From Newsgroup: sci.crypt

Hi all,

as we could see yesterday, it is possible to fake remailer
postings, so that Usenet users believe the postings came
from either a YAMN remailer or a Mixmaster remailer chain.

I thought about this issue and came up with the idea of
hmid, which is based on Zax's hsub, and integrated it in
the ocemail-server program for the Onion Courier Mixnet,
so that Usenet users are always able to verify if the
posting really came from the Onion Courier Mixnet and are
not fake Onion Courier Mixnet postings.

The hmid hash for my ocemail server's password is:

57fbec92176bccb4b98e6bff5c72aaf8e01b2b7e535879f6e30d10c61c99d0e1

In the following reply we will verify the Message-ID, to see if
*this* message really oiginated from the Onion Courier Mixnet.
--
Regards
Stefan

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: sci.crypt

Onion Courier wrote:

Hi all,

as we could see yesterday, it is possible to fake remailer
postings, so that Usenet users believe the postings came
from either a YAMN remailer or a Mixmaster remailer chain.

I thought about this issue and came up with the idea of
hmid, which is based on Zax's hsub, and integrated it in
the ocemail-server program for the Onion Courier Mixnet,
so that Usenet users are always able to verify if the
posting really came from the Onion Courier Mixnet and are
not fake Onion Courier Mixnet postings.

The hmid hash for my ocemail server's password is:

57fbec92176bccb4b98e6bff5c72aaf8e01b2b7e535879f6e30d10c61c99d0e1

In the following reply we will verify the Message-ID, to see if
*this* message really oiginated from the Onion Courier Mixnet.

The MI-D from this OP is: <betrtdlxw9d5nis0pec65@oc2mx.net>

and when we verify the string before the @domain.tld we see
that the M-ID is valid. :-)

C:\Users\xxxxxxxxxxxx\Desktop>hmidv 57fbec92176bccb4b98e6bff5c72aaf8e01b2b7e535879f6e30d10c61c99d0e1 betrtdlxw9d5nis0pec65
rLa M-ID is valid for this hashed password

Other ways to verify if a posting would be a real TypeII remailer
posting would be if users would use digital signatures, which are
anonymous, like in yubicrypt.

Hope you find this information educational and useful!

Regards
Stefan
--
https://tilde.club/~pollux/
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: sci.crypt

Stefan Claas wrote:

The M-ID from this OP is: <betrtdlxw9d5nis0pec65@oc2mx.net>

and when we verify the string before the @domain.tld we see
that the M-ID is valid. :-)

C:\Users\xxxxxxxxxxxx\Desktop>hmidv 57fbec92176bccb4b98e6bff5c72aaf8e01b2b7e535879f6e30d10c61c99d0e1 betrtdlxw9d5nis0pec65
rLa M-ID is valid for this hashed password

A binary of hmidverify for Windows users:

https://filelu.com/raiaevhyvgpp

Regards
Stefan
--
https://tilde.club/~pollux/
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: sci.crypt

In article betrtdlxw9d5nis0pec65@oc2mx.net> Onion Courier wrote:

Hi all,

as we could see yesterday, it is possible to fake remailer
postings, so that Usenet users believe the postings came
from either a YAMN remailer or a Mixmaster remailer chain.

I thought about this issue and came up with the idea of
hmid, which is based on Zax's hsub, and integrated it in
the ocemail-server program for the Onion Courier Mixnet,
so that Usenet users are always able to verify if the
posting really came from the Onion Courier Mixnet and are
not fake Onion Courier Mixnet postings.

The hmid hash for my ocemail server's password is:

57fbec92176bccb4b98e6bff5c72aaf8e01b2b7e535879f6e30d10c61c99d0e1

In the following reply we will verify the Message-ID, to see if
*this* message really oiginated from the Onion Courier Mixnet.

Very good!

--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: sci.crypt

In article <20251101.131148.4c9684ce@mixbin.net> Yamn3 Remailer wrote:
[...] ^
LOL
+1


--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: sci.crypt

Hi all,

as we could see yesterday, it is possible to fake remailer
postings, so that Usenet users believe the postings came
from either a YAMN remailer or a Mixmaster remailer chain.

Expected.

I thought about this issue and came up with the idea of
hmid, which is based on Zax's hsub, and integrated it in
the ocemail-server program for the Onion Courier Mixnet,
so that Usenet users are always able to verify if the
posting really came from the Onion Courier Mixnet and are
not fake Onion Courier Mixnet postings.

The hmid hash for my ocemail server's password is:

57fbec92176bccb4b98e6bff5c72aaf8e01b2b7e535879f6e30d10c61c99d0e1

In the following reply we will verify the Message-ID, to see if
*this* message really oiginated from the Onion Courier Mixnet.

Okay.
--- Synchronet 3.21a-Linux NewsLink 1.2

From Newsgroup: sci.crypt

On 01 Nov 2025, Stefan Claas <noreply@oc2mx.net> posted some news:10e4qql$jnbb$1@paganini.bofh.team:

Stefan Claas wrote:

The M-ID from this OP is: <betrtdlxw9d5nis0pec65@oc2mx.net>

and when we verify the string before the @domain.tld we see
that the M-ID is valid. :-)

C:\Users\xxxxxxxxxxxx\Desktop>hmidv
57fbec92176bccb4b98e6bff5c72aaf8e01b2b7e535879f6e30d10c61c99d0e1
betrtdlxw9d5nis0pec65 |o+orCa M-ID is valid for this hashed password

A binary of hmidverify for Windows users:

https://filelu.com/raiaevhyvgpp

Well done.

--
paganini is marginally useful because of the hierarchy posting limits (2)
and it blocks the most heavily used groups on usenet.





--- Synchronet 3.21a-Linux NewsLink 1.2