November 1992 - cypherpunks-legacy

Re: An easy-to-reply anonymous mail scheme
by ghsvax!hal＠uunet.UU.NET 28 Nov '92

28 Nov '92

The problem with the idea of posting anonymous mail to a newsgroup is sheer volume. Remember, we aim at a system where a large fraction of mail is potentially being done this way. Imagine if almost all email was done today by posting to newsgroups! There is probably thousands of times as much email traffic as news traffic now. It would totally swamp the system. You'd literally have to send every email message sent by any user in the world to _every_ user in the world, in effect. As Yanek says: > You are guaranteed anonymity because no-one can find out who decrypted > the alt.w.a.s.t.e message, since everyone received it. This really won't scale to large numbers of users. Yanek also writes: > > Here is an example of how to use the cryptographic remailer at > > <hal(a)alumni.caltech.edu> to implement an anonymous return address. > > > But the again do you trust hal(a)alumni.caltech.edu... > > With conventional remailer schemes such as this one, you are announcing > your True Name (or at least your True Internet Mailbox) to someone you > must trust. With my scheme (posted earlier today) you don't need to trust > anybody except yourself (to not make a dumb mistake like including a > signature). This is why you would want to use a chain of remailers as your return address, what Chaum calls a "cascade". No single remailer sees the correspondance between your anonymous address and your real address. Only by breaking all of them can the bad guys find out who you are. Ideally, remailers would operate in a variety of countries with different laws, making it difficult to crack them all. Remailers could be designed to periodically flush themselves, deleting old keys and/or pseudonym maps. This way anonymous addresses would have a limited lifetime if desired, and the attackers would have only a finite time window to break all the remailers involved. (Different keys/pseudonyms could have different lifetimes as needed.) We could also imagine that there are lots of remailers - not just dozens, or hundreds, but millions of them. Maybe almost everyone runs a "cheap" remailer on the side, collecting a few cents in digital cash for each message they pass, enough to pay for their own messages. Putting all this together, you could have an anonymous address which passes through, say, 10 remailers which might be any of the millions of remailers in the world. It could have a limited lifetime of only a few hours for some ultra-sensitive applications, with the remailers involved flushing their databases after that time. To break this, the enemy would have to sequentially break into machines all over the world, one after another, defeat any physical barriers (locks, men with guns), overcome tamper-resistance in the computers, break the encrypted files, and find out what the next step is in the address cascade, all in a couple of hours. This doesn't seem possible. Hal 74076.1041(a)compuserve.com

