Len Sassaman

From Wikipedia, the free encyclopedia
Jump to: navigation, search
Len Sassaman
Len Sassaman 27C3.jpg
Len Sassaman at the 27th Chaos Communication Congress.
Born 1980 (1980)
Died July 3, 2011 (2011-07-04) (aged 31)
Leuven, Flemish Brabant, Belgium
Cause of death
Residence Belgium Leuven
Occupation Researcher, COSIC
Known for Mixmaster, X.509 attacks
Spouse(s) Meredith L. Patterson (Married 2006)

Leonard Harris Sassaman (1980 – July 3, 2011) was an advocate for privacy, maintainer of the Mixmaster anonymous remailer code and remop (operator) of the randseed remailer.


Sassaman was employed as the security architect and senior systems engineer for Anonymizer. He was a PhD candidate at the Katholieke Universiteit Leuven in Belgium, as a researcher with the Computer Security and Industrial Cryptography (COSIC) research group, led by Bart Preneel. David Chaum and Bart Preneel were his advisors.

Sassaman was a well-known cypherpunk, cryptographer and privacy advocate. He worked for Network Associates on the PGP encryption software, was a member of the Shmoo Group, a contributor to the OpenPGP IETF working group, the GNU Privacy Guard project, and frequently appeared at technology conferences like DEF CON. Sassaman was the co-founder of CodeCon along with Bram Cohen, co-founder of the HotPETS workshop (with Roger Dingledine of Tor and Thomas Heydt-Benjamin), co-author of the Zimmermann–Sassaman key-signing protocol, and at the age of 21, was an organizer of the protests following the arrest of Russian programmer Dmitry Sklyarov.[1]

Len slips a blue cable-tie ring on Meredith's finger

On February 11, 2006, at the fifth CodeCon, Sassaman proposed to returning speaker and noted computer scientist Meredith L. Patterson during the Q&A after her presentation, and they were married.[2] The couple worked together on several research collaborations, including a critique of privacy flaws in the OLPC Bitfrost security platform,[3] and a proposal of formal methods of analysis of computer insecurity in February 2011.[4]

Meredith Patterson's current startup, Osogato, aims to commercialize Patterson's Support Vector Machine-based "query by example" research. Sassaman and Patterson announced Osogato's first product, a downloadable music recommendation tool, at SuperHappyDevHouse 21 in San Francisco.

In 2009, Dan Kaminsky presented joint work with Sassaman and Patterson at Black Hat in Las Vegas, showing multiple methods for attacking the X.509 certificate authority infrastructure. Using these techniques, the team demonstrated how an attacker could obtain a certificate that clients would treat as valid for domains the attacker did not control.[5][6]

Sassaman is reported to have died on July 3, 2011.[7][8] Patterson reported that her husband's death was a suicide.[9][10]

A presentation given by Kaminsky at the 2011 Black Hat Briefings revealed that a testimonial in honor of Sassaman had been permanently embedded into Bitcoin's block chain.[11]

See also[edit]


This lists all publications by Sassaman during his tenure with COSIC at Katholieke Universiteit Leuven.[12]

