From robichau at lambda.msfc.nasa.gov Thu Apr 1 08:18:16 1993 From: robichau at lambda.msfc.nasa.gov (Paul Robichaux) Date: Thu, 1 Apr 93 08:18:16 PST Subject: PHRACK: Article from PHRACK 42 on encryption Message-ID: <9304011902.AA26513@lambda.msfc.nasa.gov> Attached is an article from PHRACK 42 written by "The Racketeer." Exposing factual errors and flaws in reasoning is left as an exercise for the reader. -Paul ################################################### # The Paranoid Schizophrenics Guide to Encryption # # (or How to Avoid Getting Tapped and Raided) # ################################################### Written by The Racketeer of The /-/ellfire Club The purpose of this file is to explain the why and the how of Data Encryption, with a brief description of the future of computer security, TEMPEST. At the time of this issue's release, two of the more modern software packages use encryption methods covered in this article, so exercise some of your neurons and check into newer releases if they are available. Methods described in this file use PGP, covering an implementation of Phil Zimmermann's RSA variant, and the MDC and IDEA conventional encryption techniques by using PGP and HPACK. -------------------- WHY DATA ENCRYPTION? -------------------- This isn't exactly the typical topic discussed by me in Phrack. However, the importance of knowing encryption is necessary when dealing with any quasi-legal computer activity. I was planning on starting my series on hacking Novell Networks (so non-Internet users can have something to do), but recent events have caused me to change my mind and, instead of showing people how to get into more trouble (well, okay, there is plenty of that in this file too, since you're going to be working with contraband software), I've opted instead to show people how to protect themselves from the long arm of the Law. Why all this concern? Relatively recently, The Masters of Deception (MoD) were raided by various federal agencies and were accused of several crimes. The crimes they did commit will doubtlessly cause more mandates, making the already too-outrageous penalties even worse. "So?" you might ask. The MoD weren't exactly friends of mine. In fact, quite the contrary. But unlike many of the hackers whom I dealt with in the "final days" prior to their arrest, I bitterly protested any action against the MoD. Admittedly, I followed the episode from the beginning to the end, and the moral arguments were enough to rip the "Hacker World" to pieces. But these moral issues are done, the past behind most of us. It is now time to examine the aftermath of the bust. According to the officials in charge of the investigation against MoD members, telephone taps were used to gain evidence against members successfully. All data going in and out of their house was monitored and all voice communications were monitored, especially between members. So, how do you make a line secure? The party line answer is use of effective encryption methods. Federal investigative agencies are currently pushing for more technological research into the issue of computer security. All of the popular techniques which are being used by hackers today are being used by the government's R&D departments. Over the course of the last 5 years, I've watched as the U.S. Government went from a task force of nearly nil all the way to a powerful marauder. Their mission? Unclear. Regardless, the research being accomplished by federally-funded projects dealing with the issues of computer security are escalating. I've personally joined and examined many such conferences and have carefully examined the issues. Many of these issues will become future Phrack articles which I'll write. Others, such as limited-life semiconductors and deliberate telephone line noise sabotage caused by ACK packet detections in order to drive telecommunication costs higher, are sadly unpreventable problems of the future which won't be cured by simple awareness of the problem. They have different names -- Computer Emergency Response Team (CERT), Computer Assisted Security Investigative Analysis Tool (FBI's CASIAT), the Secret Service's Computer Fraud Division, or the National Computer Security Center (NSA's NCSC). Scores of other groups exist for every network, even every operating system. Their goal isn't necessarily to catch hackers; their goal is to acquire information about the act of hacking itself until it is no longer is a problem. Encryption stands in the way. Computer Security is literally so VAST a concept that, once a person awakens to low-level computer mechanics, it becomes nearly impossible to prevent that person from gaining unauthorized access to machines. This is somewhat contradictory to the "it's all social engineering" concept which we have been hearing about on Nightline and in the papers. If you can't snag them one way though, you can get them another -- the fact is that computers are still too damn vulnerable these days to traditional hacking techniques. Because of the ease of breaking through security, it becomes very difficult to actually create an effective way to protect yourself from any form of computer hacking. Look at piracy: they've tried every trick in the book to protect software and, so far, the only success they have had was writing software that sucked so much nobody wanted a copy. Furthermore, totally non-CPU related attacks are taking place. The passing of Anti-TEMPEST Protection Laws which prevent homes from owning computers that don't give off RF emissions has made it possible for any Joe with a few semesters of electrical engineering knowledge to rig together a device that can read what's on your computer monitor. Therefore: Q: How does a person protect their own computer from getting hacked? A: You pretty much can't. I've memorized so many ways to bypass computer security that I can rattle them off in pyramid levels. If a computer is not even connected to a network or phone line, people can watch every keystroke typed and everything displayed on the screen. Why aren't the Fedz using these techniques RIGHT NOW? I can't say they are not. However, a little research into TEMPEST technology resulted in a pretty blunt fact: There are too many computer components to scan accurately. Not the monitor, oh no! You're pretty much fucked there. But accessories for input and output, such as printers, sound cards, scanners, disk drives, and so forth...the possibility of parallel CPU TEMPEST technology exists, but there are more CPU types than any mobile unit could possibly use accurately. Keyboards are currently manufactured by IBM, Compaq, Dell, Northgate, Mitsuma (bleah), Fujitsu, Gateway, Focus, Chichony, Omni, Tandy, Apple, Sun, Packard-Bell (may they rot in hell), Next, Prime, Digital, Unisys, Sony, Hewlett-Packard, AT&T, and a scattering of hundreds of lesser companies. Each of these keyboards have custom models, programmable models, 100+ key and < 100 key models, different connectors, different interpreters, and different levels of cable shielding. For the IBM compatible alone, patents are owned on multiple keyboard pin connectors, such as those for OS/2 and Tandy, as well as the fact that the ISA chipsets are nearly as diverse as the hundreds of manufacturers of motherboards. Because of lowest-bid practices, there can be no certainty of any particular connection -- especially when you are trying to monitor a computer you've never actually seen! In short -- it costs too much for the TEMPEST device to be mobile and to be able to detect keystrokes from a "standard" keyboard, mostly because keyboards aren't "standard" enough! In fact, the only real standard which I can tell exists on regular computers is the fact that monitors still use good old CRT technology. Arguments against this include the fact that most of the available PC computers use standard DIN connectors which means that MOST of the keyboards could be examined. Furthermore, these keyboards are traditionally serial connections using highly vulnerable wire (see Appendix B). Once again, I raise the defense that keyboard cables are traditionally the most heavily shielded (mine is nearly 1/4 inch thick) and therefore falls back on the question of how accurate a TEMPEST device which is portable can be, and if it is cost effective enough to use against hackers. Further viewpoints and TEMPEST overview can be seen in Appendix B. As a result, we have opened up the possibility for protection from outside interference for our computer systems. Because any DECENT encryption program doesn't echo the password to your screen, a typical encryption program could provide reasonable security to your machine. How reasonable? If you have 9 pirated programs installed on your computer at a given time and you were raided by some law enforcement holes, you would not be labeled at a felon. Instead, it wouldn't even be worth their time to even raid you. If you have 9 pirated programs installed on your computer, had 200 pirated programs encrypted in a disk box, and you were raided, you would have to be charged with possession of 9 pirated programs (unless you did something stupid, like write "Pirated Ultima" or something on the label). We all suspected encryption was the right thing to do, but what about encryption itself? How secure IS encryption? If you think that the world of the Hackers is deeply shrouded with extreme prejudice, I bet you can't wait to talk with crypto-analysts. These people are traditionally the biggest bunch of holes I've ever laid eyes on. In their mind, people have been debating the concepts of encryption since the dawn of time, and if you come up with a totally new method of data encryption, -YOU ARE INSULTING EVERYONE WHO HAS EVER DONE ENCRYPTION-, mostly by saying "Oh, I just came up with this idea for an encryption which might be the best one yet" when people have dedicated all their lives to designing and breaking encryption techniques -- so what makes you think you're so fucking bright? Anyway, crypto-(anal)ysts tend to take most comments as veiled insults, and are easily terribly offended. Well, make no mistake, if I wanted to insult these people, I'd do it. I've already done it. I'll continue to do it. And I won't thinly veil it with good manners, either. The field of Crypto-analysis has traditionally had a mathematical emphasis. The Beal Cipher and the German Enigma Cipher are some of the more popular views of the field. Ever since World War 2, people have spent time researching how technology was going to affect the future of data encryption. If the United States went to war with some other country, they'd have a strong advantage if they knew the orders of the opposing side before they were carried out. Using spies and wire taps, they can gain encrypted data referred to as Ciphertext. They hand the information over to groups that deal with encryption such as the NSA and the CIA, and they attempt to decode the information before the encrypted information is too old to be of any use. The future of Computer Criminology rests in the same ways. The deadline on white collar crimes is defaulted to about 3-4 years, which is called the Statute of Limitations. Once a file is obtained which is encrypted, it becomes a task to decrypt it within the statute's time. As most crypto-analysts would agree, the cost in man-hours as well as supercomputer time would make it unfeasible to enforce brute force decryption techniques of random encryption methods. As a result of this, government regulation stepped in. The National Security Agency (referred to as "Spooks" by the relatively famous tormenter of KGB-paid-off hackers, Cliff Stoll, which is probably the only thing he's ever said which makes me think he could be a real human being) released the DES -- Data Encryption Standard. This encryption method was basically solid and took a long time to crack, which was also the Catch-22. DES wasn't uncrackable, it was just that it took "an unreasonable length of time to crack." The attack against the word "unreasonable" keeps getting stronger and stronger. While DES originated on Honeywell and DEC PDPs, it was rumored that they'd networked enough computers together to break a typical DES encrypted file. Now that we have better computers and the cost requirements for high-speed workstations are even less, I believe that even if they overestimated "unreasonable" a hundredfold, they'd be in the "reasonable" levels now. To explain how fast DES runs these days... I personally wrote a password cracker for DES which was arguably the very first true high-speed cracker. It used the German "Ultra-Fast Crypt" version of the DES algorithm, which happened to contain a static variable used to hold part of the previous attempt at encrypting the password, called the salt. By making sure the system wouldn't resalt on every password attempt, I was able to guess passwords out of a dictionary at the rate of 400+ words per second on a 386-25 (other methods at that time were going at about 30 per second). As I understand it now, levels at 500+ for the same CPU have been achieved. Now this means I can go through an entire dictionary in about five minutes on a DES-encrypted segment. The NSA has REAL cash and some of the finest mathematicians in the world, so if they wanted to gain some really decent speed on encryption, DES fits the ideal for parallel programming. Splitting a DES segment across a hundred CPUs, each relatively modern, they could crank out terraflops of speed. They'd probably be able to crack the code within a few days if they wanted to. Ten years from now, they could do it in a few seconds. Of course, the proper way to circumnavigate DES encryption is to locate and discover a more reliable, less popular method. Because the U.S. Government regulates it, it doesn't mean it's the best. In fact, it means it's the fucking lamest thing they could sweeten up and hope the public swallows it! The last attempt the NSA made at regulating a standard dealing with encryption, they got roasted. I'm somewhat convinced that the NSA is against personal security, and from all the press they give, they don't WANT anyone to have personal security. Neither does the Media for that matter. Because of lamers in the "Biblical Injustice Grievance Group of Opposing Terrible Sacrilege" (or BIGGOTS) who think that if you violate a LAW you're going to Hell (see APPENDIX C for my viewpoint of these people) and who will have convinced Congress to pass ease-of-use wire taps on telephone lines and networks so that they can monitor casual connections without search warrants, encryption will be mandatory if you want any privacy at all. And to quote Phil Zimmermann, "If privacy is outlawed, only the outlaws will have privacy." Therefore, encryption methods that we must use should be gathered into very solid categories which do NOT have endorsement of the NSA and also have usefulness in technique. HOW TO USE DECENT ENCRYPTION: (First, go to APPENDIX D, and get yourself a copy of PGP, latest version.) First of all, PGP is contraband software, presumably illegal to use in the United States because of a patent infringement it allegedly carries. The patent infringement is the usage of a variant of the RSA encryption algorithm. Can you patent an algorithm? By definition, you cannot patent an idea, just a product -- like source code. Yet, the patent exists to be true until proven false. More examples of how people in the crypto-analyst field can be assholes. Anyway, Phil's Pretty Good Software, creators of PGP, were sued and all rights to PGP were forfeited in the United States of America. Here comes the violation of the SECOND law, illegal exportation of a data encryption outside of the United States of America. Phil distributed his encryption techniques outside the USA, which is against the law as well. Even though Mr. Zimmermann doesn't do any work with PGP, because he freely gave his source code to others, people in countries besides the United States are constantly updating and improving the PGP package. PGP handles two very important methods of encryption -- conventional and public key. These are both very important to understand because they protect against completely different things. ----------------------- CONVENTIONAL ENCRYPTION ----------------------- Conventional encryption techniques are easiest to understand. You supply a password and the password you enter encrypts a file or some other sort of data. By re-entering the password, it allows you to recreate the original data. Simple enough concept, just don't give the password to someone you don't trust. If you give the password to the wrong person, your whole business is in jeopardy. Of course, that goes with just about anything you consider important. There are doubtlessly many "secure enough" ciphers which exist right now. Unfortunately, the availability of these methods are somewhat slim because of exportation laws. The "major" encryption programs which I believe are worth talking about here are maintained by people foreign to the USA. The two methods of "conventional" encryption are at least not DES, which qualifies them as okay in my book. This doesn't mean they are impossible to break, but they don't have certain DES limitations which I know exist, such as 8 character password maximum. The methods are: MDC, as available in the package HPACK; and IDEA, as available in Pretty Good Privacy. Once you've installed PGP, we can start by practicing encrypting some typical files on your PC. To conventionally encrypt your AUTOEXEC.BAT file (it won't delete the file after encryption), use the following command: C:\> pgp -c autoexec.bat Pretty Good Privacy 2.1 - Public-key encryption for the masses. (c) 1990-1992 Philip Zimmermann, Phil's Pretty Good Software. 6 Dec 92 Date: 1993/01/19 03:06 GMT You need a pass phrase to encrypt the file. Enter pass phrase: { Password not echoed } Enter same pass phrase again: Just a moment.... Ciphertext file: autoexec.pgp C:\> dir Volume in drive C is RACK'S Directory of c:\autoexec.pgp autoexec.pgp 330 1-18-93 21:05 330 bytes in 1 file(s) 8,192 bytes allocated 52,527,104 bytes free PGP will compress the file before encrypting it. I'd say this is a vulnerability to the encryption on the basis that the file contains a ZIP file signature which could conceivably make the overall encryption less secure. Although no reports have been made of someone breaking PGP this way, I'd feel more comfortable with the ZIP features turned off. This is somewhat contrary to the fact that redundancy checking is another way of breaking ciphertext. However, it isn't as reliable as checking a ZIP signature. Although PGP will doubtlessly become the more popular of the two programs, HPACK's encryption "strength" is that by being less popular, it will probably not be as heavily researched as PGP's methods will be. Of course, by following PGP, new methods of encryption will doubtlessly be added as the program is improved. Here is how you'd go about encrypting an entire file using the HPACK program using the MDC "conventional" encryption: C:\> hpack A -C secret.hpk secret.txt HPACK - The multi-system archiver Version 0.78a0 (shareware version) For Amiga, Archimedes, Macintosh, MSDOS, OS/2, and UNIX Copyright (c) Peter Gutmann 1989 - 1992. Release date: 1 Sept 1992 Archive is 'SECRET.HPK' Please enter password (8..80 characters): Reenter password to confirm: Adding SECRET .TXT Done Anyway, I don't personally think HPACK will ever become truly popular for any reason besides its encryption capabilities. ZIP has been ported to an amazing number of platforms, in which lies ZIP's encryption weakness. If you think ZIP is safe, remember that you need to prevent the possibility of four years of attempted password cracking in order to beat the Statutes of Limitations: Here is the introduction to ZIPCRACK, and what it had to say about how easy it is to break through this barrier: (Taken from ZIPCRACK.DOC) ----- ZIPCRACK is a program designed to demonstrate how easy it is to find passwords on files created with PKZIP. The approach used is a fast, brute-force attack, capable of scanning thousands of passwords per second (5-6000 on an 80386-33). While there is currently no known way to decrypt PKZIP's files without first locating the correct password, the probability that a particular ZIP's password can be found in a billion-word search (which takes about a day on a fast '486) is high enough that anyone using the encryption included in PKZIP 1.10 should be cautious (note: as of this writing, PKZIP version 2.00 has not been released, so it is not yet known whether future versions of PKZIP will use an improved encryption algorithm). The author's primary purpose in releasing this program is to encourage improvements in ZIP security. The intended goal is NOT to make it easy for every computer user to break into any ZIP, so no effort has been made to make the program user-friendly. ----- End Blurb Likewise, WordPerfect is even more vulnerable. I've caught a copy of WordPerfect Crack out on the Internet and here is what it has to say about WordPerfect's impossible-to-break methods: (Taken from WPCRACK.DOC:) ----- WordPerfect's manual claims that "You can protect or lock your documents with a password so that no one will be able to retrieve or print the file without knowing the password - not even you," and "If you forget the password, there is absolutely no way to retrieve the document." [1] Pretty impressive! Actually, you could crack the password of a Word Perfect 5.x file on a 8 1/2" x 11" sheet of paper, it's so simple. If you are counting on your files being safe, they are NOT. Bennet [2] originally discovered how the file was encrypted, and Bergen and Caelli [3] determined further information regarding version 5.x. I have taken these papers, extended them, and written some programs to extract the password from the file. ----- End Blurb --------------------- PUBLIC KEY ENCRYPTION --------------------- Back to the Masters of Deception analogy -- they were telephone tapped. Conventional encryption is good for home use, because only one person could possibly know the password. But what happens when you want to transmit the encrypted data by telephone? If the Secret Service is listening in on your phone calls, you can't tell the password to the person that you want to send the encrypted information to. The SS will grab the password every single time. Enter Public-Key encryption! The concepts behind Public-Key are very in-depth compared to conventional encryption. The idea here is that passwords are not exchanged; instead a "key" which tells HOW to encrypt the file for the other person is given to them. This is called the Public Key. You retain the PRIVATE key and the PASSWORD. They tell you how to decrypt the file that someone sent you. There is no "straight" path between the Public Key and the Private Key, so just because someone HAS the public key, it doesn't mean they can produce either your Secret Key or Password. All it means is that if they encrypt the file using the Public Key, you will be able to decrypt it. Furthermore, because of one-way encryption methods, the output your Public Key produces is original each time, and therefore, you can't decrypt the information you encrypted with the Public Key -- even if you encrypted it yourself! Therefore, you can freely give out your own Public Key to anyone you want, and any information you receive, tapped or not, won't make a difference. As a result, you can trade anything you want and not worry about telephone taps! This technique supposedly is being used to defend the United States' Nuclear Arsenal, if you disbelieve this is secure. I've actually talked with some of the makers of the RSA "Public-Key" algorithm, and, albeit they are quite brilliant individuals, I'm somewhat miffed at their lack of enthusiasm for aiding the public in getting a hold of tools to use Public Key. As a result, they are about to get railroaded by people choosing to use PGP in preference to squat. Okay, maybe they don't have "squat" available. In fact, they have a totally free package with source code available to the USA public (no exportation of code) which people can use called RSAREF. Appendix E explains more about why I'm not suggesting you use this package, and also how to obtain it so you can see for yourself. Now that we know the basic concepts of Public-Key, let's go ahead and create the basics for effective tap-proof communications. Generation of your own secret key (comments in {}s): C:\> pgp -kg { Command used to activate PGP for key generation } Pretty Good Privacy 2.1 - Public-key encryption for the masses. (c) 1990-1992 Philip Zimmermann, Phil's Pretty Good Software. 6 Dec 92 Date: 1993/01/18 19:53 GMT Pick your RSA key size: 1) 384 bits- Casual grade, fast but less secure 2) 512 bits- Commercial grade, medium speed, good security 3) 1024 bits- Military grade, very slow, highest security Choose 1, 2, or 3, or enter desired number of bits: 3 {DAMN STRAIGHT MILITARY} Generating an RSA key with a 1024-bit modulus... You need a user ID for your public key. The desired form for this user ID is your name, followed by your E-mail address enclosed in , if you have an E-mail address. For example: John Q. Smith <12345.6789 at compuserve.com> Enter a user ID for your public key: The Racketeer You need a pass phrase to protect your RSA secret key. Your pass phrase can be any sentence or phrase and may have many words, spaces, punctuation, or any other printable characters. Enter pass phrase: { Not echoed to screen } Enter same pass phrase again: { " " " " } Note that key generation is a VERY lengthy process. We need to generate 105 random bytes. This is done by measuring the time intervals between your keystrokes. Please enter some text on your keyboard, at least 210 nonrepeating keystrokes, until you hear the beep: 1 .* { decrements } -Enough, thank you. ..................................................++++ ........++++ Key generation completed. It took a 33-386DX a grand total of about 10 minutes to make the key. Now that it has been generated, it has been placed in your key ring. We can examine the key ring using the following command: C:\> pgp -kv Pretty Good Privacy 2.1 - Public-key encryption for the masses. (c) 1990-1992 Philip Zimmermann, Phil's Pretty Good Software. 6 Dec 92 Date: 1993/01/18 20:19 GMT Key ring: 'c:\pgp\pubring.pgp' Type bits/keyID Date User ID pub 1024/7C8C3D 1993/01/18 The Racketeer 1 key(s) examined. We've now got a viable keyring with your own keys. Now, you need to extract your Public Key so that you can have other people encrypt shit and have it sent to you. In order to do this, you need to be able to mail it to them. Therefore, you need to extract it in ASCII format. This is done by the following: C:\> pgp -kxa "The Racketeer " Pretty Good Privacy 2.1 - Public-key encryption for the masses (c) 1990-1992 Philip Zimmermann, Phil's Pretty Good Software. 6 Dec 92 Date: 1993/01/18 20:56 GMT Extracting from key ring: 'c:\pgp\pubring.pgp', userid "The Racketeer ". Key for user ID: The Racketeer 1024-bit key, Key ID 0C975F, created 1993/01/18 Extract the above key into which file? rackkey Transport armor file: rackkey.asc Key extracted to file 'rackkey.asc'. Done. The end result of the key is a file which contains: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.1 mQCNAisuyi4AAAEEAN+cY6nUU+VIhYOqBfcc12rEMph+A7iadUi8xQJ00ANvp/iF +ugZ+GP2ZnzA0fob9cG/MVbh+iiz3g+nbS+ZljD2uK4VyxZfu5alsbCBFbJ6Oa8K /c/e19lzaksSlTcqTMQEae60JUkrHWpnxQMM3IqSnh3D+SbsmLBs4pFrfIw9AAUR tCRUaGUgUmFja2V0ZWVyIDxyYWNrQGx5Y2FldW0uaGZjLmNvbT4= =6rFE -----END PGP PUBLIC KEY BLOCK----- This can be tagged to the bottom of whatever E-Mail message you want to send or whatever. This key can added to someone else's public key ring and thereby used to encrypt information so that it can be sent to you. Most people who use this on USENET add it onto their signature files so that it is automatically posted on their messages. Let's assume someone else wanted to communicate with you. As a result, they sent you their own Public Key: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.1 mQA9AitgcOsAAAEBgMlGLWl8rub0Ulzv3wpxI5OFLRkx3UcGCGsi/y/Qg7nR8dwI owUy65l9XZsp0MUnFQAFEbQlT25lIER1bWIgUHVkIDwxRHVtUHVkQG1haWxydXMu Yml0bmV0Pg== =FZBm -----END PGP PUBLIC KEY BLOCK----- Notice this guy, Mr. One Dumb Pud, used a smaller key size than you did. This shouldn't make any difference because PGP detects this automatically. Let's now add the schlep onto your key ring. C:\> pgp -ka dumbpud.asc Pretty Good Privacy 2.1 - Public-key encryption for the masses. (c) 1990-1992 Philip Zimmermann, Phil's Pretty Good Software. 6 Dec 92 Date: 1993/01/22 22:17 GMT Key ring: 'c:\pgp\pubring.$01' Type bits/keyID Date User ID pub 384/C52715 1993/01/22 One Dumb Pud <1DumPud at mailrus.bitnet> New key ID: C52715 Keyfile contains: 1 new key(s) Adding key ID C52715 from file 'dumbpud.asc' to key ring 'c:\pgp\pubring.pgp'. Key for user ID: One Dumb Pud <1DumPud at mailrus.bitnet> 384-bit key, Key ID C52715, crated 1993/01/22 This key/userID associate is not certified. Do you want to certify this key yourself (y/N)? n {We'll deal with this later} Okay, now we have the guy on our key ring. Let's go ahead and encrypt a file for the guy. How about having the honor of an unedited copy of this file? C:\> pgp -e encrypt One {PGP has automatic name completion} Pretty Good Privacy 2.1 - Public-key encryption for the masses. (c) 1990-1992 Philip Zimmermann, Phil's Pretty Good Software. 6 Dec 92 Date: 1993/01/22 22:24 GMT Recipient's public key will be used to encrypt. Key for user ID: One Dumb Pud <1DumPud at mailrus.bitnet> 384-bit key, Key ID C52715, created 1993/01/22 WARNING: Because this public key is not certified with a trusted signature, it is not known with high confidence that this public key actually belongs to: "One Dumb Pud <1DumPud at mailrus.bitnet>". Are you sure you want to use this public key (y/N)? y -- Paul Robichaux, KD4JZG | May explode if disposed of improperly. NTI Mission Software Development Div. | RIPEM key on request. From pmetzger at shearson.com Thu Apr 1 10:20:53 1993 From: pmetzger at shearson.com (Perry E. Metzger) Date: Thu, 1 Apr 93 10:20:53 PST Subject: PHRACK: Article from PHRACK 42 on encryption In-Reply-To: <9304011902.AA26513@lambda.msfc.nasa.gov> Message-ID: <9304012043.AA04761@snark.shearson.com> Paul Robichaux says: > Attached is an article from PHRACK 42 written by "The Racketeer." > > Exposing factual errors and flaws in reasoning is left as an exercise > for the reader. > The flaws are big enough to drive a bakery truck through. Its trash. Perry From stig at transam.ece.cmu.edu Thu Apr 1 11:24:31 1993 From: stig at transam.ece.cmu.edu (Jonathan Stigelman) Date: Thu, 1 Apr 93 11:24:31 PST Subject: a blackmail opportunity Message-ID: <232@x15_remote.stigmobile.usa> In message <9303290017.AA05745 at toad.com> you write: >perfect prelude to blackmail. An unscrupulous person running a >remailer can obviously keep records of truenames, along with >messages that their senders do not want associated with them. That's why you use more than one remailer and you encrypt the messages. This guards against single-point failures... >Always encrypting helps with mail, but not with news. > Why? One layer of encription is stripped by each remailer. Use three layers of encription and three remailers: The first remailer will know that you sent something encripted; the third will see the message and the destination but not know that you were the author. stig From tcmay at netcom.com Thu Apr 1 12:27:00 1993 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 1 Apr 93 12:27:00 PST Subject: (fwd) Plan Nine from Cypherspace Message-ID: <9304012311.AA13318@netcom3.netcom.com> I noticed a new group formed, called alt.cabal, and decided to "christen" it with a suitably caballistic message. Don't bother trying to decrypt it, obviously. Perhaps we can simply co-opt alt.cabal for our own uses? -Tim Newsgroups: alt.cabal Path: netcom.com!tcmay From: tcmay at netcom.com (Timothy C. May) Subject: Plan Nine from Cypherspace Message-ID: Organization: Netcom - Online Communication Services (408 241-9760 guest) X-Newsreader: Tin 1.1 PL5 Date: Thu, 1 Apr 1993 22:55:37 GMT -----BEGIN PGP MESSAGE----- Version: 2.2 hIwCVmLN1FTnSD8BBACcHs6kxtMxO2flzZ64d2v9ahYsAPeHVPOujSbgrbCeGk4U xqSFJkcuPY2EulukPQZA9UaImSx/UB6to/puRPl2pQn1qrYwH/irnpTCrsjIVDDo w+tWUA5vbg0LZJP4b/7NZ5u/SUI6cLy4d9abSTJd5kbMkzfNfQVlv7D6NPguoqYA AAIzerOdgHncZ1jEn24ngv4UaqUhZjN0Hf5KjF8yNZt1snugGMMFGCNdfElflkLR fEHOFDDOIWCmpFYv0ACr03CRuXX+wb35iZdZp/lUlSmLvt3wKOyw3zoJ1nWiEwoV mV6wsjHDvg4QIckKzmZFpSX7uGlV6UQLAJW9txsFxRbFFzEY1GoCYDzEhWofW3su h5UPzH2TguBEbAZ/MU1qLtud7+o/Zmfnoj0GleaQvl1bs2GeRGjaklS7/m+WnMy+ k7Y0amFkqj6wf7ML0zN05TkBLS6T/jFX+Re8ffQJIilDVIYjo4nvKe4Q/J9C8Y4+ vViiPxBlJ+177neHTAa8QHO0BTRSsmhoj1b+OjoV7PG0CijKjcsYBDHmoz4gNAv4 UN7pThYSnt2WtkDBfbRmuKyB9CVzEl2kChMYOYnifQ3BK5LvYb2jBLpM4c/ThV04 jHdvMCIsPAAr/lFXdv5jaWHeff9XVhddyhcWP9MYkQ+/Gjle6eV8vfexVotse+Iu nel23SyuzTZjU5/CtGGxVm0aVoiU7X7Y9fg3Q3QOMJP5W0oamaFnJ5kLc7nsGHn7 +kuOmlZ6wb8hmAXb9/YScngWAbJmAEsThnmklxpdjRwV8/j+ScuAxUEJZ8dx/3xY W0w06Oll1Osm/fILU4NkRUxU02CB9hZUfa5k7BYi685gB4e3EEVceT7zbXo+72yh 42h9m3eNBUGGSZCL7X1Zy9JDciT/rOSsU2U31ywSflS7DnANJEo= =VFR9 -----END PGP MESSAGE----- Post response to alt.cabal in normal form. -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. From 74076.1041 at CompuServe.COM Thu Apr 1 13:20:30 1993 From: 74076.1041 at CompuServe.COM (Hal) Date: Thu, 1 Apr 93 13:20:30 PST Subject: REMAIL: Usage statistics Message-ID: <930401235941_74076.1041_FHD46-1@CompuServe.COM> About a month ago, I added a simple logging capability to my remailer, by adding these lines to my maildelivery file: Request-Remailing-To "" pipe R "date >> LOG.REMAIL" Anon-To "" pipe R "date >> LOG.REMAIL" Encrypted PGP pipe R "date >> LOG.ENCRYPTED" Here is a summary of the information from my LOG.REMAIL file. It shows the dates on which a remailed message went through my remailer, with a count of how many messages went through on that day: 1 Tue Mar 2 2 Wed Mar 3 1 Thu Mar 4 7 Fri Mar 5 1 Wed Mar 10 1 Sun Mar 14 1 Mon Mar 15 1 Tue Mar 16 1 Wed Mar 17 1 Thu Mar 18 1 Sun Mar 21 2 Mon Mar 22 10 Tue Mar 23 10 Wed Mar 24 6 Thu Mar 25 7 Fri Mar 26 6 Sat Mar 27 4 Sun Mar 28 1 Mon Mar 29 3 Wed Mar 31 4 Thu Apr 1 These statistics may be useful in considering such approaches as batching or rearranging messages to achieve greater anonymity. Hal 74076.1041 at compuserve.com From phiber at eff.org Thu Apr 1 22:54:28 1993 From: phiber at eff.org (Phiber Optik) Date: Thu, 1 Apr 93 22:54:28 PST Subject: PHRACK: Article from PHRACK 42 on encryption In-Reply-To: <9304012043.AA04761@snark.shearson.com> Message-ID: <199304020654.AA27442@eff.org> > > > Paul Robichaux says: > > Attached is an article from PHRACK 42 written by "The Racketeer." > > > > Exposing factual errors and flaws in reasoning is left as an exercise > > for the reader. > > > > The flaws are big enough to drive a bakery truck through. Its trash. > > > Perry > Welcome to the wonderful world of "Phrack". From trump at pluto.ee.cua.edu Fri Apr 2 07:34:19 1993 From: trump at pluto.ee.cua.edu (Louis Edward Trumpbour) Date: Fri, 2 Apr 93 07:34:19 PST Subject: could someone Message-ID: <9304021534.AA21746@pluto.ee.cua.edu> could someone please re mail me the letter that contains the Phrack 42 article and comentary... my mail was lost and i would like to see this one Clovis From robichau at lambda.msfc.nasa.gov Fri Apr 2 13:11:29 1993 From: robichau at lambda.msfc.nasa.gov (Paul Robichaux) Date: Fri, 2 Apr 93 13:11:29 PST Subject: list ping; ignore Message-ID: <9304022111.AA26160@lambda.msfc.nasa.gov> [ sorry to do this; listmail is only reaching us sporadically and I'm trying to find out why. ] -- Paul Robichaux, KD4JZG | May explode if disposed of improperly. NTI Mission Software Development Div. | RIPEM key on request. From gnu Fri Apr 2 16:11:04 1993 From: gnu (John Gilmore) Date: Fri, 2 Apr 93 16:11:04 PST Subject: Uunet is an "enhanced service provider", not a common carrier In-Reply-To: <9303262102.AA04094@SOS> Message-ID: <9304030010.AA04500@toad.com> I spoke with Mike O'Dell about this; he says uunet is an enhanced service provider. It is not a common carrier. (Let's not discuss this in cypherpunks anyway -- I just wanted to set the record straight.) John From kieran2101 at aol.com Sat Apr 3 09:23:54 1993 From: kieran2101 at aol.com (kieran2101 at aol.com) Date: Sat, 3 Apr 93 09:23:54 PST Subject: could someone Message-ID: <9304031222.tn14272@aol.com> I'd also like a copy of the Phrack article, since my account here clipped off a big chunk of the article at the end. If someone could forward a copy to my account at kieran at mindvox.phantom.com, I'd appreciate it. --Aaron From hughes at soda.berkeley.edu Sat Apr 3 12:06:43 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Sat, 3 Apr 93 12:06:43 PST Subject: WB: public kiosks Message-ID: <9304032003.AA11049@soda.berkeley.edu> One of the necessities of a truly effect whistleblowing system is the existence of public kiosks where anybody can post from--the equivalent of public telephones for the net. This is useful when the sending of any encrypted message at all will be grounds for reprisal. (It is, of course, useful for paranoids as well...) Last night I spoke with Wayne Gregori, who runs a system called sfnet (with some variant of capitalization) here in the Bay Area. sfnet is a coffeehouse network, with public terminals located in various locations in SF, Berkeley, Oakland, etc. There is the equivalent of IRC and private mail for the users, almost all of whom use handles. there is also dialup service available. sfnet just got their internet hookup. It's not integrated into the rest of the software yet; that is being worked on. Wayne is supportive of the idea of putting a whistleblowers interface into the sfnet public terminals. New slogan: Drop the dirty quarter! Eric From grady at netcom.com Sat Apr 3 12:57:04 1993 From: grady at netcom.com (1016/2EF221) Date: Sat, 3 Apr 93 12:57:04 PST Subject: PGP: suggestions from the trench Message-ID: <9304032057.AA06227@netcom.netcom.com> After carefully reading RSA.COM's FAQ (version 1.0 draft 1e [14 Sep 1992] by Paul Fahn; available via anonymous ftp from RSA.COM), I have some comments about the various PGP implementations. First of all: well done! These implementations and ports have taken a lot of unremunerated work from a lot of people. If you compare the number of people registering public keys on the PGP servers such as pgp-public-keys at toxicwaste.mit.edu to the number registering for the RIPEM versions licensed by RSA/PK partners, for example, found on rpub.cl.msu.edu, PGP enjoys an order of magnitude more popularity. So regardless of the outcome of legal, support, standards and interoperability issues, the PGP experiment has already been a tremendous success in letting us common folk learn about effective and convenient public key encryption. One of the great advantages of a popular application is the great number of fingers and eyes that can be used to detect and document problems to make PGP even a greater success. Here are the thoughts of one user: 1. PGP RSA bit lengths are too short. According to RSA's FAQ, the US Government (NSA) does not consider export licenses for RSA moduli used for privacy greater than 512 bits [section 2.23]. This may imply something about NSA's capability in attacking RSA systems with fewer than 512 bits of modulus; Ron Rivest, a co- inventor of RSA, estimates the cost of factoring a 512-bit modulus *today* at $8.2 million dollars (much less of course in the future) [section 2.8]. Although it is true that the time to generate a new RSA key goes as the order of 16 times the modulus length, this is only done once or a very few times. Encryption and signature verification time on the other hand goes only as the order of four time the modulus length [section 2.8]. And the faster computers of tomorrow will virtually eliminate this performance penalty compared to the vastly increased time required for a factoring attack on RSA moduli that increasing its size entails. Taking all these factors into consideration, I would suggest that the *minimum* size of the RSA modulus available for PGP is 1024 bits with a minimum ceiling of 2048 bits (or even more). If for performance reasons on certain platforms 1024 is deemed impossibly slow, then a lesser number of bits ought to be permitted *provided* that the security level for any key length under, say, 768 bits is clearly labeled "TOY GRADE". And because factoring security is a moving target with increases in computer speed and factoring methods, rather than the static (and rather melodramatic) labels of "commercial grade," military grade", and so on, the labels ought to be specific years that intelligent estimates (such as Ron Rivest's) that that size modulus will be factored by a determined opponent. For example, 512 bits should be labeled "1992", 768 bits labeled "2005", 1024 bits labeled "2020", and so on, using an estimate of about 15-20 bits a year of modulus degradation. This also supplies a clue as to selecting intelligent public key expirations given individual security goals. While this may seem too conservative, consider that many public moduli kept by a certifying authority may be attacked in parallel, similar to cracking a passwd file NOT using a salt. We must be *absolutely sure* that the theoretical basis of the encryption function is the paramount consideration in PGP. 2. The hash function generates too short a digest. In section 6.3 of the RSA FAQ, RSA recommends MD5 with its 128 bit digest when using 512 bit or shorter RSA keys. This is because they estimate the work factor of breaking a 128 bit digest is on the order of 2^64 operations or roughly equivalent today to factoring 512 bit numbers. If PGP increases the minimum recommended modulus size but does not simultaneously increase the hash digest size, then attacks such as "guessed plaintext," where guesses are made as to the IDEA key being encrypted under RSA are made compared to a trial RSA encryption, will become more and more attractive. The RSA FAQ recommends using the SHS (Secure Hash Standard) [available from csrc.nist.gov] which generates a 160 bit digest or a modified MD4 algorithm that produces a 256 bit digest. In any event, the 128 bit IDEA key to be encrypted under RSA ought to at the very least have a 64 or 128 bit random salt (that will later be discarded) appended before RSA encryption to thwart the "guessed plaintext" attack on RSA. According to the RSA FAQ, MD4 and MD5 are available for unrestricted use via RSA.COM or ftp.nisc.sri.com as rfc1320 (MD4) and rfc1321 (MD5). 3. Triply encrypted DES with CBC ought to be another "conventional encryption" option under PGP menus. RSA FAQ cites Campbell and Wiener's "Proof that DES is not a group" (Advances in Cryptology - Crypto '92 Springer-Verlag, New York 1993, To appear) that proves that DES with multiple encryption does indeed spread the encryption mapping over a broader space and thus presumably increases the work factor to direct cryptanalysis. IDEA, while attractive in speed, size and theory, has no such group-free proof and has not long withstood the public scrutiny that DES has endured. Three 56 bit keys could easily be derived from a single MD4 256 bit digest (with an additional 64 bits of Initializing Vector, to boot) to double the brute-force key guessing DES work factor to roughly 112 bits. A slightly non- standard version such as Outerbridge/Lau/Gillogly/Karn's newdes, which is provably at *least* as secure as plain DES, might be used in order to thwart dedicated DES hardware attacks. 4. Add a "enter random seed" option in addition to keystroke timing. It is suspected that the timing biases in keystroke timing is far more pronounced than rolls of an ordinary die, especially over the broad range of platforms that PGP has been ported to. A useful option to make user rest easier about the amount of bias in the random seeding for the search for the public-key RSA modulus and the generation of conventional (IDEA and triple-DES keys) would be to permit the direct data entry of fifty or sixty rolls of a die to further disperse the original seed. Given the difficulty of obtaining noisy diodes or sources counting radioactive decay, rolling dice is probably the easiest and comparatively least biased of ways of selecting random seeds [see Knuth v.2] *and* is under the direct personal control of the user. 5. Offer a "use strong primes" option in RSA key generation. While it is true that as it is said in the RSA FAQ [section 2.7] and the PGP documentation that "strong primes" may not now be necessary given the non-favoritism of ECM ("elliptic curve method") of factoring (Lenstra: Factoring integers with elliptic curves. Annals of Mathematics 126:649-673, 1987), there is only the one-time penalty of selecting "strong" primes in public key generation and, as the RSA FAQ suggests, future breakthroughs in factoring technique may very well once again favor the "strong" prime over the garden variety one. 6. Probably my most urgent recommendation: I use MacPGP 2.2 and it did not come with a) a source b) a digitally-signed archive or c) a pointer to send bug reports. Without these features it is very hard to make specific implementation bug reports or interface improvement suggestions. As the RSA FAQ says in section 2.6: "In practice, most successful attacks will likely be aimed at insecure implementations and at the key management stages of an RSA system." Please, please include the source to the Mac version (or upon request), or at least an object map so I can effectively disassemble and test portions of the code. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.2 mQCOAiumM0QAAAED+JPD8OULO2aXRvU2FDksMjJeGT96kGK5eJK1grkXuIHz+6pe jiedYOv72kBQoquycun191Ku4wsWVTz6ox/bpReBs5414OTPzQVJgWQzCW1N4BfV Wr4eEn3qnFsVLXXxk3oYGydIeJcmelSyuPSq/Oq7Q+eHkKgjqxDTjVMu8iEAEQEA AbABh7QuR3JhZHkgV2FyZCAgPGdyYWR5QG5ldGNvbS5jb20+ICAoNzA3KSA4MjYt NzcxNbABAw== =e3rN -----END PGP PUBLIC KEY BLOCK----- Comments appreciated. Grady Ward grady at netcom.com From karn at qualcomm.com Sat Apr 3 16:56:53 1993 From: karn at qualcomm.com (Phil Karn) Date: Sat, 3 Apr 93 16:56:53 PST Subject: TEMPEST in a teapot Message-ID: <9304040056.AA07411@servo> A few minor comments on a pretty comprehensive and well written article. Although TEMPEST is closely related to EMI shielding, remember that TEMPEST is concerned only with *information bearing* radiations, not interference. In particular, the switching power supply, a potentially prodigious source of EMI, is not a significant TEMPEST issue because power supply emissions carry little if any information. (Varying loads might cause minor modulations of switching frequencies, etc, but this is probably something that only the paranoid "covert channel" types worry about. Maybe you coull tell when the floppy drive motor starts and stops, but I doubt you could do much else.) Who knows, cutting down on power supply radiation might make it easier to extract information from the emissions that remain, because of the jamming effect of power supply noise. But don't let that stop you. It's your duty to your neighbors to emit as little RF noise as possible. When I lived in New Jersey, I learned to my chagrin that my two PC clones made my next door neighbor's AM radio useless. Only 25 miles from New York, he was unable to listen to WABC, a 50KW clear channel AM station! The problem disappeared completely when I installed some inline AC RFI filters in the power supplies. Since we shared a pole transformer, I theorize that the noise was conducted from my computer to his radio directly over the power lines. Which brings me to my next point. I have not seen *any* clone-grade PC power supplies with adequate power line filtering. They have a minimal LC lowpass network on the power supply board itself, but this is usually inadequate. Whenever I buy a new power supply, the first thing I do when I get it home is to replace the IEC power connector with an integrated, shielded power connector/RFI line filter. These devices are widely available for several dollars from electronics surplus houses and amateur radio "hamfests". I also use power cords with built-in ferrite "lumps" but these are probably harder to find (one particular hamfest vendor had a lot of them a few years ago, but I haven't seen them since.) Modern monitors are *much* better shielded than the early PC monitors, especially those no-name Korean or Taiwanese copies of the original IBM PC monochrome monitor. If you have the misfortune of owning one of those old monitors, as I do on one of my systems, chances are the lion's share of its emissions are coming from the +70V power lead that runs from the main circuit board to the video output stage on the base of the CRT. (Note! Do NOT confuse this with the high voltage lead going to the anode of the CRT!) The +70V power line to the video output driver acts as an antenna for radiated video signals that can be *quite* strong. I suspect that the reports we've seen of successfully picking up the image on a computer display were taking advantage of this. To fix the problem, just replace the plain wire with a piece of shielded coax, bypass the ends with .01 or .1 uF capacitors of sufficient working voltage, and ground the shields to circuit board ground on both ends. Phil From marc at Athena.MIT.EDU Sat Apr 3 18:07:59 1993 From: marc at Athena.MIT.EDU (Marc Horowitz) Date: Sat, 3 Apr 93 18:07:59 PST Subject: MEET: I'm going West! (Bay Area) Message-ID: <9304040207.AA00881@deathtongue> I'm going to be at a meeting at the Westin hotel in Milbrae, CA. I'm taking an early-morning (ugh) flight out on Tuesday, and I'm red-eye'ing back Friday night/Saturday morning (to be back for the Boston Area Cypherpunks meeting :-) I should be free in the evenings, namely, Tuesday, Wednesday, and Thursday nights. I'd be interested in getting together with people to exchange signatures, talk about stuff, eat dinner, or whatever. I can be reached by email at , which I should be reading remotely, or you can leave a message for me at the hotel at 415-692-3500. Marc From mdiehl at triton.unm.edu Sat Apr 3 21:58:14 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Sat, 3 Apr 93 21:58:14 PST Subject: PGP help and comments. Message-ID: <9304040558.AA17596@triton.unm.edu> I am really learning to love PGP, and I haven't even used it much yet! I'm insisting that all my friends get keys. But.... I would like to set up two secret keys for myself. One 512 bits long and another 1024 bits long. I'll distribute the short one. I'll give the long one to trusted and close friends. I'm having difficulty setting it up so that pgp defaults to using the short key to encrypt stuff. Note that I want the same user id for both, but perhapse with a "secure" flag in the user id of the large key. How can I do this? Can we get someone to compile and distribute pgp for the amoeba, er, I mean Amiga? ;^) My friend has one, but no C compiler. Some suggestions for future versions... Is there any chance of pgp cloaking it's ascii armoured output to look like uuencoded data? I would like to use pgp on the mainframes, but don't want to store my secret key on their disks. Would it be possible to have pgp accept it's secret key via stdin. I could do an ascii upload of my secret key and never expose my key to disk-storage. How about password protecting pgp itself. No one could use my copy of pgp unless they knew my password. And only my copy of pgp could decrypt my secret key. Just a thought. How about a -wn option that would wipe the original file 'n' times. Like pgp -wen10 very_secret_stuff cohort. That should keep even Big Brother from prying. Is it possible to have pgp develope a third key that looks just like a regular key except that when it is used in place of your secret key, it produces an alternate plaintext. This way, if Big Brother "requested" you'r key, and you needed to dissavow all of you'r messages, you could exchange the third key for you'r secret key. When someone used this key, they'd get some insulting message that may or may not have been the original message...and there'd be no way of knowing. I kinda doubt it on this one, but wouldn't it be nice! Geez, have I really gone on for 40 lines? Sorry about that, but any comments? Hope to hear from you. