December 2003 - cypherpunks-legacy

Re: Faster way to deescrow Clipper
by sidney＠taurus.apple.com 17 Dec '03

17 Dec '03

Could someone please enlighten me on this: It seems from the descriptions of the hack to fake a LEAF that 1) When two Clipper chips are going to communicate, one of them generates the session key and sends a LEAF to the other chip, 2) The second chip recognizes the LEAF as being valid based on the validity of the checksum, but does not determine the session key from the LEAF. If that's the case, then 1) How does the second chip find out what the session key is? 2) Doesn't the second chip also have to generate and send a LEAF, if for no other reason than to identify itself to the wiretappers, and if so won't that give away the session key if that chip's device is not also hacked? 3) If all that is needed for this hack is a LEAF with a proper checksum, why go through the brute force method of generating random LEAFs? Why not just buy (or steal or whatever) another Clippered device that you never use for real communication so the wiretappers have no record of who has that serial number, and get LEAFs from it? For that matter, why can't you obtain one LEAF from listening to anybody's Clippered transmission and use it over and over again? It can't be *that* simple, can it? -- sidney <sidney(a)taurus.apple.com>

2 1

Mosaic / CEB / CypherEssay Archive and List
by Vincent.Cate＠FURMINT.NECTAR.CS.CMU.EDU 17 Dec '03

17 Dec '03

I think that Mosaic pages are the way to go these days. These are not hard to write and they are very nice to use. For some interesting examples of what can be done, check out some of the existing cypherpunk mosaic pages: ftp://soda.berkeley.edu/pub/cypherpunks/Home.html ftp://ftp.u.washington.edu/public/phantom/cpunk/README.html http://www.quadralay.com/www/Crypt/Crypt.html http://digicash.support.nl ftp://furmint.nectar.cs.cmu.edu/security/README.html http://pmip.maricopa.edu/crypt/cypherpunks I think it would be good to have a "cypherpunks-essay" mailing list that was not moderated but people only sent essays that they thought were good enough to be archived. For starters, people can just CC: mail to "vac+cypheressay" and it will get dropped into a separate file in: ftp://furmint.nectar.cs.cmu.edu/security/cypheressay My "vac+cypheressay" was done with one line in my .maildelivery and a short shell script I call "save-numbered". Both are below (note the A.I. methods used to moderate mail). Having a "cypherpunks-essay" mailing list on the same machine as "cypherpunks" could be nice for folks who want a lower volume group. Could have mail to it also go to cypherpunks, and Reply-To: also go to cypherpunks. -- Vince Addr vac+cypheressay pipe R /usr/vac/bin/save-numbered /usr/anon/security/cypheressay #!/bin/csh -f # # This is not totally safe as it is not atomic. If two messages # came at the same time there is a chance one would get lost. # For a low volume list this will not be a problem. cd $1 umask 022 set current = `cat num` @ next = $current + 1 echo $next > num cat >> $next # Moderator says no reply messages grep "Re:" $next if ($status == 0) then /bin/rm $next endif

2 1

Re: Mailer questions
by usura＠vox.hacktic.nl 17 Dec '03

17 Dec '03

ghio(a)cmu.edu (Matthew Ghio) writes: >> What is the maximum length of a "Request-Remailing-To:" header? > >Generally, as much as you can fit on the line. If you're running out >of space in your particular mail editor, try using "Anon-To:" instead. The remailers at VoX are running under dos so the maximum length is 128 symbols. VoX accepts X-Anon-To: and the lenghty Request-Remailing-To: it does _not_ support Anon-To: [note to some hip edu site !!] >> I understand that several of the headers can be changed by using >> a "##" token instead of "::". Which ones can be changed and >> which ones can't? VoX doesn't support ##. >> Has anyone had any experience chaining from a Cypherpunk-style >> remailer to anon.penet.fi? Can a "::" separator be used >> successfully, or which format will work? > >I think it can be done... I know it can be done... -- Exit! Stage Left. Alex de Joode <usura(a)vox.hacktic.nl>

