Okay folks. I have worked on this much of the day. This is a more formalized outline as well as a somewhat fleshed out version of section 1 of the FAQ I am attempting to produce. I submit this to the group for commentary and suggestions as well as pointers to the relevant info. This should be enough to give a flavor of what I am trying to do. Anything in [] needs to be located and/or verified by myself. I realize that this won't please everyone and some may not care. So be it. Those who do care, please help me make it less of a FAQ based on my subjective experience and more of a useful general reference. Here it is... -----BEGIN PGP SIGNED MESSAGE----- Cypherpunks Resources FAQ version 0.000000002 Compiled, edited & maintained by Scott Harney "Omegaman <omegam@cmq.com>" This document lists resources for readers interested in Cypherpunk issues and goals. The primary intention of this document is to get new readers of the group to explore the background issues that Cypherpunks attempt to address. It also includes pointers to many common cryptographic implementations and tools. Furthermore, pointers and instructions for various newsreaders and email-filters are provided to help users filter out some of the net's inevitable noise and glean the most useful information they can from this forum. This FAQ does not attempt to explictly define who the Cypherpunks are or answer questions about the philosophy. That is an exercise for the reader who utilizes the pointers within to find the answers on their own. After exploring these resources, the hope is that the reader will become a more effective and insightful contributor to alt.cypherpunks -- even if he/she is opposed to the goals of the group. This FAQ is not intended to be an exhaustive reference. A quick perusal of this FAQ should reveal the impossiblity of such a task. Rather, it is a jumping-off point. Almost all of the references below contain voluminous further references. If your mission-critical Cypherpunks site is not explicitly included, it is 99% likely to be referred to by at least one of them. This FAQ is propagated monthly to alt.cypherpunks. It can also be obtained be sending email with the subject and/or body "get cpunks faq" to omegam@cmq.com. As with nearly all net.publications, this document is in a constant state of contruction. When information in the FAQ is updated, I will also post a "what's new" message for those who are interested in reading additions/corrections without wading throught the entire FAQ again. - -------*********------- Author's Note/Disclaimer ---------*********--------- I maintain this FAQ solely on a voluntary basis. I am doing this because I think it is necessary. It would be contrary to the anarchic nature of the Cypherpunks to attempt to call this an official FAQ of the Cypherpunks group. Anyone who disagrees with the editing decisions and pointer selections I have made in this FAQ is free to. What this means is that you are encouraged to send comments, suggestions, corrections, new questions, and answers to me. I may or may not include them in future revisions of the FAQ. I do ask that somewhere in the subject of your mail redarding this FAQ you include the text "(CFAQ suggest)", so procmail can file such comments appropriately and I can address them in a more efficient manner. If I use your suggestion or answer to a question, I will attribute the reference to you unless you request that I do not. You are free to create your own Cypherpunks-resources FAQ if you don't like mine. - - Scott _______________________________________________________________ Omegaman <mailto:omegam@cmq.com> PGP Key fingerprint = 6D 31 C3 00 77 8C D1 C2 59 0A 01 E3 AF 81 94 63 Send e-mail with "get key" in the "Subject:" field to get a copy of my public key _______________________________________________________________ - -------*********--------*********---------********--------*********------ Premliminary Outline Section 1 - Introduction and General Information. Q1.1 Does this newsgroup/mailing-list have a charter? Q1.2 How did the group get started? Q1.3 What do Cypherpunks want? Q1.4 What happened to the toad.com mailing list? Are there archives? Q1.5 Are there other groups besides Cypherpunks who share these goals. Q1.6 What have the Cypherpunks done to advance their goals other that merely talk about them? Q1.7 I'm interested, what can I do? Q1.8 What are all these terms and acronyms anyway? (A Quick n' Dirty Glossary) Section 2 - Crypto in Action Q2.1 Pointers galore to PGP resources. Q2.2 Point to Schneir's site and include biblio info on Applied Crypto Q2.2 Point to cryptlib toolkits Q2.3 RSA, of course. Q2.4 pointers to disk encryption utilities for various platforms Q2.5 pointers to Raph's remailer site and other remailer info sites. remailer software. software to make remailer usage simpler (premail, PIdaho) Q2.6 pointers to the various digital cash purveyors and to explanations of how Chaumian digital cash works. Q2.7 pointers to Apache-SSL site and info, Stronghold, Q2.8 SSH Q2.9 Pointers to sites describing how various types of crypto actually work. sci.crypt faq Q3.0 But how do I know if it's good crypto? Point to snake Oil FAQ? Schneir's essay. Use your brain. Section 3 - Crypto and the Law Q3.1 Froomkin's site obviously.. John Young's also obvious. EFF has a good archive too. Karn case, others. Q3.2 Pointers to government's current position on crypto. ie. EAR, ITAR Q3.3 Pointers past Clipper failure info. Section 4 - Who's who & (recent) History of Crypto. Q4.1 A couple of good general history sites exist. also Codebreakers bibliographical reference. Q4.2 Enigma