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.2 mQBNAiu21SIAAAECAMKkKKP4JIxSPR7rOUZ7mbi6yDPfFa7T6zOtOBX8iI939tIU 9JFTxdyvTejK3qmYDGozNaqySQ/0++nGqZgikcsABRG0LUouIE1pY2hhZWwgRGll aGwsIG1lLCA8bWRpZWhsQHRyaXRvbi51bW4uZWR1Pg== =YquS -----END PGP PUBLIC KEY BLOCK----- From i6t4 at jupiter.sun.csd.unb.ca Sat Apr 3 22:47:55 1993 From: i6t4 at jupiter.sun.csd.unb.ca (Nickey MacDonald) Date: Sat, 3 Apr 93 22:47:55 PST Subject: PGP help and comments. In-Reply-To: <9304040558.AA17596@triton.unm.edu> Message-ID: My comments below... --- Nick MacDonald | NMD on IRC i6t4 at jupiter.sun.csd.unb.ca | PGP 2.1 Public key available via finger On Sat, 3 Apr 1993, J. Michael Diehl wrote: > I am really learning to love PGP, and I haven't even used it much yet! I'm > insisting that all my friends get keys. But.... I have been 'introducing' my friends to PGP too... I figure that its no good if I have a key, but no one to use it with... :-) Its amazing how many people will take the time to play with an interesting new toy... > I would like to set up two secret keys for myself. One 512 bits long and > another 1024 bits long. I'll distribute the short one. I'll give the long > one to trusted and close friends. I'm having difficulty setting it up so that > pgp defaults to using the short key to encrypt stuff. Note that I want the > same user id for both, but perhapse with a "secure" flag in the user id of the > large key. How can I do this? I'm not too sure here... but PGP should default to using the newest (youngest) key on you private key ring... If you have two of them with the same name, I'm not sure how you could choose other than the first... The trick here might be to a a key size option to PGP, to say I want the key that is (or is at least) n bits in size. > Can we get someone to compile and distribute pgp for the amoeba, er, I mean > Amiga? ;^) My friend has one, but no C compiler. I'll not get into computer wars... I'll just say that I'll take an Amiga over an IBM clone any day! >;-) As far as I can tell.. there are folx out there that make sure the Amiga version goes public pretty soon after a new version is released... I've hade 2.2 since about 3 days after I knew it was released... There are a series on AmiNet "mirrors" all over the world, the one that most IBM'ers would recognize right off being wuarchive.wustle.edu (128.252.135.4) in /pub/aminet/util/crypt. > Some suggestions for future versions... I have some options on some of your ideas, but I'll save them for another post at another time.. :-) From mccoy at ccwf.cc.utexas.edu Sat Apr 3 23:58:38 1993 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Sat, 3 Apr 93 23:58:38 PST Subject: PGP help and comments. In-Reply-To: <9304040558.AA17596@triton.unm.edu> Message-ID: <9304040758.AA07164@tigger.cc.utexas.edu> J. Michael Diehl writes: > > I would like to use pgp on the mainframes, but don't want to store my secret > key on their disks. Would it be possible to have pgp accept it's secret key > via stdin. I could do an ascii upload of my secret key and never expose my > key to disk-storage. This is even more dangerous than storing it on the disks of a multi-user machine. Unless you are running in a kerberos environment it is trivial to snoop your upload off the network, and even without that weakness you are exposing yourself to the same problem that the docs mention (it is really pretty easy to scan someone's terminal input) only you are giving them the key outright instead of only giving them the passphrase to your key. Bad idea. jim From ebrandt at jarthur.Claremont.EDU Sun Apr 4 00:05:14 1993 From: ebrandt at jarthur.Claremont.EDU (Eli Brandt) Date: Sun, 4 Apr 93 00:05:14 PST Subject: jarthur remailer has PGP Message-ID: <9304040805.AA19784@toad.com> Snarfed PGP 2.2 and found it more successful on a Symmetry than 2.1, which I couldn't get to stop dumping core on keygen. So the remailer on jarthur now supports encryption, I think. Bang on it and see if you agree. The jarthur remailer's key: (512 bits only, it's on an insecure box) -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.2 mQBNAiu+hVUAAAECAMVjEfl2IMNgSOJ+/fx1V6EbH50ofa6K4r1PBKMmkcHQextP ghwC4lXIgaAWUlLJ9x61+qf4jB5fpNUZLrF9FUsABRG0NWphcnRodXIgcmVtYWls ZXIgIGMvbyA8ZWJyYW5kdEBqYXJ0aHVyLmNsYXJlbW9udC5lZHU+ =Zxy7 -----END PGP PUBLIC KEY BLOCK----- The makefile paragraph: symmetry_gcc: $(MAKE) all CC=gcc LD=gcc OBJS_EXT=_80386.o \ CFLAGS="-O -I. -DNOTERMIO -D_BSD -DUNIX -DUSE_NBIO $(BYTEORDER) -Di386" Logging is turned back on until the glitches are out. Enjoy. PGP 2 key by finger or e-mail Eli ebrandt at jarthur.claremont.edu From mdiehl at triton.unm.edu Sun Apr 4 00:18:19 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Sun, 4 Apr 93 00:18:19 PST Subject: PGP help and comments. In-Reply-To: <9304040758.AA07164@tigger.cc.utexas.edu> Message-ID: <9304040818.AA20036@triton.unm.edu> >J. Michael Diehl writes: >> I would like to use pgp on the mainframes, but don't want to store my secret >> key on their disks. Would it be possible to have pgp accept it's secret key >> via stdin. I could do an ascii upload of my secret key and never expose my >> key to disk-storage. > > This is even more dangerous than storing it on the disks of a multi-user > machine. Unless you are running in a kerberos environment it is trivial to > snoop your upload off the network, and even without that weakness you are > exposing yourself to the same problem that the docs mention (it is really > pretty easy to scan someone's terminal input) only you are giving them the > key outright instead of only giving them the passphrase to your key. Point taken. > > Bad idea. Sure is. Thanx. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.2 mQBNAiu21SIAAAECAMKkKKP4JIxSPR7rOUZ7mbi6yDPfFa7T6zOtOBX8iI939tIU 9JFTxdyvTejK3qmYDGozNaqySQ/0++nGqZgikcsABRG0LUouIE1pY2hhZWwgRGll aGwsIG1lLCA8bWRpZWhsQHRyaXRvbi51bW4uZWR1Pg== =YquS -----END PGP PUBLIC KEY BLOCK----- From warlord at Athena.MIT.EDU Sun Apr 4 00:52:45 1993 From: warlord at Athena.MIT.EDU (Derek Atkins) Date: Sun, 4 Apr 93 00:52:45 PST Subject: MEET: Boston area Cypherpunks Meeting In-Reply-To: <9303311907.AA22588@milquetoast.MIT.EDU> Message-ID: <9304040852.AA13135@hodge> -----BEGIN PGP SIGNED MESSAGE----- The FIRST Boston-area cypherpunks meeting: Date: Saturday, April 10, 1993 Time: 12 noon - ~5 pm Where: MIT Room 1-115 If you need better directions, please feel free to send me e-mail, or you can call me at 617 868-4469. Hope to see people there! - -derek PGP 2 key available upon request on the key-server: pgp-public-keys at toxicwaste.mit.edu - -- Derek Atkins, MIT '93, Electrical Engineering and Computer Science Secretary, MIT Student Information Processing Board (SIPB) MIT Media Laboratory, Speech Research Group warlord at MIT.EDU PP-ASEL N1NWH -----BEGIN PGP SIGNATURE----- Version: 2.2 iQBuAgUBK76hsTh0K1zBsGrxAQHD7ALFExaf+JQ3l21P1c5Tuxx2RdKy/AsLLZo1 D6Y0LsaPe7YEW9bofbQr0HKdW08KvZgDHowUomjCFgLRVJPtwyTJkqWuL4424/XU cuSe+LWeNJ+llrbosFgsk/o= =wZJR -----END PGP SIGNATURE----- From gg at well.sf.ca.us Sun Apr 4 03:31:52 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Sun, 4 Apr 93 03:31:52 PDT Subject: WB: public kiosks Message-ID: <199304041031.AA11760@well.sf.ca.us> Re public kiosks; recall that Community Memory started the idea of coin-operated kiosks years ago; and presumably still has terminals located around town. The technology is quite simple apparently. Could be genralised pretty easily. The terminals are connected to their servers via off-premise extension circuits, which allow keeping the lines open fulltime at no per-minute charge. Then you drop coins in order to respond to stuff. This of course requires a server in evrey local exchange area where you want terminals, but that should be no problem in most places. -gg From x62727g2 at usma8.USMA.EDU Sun Apr 4 10:07:07 1993 From: x62727g2 at usma8.USMA.EDU (Gatlin Anthony CDT) Date: Sun, 4 Apr 93 10:07:07 PDT Subject: Mailing LIst Message-ID: <9304041704.AA14583@usma8.usma.edu> I am very very interested in getting on your mailing list. PLease include me. Thank you. Anthony GAtlin ------------------------------------------------------------------------------ Notice: In accordance with Title 18 USC 2511 and 18 USC 2703, any monitoring of this communication without a Federal warrant or consent of sender or receiver is in violation of Federal Law. Consent for monitoring is not given. From treason at gnu.ai.mit.edu Sun Apr 4 13:14:32 1993 From: treason at gnu.ai.mit.edu (treason at gnu.ai.mit.edu) Date: Sun, 4 Apr 93 13:14:32 PDT Subject: Second posting (emucs) Message-ID: <9304042014.AA15614@spiff.gnu.ai.mit.edu> This is the second posting I have posted about emucs (encrypted multi-user chat system) on the list. I am hoping to get a little more involvement from stable coders to help develop this product. Most of you are knowledgable of irc and how flawed it is, the ease of logging, and the fascism of the operators therof. I want to alleviate this problem by producing a multi-user chat system involving 1 server and up to 50 clients which is counterproductive to promoting logging and such. My design is easy: All messages sent from a user will be encrypted(pgp) by the pc(msdos machine initially) before its sent over the phone line, to the server. The server will then determine if the message is public or private (very easy to do) and if private, will decrypt it using the servers public key. It will then pass the message to all users on the server in unencrypted format. If it is private the server will pass it directly to the recieving party, who's client will decrypt it (if its private the sender must have the receiver's public key) and display it to their view screen. I was considering encrypting and handling everything in a private manner, but have decided that this would be more than too much load on the recieving pc's so have decided to keep only private messages completely secure. When the person wanting to engage in the chat decides to run the client, he would supply his pass phrase as a command line parameter, and it would be stored in memory until the chat is terminated. Any time a private message comes to him the client would automatically decrypt it with his key and pass phrase. There will be key handling and exchanging utilities built into the server. The client will allow for vt100 emulation and will work as a terminal program until the chat is entered, at which time, the client wwill be prompted by the server to start its new function(ie. encryption). If anyone has any ideas or wishes to help me with this, please respond to treason at gnu.ai.mit.edu and explain what you can do, or what ideas you have. On the last posting of this sort, there was very little response, which frightens me because of the serious need for this kind of software. Treason at gnu.ai.mit.edu From zane at genesis.mcs.com Sun Apr 4 13:45:16 1993 From: zane at genesis.mcs.com (Sameer Parekh) Date: Sun, 4 Apr 93 13:45:16 PDT Subject: Looking for PGP porting help Message-ID: I'm busy (actually, I'm procrastinating doing my schoolwork ;-) porting PGP 2.2 to the Apple IIGS. I have two problems and one question-- The question: Who should I contact with the fact that I'm doing this port so that once a new version of PGP comes out all my porting work isn't lost? The problems: I'm not a very experienced C programmer/porter. I seem to be one of two people in the Apple IIGS community who's interested in porting PGP. (The other is even LESS experienced at C-- he just learned C recently.) Any ideas? Thanks, -- | Sameer Parekh-zane at genesis.MCS.COM-PFA related mail to pfa at genesis.MCS.COM | | Apprentice Philosopher, Writer, Physicist, Healer, Programmer, Lover, more | | "Be God" - Me __ "Specialization is for Insects" - Robert A. Heinlein ____/ \_____________/ \____________________________________________________/ From szabo at techbook.com Sun Apr 4 15:20:37 1993 From: szabo at techbook.com (Nick Szabo) Date: Sun, 4 Apr 93 15:20:37 PDT Subject: Keys on public machines Message-ID: [lost attributions, sorry] >> I could do an ascii upload of my secret key and never expose my >> key to disk-storage. >> > This is even more dangerous than storing it on the disks of a multi-user > machine. Unless you are running in a kerberos environment it is trivial to > snoop your upload off the network... I don't find the risk of a real-time snoop to be as bad as the risk of a future snoop finding my private key alongside encrypted files that have been stored forever (backups). To mitigate either problem, how about having two layers of encryption: a private key to decrypt files for reading on a public machine, and a second public/private pair to reencrypt the files for storage and transmission to the home machine. The public machine knows the first private key (if snooped) and the second public key; only the home machine knows the second private key. Snooping the first private key compromises only unread and future messages until the key is changed. Messages archived in the reencrypted state are secure, but messages archived in the unread state with the first private key are still compromised forever. Is backing up mail directories a common practice? Are there (probably system-dependent) ways to avoid backups, such as anticipating or detecting when backups are about to occur, hidden directories, file permissions, etc? Also, this system introduces some user hostility, in that reencrypted files cannot be read again until moved to the home machine. Another idea is to implement the relevant features of Kerberos in a high-level client/server package that can be used to secure personal network communications of this kind. The package could be distributed with PGP. Nick Szabo szabo at techbook.com From trump at pluto.ee.cua.edu Sun Apr 4 16:53:36 1993 From: trump at pluto.ee.cua.edu (Louis Edward Trumpbour) Date: Sun, 4 Apr 93 16:53:36 PDT Subject: PGP 2.2 for mac Message-ID: <9304042354.AA04977@pluto.ee.cua.edu> yes i am looking for pgp 2.2 for mac so if anyone knows where i can find it or if anyone can tell me if they can uuencode it and mail it to me (please contact me before mailing) i would be most greatful... i do not have a mac but i have a friend at the university of wisconsin that i feel sould have pgp... so as i plea for help into the black hole of the internet cypherpunk remailer i hope to hear some feed back.... also do the people in dc want to get a cypher punk meeting together??? i am wi willing to organize... Clovis From wixer!pacoid at cactus.org Sun Apr 4 17:31:28 1993 From: wixer!pacoid at cactus.org (Paco Xander Nathan) Date: Sun, 4 Apr 93 17:31:28 PDT Subject: CONF - "CopCon", organized by B Sterling Message-ID: <9304042359.AA22084@wixer> Electronic Frontier Foundation -- Austin in conjunction with The University Co-op and The University of Texas Computer Science Department Presents ..from the Federal Computer Investigations Committee, Federal Law Enforcement Training Center, and the International Association of Computer Investigation Specialists: GAIL THACKERAY Maricopa County prosecuting attorney, Phoenix, Arizona speaking on: computer crime in the 1990s, "Operation Sundevil," corporate PBX fraud, boiler-room consumer-fraud rackets, credit-card rip-offs, pirate bulletin-board systems, and outlaw hacking! Sunday, April 18, 1993, 1:30PM-3:30PM UT Campus, Taylor Hall, room 2.106 TO BE FOLLOWED BY: C O M P U T E R S E C U R I T Y S O I R E E ! UT Co-op, Second Floor, Computer Books Section From 3:30 PM -- (?) where Ms. Thackeray will greet the Austin public and answer questions from any and all interested parties! FREE!! ..another EFF-Austin service to the Texan computer community EFF-Austin, PO Box 18957, Austin, Texas 78760 eff-austin at tic.com From gnu at cygnus.com Sun Apr 4 17:56:05 1993 From: gnu at cygnus.com (gnu at cygnus.com) Date: Sun, 4 Apr 93 17:56:05 PDT Subject: Problems with "high quality" random number generators, FYI Message-ID: <9304050056.AA05690@cygnus.com> Good sources of randomness are key to good cryptography. Date: 03 Apr 1993 13:04:37 -0700 (MST) From: uunet!asgard.lpl.Arizona.EDU!schulze at uunet.UU.NET (Dean Schulze) Subject: Problems with "high quality" random number generators To: na.digest at surfer.EPM.ORNL.GOV Cc: numeric-interest at validgh.com Message-Id: <9304032004.AA06752 at asgard.lpl.Arizona.EDU.LPL-West> A recent Physical Review Letter [1] points out that serious problems can arise in Monte Carlo computations due to subtle correlations in "high quality" random number generators. The quality of these number generators was determined to be "good" because they passed a battery of tests for randomness. However, they produced erroneous results when used together with the Wolff algorithm for cluster-flipping in a simulation of a 2 dimensional Ising model for which the results are known. The author of this Letter, Alan M. Ferrenburg of the University of Georgia, says that an algorithm must be tested together with the random number generator being used regardless of which tests the random number generator has passed on its own. In another development, Shu Tezuka of IBM, Tokyo and Pierre L'Ecuyer of the University of Montreal have proven that the Marsaglia-Zaman random number generators are "essentially equivalent" to linear congruential methods [2]. (Linear congruential number generators produced better results in Ferrenburg's simulations than random number generation algorithms that are of higher quality, however.) [1] Alan M. Ferrenburg, D.P. Landau, and Y. Joanna Wong, "Monte Carlo simulations: Hidden errors from 'good' random number generators", Phys. Rev. Lett., 69, pp. 3382-4, 1992. [2] Science News, v142, pg. 422, 1992. ------- End of Forwarded Message From mdiehl at triton.unm.edu Sun Apr 4 19:06:26 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Sun, 4 Apr 93 19:06:26 PDT Subject: PGP help and comments. In-Reply-To: Message-ID: <9304050206.AA13467@triton.unm.edu> > [lost attributions, sorry] So did I! ;^) > >> I could do an ascii upload of my secret key and never expose my > >> key to disk-storage. > > This is even more dangerous than storing it on the disks of a multi-user > > machine. Unless you are running in a kerberos environment it is trivial to > > snoop your upload off the network... > I don't find the risk of a real-time snoop to be as bad as the risk > of a future snoop finding my private key alongside encrypted files that > have been stored forever (backups). I am the writer of the original post, and I quite agree with the responce that said that this was a bad idea. The whole point in being secure, is being as secure as possible. > To mitigate either problem, how about having two layers of encryption: a > private key to decrypt files for reading on a public machine, and a second > public/private pair to reencrypt the files for storage and > transmission to the home machine. The public machine knows > the first private key (if snooped) and the second public key; only the > home machine knows the second private key. Snooping the first private You still have to store a secret key somewhere. And to do that, you must trust your system administrater..... > key compromises only unread and future messages until the key is > changed. Messages archived in the reencrypted state are secure, but > messages archived in the unread state with the first private key are > still compromised forever. Is backing up mail directories a common > practice? Are there (probably system-dependent) ways to avoid backups, > such as anticipating or detecting when backups are about to occur, > hidden directories, file permissions, etc? > > Also, this system introduces some user hostility, in that > reencrypted files cannot be read again until moved to the > home machine. It was suggested that I keep my public keyring on the mainframe and use it to read mail. When I want to send mail, I encrypt it at home and upload it into my mailer. This is what I do now. I forgot who you were, but you gave me a good idea. Thanx. > Another idea is to implement the relevant features of Kerberos in > a high-level client/server package that can be used to secure personal > network communications of this kind. The package could be distributed > with PGP. What are these features? I don't know what kerberos is. +----------------------+----------------------------------------------------+ | J. Michael Diehl ;-) | I thought I was wrong once. But, I was mistaken. | | +----------------------------------------------------+ | mdiehl at triton.unm.edu| "I'm just looking for the opportunity to be | | Thunder at forum | Politically Incorrect! | | (505) 299-2282 | | +----------------------+----------------------------------------------------+ From mdiehl at triton.unm.edu Sun Apr 4 23:38:08 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Sun, 4 Apr 93 23:38:08 PDT Subject: PGP help Message-ID: <9304050638.AA25783@triton.unm.edu> Hi all. The manual for pgp ver. 2.2 says that it can encrypt a file for receipt by multiple users, pgp -e file user1 user2. I can't seem to get it to work. It creates one file, readable by user1. I'm using the msdos version. What am I doing wrong? Thanx in advance. +----------------------+----------------------------------------------------+ | J. Michael Diehl ;-) | I thought I was wrong once. But, I was mistaken. | | +----------------------------------------------------+ | mdiehl at triton.unm.edu| "I'm just looking for the opportunity to be | | Thunder at forum | Politically Incorrect! | | (505) 299-2282 | | +----------------------+----------------------------------------------------+ From warlord at MIT.EDU Mon Apr 5 00:08:07 1993 From: warlord at MIT.EDU (Derek Atkins) Date: Mon, 5 Apr 93 00:08:07 PDT Subject: PGP help In-Reply-To: <9304050638.AA25783@triton.unm.edu> Message-ID: <9304050708.AA01498@deathtongue> -----BEGIN PGP SIGNED MESSAGE----- > The manual for pgp ver. 2.2 says that it can encrypt a file for receipt by > multiple users, pgp -e file user1 user2. I can't seem to get it to work. > It creates one file, readable by user1. I'm using the msdos version. > > What am I doing wrong? This should create a single file which is readable by both users, user1 and user2. Did you try giving this file to user2 and have them decrypt it? Is user2 using PGP 2.2, or an earlier version? It doesn't look like you are doing anything wrong... - -derek PGP 2 key available upon request on the key-server: pgp-public-keys at toxicwaste.mit.edu - -- Derek Atkins, MIT '93, Electrical Engineering and Computer Science Secretary, MIT Student Information Processing Board (SIPB) MIT Media Laboratory, Speech Research Group warlord at MIT.EDU PP-ASEL N1NWH -----BEGIN PGP SIGNATURE----- Version: 2.2 iQBuAgUBK7/awTh0K1zBsGrxAQGwKwLDBE/AgE5YY84RDMIcXa/qW7qEkgAd+jZW Wl5wXZDGrgbWZuZOiR9HKnEs4HzJtGrhi5DmDwPTVXu/rASU6trS1suk5thK/Fu8 TuDKvGX/6S+tOGQlgdRDdDg= =a8mO -----END PGP SIGNATURE----- From hughes at soda.berkeley.edu Mon Apr 5 11:58:33 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Mon, 5 Apr 93 11:58:33 PDT Subject: wpcrack on archive site Message-ID: <9304051855.AA28910@soda.berkeley.edu> I just put up Ron Dippold's wpcrack code up on the ftp site, a program that breaks the (very bad) encryption of Word Perfect files. The distribution is four files wpcrack.c wpcrack.doc wpuncryp.c wpuncryp.doc in directory pub/cypherpunks/cryptanalysis. The anonymous ftp site is soda.berkeley.edu. Eric From hughes at soda.berkeley.edu Mon Apr 5 17:28:01 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Mon, 5 Apr 93 17:28:01 PDT Subject: WB: public kiosks In-Reply-To: <199304041031.AA11760@well.sf.ca.us> Message-ID: <9304060025.AA04499@soda.berkeley.edu> >Re public kiosks; recall that Community Memory started the idea of >coin-operated kiosks years ago; and presumably still has terminals located >around town. For those of you not familiar with Community Memory, it is a Berkeley only system intended to make community stronger in Berkeley. Steven Levy wrote about it in _Hackers_. SFNET is an expanding commercial service; I want to use SFNET as an example a springboard for much wider deployment of public access to whistleblowing. Eric From stig at transam.ece.cmu.edu Mon Apr 5 19:42:37 1993 From: stig at transam.ece.cmu.edu (Jonathan Stigelman) Date: Mon, 5 Apr 93 19:42:37 PDT Subject: PGP help and comments. Message-ID: <243@x15_remote.stigmobile.usa> In message <9304040758.AA07164 at tigger.cc.utexas.edu> you write: > >This is even more dangerous than storing it on the disks of a multi-user >machine. Unless you are running in a kerberos environment it is trivial to >snoop your upload off the network, and even without that weakness you are >exposing yourself to the same problem that the docs mention (it is really >pretty easy to scan someone's terminal input) only you are giving them the >key outright instead of only giving them the passphrase to your key. > Yeah.... So if your key can be snooped off the net, so can your cleartext. To decript online, then, is akin to using only weak encription...which indicates only the desire for limited privacy. But if even if you do decript online, you're still protected from file snooping. What's needed is PGP decription built into your terminal program. stig From mdiehl at triton.unm.edu Tue Apr 6 00:44:07 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Tue, 6 Apr 93 00:44:07 PDT Subject: PGP error. Message-ID: <9304060743.AA28329@triton.unm.edu> When I use the following command line in a batch file, I get a Compression/ decompression error. No files are created. The contents of the batch file is: pgp -es %1 %2 Diehl Where %1 is the name of the file to send, and %2 is the other person's name. What am I doing wrong, or is ther a problem with my pgp? Thanx in advance. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.2 mQA9Aiu/jVAAAAEBgM2F5mSlCA+KRd6TXIrqmPfiiAEytwSttZs7Yua939GMu2mP JL+5Qpi/ZKqF2nAJAwAFEbQsSi4gTWljaGFlbCBEaWVobCwgMSwgPG1kaWVobEB0 cml0b24udW5tLmVkdT4= =lyvx -----END PGP PUBLIC KEY BLOCK----- From Marc.Ringuette at GS80.SP.CS.CMU.EDU Tue Apr 6 11:25:46 1993 From: Marc.Ringuette at GS80.SP.CS.CMU.EDU (Marc.Ringuette at GS80.SP.CS.CMU.EDU) Date: Tue, 6 Apr 93 11:25:46 PDT Subject: WB: public kiosks Message-ID: <9304061825.AA28189@toad.com> Public kiosks are OK as a simple and moderately effective technique for assuring anonymity, and they're ideal for a security-naive person who is unable to verify the security of a more complex system. But for my own use, I am much more confident in the security guarantee given by encryption on a portable computer and anonymizing using Chaum-style remailers... -- Marc Ringuette (mnr at cs.cmu.edu) From skyhawk at first.cac.washington.edu Tue Apr 6 12:47:52 1993 From: skyhawk at first.cac.washington.edu (Scott Northrop) Date: Tue, 6 Apr 93 12:47:52 PDT Subject: PGP and problems therewith. Message-ID: <9304061947.AA01322@first.cac.washington.edu> I was under the impression that there was a newsgroup for discussion of how to use PGP. I most certainly don't mind talk about how to most effectively use PGP (PC-based decryption of files on your unsecure unix box, for example), and I don't have much room for criticism given the nil that I've contributed to this forum. But please, in the name of all that's holy, could the How To Use PGP Q&A go somewhere else? Please? Scott PS - Did the list get the message by sand at u.washington.edu about the correct place to put hidden data in a JPEG image? Our mail reflector burped, and we didn't get that week... :( (Mail, please, don't reply to the list.) From shipley at tfs.COM Tue Apr 6 14:12:42 1993 From: shipley at tfs.COM (Peter Shipley) Date: Tue, 6 Apr 93 14:12:42 PDT Subject: PHRACK: Article from PHRACK 42 on encryption Message-ID: <9304062112.AA23379@edev0.TFS> >> Exposing factual errors and flaws in reasoning is left as an exercise >> for the reader. >> > >The flaws are big enough to drive a bakery truck through. Its trash. maybe you should do a better writeup and publish it in PHRACK or 2600? From karn at qualcomm.com Tue Apr 6 16:39:24 1993 From: karn at qualcomm.com (Phil Karn) Date: Tue, 6 Apr 93 16:39:24 PDT Subject: PGP help and comments. Message-ID: <9304062339.AA22656@servo> At 01:58 AM 4/4/93, Jim McCoy wrote: >J. Michael Diehl writes: >> >> I would like to use pgp on the mainframes, but don't want to store my secret >> key on their disks. >This is even more dangerous than storing it on the disks of a multi-user >machine. I agree 100%. Security packages like PGP are meaningful only when you have your own personal machine to run it on. Indeed, it would be nice if PGP could somehow tell when it is being run over a network, and severely warn the user when he is about to type something secret (like a passphrase). I don't know of any clean way to do it, though. Phil From karn at qualcomm.com Tue Apr 6 18:00:45 1993 From: karn at qualcomm.com (Phil Karn) Date: Tue, 6 Apr 93 18:00:45 PDT Subject: WB: public kiosks Message-ID: <9304070100.AA23113@servo> >Public kiosks are OK as a simple and moderately effective technique for >assuring anonymity, and they're ideal for a security-naive person who >is unable to verify the security of a more complex system. But for >my own use, I am much more confident in the security guarantee given by >encryption on a portable computer and anonymizing using Chaum-style >remailers... Indeed. By definition, a public kiosk is in a public area, with open access to all including the Bad Guy's agents and investigators. And tracking people's physical movements in public places is an art that investigators have had many years to refine and perfect. Many more than, say, factoring large RSA public keys... Phil From approach!douglas at approach.com Tue Apr 6 18:08:23 1993 From: approach!douglas at approach.com (Douglas Mason) Date: Tue, 6 Apr 93 18:08:23 PDT Subject: PHRACK: Article from PHRACK 42 on encryption Message-ID: > >> Exposing factual errors and flaws in reasoning is left as an exercise > >> for the reader. > >The flaws are big enough to drive a bakery truck through. Its trash. > maybe you should do a better writeup and publish it in PHRACK or 2600? I agree. Anyone can sit and say "Oh, that article is a piece of crap", but these same people never put their "money where their mouth is" and write an article of their own. I've written for both Phrack and 2600 and it sure as hell isn't hard to get something submitted. If you think you can do better by all means write an article and send it in. If trash is being published, why not try to correct it? If you have any problems with where to send it, I'll gladly forward you the address. Otherwise, shut the hell up. If you don't like your goverment, vote. If you don't like something that is published, write something yourself. It's not some type of elite club of writers, both publications welcome people of all walks to submit. --Doug --- Douglas Mason douglas at approach.com Network Administration CompuServe: 76646,3367 Approach Software Corporation +01 415.306.7890 From bmullane at ultrix.ramapo.edu Tue Apr 6 18:27:26 1993 From: bmullane at ultrix.ramapo.edu (James Bond-007) Date: Tue, 6 Apr 93 18:27:26 PDT Subject: please remove me Message-ID: <9304070131.AA20100@ultrix> please remove me from the mailing list i wish that i had the time to try to keep up with the list, but i dont i may rejoin at some time in the future thanks, Brian From huntting at glarp.com Tue Apr 6 18:50:25 1993 From: huntting at glarp.com (Brad Huntting) Date: Tue, 6 Apr 93 18:50:25 PDT Subject: "hacker" publications Message-ID: <199304070150.AA00873@misc.glarp.com> > PHRACK or 2600? Does anyone have a phone number and/or address for these or any other "hackers" publications? I've pretty much had it with the "legit" computer security information sources (CERT et al). Between the censorship and the untimely notification they are next to worthless for keeping abreast of computer and network security issues. thanx in advance, brad huntting at glarp.com P.S. I cant read Dutch (yet). From eggo at student.umass.edu Tue Apr 6 19:09:51 1993 From: eggo at student.umass.edu (Round Waffle) Date: Tue, 6 Apr 93 19:09:51 PDT Subject: "hacker" publications In-Reply-To: <199304070150.AA00873@misc.glarp.com> Message-ID: <9304070208.AA11409@titan.ucs.umass.edu> Possessed by The Unholy, Brad Huntting scrawled the following in blood: > > > > PHRACK or 2600? > > Does anyone have a phone number and/or address for these or any > other "hackers" publications? > > I've pretty much had it with the "legit" computer security information > sources (CERT et al). Between the censorship and the untimely > notification they are next to worthless for keeping abreast of > computer and network security issues. > > > thanx in advance, > brad > huntting at glarp.com 2600 Magazine PO Box 752 (for subscriptions) OR PO Box 99 (for letters/submissions) Middle Island, NY 11953-0752 (516) 751-2600 2600 at well.sf.ca.us $21 for 4 issues back issues are $25/year Phrack Magazine 603 W. 13th #1A-278 Austin, TX 78701 phrack at well.sf.ca.us +- eggo at titan.ucs.umass.edu --><-- Eat Some Paste -+ +- Yorn desh born, der ritt de gitt der gue, -+ +- Orn desh, dee born desh, de umn bork! bork! bork! -+ +----------------- The Durex Blender Corporation -----------------+ From fergp at sytex.com Tue Apr 6 19:28:27 1993 From: fergp at sytex.com (Paul Ferguson) Date: Tue, 6 Apr 93 19:28:27 PDT Subject: Smaller is better. Message-ID: On Mon, 05 Apr 93 12:36:09 PST, Jonathan Stigelman writes - JS> Yeah.... So if your key can be snooped off the net, so can your JS> cleartext. To decript online, then, is akin to using only weak JS> encription...which indicates only the desire for limited privacy. JS> But if even if you do decript online, you're still protected from JS> file snooping. JS> What's needed is PGP decription built into your terminal program. I think that you guys are missing the point here. IMHO, if you wish maximum assurance of security, than I'd suggest not trying to run programs such as PGP on a multi-user system to begin with! What's wrong with using a PC for this? It offfers a maximum convenience, single-user secure system quite unlike the security problems associated with your university's mainframe. The PC offers the communications availability and the flexibilty to provide an extremely high level of privacy, if you know what you're doing. You should try it sometime .... Cheers. Paul Ferguson | "Sincerity is fine, but it's no Network Integration Consultant | excuse for stupidity." Centreville, Virginia USA | -- Anonymous fergp at sytex.com (Internet) | sytex.com!fergp (UUNet) | 1:109/229 (FidoNet) | PGP 2.2 public encryption key available upon request. From shipley at merde.dis.org Tue Apr 6 20:01:18 1993 From: shipley at merde.dis.org (Peter shipley) Date: Tue, 6 Apr 93 20:01:18 PDT Subject: "hacker" publications Message-ID: <9304070233.AA02535@merde.dis.org> > >> PHRACK or 2600? > >Does anyone have a phone number and/or address for these or any >other "hackers" publications? > 2600: 2600 at well.sf.ca.us phrack: phrack at stormking.com (also see included file) InfoHax: see nestey at csn.org there is also a list called zardoz but I suspect it is dead. the main problem with these lists is that people want info but do not want to give up any of their secret. Some security lists I have been on insist that all members contribute something or they are droped from the list. -Pete ---- Included file - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - HOW TO SUBSCRIBE TO PHRACK MAGAZINE The distribution of Phrack is now being performed by the software called Listserv. All individuals on the Phrack Mailing List prior to your receipt of this letter have been deleted from the list. If you would like to re-subscribe to Phrack Inc. please follow these instructions: 1. Send a piece of electronic mail to "LISTSERV at STORMKING.COM". The mail must be sent from the account where you wish Phrack to be delivered. 2. Leave the "Subject:" field of that letter empty. 3. The first line of your mail message should read: SUBSCRIBE PHRACK 4. DO NOT leave your address in the name field! (This field is for PHRACK STAFF use only, so please use a full name) Once you receive the confirmation message, you will then be added to the Phrack Mailing List. If you do not receive this message within 48 hours, send another message. If you STILL do not receive a message, please contact "SERVER at STORMKING.COM". You will receive future mailings from "PHRACK at STORMKING.COM". If there are any problems with this procedure, please contact "SERVER at STORMKING.COM" with a detailed message. You should get a conformation message sent back to you on your subscription. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ---- End of Included file From mdiehl at triton.unm.edu Tue Apr 6 20:28:44 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Tue, 6 Apr 93 20:28:44 PDT Subject: Smaller is better. In-Reply-To: Message-ID: <9304070327.AA23357@triton.unm.edu> Well, I guess I started this thread, so lets see if I can finish it... ;^) > On Mon, 05 Apr 93 12:36:09 PST, > Jonathan Stigelman writes - > JS> Yeah.... So if your key can be snooped off the net, so can your > JS> cleartext. To decript online, then, is akin to using only weak > JS> encription...which indicates only the desire for limited privacy. > JS> But if even if you do decript online, you're still protected from > JS> file snooping. This is akin to using an umbrella with a hole in it and saying, "Well, at least my face doesn't get wet. If you want to stay dry, you want to stay COMPLETELY dry. > JS> What's needed is PGP decription built into your terminal program. Someone posted a program, link, that would encrypt modem communcations. Would you post an address for it. I can't find where I put it. > I think that you guys are missing the point here. IMHO, if you wish > maximum assurance of security, than I'd suggest not trying to run > programs such as PGP on a multi-user system to begin with! What's > wrong with using a PC for this? It offfers a maximum convenience, > single-user secure system quite unlike the security problems > associated with your university's mainframe. This is, IMHO, the best solution. BTW, I have several telix scripts that make it actually convenient, even at 1200 baud! (gak!). I would post them, but they are trivial. Thanx, Phantom, for the suggestion. What we need here is a "security package" that we distribute in an effort to make it easier to use secure practices. > The PC offers the communications availability and the flexibilty to > provide an extremely high level of privacy, if you know what you're > doing. And many people don't... I've taken a minor flame or two for asking for help with using pgp on this list. The whole point of this list, IMHO, is to make strong security practices as easy and as wide-spread as possible. Correct me if I'm wrong. +----------------------+----------------------------------------------------+ | J. Michael Diehl ;-) | I thought I was wrong once. But, I was mistaken. | | +----------------------------------------------------+ | mdiehl at triton.unm.edu| "I'm just looking for the opportunity to be | | Thunder at forum | Politically Incorrect! | | (505) 299-2282 | | +----------------------+----------------------------------------------------+ From dlr at world.std.com Tue Apr 6 21:09:38 1993 From: dlr at world.std.com (David L Racette) Date: Tue, 6 Apr 93 21:09:38 PDT Subject: Mac PGP on The Well Message-ID: <199304070409.AA00146@world.std.com> I was just reading in the EFF conference on the Well that they have asked that the pgp version for the mac be removed ...at least temporarily because of the possible legal problems. I don't use a mac and already have a copy thankak you anyway From fnordbox!loydb at cs.utexas.edu Wed Apr 7 00:23:17 1993 From: fnordbox!loydb at cs.utexas.edu (Loyd Blankenship) Date: Wed, 7 Apr 93 00:23:17 PDT Subject: hello? Message-ID: <9304070532.AA00biv@fnordbox.UUCP> I hate messages like this one, but is this list sick? I haven't gotten anything for many days . . . Loyd *************************************************************************** * loydb at fnordbox.UUCP SJ Games: 1 * Loyd Blankenship * * GEnie: SJGAMES US Secret Service: 0 * PO Box 18957 * * Compu$erve: [73407,515] * Austin, TX 78760 * * cs.utexas.edu!dogface!fnordbox!loydb * 512/447-7866 * *************************************************************************** From Doug.Brightwell at Corp.Sun.COM Wed Apr 7 06:47:15 1993 From: Doug.Brightwell at Corp.Sun.COM (Doug Brightwell) Date: Wed, 7 Apr 93 06:47:15 PDT Subject: Mac PGP 2.2 Sites? Message-ID: <9304071346.AA12241@media.Corp.Sun.COM> Anyone know of any ftp sites where I could find the new 2.2 version? Thanks, Doug From warlord at MIT.EDU Wed Apr 7 07:08:28 1993 From: warlord at MIT.EDU (Derek Atkins) Date: Wed, 7 Apr 93 07:08:28 PDT Subject: Mac PGP 2.2 Sites? In-Reply-To: <9304071346.AA12241@media.Corp.Sun.COM> Message-ID: <9304071408.AA01175@toxicwaste.MEDIA.MIT.EDU> -----BEGIN PGP SIGNED MESSAGE----- The sites I know of that carry MacPGP 2.2 are: black.ox.ac.uk (129.67.1.165) /src/security/macpgp2.2.cpt.hqx (Macintosh version) ftp.demon.co.uk (158.152.1.65) /pub/ibmpc/pgp/MacPGP2.2 (Macintosh version) nic.funet.fi (128.214.6.100) /pub/crypt/MacPGP2.2 soda.berkeley.edu (128.32.149.19) /pub/cypherpunks/pgp/macpgp2.2.cpt.hqx night.nig.ac.jp (133.39.16.66) /pub/security/PGP/MacPGP2.2 Enjoy! - -derek PGP 2 key available upon request on the key-server: pgp-public-keys at toxicwaste.mit.edu - -- Derek Atkins, MIT '93, Electrical Engineering and Computer Science Secretary, MIT Student Information Processing Board (SIPB) MIT Media Laboratory, Speech Research Group warlord at MIT.EDU PP-ASEL N1NWH -----BEGIN PGP SIGNATURE----- Version: 2.2 iQBuAgUBK8LgNzh0K1zBsGrxAQFqLwLFFGWzH5+NH/oGZq5Bv/TwkZeW47CEQwCC is1ZoVB8djkqZk7kD6IMpL552zly4q0mYfo7y2QKH/BJNQ7CcABSVReEd9uT5t+X UfHBYXgC+5zXi7AphDvRqIE= =Dbf7 -----END PGP SIGNATURE----- From approach!douglas at approach.com Wed Apr 7 08:28:27 1993 From: approach!douglas at approach.com (Douglas Mason) Date: Wed, 7 Apr 93 08:28:27 PDT Subject: PHRACK: Article from PHRACK 42 on encryption Message-ID: > groups like sci.crypt already have some pretty good documents. > There is no need for spreading of misinfomation like phrack. The problem is that Phrack has a distribution that goes in other directions, where a simple Usenet newsgroup can not reach. I've seen files from past Phrack issues available on Public Domain archive sets for BBS's. Phrack has been around for quite a while now and unlike a lot of the other series on-line mags, it is probably going to be around for a while longer. CuD and the likes are great for news, but where else can you find somewhat lengthy papers on various topics? Even if most of it is elementary, there is always something interesting in each issue, even if it is just to see some of the personalities that are out there. Like it or not, piece of crap or otherwise, it does get around. It's going through ownership changes and probably would like to find some people that would be willing to help out with "cleaning" it up. Why not help? --Doug --- Douglas Mason douglas at approach.com Network Administration CompuServe: 76646,3367 Approach Software Corporation +01 415.306.7890 From cls6 at midway.uchicago.edu Wed Apr 7 08:37:46 1993 From: cls6 at midway.uchicago.edu (Cory Scott) Date: Wed, 7 Apr 93 08:37:46 PDT Subject: Mac PGP 2.2 Sites? Message-ID: <9304071537.AA09036@midway.uchicago.edu> >Anyone know of any ftp sites where I could find the new 2.2 version? Try soda.berkeley.edu /pub/cypherpunks/pgp. If that's, for some reason impossible, I will send it (Binhexed) to anyone who wants a copy. Cory Cory L. Scott ----------------------------------------------------------- Computing Assistant and Consultant Phoenix Project, Biological Sciences Division University of Chicago cls6 at midway.uchicago.edu ----------------------------------------------------------- Member, U of C Student Computing Issues Committee From robichau at lambda.msfc.nasa.gov Wed Apr 7 08:59:02 1993 From: robichau at lambda.msfc.nasa.gov (Paul Robichaux) Date: Wed, 7 Apr 93 08:59:02 PDT Subject: PHRACK: my draft reply to the crypt article Message-ID: <9304071558.AA12663@lambda.msfc.nasa.gov> Attached is a short rebuttal or reply to the PHRACK article I posted last week. I'd appreciate comments and suggestions on how to improve it- my knowledge is far behind Marc, Tim, Perry, and many of the others on this list. So, I got off my butt. Hopefully this will satisfy Doug :) -Paul My background: I've been into the scene for about 12 years. My day job is writing unix s/w for a NASA contractor. My night job... well, never mind that. I have a strong amateur interest in crypto, and I'd like to share some of what people in the usenet/internet community have been kind enough to teach me. Racketeer sez: > If you think that the world of the Hackers is deeply shrouded with >extreme prejudice, I bet you can't wait to talk with crypto-analysts. These >people are traditionally the biggest bunch of holes I've ever laid eyes on. In >their mind, people have been debating the concepts of encryption since the >dawn of time, and if you come up with a totally new method of data encryption, > -YOU ARE INSULTING EVERYONE WHO HAS EVER DONE ENCRYPTION-, mostly by saying >"Oh, I just came up with this idea for an encryption which might be the best >one yet" when people have dedicated all their lives to designing and breaking >encryption techniques -- so what makes you think you're so fucking bright? One real reason for this reaction is that people _have_ been studying encryption for 100 years or so. As a result, many simple cryptosystems are continuallly being reinvented by people who haven't ever made even a simple study of cryptosystems. Imagine if someone came up to you and said "Wow! I just found a totally K00L way to send fake mail! It's radical! No one's ever thought of it before!" You'd laugh, right? _Anyone_ can figure out how to forge mail. Well, _anyone_ can come up with the n-th variation of the Vigniere or substitution cipher. An even more important reason for their 'tude is that cypherpunks are suspicious by nature. A key principle of crypto is that you can only trust algorithms that have been made public and thoroughly picked over. Without that public scrutiny, how can you trust it? The feds' Digital Signature Standard (DSS) got raked in the crypto and industry press because the feds wouldn't disclose details of the algorithm. "How do we know it's secure?" the cypherpunks asked. "We won't use it if we don't know it's secure!" Point being: (for those of you who skipped over) cypherpunks trust NO ONE when the subject is encryption algorithms. Maybe J. Random Hacker has come up with a scheme faster and more secure than, say, RSA. If JRH won't share the details, no one will use it. Racketeer goes on to talk about DES. It's fairly clear that for a known-ciphertext attack (i.e. you have a block of encoded text, but neither the key nor the plaintext) will, at worst, require 2^56 decryption attempts. Various schemes for parallel machines and so forth have been posted in sci.crypt. Does the NSA have something that can crack DES? Probably. My claim would be that cracking passwords is (at minimum) order-of-magnitude faster than a known-ciphertext attack against a "typically secure" ciphertext. By typically secure, I mean one encrypted with DES in CBC mode (_not_ the more common and easier-to-implement ECB mode) using a strong key (not a password of "123", for example.) Remember that DES is mostly used for short-lived session keys. ATMs are a good example; they typically use a DES key for one communication session with the central bank. New session, new key. DES is _not_ very well suited for long-term encryption, since it can probably be attacked in "reasonable" time by a determined, well-equipped opponent. Now, on to PGP. Pretty Good Software was indeed threatened with a lawsuit by Public Key Partners (PKP). PKP holds the patent on the RSA public-key algorithm. (Many people, me included, don't think that the patent would stand up in court; so far, no one's tried.) The nice thing about PGP is that it offers IDEA and RSA in a single, well-integrated package. When you encrypt a file, PGP generates an IDEA session key, which is then encrypted with RSA. An opponent would have to either a) exhaustively search the entire IDEA key space or b) break RSA to decrypt the file without the password. Racketeer also mentions that PGP can optionally compress files before encryption. There's a solid crypto reason behind this, too. One well-known and successful way to attack an encrypted file is to look for patterns of repeated characters. Since the statistical frequencies of word and letter use in English (and many other languages; some folks have even compiled these statistics for Pascal & C!) are well-known, comparing the file contents with a statistical profile can give some insight into the file's contents. By compressing files before encrypting them, PGP is moving the redundancy out of the text and into the small dictionary of compression symbols. You'd still have to decrypt the file before you could do anything useful with that dictionary, or even to determine that it _had_ a signature! -- Paul Robichaux, KD4JZG | May explode if disposed of improperly. NTI Mission Software Development Div. | RIPEM key on request. From mccoy at ccwf.cc.utexas.edu Wed Apr 7 09:25:24 1993 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Wed, 7 Apr 93 09:25:24 PDT Subject: Smaller is better. In-Reply-To: Message-ID: <9304071625.AA25481@flubber.cc.utexas.edu> fergp at sytex.com (Paul Ferguson) writes: > > On Mon, 05 Apr 93 12:36:09 PST, > Jonathan Stigelman writes - > > JS> [pgp on multi-user systesm stuff] > > I think that you guys are missing the point here. IMHO, if you wish > maximum assurance of security, than I'd suggest not trying to run > programs such as PGP on a multi-user system to begin with! What's > wrong with using a PC for this? It offfers a maximum convenience, > single-user secure system quite unlike the security problems > associated with your university's mainframe. Some people either do not have the option, or need the convenience of a multi-user system. My PC is sitting at home with a toasted modem (waiting for a Paradyne to arrive... :) and even when it is running fine I spend 8-12 hours a day working on multi-user systems with connectivity that is light-years beyond what my PC has. If I want to send out am email message and do not want to spend an hour walking home, encrypting it, walking back, and then transferring the file and sending it I will use my copy of PGP on a multi-user machine. I have a different key that I use (my key on a server) for this type of communication and accept and understand the consequences of using PGP in this manner. As long as the user knows the weaknesses of the system they are using they should make thier own choices regarding how to use PGP. You may consider your PC at home to be completely safe and secure, but unless you recognize the weaknesses of that particular setup you are not reaching the "maximum assurance of security" that you claim. jim From sean at gomez.Jpl.Nasa.Gov Wed Apr 7 10:20:01 1993 From: sean at gomez.Jpl.Nasa.Gov (Sean Barrett) Date: Wed, 7 Apr 93 10:20:01 PDT Subject: Remailers Message-ID: <9304071720.AA00382@gomez.Jpl.Nasa.Gov> Would someone be so good as to mail me the list of anonymous remailers? My copy was lost in a backup-restore cycle. Thanks. From elee9sf at Menudo.UH.EDU Wed Apr 7 10:49:29 1993 From: elee9sf at Menudo.UH.EDU (Karl Barrus) Date: Wed, 7 Apr 93 10:49:29 PDT Subject: ANON: list of remailers Apr 7, 1993 Message-ID: <199304071749.AA04629@Menudo.UH.EDU> Sorry this is late, but I was delaying waiting for the uclink remailer's public key to be released, plus, I'm still not getting responses from remailer at dis.org (but at least I'm not getting bounced mail). Some users have informed me that they were able to use remailer at dis.org, so that's good! -----BEGIN PGP SIGNED MESSAGE----- Q1: What cypherpunk remailers exist? A1: 1: hh at pmantis.berkeley.edu 2: hh at cicada.berkeley.edu 3: hh at soda.berkeley.edu 4: nowhere at bsu-cs.bsu.edu 5: ebrandt at jarthur.claremont.edu 6: hal at alumni.caltech.edu 7: remailer at rebma.mn.org 8: elee7h5 at rosebud.ee.uh.edu 9: phantom at mead.u.washington.edu 10: hfinney at shell.portal.com 11: remailer at utter.dis.org 12: 00x at uclink.berkeley.edu 13: remail at extropia.wimsey.com NOTES: #1-#5 remail only, no encryption of headers #6-#12 support encrypted headers #13 special - header and message must be encrypted together #7,#13 introduce larger than average delay #11 CANNOT CONFIRM OPERATION YET! TEST BEFORE ATTEMPTING TO USE. * #12 public key not yet released ====================================================================== Q2: What help is available? A2: Check out the pub/cypherpunks directory at soda.berkeley.edu (128.32.149.19). Instructions on how to use the remailers are in the remailer directory, along with some unix scripts and dos batch files. Mail to me (elee9sf at menudo.uh.edu) for further help and/or questions. ====================================================================== * I've had others tell me that they have successfully used this remailer, but I still don't get any responses...will keep trying! -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK8MS/YOA7OpLWtYzAQGgvwQAll6hwIfabxKGdtCSNPUa3M3RCBaqzPT2 VM+k8O94IVxAqX+RUMzRGUVJigrj+5XcNicX1ZvE61rh5InLbzqvUS8mQNbss6wr b098F0uHyCQCKCF13lzkLU0Gu+HxE+LoBuhaTiwonvcbQYgH+2+lhoU9yAbfduIq 9Syr3gaf3fk= =W8vL -----END PGP SIGNATURE----- From 0005857625 at mcimail.com Wed Apr 7 10:55:41 1993 From: 0005857625 at mcimail.com (Michael McMahon) Date: Wed, 7 