3 3

Re: Crypto Dongle...
by yanek＠novavax.nova.edu 28 Nov '92

28 Nov '92

> Yanek - I do think your dongle idea is promising, but there are a > couple of other problems I haven't seen you mention. The concept is by no means complete. I will continue to add improvements as people suggest them. > One problem with this is that the terminal programs I use tend not to > just blast the whole mail message out in literal form, especially > since it is likely to be longer than one screenful. Instead, it > pauses after each screen, prompting with something like "type space > for next page", It would be transparent the other way, so that you would press space or 'n' or 'return' or anything you want. > or such. Also, it may insert VT100 control sequences as it goes from > page to page in order to clear the screen, etc. It should not be too difficult to ignore any codes that are not part of the data stream. If the message is coded with something like uuencode or base64 then the uniform-length lines of data should be clearly disinguishable from any other text such as "Press N for next screen" or an escape sequence. Also, overlapping display (some pagers show you a couple of lines from the previous screenful) could be dealt with by detecting duplicate lines. >> When you are done, you press Q, and the plaintext is immediately >> deleted from the memory. > Well, I'd think you'd want the option of saving the plaintext to a > file on your PC, not always deleting it from memory. By memory I meant the RAM in the dongle. If you wanted to save it, you could have just used to "logifile" function of your communication software. > What if you wanted to do what I'm doing here, which is to quote the > message you are replying to? I have not thought about that. Right away I see several possibilities: one, if the message you are replying to is the one you just decrypted, it could have been stored in the buffer, and you can delete the irrelevant lines, and insert your comments. The other would be that as you read a message, you could write and encrypt your reply. In that case it would also be simple to automatically use the public key that was used to verify the signature. I am sure there are other ways. There is essentially no limit on possibilities once you have a CPU. I will think about it some more. Thanks for bringing this up. >> simple line editor, that works with any terminal or terminal > I think this is OK, although I'm not sure how happy I'd be with > your line editor, not being accustomed to using BBS's. You could probably download an editor of your choice into it. There could be several editors available. Maybe even a simple screen editor that recognizes several most common terminals like vt100 and ansi. > like I can always compose on my PC, so that's OK. If your comm software supperted such a feature, the dongle could transmit a magic sequence which would make the pc to automatically go into an editor and then transmit the text. I would imagine eventually the most popular communication programs would have this feature. Some might already. The point is that if you happen to be using a dumb terminal or some machine or software WITHOUT this capability you could still receive and send secure messages. >> Then you may want to scan a newsgroup like alt.w.a.s.t.e for any mail >> message whose key-id matches one of the keys on your key-ring, >> decrypts and displays it, while ignoring all the other messages > You might have a buffering problem here. A decryption takes 30 > seconds They would not be decrypted "on-the-fly". Each Subject: line would contain the MD5 hash of the public key. It would take a fraction of a second to determine if that hash matches one of your keys for which the hash values would be precomputed and stored. Then the message would be captured. Later, when the scan is complete, it would be decrypted and displayed. > reasons; first, you don't know what flow control the host uses (if > any), and second, it would expose the fact that you had found a > message you wanted to decrypt). That is true. It should not be a problem though, if there are not too many messages for you. I plan for the device to have 256k of ram, so it could hold a few messages. The ram could be expanded if necessary. > You can't really anticipate how big the buffer might need to