is a common question, point to relevant sites. Q4.3 Whit Diffie--some interviews etc are available Q4.4 Bruce Schneir same Q4.5 Phil Z and PGP history and interviews. Q4.6 Jim Bizdos Q4.8 Dorothy Denning (got to include the enemy too) Q4.7 Pointers to news on breaks of ciphers Q4.8 NSA site. [Others? I'm getting sleepy, names escaping me at the moment] Section 5 - Help! I want to know more but I'm drowning in noise Q5.1 Point to filtered lists in existence Q5.2 news2mail gateways as source of list. mail filtering tools come into good use. point to a bunch of them. Q5.3 Point to kill-file info for various newsreaders and platforms. [Possibly include generic examples from own experience and list user's experience who wish to contribute. Specific names will be ommitted of course. Also score information for those interested] Q5.4 point to information on other utilities and verification-type schemes [NoCeM's] Section 6 - Personal motivations, thank-you's, etc. *********----------**********----------**********---------*********---- Section 1. Introduction and General Information Q1.1 Do the Cypherpunks have an official charter? No. Cypherpunks are anarchic in nature so the notion of an official charter is directly contrary to such ideals. The two statements below are from Original Cypherpunks (OC's) Eric Hughes and Tim May. The first was part of the original welcome message to the mailing list hosted at toad.com. The second was suggested by Tim to the original list and commented upon by the readership. Both statements are accepted by much of the readership as good indicators of what Cypherpunks are about. Eric Hughes' statement: "Cypherpunks assume privacy is a good thing and wish there were more of it. Cypherpunks acknowledge that those who want privacy must create it for themselves and not expect governments, corporations, or other large, faceless organizations to grant them privacy out of beneficence. Cypherpunks know that people have been creating their own privacy for centuries with whispers, envelopes, closed doors, and couriers. Cypherpunks do not seek to prevent other people from speaking about their experiences or their opinions. The most important means to the defense of privacy is encryption. To encrypt is to indicate the desire for privacy. But to encrypt with weak cryptography is to indicate not too much desire for privacy. Cypherpunks hope that all people desiring privacy will learn how best to defend it. Cypherpunks are therefore devoted to cryptography. Cypherpunks wish to learn about it, to teach it, to implement it, and to make more of it. Cypherpunks know that cryptographic protocols make social structures. Cypherpunks know how to attack a system and how to defend it. Cypherpunks know just how hard it is to make good cryptosystems. Cypherpunks love to practice. They love to play with public key cryptography. They love to play with anonymous and pseudonymous mail forwarding and delivery. They love to play with DC-nets. They love to play with secure communications of all kinds. Cypherpunks write code. They know that someone has to write code to defend privacy, and since it's their privacy, they're going to write it. Cypherpunks publish their code so that their fellow Cypherpunks may practice and play with it. Cypherpunks realize that security is not built in a day and are patient with incremental progress. Cypherpunks don't care if you don't like the software they write. Cypherpunks know that software can't be destroyed. Cypherpunks know that a widely dispersed system can't be shut down. Cypherpunks will make the networks safe for privacy." Tim May's statement: "Alt.cypherpunks is for the unmoderated discussion of cryptography and the political, social, and economic implications of unrestricted, strong cryptography. The Cypherpunks grpup has existed since 1992 and has been central in the debate about strong crypto, government restrictions, crypto anarchy, and in showing weaknesses of various ciphers and security products. The mailing list has had as many as 1500 subscribers, plus gateways to newsgroups and Web sites. It is expected that 'alt.cypherpunks' will be a free-wheeling forum for many viewpoints. As it is unmoderated, readers are strongly advised to learn how to use filters and other tools for making virtual anarchies manageable for their own tastes." Q1.2 How did the group get started? Needless to say, the history of such things is fuzzy at best. Eric Hughes and Tim May had some discussions which led to Eric Hughes, decision to host a meeting. Concidently, the first meeting occurred the same week PGP 2.0 was released. John Gilmore offered his site to host a mailing list, and thus Cypherpunks were born. see Q1.2, Q1.4, and Q1.6 for references containing more detail. also see: [Wired article URL] Q1.3 What do Cypherpunks want? Such a simple question with no simple, short answer. Please explore the following sites. Tim May's provacative (and large!) Cyphernomicon http://www.oberlin.edu/~brchkind/cyphernomicon/ The Berkeley Cypherpunks site is another good starting point. ftp://ftp.csua.berkeley.edu/pub/cypherpunks/Home.html Also see: http://www.offshore.com.ai/security/ - Vince Cate's Cryptorebel/Cypherpunk Page http://www.eskimo.com/~joelm/ - Joel McNamara's Electronic Privacy Page Q1.4 What happened to the toad.com mailing list? Are there archives? As with all Cypherpunks issues, there is much controversy surrounding the dissolution of the original list hosted by John Gilmore's machine @toad.com. Some say that noise devoured the list to such a point as to make it useless, driving away the "good posters". Others argue that