Apr 93 10:55:41 PDT Subject: Real-time BBS Encryption?? Message-ID: <01930407174710/0005857625DC2EM@mcimail.com> I thought of this the other day, but don't know enough about programming and cryptography to do it, or if it actually could be done. Anyways, I figured I'd share it with all of you and see if anyone has any ideas. Here's the situation: We all know that some advanced computer systems have real-time encryption built into all modem connections. When a bank branch dials into the main office the entire transmission may be encrypted. This occurs even between terminal connections and the host. I'm wondering if there is a way to do this with PCs? Say I'm setting up a computer bulletin board for my company that is going to run off of a DOS PC. Is there a way to encrypt a remote users entire connection with the BBS, so that they would have to have a special term program to access the system? It would be best if the user only had to load a device driver or something so that they wouldn't all have to use the same comm program. Could this be done by loading a special device driver on both the host and remote so that all data going through com port 2 (or whatever) is encrypted? Anybody know if something like this is available? * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * Mike McMahon * * Internet: 585-7625 at mcimail.com * * PGP Fingerprint: 95 F9 2A 1B 81 4F D8 31 56 ED BC A5 4F 64 A7 02 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *  From pmetzger at shearson.com Wed Apr 7 11:22:45 1993 From: pmetzger at shearson.com (Perry E. Metzger) Date: Wed, 7 Apr 93 11:22:45 PDT Subject: PHRACK: Article from PHRACK 42 on encryption Message-ID: <9304071652.AA02691@snark.shearson.com> Douglas Mason says: > > > > >> Exposing factual errors and flaws in reasoning is left as an exercise > > >> for the reader. > > > >The flaws are big enough to drive a bakery truck through. Its trash. > > > maybe you should do a better writeup and publish it in PHRACK or 2600? > > I agree. Anyone can sit and say "Oh, that article is a piece of crap", but > these same people never put their "money where their mouth is" and write an > article of their own. > > I've written for both Phrack and 2600 and it sure as hell isn't hard to get > something submitted. If you think you can do better by all means write an > article and send it in. If trash is being published, why not try to correct > it? Because I lack an interest in doing so? Anyway, there is no need, as the PGP manual is very good and actually explains things properly. Lots of fine articles have already been written on all sorts of cryptography subjects. > If you have any problems with where to send it, I'll gladly forward you the > address. > > Otherwise, shut the hell up. Why should I? The article WAS crap. > If you don't like your goverment, vote. I'm an anarchist. You might as well say to an atheist "if you don't like Catholicism, start a schism." Perry From mccoy at ccwf.cc.utexas.edu Wed Apr 7 11:36:18 1993 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Wed, 7 Apr 93 11:36:18 PDT Subject: Real-time BBS Encryption?? In-Reply-To: <01930407174710/0005857625DC2EM@mcimail.com> Message-ID: <9304071836.AA26678@flubber.cc.utexas.edu> Michael McMahon <0005857625 at mcimail.com> writes: [...] > I'm wondering if there is a way to do [end-to-end encryption] with PCs? > Is there a way to encrypt a remote users entire connection with the BBS, > so that they would have to have a special term program to access the > system? Sure, no problem, provided you are willing to do a lot of coding... The basic idea would be to use public-key encryption to do a short negotigiation of a one-time key to use for DES/IDEA encryption of the session. You could then use a public key for the system as a whole (with which the users can encrypt thier personal public keys for uploading during the initial connection) and the user's public key to send the key transmitted from the BBS for the session. All that would be necessary is for you to add a bit of code to the comm program so that it would recognize when it was talking to a system such as this and do the right thing when needed (the actual encryption code is readily available in systems like PGP and the various DES implementations out there.) The downside is that there are a lot of terminal programs out there for microcomputers and not many supply source code for such modifications. I had thought about using such a system when planning out a raid-proof 386BSD system and the hassles of trying to get at least one program to do this for every platform that might want to connect to such a BBS was more work that I wanted to do. Perhaps as an option (e.g. one line using end-to-end encryption and others normal) for connecting to a system, but if all the lines are done like this you will probably find making it difficult for people to connect like this keeps people away from the system. jim From fen at genmagic.genmagic.com Wed Apr 7 12:04:16 1993 From: fen at genmagic.genmagic.com (Fen Labalme) Date: Wed, 7 Apr 93 12:04:16 PDT Subject: FLAME: Perry M. vs. taking action (was: Re: PHRACK...) Message-ID: <9304071904.AA17502@> Perry - > > If you don't like your goverment, vote. > > I'm an anarchist. You might as well say to an atheist "if you don't > like Catholicism, start a schism." I, too, aspire towards anarchy, but I don't ignore the tools around me. Not voting in today's society is a cop out. It is most certainly not perfect, and the choices suck, but it remains one of the major voices you have today in the world. Anarchy works best when people are informed. Education is key. Simply bad-mouthing other's works is not giving people a choice to decide which of two views they feel are better. Rather, it just fuels the fires of apathy (that the governemnt have been fanning for so long). Cypherpunks are trying to change the world. Sounds like you're just going to whine about it. Positive action will always be more effective. And better received. Fen PS: I must say that with your lack of content in your posts, if I had a filter on my email, it would filter out yours. From hughes at soda.berkeley.edu Wed Apr 7 12:39:02 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Wed, 7 Apr 93 12:39:02 PDT Subject: Real-time BBS Encryption?? In-Reply-To: <01930407174710/0005857625DC2EM@mcimail.com> Message-ID: <9304071935.AA26846@soda.berkeley.edu> Re: encrypting modem links >I'm wondering if there is a way to do this with PCs? Yes, with difficulty, and not transparently. >Is there a way to encrypt a remote users entire connection with >the BBS, so that they would have to have a special term program to access >the system? For PC's, replacing the terminal software is really the best way. There is no effective abstraction of serial port hardware in the PC world. The int 0x14 driver in the BIOS was rampantly defective, and MSDOS does not provide a standard interface. As a result, almost all comm software on PC's talks to the serial port directly. Now in MS Windows, there is abstraction for ther serial ports, but I don't know how easy it is to insert a device layer. >It would be best if the user only had to load a device driver >or something so that they wouldn't all have to use the same comm program. It might be possible, using a 386, to make a driver that acted as if it were hardware but actually did encryption. Ick. Reliability and cross-program compatibility would be shit. And it would have to be made compatible with whatever else was taking over the 386. Remember: I hate DOS. Eric From hughes at soda.berkeley.edu Wed Apr 7 12:46:31 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Wed, 7 Apr 93 12:46:31 PDT Subject: WB: public kiosks In-Reply-To: <9304070100.AA23113@servo> Message-ID: <9304071943.AA27401@soda.berkeley.edu> I thank Marc Ringuette and Phil Karn for their comments on public kiosks. They remind me that public kiosks are not a panacea, and that we need to educate others to that awareness. Nevertheless, let us remember the econmonics of the situation. It is expensive to follow people around--more expensive, say, than an illegal tap on a home phone line. By increasing the cost of the suppression of information, one ensures that more information, in the aggregate, is released. We may not be able to provide for any particular individual's privacy, but we can take actions for which we know that we will increase the total amount of privacy (however hard that would be to strictly define). Eric From hughes at soda.berkeley.edu Wed Apr 7 13:08:41 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Wed, 7 Apr 93 13:08:41 PDT Subject: April 10 meeting Message-ID: <9304072002.AA28305@soda.berkeley.edu> Last month at Cypherpunks West, we decided that meetings would be held monthly on the second Saturday. So, for any of you planning to be in the area any time, keep this in mind. The April meeting for Cypherpunks West will be April 10, 1993. There was some delay getting this announcement out because our normal meeting sponsor, John Gilmore, will be out of town. Mike Werner, also of Cygnus, will be sponsoring our meeting at the same location, so there's no need to change plans. Thanks, Mike! ANNOUNCEMENT Cypherpunks West April Meeting Saturday, April 10, 1993 12:00 noon - 6:00 pm PDT Cygnus Support Offices, Mt. View (directions follow) Contact Mike Werner for physicalities: mtw at cygnus.com, 415-903-1421. AGENDA Arthur Abraham on hash functions Mail services (works in progress) Secure phones (updates) Other stuff as announced If you have anything you want to talk about, send me mail: hughes at soda.berkeley.edu DIRECTIONS Cygnus Support 1937 Landings Drive Mt. View, CA 94043 +1 415 903 1400 switchboard +1 415 903 1418 John Gilmore (out of town, see note above) Take US 101 toward Mt. View. From San Francisco, it's about a 40-minute drive. Get off at the Rengstorff Ave/Amphitheatre Parkway exit. If you were heading south on 101, you curve around to the right, cross over the freeway, and get to a stoplight. If you were heading north on 101, you just come right off the exit to the stoplight. The light is the intersection of Amphitheatre and Charleston Rd. Take a right on Charleston; there's a right-turn-only lane. Follow Charleston for a short distance. You'll pass the Metaphor/Kaleida buildings on the right. At a clump of palm trees and a "Landmark Deli" sign, take a right into Landings Drive. At the end of the road, turn left into the complex with the big concrete "Landmark" sign. Follow the road past the deli til you are in front of the clock tower that rises out of one of the buildings, facing you. Enter through the doors immediately under the clock tower. They'll be open between noon and 1PM at least. (See below if you're late.) Once inside, take the stairs up, immediately to your right. At the top of the stairs, turn right past the treetops, and we'll be in 1937 on your left. The door is marked "Cygnus". If you are late and the door under the clock tower is locked, you can walk to the deli (which will be around the building on your left, as you face the door). Go through the gate in the fence to the right of the deli, and into the back lawns between the complex and the farm behind it. Walk forward and right around the buildings until you see a satellite dish in the lawn. Go up the stairs next to the dish, which are the back stairs into the Cygnus office space. We'll prop the door (or you can bang on it if we forget). Or, you can find the guard who's wandering around the complex, who knows there's a meeting happening and will let you in. They can be beeped at 965 5250, though you'll have trouble finding a phone. Don't forget to eat first, or bring food at noon! I recommend hitting the burrito place on Rengstorff (La Costen~a) at about 11:45. To get there, when you get off 101, take Rengstorff (toward the hills) rather than Amphitheatre (toward the bay). Follow it about ten blocks until the major intersection at Middlefield Road. La Costen~a is the store on your left at the corner. You can turn left into the narrow lane behind the store, which leads to a parking lot, and enter by the front door, which faces the intersection. To get to the meeting from there, just retrace your route on Rengstorff, go straight over the freeway, and turn right at the stoplight onto Charleston; see above. See you there! John Gilmore From pmetzger at shearson.com Wed Apr 7 13:10:25 1993 From: pmetzger at shearson.com (Perry E. Metzger) Date: Wed, 7 Apr 93 13:10:25 PDT Subject: FLAME: Perry M. vs. taking action (was: Re: PHRACK...) In-Reply-To: <9304071904.AA17502@> Message-ID: <9304071953.AA02995@snark.shearson.com> Fen Labalme says: > Perry - > > > > If you don't like your goverment, vote. > > > > I'm an anarchist. You might as well say to an atheist "if you don't > > like Catholicism, start a schism." > > I, too, aspire towards anarchy, but I don't ignore the tools around me. [...] This isn't appropriate to this list -- I'm replying in private mail. .pm From pozar at kumr.lns.com Wed Apr 7 13:16:33 1993 From: pozar at kumr.lns.com (Tim Pozar) Date: Wed, 7 Apr 93 13:16:33 PDT Subject: Real-time BBS Encryption?? In-Reply-To: <9304071935.AA26846@soda.berkeley.edu> Message-ID: Eric Hughes wrote: > >Is there a way to encrypt a remote users entire connection with > >the BBS, so that they would have to have a special term program to access > >the system? > > For PC's, replacing the terminal software is really the best way. > There is no effective abstraction of serial port hardware in the PC > world. The int 0x14 driver in the BIOS was rampantly defective, and > MSDOS does not provide a standard interface. > > As a result, almost all comm software on PC's talks to the serial port > directly. Now in MS Windows, there is abstraction for ther serial > ports, but I don't know how easy it is to insert a device layer. > > >It would be best if the user only had to load a device driver > >or something so that they wouldn't all have to use the same comm program. > > It might be possible, using a 386, to make a driver that acted as if > it were hardware but actually did encryption. Ick. Reliability and > cross-program compatibility would be shit. And it would have to be > made compatible with whatever else was taking over the 386. Using something like a FOSSIL driver (a replacement serial port driver that many BBSes use) you could do this. I would imagine that it would only encode when carrier is up and the BBS software sends an INT14 AX=xx instruction to turn on encryption. Tim -- Internet: pozar at kumr.lns.com FidoNet: Tim Pozar @ 1:125/555 Snail: Tim Pozar / KKSF / 77 Maiden Lane / San Francisco CA 94108 / USA POTS: +1 415 788 2022 Radio: KC6GNJ / KAE6247 From jet at nas.nasa.gov Wed Apr 7 13:35:21 1993 From: jet at nas.nasa.gov (J. Eric Townsend) Date: Wed, 7 Apr 93 13:35:21 PDT Subject: Real-time BBS Encryption?? In-Reply-To: Message-ID: <9304072035.AA14210@boxer.nas.nasa.gov> What about a streams module that does encryption? Of course, it'd require people to run a real OS instead of dos/system... -- J. Eric Townsend jet at nas.nasa.gov 415.604.4311 NASA Ames Numerical Aerodynamic Simulation | play: jet at well.sf.ca.us Parallel Systems Support, CM-5 POC | '92 R100R / DoD# 0378 PGP2.1 public key available upon request or finger jet at simeon.nas.nasa.gov From sward+ at cmu.edu Wed Apr 7 13:38:27 1993 From: sward+ at cmu.edu (David Reeve Sward) Date: Wed, 7 Apr 93 13:38:27 PDT Subject: Real-time BBS Encryption?? In-Reply-To: <9304071935.AA26846@soda.berkeley.edu> Message-ID: Excerpts from internet.cypherpunks: 7-Apr-93 Real-time BBS Encryption?? by Eric Hughes at soda.berkele > For PC's, replacing the terminal software is really the best way. > There is no effective abstraction of serial port hardware in the PC > world. The int 0x14 driver in the BIOS was rampantly defective, and > MSDOS does not provide a standard interface. > > As a result, almost all comm software on PC's talks to the serial port > directly. Now in MS Windows, there is abstraction for ther serial > ports, but I don't know how easy it is to insert a device layer. Actually, there is a rather old (for the PC) abstraction called FOSSIL (Fido Opus Seadog Serial Interface Layer ... or so). It is essentially an extention/replacement for the BIOS int 0x14 driver. It is certainly possible to further extend this for encryption by adding some functions to the interface. The two FOSSILs I know of are X00 and BNU - They can be found in oak.oakland.edu:/pub/msdos/fossil -- David Sward sward+ at cmu.edu From trump at pluto.ee.cua.edu Wed Apr 7 13:52:27 1993 From: trump at pluto.ee.cua.edu (Louis Edward Trumpbour) Date: Wed, 7 Apr 93 13:52:27 PDT Subject: well Message-ID: <9304072053.AA17147@pluto.ee.cua.edu> if anyone comes up with a solution to the bbs encryption problem then get to me ... i plan on starting a Waffle based BBS that may have "sensitive" information on line in subs and in files... you all know the story... well if i could have this encryption feature i would be most happy... i have looked into this a bit but to my suprise it has comeup on the list... as for the problem of d distribution of the program the would encryp and decrypt via modem and bbs, i have that pretty much taken care of already... thanks Clovi /s ^ been bbsing for too long From mrnoise at econs.umass.edu Wed Apr 7 14:02:38 1993 From: mrnoise at econs.umass.edu (Mr. Noise) Date: Wed, 7 Apr 93 14:02:38 PDT Subject: PGP: suggestions from the trench In-Reply-To: <9304032057.AA06227@netcom.netcom.com> Message-ID: <9304072102.AA20984@titan.ucs.umass.edu> > Taking all these factors into consideration, I would suggest that > the *minimum* size of the RSA modulus available for PGP is 1024 > bits with a minimum ceiling of 2048 bits (or even more). If for > performance reasons on certain platforms 1024 is deemed > impossibly slow, then a lesser number of bits ought to be > permitted *provided* that the security level for any key length > under, say, 768 bits is clearly labeled "TOY GRADE". While I agree that keys of greater lengths out to be made available for those fortunate enough to possess platforms powerful enough to use them, your choice of words--'TOY GRADE'--is, perhaps, unfortunate. Every user of PGP has different reasons for needing/wanting encryption, & not all users need the sort of protection that can withstand a determined attack mustered by cryptographic experts. Some users, frankly, just don't like people snooping into their private mail, & therefore use PGP encryption as an 'envelope'. Sure, the 'envelope' can be 'steamed open', but it's not likely to be worth the trouble if you have no major secrets to conceal... From mark at coombs.anu.edu.au Wed Apr 7 14:15:29 1993 From: mark at coombs.anu.edu.au (Mark) Date: Wed, 7 Apr 93 14:15:29 PDT Subject: Real-time BBS Encryption?? Message-ID: <9304072115.AA22888@coombs.anu.edu.au> >What about a streams module that does encryption? Of course, it'd >require people to run a real OS instead of dos/system... You might want to look at the link.tar.Z program newsham at wiliki.eng.hawaii.edu wrote. THe server is currently unix based but it should be transportable. It uses pgp to swap des session key and happily talks away. There are still some bugs and when he has the time they will be taken care of. The client is written for an amiga at the moment, I havent had the opportunity to do the ibm port yet. Contact him at the above address. He is busy with studies but you might get some joy from emailing him. Hope this helps Mark mark at coombs.anu.edu.au From karn at qualcomm.com Wed Apr 7 14:23:13 1993 From: karn at qualcomm.com (Phil Karn) Date: Wed, 7 Apr 93 14:23:13 PDT Subject: Real-time BBS Encryption?? Message-ID: <9304072122.AA29477@servo> Actually, I think a much more powerful solution is to run TCP/IP over the serial link and to encrypt individual IP datagrams. This is the charter of the IETF "ip-security" working group, and there is already a prototype implementation of one approach working. Phil From mdiehl at triton.unm.edu Wed Apr 7 14:32:22 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Wed, 7 Apr 93 14:32:22 PDT Subject: Real-time BBS Encryption?? Message-ID: <9304072132.AA14268@triton.unm.edu> > Re: encrypting modem links > >I'm wondering if there is a way to do this with PCs? > Yes, with difficulty, and not transparently. > > >Is there a way to encrypt a remote users entire connection with > >the BBS, so that they would have to have a special term program to access > >the system? > > For PC's, replacing the terminal software is really the best way. > There is no effective abstraction of serial port hardware in the PC > world. The int 0x14 driver in the BIOS was rampantly defective, and > MSDOS does not provide a standard interface. Or, we could impliment an "external protocal" like zmodem. This would simply take keystrokes, buffer them, then encrypt/decrypt them. Make the source portable, and obtainable. From elee9sf at Menudo.UH.EDU Wed Apr 7 14:43:25 1993 From: elee9sf at Menudo.UH.EDU (Karl Barrus) Date: Wed, 7 Apr 93 14:43:25 PDT Subject: WB: public kiosks Message-ID: <199304072143.AA00959@Menudo.UH.EDU> On the importance of anonymity (in regards to the whistleblower project): Last week, the Houston Chronicle ran two or three articles on how ill run the Nuclear Regulatory Commission is. Specifically, the article described how one or two people had their careers absolutely ruined by raising safety concerns at nuclear plants. In each case, the employees involved were terminated shortly after citing safety hazards (such as spills left uncleaned on table tops, etc.) Someone quoted in the article stated this behavior undoubtedly scares off other potential informers. Plus, I read an article in the Chronicle about how a NASA employee was fired for his political beliefs. Well, it is more complicated: the employee actively participated in some usenet group (talk.politics.china?), and had a store of back articles on his computer at work, which his superiors discovered. Shortly thereafter, he lost his job. I've been busy of late and could kick myself for not saving these papers, because real world incidents such as these strengthen our arguments for privacy and anonymity. Some people have such an irritating tendency to assume irresponsibility and abuse when a freedom becomes available - just read news.admin.policy. /-----------------------------------\ | Karl L. Barrus | | elee9sf at menudo.uh.edu | <- preferred address | barrus at tree.egr.uh.edu (NeXTMail) | \-----------------------------------/ From warlord at Athena.MIT.EDU Wed Apr 7 14:51:30 1993 From: warlord at Athena.MIT.EDU (Derek Atkins) Date: Wed, 7 Apr 93 14:51:30 PDT Subject: Real-time BBS Encryption?? In-Reply-To: <9304072132.AA14268@triton.unm.edu> Message-ID: <9304072151.AA07442@steve-dallas.MIT.EDU> -----BEGIN PGP SIGNED MESSAGE----- > Or, we could impliment an "external protocal" like zmodem. This would simply > take keystrokes, buffer them, then encrypt/decrypt them. > > Make the source portable, and obtainable. I'm doing something like this for my Thesis (i.e., wait a couple of weeks.. ;-) It's based upon Kerberos, but it will securely get you a TGT on a server machine that is on the Internet from a client terminal that is dialled up to it... Moreover, you can extract the session key from the protocol, which would allow for DES encryption of the session. While I haven't yet implemented the encryption of the session, I have been able to obtain kerberos tickets securely.... More info on request, or you can wait to read my thesis when it's done... Enjoy! - -derek PGP 2 key available upon request on the key-server: pgp-public-keys at toxicwaste.mit.edu - -- Derek Atkins, MIT '93, Electrical Engineering and Computer Science Secretary, MIT Student Information Processing Board (SIPB) MIT Media Laboratory, Speech Research Group warlord at MIT.EDU PP-ASEL N1NWH -----BEGIN PGP SIGNATURE----- Version: 2.2 iQBuAgUBK8NMvzh0K1zBsGrxAQFQwwLECieud4DvqHhkxsjwmrHt4Unpq2eR9hlT DKuKF2CqCfYVabks11r7TaZvrsSQ9Vs5zZFbXhfihaiQywTpdj2Bp8aSo0B+7paR ukzbY3GT1RLcSRrK+6KjPGw= =lzg8 -----END PGP SIGNATURE----- From huntting at glarp.com Wed Apr 7 15:04:02 1993 From: huntting at glarp.com (Brad Huntting) Date: Wed, 7 Apr 93 15:04:02 PDT Subject: Security Dynamics Message-ID: <199304072203.AA02670@misc.glarp.com> The MIS department where I work has started using "Secure-ID" cards made by Security Dynamics Inc for access to their MVS systems. After listening to a presentation by marketing droids and technical support from Security Dynamics I had these impressions: The cards are programmed at the factory with a "random" seed. They have an internal clock, and a lithium battery. They use a proprietary encryption algorithm to encrypt the time of day using the internal seed and display it on an LCD display using about 6 or 7 digits. The display updates itself every 60 seconds (this frequency is adjustable when you order the cards) An authenticating host will have the cards seed, as well as the cards "clock offset" (the time the card was seeded, and the clock reset). The user has a 4 digit PIN (personal identification number) known only to the host (and of course written on the back of the card :-). PIN numbers must be unique since they are used to identify the user. At login time, the user is asked to type in her PIN, as well as the number currently displayed on the card. This is checked by the host, and if it's correct the user is authenticated. If used on a regular basis, the authenticating host can detect clock drift and will adjust it's database accordingly. Cards can be used across multiple "realms", but this nessesitates trusting the cards shared key with each host that wants to authenticate that card. The cards are timed to deactivate after some time interval (again, this is an option) the default lifespan is 3 years, they can go as high as 4 or 5, but after that, the battery isn't reliable. You can probably imagine some of the problems with such a system. First and foremost in my opinion, it uses an unknown proprietary algorithm which is a closely guarded company secret known only to them and anyone which a dissasembler. Obviously such an algorithm has never undergone any serious scrutiny. Most respectable researchers (outside of Ft Meade) do not need to disassemble code to find material to write papers on. Second, the cards are programmed at the factory, and the user has no way of reseeding them. The company actually touts the fact that they have all the card info for all customers on file, and will gladly send you encrypted tapes or floppys if you loose you database! Of course they will only talk with one designated contact at your site, and they will only ship materials to that person. In all fairness if your a big client, and you insist, they might be compelled to tell you how to seed the cards, and give you a batch of "raw" cards. When I mentioned how ludicrous it was for us to trust their internal security, they made some lame noises about employees being "bonded". In other words, they have established plausible denyability and are "out of the loop" should your security data be compromised. I was a little furious. Lastly, their expensive. Something on the order of $60/card in quantities of 250 to 500 for cards that last 3 years and change every 60 seconds. Programmable DES devices (used by DEC and others) which employ a challenge response system are about one third as much. I came away from the talk with a bitter taste in my mouth. As I understand it (and please correct me if I'm wrong) they are, at this point, one of the largest companies "crypto card" companies in the world. This is, to say the least, unsettling. If you want more info, they're Colorado office is at: Security Dynamics 5299 DTC Boulevard Suite 500 Englewood, CO 80111 Phone: +1 303 773-6519 brad From karn at qualcomm.com Wed Apr 7 15:22:56 1993 From: karn at qualcomm.com (Phil Karn) Date: Wed, 7 Apr 93 15:22:56 PDT Subject: EMI shielding Message-ID: <9304072222.AA29676@servo> Apropos the recent discussion about TEMPEST shielding, there's an interesting product that might prove quite useful: CAPCON EMI suppressant tubing. A colleague got a shipment of it today. It's ordinary black rubber tubing that has been loaded with iron oxide. It comes in 26 sizes from .04" ID to 1.25" ID, and is claimed to have much better attenuation than ferrite beads, especially at UHF and microwave frequencies. You can shield entire cable lengths with it, or you can apply it in short segments (1" to 1') just like ferrite beads and get plenty of attenuation for less cost and weight (this stuff is *heavy*, and the 1/2" stuff cost several dollars per foot.) It's also available as sheeting in various thicknesses for lining cabinets, etc. I got the bright idea to test the absorptivity claims for this stuff by putting an 8" piece into a microwave oven. After 10 seconds, it was too hot to handle. I'd say it's doing just what it's supposed to do. Contact info: Capcon, Inc 147 W 25th St New York, NY 10001 212-243-6275 212-645-0185 (fax) Phil From mrnoise at econs.umass.edu Wed Apr 7 15:25:38 1993 From: mrnoise at econs.umass.edu (Mr. Noise) Date: Wed, 7 Apr 93 15:25:38 PDT Subject: PHRACK: ...put up or... Message-ID: <9304072224.AA27727@titan.ucs.umass.edu> > > >The flaws are big enough to drive a bakery truck through. Its trash. > > > maybe you should do a better writeup and publish it in PHRACK or 2600? > [...] > If you don't like your goverment, vote. If you don't like something that is > published, write something yourself. It's not some type of elite club of > writers, both publications welcome people of all walks to submit. Hear, hear! For cryin' out loud, Fido 'Snooze' accepts *everything* they're sent! ...& if that isn't good enough, start your own: electrons are free! (Well, sort of...) From huntting at glarp.com Wed Apr 7 16:11:58 1993 From: huntting at glarp.com (Brad Huntting) Date: Wed, 7 Apr 93 16:11:58 PDT Subject: FLAME: Perry M. vs. taking action (was: Re: PHRACK...) In-Reply-To: <9304071904.AA17502@> Message-ID: <199304072311.AA02853@misc.glarp.com> > Not voting in today's society is a cop out. It is most certainly not > perfect, and the choices suck, but it remains one of the major voices you > have today in the world. Voting arguably endorses the system. If you are vocal about why you dont endorse the system, your refusal to vote can have alot more impact than going to the polls. After all, in any reasonably large election, your vote barely counts at all, but your voice can be heard a long way away if your saying something interesting and your saying it loud enough. brad From kieran2101 at aol.com Wed Apr 7 17:25:19 1993 From: kieran2101 at aol.com (kieran2101 at aol.com) Date: Wed, 7 Apr 93 17:25:19 PDT Subject: PGP and problems therewith. Message-ID: <9304072025.tn41388@aol.com> > I was under the impression that there was a newsgroup for discussion of how > to use PGP. There is: alt.security.pgp. Of course, like all alt.* groups, its propagation may vary. From marc at GZA.COM Wed Apr 7 17:41:58 1993 From: marc at GZA.COM (Marc Horowitz) Date: Wed, 7 Apr 93 17:41:58 PDT Subject: Real-time BBS Encryption?? In-Reply-To: <9304071836.AA26678@flubber.cc.utexas.edu> Message-ID: <9304080043.AA28900@pad-thai.aktis.com> >> Sure, no problem, provided you are willing to do a lot of coding... A lot of coding? You can come very close to doing it with off-the-shelf code. ka9q for SLIP. Telnet authentication is now an RFC, and encryption will be available probably within a few weeks. Plus, with IP, you can use existing mechanisms (like POP) to get your mail on your local PC and do your decryption there. This is beyond any PC code I know, and would require new development. Marc From Doug.Brightwell at Corp.Sun.COM Wed Apr 7 19:32:10 1993 From: Doug.Brightwell at Corp.Sun.COM (Doug Brightwell) Date: Wed, 7 Apr 93 19:32:10 PDT Subject: Thanks for Mac PGP 2.2 Pointers Message-ID: <9304080231.AA12843@media.Corp.Sun.COM> Thanks to all who responded to my query regarding ftp sites for Mac PGP 2.2. Doug Brightwell From tcmay at netcom.com Wed Apr 7 21:33:22 1993 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 7 Apr 93 21:33:22 PDT Subject: MATH: Zero Knowledge Proofs Message-ID: <9304080431.AA26255@netcom.netcom.com> [Since this should also be of interest to the Cypherpunks list, which Ray is/was subscribed to, I am posting this essay to that list.] Ray Cromwell writes: > Could someone explain zero knowledge proofs and give me an example. I >have taken number theory and abstract algebra so feel free to use equations. > >(I know that zero knowledge proofs are a way of certifying something without >revealing the information you are certifying, but I want to know how they >work mathematically) Zero knowledge interactive proof systems ("ZKIPS") are sometimes called "minimum disclosure proofs" (with some subtle differences) and are exciting and mysterious (at first) methods that lie at the heart of modern cryptology. Here's a simple explanation. Too bad we don't have a blackboard! ALICE AND BOB (some people call them Peggy the Prover and Vic the Verifier) Alice wishes to prove to Bob that she knows some item of knowledge without actually giving Bob any of that knowledge. Let us first imagine that Alice claims she knows a "Hamiltonian cycle" on a particular graph. (For a given set of nodes and arcs linking some of those nodes, a Hamiltonian cycle is one which passes through each node once and only once. You might want to draw some graphs on a sheet of paper and try to find a Hamiltonian cycle for the graphs, to get a feel for the problem.) The particular graph may be "registered" somewhere with Alice's claim that she--and only she, for reasons I'll discuss at the end--knows a Hamiltonian cycle for the graph. In a sense, this is her "proof of identity." To make this example concrete, Alice is using this piece of knowledge as her *password* to get into some system. She presents a map of 50 cities and some set of highways interconnecting them and says "I am who I say I am if and only if I know a Hamiltonian cycle for this graph." The conventional (non zero knowledge) way to convey this knowledge is for Alice to simply *show* the Hamiltonian cycle to Bob. This is how passwords are currently handled. Bob, and anybody else who is spying on the exchange, then knows the "secret," which isn't a secret anymore. (Anybody who saw the exchange, including Sysadmin Bob, could then impersonate her.) ENTER ZERO KNOWLEDGE Alice, instead of showing Bob the Hamiltonian cycle, takes the cities and covers them with something, say, coins. (On a computer, this is all done in software, using the cryptographic protocol called "bit commitment.") Alice scrambles the position of the cities (covered by coins) so as not to allow positional cues. (Most of the 50 cities should have about the same number, ideally exactly the same number, of links to other cities, to ensure that some cities are not "marked" by having some unique number of links. A detail.) Needless to say, she scrambles the cities out of sight of Bob, so he can't figure out which cities are which. However, once she's done with the scrambling, she displays the cities in such a way that she can't *later change*..i.e., she "commits" to the values, using well-known cryptographic methods for this. (If this sounds mysterious, read up on it. It's how "mental poker" and other crypto protocols are handled.) Bob sees 50 cities with links to other cities, but he doesn't have any way of knowing which of the covered cities are which. Nor, I should add, are the links labelled in any way--it wouldn't do to have some links permanently labelled "Route 66" or "Highway 101"! She says to Bob: "Pick one choice. Either you can see a Hamiltonian cycle for this set of covered cities and links, or you can see the cities uncovered." In other words, "Alice cuts, Bob chooses." Bob tosses a coin or chooses randomly somehow and says: "Show me the cities." Alice uncovers all the cities and Bob examines the graph. He sees that Akron is indeed connected to Boise, to Chicago, to Denver, not to Erie, and so on. In short, he confirms that Alice has shown him the original graph. No substitution of another graph was made. Bob, who is suspicious that this person is really who she claims to be, says to Alice: "Ok, big deal! So you anticipated I was going to ask you to show me the cities. Anybody could have gotten Alice's publicly registered graph and just shown it to me. You had a 50-50 chance of guessing which choice I'd make." Alice smugly says to him: "Fine, let's do it again." She scrambles the cities (which are covered) and displays the graph to Bob...50 covered cities and various links between them. She tells Bob to choose again. This time Bob says: "Show me the Hamiltonian cycle." Without uncovering the cities (which would give the secret away, of course), Alice connects the cities together in a legal Hamiltonian cycle. Bob says, "OK, so this time you figured I was going to ask you the opposite of what I did last time and you just substituted some other graph that you happened to know the Hamiltonian cycle of. I have no guarantee the graphs are really the same." Alice, who knows this is just the beginning, says: "Let's do the next round." ...and so it goes.... After 30 rounds, Alice has either produced a legal Hamiltonian cycle or a graph that is the same as (isomorphic to...same cities linked to same other cities) the registered graph in each and every one of the rounds. There are two possibilities: 1. She's an imposter and has guessed correctly *each time* which choice Bob will make, thus allowing her to substitute either another graph altogether (for when Bob wants to see the Hamiltonian cycle) or just the original graph (for when Bob asks to see the cities uncovered to confirm it's the real graph). Remember, if Alice guesses wrong even once, she's caught red-handed. 2. She really is who she claims to be and she really does know a Hamiltonian cycle of the specified graph. The odds of #1 being true drop rapidly as the number of rounds are increased, and after 30 rounds, are only 1 in 2^30, or 1 in a billion. Bob choose to believe that Alice knows the solution. Alice has conveyed to Bob proof that she is in possession of some knowledge without actually revealing any knowledge at all! The proof is "probabilistic." This is the essence of a zero knowledge proof. There's more to it than just this example, of course, but this is the basic idea. SOME DETAILS 1. Could someone else discover the Hamiltonian cycle of Alice's graph? Exhaustive search is the only way to guarantee a solution will be found--the Hamiltonian cycle problem is a famous "NP-complete" combinatorial problem. This is intractable for reasonable numbers of nodes. 50 nodes is intractable. 2. If finding a Hamiltonian cycle is intractable, how the hell did Alice ever find one? She didn't *have* to find one! She started with 50 cities, quickly connected them so that the path went through each city only once and then wrote this path down as her "secret" solution. Then she went back and added the other randomly chosen interconnects to make the complete graph. For this graph, she obviously knows a Hamiltonian cycle, *by construction*. 3. Can Bob reconstruct what the Hamilonian cycle must be by asking for enough rounds to be done? Not generally. Read the papers for details on this, which gets deeply into under what circumstance partial knowledge of the solution gives away the complete solution. 4. Are there other problems that can be used in this same way? Yes, there are many forms. I find the Hamiltonian cycle explanation quite easy to explain to people. (Though usually I can draw pictures, which helps a lot.) 5. How general is the "zero knowledge interactive proof" approach? Anything provable in formal logic is provable in zero knowledge, saith the mathematicians and crypto gurus. Check out the various "Crypto Conference" Proceedings. Hope this helps. -Tim May -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available. From rjc at gnu.ai.mit.edu Wed Apr 7 22:59:54 1993 From: rjc at gnu.ai.mit.edu (rjc at gnu.ai.mit.edu) Date: Wed, 7 Apr 93 22:59:54 PDT Subject: MATH: Zero Knowledge Proofs In-Reply-To: <9304080431.AA26255@netcom.netcom.com> Message-ID: <9304080559.AA63552@hal.gnu.ai.mit.edu> Excellent essay Tim (as usual). Is there a more practical method based on a simpler 'intractable' problem? [not that it's useless. I could probably code up an implementation based on your description, but it seems like a pain to generate graphs everytime you want to prove some trivial knowledge.] -Ray -- Ray Cromwell | Engineering is the implementation of science; -- -- EE/Math Student | politics is the implementation of faith. -- -- rjc at gnu.ai.mit.edu | - Zetetic Commentaries -- From crunch at netcom.com Wed Apr 7 23:47:02 1993 From: crunch at netcom.com (John Draper) Date: Wed, 7 Apr 93 23:47:02 PDT Subject: The WELL took off PGP from public downloads Message-ID: <9304080647.AA11935@netcom4.netcom.com> Just thought I should mention, that "gail" has removed PGP from the WELL's public downloads, and when I asked her why, she didn't comment (yet!). JD From gg at well.sf.ca.us Thu Apr 8 02:32:08 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Thu, 8 Apr 93 02:32:08 PDT Subject: Musical Cypher CD project Message-ID: <199304080931.AA02038@well.sf.ca.us> Excellent news...! Recall Matt's & my postings about putting cyphertext into a CD as part of the artistic presentation....? The idea being to establish it as part of the overall protected artistic speech as it were. Well, I've found a band in the area who have tried doing something VERY similar and currently have a very decent quantity of material READY TO GO. Includes hypercard stacks, quicktime movies, macromind movies, miscellaneous art & screen savers.... a lot of it is footage of the band playing live, with music tracks included (i.e. show videos), some of it is computer graphic art, and so on. The band is called NOW, and they sound like a cross between Rush, Crimson, and Yes; are incredibly talented, write new songs so prolifically (sp?) that they could put out 5-10 more albums with what's already ready... have a couple of albums out on an indie label... and are ready & willing & way interested in doing a project. What they wanted to do was put all the video and other stuff on the first track of a CD so it would be accessible on a CDROM player. They got that far and also some studio sessions with the songs for the album, and then ran into a wall as far as the tech angle on getting the stuff to work right. We have studios available to record the music, the band can go in any time, and they're hip to encrypting their video stuff & having people go hunting for the key (put it in the lyric sheets, have people write for it, etc). I recall someone from Contra Costa offering to fund this; well, we're ready. This will easily sell a few thousand copies which will pay back costs; and given the band's artistic strengths, will probably do better than that. And it will certainly be a first, and a decent stake in the ground for crypto as artistic freedom of expression. Email gg at well.sf.ca.us for more info. From anon0709 at nyx.cs.du.edu Thu Apr 8 03:31:44 1993 From: anon0709 at nyx.cs.du.edu (Name withheld by request) Date: Thu, 8 Apr 93 03:31:44 PDT Subject: subscribe Message-ID: <9304081033.AA24771@nyx.cs.du.edu> Please subscribe me to the cypherpunks list. Sean Carton /es From dasher at well.sf.ca.us Thu Apr 8 07:58:48 1993 From: dasher at well.sf.ca.us (D Anton Sherwood) Date: Thu, 8 Apr 93 07:58:48 PDT Subject: false analogy Message-ID: <199304081458.AA06134@well.sf.ca.us> > If you don't like your goverment, vote. If you don't like something that > is published, write something yourself. . . . That should be -- If you don't like your government, start your own. Or better yet --- If you don't like your government, govern yourself. *\\* Anton Ubi scriptum? ;) From greg at ideath.goldenbear.com Thu Apr 8 14:56:11 1993 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Thu, 8 Apr 93 14:56:11 PDT Subject: Real-time BBS Encryption?? In-Reply-To: <01930407174710/0005857625DC2EM@mcimail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Michael McMahon writes: [Talks about real-time end-to-end encryption of user sessions on BBS's.] It's not quite as sexy and "James Bond" as real-time end-to-end encryption, but I think an easier approach to this would be to adopt the architecture of the offline mail-reading programs that are available. For the benefit of people unaccustomed to offline readers, these programs collect up all of the unread messages, E-mails, and file descriptions from a BBS, .ZIPs or otherwise packs/compresses the files, and then the user downloads that "packet", and hangs up. The user then uses a program on her local PC to read and reply to messages in that packet, dials the BBS again, and uploads her responses. I haven't fussed around with offline readers much, but I'll bet it'd be pretty simple to add a step to the collection/.ZIP process, which would encrypt the whole package with some prearranged key. This would allow folks to use standard BBS programs, standard terminal programs, and perhaps even standard offline readers. It should be pretty simple from a programming standpoint, as well; it's perhaps implementable with only batch commands. Yes, the "bad guys" will get to watch the user log on and log off, and can read the menus and choices - but so what? It's possible (easy, really) to encrypt all of the really interesting stuff. - -- Greg Broiles greg at goldenbear.com Golden Bear Consulting +1 503 465 0325 Box 12005 Eugene OR 97440 BBS: +1 503 687 7764 -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK8R3jH3YhjZY3fMNAQHDagP6AkE+8WrEtSOVNfBDiL6UYplI+TAihl66 IffYPilZ+b9Nxq2VHBF8aUYnX7duLRaivILQ7CPIRsNnKRq3DF5bljcvLY9B9VNn 3SSFSGJFQFYvakElcZPbCGhFbsLdmF8QNN97Z8Cdbx4fGYmj83brNidhHYNeXhpo 5Nk2+5W80mE= =Yxdd -----END PGP SIGNATURE----- From Pat_Barron at transarc.com Thu Apr 8 15:03:15 1993 From: Pat_Barron at transarc.com (Pat_Barron at transarc.com) Date: Thu, 8 Apr 93 15:03:15 PDT Subject: Security Dynamics In-Reply-To: <199304072203.AA02670@misc.glarp.com> Message-ID: At one point, I talked to Security Dynamics, and experienced the same reaction as the original poster. Additionally, I found it ludicrous that the cards were programmed to self-destruct after a period of time, that they keep their encryption scheme so secret (though they'll sell you source code if you fork over sufficient bucks), and that there was no way to reprogram/reset the cards in the field. I also couldn't stomach their "well, you just have to trust us" response to a lot of my objections about it being a closed proprietary system, having them know all of my key data, and not being able to reprogram the cards. I had much better luck with Digital Pathways, and their "SecureNet Key" product. This is a small (about as long and wide as the SecurID card, but about 2.5 times as thick) hand-held authenticator that's meant to go with Digital Pathways' "Data Defender" secure communications front-end, though they sell the SecureNet Keys separately, and they're not very expensive. They use DES, are individually field-programmable, and Digital Pathways is only too happy to give you as much info about them as you want - for free. With the info they gave me, it was no problem towrite code that knows how to use the SecureNet Key. --Pat. From pete at cirrus.com Thu Apr 8 15:06:37 1993 From: pete at cirrus.com (Pete Carpenter) Date: Thu, 8 Apr 93 15:06:37 PDT Subject: FLAME: taking action Message-ID: <9304082207.AA16844@ss2138.cirrus.com> >> Not voting in today's society is a cop out. It is most certainly not >> perfect, and the choices suck, but it remains one of the major voices you >> have today in the world. > > Voting arguably endorses the system. If you are vocal about why > you don't endorse the system, your refusal to vote can have a lot > more impact than going to the polls. If you don't vote, your opinion literally doesn't count, and means that you are perfectly happy with the status quo. Not voting guarantees that you will have no voice. Perot's name will be remembered a lot longer than some nuts whining how about the process doesn't work. The best way to protest the current system, is to vote for something else. I'm a Libertarian rather than a Perotian, but I give him a lot of credit for allowing so many people to see beyond the two party system. Vote with your feet, not with your butt. --- Pete Carpenter pete at cirrus.com Talk about your plenty, talk about your ills, One man gathers what another man spills. - Robert Hunter From vanam at shadow.ksu.ksu.edu Thu Apr 8 15:17:22 1993 From: vanam at shadow.ksu.ksu.edu (Stephen LeeSecond son of Caine) Date: Thu, 8 Apr 93 15:17:22 PDT Subject: Help, please. Message-ID: <9304082217.AA07305@shadow.ksu.ksu.edu> I am very new to the world of hacking... Could you all give me a hand understanding...(aka suggested reading and helpful tips for a newbie.) Thanx in advance Stephen From pmetzger at shearson.com Thu Apr 8 16:18:45 1993 From: pmetzger at shearson.com (Perry E. Metzger) Date: Thu, 8 Apr 93 16:18:45 PDT Subject: FLAME: taking action In-Reply-To: <9304082207.AA16844@ss2138.cirrus.com> Message-ID: <9304082228.AA10301@snark.shearson.com> This message isn't appropriate for cypherpunks, so I am replying in private mail. Pete Carpenter says: > If you don't vote, your opinion literally doesn't count, and means that [...] From internaut at aol.com Thu Apr 8 16:32:02 1993 From: internaut at aol.com (internaut at aol.com) Date: Thu, 8 Apr 93 16:32:02 PDT Subject: FWEE!: kiosks Message-ID: <9304081930.tn48662@aol.com> Yo Dewds, I guess it's time for me to throw in my two bits on the Public WB Kiosk idea... I guess I appreciate the intent of implementing such a system, but there are some BIG strikes against it: [1] Strike One: Installation and maintenance costs (economics again). Can you IMAGINE what it would cost to build and maintain a network (and it would have to be a big one!) of public kiosks? Better to piggyback on existing infrastructure for purely practical reasons. I have an account on the aforementioned SF Net (little tables in coffeehouses all over the San Francisco Bay Area) and I have come to the conclusion that it would be prohibitive to just maintain such a system. Wayne Gregori would back me up on this. If you think it's a pain to keep your baby-powdered PC at home in decent working order, imagine one with beer spilt on it daily, bozos who type like Paul Bunyan on Steroids and the occasional chairleg-yanking-the-plug-out-of-the-wall incident. Most of the time, I log in to SF Net from home anyway. [2] Strike Two: Lack of Privacy while using the kiosks. I think Eric Hughes' argument (with due respects to Eric) about the expensive economics of monitoring the kiosks falls down just a tad when you consider that these would not even be _moving targets_! (In both the literal and figurative senses.) Sure, it's expensive to "tail" someone and find out where they go and who they meet, but it's less than trivial to set up a discreet camera that just watches a stationary kiosk all day long or maybe photographically or electromagnetically (with a moderately sophisticated bug) monitor the keystrokes. Maybe you _could_ make them portable and move them around; maybe you _could_ come up with a clever physical design that would preclude keystroke photography (but bugs?), but any such defenses would pale in comparison with the Privacy inherent in the WB input from a single user's personal system. "Public Privacy:" now _there's_ an oxymoron for the 90's! All jocularity aside, it would be pretty difficult to convince anyone with serious information on Govt abuses to stroll into a Mall and spill their guts on a PC Junior in a plywood box - I sure as hell wouldn't, would you? Hell, you could put touchscreens on it and I STILL wouldn't take the chance. Anyone ever seen the "Human Jukebox" in SF? A guy dresses up in a huge cardboard refrigerator shipping box and when you drop a quarter in, he plays (on trumpet) some selection from a list on the outside. Very funny stuff: I suggest you ask for "Strangers in the Night." [3] Strike Three (yer OUT!): those ugly little plastic-encased keyboards get all that icky finger dirt on 'em. Sure you laugh NOW, but just IMAGINE where people put their fingers before typing on them little keyboards. Yuck! Think of the diseases! The nose pickings! The leftover popcorn-butter residue! The Jeri-Curl! Yeesh... makes me wanna HURL. But Serially, Folks: If a group COULD surmount these difficulties, it would then have to begin to focus on the TYPE of whistleblowing that would take place on such systems. I have the feeling that they would be a PRIMARY contributor to the overall bullshit noise that would clutter up a decent WB systems and exponentially increase the difficulty of filtering out the "good" stuff for proper use. Sure, you could rely on OTP's to provide relatively secure transmissions, but the big question is: do we really want a bunch of Valley Girls at the local Mall logging in and complaining that they "can't get the proper shade of eyeliner and, like, why doesn't the Federal Govurnmint toe-tully reform the Health In-fersure-ance System" so they could, like, get the bunyons burned off their right foot in time for the Prom. I think you get my point. We have a ot more to work on before I consider this to be a desirable, much less viable, idea. dave ------------------------------------------------ | | | no fancy-dan sig-stamps, just li'l ol' me. | | | ------------------------------------------------ From rubin at citi.umich.edu Fri Apr 9 09:03:17 1993 From: rubin at citi.umich.edu (Aviel David Rubin) Date: Fri, 9 Apr 93 09:03:17 PDT Subject: Speed of RSA Message-ID: <9304091603.AA23216@toad.com> Does anyone have anything on the speed of RSA encryption for various key lengths on various machines? In particular, I am interested in how long it takes to decrypt mail headers on an IBM rt or RS6000, for various key lengths. I'm sure this has been measured. Any help would be appreicated. Thanks. Avi Rubin From nowhere at bsu-cs.bsu.edu Fri Apr 9 11:01:37 1993 From: nowhere at bsu-cs.bsu.edu (Chael Hall) Date: Fri, 9 Apr 93 11:01:37 PDT Subject: Help, please. In-Reply-To: <9304082217.AA07305@shadow.ksu.ksu.edu> Message-ID: <9304091805.AA18414@bsu-cs.bsu.edu> > >I am very new to the world of hacking... Could you all give me a hand >understanding...