1 0

CLIP: flaw found?
by ddt＠lsd.com 17 Dec '03

17 Dec '03

"Nothing can be made to be foolproof: fools are far too ingenious." -dave >Newsgroups: xpress.news.usa >From: xpress (Associated Press) >Date: 2 Jun 94 03:57:00 GMT >X-Category: NA*N**** >Subject: Times: Flaw Found In Wiretap > >NEW YORK (AP) > >A computer scientist has discovered a basic flaw in coding technology that the >Clinton administration has been promoting as a standard for electronic >communications, The New York Times reported Thursday. > >Matthew Blaze, a researcher at AT&T Bell Laboratories, told the Times his >research had shown that someone with sufficient computer skills can beat the >government's technology by encoding messages so that no one, not even the >government, can crack them. > >The administration has been urging private industry to adopt the so-called >"Clipper chip" as a standard encoding system. The government says telephone and >computer messages sent with the chip cannot be read by an outsider but can be >decoded by government law-enforcement agencies. > >Officials fear that without such a system, wiretaps would be useless against >criminals and terrorists because their communications could be hidden in >unbreakable codes. But communications executives and privacy-rights experts >fear the potential for snooping and worry that foreign customers wouldn't buy >the equipment if Washington could snoop on it. > >Blaze said the flaw he discovered in the Clipper design would not permit a >third party to break a coded computer conversation. But it would enable two >people to have a secret conversation that law enforcement officials could not >unscramble. > >Blaze said a draft report of his findings has been circulating among computer >experts and federal agencies. > >The National Security Agency, which played a leading role in developing the >technology, does not dispute the flaw's existence, but believes the Clipper >remains useful anyway, the Times said. > >Michael A. Smith, the agency's director of planning, told the Times in a >written response to questions that the flaw found by Blaze was difficult enough >to exploit that most people wishing to circumvent the system would find other >ways to do it. > >Martin Hellman, a Stanford University expert on data encryption who has read >Blaze's paper, said: "The government is fighting an uphill battle. ... People >who want to work around Clipper will be able to do it."

1 0

MacPGP 2.6ui yet?
by ddt＠lsd.com 17 Dec '03

17 Dec '03

Everyone, Has David Sternlight's worst nightmare made it to a Mac version yet? At 5:42 pm 5/27/94 +0100, mathew(a)mantis.co.uk (mathew) wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >This is to announce an unofficial release of PGP, based on 2.3a, >modified for interoperability with MIT's PGP 2.6. dave

1 0

Anon Remailers + Clueless people = funny
by cdodhner＠indirect.com 17 Dec '03

17 Dec '03

-------- Forwarded message -------- Newsgroups: alt.sex.pedophile.mike-labbe,alt.sex.intergen,alt.sex.bondage,can.infobahn,can.general,can.legal,soc.culture.canada,ont.general,alt.usenet.kooks Date: Thu, 2 Jun 1994 12:08:30 GMT From: nightfly(a)netcom7.netcom.com (Nightfly) Subject: Re: Huge Porno Ring uncovered in Canada - audio report available In article <2sj9a0$akq(a)agate.berkeley.edu> Tommy the Tourist <nobody(a)soda.berkeley.edu> writes: Notice to all computer geeks in Canada! Got any "erotic" Gifs ? Delete them quick! Various Canadian Law enforcement agencies are about to redouble their efforts to stamp out pornography. Canadian Police are calling for a large scale crackdown on child pornography. It all started with two video tapes found by the river. The investigation has blossomed and resulted in more than 30 arrests. [yabbada yabbada yabbada] Take this with a big grain of salt, people. Tommy the Tourist has to be the biggest dust case on the net. Verify this through another source before you start chewing up and swallowing your floppies. Note addition of alt.usenet.kooks in the Newsgroups: line. *blink* Nightfly *blink*

1 0

Re: News Flash: Clipper Bug?
by pcw＠access.digex.net 17 Dec '03

17 Dec '03

>> One thing this shows, even if the application of the technique turns out >> to be too difficult to be practical, is that Dorothy Denning's evaluation >> of the design was worthless. That team should have found this themselves. >> No wonder she was trying to play it down in the NYT. > >It was my understanding that Denning was just looking at the Skipjack >algorithm, and not the clipper unit as a whole. I wouldn't be too quick >to condemn her on this point. Of course, Dorothy Denning could simply say, "Gosh, the Blaze result shows how to make Clipper _more_ secure for the average user. Now they don't have to worry about the government. I stand by my assessment that it is secure."

1 0

Re: NYT article
by joshua geller 17 Dec '03

17 Dec '03

> joshua geller says: > > an interesting commercial product might be software to > > do blaze's trick.... > You can't build it -- the EES is not available as an algorithmic > specification to the public -- only as hardware. quite true. I was mistaken. josh

1 0

Denning and Clipper...
by pcw＠access.digex.net 17 Dec '03

17 Dec '03

>> One thing this shows, even if the application of the technique turns out >> to be too difficult to be practical, is that Dorothy Denning's evaluation >> of the design was worthless. That team should have found this themselves. >> No wonder she was trying to play it down in the NYT. > >It was my understanding that Denning was just looking at the Skipjack >algorithm, and not the clipper unit as a whole. I wouldn't be too quick >to condemn her on this point. Of course, Dorothy Denning could simply say, "Gosh, the Blaze result shows how to make Clipper _more_ secure for the average user. Now they don't have to worry about the government. I stand by my assessment that it is secure."

1 0

Matt Blaze & Tessera Linked in NYT Again
by Duncan Frissell 17 Dec '03

17 Dec '03

Check the first page of the Bussiness Section of this morning's NYT for an article by John Markoff on Matt and Tessera. " 'The point is that the back door has a broken hinge,' said William Ferguson, vice president of Semaphore Corporation" DCF

1 1