Mixmaster

This section describes how to compile the new large-key version of Mixmaster on a Debian Wheezy system. If you already have Mixmaster 3 installed and configured you can go to Pre-installed Mixmaster. If you are a Whonix user, you should go to Mixmaster (Whonix).

Most of the content of this section was taken from this post by the Jeremy Bentham Remailer Admin. The instructions should be helpful for building Mixmaster on other flavors of linux as well. See Ubuntu Loader Changes for a change if using Ubuntu.

Preliminaries

First, you need to install the packages required by Mixmaster and OpenSSL:

sudo apt-get install build-essential libpcre3-dev wget \
zlib1g-dev libncurses5-dev curl perl bc dc bison libbison-dev

Build OpenSSL

Then you need to compile a version of OpenSSL that contains the IDEA cipher. Grab the most recent version (make sure it is version 1.0.1g or later!) from the OpenSSL download page.

Extract the tarball (substituting your version for 1.0.1g):

tar xvf openssl-1.0.1g.tar.gz

Build the distribution:

cd openssl-1.0.1g
./config
make
make test
sudo make install

Note that this installs OpenSSL into /usr/local/ssl. Symlink the new OpenSSL installation into your normal lib and include directories so that the Mixmaster install script can find them. Note that the sudo mv instructions below will only work if you have previous copies of the files installed. If you get an error along the lines of mv: cannot stat libssl.a or similar, just ignore it - you did not have a file there to move:

cd /usr/lib
sudo mv libssl.a libssl.a.old
sudo ln -s /usr/local/ssl/lib/libssl.a libssl.a
sudo mv libcrypto.a libcrypto.a.old
sudo ln -s /usr/local/ssl/lib/libcrypto.a libcrypto.a
cd /usr/include
sudo mv openssl openssl.old
sudo ln -s /usr/local/ssl/include/openssl openssl

Build Mixmaster

Download Mixmaster 3.0.3.

Be sure to verify the SHA256 hash of the downloaded file. You can do this by executing the command:

sha256sum mixmaster-3.0.3b.tar.gz

The output should match the following hex number:

4cd6121e49cddba9b0771d453fa7b6cf824bee920af36206d1414388a47708de

Extract the Mixmaster tarball:

tar xvf mixmaster-3.0.3b.tar.gz

Run the Install script:

cd mixmaster-3.0.3b
./Install

Answer the questions posed by the script:

  • You can just press enter when it prompts for the installation directory. It will be installed at ~/Mix
  • Do not worry about the OpenSSL version questions - 1.0.1g+ is so new the script does not know about it - select the default YES
  • Your new version of OpenSSL does have AES encryption, so answer YES to that question as well
  • As we are going to only use Mixmaster as a client (with nymphemeral), answer NO to the question about running a remailer

Mixmaster should be installed successfully.

Ubuntu Loader Changes

If you are using Ubuntu and see the following compile error:

gcc mix.o rem.o rem1.o rem2.o chain.o chain1.o chain2.o nym.o pgp.o pgpdb.o pgpdata.o pgpget.o pgpcreat.o pool.o mail.o rfc822.o mime.o keymgt.o compress.o stats.o crypto.o random.o util.o buffers.o maildir.o parsedate.tab.o rndseed.o menu.o menusend.o menunym.o menuutil.o menustats.o main.o /usr/local/ssl/lib/libcrypto.a  -lz -L/usr/lib/x86_64-linux-gnu/ -lpcre -L/usr/lib/x86_64-linux-gnu/  -lncurses -L/usr/lib/x86_64-linux-gnu/ -o mixmaster
/usr/bin/ld: /usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o): undefined reference to symbol 'dlclose@@GLIBC_2.2.5'
/lib/x86_64-linux-gnu/libdl.so.2: error adding symbols: DSO missing from command line
collect2: error: ld returned 1 exit status
make: *** [mixmaster] Error 1
Error: The compilation failed. Please consult the documentation (section `Installation problems').

you should make the following changes to the Install script, due to modifications Ubuntu has made to the loader.

On line 402 of the Install script, change:

LDFLAGS=

to:

LDFLAGS="-ldl"

Getting New Remailer Stats

Before you can use Mixmaster, you need to update the stats. We are going to use the pinger from the Jeremy Bentham Remailer, but the process should be similar to other pingers you wish to use.

An easy way to do this securely is with curl. First, create a file called update.sh in your ~/Mix directory, with the following contents:

#!/bin/bash
export SSL_CERT_DIR=$HOME/Mix/certs
rm pubring.asc pubring.mix mlist.txt rlist.txt
curl --cacert ./certs/anemone.pem https://anemone.mooo.com/stats/mlist.txt -o mlist.txt
curl --cacert ./certs/anemone.pem https://anemone.mooo.com/stats/rlist.txt -o rlist.txt
curl --cacert ./certs/anemone.pem https://anemone.mooo.com/stats/pubring.mix -o pubring.mix
curl --cacert ./certs/anemone.pem https://anemone.mooo.com/stats/pgp-all.asc -o pubring.asc

Change the script to executable mode:

chmod +x update.sh

Next, create the ~/Mix/certs directory and add anemone.mooo.com’s certificate:

mkdir ~/Mix/certs
cd ~/Mix/certs
wget http://anemone.mooo.com/anemone.pem

Now that you have downloaded the certificate file, you can securely update your remailer stats by simply:

cd ~/Mix
./update.sh

You should update the remailer stats at least once a day when using Mixmaster.

Config File

Mixmaster just needs to be configured through the ~/Mix/mix.cfg file. A very simple config file could be written as follows:

CHAIN *,*,*,*,*
SMTPRELAY localhost
SMTPPORT 2525
HELONAME anonymous.invalid
REMAILERADDR anonymous@anonymous.invalid

Chain

The CHAIN is the path that your messages will take before being delivered. In the configuration above, the messages are going to pass by five mixes, and finally get to the actual target. You can use any sequence and number of mixes in the chain, passing their names or simply * (which means that it could be any mix), separated by commas.

Note

Adding more mixes to the chain will probably increase the latency to deliver your messages. That is actually not a bad thing, but you should decide how long you are willing to wait to exchange messages.

SMTP Server

If you followed Connections, you remember that we will use port 2525 to reach an SMTP server. Using the options SMTPRELAY and SMTPPORT will tell Mixmaster to use that specific connection. Finally, as part of the protocol you need to provide a HELONAME and a REMAILERADDR. As we want to be anonymous, we provide an invalid address.

Note

nymphemeral should be ready to tunnel via Tor messages sent using Mixmaster!

Pre-installed Mixmaster

Although we encorage the use of the Mixmaster version installed with this section, improved with 4096-bit RSA (and other features), you are allowed to use any derivative of Mixmaster 3. As long as you use that version and nymphemeral is able to find both paths to the binary and config file, you are fine. Configuring these paths is explained later on [mixmaster].