(aka suggested reading and helpful tips for a newbie.) > >Thanx in advance > >Stephen Stephen, I would strongly suggest _Hackers_ by Steven Levy (ISBN: 0-440-13405-6). After you have read this book, you will have a very good understanding of what true hacking is (versus all of the new "meanings.") After that, perhaps the _Hacker Crackdown_ by Bruce Sterling (?). Then after that, you pretty much choose your own course... If you want to get into MSDOS programming, you will get lots of interrupt listings, disassemblers, etc. If you want to get into UNIX programming, you will get lots of UNIX books, recompile your kernel a few times, etc. :) Hacking is a very personal experience for me, and usually I'm hacking. The term is defined as "learning by trial and error." You can hack a car if you get the manual, sit down, and just start fiddling until you get it right. Incidentally, psychology backs up hacking as a good method for learning, because operant conditioning (where when you are on the right track, you start getting positive responses [rewards], so you go in that direction, and when you eventually get it right, you will remember how you got there) is known to be a strong teaching tool. For example, your program isn't working, but when you add a particular statement to the code, it starts to behave, but the results aren't right. So you follow in that vein of thinking and soon enough the whole thing is fixed (aside from new undocumented features.) I thought that psychology would come in handy sometime... Chael -- Chael Hall nowhere at bsu-cs.bsu.edu, 00CCHALL at BSUVC.BSU.EDU (317) 285-3648 after 5 pm EST From nowhere at bsu-cs.bsu.edu Fri Apr 9 11:19:08 1993 From: nowhere at bsu-cs.bsu.edu (Chael Hall) Date: Fri, 9 Apr 93 11:19:08 PDT Subject: Real-time BBS Encryption?? In-Reply-To: Message-ID: <9304091815.AA19210@bsu-cs.bsu.edu> [ Info on offline readers ] >I haven't fussed around with offline readers much, but I'll bet it'd be >pretty simple to add a step to the collection/.ZIP process, which would >encrypt the whole package with some prearranged key. Yes, that's a definite possibility. Most of the popular offline readers require that you first send them a packet (usually empty) so that they will put you in the database. The reader could just accept a certain file (pubkey.asc for example) that contains the key you want to be used. Then all sessions with you will be so encrypted. Your mail to the BBS could also be encrypted with the BBS's public key. Unfortunately, one problem still exists: I don't know of too many BBS's where the e-mail messages are actually encrypted on the disk. As a matter of fact, the SYSOP can usually read all mail. >This would allow folks to use standard BBS programs, standard terminal >programs, and perhaps even standard offline readers. It should be pretty >simple from a programming standpoint, as well; it's perhaps implementable >with only batch commands. Yes, the "bad guys" will get to watch the user log >on and log off, and can read the menus and choices - but so what? It's >possible (easy, really) to encrypt all of the really interesting stuff. Some of those programs (MegaMail, TomCat, etc) run PKUNZIP to unzip the file(s) then take care of the files themselves. There isn't an easy way to throw in encryption. I would be willing to add an encryption option to my offline mail software, though. I have written a UTI (Universal Text Interface) for ChaelBoard that lets it interface with RelayNet(tm) and offline mail readers that use UTI's. I also write a QWK/REP interface that allows ChaelBoard to be a node (the hub software isn't quite done yet) on WildNet and for offline mail reading/replying. I could implement encryption in the ZIP/UNZIP step (for the users who have PGP keys registered with the BBS). Do you think it's worth my time? Chael Hall -- Chael Hall nowhere at bsu-cs.bsu.edu, 00CCHALL at BSUVC.BSU.EDU (317) 285-3648 after 5 pm EST From rustman at netcom.com Sat Apr 10 22:43:25 1993 From: rustman at netcom.com (Rusty Hodge) Date: Sat, 10 Apr 93 22:43:25 PDT Subject: Real-time BBS Encryption?? In-Reply-To: <01930407174710/0005857625DC2EM@mcimail.com> Message-ID: <9304110543.AA26230@netcom.netcom.com> > Here's the situation: We all know that some advanced computer systems > have real-time encryption built into all modem connections. When a > bank branch dials into the main office the entire transmission may be > encrypted. This occurs even between terminal connections and the host. This is usually accomplished through an external "data encryption unit", which is interfaced between the terminal (host) and modem. It is NOT in software. > I'm wondering if there is a way to do this with PCs? Aside from those very expensive high-end boxes that banks use for their sensative information, there was a DES encryptor made by Practical Peripherals years ago. It still may be available. -- From norm at netcom.com Sun Apr 11 00:18:32 1993 From: norm at netcom.com (Norman Hardy) Date: Sun, 11 Apr 93 00:18:32 PDT Subject: REMAIL: cypherpunks strategy Message-ID: <9304110718.AA19161@netcom4.netcom.com> In-Reply-To: <26H11B1w164w at ideath.goldenbear.com> I just got around to Greg Broiles interesting note where he describes his practice of using several account names. He feels apologetic about it. Authors have used pen-names for a long time without opprobrium. The mathematician Eric Temple Bell wrote science fiction under the pen name "John Taine". Several authors have written different styles of works, one pen name per style. As I understand the law there is nothing illegal in using an alias as long as the purpose is not fraud, which is already illegal. One must protect the reputation of each alias. Where aliases are common negative reputations loose their bite but the benefits of positive reputations provide incentives for good behavior. From hughes at soda.berkeley.edu Mon Apr 12 09:53:09 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Mon, 12 Apr 93 09:53:09 PDT Subject: Security Dynamics In-Reply-To: Message-ID: <9304121649.AA26494@soda.berkeley.edu> Re: security dynamics One could perform an interesting test with one of these Security Dynamics card. Aim a video camera at the LCD display so that the display takes up the full width of the image. Hook the video signal up to a digitizer board, and recognize the numbers that appear on the face. Spit them out as often as they appear. For someone with all the equipment, this should be a one or two evening hack. Now, if the number changes every minute, that's a little over 10,000 samples in a week, certainly enough to determine if they are using weak random number generation. I'll put the data on the ftp site, should anyone actually do this. Eric From hughes at soda.berkeley.edu Mon Apr 12 10:17:28 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Mon, 12 Apr 93 10:17:28 PDT Subject: FWEE!: kiosks In-Reply-To: <9304081930.tn48662@aol.com> Message-ID: <9304121714.AA28356@soda.berkeley.edu> Dave writes on public kiosks: >[1] Strike One: Installation and maintenance costs (economics again). >[They are too high.] I'm not talking about building a network of machines just for the purpose of whistleblowing. I'm talking about making interfaces to existing systems. In particular, the public machines at sfnet would _also_ be interfaces to any whistleblowing system. The incremental cost is minimal; it's a small bit of software at the server. >[2] Strike Two: Lack of Privacy while using the kiosks. There is a different kind of privacy in a public space than in private space. In a private space, everyone may know where you live, but nobody knows what goes on inside. In a public space, everyone may see what happens, but no one knows who you are. Please consider these approximations to reality. In particular, since it is anonymity which is desired, a public place is sufficient. >I think Eric Hughes' argument (with due respects to Eric) about the >expensive economics of monitoring the kiosks falls down just a tad >when you consider that these would not even be _moving targets_! The cost of placing a video camera to monitor a computer inside a coffeehouse must also include the possibility of negative publicity and lawsuit when such an emplacement is discovered. Monitoring a public place in advance of any "crime" being committed is _very_ bad for job security and department funding. >[...] but any such defenses would pale in comparison with the Privacy >inherent in the WB input from a single user's personal system. I am also not talking about replacing the ability to post from home. I am talking about expanding the number of entry points into the distribution system. The largest benefit for public-space access is that you can use this if you don't have a computer at home. You can also use it if you don't have a computer at work. >have the feeling that they would be a PRIMARY contributor to the overall >bullshit noise that would clutter up a decent WB systems and exponentially >increase the difficulty of filtering out the "good" stuff for proper use. A whistleblower system, by default, must be free of judgements about what is "good" to be on it and what is "bad". If someone thinks that something ought to be brought to light, then I say let them speak, no matter how trivial or inappropriate it might be. It is easy to ignore messages you don't want to consider. It is much, much harder to read messages that the author hesistates to write for fear of reprisal. A whistleblower system can tolerate more noise than usenet, since the core content of it can be so extremely valuable. If there is only access to a whistleblowing system for those who own computers or are provided access to them, then any such system will remain only a tool of the wealthy. You do not hear of abuses in labor law from anybody but the employees; these employees do not have computers. Anybody who has NATIONAL SECRETS to tell is, I would guess, a fool to post twice from a particular location. Anybody who has anything lengthy or digitally copied to say cannot easily use this system. It's not conducive to digital signatures. Public kiosks are not a panacea. To argue that they should therefore not exist is nonsense. Eric From edgar at spectrx.Saigon.COM Mon Apr 12 10:29:20 1993 From: edgar at spectrx.Saigon.COM (Edgar W. Swank) Date: Mon, 12 Apr 93 10:29:20 PDT Subject: PGP: Re: PGP Error Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Michael Diehl wrote on April 6: When I use the following command line in a batch file, I get a Compression/ decompression error. No files are created. The contents of the batch file is: pgp -es %1 %2 Diehl Where %1 is the name of the file to send, and %2 is the other person's name. What am I doing wrong, or is ther a problem with my pgp? I think there's a problem with PGP. A net-friend of mine in Poland first brought this to my attention. He says he's already notified PGP author Branko Lankester. The problem's occurance seems to depend on the file being compressed/encrypted. Files which are already compressed, but are not ZIP files (e.g. ARJ files) seem to cause the problem. I was able to reproduce a similar problem by trying to compress ARJ.EXE (ARJ 2.30). In my case, the system crashed shortly - -after- PGP exited, and some of the armored files produced (I used - -eas) were obviously messed up. The obvious temporary bypass is to turn off compression for files which cause problems; not much of a penalty, since the file is already compressed. This can be done by a (temporary) change to the CONFIG.TXT file. I think there may also be an (undocumented) way to do this from the command line. Try: +compress=off -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK8YEFN4nNf3ah8DHAQH1IgP9E0gvLSF2DQ5dkVcyXGGLZa4+bCcZ0kOM TefqfqFZLjU4MvOPMzXzkB01aDpg1IUyfExJazNjADCrbJKqFoZymyhuB+X6KMmy faTyFGsCeNcpA5x897qwsD/M7zM3j7EVauctAjNBTM9t/34eTuaYuesPPBmEaUcS yp7J1VOvbWM= =8+bK -----END PGP SIGNATURE----- -- edgar at spectrx.saigon.com (Edgar W. Swank) SPECTROX SYSTEMS +1.408.252.1005 Silicon Valley, Ca From miron at extropia.wimsey.com Mon Apr 12 10:54:16 1993 From: miron at extropia.wimsey.com (Miron Cuperman) Date: Mon, 12 Apr 93 10:54:16 PDT Subject: Modem encryption proposal In-Reply-To: <01930407174710_0005857625DC2EM@mcimail.com> Message-ID: <1993Apr12.030810.5488@extropia.wimsey.bc.ca> -----BEGIN PGP SIGNED MESSAGE----- Let's talk less and do more. :) How about adding encryption to kermit and iScreen so that they may talk to each other in a secure manner? I am proposing these two programs because they are widely portable. kermit works on most Unix and MSDOS systems. iScreen works on most Unix systems. (Note that this would solve the network/modem eavesdropping problem, but not the untrusted remote system problem. The latter has no solution in my opinion. You just have to trust the sysadmin.) I propose writing a link encryption library which could be usable in other comm and BBS programs. Any takers? BTW, watch for an encrypted Unix talk program coming to a ftp site near you. - -- Miron Cuperman | NeXTmail/Mime ok | Public key avail AMIX: MCuperman | PSM 18Mar93 0/0 Laissez faire, laissez passer. Le monde va de lui meme. -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK8jc6pNxvvA36ONDAQEJlAP9HYJ94Ll7H0YHr5tNj3Kp3xQ8WRryyO2W BNLKYhBvoPapNMZ/4mPiPSgVZw8Tu/JXFdVtbhhA2Q7u8ef7+daf2g/fyi4M1Mb4 0a9+AKjDG6FvwMMo4AjlqTG1x0+Xl/YeizBqD1hVW/2pAu3I7IyvZavWY2HkVwwD tTDfiOSIxVk= =zhoD -----END PGP SIGNATURE----- From norm at netcom.com Mon Apr 12 10:54:32 1993 From: norm at netcom.com (Norman Hardy) Date: Mon, 12 Apr 93 10:54:32 PDT Subject: Trusting PGP Message-ID: <9304120442.AA28271@netcom2.netcom.com> At last I have read the operating instructions for PGP 2.2. I am impressed. I raised the issue of trusting PGP. John Draper correctly suggested that it was possible to trust PGP because the code was available for inspection. I agree that this places PGP far ahead of various competition regarding trust. I propose, however, that if there were a single specification that covered various file formats and perhaps program logic, that PGP would eventually gain substantially more trust. Here is why. As it is now, someone who reads the code to establish his trust in PGP must be familiar with C, in which PGP is written, number theory and various crypto threats and weaknesses. There are certainly such people. If, however, there were one operating specification then many more people would be attracted to the effort, ultimately yielding greater trust in PGP. Cryptographers without the skill or tenacity to read the code could contribute, as could programmers without the crypto theory. Each class would consult the specs, the programmers to verify that the code implemented the specs and the cryptographers to ponder whether programs with such specs were appropriate for their market. Such specifications are required for government rated secure software for just this reason. From david at staff.udc.upenn.edu Mon Apr 12 11:10:31 1993 From: david at staff.udc.upenn.edu (R. David Murray) Date: Mon, 12 Apr 93 11:10:31 PDT Subject: forward: cryptanalysis talk abstract Message-ID: <9304121808.AA14458@staff.udc.upenn.edu> Thought people might find this abstract of a talk being given here at Penn of some interest. Please let me know if I'm wrong . (And, no, I won't be attending; almost all of it would be over my head. What is in this abstract is probably as much of it as I could understand without considerable preparation ). ------------------------------------------------------------------------ In article <119753 at netnews.upenn.edu>, holland at central.cis.upenn.edu (Billie Holland) writes: > > Statistical Techniques for Language Recognition: > An Introduction and Empirical Study for Cryptanalysts > > Alan T. Sherman > Computer Science Department > University of Maryland Baltimore County > > In cryptanalysis, how can a computer program recognize when it has > discovered all or part of the secret message? For example, how can a > program recognize character strings such as ``Attack at dawn!'', > ``DES at RT ST\&RM'', or ``?tta????t d?wn'' as fragments of intelligible > messages? In the early days of cryptology a human would perform these > language-recognition tasks manually. In this talk I will explain how > to recognize language automatically with statistical techniques. > > Statistical techniques provide powerful tools for solving several > language-recognition problems that arise in cryptanalysis and other > domains. Language recognition is important in cryptanalysis because, > among other applications, an exhaustive key search of any cryptosystem > from ciphertext alone requires a test that recognizes valid plaintext. > Although I will focus on cryptanalysis, this talk should be relevant > to anyone interested in statistical inference on Markov chains or > applied language recognition. > > Modeling language as a finite stationary Markov process, I will adapt > a statistical model of pattern recognition to language recognition. > Within this framework I will consider four well-defined > language-recognition problems: 1) recognizing a known language, 2) > distinguishing a known language from uniform noise, 3) distinguishing > unknown 0th-order noise from unknown 1st-order language, and 4) > detecting non-uniform unknown language. For the second problem I will > give a most powerful test based on the Neyman-Pearson Lemma. For the > other problems, which typically have no uniformly most powerful tests, > I will give likelihood ratio tests. I will also discuss the > chi-squared test statistic $X^2$ and the Index of Coincidence $IC$. > > In addition, I will present the results of computer experiments that > characterize the distributions of five test statistics when applied to > strings of various lengths drawn from nine types of real and simulated > English. > > > This is joint work with Ravi Ganesan. Most of this work was carried > out while Sherman was a member of the Institute for Advanced Computer > Studies, University of Maryland College Park. > > Thursday, 15 April 93 > TOWNE BUILDING - 337 > 3:00 - 4:30 > -- david david at staff.udc.upenn.edu From mdiehl at triton.unm.edu Mon Apr 12 11:15:54 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Mon, 12 Apr 93 11:15:54 PDT Subject: how secure is secring.pgp? Message-ID: <9304120127.AA06741@triton.unm.edu> Yet another pgp question... We don't get any pgp news groups here. Since we need a passphrase to access our secret key, it is reasonable to think that our secring.pgp file is pretty secure, as long as our passphrase is notrivial. What am I missing here? Thanx in advance. +----------------------+----------------------------------------------------+ | J. Michael Diehl ;-) | I thought I was wrong once. But, I was mistaken. | | +----------------------------------------------------+ | mdiehl at triton.unm.edu| "I'm just looking for the opportunity to be | | Thunder at forum | Politically Incorrect! | | (505) 299-2282 | | +----------------------+----------------------------------------------------+ From sdw at sdwsys.lig.net Mon Apr 12 11:20:59 1993 From: sdw at sdwsys.lig.net (Stephen D. Williams) Date: Mon, 12 Apr 93 11:20:59 PDT Subject: Distributed anonymous posting (was Re: Many Important Items...) In-Reply-To: <9303260725.AA23290@soda.berkeley.edu> Message-ID: <9304120045.AA13308@sdwsys.lig.net> ... > > A soft node necessity: a directory lookup service, distributed, > sharing data. Merely specifying the first point of contact and > alternate paths doesn't cut it. You don't want to have to retry a > bounced message so many times. > > Who here knows enough about sendmail to consider the eventual > feasibility of integrating pseudonym lookup into mail transfer? > > Eric Hey, no problem! Just use the same escape call as the uucp pathalias. When integrating an Internet/DNS aware gateway with 1200 Unix workstations using /etc/hosts (no domain) and an X.400 connection to a VMS X.400 backbone, I hooked in a little C program that converted all the addressing to proper formats while also looking up userid's <-> fullnames in a B+tree database. I even did fuzzy matching on names on a best-unique or exact basis. Blew away X.500 functionality, which Dec and HP didn't even have integrated with X.400 at the time. Just need a program that takes an address on the command line and returns it possibly modified with a yey or ney return code. sdw From stig at netcom.com Mon Apr 12 11:50:17 1993 From: stig at netcom.com (Jonathan Stigelman) Date: Mon, 12 Apr 93 11:50:17 PDT Subject: Real-time BBS Encryption?? In-Reply-To: Message-ID: <9304120103.AA11884@netcom2.netcom.com> >I haven't fussed around with offline readers much, but I'll bet it'd be >pretty simple to add a step to the collection/.ZIP process, which would >encrypt the whole package with some prearranged key. that's vulnerable...it's the secret key problem. The ELEGANT way to do this with encription is to just make a normal ZIP file, but then build diffie-hellman into your file downloader (zmodem). This is also the least work solution. SO, since we're talking about offline mail readers... Whats the best one for the PC that works (or can easily be made to work) with rfc822 mail files? There's pcelm, which sucks...and there's mush, which is slooooow as hell because of all the overlays. I was writing my own, but I got side-tracked...somebody want to save me some programming? From hughes at soda.berkeley.edu Mon Apr 12 11:57:22 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Mon, 12 Apr 93 11:57:22 PDT Subject: a new usenet group Message-ID: <9304121854.AA06143@soda.berkeley.edu> There is a new Usenet group that some on this list might be interested in. It's called alt.privacy.anon-server This group seems to have been created as a spillover for the debate on anonymity in news.admin.policy. My nntp server has seen less than 100 articles to date. I would encourage those in this group who have strong opinions to participate in this new forum, as it seems the advocates of strong privacy are not so numerous as they are here. Eric From mike at EGFABT.ORG Mon Apr 12 12:14:20 1993 From: mike at EGFABT.ORG (Mike Sherwood) Date: Mon, 12 Apr 93 12:14:20 PDT Subject: REMAIL: cypherpunks strategy In-Reply-To: <9304110718.AA19161@netcom4.netcom.com> Message-ID: norm at netcom.com (Norman Hardy) writes: > I just got around to Greg Broiles interesting note where he describes > his practice of using several account names. He feels apologetic about it. > Authors have used pen-names for a long time without opprobrium. > The mathematician Eric Temple Bell wrote science fiction under the pen name > "John Taine". Several authors have written different styles of works, > one pen name per style. As I understand the law there is nothing illegal > in using an alias as long as the purpose is not fraud, which is already > illegal. One must protect the reputation of each alias. > Where aliases are common negative reputations loose their bite but the > benefits of positive reputations provide incentives for good behavior. How does everyone else feel about the idea of maintaining multiple accounts as a method of maintaining pseudo-anonymity? I commonly use two accounts on each of my systems, one by my real name, one by my alias, which is the same everywhere. The purpose of this is to allow me to send or recieve mail to/from people who I know from other bbs's and such and relay information in that way without giving them my real name. as greg pointed out, it's very easy to have multiple accounts; some of us run sites that give us the ability to create pseudo-users, and pseudo-sites for that matter, and others can make use of public bbs's with net access. I know of a few bbs's in my area (silicon valley) that offer net access and don't do any sort of validation, making it very simple to set up and maintain multiple accounts. How do people feel about doing something like this rather than using remailers since it seems that a lot of problems come up when people run remailers and start getting complaints? -Mike -- Mike Sherwood internet: mike at EGFABT.ORG uucp: ...!sgiblab!egfabt!mike From pmetzger at shearson.com Mon Apr 12 12:24:30 1993 From: pmetzger at shearson.com (Perry E. Metzger) Date: Mon, 12 Apr 93 12:24:30 PDT Subject: Modem encryption proposal In-Reply-To: <1993Apr12.030810.5488@extropia.wimsey.bc.ca> Message-ID: <9304121904.AA01126@snark.shearson.com> Miron Cuperman says: > Let's talk less and do more. :) > > How about adding encryption to kermit and iScreen so that they may > talk to each other in a secure manner? I am proposing these two > programs because they are widely portable. kermit works on most > Unix and MSDOS systems. iScreen works on most Unix systems. > > (Note that this would solve the network/modem eavesdropping problem, > but not the untrusted remote system problem. The latter has no > solution in my opinion. You just have to trust the sysadmin.) > > I propose writing a link encryption library which could be usable > in other comm and BBS programs. A good idea, but getting the protocol right is hard -- you don't want to put any real overhead on the line, but you also want to do error detection and resychronization so that your cypher will run properly. Discussing a proposal for a line protocol that has these features would, of course, be germane to the list. Perry From stig at netcom.com Mon Apr 12 12:27:09 1993 From: stig at netcom.com (Jonathan Stigelman) Date: Mon, 12 Apr 93 12:27:09 PDT Subject: Help, please. In-Reply-To: <9304082217.AA07305@shadow.ksu.ksu.edu> Message-ID: <9304120053.AA11205@netcom2.netcom.com> Not that I'm exactly of godlike hacking proportions, but these are obvious to me.... patience, persistance, obsessiveness, curiousity also, there's no such thing as a dumb question, but it's not terribly difficult to ask questions in the wrong place and,thereby, waste other people's time and piss them off. Your question isn't terribly appropriate to the cypherpunks list and it's so amazingly general that you won't get anything but a general answer. the most important thing about being a hacker is working with other hackers. Despite common misperceptions, hacking is a social thing. stig From vanam at interceptor.ksu.ksu.edu Mon Apr 12 15:35:48 1993 From: vanam at interceptor.ksu.ksu.edu (Stephen LeeSecond son of Caine) Date: Mon, 12 Apr 93 15:35:48 PDT Subject: Thanks a lot!!!!! Message-ID: <9304122235.AA01870@interceptor.ksu.ksu.edu> Thank for your answers and any other help for a beginer would be helpful... But to all that answered Thanks again... Stephen From warlord at Athena.MIT.EDU Mon Apr 12 19:36:55 1993 From: warlord at Athena.MIT.EDU (Derek Atkins) Date: Mon, 12 Apr 93 19:36:55 PDT Subject: how secure is secring.pgp? In-Reply-To: <9304120127.AA06741@triton.unm.edu> Message-ID: <9304130236.AA01768@hodge> -----BEGIN PGP SIGNED MESSAGE----- > Since we need a passphrase to access our secret key, it is > reasonable to think that our secring.pgp file is pretty secure, as > long as our passphrase is notrivial. What am I missing here? The secret key on the secring.pgp is IDEA-encrypted... So, it is only as strong as IDEA, and your passphrase. To break the security, someone needs to be able to: 1) Obtain your secret keyring.. This is either watching it go over the net, reading the file system, borrowing your floppy, or whatever, and 2) Obtain your secret passphrase... Only when both are accomplished can they get to your secret key, although once they have accomplished #1, they can try to break the IDEA algorithm... - -derek PGP 2 key available upon request on the key-server: pgp-public-keys at toxicwaste.mit.edu - -- Derek Atkins, MIT '93, Electrical Engineering and Computer Science Secretary, MIT Student Information Processing Board (SIPB) MIT Media Laboratory, Speech Research Group warlord at MIT.EDU PP-ASEL N1NWH -----BEGIN PGP SIGNATURE----- Version: 2.2 iQBuAgUBK8onIzh0K1zBsGrxAQHn0QLECpGbaKS3PpXdJTE0956AkeaYGuZGATJ3 Jgq7I/cEB5l2e3PPr31xdctywTi/+RBIKOJEVokPO9UMsu5KQvwngHta7NeYF8UB qS3wPDH85ro60H4fFsg/s6E= =4s7l -----END PGP SIGNATURE----- From marc at GZA.COM Mon Apr 12 20:01:11 1993 From: marc at GZA.COM (Marc Horowitz) Date: Mon, 12 Apr 93 20:01:11 PDT Subject: Security Dynamics In-Reply-To: <9304121649.AA26494@soda.berkeley.edu> Message-ID: <9304130302.AA02654@pad-thai.aktis.com> >> Now, if the number changes every minute, that's a little over 10,000 >> samples in a week, certainly enough to determine if they are using >> weak random number generation. 1) not true. I read an article about a pseudorandom number generator which appeared random to every test they used on it. Then they went and did a monte carlo simulation of something based on that prng. Guess what? It wasn't quite random enough. Lesson: it can be *very* hard to determine randomness. 2) The sequence is not random. It is cryptographically pseudorandom. This is very different. 3) A friend who has a significant math background in crypto stuff has seen the Security Dynamics algorithms (under non-disclosure), and says that they're credible. That vouches for their theory. That they insist on programming the cards and keeping the keys themselves, and that they do not allow you to program the cards yourself, is a major problem, no matter how good their math is. Marc From honey at citi.umich.edu Mon Apr 12 22:17:12 1993 From: honey at citi.umich.edu (Peter Honeyman) Date: Mon, 12 Apr 93 22:17:12 PDT Subject: Security Dynamics Message-ID: <9304130517.AA24164@toad.com> > I read an article about a pseudorandom number generator > which appeared random to every test they used on it. Then they went > and did a monte carlo simulation of something based on that prng. > Guess what? It wasn't quite random enough. Lesson: it can be *very* > hard to determine randomness. if this is the phys. rev. let. paper by ferenburg et al., there's a postscript copy up for ftp in csp2.csp.uga.edu:/pub/documents/amf1/. i can summarize. their simulations were based on five to ten runs, with 10^7 updates per run. they aren't precise about the exact number of random numbers needed, at least not in this paper, but i assume it's in the order of one per update, in which case 10,000 would not be enough. more info can be gleaned from the paper in /pub/documents/adler3/. they compared four basic rngs. a linear congruential algorithm (cong) x[n] = (16807 * x[n-1]) mod 2^31-1 two different shift register algorithms (sr250 and sr1279) x[n] = x[n-103] xor x[n-250] x[n] = x[n-103] xor x[n-1279] a subtract with carry generator algorithm (swc) x[n] = x[n-22] - x[n-43] - c if x[n] < 0 { x[n] += 2^32 - 5 c = 1 } else c = 0 a combined swc-Weyl generator (swcw) y[n] = (y[n-1] - 362436069) mod 2^32 x[n] = (swc[n] - y[n]) mod 2^32 the authors report that the tables were initialized with some care (i.e., with cong). the result reported in the phys rev let paper is that r250 gave results that were way off (the model being simulated has an exact solution), swc was better, but had error in the opposite direction, swcw was better but still showed signs of bias, and cong was within error limits. they also report that r1279 was much better than r250, but the tables are missing from the paper, so ... on the other hand, using every fifth value from r250 gave results within error limits. same with swc. odd ... maybe someone can comment on the particular rngs being tested here. they don't look particularly sophisticated to me, although the authors describe them as "ostensibly high quality rngs." hmmm ... looking over thir recent pubs, it doesn't look like this group (of statistical physicists) is following up on the rng testing angle. peter From i6t4 at jupiter.sun.csd.unb.ca Mon Apr 12 23:29:09 1993 From: i6t4 at jupiter.sun.csd.unb.ca (Nickey MacDonald) Date: Mon, 12 Apr 93 23:29:09 PDT Subject: Modem encryption proposal In-Reply-To: <9304121904.AA01126@snark.shearson.com> Message-ID: Perry: I may have missed something, but I don't see where synchronization is a concern. The whole of idea of Kermit is to provide a "binary" path between two computers. It is Kermit's responsibility to ensure the data is received in the same order as sent (sychronization is part of the Kermit protocol, no?). If we have a data stream coming from a keyboard or whatever, which we run through an invertable encryption algorithm, and then pipe it into Kermit which makes sure it gets to the other side, Kermit need not know where the data is coming from. The other side of course has to know the protocol and the key... I believe that Kermit allows variable sized packets per file transferred, but does it allow the packet size to vary during the transfer? I'd have to go find my Kermit protocol reference on that one. You would want this, as well as a relaxed timing on the protocol, if its to come from the keyboard, as a user does not (and/or cannot) normally type as a consistant rate... --- Nick MacDonald | NMD on IRC i6t4 at jupiter.sun.csd.unb.ca | PGP 2.1 Public key available via finger On Mon, 12 Apr 1993, Perry E. Metzger wrote: > A good idea, but getting the protocol right is hard -- you don't want > to put any real overhead on the line, but you also want to do error > detection and resychronization so that your cypher will run properly. > Discussing a proposal for a line protocol that has these features > would, of course, be germane to the list. From karn at qualcomm.com Mon Apr 12 23:36:15 1993 From: karn at qualcomm.com (Phil Karn) Date: Mon, 12 Apr 93 23:36:15 PDT Subject: FWEE!: kiosks Message-ID: <9304130636.AA27437@servo> Eric's comment about the complementary natures of a public kiosk and a person's home suggests a hybrid whistleblowing scheme that combines the best of both. The whistleblower creates his file in the privacy of his own home on a floppy disk, encrypts it in the public key of the whistleblowing system, and carries it to a public kiosk where he sends it. This gives the whistleblower plenty of time and quite a bit of privacy as he composes his message (unless the PTB have bugged his home computer, a possibility for a suspected repeat "offender"). The step of physically carrying his file to the kiosk eliminates anything that could be done to the whistleblower's phone (including traffic analysis), although it would not stop physical surveillance of the whistleblower. And if the whistleblower is accosted on his way to the kiosk, all they could seize would be the ciphertext of his message, encrypted in the public key of the whistleblowing service -- which the whistleblower himself would not be able to decrypt even if he wanted to. Think of the kiosk more as a public mailbox than a public phone. Phil From karn at qualcomm.com Tue Apr 13 00:21:26 1993 From: karn at qualcomm.com (Phil Karn) Date: Tue, 13 Apr 93 00:21:26 PDT Subject: Modem encryption proposal Message-ID: <9304130721.AA29941@servo> Crypto synchronization seems to be a problem mainly in real-time appliations like digital voice, where you don't have a reliable protocol underneath you. I advocate two approaches that don't seem to have been pursued much yet, at least in the Internet: per-packet encryption (and possibly) authentication) just above the IP layer, and stream encryption just above TCP. The former technique has the advantage of denying your adversary the maximum amount of information, because only the IP header is in the clear. The transport header and all user data is protected, so an eavesdropper can't tell which applications are communicating. And with IP-in-IP encapsulation, you can even deny him knowledge about which machines are actually communicating - a network-level service analogous to anonymous remailers. With authentication, network level security also provides good protection against replay attacks. The latter technique (encrypting above TCP) has the advantage of being more efficient (it doesn't break Van Jacobson TCP/IP header compression), which may make it desirable for some interactive sessions. This is essentially how encrypted Kerberos Telnet works now, although I would like to generalize the service to work with any TCP client. Phil From karn at qualcomm.com Tue Apr 13 01:15:15 1993 From: karn at qualcomm.com (Phil Karn) Date: Tue, 13 Apr 93 01:15:15 PDT Subject: Security Dynamics Message-ID: <9304130815.AA00379@servo> Several years ago, before leaving Bellcore, I got so annoyed at the SecurID cards and how they were being foisted on us by a paranoid security organization that I built an alternative one-time password system of my own. It's now called "S/KEY" (no, I didn't pick the name). Essentially, I reinvented a scheme of Leslie Lamport involving iterated one way functions. Each time you log in, you crunch your password N-1 times through a one-way function like MD4 or MD5, where N is the number of times you did it last time. The host crunches it once more (to make its password file somewhat less sensitive) and compares it to the stored password. If it matches, the file is updated and you get in. A passive eavesdropper cannot generate the next password in the sequence from the current one because that would require inverting the one-way function. The nice thing about this scheme is that it provides essentially the same service as SecurID (protection against passive eavesdropping of user passwords) without having to pay exhorbitant prices for cards and integrating some really clunky hardware into your host. You have the option of building the algorithm into your own comm programs, or even the ultra-low-tech option of printing out a list in advance and putting it in your wallet. (Use rice paper if you fear capture - you can eat it! :-)) The bad thing about this scheme is that it provides no more protection than SecurID -- it doesn't stop someone from hijacking your session after you've authenticated it, nor does it protect the session itself against eavesdropping. And frankly, at the time I was more concerned about the security droids reading my email off the Ethernet than I was about some outside cracker guessing my password. Phil From warlord at Athena.MIT.EDU Tue Apr 13 02:46:14 1993 From: warlord at Athena.MIT.EDU (Derek Atkins) Date: Tue, 13 Apr 93 02:46:14 PDT Subject: Modem encryption proposal In-Reply-To: <9304130721.AA29941@servo> Message-ID: <9304130945.AA02555@hodge> -----BEGIN PGP SIGNED MESSAGE----- > Crypto synchronization seems to be a problem mainly in real-time > appliations like digital voice, where you don't have a reliable > protocol underneath you. Phil, there is more to this than meets the eye. What happens if I, as an attacker, start feeding extra characters onto the modem line? Granted, I wont know what you are saying, since the link is encrypted, but if I can get an extra character on there, then the decryption will lose sync, and wont return the proper value... For example... Sender: more foo Encrypted data: HaoVwAog Received data: HaooVwAog Decrypted: morOmf&sm Now what? The sender and receiver are out of sync.... I believe this was what Nickey was talking about.. I was discussing this problem with a few people and haven't come up with a good, viable solution... yet. > This is essentially how encrypted Kerberos Telnet works now, > although I would like to generalize the service to work with any TCP > client. Uhh, there is a kstream package somewhere (or am I thinking of vapor-ware, it's late and I'm tried). This wouldn't be very hard to create. In fact, I was hoping to do something like this with my Thesis... Although it might get left for "future work". This depends upon having a clearly denoted stream, which neither telnet nor kermit provide a good interface. (Trust me on this -- it took me a while to try to create one for the little I've hacked them for my Thesis). - -derek PGP 2 key available upon request on the key-server: pgp-public-keys at toxicwaste.mit.edu - -- Derek Atkins, MIT '93, Electrical Engineering and Computer Science Secretary, MIT Student Information Processing Board (SIPB) MIT Media Laboratory, Speech Research Group warlord at MIT.EDU PP-ASEL N1NWH -----BEGIN PGP SIGNATURE----- Version: 2.2 iQBuAgUBK8qLvTh0K1zBsGrxAQG39QLFFn0/Nz1zVRi6kHp+j+R0KAQQlEL6588d RfSshGGFhuXIJE/S8BP8kqLrKeSeRgSbil3zBLQZNeconnExaq6VUeO5Yvn9U/0S cHggKYBTlcz1zqjp7BLxLz8= =TBaq -----END PGP SIGNATURE----- From pmetzger at lehman.com Tue Apr 13 07:40:28 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Tue, 13 Apr 93 07:40:28 PDT Subject: Modem encryption proposal In-Reply-To: Message-ID: <9304131439.AA06324@snark.shearson.com> Nickey MacDonald says: > I may have missed something, but I don't see where synchronization is a > concern. The whole of idea of Kermit is to provide a "binary" path > between two computers. It is Kermit's responsibility to ensure the data > is received in the same order as sent (sychronization is part of the > Kermit protocol, no?). I don't belive people were talking about Kermit the Protocol. They were talking about Kermit the PD terminal emulation software, which contains Kermit the Protocol. Obviously the protocol can handle error correction -- but that does nothing for you if you want to log in to a machine and do arbitrary things. Perry From hughes at soda.berkeley.edu Tue Apr 13 08:15:58 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Tue, 13 Apr 93 08:15:58 PDT Subject: FWEE!: kiosks In-Reply-To: <9304130636.AA27437@servo> Message-ID: <9304131512.AA13719@soda.berkeley.edu> >The whistleblower creates his file in the privacy >of his own home on a floppy disk, encrypts it in the public key of >the whistleblowing system, and carries it to a public kiosk where he >sends it. This is the ideal scenario. I suspect that kiosks for other purposes will eventually contain some form of user-available I/O. I'm guessing it will be infrared, maybe rs232 serial. Diskette drives are too vulnerable and expensive to be feasible in a pay phone environment; they're called armor phones, and for good reason. In particular, sfnet doesn't have diskette access. No bother, we're not going to create the best system on the first revision. A good enough system will drive later systems. Eric From hughes at soda.berkeley.edu Tue Apr 13 08:18:34 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Tue, 13 Apr 93 08:18:34 PDT Subject: Security Dynamics In-Reply-To: <9304130517.AA24164@toad.com> Message-ID: <9304131515.AA13826@soda.berkeley.edu> Re: checking distribution in 10^4 samples >their simulations were based on five to ten runs, with 10^7 updates >per run. they aren't precise about the exact number of random >numbers needed, at least not in this paper, but i assume it's in the >order of one per update, in which case 10,000 would not be enough. The method of randomness-checking done here is to run a physical simulation with the random numbers. Direct statistical methods are much more efficient. Eric From hughes at soda.berkeley.edu Tue Apr 13 08:29:10 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Tue, 13 Apr 93 08:29:10 PDT Subject: Security Dynamics In-Reply-To: <9304130302.AA02654@pad-thai.aktis.com> Message-ID: <9304131525.AA14338@soda.berkeley.edu> >>> Now, if the number changes every minute, that's a little over 10,000 >>> samples in a week, certainly enough to determine if they are using >>> weak random number generation. >1) not true. I read an article about a pseudorandom number generator >which appeared random to every test they used on it. [...] Lesson: >it can be *very* hard to determine randomness. The experiment I was proposing would possibly answer 'yes' to the question "Is the number generation weak?" It would not say how strong it was, or even if it was strong. it would, however, give some lower bound on its strength or else show that it was in fact not very strong at all. >2) The sequence is not random. It is cryptographically pseudorandom. >This is very different. Since we are talking about a device in which a sequence is duplicated on two ends, I did not feel the need to belabor the difference between pseudorandom and random. The context makes it clear that this can't be a random device based on a physically random process. >3) A friend who has a significant math background in crypto stuff has >seen the Security Dynamics algorithms (under non-disclosure), and says >that they're credible. That bit of information may mean that a 10^4 sample test is not worth doing. >That vouches for their theory. That changes our trust from no trust at all into trust in your friend's ability and your assessment of it. :-) >That they >insist on programming the cards and keeping the keys themselves, and >that they do not allow you to program the cards yourself, is a major >problem, no matter how good their math is. Granted. Their keeping the keys is worth, say, using a linear congruential generator (or worse) in terms of overall security. I was merely curious as to whether they were fools on all fronts, as opposed just to the secrecy front. Eric From hughes at soda.berkeley.edu Tue Apr 13 08:41:42 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Tue, 13 Apr 93 08:41:42 PDT Subject: how secure is secring.pgp? In-Reply-To: <9304130236.AA01768@hodge> Message-ID: <9304131538.AA14939@soda.berkeley.edu> I've-forgotten-who writes: >> Since we need a passphrase to access our secret key, it is >> reasonable to think that our secring.pgp file is pretty secure, as >> long as our passphrase is notrivial. What am I missing here? There are two security items here. The first is that the secret RSA key nott be revealed. The second is that the name attached to that key pair not be revealed. Derek writes: >The secret key on the secring.pgp is IDEA-encrypted... So, it is only >as strong as IDEA, and your passphrase. This protection applies to the first criterion--your secret key is not revealed. No one can steal your key and impersonate you. The second datum, name attached to a key, is protected only by one's sole possession of the secring.pgp file. If you are using a pseudonym, and using an RSA signature to enforce it, and doing thing with this pseudonym that you don't want identified with you, then you'd better make sure that secring.pgp file is not discovered on your machine. The format of the keyring file is such that the name attached to a key is in the clear. This is really a huge hole. Since secret keys are presumed to be in the possession of only those who actually use the keys, possession of a secret key on the secring.pgp is tantamount to proof that you are that pseudonym. In short: everything about a secret key ring should be encrypted. A parallel (not as consequential): everything about a public key ring should be encrypted. Eric From hughes at soda.berkeley.edu Tue Apr 13 09:02:00 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Tue, 13 Apr 93 09:02:00 PDT Subject: forward: cryptanalysis talk abstract In-Reply-To: <9304121808.AA14458@staff.udc.upenn.edu> Message-ID: <9304131558.AA16178@soda.berkeley.edu> >> Language recognition is important in cryptanalysis because, >> among other applications, an exhaustive key search of any cryptosystem >> from ciphertext alone requires a test that recognizes valid plaintext. For exhaustive key search on any reasonably good symmetric cipher (like DES), some simple entropy measure for n-bit-grams should suffice to distinguish random from non-random. These other approaches in this talk seem like overkill in this context. But then again, maybe we're trying to break Enigma. :-) >> Modeling language as a finite stationary Markov process, A finite stationary Markov process is large fancy math-speak for what a travesty generator does. "finite" means that the total number of states is finite, and that means you get to use matrices instead of kernel integrals, which means that your averagely educated scientist can follow this. "stationary" means that the transition matrix is not a function of time, that is, it's a constant matrix. This means that time appears only in an exponent. A "Markov process" is a transition from one state to another, probabilistically. (Approximately. All these definitions are meant to explain, not to define.) The talk looks interesting, to be sure, but it looks more significant for making a better /etc/magic for file(1) than it does for cryptanalysis. Eric From eichin at cygnus.com Tue Apr 13 11:25:32 1993 From: eichin at cygnus.com (Mark Eichin) Date: Tue, 13 Apr 93 11:25:32 PDT Subject: Modem encryption proposal In-Reply-To: <9304130945.AA02555@hodge> Message-ID: <9304131825.AA04147@cygnus.com> >> Uhh, there is a kstream package somewhere (or am I thinking of >> vapor-ware, it's late and I'm tried). This wouldn't be very hard to kstream was written by Ken Raeburn of Cygnus as part of our Cygnus Network Security work (support for Kerberos V4) and was included in the MIT Kerberos V4 patchlevel 10 "final" release. Our kerberized rlogin and rcp use it to handle encryption, it cleans up the code a bit and makes it easier to modify other programs. _Mark_ MIT Student Information Processing Board Cygnus Support From marc at GZA.COM Tue Apr 13 16:20:28 1993 From: marc at GZA.COM (Marc Horowitz) Date: Tue, 13 Apr 93 16:20:28 PDT Subject: how secure is secring.pgp? In-Reply-To: <9304131538.AA14939@soda.berkeley.edu> Message-ID: <9304132317.AA03404@dun-dun-noodles.aktis.com> >> There are two security items here. The first is that the secret RSA >> key nott be revealed. The second is that the name attached to that >> key pair not be revealed. I may be nitpicking here, but I have to argue. Although there is a relationship, security and privacy are not one and the same. You have named a security item, and a privacy item, not two security items. For privacy to exist, security may be necessary, but that doens't make it a security item. For instance, I trust my roommate to respect my privacy. There's no lock on my bedroom door. He knocks before coming in if I'm in there. This is a privacy system based on trust, not on security. I'm not proposing this model for the net, don't worry! (That's Dorothy Denning's job. :-) I'm just pointing out that privacy can exist without security, given appropriate constraints. Similarly, security can exist without privacy: You can clearsign a message w/o encrypting it. >> This is really a huge hole. Since secret keys are presumed to be in >> the possession of only those who actually use the keys, possession of >> a secret key on the secring.pgp is tantamount to proof that you are >> that pseudonym. I believe that the secring.pgp is secure, for most reasonable purposes. (You can debate this, but I'll just keep changing my definition of reasonable on you. So don't bother.) However, it is clearly not private. One could argue that the entire secring.pgp should be encrypted, and I might even agree with you. I'll have to think about it more. >> In short: everything about a secret key ring should be encrypted. >> >> A parallel (not as consequential): everything about a public key ring >> should be encrypted. The former point is probably true. However, the latter point is ludicrous, IMHO. If it's a public key, why should it be encrypted? The whole purpose of a public key is that it can be widely published. Encrypting it sort of kills the idea. If the name<->key mapping on the public key is protected, it's useless for me to know that key ID B4B951 signed some message. I want to know who that person is, or at least, who they claim to be. You could claim that the keyring identified the people with whom I talk, but that is easily overcome by just keeping a few thousand people on your keyring. Then the signal is buried in the noise. Even if you don't want someone's public key visible on your own keyring, it's still reasonable for their key to be published in some "global" directory, in the clear. Marc From sean at gomez.Jpl.Nasa.Gov Tue Apr 13 16:39:03 1993 From: sean at gomez.Jpl.Nasa.Gov (Sean Barrett) Date: Tue, 13 Apr 93 16:39:03 PDT Subject: Sign-off Message-ID: <9304132338.AA15246@gomez.Jpl.Nasa.Gov> Please remove me from this list. Thanks. -- Sean Barrett How many boards would the Mongols sean at pugsley.jpl.nasa.gov (fast) hoard, if the Mongol Hordes got bored? sbar at genie.geis.com (reliable) PGP key by finger or from key servers. From 72114.1712 at CompuServe.COM Tue Apr 13 17:27:44 1993 From: 72114.1712 at CompuServe.COM (Sandy) Date: Tue, 13 Apr 93 17:27:44 PDT Subject: Encrypted Cordless phones Message-ID: <930414002026_72114.1712_FHF79-1@CompuServe.COM> _________________________________________________________________ FROM THE VIRTUAL DESK OF SANDY SANDFORT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ At the Bay Area Cypherpunks meeting, I mentioned two cordless telephones that encrypt between the handset and the base unit. Here is some information about them. VTech Tropez 900DX Transmits signal digitally between handset and base unit on one of 20 channels in the 900 MHz band. Automatically selects one of over 65,000 digital security codes each time handset is returned to the base unit. Range is up to 800 meters; with up to 4.5 hours of continuous talk time. Suggested retail cost is $349.95. For more information: Steve Johnson, (503) 643-8981. PhoneMate 2910 Transmits signal digitally between handset and base unit on one of 10 channels in the 900 MHz band. Automatically selects one of over 1,000 digital security codes each time handset is returned to the base unit. Range is up to probably about the same as the VTech. No figures are given for talk time. Suggested retail price is $219.95. For more information: Suzanne Nastaskin, (310) 314-6649. Both phones have all the usual advanced features like auto-redial and such. Neither company's literature tells what encryption technology they uses. S a n d y _________________________________________________________________ PLEASE RESPOND TO: ssandfort at attmail.com (except from CompuServe) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From clark at metal.psu.edu Tue Apr 13 17:28:43 1993 From: clark at metal.psu.edu (Clark Reynard) Date: Tue, 13 Apr 93 17:28:43 PDT Subject: alt.whistleblowers Message-ID: <9304140125.AA16266@metal.psu.edu> I suggest that as a first step in the process of making alt.whistleblowers a reality, that we kick around the idea for a while, either here or on alt.config. If I receive a positive response, I will post the control message myself. Three possible choices of action: 1) Kick it around on alt.config. 