-----BEGIN PGP SIGNED MESSAGE----- After reading Mike Ingle's post of Dec 21, I withdraw my request for a "public-spirited Cypherpunk (perhaps even an anonymous one) to place Secure Drive on an FTP site or a site with an E-mail file server." Mike said: If you do this [upload Secure Drive to an FTP or mailserver site], please make it a U.S./Canada only site. If you mean a site -in- the USA/Canada, no problem. If you mean a site which will not send files outside the USA/Canada, I don't think there is any such animal. The only site even -attempting- to restrict service I've heard of is RSA.com, which distributes RSAREF. And I think it would be rather easy to spoof. A foreigner can easily login to any public -domestic- internet BBS with just an international phone call, giving him a domestic-looking net address. Even if you distribute every copy yourself, Mike, you are not immune from this kind of "spoofing." >So far I still haven't heard from Eric. I did get two responses. >The first was anonymous and sent me a copy of Secure Drive with >a request for me to post it to foreign FTP site(s). The second >was a request from a foreign site for me to send them a copy. I'd like to see more about this, in private mail if you don't want to post it to the list. Not much to tell. I didn't keep copies of either request. I think the non-anon one was from Australia, maybe. The non-distribution of the beta was because I had no way to check it, and it could easily have eaten hard drives. I did say in the ad that you were not to export, although I didn't make anyone send a statement. Maybe I should have. Perhaps. But the ad says: This program may be freely distributed within the U.S. and Canada; do not export it. and the docs say: Exporting this program. This program is for use in the US and Canada only. Cryptography is export controlled, and sending this program outside the country may be illegal. Don't do it. Fine. But "freely distributed in the USA & Canada" would include uploading it to domestic BBS's & anon. FTP sites by my interpretation of English. If a foreigner enters the country and smuggles a copy home with him, whether he does it physically or electronically, he is committing the criminal act; not whoever uploaded SD and certainly not Mike. On the Hacker matter Mike said: They are going to attempt to break Secure Drive. He asked me to write a program which will take a list of passphrases and test them quickly to run a passphrase attack. I had a few qualms about writing a program to crack someone's data, but I don't think it really matters. Unless the hacker chose a very lame key, they don't have a prayer in hell. By all means, go ahead & write the program to their specs.! Of course, as a "forensic software consultant" you're entitled to a fee. I would say a minimum of $100/hour is "fair." After they try that for a while, you can offer an improvement that will try "more keys of a smaller possible set faster" by just trying the 2^128 keys directly without bothering with a passphrase, along with a mod to LOGIN which will insert a binary key directly rather than use MD5 on a passphrase. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLR8uuN4nNf3ah8DHAQHQ1AP/ZXImvQO2XxKXi/k2CCMPgD12rYPAcfZp ZabuyERUGW8UuKZJLS8Wy4i7q2EdWi1TT80dKhHVQgO6ec+ybKyirXN/N8Ahz3BF zKqa+YKKgaroxv50Xg4RdQ3Cr/rfYQeQ0yiH1VdJOJj4dVwDMTnm+uC/Uph/wXJI U53PBfQWR28= =T2cH -----END PGP SIGNATURE----- -- edgar@spectrx.saigon.com (Edgar W. Swank) SPECTROX SYSTEMS +1.408.252.1005 Cupertino, Ca