be, > especially if this method of anonymous communication became popular. > As I said in a previous post, you could easily have thousands of > messages to sort through, with perhaps dozens for you. I envision that this method would only be used for short and important messages, mostly of the form: "Contact me by sending mail to xyzzy(a)anon-r-us.com, key: dfgSDFgds34DF" So they would be short, easy to buffer, quick to decrypt and hopefully not too many of them. If there WAS too many messages, more than you were able to buffer, then it would just ignore the rest, process the ones it did get, and then you would request a second scan during which the first ones (that have already been processed) would be ignored, and the rest would be received. The problem with this is that the host would know that if you scan twice you have a lot of messages. They dont know which ones though. Or maybe you just had a transmission error... > solution than just encouraging people to buy laptops and use them? Most people that use e-mail already have a computer, They may not want to buy another one. They may use the computer or terminal on their desk for other things too, and would not want the inconvenience of having to use a separate screen/keyboard anytime they receive or want to send a private message. Laptop will cost more. Why buy a screen, keyboard, disk drive if you already have it. Hopefully my device will be cheap. It should be cheaper than any laptop. All I have is two serial ports, a cpu, some RAM and support cirquitry. I don't have a full-fledged keyboard, display, disk (or card) drive, and all the other stuff that goes in a laptop. Laptops are bigger. Or if they are small, they have lousy screens/keyboards. I hope to make my device smaller than even the so-called "palmtops". It would be easier to carry with you, in your pocket. It would be easier to hide if necessary. You can't make a laptop. You cant easily open it up, or if you can, it is complex enough that you can not completely understand its design. You can make a dongle from a kit, testing each part before you assemble it. You could make one from scratch. You can design one if you don't trust the schematics. Or you could show it to a competent electronics engineer and he could tell you if it does what it says it will. A laptop is not designed with security in mind. If you find that someone has just learned your secret code (that you used to encrypt your private key) and are going to seize your laptop in 15 seconds, you can't immediately destroy the key (you need to turn it on, boot or resume, exit from whatever program you were running or create a new window, CD to the directory where you store your private key, delete the file, run some program that makes sure the sectors are cleared.) And you still can't be sure that the key is not stored in some buffer or disk or cpu cache or a temporary file. Compare this with punching in a short "DESTRUCT" sequence on the keypad; if you have the device in your pocket, you can even do it without taking it out of your pocket, if you know the keypad well; And be absolutely sure that all information is completely gone. > Despite my negative comments here, I think there is room for plenty > of different approaches to making crypto easier to use. Absolutely. I am not saying that a hardware device designed specifically for cryptography is the ONLY way to go, what I do believe is that it is just a very good way to make easy access to cryptography widespread. A person that does not even know enough to be able to download, uncompress and install a software package could get one of these devices and make use of it. And there is no limit as to what a knowledgeable person could do with such a device. >If the dongle really could be made available at the price level you >mentioned, there might be some interest ... and if there was one for >$200 or less that would definately be interesting to me. Right now I hope to make it available for about $100. I don't know if I can yet, but will find out soon. -- Yanek Martinson mthvax.cs.miami.edu!safe0!yanek uunet!medexam!yanek this address preferred -->> yanek(a)novavax.nova.edu <<-- this address preferred Phone (305) 765-6300 daytime FAX: (305) 765-6708 1321 N 65 Way/Hollywood (305) 963-1931 evenings (305) 981-9812 Florida, 33024-5819