2) Kick it around on news.groups, etc. 3) Kick it around here. 4) Don't even bother kicking it around; just create the group, and hell with anyone who doesn't like it. So, what's the general consensus on the best course of action? And, yes, I know that was four, and not three possible choices; it's probably really eight or ten. ---- Robert W. Clark rclark at nyx.cs.du.edu PGP signature available by mail or finger From hughes at soda.berkeley.edu Tue Apr 13 17:53:45 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Tue, 13 Apr 93 17:53:45 PDT Subject: how secure is secring.pgp? In-Reply-To: <9304132317.AA03404@dun-dun-noodles.aktis.com> Message-ID: <9304140050.AA03988@soda.berkeley.edu> I said: >>> There are two security items here. The first is that the secret RSA >>> key not be revealed. The second is that the name attached to that >>> key pair not be revealed. Marc said: >I may be nitpicking here, but I have to argue. Although there is a >relationship, security and privacy are not one and the same. You have >named a security item, and a privacy item, not two security items. As long as we're being precise, allow me to restate my claim. If you use a pseudonym with PGP, and you don't want it revealed, and for some reason it is revealed (through some other security breach), then the secret ring has a security failure (lack of encryption) which leads to a breach of privacy. The lack of encryption is a material cause of the privacy compromise. As far as I can tell, I was using security to refer to material causes and Marc was referring to end results. >I believe that the secring.pgp is secure, for most reasonable >purposes. So do I. On an encrypted file system, this is not nearly so large an issue. >>> A parallel (not as consequential): everything about a public key ring >>> should be encrypted. A point of clarification for below: that's one's own personal copy of a public key ring. >[... this] point is >ludicrous, IMHO. If it's a public key, why should it be encrypted? >The whole purpose of a public key is that it can be widely published. The point of a public key is that someone else can perform an operation that only you can undo (and vice-versa, properly stated). Public keys are for anybody that is not you. This does not mean that everyone will have them, or even that everyone should have them. The social form of fully published keys need not be the norm. >You could claim that the keyring >identified the people with whom I talk, but that is easily overcome by >just keeping a few thousand people on your keyring. If this is the only datum available, that would work. When another list is available to intersect your keyring with, the attempted diffusion may fail unexpectedly. Keeping your identities of your correspondents private (through a security mechanism on the keyring) is much the same as using some of the stronger forms of remailers that have been discussed. Eric From mark at coombs.anu.edu.au Tue Apr 13 18:17:29 1993 From: mark at coombs.anu.edu.au (Mark) Date: Tue, 13 Apr 93 18:17:29 PDT Subject: alt.whistleblowers In-Reply-To: <9304140125.AA16266@metal.psu.edu> Message-ID: <9304140117.AA19145@coombs.anu.edu.au> >4) Don't even bother kicking it around; just create the group, > and hell with anyone who doesn't like it. We're sposed to be anarchists right? :) 'sides alt.* groups come out daily with little or no discussion. Ours wont rock boats, at least in it's creation, the content is a different story. Personally I hope it doesnt degenrate into a narc fest for people who have grudges against people... that would be sad.. I vote to just make it. Not all will like it, but then they are maybe the ones who will feature in it (great way to shut them up :). Mark mark at coombs.anu.edu.au From jthomas at access.digex.com Tue Apr 13 19:18:30 1993 From: jthomas at access.digex.com (Joe Thomas) Date: Tue, 13 Apr 93 19:18:30 PDT Subject: alt.whistleblowers In-Reply-To: <9304140117.AA19145@coombs.anu.edu.au> Message-ID: On Wed, 14 Apr 1993, Mark wrote: > >4) Don't even bother kicking it around; just create the group, > > and hell with anyone who doesn't like it. > > We're sposed to be anarchists right? :) 'sides alt.* groups come out daily > with little or no discussion. Ours wont rock boats, at least in it's creation, > the content is a different story. Personally I hope it doesnt degenrate into a > narc fest for people who have grudges against people... that would be sad.. > > I vote to just make it. Not all will like it, but then they are maybe the ones > who will feature in it (great way to shut them up :). Couldn't hurt to mention it in alt.config. It would probably get a good response, and get propagated more widely (some newsadmins are a bit skeptical about newgroups from out of the blue...) Joe -- Joe Thomas PGP key available by request or by finger. PGP key fingerprint: 1E E1 B8 6E 49 67 C4 19 8B F1 E4 9D F0 6D 68 4B From marc at GZA.COM Tue Apr 13 20:11:29 1993 From: marc at GZA.COM (Marc Horowitz) Date: Tue, 13 Apr 93 20:11:29 PDT Subject: ["Vinton G. Cerf": Letter to Congress/RSA + DES] Message-ID: <9304140312.AA23170@pad-thai.aktis.com> Vint Cerf is a very well-known and respected person in the Internet community. I don't know if his testimony will mean anything, but it's interesting to read. Marc ------- Forwarded Message To: internauts:;@IETF.CNRI.Reston.VA.US Subject: Letter to Congress/RSA + DES Date: Tue, 13 Apr 93 20:26:01 -0400 Sender: cclark at IETF.CNRI.Reston.VA.US From: "Vinton G. Cerf" Dr. Vinton G. Cerf 3614 Camelot Drive Annandale, VA 22003-1302 11 April 1993 The Honorable Timothy Valentine Committee on Science, Space and Technology Subcommittee on Technology, Environment and Aviation House of Representatives Rayburn House Office Building Dear Chairman Valentine: I recently had the honor of testifying before the Subcommittee on Technology, Environment and Aviation during which time Representative Rohrabacher (R, California) made the request that I prepare correspondence to the committee concerning the present US policy on the export of hardware and software implementing the Data Encryption Standard (DES) and the RSA Public Key encryption algorithm (RSA). As you know, the DES was developed by the National Institute for Standards and Technology (NIST) in the mid-1970s, based on technology developed by Internatonal Business Machines (IBM). The details of the algorithm were made widely available to the public and considerable opportunity for public comment on the technology was offered. In the same general time period, two researchers at Stanford University (Martin Hellman and Whitfield Diffie) published a paper describing the possible existence of mathematical functions which, unlike the symmetric DES algorithm, could act in a special, pairwise fashion to support encryption and decryption. These so-called "public key algorithms" had the unusual property that one function would encrypt and the other decrypt -- differing from the symmetric DES in which a single function performs both operations. The public key system uses a pair of keys, one held private and the other made public. DES uses one key which is kept secret by all parties using it. Three researchers at MIT (Rivest, Shamir and Adelman) discovered an algorithm which met Hellman and Diffie's criteria. This algorithm is now called "RSA" in reference to its inventors. The RSA technology was patented by Stanford and MIT and a company, Public Key Partners (PKP), created to manage licensing of the RSA technology. A company called RSA Data Security, Inc., was also formed, which licensed the technology from PKP and markets products to the public based on the technology. The current policy of the United States places DES and RSA technology under export control. Because cryptography falls into the category of munitions, it is controlled not only by the Commerce Department but also by the State Department under the terms of the International Traffic in Arms regulations. Despite the public development of both of these technologies and their documented availability outside the United States over the last 15 years, US policy has been uniformly restrictive concerning export licensing. As the United States and the rest of the world enter more fully into the Information Age in which digital communications plays a critical role in the global infrastructure, the "digital signature" capability of public key cryptography is a critical necessity for validating business transactions and for identifying ownership of intellectual property expressed in digital electronic forms. Registration and transfer of intellectual property rights in works which can be represented in digital form will be cenral factors in the national and global information infrastructure. A number of parties are exploring technical means for carrying out rights registration and transfer, making use of public key cryptography as a basic tool. In addition, there is a great deal of current work on electronic mail systems which support privacy by means of encryption and support authenticity by means of digital signatures. One of these systems, developed in the Internet environment I mentioned in my testimony, is called Privacy-enhanced Mail (PEM) and makes use of DES, RSA and some other special "hash" functions which are integral to the production of digital signatures. For these various systems to be compatible on an international basis, it would be very helpful for the cryptographic components to be exportable on a world-wide basis. A number of vendors make produces relying on these technologies within the United States but often find it very difficult to engage in international commerce owing to the export licensing required for these technologies. Ironically, the technology appears to be widely available outside the US and also outside the COCOM countries, so US firms face both competition outside the US and export inhibitions in their attempts to develop worldwide markets. There are many valid national security reasons for limiting the export of cryptographic capabilities, since these technologies may aid an opponent in time of war or other conflict. Perhaps just as important, US intelligence gathering capability can be eroded by the availability of high grade cryptography on a worldwide basis. Recently, it has also been alleged that the world-wide availability of cryptography would also seriously impede US drug enforcement and anti-crime efforts. While these reasons seem sufficient, many have pointed out that the widespread accessibility to the detailed specifications of DES and RSA and availability and existence of software and hardware outside the US have long since done whatever damage is going to be done in respect of warfighting, crime or drug potential. This line of reasoning leads to the conclusion that our policies only inhibit legitimate commerce, but have little impact on the other concerns expressed. As in all such controversy, there is often some truth on both sides. The National Institutes of Standards and Technology (NIST), has offered alternative digital signature capability. Technical assessments of the alternative have turned up weaknesses, in the opinions of some experts. There is not yet an alternative to DES, unless it is to be found in NSA's Commercial Crypto Evaluation Program (CCEP) in which NSA proposes to provide algorithms which are implemented in hardware by industry and made available for civilian use. As I understand this program, NSA does not intend to release any details of the algorithms, leaving open questions about the nature and strength of the technology. Some experts will persist in the belief that such offerings have weaknesses which are deliberately built in and hidden (so-called "Trojan Horses") which will allow the agency to "break" any messages protected by this means. The critics complained loudly that the reasoning behind the design of certain parts of the DES algorithm (specifically the "S-boxes") was never made public and therefore that the algorithm was suspect. In fact, the DES has proven to be very strong - indeed, it may be that very fact which makes it so unpalatable in some quarters to permit its unrestricted export. It may be that the CCEP technology offered is satisfactory, but this is hard to tell without knowing more about its provenance. Presuming the wide availability of both DES and RSA technology, it seems to me appropriate and timely to re-examine US export control policy regarding these two algorithms. In all probability, any such review will require some classified testimony which will have to be heard in confidence by cleared members of your committee. I sincerely hope that the outcome will be favorable to use by US industry in international commerce, but even if the outcome results in continuation of present policy, it is timely to make such a review, in my opinion. Sincerely, Vinton G. Cerf ------- End of Forwarded Message From ebrandt at jarthur.Claremont.EDU Tue Apr 13 20:31:51 1993 From: ebrandt at jarthur.Claremont.EDU (Eli Brandt) Date: Tue, 13 Apr 93 20:31:51 PDT Subject: Encrypted Cordless phones In-Reply-To: <930414002026_72114.1712_FHF79-1@CompuServe.COM> Message-ID: <9304140331.AA27969@toad.com> > Both phones have all the usual advanced features like auto-redial > and such. Neither company's literature tells what encryption > technology they uses. It doesn't much matter; they're using ten- and sixteen-bit keys. Assuming it takes some 50 ms to tell voice from the white noise that a failed attempt will generate, a brute-force attack on these systems should take under a minute and an hour respectively, worst-case. This is hardly rock-solid security; it looks like it rests mostly on nobody reverse-engineering their algorithm. > S a n d y Eli ebrandt at jarthur.claremont.edu From 74076.1041 at CompuServe.COM Tue Apr 13 23:38:45 1993 From: 74076.1041 at CompuServe.COM (Hal) Date: Tue, 13 Apr 93 23:38:45 PDT Subject: REMAIL: Positive Reputations Now! Message-ID: <930414063404_74076.1041_FHD59-1@CompuServe.COM> -----BEGIN PGP SIGNED MESSAGE----- There's been a lot of talk on news.admin.policy about ways of handling abusive or illegal anonymous posts. One proposal is to restrict posts from certain people, but this will fail if multiple remailers allowing chaining become available. I had an idea for another way of filtering anonymous posts which might be achievable with current news software. It would require some work by the remailer operators, though. We have talked here about positive reputations as a filtering method. A positive reputation would basically be a recommendation by some respected person that a particular poster is worth listening to. If posts could be marked with such recommendations, people could set up their news software to filter out non-recommended anonymous posts. This would be a way of distinguishing between those who want to post anonymously just for privacy, and those who want to harrass or abuse others. Current news software doesn't provide for such reputations. But there were suggestions being made at one time for a standard way of marking anonymous posts. One idea was to give them a unique identifier in the "Distribution" field of "anon". I gather that this would require a little modification of major news distribution sites to honor this distribution but from what I understand the changes needed are not major. My idea is to implement positive reputations at the source which is in the best position to provide them: the remailer operator. Applying the distribution idea, posts which were from people on a "good guys list" would be posted from the remailer with a specific distribution that identifies them as such. Anonymous posts from people not on the list would get a different identification. In order to verify that posts were really from who they claimed, they would have to be PGP (or RIPEM or PEM) signed. The list would actually be a list of keys rather than a list of user ID's. People would get on the list by asking the remailer operator, perhaps by pointing to some of their posts which were responsible. People would be removed from the list at the remailer operator's discretion, presumably when they posted objectionable messages. The advantage of this system is that it introduces, in a limited way, the idea of positive reputations. It fits into the current killfile system so that people easily offended can avoid seeing most offensive anonymous posts. It encourages the use of encryption software on the part of people who want to post anonymously and get a good reputation. And the only difficult software requirements are in the remailing/posting software; everybody else just runs the current SW. Now, since I don't run a remailing/posting service, I am in the rather embarrassing position of offering a "solution" which requires somebody else to do the work. I would be very willing to help with the software requirements for recognizing incoming PGP signed messages and looking up keys in a database. The actual maintenance of the good posters list would take some time and energy on the part of the operator. But perhaps this would not be that much more than the other activities involved. And it would have the advantage that it would point out a new direction for the net, towards a system where privacy and responsibility can coexist. Hal Finney 74076.1041 at compuserve.com -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK8uFMqgTA69YIUw3AQFqswQAhx/GN/qg4Jx6Ggqh8Rmt6Lta1iN82dOQ gAAkEwcgJsMuvEjtcgRFkHxxW6uCF/8m2kLU3HUA8lnT94BR5TJc/0K5xH05gKhH NvU+74sCxIV68ef+0pz1X9TzC1E7tUxAhJKPQ80li1QFsBw5yATzuh1UHeDIk/5O 7yyVS8AGQFc= =RyI6 -----END PGP SIGNATURE----- From gg at well.sf.ca.us Wed Apr 14 03:20:16 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Wed, 14 Apr 93 03:20:16 PDT Subject: Encrypted Cordless phones Message-ID: <199304141019.AA21841@well.sf.ca.us> And also.... Radio Shack just entered the market with a cordless which uses frequency inversion. That's analog... Probably can be broken in less than a minute, even by amateurs who know how to solder. About 1986 or so, a certain state agency ordered some expensive walkie-talkies which were supposed to be secure against protesters with scanners. Guess what? Analog frequency inversion. And in fact, with a little practice, you can listen to inverted speech directly and make sense of it. From huntting at advtech.uswest.com Wed Apr 14 08:42:16 1993 From: huntting at advtech.uswest.com (Brad Huntting) Date: Wed, 14 Apr 93 08:42:16 PDT Subject: alt.whistleblowers In-Reply-To: <9304140125.AA16266@metal.psu.edu> Message-ID: <9304141542.AA19694@futureworld.advtech.uswest.com.advtech.uswest.com> > 1) Kick it around on alt.config. I think this is the best option. news.groups is (mostly) for standard "usenet" hierarchies (e.g. misc.whisleblowers). If you mention "discussed in alt.config" in your newgroup I think you will get much better reception. brad From wcs at anchor.ho.att.com Wed Apr 14 10:46:44 1993 From: wcs at anchor.ho.att.com (wcs at anchor.ho.att.com) Date: Wed, 14 Apr 93 10:46:44 PDT Subject: FWEE! Re: alt.whistleblowers Message-ID: <9304141746.AA27675@anchor.ho.att.com> > Kick it around on alt.config >> Just do it .... The problem is that alt.whistleblowers is technically more complex than just creating an alt.group and having one anon.poster site - we need to resolve issues of secure mail standards (e.g. should the system use RIPEM or just PGP, are there any non-US sites with RIPEM so that non-US anon.poster sites can use it, should there be multiple anon.sites and should they do remailing between them, etc.) Otherwise we may end up with a single point of failure, and if it's any good, it will at least get its mail watched, if it doesn't get raided - traffic analysis is important here. Are we only going to use anon.posting sites, or are forged postings also going to be an acceptable technique? Do we at least need to publish a guide to forging mail headers so your mail to the anon.poster can appear to come from kremvax or whitehouse.com? Let's try to get a good idea of what we want to do before dropping it into alt.config. Bill Stewart -- This isn't the 8th Dimension, we're somewhere over New Jersey From rclark at nyx.cs.du.edu Wed Apr 14 14:02:36 1993 From: rclark at nyx.cs.du.edu (Robert W. F. Clark) Date: Wed, 14 Apr 93 14:02:36 PDT Subject: WARNING: Forward of unposted alt.config message Message-ID: <9304142104.AA19705@nyx.cs.du.edu> I am sending this here _prior_ to posting it to give advance warning; responses received have varied on the methods of creation of the group, but have largely tended toward a consensus that it is wise to have some sort of discussion period; in addition, I have chosen a cross-post to those groups most likely to have an interest in creating the group, and if this results in a flamewar in alt.config, so be it. After I tally the votes and they vastly outnumber the NOs I will create the newsgroup without further delay. I just wish for people to clarify; sorry if you missed it, but this is going out in four hours exactly to the aforementioned newsgroups. I will implement all important suggestions mailed to me by that time, including alteration of procedural points, wording changes, alteration of Newsgroups: line, etc. I will also delay posting if valid and immediate concerns are brought to light; however, since I leave the major axes: Moderated or unmoderated, length of discussion period, length of voting period, open for discussion, it should not be a disaster if it goes out in its current form. Join the discussion, and if you like the idea, PLEASE send a YES vote only WHEN the Call for Votes is posted. Additionally, suggestions for additions/deletions of Newsgroups from the crosspost, or a more appropriate place to redirect replies, or any suggestions whatever will be adopted if suitable. If you have no interest in the privacy issue, please type 'd' now. ---- Newsgroups: alt.config, alt.privacy, alt.privacy.anon-server, soc.motss, alt.sex, alt.sex.bestiality, alt.drugs, comp.protocols.tcp-ip.eniac Followup-to: alt.config Subject: Call for discussion: alt.whistleblower In light of the current debate concerning whether anonymous posting can serve a useful purpose, I propose the immediate experiment of creating a group which shall provide a genuinely useful service to the public. This newsgroup is to be called alt.whistleblower, and is for the purpose of allowing those who might otherwise be unwilling to come forward to provide information about the illegal activities of government agencies, large corporations and similar malefactors without fear of illegal reprisals against them. The need for this group is evident in light of the extreme usefulness of information concerning the behavior of the governing bodies of the United States, and the large number of government employees and corporate employees with access to the Internet and anonymous posting services. This group could also include reports of illegal discrimination by those who fear reprisal if they reveal their names, information concerning safety issues by those who know that their company is releasing an unsafe or dangerous product, or defrauding customers by dishonest and illegal means. Considering the immediate need for this newsgroup in light of those who, in many cases, provide services for a fee and then provide an inadequate service by cutting their downstream sites from reading anything that the service-provider deems is inappropriate, I request a waiver of procedure in this matter and that, if significant interest is present and seems to form a general consensus, it shall be accepted that I revise and present a prospectus for this newsgroup and a call for votes on a date no sooner than seven days from this initial posting and no later than ten days after the call for discussion. Procedural points concerning the length of the voting period are to be addressed in the public discussion, and anyone wishing to send anonymous mail should forward it to me. This newsgroup is necessary and of great potential use, as those of you with a legitimate need for privacy know well. If you value your privacy, let us discuss this wisely and equitably in order to reach a consensus. Whether this newsgroup is to be moderated or unmoderated, whether the name is appropriate or another hierarchy would be preferable, and all procedural points are to be decided based on the general consensus. I realize there will be those who will oppose the creation of this newsgroup on the oft-cited grounds that "Anyone who needs privacy must be hiding something." This is true; however, in our society there are many things which need to be revealed as well as many things which need to be concealed. I believe that a corollary truism could be applied to those who oppose the notion of public privacy. "Anyone who fears privacy must be hiding something." Let the discussion begin. Final note: Do NOT, repeat, NOT send votes until I post a "Call for Votes" at the end of the discussion period. The length of the discussion period may be increased if some drastic occurrence requires it, but I'm planning to post it in one week. Vote then. I thank you for your consideration in this matter. ---- "Occasionally an honest man is sent to the legislature." Mark Twain rclark at nyx.cs.du.edu PGP key available by mail or finger rclark at metal.psu.edu From clark at metal.psu.edu Wed Apr 14 15:10:20 1993 From: clark at metal.psu.edu (Clark Reynard) Date: Wed, 14 Apr 93 15:10:20 PDT Subject: FWEE! Re: alt.whistleblowers Message-ID: <9304142306.AA01506@metal.psu.edu> This would come into play as something necessary only after the creation of the group, and at least the anonymous posting part of it is already being studied by others, for entirely different reasons. And, in addition, the method of posting will be determined by the nature of the group itself, which is only determinable after a period of discussion. For which alt.config is as suitable a place for discussion as this mailing list. In fact, the newsgroup is better, since we'll be getting feedback from the Enemy as well. A fogware (not quite vaporware) FAQ could be provided at a moment's notice, simply containing an explanation of the newsgroup and its purpose (which would be a slightly modified carbon copy of the Call for Votes; more vaporware), the list of anonymous remailers at soda.berkeley.edu, and perhaps some cullings from more cogent postings regarding the anonymity issue. Then, as FAQs actually appear, it can be expanded. I am capable of doing this at least for the next few months, and probably longer. Once the newsgroup, which I think would be unmoderated by its very nature, or moderated in something of the same way as alt.hackers, except that the accepted moderator-list would consist of any anonymous remailer on the list in the FAQ (this, I couldn't do, since I don't maintain the anonymous remailer list and couldn't be guaranteed of getting it right). In any case, I think that having it unmoderated and not doing anything but posting a FAQ every week should take care of it. It's an unusual newsgroup idea, but in execution it should be similar to existing newsgroups. In any case, I think that beginning the discussion is appropriate; if the specs for the newsgroup are to be changed, they can always be changed before the posting of the Call for Votes, when everything becomes Locked in Stone. ---- Robert W. Clark rclark at nyx.cs.du.edu PGP signature available by mail or finger From ebrandt at jarthur.Claremont.EDU Wed Apr 14 15:10:46 1993 From: ebrandt at jarthur.Claremont.EDU (Eli Brandt) Date: Wed, 14 Apr 93 15:10:46 PDT Subject: WARNING: Forward of unposted alt.config message In-Reply-To: <9304142104.AA19705@nyx.cs.du.edu> Message-ID: <9304142210.AA23480@toad.com> > From: rclark at nyx.cs.du.edu (Robert W. F. Clark) > Join the discussion, and if you like the idea, PLEASE send a YES > vote only WHEN the Call for Votes is posted. Is there some reason to run a CFV and all that on this proposed alt group? Looks to me as if the usual creation procedure should work fine for this group. > Newsgroups: [...] alt.sex.bestiality, alt.drugs, comp.protocols.tcp-ip.eniac Chuckle. Eli ebrandt at jarthur.claremont.edu From trump at pluto.ee.cua.edu Wed Apr 14 15:27:16 1993 From: trump at pluto.ee.cua.edu (Louis Edward Trumpbour) Date: Wed, 14 Apr 93 15:27:16 PDT Subject: ..... Message-ID: <9304142228.AA08551@pluto.ee.cua.edu> ok well i am sure that there are a lot of people out there that want to learn how to do basic cypher/decyphering... so i think it would be nice if people gave their knowledge on how to do decryption... even if its very very basic and perhaps a faq could be made out of this info... Clovis From kinney at spot.Colorado.EDU Wed Apr 14 17:58:52 1993 From: kinney at spot.Colorado.EDU (KINNEY WILLIAM H) Date: Wed, 14 Apr 93 17:58:52 PDT Subject: alt.whistleblowers Message-ID: <199304150058.AA21866@spot.Colorado.EDU> Some comments on alt.whistleblowers from an (up to now) lurker. In brief, this strikes me as being a very foolish idea. In detail: -- Does anyone really think this is going to have much of an effect on anything? My suspicion is that a forum providing unlimited ability for people to anonymously post undocumented accusations against powerful people will be summarily ignored, not just by the targets of the accusations, but by everybody else with an actual life. There seems to be no discussion of the biggest weakness of this idea: the expected signal to noise ratio. This accomplishes nothing if it is overrun by, say, Kennedy asassination loons. It doesn't seem wise to me for the Cypherpunks' first major public act to be something this pointless and ill-conceived. Ok. Suppose I'm wrong about the above, and this thing works like people seem to think it will. -- The tools available to accomplish this task (PGP, remailers, anon servers) are certainly impressive, but I really don't think they're well developed enough yet to give cause for much confidence in taking on the government and the entire U.S. corporate sector in a frontal assault. -- Is this really in line with the purpose of the Cypherpunks? To quote from the charter "Cypherpunks write code. They know that someone has to write code to defend privacy, and since it's their privacy, they're going to write it. Cypherpunks publish their code so that their fellow cypherpunks may practice and play with it. Cypherpunks realize that security is not built in a day and are patient with incremental progress." I like this paragraph, and what it says to me is that (a) people are, in the end, responsible for their OWN security and need to be made to realize this, and (b) PATIENCE is the most important prerequisite for success. Both of these principles are being violated by the hasty creation of alt.whistleblowers. This has nothing to do with enabling people to independently achieve data security, and it shows no patience whatsoever. Wouldn't everybody be better served by quiet, patient development and distribution of tools, instead of a huge juvenile "FUCK YOU!" to people who could really care less? Let's not piss away a solid foundation with cheap theatrics. -- Will "Getting people to fight by letting the force of momentum work is like rolling logs and rocks. Logs and rocks are still when in a secure place, but roll on an incline; they remain stationary if square, they roll if round. Therefore, when people are skillfully led into battle, the momentum is like that of round rocks rolling down a high mountain -- this is force." -- Sun Tzu *** PGP PUBLIC KEY AVAILABLE BY FINGER From mdiehl at triton.unm.edu Wed Apr 14 18:10:50 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Wed, 14 Apr 93 18:10:50 PDT Subject: decryption request. In-Reply-To: <9304142228.AA08551@pluto.ee.cua.edu> Message-ID: <9304150110.AA14652@triton.unm.edu> > ok well i am sure that there are a lot of people out there that want to learn > how to do basic cypher/decyphering... so i think it would be nice if people > gave their knowledge on how to do decryption... even if its very very basic > and perhaps a faq could be made out of this info... Well, you took the words right out of my fingers! ;^) I was going to post the same request myself. So....any offers? Thanx in advance. +-----------------------+-----------------------------+---------+ | J. Michael Diehl ;-) | I thought I was wrong once. | PGP KEY | | | But, I was mistaken. |available| | +-----------------------------+---------+ | mdiehl at triton.unm.edu | "I'm just looking for the opportunity | | mike.diehl at fido.org | to be Politically Incorrect! | | (505) 299-2282 | | +-----------------------+---------------------------------------+ From rclark at nyx.cs.du.edu Wed Apr 14 19:02:53 1993 From: rclark at nyx.cs.du.edu (Robert W. F. Clark) Date: Wed, 14 Apr 93 19:02:53 PDT Subject: alt.whistleblowers In-Reply-To: <199304150058.AA21866@spot.Colorado.EDU> Message-ID: <9304150204.AA03482@nyx.cs.du.edu> > Some comments on alt.whistleblowers from an (up to now) lurker. In brief, > this strikes me as being a very foolish idea. Perhaps it is; this is why I'm sending it out for discussion instead of just newgrouping it. > -- Does anyone really think this is going to have much of an effect on > anything? My suspicion is that a forum providing unlimited ability > for people to anonymously post undocumented accusations against > powerful people will be summarily ignored, not just by the targets > of the accusations, but by everybody else with an actual life. There > seems to be no discussion of the biggest weakness of this idea: the > expected signal to noise ratio. This accomplishes nothing if it is > overrun by, say, Kennedy asassination loons. It doesn't seem wise to me > for the Cypherpunks' first major public act to be something this > pointless and ill-conceived. Actually, it is more my act, which I decided upon based on memes I received partially from this list; the cypherpunks, if they do choose to support the idea, will do it individually; and, as yet, I have not had the arrogance to make a public announcement to the effect that the cypherpunks made this action. My name only is attached to this; no praise, no blame. > Ok. Suppose I'm wrong about the above, and this thing works like people > seem to think it will. Well, it might not; there are a number of potential hurdles, like the possibility that it will turn into a mindless narc fest; my personal opinion as to this is that I would prefer to leave the group unmoderated, but with an _option_ to moderate if the worst occurs. Of _course_ this will be abused, but I believe that it will also be used. This will provide an empirical basis for our principles. Success or failure will determine whether hypotheses need to be revised, or if they do, in fact, have predictive capability. > -- The tools available to accomplish this task (PGP, remailers, anon servers) > are certainly impressive, but I really don't think they're well developed > enough yet to give cause for much confidence in taking on the government > and the entire U.S. corporate sector in a frontal assault. Well, if people are careful, and don't log in to an anonymous server _from_ an account with their name, but from an anonymous dataswitch, all Bell or the Department of Housing and Urban Development would know is that someone who works for them posted this anonymous message; which they knew already. Of course, anything beyond the first posting would be tracable if someone really wanted to do it, but what would it prove, unless they traced it to that person? Another possibility is to go primitive and use snailmail, digitize images and data or type in by hand. Without very specific reasons, opening U S Mail is not condoned. > -- Is this really in line with the purpose of the Cypherpunks? To quote from > the charter >["Cypherpunks write code" paragraph from FAQ] > I like this paragraph, and what it says to me is that (a) people > are, in the end, responsible for their OWN security and need to be made > to realize this, and (b) PATIENCE is the most important prerequisite > for success. Both of these principles are being violated by the > hasty creation of alt.whistleblowers. This has nothing to do with > enabling people to independently achieve data security, and it shows > no patience whatsoever. You may be right. I may not be orthodox cypherpunk. However, with the proliferation of retroactive posting cancellation of anonymous posts, I believe it is possible to be patient to so great an extent that one calmly and rationally discusses a situation until the moment when action would have been useful has passed; in other words, you've discussed battle strategy until the enemy's won. > Wouldn't everybody be better served by quiet, patient development and > distribution of tools, instead of a huge juvenile "FUCK YOU!" to people > who could really care less? Let's not piss away a solid foundation with > cheap theatrics. Again, I believe that you _can_ be quiet and develop tools. It is good that this is being done by _somebody_. However, I take issue with your assertion that a formal Request for Discussion, worded in a non-inflammatory manner, is a juvenile "FUCK YOU!" If you doubt this, check out the RFD when it appears in news.announce.newgroups. What little temperature was in it was deleted; I spent about three hours implementing the suggestions of others and cut the verbiage by a half. I do not see how this can damage what foundation we have; essentially a few software packages and an ideology. However, to protect from just this occurence, I did not present my viewpoints as cypherpunk viewpoints in the announcement, merely as my own. The word 'cypherpunk' does not occur anywhere in the article. If cypherpunks wish to discuss this group, why it would be a good or bad idea, or if it would be better-named, it may be discussed. If it is decided that the idea should be shelved, then so be it. I, and we, shall bide our time, and create it as an alt.group in the meantime. Very likely, at least in the beginning, privacy will be provided by the person who wishes to have it, and that person will take responsibility for the consequence of his or her actions. Check out the discussion. Let the net decide. ---- Robert W. Clark rclark at nyx.cs.du.edu PGP signature available by mail or finger From ld231782 at longs.lance.colostate.edu Wed Apr 14 22:27:19 1993 From: ld231782 at longs.lance.colostate.edu (ld231782 at longs.lance.colostate.edu) Date: Wed, 14 Apr 93 22:27:19 PDT Subject: alt.whistleblowers In-Reply-To: <199304150058.AA21866@spot.Colorado.EDU> Message-ID: <9304150527.AA21340@longs.lance.colostate.edu> >Some comments on alt.whistleblowers from an (up to now) lurker. In brief, >this strikes me as being a very foolish idea. > My suspicion is that a forum providing unlimited ability > for people to anonymously post undocumented accusations against > powerful people will be summarily ignored, not just by the targets > of the accusations, but by everybody else with an actual life. Mr. Kinney's comments annoy me tremendously. They bespeak a lukewarm, lackadaisical, and wishwashy view of something of extreme importance. Frankly, it bothers me that it has taken this long just to get the whistleblower group going. I don't think anything is being accomplished by delaying newsgroup creation. It just gives people who are enemies more time to mount a concerted attack against this new blip in the status quo. Where is your trademark cypherpunk fanaticism, Mr. Kinney? Do you wear a suit and tie and go to endless meetings debating the relative merits of implementing a given policy? Where is your passion? Where is your *impatience*? Where is your frustration that nothing seems to be happening? The point is that these things will start out unpolished and become refined. But they don't become refined by people debating their theoretical implications in a vacuum. They get refined when problems *arise* from *use*. That is the place where unforeseen merits and demerits are discovered (the unanticipated ones discovered in practice, I assure you, are always the most significant). Julf's server is a beautiful example of the evolution of an unrefined idea into a practical and increasingly sophisticated reality. It alarms me tremendously that word leaked out about the whistleblower group at the Freedom and Privacy conference (attended by such luminaries as e.g. D. Denning, and don't ask what the D. stands for); and that a former C.I.A. official has ideas on how to filter out the "noise". I find this quite nauseating. The greatest inventions are not the result of people who sought to reduce risks. It is precisely this risktaking (and yes, somewhat cavalier attitude) that produces the breakthrough! > The tools available to accomplish this task (PGP, remailers, anon servers) > are certainly impressive, but I really don't think they're well developed > enough yet to give cause for much confidence in taking on the government > and the entire U.S. corporate sector in a frontal assault. We are all playing with toys right now in the hope that they become entrenched and refined. Which they will, inevitably! Because they are good ideas! (Time is the universe's mechanism for rewarding good ideas!) Yesterday's Apple II is today's Quadra. Paved roads started out as rocky dirt paths, and in retrospect they look quaint, but they progressed because they were well-trodden. People just used them. If you think that new technology starts out any other way, then I'm impressed with your naivete... >-- Is this really in line with the purpose of the Cypherpunks? To quote from > the charter well, let me put it this way--if it isn't virtually the essence of Cypherpunkhood (challenging entrenched, ineffective, mediocre, bloated, or even corrupt and sinister authority through revolutionary new technology) then what is? What is your vision? Or do you prefer not to have one because they are so inconvenient and uncomfortable to pledge allegiance to, to nourish and sustain? Because they force you to rethink some of your most beloved and rooted prejudices? Because they require such devotion and sacrifice? > PATIENCE is the most important prerequisite > for success. patience has its place *after* all possible means for advancement have been employed. This `patience' thing of yours seems to me like a euphemism for `chill out'. Patience is for saints. Impatience is for humans. Agitation is for cypherpunks. >Wouldn't everybody be better served by quiet, patient development and >distribution of tools, instead of a huge juvenile "FUCK YOU!" to people >who could really care less? Let's not piss away a solid foundation with >cheap theatrics. Is that your perception of this project? Do you think that the creation of the newsgroup is equivalent to advocating that statement? Where do you find such animosity? How is it that something so intrinsically neutral such as creating a newsgroup be twisted into an act of evil rebellion and subversion? Is it possible that you should be embarrassed by reading a bit more into cypherpunks than is there? Is it possible that you have some agenda we don't know about? The whistleblower newsgroup will be quite like any other newsgroup. There will be plenty of noise and unverifiable froth and fizz. We will work toward trying to improve that content, but it is always a case of `caveat emptor'. It is a ridiculously impossible ideal to attain of having a group with only the `truth' posted. We are not setting out to replace the entire world government today (although, as for *tomorrow*...) I think the freedom in posting is the very essence of the whistleblower group. I think it might be interesting to promote the idea of different groups, each with different levels of verifiability. The lowest level would have completely unverified claims and *totally* free posting (esp. anonymity). Higher groups would have more important mechanisms to ensure the quality of the information (moderation, prerequisites to posting, digital signatures, etc.) I imagine that the verifiable and meritorious claims would tend to "rise" to higher groups where people with much higher reputations toss around the data. (Actually, I can imagine all of Usenet of the future working like this, with various `tiers' that people can pick at will. People into totally rabid free speech can subscribe to the raw unfiltered stuff, and at the other end of the spectrum, all the PC academics into diversity but no offensiveness to sensitive sensibilities can subscribe to the groups where a few happy-sunny-whee messages slip through a day...) p.s. I hate to jab a self-admitted lurker so bluntly, but this reminds me of Lincoln's advice that ``it is better to be silent and thought a fool than to speak up and remove all doubt''... Mr. Kinney, maybe we should call you back in a few years when everything is commercialized, corporate, conservative, and soulless enough for your tastes. From internaut at aol.com Thu Apr 15 03:31:51 1993 From: internaut at aol.com (internaut at aol.com) Date: Thu, 15 Apr 93 03:31:51 PDT Subject: FWEE!: alt.prematurity Message-ID: <9304150631.tn01219@aol.com> */ Ladies & Germs, /* Certain cpunks have called for the immediate establishment of alt.whistleblowerson Usenet. I have noted a certain respect for engineering matters in these notes, but a lack of acknowledgement for the "other" business involved in setting up a serious whistleblower service. I beg your attention for a moment whilst I toss in my two cents: As I am the person doing some of the legwork to establish the body of Users/Subscribers for the alt.wb service (in my spare time), I would like to request that this action NOT be taken at this time. I am as anxious as anyone to see this become a reality, but I have learned over the years that both information services and sex can be ruined by prematurity. You're welcome to screw up your sex lives by cumming in your pants too soon, but PLEASE don't give saddle this potentially IMPORTANT information service a huge birth defect by putting it out before I am ready. There, I've admitted it, I am not ready yet (nor are the Users). If it flies before I can set up the org's that will take advantage of it, it would not be a good thing, IMHO. I have mentioned prematurity before this and have been roundly ignored, to my chagrin. Alas... I am not suggesting that we can't begin exPERimenting in SOME way to get the technology right, but I AM saying that we have a LOT of work to do if we want this service to mean anything. On the other hand, if we're just a bunch of engineers jacking off over our ideas, and not true crusaders trying to invent a new method for busting sniveling government weasel-embezzelers, then who am I to stop y'all? Gee, Dave, just _why_ is it a bad idea right now? - Not enough people are educated enough to use it. I have spoken with Congressional staffers, media people and several activist orgs. They all need either email accounts, PGP software and some readme files (or all three) before they can take advantage of any WB info. They're not even sure how to approach the issue of verification and we'll have to help them with this concept. Imagine Picasso pitching the wonders of Assymetry to an audience of People Who've Never Heard of Painting. - We haven't figured out who'll be polled to send in msgs and exactly HOW we'll offer them some sort of anonymity and what they need to do afterward. It should be a select group at first, but we have not established the guidelines for this service. Putting it out without any kind of guidelines could be disastrous. This is the Trusted Reputation Issue. Please do not underestimate this. - Not a single cpunk has yet submitted any suggestions to me for the Guidelines as I have asked twice. Not one person. Do that first, O Verbose Ones! After we build such a document and have prominent people (such as Nicholas Johnson, former FCC head under L.B.Johnson - "eh... no relation") sign statements of support based on it (as discussed before, with I think, nearly unanimous approval), then we can more _safely_ proceed. Have you heard of the Declaration of Independence? They prepared that document well, got all their Ducks in a Row and it's lasted for over 200 years. How many decades do you think a good WB system could last/evolve for? I ask only that you engage your long-range vision for a moment. - Except for good ol' John Gilmore, no one has sent me their pubkey for the list of volunteers after I publicly requested same some weeks back. Belly up to the Bar, Dewds. - ? There are other excellent reasons to keep it in our collective pants for a while, but if THESE don't convince you, then perhaps I am asking the wrong group of folks to help get this started properly. I suggest that we set up a dummy area and begin to conduct some experiments ala Tim May's F117A bogus post. Hopefully, this will allow our more impatient members to spew to their heart's delight while the rest of us continue with the legwork and phonework to give it social armor. Anybody can put a box out on the street and say "everybody put your complaints in here," but it takes some real thinkers to put out a serious whistleblower system. Lastly, I ask your forgiveness for all my sins... dave PS: Only kiddin', I never sin. Well, hardly ever these days. Well, pretty often then, but I keep it to a few times a day. OK, well, maybe hourly, but I'm really acting in the best interest of everyone. OK, I lied, I sin and sin and sin every second of my existence. ...So sue me! From meyer at mcc.com Thu Apr 15 11:47:50 1993 From: meyer at mcc.com (Peter Meyer) Date: Thu, 15 Apr 93 11:47:50 PDT Subject: Decryption In-Reply-To: <9304142228.AA08551@pluto.ee.cua.edu> Message-ID: <19930415184700.2.MEYER@OGHMA.MCC.COM> Date: Wed, 14 Apr 1993 17:28 CDT From: trump at pluto.ee.cua.edu (Louis Edward Trumpbour) ok well i am sure that there are a lot of people out there that want to learn how to do basic cypher/decyphering... so i think it would be nice if people gave their knowledge on how to do decryption... even if its very very basic and perhaps a faq could be made out of this info... Clovis sci.crypt has recently put out a FAQ (at last). I forget where it's ftp-able from but there's always someone on sci.crypt asking where the FAQ is, and it gets reposted from time to time. There are lots of ways to encrypt/decrypt/cryptanalyze. The sci.crypt FAQ lists some books on the subject. Would-be cryptanalysts could take a look at Abraham Sinkov's "Elementary Cryptanalysis, A Mathematical Approach", published