This section describes how to compile the new large-key version of Mixmaster on a Debian Wheezy system. If you already have Mixmaster 3 installed and configured you can go to Pre-installed Mixmaster. If you are a Whonix user, you should go to Mixmaster (Whonix).
Most of the content of this section was taken from this post by the Jeremy Bentham Remailer Admin. The instructions should be helpful for building Mixmaster on other flavors of linux as well. See Ubuntu Loader Changes for a change if using Ubuntu.
First, you need to install the packages required by Mixmaster and OpenSSL:
sudo apt-get install build-essential libpcre3-dev wget \ zlib1g-dev libncurses5-dev curl perl bc dc bison libbison-dev
Then you need to compile a version of OpenSSL that contains the IDEA cipher. Grab the most recent version (make sure it is version 1.0.1g or later!) from the OpenSSL download page.
Extract the tarball (substituting your version for 1.0.1g):
tar xvf openssl-1.0.1g.tar.gz
Build the distribution:
cd openssl-1.0.1g ./config make make test sudo make install
Note that this installs OpenSSL into
the new OpenSSL installation into your normal lib and include
directories so that the Mixmaster install script can find them.
Note that the
sudo mv instructions below will only work if you
have previous copies of the files installed. If you get an error
along the lines of
mv: cannot stat libssl.a or similar, just
ignore it - you did not have a file there to move:
cd /usr/lib sudo mv libssl.a libssl.a.old sudo ln -s /usr/local/ssl/lib/libssl.a libssl.a sudo mv libcrypto.a libcrypto.a.old sudo ln -s /usr/local/ssl/lib/libcrypto.a libcrypto.a cd /usr/include sudo mv openssl openssl.old sudo ln -s /usr/local/ssl/include/openssl openssl
Download Mixmaster 3.0.3.
Be sure to verify the SHA256 hash of the downloaded file. You can do this by executing the command:
The output should match the following hex number:
Extract the Mixmaster tarball:
tar xvf mixmaster-3.0.3b.tar.gz
cd mixmaster-3.0.3b ./Install
Answer the questions posed by the script:
- You can just press enter when it prompts for the installation
directory. It will be installed at
- Do not worry about the OpenSSL version questions - 1.0.1g+ is so new the script does not know about it - select the default YES
- Your new version of OpenSSL does have AES encryption, so answer YES to that question as well
- As we are going to only use Mixmaster as a client (with nymphemeral), answer NO to the question about running a remailer
Mixmaster should be installed successfully.
Ubuntu Loader Changes¶
If you are using Ubuntu and see the following compile error:
gcc mix.o rem.o rem1.o rem2.o chain.o chain1.o chain2.o nym.o pgp.o pgpdb.o pgpdata.o pgpget.o pgpcreat.o pool.o mail.o rfc822.o mime.o keymgt.o compress.o stats.o crypto.o random.o util.o buffers.o maildir.o parsedate.tab.o rndseed.o menu.o menusend.o menunym.o menuutil.o menustats.o main.o /usr/local/ssl/lib/libcrypto.a -lz -L/usr/lib/x86_64-linux-gnu/ -lpcre -L/usr/lib/x86_64-linux-gnu/ -lncurses -L/usr/lib/x86_64-linux-gnu/ -o mixmaster /usr/bin/ld: /usr/local/ssl/lib/libcrypto.a(dso_dlfcn.o): undefined reference to symbol 'dlclose@@GLIBC_2.2.5' /lib/x86_64-linux-gnu/libdl.so.2: error adding symbols: DSO missing from command line collect2: error: ld returned 1 exit status make: *** [mixmaster] Error 1 Error: The compilation failed. Please consult the documentation (section `Installation problems').
you should make the following changes to the
Install script, due
to modifications Ubuntu has made to the loader.
402 of the
Install script, change:
Getting New Remailer Stats¶
Before you can use Mixmaster, you need to update the stats. We are going to use the pinger from the Jeremy Bentham Remailer, but the process should be similar to other pingers you wish to use.
An easy way to do this securely is with curl. First, create a
update.sh in your
~/Mix directory, with the
#!/bin/bash export SSL_CERT_DIR=$HOME/Mix/certs rm pubring.asc pubring.mix mlist.txt rlist.txt curl --cacert ./certs/anemone.pem https://anemone.mooo.com/stats/mlist.txt -o mlist.txt curl --cacert ./certs/anemone.pem https://anemone.mooo.com/stats/rlist.txt -o rlist.txt curl --cacert ./certs/anemone.pem https://anemone.mooo.com/stats/pubring.mix -o pubring.mix curl --cacert ./certs/anemone.pem https://anemone.mooo.com/stats/pgp-all.asc -o pubring.asc
Change the script to executable mode:
chmod +x update.sh
Next, create the
~/Mix/certs directory and add
mkdir ~/Mix/certs cd ~/Mix/certs wget http://anemone.mooo.com/anemone.pem
Now that you have downloaded the certificate file, you can securely update your remailer stats by simply:
cd ~/Mix ./update.sh
You should update the remailer stats at least once a day when using Mixmaster.
Mixmaster just needs to be configured through the
file. A very simple config file could be written as follows:
CHAIN *,*,*,*,* SMTPRELAY localhost SMTPPORT 2525 HELONAME anonymous.invalid REMAILERADDR firstname.lastname@example.org
CHAIN is the path that your messages will take before being
delivered. In the configuration above, the messages are going to pass
by five mixes, and finally get to the actual target. You can use any
sequence and number of mixes in the chain, passing their names or
* (which means that it could be any mix), separated by
Adding more mixes to the chain will probably increase the latency to deliver your messages. That is actually not a bad thing, but you should decide how long you are willing to wait to exchange messages.
If you followed Connections, you remember that we will use
2525 to reach an SMTP server. Using the options
SMTPPORT will tell Mixmaster to use that
specific connection. Finally, as part of the protocol you need to
HELONAME and a
REMAILERADDR. As we want to be
anonymous, we provide an invalid address.
nymphemeral should be ready to tunnel via Tor messages sent using Mixmaster!
Although we encorage the use of the Mixmaster version installed with this section, improved with 4096-bit RSA (and other features), you are allowed to use any derivative of Mixmaster 3. As long as you use that version and nymphemeral is able to find both paths to the binary and config file, you are fine. Configuring these paths is explained later on [mixmaster].