  • L. Sassaman, "The State of the OpenPGP Keyserver Infrastructure", North American Network Operators Group, 20th Conference, Washington, DC, USA, 2000.
  • L. Sassaman, "Fundamental Flaws in the SSL Certificate Authority Model", DEFCON 9, Las Vegas, NV, USA, 2001.
  • L. Sassaman, "The Promise of Privacy", 16th Conference on Systems Administration (LISA 2002), Philadelphia, PA, USA, 2002.
  • L. Sassaman, "Anonymity Services and The Law", DEFCON 10, Las Vegas, NV, USA, 2002.
  • L. Sassaman, "Forensic Dead-Ends: Tracing Users Through Anonymous Remailers", Black Hat Briefings, Las Vegas, NV, USA, 2002.
  • L. Sassaman, "BOF: Future Directions for Anonymous Remailers", Computers, Freedom and Privacy, San Francisco, CA, USA, 2002.
  • L. Sassaman and C. Wysopal, "Panel: How can Independent Researchers be adequately compensated for the valuable service they provide to vendors and customers while encouraging responsible reporting?", CyberSecurity, Research & Disclosure, Stanford, CA, USA, 2003.
  • G. Danezis and L. Sassaman, "Heartbeat Traffic to Counter $(n-1)$ Attacks: Red-Green-Black Mixes", in Proceedings of the 2nd ACM workshop on Privacy in the electronic society (WPES 2003) ACM 101039, P. Samarati and P. F. Syverson (eds.), ACM, pp. 89–93, 2003.
  • R. Lackey, P. Palfrader and L. Sassaman, "Behind the Remailers: The Operators and Developers of Anonymity Services", DEFCON 11, Las Vegas, NV, USA, 2003.
  • R. Dingledine and L. Sassaman, "Attacks on Anonymity Systems: Theory and Practice", Black Hat Briefings, Las Vegas, NV, USA, 2003.
  • L. Sassaman, "Designing Useful Privacy Applications", Black Hat Europe Briefings 2003, Amsterdam, NL, 2003.
  • L. Sassaman, "Anonymity in Practice", COSIC Seminar, Leuven, BE, 2003.
  • L. Sassaman, "Introduction to Anonymity Techniques", University of Cambridge Security Seminar, Cambridge, UK, 2003.
  • S. Kopsell, L. Sassaman and A. Shostack, "Panel: Experiences Deploying Anonymous Communication Systems", Workshop on Privacy Enhancing Technologies 2003, Dresden, DE, 2003.
  • L. Sassaman, "Privacy Issues in Identity Management", 13th CACR Information Security Workshop & 5th Annual Privacy and Security Workshop, Toronto, ON, CA, 2004.
  • L. Sassaman, "Making Privacy Enhancing Technology a Reality", TOORCON, San Diego, CA, USA, 2004.
  • C. Diaz, L. Sassaman and E. Dewitte, "Comparison between two practical mix designs", in 9th European Symposium on Research in Computer Security (ESORICS 2004), "Lecture Notes in Computer Science 3193", D. Gollmann, P. Ryan and P. Samarati (eds.), Springer-Verlag, pp. 141–159, 2004.
  • L. Sassaman, "The Anonymity Toolkit", Black Hat Briefings, Las Vegas, NV, USA, 2004.
  • L. Sassaman, "Ten Years of Practical Anonymity", The Fifth HOPE Conference, New York, NY, USA, 2004.
  • L. Sassaman, B. Cohen and N. Mathewson, "The Pynchon Gate: A Secure Method of Pseudonymous Mail Retrieval", in "Proceedings of the 4th ACM workshop on Privacy in the electronic society (WPES 2005)", S. De Capitani di Vimercati and R. Dingledine (eds.), ACM, pp. 1–9, 2005.
  • R. Dingledine, P. Palfrader and L. Sassaman, "Panel: Future Anonymity Systems", What The Hack, Liempde, NL, 2005.
  • G. Danezis and L. Sassaman, "How to Bypass Two Anonymity Revocation Schemes", in Privacy Enhancing Technologies - 8th International Symposium, PETS 2008, "Lecture Notes in Computer Science 5134", N. Borisov and I. Goldberg (eds.), Springer-Verlag, pp. 187–201, 2008.
  • L. Sassaman and B. Preneel, "The Byzantine Postman Problem", in Proceedings of the 29th Symposium on Information Theory in the Benelux, Werkgemeenschap voor Informatie- en Communicatietheorie, pp. 129–135, 2008.
  • L. Sassaman, "A Review of the OLPC XO Security Model", Stanford University Security Seminar, Stanford, CA, USA, 2008.
  • M. L. Patterson, L. Sassaman and D. Chaum, "Freezing More Than Bits: Chilling Effects of the OLPC XO Security Model", in Usability, Psychology and Security 2008, E. Churchill and R. Dhamija (eds.), USENIX, pp. 5:1-5:5, 2008.
  • L. Sassaman, "Freezing More Than Bits: Chilling Effects of the OLPC XO Security Model", University of California, Berkeley Security Reading Group, Berkeley, CA, USA, 2008.
  • L. Sassaman, "Toward an Information-Theoretically Secure Anonymous Communication Service", Master thesis, Katholieke Universiteit Leuven, B. Preneel (promotor), 94 pages, 2008.
  • L. Sassaman, "Lessons in Vulnerability Disclosure: So You Broke The Internet -- What Now?", COSIC Seminar, Leuven, BE, 2009.
  • D. Kaminsky and L. Sassaman, "Breaking Web Security: Practical Attacks on X.509", Black Hat Briefings, Las Vegas, NV, USA, 2009.
  • L. Sassaman, "Minimizing Attack Surfaces with Language-Theoretic Security", EIDMA/DIAMANT Cryptography Working Group, Utrecht, NL, 2010.
  • J. C. Anderson, L. Sassaman and E. You, "The rise of Distributed, Decentralized, Amateur/Citizen Science and Do It Yourself Biology: Safety and Security Concerns", Open Science Summit 2010, Berkeley, CA, USA, 2010.
  • M. L. Patterson and L. Sassaman, "Exploiting the Forest with Trees", Black Hat Briefings, Las Vegas, NV, USA, 2010.
  • M. L. Patterson and L. Sassaman, "Exploiting Computational Slack in Protocol Grammars", PH-Neutral, Berlin, DE, 2010.
  • L. Sassaman, "Language Theoretic Security Attacks: Exploiting Computational Slack in Protocol Grammars", COSIC Seminar, Leuven, BE, 2010.
  • L. Sassaman, "Ethical Guidelines for Computer Security Researchers: 'Be Reasonable'", in Workshop on Ethics in Computer Security Research 2010, "Lecture Notes in Computer Science", Springer-Verlag, 6 pages, 2010.
  • L. F. Cranor, E. Kenneally and L. Sassaman, "Towards a Code of Ethics for Computer Security Research", Workshop on Ethics in Computer Security Research (WECSR 2010), Tenerife, ES, 2010.
  • D. Kaminsky, M. L. Patterson and L. Sassaman, "PKI Layer Cake: New Collision Attacks Against the Global X.509 Infrastructure", in Financial Cryptography and Data Security - 14th International Conference, FC 2010, "Lecture Notes in Computer Science 6052", R. Sion (ed.), Springer-Verlag, 16 pages, 2010.