by The Mathematical Association of America, 1966. -- Peter Meyer From hal at alumni.cco.caltech.edu Thu Apr 15 14:08:16 1993 From: hal at alumni.cco.caltech.edu (Hal Finney) Date: Thu, 15 Apr 93 14:08:16 PDT Subject: Chaining to Julf's remailer Message-ID: <9304152107.AA16806@alumni.cco.caltech.edu> On news.admin.policy, a 'nym' called Nowhere, Man called somebody an asshole and told them to fuck off. Someone objected, and Nowhere responded: > You're right, and I'm really sorry if my insults got somebody bent out > of shape. I just think some people deserve to get flamed once in a while. > Also, the mail return address doesn't work becuase this message goes therough > a chain of other remailers before it gets to JUlf's base. So netnews is > the only way to get messages to me. Hey, maybe there should be a board > just for messages to nyms. Crypted, even. How about it, news.admin.policy > phreaks, should we put it to a vote? Nowhere, Man . Apparently it is in fact possible to chain remailers now. I assume that he is chaining through cypherpunks remailers into penet. I'm curious to know which remailer is being used for this purpose? Perhaps we could add a description of how to do this to the documentation. My guess is that "Nowhere" reads this list. Hal From ORNTS188 at ksuvxb.kent.edu Thu Apr 15 15:12:28 1993 From: ORNTS188 at ksuvxb.kent.edu (ORNTS188 at ksuvxb.kent.edu) Date: Thu, 15 Apr 93 15:12:28 PDT Subject: Q&A DataBase Message-ID: <01GX1S55DSEA0005UJ@ksuvxb.kent.edu> Hello All, does anyone know much about the this program? I would like to be able to pick the passwords out of the database file. In this program (Q&A) the database can be set up so that users have limeted access to different areas of the files. I just got the code and doc files for WP hack, and they were great. I am still going thur the code. Well thanks Red :) From pmetzger at lehman.com Thu Apr 15 15:30:38 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Thu, 15 Apr 93 15:30:38 PDT Subject: Q&A DataBase In-Reply-To: <01GX1S55DSEA0005UJ@ksuvxb.kent.edu> Message-ID: <9304152230.AA22243@snark.shearson.com> ORNTS188 at ksuvxb.kent.edu says: > Hello All, does anyone know much about the this program? > I would like to be able to pick the passwords out of the database file. > In this program (Q&A) the database can be set up so that users have lim eted access to different areas of the files. I just got the code and doc files > for WP hack, and they were great. I am still going thur the code. Pardon, but what does this have to do with Cypherpunks? Perry From grady at netcom.com Thu Apr 15 16:46:44 1993 From: grady at netcom.com (1016/2EF221) Date: Thu, 15 Apr 93 16:46:44 PDT Subject: SOURCE to Macintosh PGP 2.2 released Message-ID: <9304152346.AA07957@netcom.netcom.com> Complete Symantec THINK C 5.0.4 source code including projects and user documentation is available via anonymous FTP from: netcom.com [192.100.81.100] in directory pub/grady file is type ASCII, Compact Pro .sea processed with BinHex 4.0. MGET MacPGP2.2src.sea.hqx MGET MacPGP2.2srcSIGNATURE HQX file is digitally signed by me; verification of signature via public key servers or by phone. Please distribute this code widely -- read the READ ME file included with the package. From rclark at nyx.cs.du.edu Thu Apr 15 20:22:07 1993 From: rclark at nyx.cs.du.edu (Robert W. F. Clark) Date: Thu, 15 Apr 93 20:22:07 PDT Subject: WARNING: Pointer article to soc.whistleblowers debate Message-ID: <9304160323.AA06370@nyx.cs.du.edu> The news software has been activated. David Tale has accepted the article, sans a paragraph specifying a procedural point (which I didn't think would fly, anyway) and bagging alt.sex and alt.drugs from the discussion, but keeping many others; I think if I hadn't put those two in, he might have knocked out a few I was serious about. So, in any case, the article, in a modified form, partially by me and partially by Tale, is now posted to news.announce.newgroups, and the debate shall begin shortly. Those of you who consider this newsgroup a beneficial and good thing, and who wish to discuss its implementation and name and other germane issues, should immediately go to news.groups and begin posting like lunatics. Those of you who consider this newsgroup a menace to society should go to news.groups and post scathing articles about my sexual preferences. (Humor, of course.) In any case, I have not identified myself as a cypherpunk or, for that matter, as an Extropian, not having the boundless arrogance to presume that cypherpunks all share my opinion of the methods of implementing this; so those of you who do agree with me, or disagree only on procedural points, should post your opinion; people have a larger tendency to vote YES when they think others agree with them. Also try to avoid excessively inflammatory postings (on the order of "You fucking moron, how DARE you disagree with me."), as these will tend to garner a bunch of NOs. I don't mean be a total schmuck and bend over backwards for a flaming, but flame back in a constructive spirit and without senseless _ad hominem_ attacks. I hope that this group can be created with as little sturm and drang as possible, but if it _does_ require sturm OR drang OR both, heat may need to be applied. Again, post whether or not you agree. And don't send votes yet, of course. I'll just junk them, according to net.law. If the cypherpunks wish to present this as a cypherpunk issue, or if individuals wish to support it as individuals, feel free. I'm not going to attach the name 'cypherpunk' to it myself because, not to be rude, it would further politicize an already highly-politicized issue. However, if we'd be more effective as THE DREADED Extropians/Cypherpunks bloc, which I don't think is necessarily the case, feel free. It's not my net. Apologies are extended for the lengthy crosspost, but it shall be the last crosspost; further discussion ought to occur in news.groups. And battle plans in cypherpunks, if we even need battle plans. With any luck, there won't be a battle. If we sneak this in by acclamation without a flamewar or controversy, we're ENTRENCHED. NOBODY can stop us, or any other people who could utilize this most valuable resource. But I'm not holding my breath on that one. Although I cross-posted mainly to groups with a large population of potential YES voters, and ignored, say, news admin hangouts, those who would oppose this are sure to find out about it; but I think we can muster sufficient political clout to pass this. Me? I'm currently going to enlist some old friends from talk.bizarre. . . Don't worry, they're not the current crop but the same crowd that passed comp.protocols.tcp-ip.eniac. I'll ask for as little inflammatory material as possible, like I did here, but I don't want this to become any more of a flamewar than necessary, and, again and for the last time, would prefer it didn't end up that way at all. End of crosspost. We now return you to your regular round of discussing radix sorts and monozygotic recessives. Thank you. ---- Robert W. Clark rclark at nyx.cs.du.edu PGP signature available by mail or finger From 74076.1041 at CompuServe.COM Thu Apr 15 22:13:49 1993 From: 74076.1041 at CompuServe.COM (Hal) Date: Thu, 15 Apr 93 22:13:49 PDT Subject: ANON: Chaining to Penet remailer Message-ID: <930416050708_74076.1041_FHD24-1@CompuServe.COM> Well, after a fair amount of experimentation I have learned who the mysterious an10757 at anon.penet.fi is. It's me. Or, more specifically, it is my remailer operating at hal at alumni.caltech.edu. If you send mail from this remailer to anon.penet.fi for posting or remailing it is identified as comin from an10757, the same address used in the post by "Nowhere, Man". This address is different from the address I get if I just send to ping at anon.penet.fi from that account. I think the reason is that the mail sent from the remailer is identified as comin from "nobody" instead of "hal" in the From: field. This causes Julf's remailing software to assign a different anonymous ID. I don't see any problems with this (not right away, anyway) and in fact it seems to me to be a desirable feature. I think we should document this for people who want to use the Penet remailer for posting, in a more untraceable way. Send mail to either: hal at alumni.caltech.edu (posts as an10757 at anon.penet.fi) hfinney at shell.portal.com (posts as an19579 at anon.penet.fi) Have as the first lines of your message: :: Request-Remailing-To: anon at anon.penet.fi X-Anon-To: news.admin.policy Follow this with a blank line, then your message. Put whatever newsgroups you like (separated by commas) after X-Anon-To. This method of posting does not allow you to receive replies. I have set "nicknames" for these two accounts as "Untraceable account" which will appear in the "From" line on the postings. Hopefully that will offer a clue that the normal reply mechanism doesn't work. Maybe the nickname should say so more explicitly? I believe this approach would work with most of the other Cypherpunks remailers. The one thing for remailer operators to watch out for is what is put in the From: line when the remailer sends it. You want it to be different from your regular account name or else your anonymous ID will be used for all messages through that remailer. Naturally, this is vulnerable to abuse. If "Nowhere" or someone else continues to post obscenities and flames then Julf may have to block off all of our cypherpunks remailers, which would be unfortunate. Until there are more remailers I think anonymous posters need to continue to exercise some self- restraint. Hal From ebrandt at jarthur.Claremont.EDU Fri Apr 16 02:00:58 1993 From: ebrandt at jarthur.Claremont.EDU (Eli Brandt) Date: Fri, 16 Apr 93 02:00:58 PDT Subject: ANON: Chaining to Penet remailer In-Reply-To: <930416050708_74076.1041_FHD24-1@CompuServe.COM> Message-ID: <9304160900.AA04650@toad.com> > From: Hal <74076.1041 at CompuServe.COM> > This method of posting does not allow you to receive replies. I have set > "nicknames" for these two accounts as "Untraceable account" which will appear > in the "From" line on the postings. Hopefully that will offer a clue that > the normal reply mechanism doesn't work. Maybe the nickname should say so > more explicitly? You'd better make it quite clear that replies will not work. The consequences of misunderstanding here is that somebody's missive to an apparent penet user ends up in your remailer machine's postmaster's mailbox. This is not good; it's an unexpected breach of privacy, and it will tick off the sysadmin if it continues to happen. It's happened at least once -- I did it. Fortunately, my message to "NOWHERE, MAN" was about netiquette, not 'shrooms. Nothing to cause your postmaster's jaw to drop, but it could have been. The security provided by this technique could be provided without the IMHO serious disadvantage of having no return address. Eric's hybrid approach, where a pseudonym server hands mail to an remailer chain, is secure (barring sophisticated traffic analysis) if you trust the last remailer in the chain. Julf, have you thought about whether you want to do something like this? > Hal Eli ebrandt at jarthur.claremont.edu From kinney at spot.Colorado.EDU Fri Apr 16 07:13:24 1993 From: kinney at spot.Colorado.EDU (KINNEY WILLIAM H) Date: Fri, 16 Apr 93 07:13:24 PDT Subject: Proposal for anon chaining Message-ID: <199304161412.AA09006@spot.Colorado.EDU> Recent traffic on anonymous remailers/servers: >From: Eli >> From: Hal <74076.1041 at CompuServe.COM> >> This method of posting does not allow you to receive replies. I have set >> "nicknames" for these two accounts as "Untraceable account" which will appear > >in the "From" line on the postings. Hopefully that will offer a clue that > >the normal reply mechanism doesn't work. Maybe the nickname should say so >> more explicitly? > > >The security provided by this technique could be provided without >the IMHO serious disadvantage of having no return address. Eric's >hybrid approach, where a pseudonym server hands mail to an remailer >chain, is secure (barring sophisticated traffic analysis) if you >trust the last remailer in the chain. Julf, have you thought about >whether you want to do something like this? > Hal Here's an idea I haven't seen suggested before, which would remove the need for a pseudonym server: The way things stand now, chaining Cypherpunk remailers works by nesting PGP encryptions of the form *********** message text *********** If you want to chain remailers, you encrypt the above, make IT the new message text, and then add another header, and so on until you get bored. My proposal is for a modification of this protocol to allow for pseudonymous return mail addresses, like this: The trick would be to separate the message text from the remailer routing information, in a message of the form *********** ROUTING INFORMATION *********** *********** MESSAGE TEXT *********** where both blocks are encrypted with PGP. The message text would be encrypted with the PGP public key of the intended final recipient of the message, and would not be modified by the intermediate anon remailers. The routing information would be for the benefit of the remailers only. It would be created by the RECIPIENT and made publicly available as a pseudonymous mail address. It would work like this: Suppose user foo at bar.com wishes to establish a pseudonymous identity, and wants to route it through anon remailers "anon1" and "anon2". What he does is take a message of the form :: Request-Remailing-To: foo at bar.com and encrypts it with server anon1's PGP public key, to create . Then he adds another header to make :: Request-Remailing-To: anon1 and encrypts THIS with anon2's public key to make , and adds a header to make :: Request-Remailing-To: anon2 Obviously, this procedure can be nested to arbitrary depth, chaining through as many anon servers as you like. The trick is that this address block can be made PUBLIC, since the only way to unwind the routing is to have access to the secret keys of all the intermediate anon servers, and the identity of the recipient is protected. foo at bar.com then anonymously posts a PGP public key and a routing block to some public forum, and people can communicate with him without having any idea as to his actual identity. When I want to send a message to him, I encrypt the message with his provided public key, and then add the encrypted routing header, which he has also provided. I give him my own pseudonymous mail routing header to allow him to reply. This seems to me to be a very robust pseudonymous mail system which could be implemented by relatively minor changes to the existing Cypherpunk remailer structure. It has the additional advantage of being decentralized and maintenance-free. It could be used for pseudonyms on net news, e-mail, wherever, and could presumably be integrated in some way into Julf's anon server. Comments? -- Will From pmetzger at lehman.com Fri Apr 16 09:03:13 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Fri, 16 Apr 93 09:03:13 PDT Subject: Dorothy Denning's friends strike Message-ID: <9304161602.AA27246@snark.shearson.com> To: cypherpunks at toad.com, libernet at dartmouth.edu, extropians at gnu.ai.mit.edu [Libernet readers -- please do not follow up on libernet, as it is only for announcements. All readers -- please do not CC lists you are not on with replies.] According to a front page article in today's New York Times, the Clinton Administration is going to be releasing a standard encryption technology that commercial users will be encouraged to adopt that involves having the government keep copies of "back door" keys associated with every device deployed. The article is entitled, with unintentional irony, "Communications Plan to Balance Government Access with Privacy". The article indicates that the move is "inteded to resolve a long standing dilema[...] how to preserve the legitimate right for businesses and citizens to use codes [...] without letting criminals and terrorists conspire beyond the reach of the law". The implications are obvious. Perry Metzger From jthomas at coconut.mitre.org Fri Apr 16 09:27:24 1993 From: jthomas at coconut.mitre.org (Joe Thomas) Date: Fri, 16 Apr 93 09:27:24 PDT Subject: Proposal for anon chaining Message-ID: <9304161626.AA02630@coconut> KINNEY WILLIAM H writes: > Recent traffic on anonymous remailers/servers: > > >From: Eli > >> From: Hal <74076.1041 at CompuServe.COM> > >> This method of posting does not allow you to receive replies. I have set > >> "nicknames" for these two accounts as "Untraceable account" which will appear > > >in the "From" line on the postings. Hopefully that will offer a clue that > > >the normal reply mechanism doesn't work. Maybe the nickname should say so > >> more explicitly? > > > > > >The security provided by this technique could be provided without > >the IMHO serious disadvantage of having no return address. Eric's > >hybrid approach, where a pseudonym server hands mail to an remailer > >chain, is secure (barring sophisticated traffic analysis) if you > >trust the last remailer in the chain. Julf, have you thought about > >whether you want to do something like this? > > > Hal > > Here's an idea I haven't seen suggested before, which would remove the need > for a pseudonym server: > > [Description of chain-encrypted header info, separated from message text] > > This seems to me to be a very robust pseudonymous mail system which > could be implemented by relatively minor changes to the existing Cypherpunk > remailer structure. It has the additional advantage of being decentralized > and maintenance-free. It could be used for pseudonyms on net news, e-mail, > wherever, and could presumably be integrated in some way into Julf's > anon server. > Yes, this would seem to be the way to do this, and this type of nested-encrypted routing information is what I was referring to as an "SASE" in my front-end/back-end anonymous posting design. There are some drawbacks, however. Traffic analysis by watching a remailer's feed, and seeing messages come in and go back out is much easier, since the message _text_ is unchanged from one remailer to the next. In fact, however, such traffic analysis is not difficult with the present system, since message lengths can be used to correlate messages going in and out, and the remailers aren't getting enough traffic to do much internal "mixing" to avoid obvious FIFO behavior. The obvious solutions are a remailing protocol that supports padding out messages to a few "standard" lengths, and increasing the remailer traffic, perhaps with dummy messages. But this doesn't help in the above case, when routing information is separate from message text, and not known to the sender (except for the first hop). One possible solution relies on the fact that each remailer must know the next hop a message will take. When the remailer is forwarding mail with separately encrypted header information, it will append some random bits to the message, then encrypt it with the next remailer's public key. (Note that if the appending of random bits is skipped, the system provides no security against traffic analysis, since the adversary can simply try encrypting incoming messages with various remailers' public keys, then watch to see if that message comes back out). I've got some more ambitious ideas for this (encrypted return addresses as a MIME content-type?), but I think the version outlined above could be implemented pretty easily, although I admit I haven't really read through the remailer scripts. I'll take a crack at it as soon as I get my Linux box (a couple weeks) if people think it's a good idea. Joe From tcmay at netcom.com Fri Apr 16 09:38:00 1993 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 16 Apr 93 09:38:00 PDT Subject: White House announcement on encryption--FORWARDED Message-ID: <9304161638.AA19495@netcom3.netcom.com> Cypherpunks, Here's a message from sci.crypt that's of relevance to us in several ways. I assume from its length, seriousness, and wording that it's not a spoof...I can't check the White House's signature! Some messages: 1. It tells us what Denning and Rivest were probably actually working on when they floated their "trial balloons" last summer and fall. 2. A goverment-sanctioned phone encryption technique has implications for the phone encryption topics we've discussed at the Cypherpunks meetings (notably with Paul Rubin and Whit Diffie). 3. As always, end-to-end encryption, bypassing such schemes as this, is looking better and better. 4. It is not clear if the government scheme will legally preclude other encryption schemes. 5. I expect a lively debate will soon take place in sci.crypt. Newsgroups: sci.crypt Path: netcom.com!netcomsv!decwrl!uunet!dove!csrc.ncsl.nist.gov!clipper From: clipper at csrc.ncsl.nist.gov (Clipper Chip Announcement) Subject: text of White House announcement and Q&As on clipper chip encryption Message-ID: Sender: news at dove.nist.gov Organization: National Institute of Standards & Technology Distribution: na Date: Fri, 16 Apr 1993 15:19:06 GMT Lines: 282 Note: This file will also be available via anonymous file transfer from csrc.ncsl.nist.gov in directory /pub/nistnews and via the NIST Computer Security BBS at 301-948-5717. --------------------------------------------------- THE WHITE HOUSE Office of the Press Secretary _________________________________________________________________ For Immediate Release April 16, 1993 STATEMENT BY THE PRESS SECRETARY The President today announced a new initiative that will bring the Federal Government together with industry in a voluntary program to improve the security and privacy of telephone communications while meeting the legitimate needs of law enforcement. The initiative will involve the creation of new products to accelerate the development and use of advanced and secure telecommunications networks and wireless communications links. For too long there has been little or no dialogue between our private sector and the law enforcement community to resolve the tension between economic vitality and the real challenges of protecting Americans. Rather than use technology to accommodate the sometimes competing interests of economic growth, privacy and law enforcement, previous policies have pitted government against industry and the rights of privacy against law enforcement. Sophisticated encryption technology has been used for years to protect electronic funds transfer. It is now being used to protect electronic mail and computer files. While encryption technology can help Americans protect business secrets and the unauthorized release of personal information, it also can be used by terrorists, drug dealers, and other criminals. A state-of-the-art microcircuit called the "Clipper Chip" has been developed by government engineers. The chip represents a new approach to encryption technology. It can be used in new, relatively inexpensive encryption devices that can be attached to an ordinary telephone. It scrambles telephone communications using an encryption algorithm that is more powerful than many in commercial use today. This new technology will help companies protect proprietary information, protect the privacy of personal phone conversations and prevent unauthorized release of data transmitted electronically. At the same time this technology preserves the ability of federal, state and local law enforcement agencies to intercept lawfully the phone conversations of criminals. A "key-escrow" system will be established to ensure that the "Clipper Chip" is used to protect the privacy of law-abiding Americans. Each device containing the chip will have two unique 2 "keys," numbers that will be needed by authorized government agencies to decode messages encoded by the device. When the device is manufactured, the two keys will be deposited separately in two "key-escrow" data bases that will be established by the Attorney General. Access to these keys will be limited to government officials with legal authorization to conduct a wiretap. The "Clipper Chip" technology provides law enforcement with no new authorities to access the content of the private conversations of Americans. To demonstrate the effectiveness of this new technology, the Attorney General will soon purchase several thousand of the new devices. In addition, respected experts from outside the government will be offered access to the confidential details of the algorithm to assess its capabilities and publicly report their findings. The chip is an important step in addressing the problem of encryption's dual-edge sword: encryption helps to protect the privacy of individuals and industry, but it also can shield criminals and terrorists. We need the "Clipper Chip" and other approaches that can both provide law-abiding citizens with access to the encryption they need and prevent criminals from using it to hide their illegal activities. In order to assess technology trends and explore new approaches (like the key-escrow system), the President has directed government agencies to develop a comprehensive policy on encryption that accommodates: -- the privacy of our citizens, including the need to employ voice or data encryption for business purposes; -- the ability of authorized officials to access telephone calls and data, under proper court or other legal order, when necessary to protect our citizens; -- the effective and timely use of the most modern technology to build the National Information Infrastructure needed to promote economic growth and the competitiveness of American industry in the global marketplace; and -- the need of U.S. companies to manufacture and export high technology products. The President has directed early and frequent consultations with affected industries, the Congress and groups that advocate the privacy rights of individuals as policy options are developed. 3 The Administration is committed to working with the private sector to spur the development of a National Information Infrastructure which will use new telecommunications and computer technologies to give Americans unprecedented access to information. This infrastructure of high-speed networks ("information superhighways") will transmit video, images, HDTV programming, and huge data files as easily as today's telephone system transmits voice. Since encryption technology will play an increasingly important role in that infrastructure, the Federal Government must act quickly to develop consistent, comprehensive policies regarding its use. The Administration is committed to policies that protect all Americans' right to privacy while also protecting them from those who break the law. Further information is provided in an accompanying fact sheet. The provisions of the President's directive to acquire the new encryption technology are also available. For additional details, call Mat Heyman, National Institute of Standards and Technology, (301) 975-2758. --------------------------------- QUESTIONS AND ANSWERS ABOUT THE CLINTON ADMINISTRATION'S TELECOMMUNICATIONS INITIATIVE Q: Does this approach expand the authority of government agencies to listen in on phone conversations? A: No. "Clipper Chip" technology provides law enforcement with no new authorities to access the content of the private conversations of Americans. Q: Suppose a law enforcement agency is conducting a wiretap on a drug smuggling ring and intercepts a conversation encrypted using the device. What would they have to do to decipher the message? A: They would have to obtain legal authorization, normally a court order, to do the wiretap in the first place. They would then present documentation of this authorization to the two entities responsible for safeguarding the keys and obtain the keys for the device being used by the drug smugglers. The key is split into two parts, which are stored separately in order to ensure the security of the key escrow system. Q: Who will run the key-escrow data banks? A: The two key-escrow data banks will be run by two independent entities. At this point, the Department of Justice and the Administration have yet to determine which agencies will oversee the key-escrow data banks. Q: How strong is the security in the device? How can I be sure how strong the security is? A: This system is more secure than many other voice encryption systems readily available today. While the algorithm will remain classified to protect the security of the key escrow system, we are willing to invite an independent panel of cryptography experts to evaluate the algorithm to assure all potential users that there are no unrecognized vulnerabilities. Q: Whose decision was it to propose this product? A: The National Security Council, the Justice Department, the Commerce Department, and other key agencies were involved in this decision. This approach has been endorsed by the President, the Vice President, and appropriate Cabinet officials. Q: Who was consulted? The Congress? Industry? A: We have on-going discussions with Congress and industry on encryption issues, and expect those discussions to intensify as we carry out our review of encryption policy. We have briefed members of Congress and industry leaders on the decisions related to this initiative. Q: Will the government provide the hardware to manufacturers? A: The government designed and developed the key access encryption microcircuits, but it is not providing the microcircuits to product manufacturers. Product manufacturers can acquire the microcircuits from the chip manufacturer that produces them. Q: Who provides the "Clipper Chip"? A: Mykotronx programs it at their facility in Torrance, California, and will sell the chip to encryption device manufacturers. The programming function could be licensed to other vendors in the future. Q: How do I buy one of these encryption devices? A: We expect several manufacturers to consider incorporating the "Clipper Chip" into their devices. Q: If the Administration were unable to find a technological solution like the one proposed, would the Administration be willing to use legal remedies to restrict access to more powerful encryption devices? A: This is a fundamental policy question which will be considered during the broad policy review. The key escrow mechanism will provide Americans with an encryption product that is more secure, more convenient, and less expensive than others readily available today, but it is just one piece of what must be the comprehensive approach to encryption technology, which the Administration is developing. The Administration is not saying, "since encryption threatens the public safety and effective law enforcement, we will prohibit it outright" (as some countries have effectively done); nor is the U.S. saying that "every American, as a matter of right, is entitled to an unbreakable commercial encryption product." There is a false "tension" created in the assessment that this issue is an "either-or" proposition. Rather, both concerns can be, and in fact are, harmoniously balanced through a reasoned, balanced approach such as is proposed with the "Clipper Chip" and similar encryption techniques. Q: What does this decision indicate about how the Clinton Administration's policy toward encryption will differ from that of the Bush Administration? A: It indicates that we understand the importance of encryption technology in telecommunications and computing and are committed to working with industry and public-interest groups to find innovative ways to protect Americans' privacy, help businesses to compete, and ensure that law enforcement agencies have the tools they need to fight crime and terrorism. Q: Will the devices be exportable? Will other devices that use the government hardware? A: Voice encryption devices are subject to export control requirements. Case-by-case review for each export is required to ensure appropriate use of these devices. The same is true for other encryption devices. One of the attractions of this technology is the protection it can give to U.S. companies operating at home and abroad. With this in mind, we expect export licenses will be granted on a case-by-case basis for U.S. companies seeking to use these devices to secure their own communications abroad. We plan to review the possibility of permitting wider exportability of these products. -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. From 74076.1041 at CompuServe.COM Fri Apr 16 09:56:19 1993 From: 74076.1041 at CompuServe.COM (Hal) Date: Fri, 16 Apr 93 09:56:19 PDT Subject: ANON: Chaining suggestions Message-ID: <930416165143_74076.1041_FHD34-1@CompuServe.COM> Will Kinney suggests a form of anonymous return address in which "Request-Remailing-To" headers are nested and encrypted, then used for addressing. This is a fine idea, Will, but we're way ahead of you on this. This approach has been used ever since we added encryption to the remailers. Karl Barrus even wrote a script specifically for constructing anonymous addresses like this. It's available from the Cypherpunks ftp site. (soda.berkeley.edu, /pub/cypherpunks. I think the file is something like "scripts.tar".) The problem with this in practice is, first, that the return address block is rather large, especially if more than one level of nesting is used (often 10, 20 lines or more); and second, that it does not lend itself to automatic use of the "reply" function. Instead, the replier has to cut and paste this block of text from the message he's replying to and put it in the right place in his own message. And he has to be instructed in how to do this. (Karl's script adds the instructions when it creates the return address.) This is pretty complicated. This is why Eli suggested (based on suggestions from Eric Hughes) that at least Julf's remailer be enhanced so instead of just mapping, say, an12345 to joe at foo.com, it would map to a Cypherpunks return address of the type Will is describing - a block of encrypted text. People could then have the convenience of automatic replies to an12345 along with the security of a chained address. I don't think the idea quite works in this form, since I don't see how messages to Julf get translated to an12345. Presumably only messages from one specific user should get posted under this ID (the user whose address is buried in the encrypted return address to which Julf's remailer will forward replies). Perhaps another set of commands is needed to tell the remailer what ID to use to post under. By the time you do this much I don't think that what you have bears much resemblence to Julf's current software. I am stymied in doing experimentation in this area by one fundamental problem. I do not have the power to create user ID's on any systems which I use, so I can't create pseudonym accounts. I have tried various tricks. For example, I sent mail with a "Reply-To:" of "hal at alumni.caltech.edu (Pseudonym 12345)". I hoped that if someone did a reply to this mail, it might come to me with that whole field in the "To" line, and I could then parse it for the pseudonym number. That didn't work on the particular reply mailer that I used; it stripped the comment field in parentheses. The one other idea I've had is to put something at the beginning of the Subject: line, so if the user remailed a message with a Subject: of "How's it going, Jack?" it would actually go out as "Subject: (P12345) How's it going, Jack?". Then when they reply it will probably come back as "Subject: Re: (P12345) How's it going, Jack?" or something similar, and I can parse for the (Pxxxxx). This might work pretty often but munging the Subject line is bad for news posting since a lot of news readers sort by subject line. I could put the (Pxxxxx) at the end but it might get truncated? Maybe not. I wonder if anyone knowledgable in mail systems could suggest a relatively robust way of setting up outgoing headers so that return mail will (A) come back to me (hal at alumni.caltech.edu in this case) and (B) be marked in some unique way that would let me do a pseudonym mapping. Any ideas would be appreciated. Hal Finney 74076.1041 at compuserve.com From ebrandt at jarthur.Claremont.EDU Fri Apr 16 10:17:12 1993 From: ebrandt at jarthur.Claremont.EDU (Eli Brandt) Date: Fri, 16 Apr 93 10:17:12 PDT Subject: Proposal for anon chaining In-Reply-To: <199304161412.AA09006@spot.Colorado.EDU> Message-ID: <9304161717.AA15797@toad.com> > From: KINNEY WILLIAM H > The routing information would be for the benefit of the remailers only. > It would be created by the RECIPIENT and made publicly available as a > pseudonymous mail address. It would work like this: ... > This seems to me to be a very robust pseudonymous mail system which > could be implemented by relatively minor changes to the existing Cypherpunk > remailer structure. This appears to be the ARA system that was previously suggested, which I was speaking of using with penet. Your comment that changes would be needed implies that it is different; if so, could you clarify the difference? The reason Eric suggested hanging this off the side of a pseudonym server is that it is rather inconvenient in its pure form, particularly for unsophisticated users. It involves a thirty-line block of cruft, cutting and pasting... ideally your MUA would handle everything, but this isn't going to happen soon. Grafting this onto a nymserver as a return address gives you the ease of use of something like penet, without having to maintain a central nym<--->name mapping. > -- Will Eli ebrandt at jarthur.claremont.edu From ld231782 at longs.lance.colostate.edu Fri Apr 16 11:02:29 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Fri, 16 Apr 93 11:02:29 PDT Subject: FWEE!: The Counterrevolutionaries Strike Back In-Reply-To: <9304150631.tn01219@aol.com> Message-ID: <9304161802.AA25932@longs.lance.colostate.edu> [internaut] >As I am the person doing some of the legwork to establish the body of >Users/Subscribers for the alt.wb service (in my spare time), I would like to >request that this action NOT be taken at this time. I am as anxious as anyone >to see this become a reality, but I have learned over the years that both >information services and sex can be ruined by prematurity. > >There, I've admitted it, I am not >ready yet (nor are the Users). If you think that you are the whistleblower moderator, fine. Be one. But we need a completely unmoderated group. If you think you have any right to hold up an unmoderated group to squeeze through your own bottleneck, please go elsewhere. I admire and appreciate your work to gain mainstream acceptance of this group. But we have a great deal to lose through `premature' publicizing this project. Anonymous servers, if they hadn't been `sneaked on' to the net, would probably be specifically banned if news and network administrators were forewarned of their presence. Now I see an awful lot of backpeddling and fence-hopping by these hypocrites on e.g. news.admin.policy who say ``Oh gee, we think anonymity is *great*, we just want to control where you can use it.'' If it weren't for pioneering and underground cypherpunk work in this area, I believe the statement would be ``that issue was brought up, and they have been specifically banned from the network because anonymity is worthless and only for cowards and criminals.'' You are talking to many people (i.e. bureacrats and legislators) who may be totally displaced and bypassed (i.e. lose illegitimate power) by this service. There are a great many people you are talking to, I think, whose every interest is to totally castrate the project of any `offensiveness'. I think you are trying to operate on a much more respectable level than is possible currently. That level can only be attained by a gradual evolution of the medium, starting with something rather crude, kludgy, and unsophisticated. >Not enough people are educated enough to use it. we are not trying to get everyone in the U.S. to understand how this works immediately. This is an impossible goal. Your efforts amount to singlehandedly educating the public about the Internet. To most, the idea of a worldwide bulletin board is mindboggling enough. If you wait until everybody and his grandma know what you are talking about, I'll be dead by then. If you wait until every legislator and bureacrat understands it, the earth will have crumbled before you finish. There are plenty of sophisticated people who can benefit from this *immediately*. We are starting something with training wheels. If we were IBM we would be doing it like you have in mind, an incredible backroom strategizing effort before a massive and highly publicized public rollout with great hype and fanfare. But we are not IBM. We are cypherpunks. We are the silent underground who slips radical new conquests past people before they even realize it. Anything less is too formal, fragile, and lifeless. We are not waiting for you to come out with your Press Kit before this thing starts. >- We haven't figured out who'll be polled to send in msgs and exactly HOW >we'll offer them some sort of anonymity and what they need to do afterward. polled? sounds like an election, like something democratic, like something that can be twisted by a misguided majority. Again, you sound like you are looking for a group with high quality control. Unfortunately, I think this goal is largely antithetical the essential spirit of the whistleblower idea. The whistleblower is alone and isolated, almost by definition. Your ideas on filtering incoming messages, gained from those you've talked to, sound rather naive and dangerous to me. You're welcome to set up all these mechanisms outside of a *totally*free* group and `ride' on the traffic therein. But don't ever propose tampering with that traffic in a centralized fashion. You will be badly burned. >Not a single cpunk has yet submitted any suggestions to me for the >Guidelines as I have asked twice. Not one person. Do that first, O Verbose >Ones! I think a FAQ posted to the group is an excellent idea. In fact I am considering putting one up here. But if the group hasn't even been created yet, we have nowhere to post. The FAQ should come as soon as possible, but *after* the creation of the group. And if there are a lot of conflicting demands on a single group, than a FAQ that everyone agrees to would be impossible to come up with amidst all the objections. I just don't get it. This is a group like any other. Why do you think the whole international public has to be prepared for its creation by you personally? People have to judge for themselves what to post, and how reliable the mechanisms are. Sure, we will give the facts on the security of the medium in the FAQ. But if they don't trust it (and there will be plenty of reasons not to) then they shouldn't risk it. If anywhere else there should be less content restrictions and our overseeing `recommendations' (i.e. dictations) on postings. >Have you heard >of the Declaration of Independence? They prepared that document well, got all >their Ducks in a Row and it's lasted for over 200 years. How many decades do >you think a good WB system could last/evolve for? I ask only that you engage >your long-range vision for a moment. There was an interim government prior to the passage of this document. And there was enormous haggling over the content of it, with many compromises. The document is not perfect. There are flaws and cracks that have poked through after 200 years. Do you think our judicial system is as effective as possible? Do you think our legislative system is the most representative of people's expectations of and directives to their subservient government? Do you think our government today truly represents, in all ways, the intentions of its founders? Do you think they considered all possible scenarios? Do you think they would not want to make some minor adjustments or major changes after seeing 200 years pass from their noble experiment? Do you think that anything that is dynamic can be static? Our democratic system, at the time of its inception, was almost radically experimental. The broad commitment to state and human rights, to the exclusion of federal ones, was quite flabbergasting to the slaves of the European model... >Anybody can put a box out on the street and say "everybody put your >complaints in here," but it takes some real thinkers to put out a serious >whistleblower system. Look at everything that is efficient in the world, and you will see that it is so because of *independently operating* components, with minimized centralized control. When you want to get on your car and go somewhere, you don't submit any proposals to a government agency for a Transportation Plan. The capitalist system works (and certain others, which shall remain nameless, have failed) precisely because everybody pursues and uses money *independently*. If they have an idea how to run a business, they just start one (with great hassle from government regulations). Usenet works because every server keeps abreast of all articles *independently*. Message transmission on the internet is so reliable because virtually an infinite number of routing pathways exist that a message can take, avoiding any obstacles, each component performing its job *independently*. Now, let me hear again how you want us to submit all our public keys to you, submit the group guidelines for your personal perusal (and presumably veto), and wait for all your congressional friends to understand the concept? And how this will ultimately lead to an ideal and robust system? You simply don't understand. This idea is bigger than you, it is bigger than me. Anyone who tries to wrap themselves completely around it will explode from the pressure. This system will *grow* *itself* to become extremely sophisticated and respected. Let us not smother the sapling with misguided preconceptions for nourishment. >There are other excellent reasons to keep it in our collective pants for a >while, but if THESE don't convince you, then perhaps I am asking the wrong >group of folks to help get this started properly. `Let's' start a mailing group for `nambypambypunks'. `We'll' get George ``Wouldn't be Prudent at this Juncture'' Bush to join. In fact, `we' better even start it until `we're' sure he likes the idea. p.s. cypherpunks, I certainly don't claim to speak for the group as a whole (such a task would be impossible no matter *what* is said) but I am becoming a bit disenchanted and disillusioned with some of the opinions expressed herein. Is it just that the weasels are more vocal? From dmandl at shearson.com Fri Apr 16 12:03:03 1993 From: dmandl at shearson.com (David Mandl) Date: Fri, 16 Apr 93 12:03:03 PDT Subject: Phil Zimmerman on the Radio Message-ID: <9304161840.AA17929@tardis.shearson.com> FYI, for those of you in the NYC area, I'm going to be conducting a brief interview with Phil Zimmerman (author of PGP) on my radio show tomorrow to discuss the recent NSA/Big Brother crypto developments (see the front page of today's New York Times). WFMU, East Orange, NJ, 91.1 FM. My show airs from noon-3:00 local time, and the interview will start at around 1:00. N.B.: I will NOT be taping the show, so I can't make tapes for anyone. Anyone else listening is free to make copies and do whatever they want with them, of course. --Dave. From gnu Fri Apr 16 12:24:26 1993 From: gnu (John Gilmore) Date: Fri, 16 Apr 93 12:24:26 PDT Subject: White House press release on encryption policy Message-ID: <9304161924.AA18313@toad.com> Note: This file will also be available via anonymous file transfer from csrc.ncsl.nist.gov in directory /pub/nistnews and via the NIST Computer Security BBS at 301-948-5717. --------------------------------------------------- THE WHITE HOUSE Office of the Press Secretary _________________________________________________________________ For Immediate Release April 16, 1993 STATEMENT BY THE PRESS SECRETARY The President today announced a new initiative that will bring the Federal Government together with industry in a voluntary program to improve the security and privacy of telephone communications while meeting the legitimate needs of law enforcement. The initiative will involve the creation of new products to accelerate the development and use of advanced and secure telecommunications networks and wireless communications links. For too long there has been little or no dialogue between our private sector and the law enforcement community to resolve the tension between economic vitality and the real challenges of protecting Americans. Rather than use technology to accommodate the sometimes competing interests of economic growth, privacy and law enforcement, previous policies have pitted government against industry and the rights of privacy against law enforcement. Sophisticated encryption technology has been used for years to protect electronic funds transfer. It is now being used to protect electronic mail and computer files. While encryption technology can help Americans protect business secrets and the unauthorized release of personal information, it also can be used by terrorists, drug dealers, and other criminals. A state-of-the-art microcircuit called the "Clipper Chip" has been developed by government engineers. The chip represents a new approach to encryption technology. It can be used in new, relatively inexpensive encryption devices that can be attached to an ordinary telephone. It scrambles telephone communications using an encryption algorithm that is more powerful than many in commercial use today. This new technology will help companies protect proprietary information, protect the privacy of personal phone conversations and prevent unauthorized release of data transmitted electronically. At the same time this technology preserves the ability of federal, state and local law enforcement agencies to intercept lawfully the phone conversations of criminals. A "key-escrow" system will be established to ensure that the "Clipper Chip" is used to protect the privacy of law-abiding Americans. Each device containing the chip will have two unique 2 "keys," numbers that will be needed by authorized government agencies to decode messages encoded by the device. When the device is manufactured, the two keys will be deposited separately in two "key-escrow" data bases that will be established by the Attorney General. Access to these keys will be limited to government officials with legal authorization to conduct a wiretap. The "Clipper Chip" technology provides law enforcement with no new authorities to access the content of the private conversations of Americans. To demonstrate the effectiveness of this new technology, the Attorney General will soon purchase several thousand of the new devices. In addition, respected experts from outside the government will be offered access to the confidential details of the algorithm to assess its capabilities and publicly report their findings. The chip is an important step in addressing the problem of encryption's dual-edge sword: encryption helps to protect the privacy of individuals and industry, but it also can shield criminals and terrorists. We need the "Clipper Chip" and other approaches that can both provide law-abiding citizens with access to the encryption they need and prevent criminals from using it to hide their illegal activities. In order to assess technology trends and explore new approaches (like the key-escrow system), the President has directed government agencies to develop a comprehensive policy on encryption that accommodates: -- the privacy of our citizens, including the need to employ voice or data encryption for business purposes; -- the ability of authorized officials to access telephone calls and data, under proper court or other legal order, when necessary to protect our citizens; -- the effective and timely use of the most modern technology to build the National Information Infrastructure needed to promote economic growth and the competitiveness of American industry in the global marketplace; and -- the need of U.S. companies to manufacture and export high technology products. The President has directed early and frequent consultations with affected industries, the Congress and groups that advocate the privacy rights of individuals as policy options are developed. 