may not edit your posts

vB code is OnSmilies are On[IMG] code is OnHTML code is Off

All times are GMT -4. The time now is 09:45 AM.

-- Default Style Contact Us - SSL - Wilders Security - Archive - TOS/Privacy - Top

Powered by vBulletin Copyright 2000 - 2013, Jelsoft Enterprises Ltd.Copyright 2002 - 2013, Wilders Security Forums


9 de 9 08/04/13 15:45

Documents

Installing Quicksilver Lite in Whonix and Creating a Mixmin Nym