the failed attempt at moderating the list to eliminate some of that noise was the final nail in the coffin. Whatever the reason, Gilmore told the Cypherpunks that it was time to find a new home. Running a mailing list with 1500+ subscription base and the enormous volume that the list had is not a simple task. The physical running of the list on a single machine requires enormous computational resources as well as constant human intervention. Perhaps the resultant newsgroup and distributed mailing list approach is more in line with Cypherpunk ideals. "Cypherpunks know that a widely dispersed system cannot be shut down." Archives of the original list are available to some degree at: http://infinity.nus.sg/cypherpunks/ http://weber.u.washington.edu/~phantom/cpunk/index.html Users interested in running a "node" of the distributed mailing list version of this newsgroup are encouraged to subscribe to Igor Chudov's discussion list on the subject. Send a message to majordomo@algebra.com with the body "subscribe cypherpunks-hosts" Q1.5 Are there other groups besides Cypherpunks who share these goals? The following organizations and sites share Cypherpunk goals to a greater or lesser extent. The EFF(Electronic Frontier Foundation) http://eff.org http://eff.org/pub/ITAR_export/HTML/hot.html & http://www.eff.org/pub/Privacy/hot.html - more specific references & extensive archival information EPIC (Electronic Privacy Information Center) http://epic.org Voter's Telecommunications Watch http://www.vtw.org Center for Democracy and Technology http://www.cdt.org The Cryptography List at C2Net is also a good resource. send a message to Majordomo@c2.net with the body "subscribe Cryptography" The Coderpunks list at toad.com is a technical discussion forum. Send a message to majordomo@toad.com with the body "subscribe coderpunks" Q1.6 What have the Cypherpunks done to advance their goals other that merely talk about them? Many Cypherpunks are professionals in the computer security field. Others work for companies and corporations which create and distribute products utilizing strong cryptography. Cypherpunks are also directly responsible for the creation and running of Type I and Type II(mixmaster) Cypherpunks anonymous remailers (surprising, eh?). see Q2.5 Cypherpunks have also produced software to make good crypto easier for the masses. [Get permission from PGP-front end producers to reference here] The Linux-IPSEC project is another good example. [see & subscribe ref?]. Mykotronx exposure and dumpster diving excursion. [reference?] see Q1.4(list-archive sites) Q1.7 I'm interested, what can I do? First of all READ before you post. Observe simple etiquette. Don't clutter the group with "me too" posts and questions which you can easily find the answer to yourself. Contribute signal, not noise. As of this writing, RSA, inc. is hosting a contest to crack the government standard DES 56 bit algorhythm. See [http://www.rsa.com/contest] for full details. Also see Peter Trei's site for software and info. Host a portion of the distributed mailing list. See Q1.5. Run an anonymous or pseudonymous remailer. see Q1.6 for site references and software. Use strong crypto. Encourage friends to use it as well. Increase the amount of encrypted traffic on the net. Can you code? There are plenty of projects and opportunites yet to be explored. Black Unicorn writes: "Where is highly sophisticated stego? Where are larger keys for symetric ciphers? Where is a fully functional and secure "stealth PGP"? Where are anonymous and encrypted WWW clients and hosts which permit chaining? If the crypto war is going to be lost it will be lost in the chill of development when crypto regulation is put into place. If you don't make the guns in the first place, the government has a much easier time taking them away." Q1.8 What are all these terms and acronyms anyway? Here's a quick-n-dirty glossary. GAK = Government access to keys. Government euphemisms for GAK include "key escrow" and "key recovery" (actually important for corporations, but misused in recent USG proposals) USG = United States Government ITAR = International Trade and Arms Regulations. Regulations export of arms from the US. Strong Crypto is regulated as a weapon by this document. see Q3.2 EAR = Encryption Algorhythm Regulations (a guess, look it up) Recent proposals by Clinton Administration. see Q3.2 TLA = Three Letter Acronym/Agency. Refers to USG agencies (typically involved in law enforcement) FBI, CIA, NSA, etc. NSA = National Security Agency. This highly secretive agency is responsible for the protection of USG secrecy via encryption as well as the spying on other governments by breaking encryption algorhythms. see Q4.8 DES = US Data Encryption Standard algorhythm. see Q2.9 RSA = a company and a public key algorhythm. see Q2.9 and Q2.3 net.loon/kook = a purely subjective characterization. Signal-to-Noise ratio = Signal refers to on-topic posts. Noise, the opposite. A high S/N ratio means the list is putting out a lot of signal("good posts"). Subjective, but fairly obvious. See Section 5 for pointers no how to reduce (what you think is) noise Memes = [get a good definition here] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [Rest of FAQ goes here :) This is a pre-alpha FAQ, intended only to solicit commentary and suggestions.] -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: latin1 iQCVAwUBMwJViqb3EfJTqNC9AQHigwP+IAXu+PO7aGiR/zZxz91PhnYuYvTy3jMN HzO4djcx44auPMjh6pFpmWJuYRcoxVHXCh2JO4UOR3cNYloxikwY4hGgYx8jLgN1 XORQztiCGMI/2ScVsi8tH6eJLCuZxmE7s8semel4CC8xH3H74vCiBNZD6iyyIXOG oMkSnOVFAQg= =Fdky -----END PGP SIGNATURE-----