3 The Administration is committed to working with the private sector to spur the development of a National Information Infrastructure which will use new telecommunications and computer technologies to give Americans unprecedented access to information. This infrastructure of high-speed networks ("information superhighways") will transmit video, images, HDTV programming, and huge data files as easily as today's telephone system transmits voice. Since encryption technology will play an increasingly important role in that infrastructure, the Federal Government must act quickly to develop consistent, comprehensive policies regarding its use. The Administration is committed to policies that protect all Americans' right to privacy while also protecting them from those who break the law. Further information is provided in an accompanying fact sheet. The provisions of the President's directive to acquire the new encryption technology are also available. For additional details, call Mat Heyman, National Institute of Standards and Technology, (301) 975-2758. - - --------------------------------- QUESTIONS AND ANSWERS ABOUT THE CLINTON ADMINISTRATION'S TELECOMMUNICATIONS INITIATIVE Q: Does this approach expand the authority of government agencies to listen in on phone conversations? A: No. "Clipper Chip" technology provides law enforcement with no new authorities to access the content of the private conversations of Americans. Q: Suppose a law enforcement agency is conducting a wiretap on a drug smuggling ring and intercepts a conversation encrypted using the device. What would they have to do to decipher the message? A: They would have to obtain legal authorization, normally a court order, to do the wiretap in the first place. They would then present documentation of this authorization to the two entities responsible for safeguarding the keys and obtain the keys for the device being used by the drug smugglers. The key is split into two parts, which are stored separately in order to ensure the security of the key escrow system. Q: Who will run the key-escrow data banks? A: The two key-escrow data banks will be run by two independent entities. At this point, the Department of Justice and the Administration have yet to determine which agencies will oversee the key-escrow data banks. Q: How strong is the security in the device? How can I be sure how strong the security is? A: This system is more secure than many other voice encryption systems readily available today. While the algorithm will remain classified to protect the security of the key escrow system, we are willing to invite an independent panel of cryptography experts to evaluate the algorithm to assure all potential users that there are no unrecognized vulnerabilities. Q: Whose decision was it to propose this product? A: The National Security Council, the Justice Department, the Commerce Department, and other key agencies were involved in this decision. This approach has been endorsed by the President, the Vice President, and appropriate Cabinet officials. Q: Who was consulted? The Congress? Industry? A: We have on-going discussions with Congress and industry on encryption issues, and expect those discussions to intensify as we carry out our review of encryption policy. We have briefed members of Congress and industry leaders on the decisions related to this initiative. Q: Will the government provide the hardware to manufacturers? A: The government designed and developed the key access encryption microcircuits, but it is not providing the microcircuits to product manufacturers. Product manufacturers can acquire the microcircuits from the chip manufacturer that produces them. Q: Who provides the "Clipper Chip"? A: Mykotronx programs it at their facility in Torrance, California, and will sell the chip to encryption device manufacturers. The programming function could be licensed to other vendors in the future. Q: How do I buy one of these encryption devices? A: We expect several manufacturers to consider incorporating the "Clipper Chip" into their devices. Q: If the Administration were unable to find a technological solution like the one proposed, would the Administration be willing to use legal remedies to restrict access to more powerful encryption devices? A: This is a fundamental policy question which will be considered during the broad policy review. The key escrow mechanism will provide Americans with an encryption product that is more secure, more convenient, and less expensive than others readily available today, but it is just one piece of what must be the comprehensive approach to encryption technology, which the Administration is developing. The Administration is not saying, "since encryption threatens the public safety and effective law enforcement, we will prohibit it outright" (as some countries have effectively done); nor is the U.S. saying that "every American, as a matter of right, is entitled to an unbreakable commercial encryption product." There is a false "tension" created in the assessment that this issue is an "either-or" proposition. Rather, both concerns can be, and in fact are, harmoniously balanced through a reasoned, balanced approach such as is proposed with the "Clipper Chip" and similar encryption techniques. Q: What does this decision indicate about how the Clinton Administration's policy toward encryption will differ from that of the Bush Administration? A: It indicates that we understand the importance of encryption technology in telecommunications and computing and are committed to working with industry and public-interest groups to find innovative ways to protect Americans' privacy, help businesses to compete, and ensure that law enforcement agencies have the tools they need to fight crime and terrorism. Q: Will the devices be exportable? Will other devices that use the government hardware? A: Voice encryption devices are subject to export control requirements. Case-by-case review for each export is required to ensure appropriate use of these devices. The same is true for other encryption devices. One of the attractions of this technology is the protection it can give to U.S. companies operating at home and abroad. With this in mind, we expect export licenses will be granted on a case-by-case basis for U.S. companies seeking to use these devices to secure their own communications abroad. We plan to review the possibility of permitting wider exportability of these products. From pmetzger at lehman.com Fri Apr 16 12:46:29 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Fri, 16 Apr 93 12:46:29 PDT Subject: Mailing list name Message-ID: <9304161946.AA27724@snark.shearson.com> In the light of recent developments concerning government cryptography initiatives, we might soon find ourselves innundated by working press. Given this, I think that the name "cypherpunks" produces the wrong connotations -- it makes us sound like criminals when we are in fact people who are interested in expanding personal privacy with technology. Often, little things like this end up being of tremendous importance in the long haul. I would propose changing the name of the mailing list to "cryptoprivacy" or something similar. It denotes what we are about in a way that mundane people understand better, and it portrays us in the proper light -- as people struggling to improve the prospects for personal freedom, not a bunch of "punks". Perry From derek at cs.wisc.edu Fri Apr 16 13:00:08 1993 From: derek at cs.wisc.edu (Derek Zahn) Date: Fri, 16 Apr 93 13:00:08 PDT Subject: circling the wagons Message-ID: <9304162000.AA29054@lynx.cs.wisc.edu> Assuming that the "Clipper chip" initiative isn't a teapot tempest, I suppose we'd better start sharpening our rhetorical knives. Privacy arguments and sheer outrage will be useful, but it seems to me that the "modern steganography" discussion from a few weeks back offers an irrefutable argument: By performing rather simple camouflaging, it is possible to make an encrypted message undetectable by encoding it in (images, voice, any other signal that could plausibly contain noise). This is rather easy to do, so those who REALLY want to hide what they're doing (terrorists, criminals, republican campaign staff) will still be able to do so. In fact, by encrypting the wrapper with your "Clipper" system, they look like they're hiding noting. All that you are buying is a false sense of security. derek From nobody at alumni.cco.caltech.edu Fri Apr 16 13:00:25 1993 From: nobody at alumni.cco.caltech.edu (nobody at alumni.cco.caltech.edu) Date: Fri, 16 Apr 93 13:00:25 PDT Subject: ANON: Chaining to Penet remailer Message-ID: <9304162000.AA00123@alumni.cco.caltech.edu> I am not very inclined to defend myself or my news.admin.policy postings, since saying someones an asshole seems to be what the group is for, but I am listening to the discussion and take seriously peoples crticisms and listening hard. FOr what it's worth, I said I was sorry but It pisses me off that when a nym tells some jerk to fuck off, everyone jumps all over me. EVen so, I'll listen to what people have to say since I don't want to lose access ... without the remailers I am Nowhere, Man. Isn't that ironic??? From treason at gnu.ai.mit.edu Fri Apr 16 13:14:50 1993 From: treason at gnu.ai.mit.edu (treason at gnu.ai.mit.edu) Date: Fri, 16 Apr 93 13:14:50 PDT Subject: White House Encryption idea Message-ID: <9304162014.AA05785@spiff.gnu.ai.mit.edu> Well, this all sounds fine and dandy, but... 1) They are not passing out the algorithym, and I dont trust ANYONE to tell me its secure. I am not a cryptographer, so it wouldn't help any if they gave the code to me, but it just being out there for public perusal helps me to think it IS secure. I trust no payola. 2) It is very possible that the 'criminal' effort may be able to modify these devices so that there is no possiblility for the agencies to decrypt their trasmissions (If it IS truly secure with no backdoors or decyphering possibilities) in which case, it can only harm the law abiding. 3) It allows the government the ability to determine WHAT encryption method industry uses, and they should be able to have a choice. Those who understand this very misleading comment will understand, those who do not, will prolly never be able to. 4) No explanation of what the 'key' contents are composed of (numbers, letters, alphanum, characters, some odd cyphercode???) is even implied. 5) No explanation of how the key is propegated or if it will even be needed for the remote site is mentioned. How are the remote sites going to decypher your cyphersounds(text)? There was no mention of further releases in information...is this all we get? treason at gnu From treason at gnu.ai.mit.edu Fri Apr 16 13:31:36 1993 From: treason at gnu.ai.mit.edu (treason at gnu.ai.mit.edu) Date: Fri, 16 Apr 93 13:31:36 PDT Subject: Mailing list name In-Reply-To: <9304161946.AA27724@snark.shearson.com> Message-ID: <9304162031.AA05882@spiff.gnu.ai.mit.edu> > > > In the light of recent developments concerning government cryptography > initiatives, we might soon find ourselves innundated by working press. > > Given this, I think that the name "cypherpunks" produces the wrong > connotations -- it makes us sound like criminals when we are in fact > people who are interested in expanding personal privacy with > technology. Often, little things like this end up being of tremendous > importance in the long haul. > > I would propose changing the name of the mailing list to > "cryptoprivacy" or something similar. It denotes what we are about in > a way that mundane people understand better, and it portrays us in the > proper light -- as people struggling to improve the prospects for > personal freedom, not a bunch of "punks". > > Perry > > I agree wholeheartedly, and I think I have the experience to say so. You wouldn't believe how much importance people and groups put on names. Even though I have not, nor ever intend to commit the act described by my name, people still look at me with a leery eye. Becase I am treason at gnu From gnu Fri Apr 16 13:54:23 1993 From: gnu (John Gilmore) Date: Fri, 16 Apr 93 13:54:23 PDT Subject: EFF crypto statement and press release Message-ID: <9304162054.AA19449@toad.com> April 16, 1993 INITIAL EFF ANALYSIS OF CLINTON PRIVACY AND SECURITY PROPOSAL The Clinton Administration today made a major announcement on cryptography policy which will effect the privacy and security of millions of Americans. The first part of the plan is to begin a comprehensive inquiry into major communications privacy issues such as export controls which have effectively denied most people easy access to robust encryption, and law enforcement issues posed by new technology. However, EFF is very concerned that the Administration has already reached a conclusion on one critical part of the inquiry, before any public comment or discussion has been allowed. Apparently, the Administration is going to use its leverage to get all telephone equipment vendors to adopt a voice encryption standard developed by the National Security Agency. The so-called "Clipper Chip" is an 80-bit, split key escrowed encryption scheme which will be built into chips manufactured by a military contractor. Two separate escrow agents would store users' keys, and be required to turn them over law enforcement upon presentation of a valid warrant. The encryption scheme used is to be classified, but the chips will be available to any manufacturer for incorporation into its communications products. This proposal raises a number of serious concerns . First, the Administration has adopted a solution before conducting an inquiry. The NSA-developed Clipper Chip may not be the most secure product. Other vendors or developers may have better schemes. Furthermore, we should not rely on the government as the sole source for the Clipper or any other chips. Rather, independent chip manufacturers should be able to produce chipsets based on open standards. Second, an algorithm cannot be trusted unless it can be tested. Yet, the Administration proposes to keep the chip algorithm classified. EFF believes that any standard adopted ought to be public and open. The public will only have confidence in the security of a standard that is open to independent, expert scrutiny. Third, while the use of the use of a split-key, dual escrowed system may prove to be a reasonable balance between privacy and law enforcement needs, the details of this scheme must be explored publicly before it is adopted. What will give people confidence in the safety of their keys? Does disclosure of keys to a third party waive an individual's Fifth Amendment rights in subsequent criminal inquiries? These are but a few of the many questions the Administrations proposal raised but fails to answer. In sum, the Administration has shown great sensitivity to the importance of these issues by planning a comprehensive inquiry into digital privacy and security. However, the "Clipper Chip" solution ought to be considered as part of the inquiry, and not be adopted before the discussion even begins. DETAILS OF THE PROPOSAL: ESCROW The 80-bit key will be divided between two escrow agents, each of whom hold 40-bits of each key. The manufacturer of the communications device would be required to register all keys with the two independent escrow agents. A key is tied to the device, however, not the person using it. Upon presentation of a valid court order, the two escrow agents would have to turn the key parts over to law enforcement agents. According to the Presidential Directive just issued, the Attorney General will be asked to identify appropriate escrow agents. Some in the Administration have suggested that one non-law enforcement federal agency (perhaps the Federal Reserve), and one non-governmental organization could be chosen, but there is no agreement on the identity of the agents yet. CLASSIFIED ALGORITHM AND THE POSSIBILITY OF BACK DOORS The Administration claims that there are no back doors -- means by which the government or others could break the code without securing keys from the escrow agents -- and that the President will be told there are no back doors to this classified algorithm. In order to prove this, Administration sources are interested in arranging for an all-star crypto cracker team to come in, under a security arrangement, and examine the algorithm for trap doors. The results of the investigation would then be made public. The Clipper Chipset was designed and is being produced and a sole-source, secret contract between the National Security Agency and two private firms: VLSI and Mycotronx. NSA work on this plan has been underway for about four years. The manufacturing contract was let 14 months ago. GOVERNMENT AS MARKET DRIVER In order to get a market moving, and to show that the government believes in the security of this system, the feds will be the first big customers for this product. Users will include the FBI, Secret Service, VP Al Gore, and maybe even the President. At today's Commerce Department press briefing, a number of people asked this question, though: why would any private organization or individual adopt a classified standard that had no independent guaranty of security or freedom from trap doors? COMPREHENSIVE POLICY INQUIRY The Administration has also announced that it is about to commence an inquiry into all policy issues related to privacy protection, encryption, and law enforcement. The items to be considered include: export controls on encryption technology and the FBI's Digital Telephony Proposal. It appears that the this inquiry will be conducted by the National Security Council. Unfortunately, however, the Presidential Directive describing the inquiry is classified. Some public involvement in the process has been promised, but they terms have yet to be specified. FROM MORE INFORMATION CONTACT: Jerry Berman, Executive Director (jberman at eff.org) Daniel J. Weitzner, Senior Staff Counsel (djw at eff.org) Full text of the Press releases and Fact Sheets issued by the Administration will be available on EFF's ftp site. =================== PRESS RELEASE FOR IMMEDIATE RELEASE: April 16, 1993 Electronic Frontier Foundation responds to Clinton Administration Digital Privacy and Security proposals. EFF Chairman Mitchell Kapor praises process but questions need for secret standard. The Clinton Administration today made a major announcement on privacy and security for electronic communications including regular and cellular phones. Mitchell Kapor, EFF Chairman of the Board, praised Administration efforts to study comprehensive solutions to privacy problems, but questioned the specific solution which the government is seeking to impose. "The Administration is to be commended for launching a broad inquiry into these critical problems," said Kapor, "but they should not attempt to impose a solution before the process has begun." "A system based on classified, secret technology will not and should not gain the confidence of the American public," continued Kapor, commenting on the proposed use of the NSA-developed "Clipper Chip." The Clipper chip is to be sold to private corporations for incorporation in communications products, but will be based on a classified coding system. Kapor explained that "in the past, government-designed standards have suffered under the suspicion that a hidden 'trap door' would allow unauthorized governmental or private intrusion. The only way to avoid this mistake is to publish open standards and subject them to expert, independent scrutiny." The Clipper proposal would also require users to deposit their code "keys" with "trusted" escrow agents in order to allow law enforcement to conduct court-authorized wiretaps. Jerry Berman, EFF's Executive Director, said that "the escrow system is an intriguing proposal, but the details of this scheme must be explored publicly before it is adopted. What will give people confidence in the safety of their keys? Does disclosure of keys to a third party waive an individual's Fifth Amendment rights against self-incrimination? The administration will need to answer questions such as these before it proceeds with this, or any other, proposal." Contact: Jerry Berman, Executive Director Daniel J. Weitzner, Senior Staff Counsel tel: 202-544-3077 or 202-544-9237 eff at eff.org From tcmay at netcom.com Fri Apr 16 14:18:18 1993 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 16 Apr 93 14:18:18 PDT Subject: Key Registration and Big Brother--Time to Fight! Message-ID: <9304162117.AA29302@netcom.netcom.com> (Perry Metzger forwarded my message this morning to the Cypherpunks list on the latest White House proposal....I should've also sent it to the Extropians list myself, my vacation from the list notwithstanding. Some things are just too important!) The latest White House proposal to authorize a certain form of encryption, called "Clipper Chip," (a bizarre name, which also conflicts with the "Clipper" processor made by Intergraph), represents the reification of all the "key registration" themes discussed for many months on sci.crypt and elsewhere. I urge those on the Extropians list who are interested in preserving their dwindling freedoms in these Beknighted States of America to: 1. Follow the debate on sci.crypt and elsewhere. Hal Finney just mentioned the various places the White House announcement was posted. 2. Subscribe to the Cypherpunks list by sending a message to "cypherpunks-request at toad.com". The latest "Wired," which I have not yet seen myself, apparently has some good stuff on our group. (I reviewed Levy's article for him, but haven't seen the mag on the newsstands yet.) 3. Get your PGP and MacPGP before "the other shoe drops." The "other shoe" may be legal moves by RSA Data Security and others (Commerce? Justice?) to crack down on PGP...rumblings of this have been heard for months now, and were discussed at the last physical Cypherpunks meeting. (And the steganographic aspects--the hiding of the mere _existence_ of an encrypted message--will probably assume a greater importance than before.) 4. The Boston area just had its first physical Cypherpunks meeting, with Julf intending to attend (J. Helsingius, operator of the Finnish anonymous remailer)....I haven't heard the outcome. The U.K has had one for several months, and of course the Bay Area has had one since before there was even a mailing list. The Southern California area has several leading Cypherpunks (Hal Finney, Phil Karn, Eli Brandt, others) and wants to host a meeting of "the Cypherpunks." Instead, and in light of the serious danger that encryption will soon have limits placed on it, I would urge them to *just begin their own meeting* ASAP! (Sorry to sound so urgent, but they need to start meeting long before we can arrange a meeting in San Diego or LA.) (One thing we talked about at the 4-10-93 meeting in Mountain View, CA, was a conference call linking up some of the "satellite Cypherpunks." Not secure, of course, but then neither is this list nor our physical meetings...anybody can attend, can get added to the list, etc.) 5. Prof. Denning has more to say about key escrow and registration in the latest (or very recent) "Communications of the ACM," which should be available in large university libraries. Now that the proposal has become real, it takes on more meaning. 6. It is clear that the "trial balloon" I cited in my message many months back to sci.crypt is nauseatingly real. Under the guise of stopping "drug dealers, terrorists, and child pornographers," we will see limits placed on our ability to communicate privately. I have few hopes that this proposal will be overturned by the courts, including the Supreme Court. A "garrison state" like the U.S. is turning itself into, what with the War on (Some) Drugs, the no-knock raids on suspects, the civil forfeiture laws, and the attacks on "whacko Waco religious cults," has need of Nazi-like police powers. It seems ironic, and appropriate, that this White House announcement came on the 50th anniversary of the discovery of LSD...April 16th, 1943. As I said six months ago, "Be afraid, be very afraid." As Phil Karn put it, the battle is joined. -Tim May -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available. From pcw at access.digex.com Fri Apr 16 14:56:30 1993 From: pcw at access.digex.com (Peter Wayner) Date: Fri, 16 Apr 93 14:56:30 PDT Subject: The New Mykotronix phones... Message-ID: <199304161954.AA20309@access.digex.com> Okay, let's suppose that the NSA/NIST/Mykotronix Registered Key system becomes standard and I'm able to buy such a system from my local radio shack. Every phone comes with a built in chip and the government has the key to every phone call. I go and buy a phone and dutifully register the key. What's to prevent me from swapping phones with a friend or buying a used phone at a garage sale? Whooa. The secret registered keys just became unsynchronized. When the government comes to listen in, they only receive gobbledly-gook because the secret key registered under my name isn't the right one. That leads me to conjecture that: 1) The system isn't that secure. There are just two master keys that work for all the phones in the country. The part about registering your keys is just bogus. or 2) The system is vulnerable to simple phone swapping attacks like this. Criminals will quickly figure this out and go to town. In either case, I think we need to look at this a bit deeper. -Peter Wayner From pmetzger at lehman.com Fri Apr 16 15:40:24 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Fri, 16 Apr 93 15:40:24 PDT Subject: The Big Brother Proposal In-Reply-To: <199304161954.AA20309@access.digex.com> Message-ID: <9304162238.AA28087@snark.shearson.com> Peter Wayner says: > What's to prevent me from swapping phones with a friend or > buying a used phone at a garage sale? Whooa. The secret registered > keys just became unsynchronized. When the government comes > to listen in, they only receive gobbledly-gook because the > secret key registered under my name isn't the right one. Perhaps you can deduce which chip is doing the encryption by identification data transmitted by the chip down the line -- they might identify themselves, making it impossible for you to avoid having them figure out which pair of keys registered with the Ministry of Truth and the Ministry of Love are to be used to listen in on your conversation. After all, they keys are registered by the manufacturer... Perry PS We all remember the Ministry of Love and the Ministry of Truth, don't we? This proposal was, of course, created by a group spun off from the Ministry of Peace, a.k.a. No Such Agency. From tcmay at netcom.com Fri Apr 16 16:51:11 1993 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 16 Apr 93 16:51:11 PDT Subject: (fwd) White House Public Encryption Management Fact Sheet Message-ID: <9304162351.AA00841@netcom.netcom.com> Message from Tim: The following forwarded message (below, after these introductory comments) explains in more detail the NIST/NSA proposal and adds a few disturbing wrinkles: 1. Quote: "INSTALLATION OF GOVERNMENT-DEVELOPED MICROCIRCUITS The Attorney General of the United States, or her representative, shall request manufacturers of communications hardware which incorporates encryption to install the U.S. government-developed key-escrow microcircuits in their products." This suggests more than just voice communications will be affected by the policy. "Communications hardware" suggests a broad scope. Modem makers may be told to (somehow) incorporate this system into their products...not clear what this means for old equipment, incompatible equipment, etc. 2. The "shall request manufacturers..." bit does not sound voluntary. (The whole line about "Clipper" being so attractive that manufacturers will gladly design it in....total B.S.) 3. At the end of this document is mention of using the civil forfeiture laws to enforce the new system. Not state, but implicit (I believe) is that the threat of civil forfeiture will be used to scare users into compliance. Very disturbing. Read it and weep! Then start planning. -Tim May, who hopes the Cypherpunks will adopt my suggestion that we use the Bulletin of Atomic Scientists-style "clock"...I call it 10 minutes before midnight ***Begin forwarded message from sci.crypt and other groups*** From: clipper at csrc.ncsl.nist.gov (Clipper Chip Announcement) Subject: White House Public Encryption Management Fact Sheet Organization: National Institute of Standards & Technology Date: Fri, 16 Apr 1993 20:44:58 GMT Note: The following was released by the White House today in conjunction with the announcement of the Clipper Chip encryption technology. FACT SHEET PUBLIC ENCRYPTION MANAGEMENT The President has approved a directive on "Public Encryption Management." The directive provides for the following: Advanced telecommunications and commercially available encryption are part of a wave of new computer and communications technology. Encryption products scramble information to protect the privacy of communications and data by preventing unauthorized access. Advanced telecommunications systems use digital technology to rapidly and precisely handle a high volume of communications. These advanced telecommunications systems are integral to the infrastructure needed to ensure economic competitiveness in the information age. Despite its benefits, new communications technology can also frustrate lawful government electronic surveillance. Sophisticated encryption can have this effect in the United States. When exported abroad, it can be used to thwart foreign intelligence activities critical to our national interests. In the past, it has been possible to preserve a government capability to conduct electronic surveillance in furtherance of legitimate law enforcement and national security interests, while at the same time protecting the privacy and civil liberties of all citizens. As encryption technology improves, doing so will require new, innovative approaches. In the area of communications encryption, the U. S. Government has developed a microcircuit that not only provides privacy through encryption that is substantially more robust than the current government standard, but also permits escrowing of the keys needed to unlock the encryption. The system for the escrowing of keys will allow the government to gain access to encrypted information only with appropriate legal authorization. To assist law enforcement and other government agencies to collect and decrypt, under legal authority, electronically transmitted information, I hereby direct the following action to be taken: INSTALLATION OF GOVERNMENT-DEVELOPED MICROCIRCUITS The Attorney General of the United States, or her representative, shall request manufacturers of communications hardware which incorporates encryption to install the U.S. government-developed key-escrow microcircuits in their products. The fact of law enforcement access to the escrowed keys will not be concealed from the American public. All appropriate steps shall be taken to ensure that any existing or future versions of the key-escrow microcircuit are made widely available to U.S. communications hardware manufacturers, consistent with the need to ensure the security of the key-escrow system. In making this decision, I do not intend to prevent the private sector from developing, or the government from approving, other microcircuits or algorithms that are equally effective in assuring both privacy and a secure key- escrow system. KEY-ESCROW The Attorney General shall make all arrangements with appropriate entities to hold the keys for the key-escrow microcircuits installed in communications equipment. In each case, the key holder must agree to strict security procedures to prevent unauthorized release of the keys. The keys shall be released only to government agencies that have established their authority to acquire the content of those communications that have been encrypted by devices containing the microcircuits. The Attorney General shall review for legal sufficiency the procedures by which an agency establishes its authority to acquire the content of such communications. PROCUREMENT AND USE OF ENCRYPTION DEVICES The Secretary of Commerce, in consultation with other appropriate U.S. agencies, shall initiate a process to write standards to facilitate the procurement and use of encryption devices fitted with key-escrow microcircuits in federal communications systems that process sensitive but unclassified information. I expect this process to proceed on a schedule that will permit promulgation of a final standard within six months of this directive. The Attorney General will procure and utilize encryption devices to the extent needed to preserve the government's ability to conduct lawful electronic surveillance and to fulfill the need for secure law enforcement communications. Further, the Attorney General shall utilize funds from the Department of Justice Asset Forfeiture Super Surplus Fund to effect this purchase. -- From pmetzger at lehman.com Fri Apr 16 16:58:08 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Fri, 16 Apr 93 16:58:08 PDT Subject: "Big Brother" Proposal Message-ID: <9304162357.AA28273@snark.shearson.com> It has been suggested that we start refering to the latest Encryption Initiative by the feds as the "Big Brother" proposal. I think this is an excellent idea. If we can get the media to adopt the term, it means that every time someone refers to the proposal they have already given our propaganda slant to it. Perry From rclark at nyx.cs.du.edu Fri Apr 16 18:25:07 1993 From: rclark at nyx.cs.du.edu (Robert W. F. Clark) Date: Fri, 16 Apr 93 18:25:07 PDT Subject: ietf-telnet-encryption.01.txt Message-ID: <9304170126.AA08500@nyx.cs.du.edu> Does anyone know why this Internet draft was deleted? I've sent a quick message to Internet-drafts at nri.reston.va.us to determine the reason. Will report. It sounds a little suspicious to me, though. Snag those copies of PGP while you can. Expect trouble in coming months. ---- Robert W. Clark rclark at nyx.cs.du.edu PGP signature available by mail or finger From joseph at valis.biocad.com Fri Apr 16 18:30:50 1993 From: joseph at valis.biocad.com (Joseph Truitt) Date: Fri, 16 Apr 93 18:30:50 PDT Subject: [fwd] Initial EFF analysis of Clinton Privacy and Security Proposal Message-ID: <9304170040.AA21888@valis.biocad.com> I don't recall having posted to this list before, but I am a truly supportive lurker as it were, doing my bit to sow seeds of crypto-anarchy at the layperson level to many friends. Anyway, in light of today's foreboding announcement from the White House, I thought you might be interested in this blurb from the EFF. ------- Forwarded Message Date: Fri, 16 Apr 1993 15:17:02 -0400 From: Cliff Figallo Subject: EFFector Online 5.06 To: eff-news at eff.org (eff-news mailing list) ****************************************************************** ////////////// ////////////// ////////////// /// /// /// /////// /////// /////// /// /// /// ////////////// /// /// ****************************************************************** EFFector Online Volume 5 No. 6 4/16/1993 editors at eff.org A Publication of the Electronic Frontier Foundation ISSN 1062-9424 ... April 16, 1993 INITIAL EFF ANALYSIS OF CLINTON PRIVACY AND SECURITY PROPOSAL The Clinton Administration today made a major announcement on cryptography policy which will effect the privacy and security of millions of Americans. The first part of the plan is to begin a comprehensive inquiry into major communications privacy issues such as export controls which have effectively denied most people easy access to robust encryption as well as law enforcement issues posed by new technology. However, EFF is very concerned that the Administration has already reached a conclusion on one critical part of the inquiry, before any public comment or discussion has been allowed. Apparently, the Administration is going to use its leverage to get all telephone equipment vendors to adopt a voice encryption standard developed by the National Security Agency. The so-called "Clipper Chip" is an 80-bit, split key escrowed encryption scheme which will be built into chips manufactured by a military contractor. Two separate escrow agents would store users' keys, and be required to turn them over law enforcement upon presentation of a valid warrant. The encryption scheme used is to be classified, but they chips will be available to any manufacturer for incorporation into their communications products. This proposal raises a number of serious concerns . First, the Administration appears to be adopting a solution before conducting an inquiry. The NSA-developed Clipper chip may not be the most secure product. Other vendors or developers may have better schemes. Furthermore, we should not rely on the government as the sole source for Clipper or any other chips. Rather, independent chip manufacturers should be able to produce chipsets based on open standards. Second, an algorithm can not be trusted unless it can be tested. Yet the Administration proposes to keep the chip algorithm classified. EFF believes that any standard adopted ought to be public and open. The public will only have confidence in the security of a standard that is open to independent, expert scrutiny. Third, while the use of the split-key, dual-escrowed system may prove to be a reasonable balance between privacy and law enforcement needs, the details of this scheme must be explored publicly before it is adopted. What will give people confidence in the safety of their keys? Does disclosure of keys to a third party waive individual's fifth amendment rights in subsequent criminal inquiries? In sum, the Administration has shown great sensitivity to the importance of these issues by planning a comprehensive inquiry into digital privacy and security. However, the "Clipper chip" solution ought to be considered as part of the inquiry, not be adopted before the discussion even begins. DETAILS OF THE PROPOSAL: ESCROW The 80-bit key will be divided between two escrow agents, each of whom hold 40 bits of each key. Upon presentation of a valid warrant, the two escrow agents would have to turn the key parts over to law enforcement agents. Most likely the Attorney General will be asked to identify appropriate escrow agents. Some in the Administration have suggested one non-law enforcement federal agency, perhaps the Federal Reserve, and one non-governmental organization. But, there is no agreement on the identity of the agents yet. Key registration would be done by the manufacturer of the communications device. A key is tied to the device, not to the person using it. CLASSIFIED ALGORITHM AND THE POSSIBILITY OF BACK DOORS The Administration claims that there are no back door means by which the government or others could break the code without securing keys from the escrow agents and that the President will be told there are no back doors to this classified algorithm. In order to prove this, Administration sources are interested in arranging for an all-star crypto cracker team to come in, under a security arrangement, and examine the algorithm for trap doors. The results of the investigation would then be made public. GOVERNMENT AS MARKET DRIVER In order to get a market moving, and to show that the government believes in the security of this system, the feds will be the first big customers for this product. Users will include the FBI, Secret Service, VP Al Gore, and maybe even the President. FROM MORE INFORMATION CONTACT: Jerry Berman, Executive Director Daniel J. Weitzner, Senior Staff Counsel ... ============================================================= EFFector Online is published by The Electronic Frontier Foundation 666 Pennsylvania Ave., Washington, DC 20003 Phone: +1 202 544-9237 FAX: +1 202 547 5481 Internet Address: eff at eff.org Coordination, production and shipping by Cliff Figallo, EFF Online Communications Coordinator (fig at eff.org) Reproduction of this publication in electronic media is encouraged. Signed articles do not necessarily represent the view of the EFF. To reproduce signed articles individually, please contact the authors for their express permission. *This newsletter is printed on 100% recycled electrons* ------- End of Forwarded Message -- Joseph Truitt * BioCAD Corporation * joseph at biocad.com * voice 415/903-3923 fax 415/961-0584 * "The hardest thing in the world to understand is the income tax." --Albert Einstein From jet at nas.nasa.gov Fri Apr 16 18:51:43 1993 From: jet at nas.nasa.gov (J. Eric Townsend) Date: Fri, 16 Apr 93 18:51:43 PDT Subject: ietf-telnet-encryption.01.txt In-Reply-To: <9304170126.AA08500@nyx.cs.du.edu> Message-ID: <9304170151.AA00130@boxer.nas.nasa.gov> Robert W. F. Clark writes: > It sounds a little suspicious to me, though. Snag those copies > of PGP while you can. Expect trouble in coming months. While we're on the subject of "things that might go away", the Icom IC-R1 is getting hard to find locally. I bought the last one at Quantel electronics for $450 or so. (The R1 is a handheld scanner/receiver that has continuous coverage from 100Khz-1.3Ghz.) From gg at well.sf.ca.us Fri Apr 16 19:11:44 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Fri, 16 Apr 93 19:11:44 PDT Subject: (fwd) White House Public Encryption Management Fact Sheet Message-ID: <199304170211.AA01739@well.sf.ca.us> Re Big Brother proposal. The "asset forfeiture" mention isn't quite so ominous as suggested: what it seems to say is that the Atty General will procure (i.e. buy) encryption devices for use by law enforcement in their own secure communications (i.e. police radio and computer links), and "the funding to effect this purchase" will come from the "superfund" of money derived from existing asset forfeitures. In other words, smoke a joint, lose your house, and Uncle Sam sells the house to get money to buy more crypto gear for cops. I don't see an implication that crypto gear makers will be facing forfeiture for failing to comply with the "request" to incorporate key escrow. It appears that this is directed at first to establish the use of key escrow in government-related communications: "federal communications systems that process sensitive but unclassified information." So for instance, Ollie North's memos would be recoverable, and so on. But the real risk is that it will spread out to encompass any facility receiving government funding or contracts, i.e. the universities; and from there, widen so as to restrict other types of crypto from being used at those sites. So far it doesn't seem to restrict crypto on private microcomputers, though a widely accepted standard could eventually be written into law. The proposal specifically says it will allow other manufacturers to develop other approaches to key escrow systems. I think what the long-term plan might be, is to win acceptance for the idea of key escrow, and then require it. This isn't exactly a backdoor into your hardware; what it would allow would be for instance NSA to get your key and then read your communications as they occur. So your local hardware isn't storing anything in a different way or being remotely accessed or triggered, but your key is available elsewhere, at some approved facility. Now I'm guessing here, but what I think the way the crypto part of this has to work, is with a "device-specific" key and a "session"-type of key; where the first is what is escrowed, and the second is user-variable. Both are required to decrypt messages, and recovery of the second key would be relatively straightforward. Now you buy a modem or whatever, and it has a crypto chip in it, with a device-specific key that is registered along with the serial number of the device. So your purchase record has that serial number on it, and that's used to track the device key, which of course has been escrowed by the manufacturer before shipping the modem out. This would suggest that device keys would be relatively hard to crack, and therefore that some improvement in privacy would be possible by simply swapping the key chip in the device; and this would be easy enough with a black market in key escrow chips. In the mean time, from our end of it, someone oughta start working on steganography FAST. Spread spectrum designs are feasible. Slow is okay; the goal being to do anything that will render key escrow obsolete by making it impossible to tell when ciphertext (or for that matter any kind of data) is being sent. -gg From meyer at mcc.com Fri Apr 16 19:16:21 1993 From: meyer at mcc.com (Peter Meyer) Date: Fri, 16 Apr 93 19:16:21 PDT Subject: The New Mykotronix phones... In-Reply-To: <199304161954.AA20309@access.digex.com> Message-ID: <19930417021528.5.MEYER@OGHMA.MCC.COM> Date: Fri, 16 Apr 1993 14:54 CDT From: Peter Wayner Okay, let's suppose that the NSA/NIST/Mykotronix Registered Key system becomes standard and I'm able to buy such a system from my local radio shack. Every phone comes with a built in chip and the government has the key to every phone call. I go and buy a phone and dutifully register the key. What's to prevent me from swapping phones with a friend or buying a used phone at a garage sale? Whooa. The secret registered keys just became unsynchronized. When the government comes to listen in, they only receive gobbledly-gook because the secret key registered under my name isn't the right one. Knowing nothing except what I've read on the net today, I suppose that while scrambling the phone conversation the chip inserts in the data stream some ID (perhaps once per second) to tell the govt. which chip is doing the scrambling. This would allow multiple trapdoor keys (as claimed) and also there would be no need for phone users to register. The chip might also insert the number of the phone originating and/or receiving the call, though presumably the wiretappers would already know this. -- Peter Meyer From peb at PROCASE.COM Fri Apr 16 19:21:54 1993 From: peb at PROCASE.COM (peb at PROCASE.COM) Date: Fri, 16 Apr 93 19:21:54 PDT Subject: (fwd) White House Public Encryption Management Fact Sheet Message-ID: <9304170220.AA02462@banff> >From: Peter Wayner >2) The system is vulnerable to simple phone swapping attacks Yes, that's when the it becomes necessary to register your phone and phone license with the government every year. Remember, "using a telephone is a privilage, not a right!" 8^) Nice way to charge license fees too! >From: gnu at toad.com (John Gilmore) >Subject: EFF crypto statement and press release > Does disclosure of keys to a third party waive an individual's Fifth Amendment > rights in subsequent criminal inquiries? This is a very important question and it gets to the heart of the matter. Paul E. Baclace peb at procase.com From gg at well.sf.ca.us Fri Apr 16 19:30:03 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Fri, 16 Apr 93 19:30:03 PDT Subject: Key Registration and Big Brother--Time to Fight! Message-ID: <199304170224.AA04394@well.sf.ca.us> Instead of a conference call in clear voice, how about doing it online from the various meetings, and encrypted? What would it take to set up a broadcast encryption system that will work in chat mode...? A conference call in clear voice is almost certain to be monitored, and I would bet that it would yield a whole lot more high-grade intelligence than we would usually expect: first of all, voices of all participants (for later use in voiceprint recognition surveillance), second, all the background discussions, and third, a lot of the kind of deliberation and working-through-things that ordinarily gets filtered out by the process of posting things to this list. Yes, they can theoretically send visitors to our meetings. But realistically this is more labor intensive and potentially risky than recording a conference call which has all the meetings on line. Let's not go leaving any huge holes, please...! -gg From meyer at mcc.com Fri Apr 16 19:42:56 1993 From: meyer at mcc.com (Peter Meyer) Date: Fri, 16 Apr 93 19:42:56 PDT Subject: White House Encryption idea In-Reply-To: <9304162014.AA05785@spiff.gnu.ai.mit.edu> Message-ID: <19930417024202.6.MEYER@OGHMA.MCC.COM> Date: Fri, 16 Apr 1993 15:13 CDT From: treason at gnu.ai.mit.edu Well, this all sounds fine and dandy, but... 1) They are not passing out the algorithym, and I dont trust ANYONE to tell me its secure. ... 4) No explanation of what the 'key' contents are composed of (numbers, letters, alphanum, characters, some odd cyphercode???) is even implied. 5) No explanation of how the key is propegated or if it will even be needed for the remote site is mentioned. How are the remote sites going to decypher your cyphersounds(text)? There was no mention of further releases in information...is this all we get? treason at gnu Question (5) is particularly acute. Offhand I can think of two ways the remote site might decrypt the message: 1. If the two phones can talk to each other then the originator phone might ask the receiver phone for its public key (as in public key cryptography) and then use this to encrypt the message. (The receiver phone then decrypts with its private key.) But since the encryption is occurring in real time, this is probably not feasible unless short keys are used. 2. The originator phone might simply send the encryption key down the line, perhaps itself encrypted or disguised in some way. If so then it might not be too hard to discover the key. In this case all security lies in ignorance of the encryption algorithm used (violating crypto- logical principles). It probably wouldn't be too long (at most a year or so) before someone figures out what the algorithm is, in which case all security is compromised. However, security in particular cases is relative to the expertise of the attacker, so it might still be the case that one's neighbors and business competitors could not decrypt the message, even if XYZ Security Consultants could. -- Peter Meyer From newsham at wiliki.eng.hawaii.edu Fri Apr 16 19:44:48 1993 From: newsham at wiliki.eng.hawaii.edu (Timothy Newsham) Date: Fri, 16 Apr 93 19:44:48 PDT Subject: white house blunder Message-ID: <9304170244.AA25203@toad.com> Even though the white house proposal may seem bad it could be used to your advantage in some ways: swap keys with someone else... if serial number isnt sent in transmission this takes gives a big headache when they try to decrypt your stream. use another encryption before sending to clipper chip... this way everything looks normal, and if they are playing according to the rules (cross fingers) they dont know anything is fishy until they try to get a warrant and decrypt. First keys wont match. When they do find the correct key they'll decrypt and get a file encrypted in another system. This might be great for averting suspicion of using another crypto- system. Everyone will be using clipper, and your message will look like its from the clipper chip. It wont look like an RSA file or DES'ed voice or whatever. The chip gives you a opaque (hopefully) envelope to put things into. From hughes at soda.berkeley.edu Fri Apr 16 20:05:41 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Fri, 16 Apr 93 20:05:41 PDT Subject: a cypherpunk's clipper reaction Message-ID: <9304170302.AA10041@soda.berkeley.edu> Fellows: I will, in the coming weeks have much more to say on the matter of this Clipper chip proposal. For now, however, I have only one thing to say. No compromises. Eric From nobody at pmantis.berkeley.edu Fri Apr 16 20:09:56 1993 From: nobody at pmantis.berkeley.edu (nobody at pmantis.berkeley.edu) Date: Fri, 16 Apr 93 20:09:56 PDT Subject: No Subject Message-ID: <9304170312.AA19797@pmantis.berkeley.edu> With regard to the White House's attempt to force the "Clipper" on you: I guess the time has come for the Cypherpunks to break their 'political teeth'. This issue is squarely on point with the purpose of the cpunks and needs to be addressed. The best thinkers on these topics are on this list (as are many libertarian thinkers). The Cypherpunks have gotten a fair amount of media play as of late and I think those interested in privacy and security are frothing at the mouth. I know in general cpunks dont believe in the necessity for leaders, but leader'ship' is a different matter. I believe that there are people here with the knowledge to fight against this proposal. So, Cypherpunks, step to the political plate. > In the past, it has >been possible to preserve a government capability to conduct >electronic surveillance in furtherance of legitimate law >enforcement and national security interests, while at the same time >protecting the privacy and civil liberties of all citizens. Just some levity to start off with :-) >The Attorney General of the United States, or her representative, >shall request manufacturers ... I read this differently than does Tim. "shall" coupled with "request" actually equals ambiguity and seems not to compel anyone. Im sure that the language was meant to confuse though. >In making this decision, I do >not intend to prevent the private sector from developing, or the >government from approving, other microcircuits or algorithms that >are equally effective in assuring both privacy and a secure key- >escrow system. Well, the door does still appear to be open for private circuit development and a better escrow system (better?). This does lend credence to the opinion that this may just be a very forceful suggestion and not an order per se. >The Attorney General shall make all arrangements with appropriate >entities to hold the keys for the key-escrow microcircuits >installed in communications equipment. Gotta agree with Tim that this appears to be an incredibly obvious backdoor to all telecommunications equipment. This should be made clear in any public statements about this document. > The Attorney >General shall review for legal sufficiency the procedures by which >an agency establishes its authority to acquire the content of such >communications. OK. This might be the key to the downfall of this proposal. The Govt appears to be showing its weak hand here. They have either not thouroughly addressed the legal concerns or they are standing on shaky legal ground. I believe there could be a number of problems (legally speaking) with the proposal. Seperation of Powers, Commerce concerns, penumbra Right to Privacy, etc just to name a few. Well, I guess Im off to the library to research another interesting, yet inapplicable directly to my legal studies, topic. (As if I dont spend enough time in the library) I guess if she's gonna review the legal sufficiency there should be no problem with me 'parallel processing' that same information. > Further, the Attorney General >shall utilize funds from the Department of Justice Asset Forfeiture >Super Surplus Fund to effect this purchase. Surplus...what happened to the defecit? :^) In general I believe that this event calls for a public expression of intellectual disagreement. An assertion of the power of the ideas expressed on this list will put the Cypherpunks in the discourse of public policy. Obviously, it should be well thought out and expressed in the most positive way. Calm, cool, calculated response will gain the cpunks respect, a knee jerk, emotional response will only get our ideas ignored. If politics doesn't work there also appears to be an economic out. Creating REAL encryptive circuits whose keys are not held by the government but rather by the owner. Private enterprise and a result to our concerns for liberty appear amenable. So any hardware cypherpunk hacks, get out your tools. Finally, a simple analogy. The current state of the law does not require me to register the key to my home with a government agency so that they can gain access to my home in a more efficient way if they feel the need. I keep the key and the control (until they break down my door). In that case, the value is placed on my freedom, not the efficiency with which the police could access my private communications. There are reasons that search warrents were 'initially' difficult to acquire and reasons why it should be difficult to access my home (i.e. they must break down my door.) Those reasons dealt with the severity of encroachment upon my privacy and rights thereto. In fact, that is the reason given for the remaining formalistic requirements of the necessity of prior judicial consent for warrents. No, the judge does not ponder long and hard about whether to give the warrent. Rather, the purpose is to give the officers pause. The ritual is designed to make the parties involved at least ponder the severity of their actions. This proposal would only make invasions of our privacy easier to achieve and eliminate obstacles in the way of officers, giving them even less time to ponder the severity of their encroachment. //////////////////////////////////////////////////////////////////////////////// VOLTAIRE Studying the law, Finding the flaws, Creating a light, Out of the night! //////////////////////////////////////////////////////////////////////////////// Tim- Aren't we closer than 10 mins. to midnight??????? From 72114.1712 at CompuServe.COM Fri Apr 16 20:12:35 1993 From: 72114.1712 at CompuServe.COM (Sandy) Date: Fri, 16 Apr 93 20:12:35 PDT Subject: IMPORTANT--WE WON Message-ID: <930417030350_72114.1712_FHF52-1@CompuServe.COM> _________________________________________________________________ FROM THE VIRTUAL DESK OF SANDY SANDFORT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FIRST, THE BAD NEWS--The government wants to control encryption. Though they are playing coy about it, it's clear that eventually they will try to ban "the good stuff." It's clear Zimmermann, and others, have gotten their attention. NOW, THE GOOD NEWS--I t d o e s n o t m a t t e r. The game is over. We won. The government may engage in holding actions, but it still doesn't matter. What we have here, is the State's pitiful attempt to make the best of a bad situation. This amazing "policy" announcement is a tacit admission of defeat. HOW CAN I BE SO SURE?