  1. ^ McCullagh, Declan; Benner, Jeffrey (24 July 2001). "Sklyarov Release in Feds' Hands". Wired. 
  2. ^ Slutsky, Irina (11 December 2008). "Len Sassaman & Meredith Patterson are CodeCon Valentines". YouTube. 
  3. ^ Barras, Colin (5 June 2008). "Laptops could Betray Users in the Developing World". New Scientist (2659). (registration required)
  4. ^ Sassaman, Len; Patterson, Meredith L. (February 17, 2011). "Towards a formal theory of computer insecurity: a language-theoretic approach" (Flash video). Institute for Security, Technology and Society, Dartmouth College. 
  5. ^ Goodin, Dan (30 July 2009). "Wildcard certificate spoofs web authentication - SSL felled by null string". The Register. 
  6. ^ Rodney. "Dan Kaminsky Feels a disturbance in The Internet". Semiaccurate.com. 
  7. ^ l33tdawg (3 July 2011). "RIP: Len Sassaman, crypto expert and privacy advocate". Hack In The Box SecNews. 
  8. ^ Orlowski, Andrew (July 6, 2011). "Cryptographer Len Sassaman, RIP". The Register. Retrieved 2013-10-27. 
  9. ^ maradydd (Meredith Patterson) (3 July 2011). "Len Sassaman has passed away". Hacker News, YCombinator.com. 
  10. ^ Patterson, Meredith L (3 July 2011). "@wimremes unfortunately, it is. I got the call from the Leuven police about three hours ago. (I'm in TX visiting family at the moment.)". Twitter.com. 
  11. ^ Kaminsky, Dan (August 4, 2011). "Black Ops of TCP/IP 2011". pp. 12–16. 
  12. ^ "COSIC Publication List :LSassaman". COSIC Publication Search Engine, Katholieke Universiteit Leuven.

External links[edit]