1 0

Paranoia and Cypherpunks
by tcmay＠netcom.com 28 Nov '92

28 Nov '92

PARANOIA, THIS LIST, AND APPROPRIATE TOPICS It is inevitable that a group such as ours should have varying opinions about the nature of the group, its role in society, its approach to outsiders and journalists, and its basic attitude. Recently, several people have expressed concern that the proper message is not being conveyed, even that a subversive and seditious message is often presented on this list. Some have cited discussion of military cipher systems as being too dangerous for us to discuss, while others have expressed some discomfort at the "anarchist" flavor of some postings. Well, folks, we all have different axes to grind. Since this is an open, unmoderated list, little control of content can be expected. * Some want "cryptography" downplayed, to be replaced with "privacy" as an emphasis. Privacy is seen as more palatable to Americans, less likely to upset them into cracking down on crypto methods. In other words, privacy is an easier "sell" than secrecy. Perhaps, but why dilute our focus just to make a more digestable pill for the masses of America, who typically don't think much about abstractions anyway? Those who want to sell "privacy" are free to. (BTW, the die was mostly cast when the name "Cypherpunks" was adopted. That's already raised red flags, just by the name! If we want to downplay this "crypto-cyber-punks outlaw" image, then a name change to something more like the "Electronic Frontier Foundation" or the CPSR, nice, safe-sounding names.) * Others have expressed some concern that some minor details of how U.S. cipher machines send out padded traffic were mentioned on this list--the fear being that discussion of military matters will invite the scrutiny of the government. Well, check out sci.military some time and see the debate on such issues! Also, many details of the KG-36, KWR-37, and Autodin cipher systems--just to cite the specific military cipher machines that the posting on this list was probably referring to--have already been published, and the Walker spy ring delivered the complete specs to these and other machines in the early 1980s. It's typically only the public who lacks knowledge on these matters. The Soviets (May They Rest in Pieces) usually got the salient details fairly quickly. Since ours is a crypto education group--amongst other things--what's wrong with discussing any of the gadgets and techniques that numerous books and other postings have already dealt with? (Surely John Gilmore's lawsuit to get some critical crypto papers declassified has already "angered" the folks at NSA. Are we to censure John for stirring up trouble? Of course not. We're free individuals, able to say what we wish, meet in secret meetings without the permission of the government, and learn anything we wish to. This, at least, is the theory. Until told otherwise, I intend to act on this theory.) * Some have argued persuasively for concentrating efforts on the more palatable (to the public at large) aspects of crypto techniques, such as authentication to reduce forgeries, privacy protection against illegal eavesdroppers, and so on. This is the "selling our vision to the public" point of view. Fine, it is good for some folks to do this, to concentrate on the areas that are unlikely to upset Middle America. But some of us--and you've seen my postings--believe the _selling_ of these ideas of authentication and privacy is a lost cause, or at least is not our main interest (e.g, it's not _my_ interest). * I favor technological solutions over political solutions. Don't call it sedition, call it the natural trend of new technologies. The printing press broke the power of medieval guilds in ways a political approach could never have done. Same with steam engines, electric motors, incandescent light, copying machines, computers, modems...well, you get the point. The things we talk about on this list, the things being developed and deployed, will have revolutionary effects. I've written about these effects over the past several years, and this wonderful list is pursuing them all with gusto! The anonymous remailers alone will set off alarms throughout the law enforcement community--you're kidding yourself if you think otherwise. Are we to stop working on anonymous remailers? What about digital cash? Face it, what we're doing will have major implications. To not talk about these effects, to not speculate on the possible consequences, is to bury our heads in the sand for fear that someone reading this list will order this list shut down or have us arrested! Yes, it's true some journalists are reading this list. Yes, it's fairly likely someone is forwarding this list to various agencies (this isn't paranoia...they'd be fools to not know about this list by now, given the publicity, the reputations of some of us, etc.). I know that some of the recipients of the list are gatewaying to other systems, or are forwarding specific articles to much wider audiences (I know this partly from e-mail I get). But these are all consequences of having a public list. Anyone uncomfortable with the free discussion of ideas and technologies on this list, anyone who fears personal or professional liability for views expressed by _others_ on this list, should probably unsubscribe from the list. I certainly don't intend to stop writing about the areas that interest me. Cheers. --Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay(a)netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | PGP Public Key: by arrangement.

1 0

John Gilmore & NSA
by norm＠xanadu.com 28 Nov '92

28 Nov '92

This Saturday's NewYork Times has a nice article on page 7 regarding NSA's declassification of some of the Friedmann works under legal pressure from John Gilmore.

2 1

CFP93 information (fwd)
by yanek＠novavax.nova.edu 28 Nov '92

28 Nov '92

The following message was posted to Extropians by Fred Moulton. Forwarded message: > Message-Id: <9211281835.AA05819(a)geech.gnu.ai.mit.edu> > To: Extropians(a)gnu.ai.mit.edu > Date: Sat, 28 Nov 92 10:31:56 -0800 > From: moulton(a)netcom.com (Fred C. Moulton) > Subject: CFP93 information > > > Attached is some information on CFP93 which might be of interest to some > persons on this list. > > Fred > > > > CFP'93 > The Third Conference on Computers, Freedom and Privacy > Sponsored by ACM SIGCOMM, SIGCAS & SIGSAC > 9 - 12 March 1993 > San Francisco Airport Marriott Hotel, Burlingame, CA > > > SCOPE > > The advance of computer and telecommunications technologies holds > great promise for individuals and society. From convenience for > consumers and efficiency in commerce to improved public health and > safety and increased participation in democratic institutions, > these technologies can fundamentally transform our lives. > > At the same time these technologies pose threats to the ideals of > a free and open society. Personal privacy is increasingly at risk > from invasion by high-tech surveillance and eavesdropping. The > myriad databases containing personal information maintained in the > public and private sectors expose private life to constant scrutiny. > > Technological advances also enable new forms of illegal activity, > posing new problems for legal and law enforcement officials and > challenging the very definitions of crime and civil liberties. But > technologies used to combat these crimes can threaten the > traditional barriers between the individual and the state. > > Even such fundamental notions as speech, assembly and property are > being transformed by these technologies, throwing into question > the basic Constitutional protections that have guarded them. > Similarly, information knows no borders; as the scope of economies > becomes global and as networked communities transcend > international boundaries, ways must be found to reconcile > competing political, social and economic interests in the digital > domain. > > The Third Conference on Computers, Freedom and Privacy will > assemble experts, advocates and interested people from a broad > spectrum of disciplines and backgrounds in a balanced public forum > to address the impact of computer and telecommunications > technologies on freedom and privacy in society. Participants will > include people from the fields of computer science, law, business, > research, information, library science, health, public policy, > government, law enforcement, public advocacy and many others. > > Topics covered in previous CFP conferences include: > > Personal Information and Privacy > International Perspectives and Impacts > Law Enforcement and Civil Liberties > Ethics, Morality and Criminality > Electronic Speech, Press and Assembly > Who Logs On (Computer & Telecom Networks) > Free Speech and the Public Telephone Network > Access to Government Information > Computer-based Surveillance of Individuals > Computers in the Workplace > Who Holds the Keys? (Cryptography) > Who's in Your Genes? (Genetic Information) > Ethics and Education > Public Policy for the 21st Century > > INFORMATION > > For more information on the CFP'93 program and advance > registration, as it becomes available, write to: > > CFP'93 Information > 2210 Sixth Street > Berkeley, CA 94710 > > or send email to: cfp93(a)well.sf.ca.us with the word > "Information" in the subject line. > > THE ORGANIZERS > > General Chair > ------------- > Bruce R. Koball > CFP'93 > 2210 Sixth Street > Berkeley, CA 94710 > 510-845-1350 (voice) > 510-845-3946 (fax) > bkoball(a)well.sf.ca.us > > Steering Committee > ------------------ > John Baker Mitch Ratcliffe > Equifax MacWeek Magazine > > Mary J. Culnan David D. Redell > Georgetown University DEC Systems Research > Center > Dorothy Denning > Georgetown University Marc Rotenberg > Computer Professionals > Les Earnest for Social Responsibility > GeoGroup, Inc. > C. James Schmidt > Mike Godwin San Jose State University > Electronic Frontier Foundation > Barbara Simons > Mark Graham IBM > Pandora Systems > Lee Tien > Lance J. Hoffman Attorney > George Washington University > George Trubow > Donald G. Ingraham John Marshall Law School > Office of the District Attorney, > Alameda County, CA Willis Ware > Rand Corp. > Simona Nass > Student - Cardozo Law School Jim Warren > MicroTimes > Peter G. Neumann & Autodesk, Inc. > SRI International > > Affiliations are listed for identification only. > > > -- Yanek Martinson mthvax.cs.miami.edu!safe0!yanek uunet!medexam!yanek this address preferred -->> yanek(a)novavax.nova.edu <<-- this address preferred Phone (305) 765-6300 daytime FAX: (305) 765-6708 1321 N 65 Way/Hollywood (305) 963-1931 evenings (305) 981-9812 Florida, 33024-5819

1 0

bounced mail
by Eric Hughes 28 Nov '92

28 Nov '92

We've made a small change to the way mail gets sent out to the list which should alleviate the bounced message problem. The change went into effect last night. It should take care of most, but perhaps not all, of the problems. So, take heart. Starting in a few days, please _do_ forward bounce reports to cypherpunks-request(a)toad.com. At that point I'll want them for further debugging. Eric with the list maintainer hat on

1 0

Misc. Items
by Hal 28 Nov '92

28 Nov '92

A few random points related to messages from the last few days. (First, a "meta" point - whenever I post to this list, I get from 3 to about 10 messages over 2 or 3 days reporting on delivery errors. It would be nicer if these went to someone else. Some of the messages include as many as 20 or 30 names of list subscribers who were apparently included in the same "outgoing batch" as the bounced mail.) On PGP key verification: I understand that Branko hopes to get version 2.1 of PGP out in a week or so. One of the new features will be a mode to display a MD5 hash of each PGP key to facilitate read-aloud over the telephone. This should make it easier to phone-verify PGP keys, so we can have more _good_ sigs. On pseudonyms and reputations: Several people have suggested that it would be easy to conjure up dozens of fake personalities who would then vouch for each other, giving the illusion of a well-founded and trusted pseudonym. This would be ideal for con men and cops. This can be defeated by the use of the is-a-person credential, which Chaum describes in a couple of his papers, including CACM Oct 1985. This is a signed document given by an organization which makes you come in and give your thumbprint. The document is "re-blinded" a la Chaums' proposals for electronic cash, so that there can be no linkage between your is-a-person document and your actual thumbprint. However, the thumbprint makes it so you can't get more than one is-a-person document. Now, when you go to apply for credit, and you say, here are signatures from dozens of people that I've done business with in the past, and I've paid them all off on time, the first thing the creditor is going to ask is, who are all these people? Are they legit? Can you at least show me is-a-person creds on them? You won't be able to. You only have one is-a-person credential, and you can't make more. Again, these credentials do _not_ hurt crypto anonymity. There is no linkage between your credential and anything else about you. On electronic banking: The interesting thing about electronic banking is digital cash. The key feature of digital cash is anonymity of payments. There is nothing subversive about this. Ordinary cash has (nearly) this property. Are you being subversive when you buy a newspaper without paying by check or credit card? Of course not. The point is, we want to use digital payments so that we can transact business over the net. But the more things get computerized, the more possible forms of monitoring there are, by businesses as well as gov- ernments. There's nothing immoral in trying to keep VISA from knowing whom I like to do business with. Digital cash is designed to allow the convenience of electronic shopping, while keeping the privacy of ordinary cash payments. Conceptually, it's a simple idea. Technically, what has to be done to turn an electronic banking proposal such as Don Bellenger's into electronic cash is some way to make it so that withdrawals can't be paired up with deposits. You also need, of course, to prevent cheating such as spending the same piece of cash twice. It's not trivial to meet these requirements. The Chaum proposal I described is the simplest one that I know of that achieves this. On remailers: I haven't yet succeeded in doing a doubly-encrypted remailer test using Bill O'Hanlon's and mine. Once this works, I'll post instructions on how to do this, and possibly a script or two to make it easier. With two encrypted anonymous remailers, you can for the first time send anonymous messages such that no one person can know whom you are sending to. Bill and I would have to collude to find out who sent a particular anonymous message. If more such remailers can start operating, such collusion will become that much more difficult. On John Draper: I just wanted to say publically that the famous "Captain Crunch" was an inspiration to me when I was in college in the 1970's. Although I did not become a "phone phreak" or "cracker" he represented to me the spirit of questioning authority and exploring beyond the accepted bounds of the system. I have followed his career to some extent over the years and I think he has more than paid for any sins he may have committed in his youth. I for one am thrilled to have the idol of my younger days on the list. Hal 74076.1041(a)compuserve.com

1 0

unsubscribe nathanf@cup.portal.com
by nathanf＠cup.portal.com 28 Nov '92

28 Nov '92

unsubscribe nathanf(a)cup.portal.com

1 0

FutureCulture FAQ
by yanek＠novavax.nova.edu 28 Nov '92

28 Nov '92

Does anyone have a copy? Nyx seems to be down for the last couple of days so I can't get it. Don't send it to me, I don't want to have 150 copies of this fairly large document pile up in my mailbox overnight, just let me know if you have it, and I will request ONE of you to send it. Thanks. Yanek, yanek(a)novavax.nova.edu

1 0

Re: ping..mailing list integrity..
by Richard Childers 28 Nov '92

28 Nov '92

"So if you posted a message, you could check in the evening if it got out or not. If you are not sure if you are receiving all the messages, you could maintain a simlar file yourself, and at the end of day compare your notes with what is received from the list." This could be spoofed by an intermediate delivery agent also ... Generally, in netnews, I regard mail back from individuals or test sites which honor posts to *.test newsgroups as adequate confirmation. These, too, could be spoofed, I suppose, but that's a degree of duplicity that is so complicated to maintain for an indefinite period of time that it is unlikely to ever be put into practice, IMHO, since it's bound to fail in the long term, and would probably result in a backlash of disfavor towards organizations practicing, supporting or funding such behavior. Perhaps an equivalent service could be implemented where some people's systems make a point of sending mail directly to posters to verify that their posting was posted. Bitnet's LISTSERV software does this, which is very convenient when one is managing a listserver entirely by email from a few thousand miles away. Other mail servers - Home Brew Digest comes to mind - do the same thing ... Grist for the collective mill. -- richard

2 1