--The cat is out of the bag. Free, mil spec data encryption is readily available to all. Within a year, equivalent voice encryption freeware will join it. There is no way the government can stuff the encryption cat back in the bag. They can pass their laws. We will do as we please--and they will help us. THEY WILL *HELP* US?--The Administration's plan will have one, unintended, result. It will give legitimacy to privacy through encryption. Legitimacy will beget usage. And usage will mean TRAFFIC. Our securely encrypted messages will be hidden in plain sight. Whispers in a wind tunnel. One digitally encrypted phone call sound just like another--no matter what algorithm is used. A PLOY FOR THE PARANOID--Still think the Secret Service is going to get you? No problem. Just *PRE-encrypt* your phone or data communications with your home-made encryption unit, before you re-encrypt it using the government approved model. ("Hey, I don't know why you couldn't use your back door key to eavesdrop on my secure phone. Sounds like a personal problem to me.") THE ELECTRONIC FRONTIER FOUNDATION IS RIGHT, TOO--Yes, we can rejoice because we won. But it is still important to continue the fight against the State's last gasps. Even when the government is in random-walk mode, it's still possible to get stepped on. They have lost, but they can still do us plenty of damage. We should continue to press them on all fronts to secure our victory. But never doubt it, W E H A V E W O N. S a n d y _________________________________________________________________ PLEASE RESPOND TO: ssandfort at attmail.com (except from CompuServe) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From meyer at mcc.com Fri Apr 16 20:20:59 1993 From: meyer at mcc.com (Peter Meyer) Date: Fri, 16 Apr 93 20:20:59 PDT Subject: New versions of encryption software released Message-ID: <19930417032006.8.MEYER@OGHMA.MCC.COM> I suppose I could use a fig leaf to cover the price of this software so that this posting might seem less "commercial", but - what the hell - this isn't sci.crypt and we're not concerned with maintaining academic purity. This encryption software is available *now*. You might consider shelling out a few bucks (which allows you to make use of the result of a few years' work) before the govt. makes it illegal to buy, sell or use encryption software. New Version Release Announcement Dolphin Software releases three new versions of MS-DOS encryption software Dolphin Software's data encryption software has been released in two new versions, Dolphin Encrypt (V. 2.11) and Dolphin Encrypt Advanced Version (V. 2.10). The encryption routines are also available as a C function library. Both Dolphin Encrypt and the Advanced Version use a symmetric key encryption process to encrypt data on MS-DOS computers, and can encrypt multiple files with a single command. File pathnames are supported and there is extensive error checking. If you wish to transmit encrypted data as email then Dolphin Encrypt can be told to output the encrypted data as text. There is no limit on the size, the type or the number of files. Files are normally compressed during encryption. Screen output can be sent to a file or to a printer for a record of operations. The encryption process, described in detail in the documentation, relies partly on the RSA Data Security, Inc., MD5 Message Digest Algorithm. The Advanced Version has all of the features described above, and also encrypts whole floppy disks. All common disk sizes are supported and are automatically recognized. Additional command line options are supported, including the options of echoing or not echoing the encryption key during entry. There is a decrypt-and-display-only option (with no plaintext written to disk). The Advanced Version can be run silently from another application program to encrypt or decrypt files. It has a script language (with if-else-endif) which allows automation of frequently-performed, complex or conditional operations. The Advanced Version comes with utility programs to read multiple text files, compare files, purge files and wipe a disk clean of data; these can be called from scripts. The Dolphin Encryption Library is a C function library containing functions for encrypting and decrypting blocks of data in memory (from 1 byte to about 10K in size). Complete source code is included. Dolphin Encrypt is priced at $64.00 and the Advanced Version at $128.00. The function library is available for licensing to developers. For more information contact Dolphin Software at 4815 W. Braker Ln. #502, Austin, TX 78759 (phone 512-479-9208). From a2 at well.sf.ca.us Fri Apr 16 20:21:03 1993 From: a2 at well.sf.ca.us (Arthur Abraham) Date: Fri, 16 Apr 93 20:21:03 PDT Subject: 1984 deja vu Message-ID: <199304170320.AA14330@well.sf.ca.us> If you haven't heard about John Markoff's article yet, it' cause you've been spending all your time reading Cypherpunks instead of the front page of the Friday NY Times... read it now. There's an awful lot to be said about this article, mostly we know what it is, and mostly we agree about it. This a major social issue that must be corrected, so here's my proposal: ==> DON'T POST ANYTHING ABOUT THE MARFKOFF ARTICLE. <== We shouldn't waste time writing each other letters that we'll learn nothing by reading. We should spend that same time writing to newspapers, congress people, phone companies, Clinton, Gore, and anybody else who thinks they can get away with this because they feel the citizenry either doesn't care about or doesn't understand the issues. What I want to see in re this issue on this list is something I don't already know, like the name and address of AT&T's president's secretary -- s/he'll complain to the prez if enough privacy mail arrives. Be imaginative, be active, rattle cages, but telling me how pissed you are won't change a thing, except to decrease the time we're both spending on doing something effective. Be effective. Please. -a2. From ebrandt at jarthur.Claremont.EDU Fri Apr 16 20:26:05 1993 From: ebrandt at jarthur.Claremont.EDU (Eli Brandt) Date: Fri, 16 Apr 93 20:26:05 PDT Subject: ANON: Chaining suggestions In-Reply-To: <930416165143_74076.1041_FHD34-1@CompuServe.COM> Message-ID: <9304170325.AA25696@toad.com> > From: Hal <74076.1041 at CompuServe.COM> > I don't think the idea quite works in this form, since I don't see how > messages to Julf get translated to an12345. Presumably only messages > from one specific user should get posted under this ID (the user whose > address is buried in the encrypted return address to which Julf's > remailer will forward replies). Perhaps another set of commands is > needed to tell the remailer what ID to use to post under. I don't know what Eric was thinking, but I was thinking as follows: * I send a message to the nymserver, telling it to create a nym entry. The body of the message is a public key. All further commands to the server must be signed by this key. * I then send a message to the nymserver, telling it to add a return block to the nym's list of return addresses. (signed) * Another (signed) command sets up a human-readable name, if I wish. Now we're in business. * Joe User sends a message to eli-alias at nymserver. The server looks up eli-alias, picks the preferred return path, and richochets the message out. * or, I tell the nymserver to post vitriol to alt.fan.clinton under the name "eli-alias". Again, the command must be correctly signed. (Can PGP let me rename my eli-alias private key to something innocuous -- like "test3"? This would provide some deniability if they seize my secring.pgp -- they need no passphrase to see the names of the keys on it. Denied this information, can `they' associate private and public keys in some way?) Hopefully, all commands to the nymserver would be encrypted with its public key. They might well be bounced to it through anonymous remailers, or sent with whatever other anonymity tech -- such as DC-nets -- is available. Yanek, were you setting up an experimental DC-net? How's it look? Any holes here? The requirement of a signature on all commands is parallel to the present use of a password, but far more secure. It provides continuity of identity, rather than the present use of return address. Attack this protocol, folks. Now, this does look like a lot of hair to add to penet. Maybe I should learn perl and write a remailer. Heh. (Aside: anybody here running linux? Do you know of a non-destructive repartitioner?) > Hal Finney Eli ebrandt at jarthur.claremont.edu (with a big disk and a small flaky tape drive) From tcmay at netcom.com Fri Apr 16 21:19:43 1993 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 16 Apr 93 21:19:43 PDT Subject: IMPORTANT--WE WON......NOT! Message-ID: <9304170419.AA26923@netcom.netcom.com> Sandy Sandfort looks on the bright side. Unfortunately, I can't agree with him. He writes: >FIRST, THE BAD NEWS--The government wants to control encryption. >Though they are playing coy about it, it's clear that eventually >they will try to ban "the good stuff." It's clear Zimmermann, >and others, have gotten their attention. > >NOW, THE GOOD NEWS--I t d o e s n o t m a t t e r. The game >is over. We won. The government may engage in holding actions, >but it still doesn't matter. What we have here, is the State's >pitiful attempt to make the best of a bad situation. This >amazing "policy" announcement is a tacit admission of defeat. > >HOW CAN I BE SO SURE?--The cat is out of the bag. Free, mil spec >data encryption is readily available to all. Within a year, >equivalent voice encryption freeware will join it. There is no >way the government can stuff the encryption cat back in the bag. >They can pass their laws. We will do as we please--and they will >help us. ...rest of post elided.... Drugs are freely available on nearly every inner city street corner. The "cat is out of the bag," as you say. And yet.... - the War on (Some) Drugs.... - mandatory hard time for first offenses (ask the Santa Cruz kid doing 10 years without parole for possession of some amount of acid...the weight of the blotter paper kicked it up to the 10-year level) - civil forfeiture... "We find a roach, we get your yacht." - midnight raids, often killing innocent citizens (ask the Malibu retired guy who got zapped by the Feds...turns out they'd already greedily started to divvy up his land to various parks...and of course he was totally innocent--and now dead) - "D.A.R.E."-type brainwashing of children, encouraging them to turn in their parents ...and so on. You should all know about these things, on this of all days (16 April 1943, 50 years ago, was the discovery of LSD). Restricting crypto means the government has a big club they use to threaten, intimidate, force cooperation, etc. Just like with taxes, drugs, and everything else they control. Under the civil forfeiture laws, my assets (which I depend on to live out the rest of my life on!!) could be seized if the government suspects I'm using "illegal crypto." Not under current laws, but certainly under the laws that follow from the "Clinton Clipper." Anyone with assets to seize--a house, a business, a stock account--becomes a fair target. > > But never doubt it, W E H A V E W O N. > No, but we haven't lost yet. -Tim -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available. From hughes at soda.berkeley.edu Fri Apr 16 22:26:39 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Fri, 16 Apr 93 22:26:39 PDT Subject: Q&A DataBase In-Reply-To: <01GX1S55DSEA0005UJ@ksuvxb.kent.edu> Message-ID: <9304170523.AA17229@soda.berkeley.edu> Re: Q&A (a DOS database program) > Hello All, does anyone know much about the this program? >I would like to be able to pick the passwords out of the database file. One of the purposes of cypherpunks is to figure out stuff like this and to help others learn how to do it. In short, you figure it out, and tell us. To begin with, make a database with some permissions. Make a complete copy of that database in another directory. Now change exactly one password by exactly one letter. Use a differencing tool to find the differences. Save this copy as well. Change the same password again. Check to see if the differences are in the same place. Do the same with different passwords. Correlate this information with the database structures. Write some software to generate plaintext/ciphertext pairs. Get at least a thousand, preferably lots more. You'll use these later to verify that your reconstruction of the algorithm is correct. If the encryption isn't obvious by now (yes, some of this stuff is extremely weak) hook up a debugger to the executable and start looking for the routine which does password encryption. When you find it, reverse engineer it and write a C routine that matches the functionality. Now you'll be considered having done your homework. If you still don't know how to crack passwords after knowing the algorithm, post the algorithm here and we'll look at it. Eric From wcs at anchor.ho.att.com Fri Apr 16 22:52:28 1993 From: wcs at anchor.ho.att.com (wcs at anchor.ho.att.com) Date: Fri, 16 Apr 93 22:52:28 PDT Subject: Big Bubba's Wiretapping Directive Message-ID: <9304170552.AA16461@anchor.ho.att.com> While I don't share Sandy Sandfort's wild optimism, at least steganography becomes a bit easier - the default assumption is about encrypted material becomes "Oh, it's just encrypted with the Tapper Chip, we can break it later" rather than "Oh, boy, it's encrypted, we can confiscate his computer!", and if it gets taken to court, and the wiretap approved by the Rubber Stamp Agency and then isn't able to be decrypted, the average person can say "I don't understand how the Secret Government Wiretapping Chip works, so I can't tell you what's wrong here!" On the more technical side, what precisely does the Mykotoxin chip *do*? Does it generate random keys for DES/etc., saving a copy for later? Or does it actually *do* the encryption with some classified algorithm? If it's the former, the user could presumably replace it with a pin-compatible non-wiretapping random number generator, unless there's some requirement that export-approved systems have soldered-in chips, and a foreign-made version might be compatible with US phones while not being tappable. On the other hand, if the MicroToker chip actually *does* encryption, whether secret-key or RSA or other public-key, or some other essential part of the encryption process, then you *have* to use it to be compatible. Assuming the US approves it for widespread use in phones, etc., it provides an incentive for everybody in the world to use it, especially if the Feds agree to share keys with their fellow governments who can wiretap their own citizens, and gives a boost to the balance of trade by being one product that you've got to buy from the US. Some questions that Clinton's Q&A blatantly stepped around are "When the Two Agencies approve the wiretap, *what* conversations become tappable? Everything they've recorded? The last N conversations? Future conversations only?" "Once one government group has YOUR phone wiretap key from the Two Agencies, can they pass it around to the IRS, FBI, local cops, and everyone else? "What if they make a mistake on a tap - do you have to buy a new phone now that they've spread YOUR phone wiretap key around?" We *do* have to try to control the language here - the Clintonistas are referring to the subjects of a hypothetical wiretap as "the drug smugglers" but we ought to redirect it to "YOUR phone's wiretap key" so people remember we're talking about them and their privacy. It might also be good for us to give examples like "The IRS suspects you're cheating on your income tax so they want to wiretap your phone calls to your accountant, so they do XXXXX." because it feels like something that might happen to THEM. Sigh. Bill Stewart From tcmay at netcom.com Fri Apr 16 23:10:57 1993 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 16 Apr 93 23:10:57 PDT Subject: (fwd) Re: Once tapped, your code is no good any more. Message-ID: <9304170611.AA29961@netcom3.netcom.com> Cypherpunks, I agree with Arthur Abraham that we ought to first make our arguments in public and not preach to the converted here on this list. Unless the ideas presented are Cypherpunks-related. In this spirit, here's something I wrote about the consequences of key escrow. Newsgroups: sci.crypt,alt.security,comp.org.eff.talk,comp.security.misc,comp.org.acm,comp.org.ieee From: tcmay at netcom.com (Timothy C. May) Subject: Re: Once tapped, your code is no good any more. Date: Sat, 17 Apr 1993 04:53:55 GMT Brad Templeton (brad at clarinet.com) wrote: : It occurs to me that if they get a wiretap order on you, and the escrow : houses release your code to the cops, your code is now no longer secure. : : It's in the hands of cops, and while I am sure most of the time they are : good, their security will not be as good as the escrow houses. : : : What this effectively means is that if they perform a wiretap on you, : at the end of the wiretap, they should be obligated to inform you that : a tap was performed, and replace (for free) the clipper chip in your : cellular phone so that it is once again a code known only to the : escrow houses. Getting the court order to reveal the key *also* makes decipherable all *past* conversations (which may be on tape, or disk, or whatver), as I understand the proposal. I could be wrong, but I've seen no mention of "session keys" being the escrowed entities. As the EFF noted, this raises further issues about the fruits of one bust leading to incrimination in other areas. But is it any worse than the current unsecure system? It becomes much worse, of course, if the government then uses this "Clinton Clipper" to argue for restrictions on unapproved encryption. (This is the main concern of most of us, I think. The camel's nose in the tent, etc.) And it may also become much worse if the ostensible security is increased, thus allowing greater access to "central office" records by the government (the conversations being encrypted, who will object to letting the government have access to them, perhaps even automatically archiving large fractions...). This was one of the main objections to the S.266 proposal, that it would force telecom suppliers to provide easy access for the government. One the government has had access to months or years of your encrypted conversations, now all it takes is one misstep, one violation that gets them the paperwork needed to decrypt *all* of them! Do we want anyone to have this kind of power? -Tim May, whose sig block may get him busted in the New Regime -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. From x62727g2 at usma8.USMA.EDU Fri Apr 16 23:33:04 1993 From: x62727g2 at usma8.USMA.EDU (Gatlin Anthony CDT) Date: Fri, 16 Apr 93 23:33:04 PDT Subject: Data Encryption Algorithm Message-ID: <9304170633.AA27514@toad.com> Fellow Cypherpunks, I am a cadet at West Point and have been involved in developing a new encryption algorithm which I believe is stronger than DES. I realize that many of you enjoy the challenge of breaking encryption schemes and I wondered if you might be interested in trying to break mine. I would be very interested in any analysis that you could give of my system. Please contact me if you are interested. Anthony J. Gatlin |-------------------------------------| CDT PVT, G-2 |PGP Public Key available on request. | |-------------------------------------| From greg at ideath.goldenbear.com Sat Apr 17 01:30:08 1993 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Sat, 17 Apr 93 01:30:08 PDT Subject: Clinton Administration crypto proposal/policy Message-ID: The Clinton Administration's recent proposal, and responses to same from the net community, have left several questions in my mind: o Are these devices intended to be used as isolated pairs - such that two phones/modems/whatever will only speak with each other .. or will any such device speak with any other such device? If any device can communicate with any other device, how is the key(s) for en/decryption for any particular session determined? .. and what prevents an eavesdropper who is present from the beginning of the session from using that data to decrypt the conversation? o According to the EFF response to the proposal, there aren't really two keys, but two 40-bit halves of one 80-bit key. Doesn't this imply that were a "bad guy" able to get just one of those halves, the computing power required to do a brute-force attack is considerably lessened? (I'm asking a question here, not making a statement. I read about this because I think it's interesting but it's not really my field.) o Presumably, these devices will insert into the data stream some sort of "sender ID" which will allow eavesdroppers to know which key(s) they need a warrant for - doesn't this seem to make it pretty easy to keep track of data along the lines of "Station 12345 sent 500 packets to station 31415, who sent 7734 packets in return" .. which would seem to present privacy questions separate from (but dwarfed by :) the security of the encryption itself? Also, cypherpunks readers may find these two snippets from two articles re the proposal interesting (and chilling): --- _NY Times_, 4/16/93, p. A1 (National edition) "The Clinton Administration plans a new system of encoding electronic communications that is intended to preserve the Government's ability ^^^^^^^ to eavesdrop for law enforcement and national security reasons .." --- Eugene, Oregon's _Register-Guard_, 4/16/93, p. 3A "The Clinton Administration is about to announce a plan to preserve privacy in electronic communications, including telephone calls and electronic mail, while also insuring [sic] the government's right ^^^^^ to eavesdrop for law enforcement and national security reasons." --- Emphasis, of course, added by me. The Register-Guard article is taken from the NY Times' article (presumably from a wire service) and consists of paragraphs 2,3,4,5,6,8, and 9 of the NY Times article, with changes to the first paragraph noted above. Grr. -- Greg Broiles greg at goldenbear.com Golden Bear Consulting +1 503 465 0325 Box 12005 Eugene OR 97440 BBS: +1 503 687 7764 From habs at Panix.Com Sat Apr 17 06:27:41 1993 From: habs at Panix.Com (Harry Shapiro) Date: Sat, 17 Apr 93 06:27:41 PDT Subject: History of Gov. Telecom Interception Message-ID: <199304171327.AA03871@sun.Panix.Com> Last year Oxford press published a book called The Invisible Weapon - it details, from 1851 - 1945, how governments, esp. the British have used "backdoors" into coded messages to watch/listen/read messages. At one time the British has a strangle hold on world wide telegram service. They made very strong claims that they would never read their clients (often other governments) mail, but instead went to detailed and expensive measures to insure that in fact they could/did. The IBSN # is :0-19-506273-6 We should read this book (I have) so in the up coming debate on the Clipper, we can frame the Clipper in the rich historical context it deserves to be placed in. -- Harry Shapiro habs at panix.com List Administrator of the Extropy Institute Mailing List Private Communication for the Extropian Community since 1991 From habs at Panix.Com Sat Apr 17 06:32:53 1993 From: habs at Panix.Com (Harry Shapiro) Date: Sat, 17 Apr 93 06:32:53 PDT Subject: Big Brother: Post Filtering the Clipper Message-ID: <199304171332.AA03999@sun.Panix.Com> Some posters have speculated that it might be possible to get a phone, swap it with someone else, and then the feds would not be able to get the correct key-pair. An other poster assumed that each clipper chip would send out some sort of Clipper-ID in plain-text before and/or during and/or after a session. Which causes me to further speculate that it may be possible to filter out these plain text messages. (They are probally built in to the exchange of keys ritual and so can't be filtered out without preventing the Clipper to do it thing...). If they can be filter, filtering them may either be an out right criminal act or be considered probally cause for a warrent to determine why you are filtering them out, etc. -- Harry Shapiro habs at panix.com List Administrator of the Extropy Institute Mailing List Private Communication for the Extropian Community since 1991 From habs at Panix.Com Sat Apr 17 06:40:08 1993 From: habs at Panix.Com (Harry Shapiro) Date: Sat, 17 Apr 93 06:40:08 PDT Subject: Big Brother: Easy to Break Message-ID: <199304171339.AA04237@sun.Panix.Com> I recall having a conversation at the Boston ExI meeting, talking about super computers and how fast they could break small keys (like 80 bits). I think it was carlf, and I don't recall the exact estimate given, it I think it was on the order of several hours to several days for a fast connection machine class super computer to break such a key by brute force. The NSA certainly has plenty of fast machines, and I assume they will be able to break any clipper based encryption routinely. Certainly as 64-bit, high speed multiprocessors come on line in the next few years it will be easier and easier for even us plain folks to break such keys (although I sure not a simple task). With NSA having the algorithim and access to perhaps at least half the key or perhaps some little bit of "known text" that clippper puts into each message to make it easier to do a known text attack on someone's clipper encoded message, we can assume that the escrowed keys are at best a ruse... -- Harry Shapiro habs at panix.com List Administrator of the Extropy Institute Mailing List Private Communication for the Extropian Community since 1991 From habs at Panix.Com Sat Apr 17 06:47:32 1993 From: habs at Panix.Com (Harry Shapiro) Date: Sat, 17 Apr 93 06:47:32 PDT Subject: Big Brother: Public Escrow is Needed Message-ID: <199304171347.AA04366@sun.Panix.Com> All the talk about Escrowing of keys by sepeerate agencies is all well and good. However, to be really secure, the computer system they reside on, and all access to it, must be in some way very public and very very limited. The public needs to know that at least one of the key-pairs, can in no we be retrieved except through some very public process. That law enforcement or some cracker doesn't have some back order into teh Escrowed Key Server... As as somebody else pointed out, once my key is know ALL my communication is now "OPEN." Not just what they got a warrent for. Thus, the actual opening of my "mail/voice/etc" should be done in more, again very public place, so they my key-pair (and the cost of replacing it if the warrent is unfounded) is kept secure and never in the hands of any person or agency. In other words, I don't want my key-pair sitting in a non-secured database, to re-used latter (with or without a warrent.) If the key-pair is turned over to someone/agency and I am not found quilty or indicted, etc. I need to be told so I can change my keys, or even have the government pay me for this cost as they have un lawfully taken the value of my Clipper based device away from me. /harry -- Harry Shapiro habs at panix.com List Administrator of the Extropy Institute Mailing List Private Communication for the Extropian Community since 1991 From habs at Panix.Com Sat Apr 17 06:49:42 1993 From: habs at Panix.Com (Harry Shapiro) Date: Sat, 17 Apr 93 06:49:42 PDT Subject: Big Brother: Unlawful Taking Message-ID: <199304171349.AA04451@sun.Panix.Com> I think the gov. involvement in the Clipper is an unlawful taking against anyone else who has made an investment in selling encryption. RSA, for example. These people should sue the government to talking this multi-billion dollar business away from them. /harry -- Harry Shapiro habs at panix.com List Administrator of the Extropy Institute Mailing List Private Communication for the Extropian Community since 1991 From banisar at washofc.cpsr.org Sat Apr 17 06:52:52 1993 From: banisar at washofc.cpsr.org (Dave Banisar) Date: Sat, 17 Apr 93 06:52:52 PDT Subject: CPSR Statement on White House Plan Message-ID: <9304170958.AA39915@hacker2.eff.org> CPSR Crypto Statement ----------------------------------------------- April 16, 1993 Washington, DC COMPUTER PROFESSIONALS CALL FOR PUBLIC DEBATE ON NEW GOVERNMENT ENCRYPTION INITIATIVE Computer Professionals for Social Responsibility (CPSR) today called for the public disclosure of technical data underlying the government's newly-announced "Public Encryption Management" initiative. The new cryptography scheme was announced today by the White House and the National Institute for Standards and Technology (NIST), which will implement the technical specifications of the plan. A NIST spokesman acknowledged that the National Security Agency (NSA), the super- secret military intelligence agency, had actually developed the encryption technology around which the new initiative is built. According to NIST, the technical specifications and the Presidential directive establishing the plan are classified. To open the initiative to public review and debate, CPSR today filed a series of Freedom of Information Act (FOIA) requests with key agencies, including NSA, NIST, the National Security Council and the FBI for information relating to the encryption plan. The CPSR requests are in keeping with the spirit of the Computer Security Act, which Congress passed in 1987 in order to open the development of non-military computer security standards to public scrutiny and to limit NSA's role in the creation of such standards. CPSR previously has questioned the role of NSA in developing the so-called "digital signature standard" (DSS), a communications authentication technology that NIST proposed for government-wide use in 1991. After CPSR sued NIST in a FOIA lawsuit last year, the civilian agency disclosed for the first time that NSA had, in fact, developed that security standard. NSA is due to file papers in federal court next week justifying the classification of records concerning its creation of the DSS. David Sobel, CPSR Legal Counsel, called the administration's apparent commitment to the privacy of electronic communications, as reflected in today's official statement, "a step in the right direction." But he questioned the propriety of NSA's role in the process and the apparent secrecy that has thus far shielded the development process from public scrutiny. "At a time when we are moving towards the development of a new information infrastructure, it is vital that standards designed to protect personal privacy be established openly and with full public participation. It is not appropriate for NSA -- an agency with a long tradition of secrecy and opposition to effective civilian cryptography -- to play a leading role in the development process." CPSR is a national public-interest alliance of computer industry professionals dedicated to examining the impact of technology on society. CPSR has 21 chapters in the U.S. and maintains offices in Palo Alto, California, Cambridge, Massachusetts and Washington, DC. For additional information on CPSR, call (415) 322-3778 or e-mail . ====================================== From banisar at washofc.cpsr.org Sat Apr 17 07:09:13 1993 From: banisar at washofc.cpsr.org (Dave Banisar) Date: Sat, 17 Apr 93 07:09:13 PDT Subject: More info on Clipper Chip Message-ID: <9304171015.AA20088@hacker2.eff.org> Comments on White House Clipper Plan I attended the "interesting" NIST press conference yesterday on the "Clipper Chip" and may be able to clear up a few quaestions. According to NIST: The Chip has 4 functions, including Key Encryption Serial Number Escrow functionality Thus, it sounds like a key management system may have to be built into the devices that will be sold with the chip. However this means that they will also be able to determine which key to get becuase they will know the serial number. It also seems likely that once your key is compromised, its gone forever. This is a serious problem The Attorney General will determine next week who will be the escrow agents for this. I am willing to bet $ that NIST/Commerce will be one of them (not a lot, after all, I do work for a non-profit). Everything about this proposal is classified. The chip is classified but even more disturbing, the president directing ordering a review into crypto policy is also classified. CPSR has already filed 11 FOIA requests for all information, including the directive. You can expect that we will be filing suit shortly to get those documents and force this out into the open. When I questioned them about why the review was happening after the proposal, they did not answer me. This is not 1984 all over again-its '86. The NSA tried this exact same "black box" proposal (minus the escrow) in 1986. Industry laughed them out of the park. NIST also stated that the proposal has been implimented for 14 months and they (NSA actually) have been working on it for at least 4 years. AT&T announced yesterday that will will begin selling devices with these Clippers in them immediatly. We've been sold down the river by ma bell again. Dave Banisar CPSR Washington Office From grady at netcom.com Sat Apr 17 08:18:53 1993 From: grady at netcom.com (1016/2EF221) Date: Sat, 17 Apr 93 08:18:53 PDT Subject: fuzzy grep available Message-ID: <9304171519.AA27926@netcom.netcom.com> "agrep" version 2.0.4 available via anonymous FTP from sunsite.unc.edu (including source) has a feature of cryptographic interest: fuzzy searches. For example, agrep -2 cypherpunks newsgroupspooldirectory would find all occurrence of"cypherpunks" or any such pattern with up to two errors of substitution, addition or deletion. cpyherpunks, cyphernks cipherapunks would all be found, fer instance. And the thing is Boyer-Moore sublinear FAST. Also has egrep features looking for up to 30,000 (yes, thirty thousand) patterns simultaneously with Boyer-Moore speed. For the NSA the applications are obvious: look for a bounch of keys words like revolution Timothy May NSA quickly. For us a good initial use might be to screen out "bad" passwords that are to simply a variant of a normal word. For example, if agrep -3 usr/dict/words or the lyric library, or the star trek location list or whatever, if anything were found then that password FAILS. This is a lot easier to use than other available tools. Like, MacPGP2.2 source, I will mail this on request IF you cannot do anonymous FTP from where you are. Grady Ward From hughes at soda.berkeley.edu Sat Apr 17 08:36:36 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Sat, 17 Apr 93 08:36:36 PDT Subject: History of Gov. Telecom Interception In-Reply-To: <199304171327.AA03871@sun.Panix.Com> Message-ID: <9304171533.AA04312@soda.berkeley.edu> Harry Shapiro mentions what sounds like an excellent little book, titled "The Invisible Weapon" I've made a directory called clipper/ in the ftp site. I'm looking for information to fill it up with. Harry, I'd like to publicly ask you to write an annotated bibliography entry for this book so that I could put it up. Full reference details, of course, two or three sentences describing the contents of each chapter, and a small summary. Thanks in advance. If anyone has an electronic copy of the New York Times article, please send it in. Please send all your submissions via email, as I don't have the necessary permissions to use the incoming directory on soda. Send submissions to hughes at soda.berkeley.edu. Download stuff from soda.berkeley.edu:pub/cypherpunks via anon ftp. Eric From grady at netcom.com Sat Apr 17 08:57:57 1993 From: grady at netcom.com (1016/2EF221) Date: Sat, 17 Apr 93 08:57:57 PDT Subject: REAL ftp address of agrep tool Message-ID: <9304171558.AA29574@netcom.netcom.com> The real address is: cs.arizona.edu in the directory "agrep". The incorrect ftp site I mentioned before, sunsite.unc.edu, has some interesting poly sci papers, but not much code. Too many archives. Too little time. Grady Ward From kinney at spot.Colorado.EDU Sat Apr 17 09:55:59 1993 From: kinney at spot.Colorado.EDU (KINNEY WILLIAM H) Date: Sat, 17 Apr 93 09:55:59 PDT Subject: Proposal for anon chaining In-Reply-To: <9304161717.AA15797@toad.com> Message-ID: <199304171655.AA24267@spot.Colorado.EDU> I write: > > This seems to me to be a very robust pseudonymous mail system which > > could be implemented by relatively minor changes to the existing Cypherpunk > > remailer structure. Eli writes: > This appears to be the ARA system that was previously suggested, > which I was speaking of using with penet. Your comment that changes > would be needed implies that it is different; if so, could you > clarify the difference? No, evidently I wasn't reading carefully enough. These do appear to be the same. > The reason Eric suggested hanging this off the side of a pseudonym > server is that it is rather inconvenient in its pure form, Although I would suggest making the raw data available to those who wish to bypass the nym server for some reason. Say, a "Request-Routing-Header ", command. Although I imagine you guys have your hands full getting even a basically functional version up. -- Will From sommerfeld at orchard.medford.ma.us Sat Apr 17 10:36:45 1993 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Sat, 17 Apr 93 10:36:45 PDT Subject: Boston Globe article 4/17/93 Message-ID: <9304171657.AA00125@orchard.medford.ma.us> [I've called the Globe to complain about their swallowing the government's story, hook, line, and sinker; I suggest others do likewise...] US reveals computer chip for scrambling telephones By John Mintz Washington Post WASHINGTON -- The White House yesterday announced its new plan to prevent criminals, terrorists, and industrial spies from decoding communications over telephones, fax machines, and computers while ensuring the government's ability to eavesdrop. The plan features a $1200 government-developed computer chip embedded in a scrambling device the size of a small notebook, which the government hopes will be adopted as the universal means of encryption. The Clinton administration said the technology will balance the interests of civil libertarians, corporations, and individuals on the one hand against law enforcement and intelligence agencies on the other. The official White House announcement yesterday was the endorsement of the Clipper Chip, developed by NSA, as the government standard for encryption devices. Industry and US officials said that means the Clipper Chip also will become widely accepted in corporate America, because companies and individuals desiring to do business with federal agencies that encode their information would have to use the government's standard. The success of the government's initiative depends on the willingness of companies to accept encryption that the government can crack. AT&T announced yesterday it would use the new chip in all its secure nongovernment telephones. The NSA has licensed two California firms to manufacture and market the Clipper Chip, officials said. The price is expected to drop to about $25 each, they said. From mdiehl at triton.unm.edu Sat Apr 17 11:31:11 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Sat, 17 Apr 93 11:31:11 PDT Subject: Phil Zimmerman on the Radio In-Reply-To: <9304161840.AA17929@tardis.shearson.com> Message-ID: <9304171830.AA25558@triton.unm.edu> > FYI, for those of you in the NYC area, I'm going to be conducting a > brief interview with Phil Zimmerman (author of PGP) on my radio show > tomorrow to discuss the recent NSA/Big Brother crypto developments > (see the front page of today's New York Times). Anyone get a tape, or transcript of this. I'd really like to hear it. +-----------------------+-----------------------------+---------+ | J. Michael Diehl ;-) | I thought I was wrong once. | PGP KEY | | | But, I was mistaken. |available| | +-----------------------------+---------+ | mdiehl at triton.unm.edu | "I'm just looking for the opportunity | | mike.diehl at fido.org | to be Politically Incorrect! | | (505) 299-2282 | | +-----------------------+---------------------------------------+ From habs at Panix.Com Sat Apr 17 12:41:41 1993 From: habs at Panix.Com (Harry Shapiro) Date: Sat, 17 Apr 93 12:41:41 PDT Subject: Brief review of "The Invisible Weapon." In-Reply-To: <9304171533.AA04312@soda.berkeley.edu> Message-ID: <199304171941.AA23905@sun.Panix.Com> a conscious being, Eric Hughes wrote: > > Harry Shapiro mentions what sounds like an excellent little book, > titled "The Invisible Weapon" > > I've made a directory called clipper/ in the ftp site. I'm looking > for information to fill it up with. > > Harry, I'd like to publicly ask you to write an annotated bibliography > entry for this book so that I could put it up. Full reference > details, of course, two or three sentences describing the contents of > each chapter, and a small summary. Thanks in advance. Hope this is close enough: The Invisible Weapon. Telecommunications and International Politics (1851-1945) By Daniel R. Headrick, Prof. of History and Social Sciences at Roosevelt University, author of "The Tools of the Empire" and "The Tentacles of Progress." Copyright 1991 Oxford University Press, Inc. ISBN: 0-19-506273-6 1. Telecommunications - History 2. Telecommunications - Political aspects - History 3. Telecommunications - Military aspects - History 4. World Politics -- 1900 - 1945 5. World Politics -- 19th century >From the book jacket - "A vital instrument of power, telecommunications is and always has been a profoundly political technology. In "The Invisible Weapon," Headrick examines the political history of telecommunications from the mid-nineteenth century to the end of world war II, and illustrates how this technology gave nations a new instrument for international relations. Headrick's discusses the political aspects of information technology in modern history. He shows how telegraphy created conflicts in far-flung empires which hastened the deterioration of diplomacy on the brink of the first world war; increased the political interest in controlling news; and how the security of telecommunications made communications strategy, communications intelligence, and cryptography decisive tools during the two world wars." This book is of interest to be because it details all of the positive accepts of why a government "needs" to know everything that is telecommunicated everywhere it can. Even more importantly is shows how the British government routinely intercepted communications sent through British owned telecommunications infrastructure despite publicly claiming they would never do such a thing. It also shows how interception "hastened the deterioration of diplomacy." The Chapters: 1. Telecommunications and International relations 2. The New Technology 3. The Expansion of the World Cable Network, 1866-1895 4. Telegraphy and Imperialism in the Late Nineteenth Century 5. Crisis at the Turn of the Century, 1895-1901 6. The Great Powers and the Cable Crisis, 1900-1913 7. The Beginnings of Radio, 1895 - 1914 8. Cables and Radio in World war I 9. Communications Intelligence in World War I 10. Conflicts and Settlements, 1919 - 1923 11. Technological Upheavals and Commercial Rivalries, 1924 - 1939 12. Communications Intelligence in World War II 13. The War at Sea 14. The Changing of the Guard 15. Telecommunications, Information, and Security /harry From mdiehl at triton.unm.edu Sat Apr 17 14:00:59 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Sat, 17 Apr 93 14:00:59 PDT Subject: Automation package. Message-ID: <9304172100.AA00859@triton.unm.edu> Since I've been using encrypted mail for about a month, now, I've developed a few usefull batch files and telix script files. Would anyone be interested in having them. For the most part, they're pretty simple, but I use them, and they work. ;^) I don't use the perl scripts that came with pgp since I don't trust the phone connection. I xfer encrypted messages and read them at home. BTW, I use 4dos version 4.02 as opposed to command.com as my command interpreter; some of my batch files require features that 4dos has that msdos does not. Anyway, 4dos is a much better package than straight pms-dos. I think we need to develope methods to make encryption as simple to use as possible. Is this something that you all are interested in or am I just blowing smoke? ;^) +-----------------------+-----------------------------+---------+ | J. Michael Diehl ;-) | I thought I was wrong once. | PGP KEY | | | But, I was mistaken. |available| | +-----------------------------+---------+ | mdiehl at triton.unm.edu | "I'm just looking for the opportunity | | mike.diehl at fido.org | to be Politically Incorrect! | | (505) 299-2282 | | +-----------------------+---------------------------------------+ From tcmay at netcom.com Sat Apr 17 14:25:46 1993 From: tcmay at netcom.com (Timothy C. May) Date: Sat, 17 Apr 93 14:25:46 PDT Subject: An Alliance with RSA? Message-ID: <9304172125.AA28195@netcom3.netcom.com> Fellow Cypherpunks, In this message I am urging we all consider an alliance with RSA Data Security, the only company or group able to actually provide an alternative to the "weak crypto" of the Clinton Clipper. I have no idea if RSA is interested, or if in fact they're already in league with the NSA and other privacy clippers. I chose a public forum because I'm in no position to negotiate for anybody in private. I also mailed a copy to Jim Bidzos, in case he's not reading sci.cryt right now. -Tim Newsgroups: sci.crypt,alt.security,comp.org.eff.talk,comp.security.misc,comp.org.acm,comp.org.ieee From: tcmay at netcom.com (Timothy C. May) Subject: Re: Don't fight Clipper Chip, subvert or replace it ! Date: Sat, 17 Apr 1993 21:09:13 GMT Robert Lewis Glendenning (rlglende at netcom.com) wrote: : Clipper Chip is a response to the fact that there is no business : or professional body in a position to establish a standard and : provide chipsets to implement it for analog or digial transmission : systems. : : RSA might be in position to do it, if they had active cooperation of : a couple of manufacturers of cellular phones or desktop phones. ....... : Is RSA independt of the gov enough to spearhead this? I, for one, : would *gladly* pay royalties via purchasing secure phones. Hear hear! I completely agree that we need to work quickly to establish alternatives to the government's Clinton Clipper. As Brad Templeton and others have noted, once the Clipper becomes ensconced in enough phones there will be enormous pressure to make it the *legal* standard, and it will become the "market* standard as well. (There is a lot of confusion in the proposal about whether the use of Clipper is mandated, about whether non-escrow alternatives will be allowed, etc.) (There are also unclear issues about how hard, or how illegal, it will be to make "workalikes" which meet the standard but which generate phony or untappable keys...I'm sure the next several weeks will see these issues thrashed out in this and other groups.) Meanwhile, I'd be interested to hear RSA Data Security's reaction. Often criticized in this group for their licensing policies (the usual complaints about MailSafe costing too much, at $125 or so, and the general issue of software patents...), we may find that *allying* ourselves with RSA is the best thing we can do. What's a mere licensing fee when our liberty may be at stake? (If everyone who wanted true security paid, say, $100 for a lifetime use of all of RSA's patents--which expire in the period 1998-2002, or so--then RSA would make tons of money and be happy, I'm sure. A small price to pay. For those to whom $100 sounds like too much, I'm sure the actual terms could be different, spread out over several years, whatever. To me, it's a small price to pay.) Strong crypto means strong privacy. Escrowing keys, sending copies of keys to large databases, and splitting keys into two 40-bit pieces, all done with secret and non-analyzable protocols and algorithms, is *NOT* strong crypto! Whatever some of us may think about the abstract principles of patenting number theory applications, this minor issue pales in comparison with the potential dangers of the Clipper proposal (note that I said "potential"...we'll presumably learn more in the coming months). The RSA algorithms are at least public, have been analyzed and attacked for years, and source code is available (to better ensure no deliberate weakenesses or trapdoors). I know of a number of groups putting together voice encryption systems using off-the-shelf hardware (like Soundblaster boards for the PC) and CELP-type software. The new generations of PCs, using fast 486s and Pentiums are fast enough to do real-time voice encryption. Combined with Diffie-Hellman key exchange, this should provide an alternative to the Clipper system. Of course, we don't really know if the Administration proposes to outlaw competing systems. (It seems to me that their goal of tapping terrorists, child pornographers, and Hilary bashers would be thwarted if low-cost alternatives to Clipper proliferated. Not to defend child pornographers or terrorists, but limiting basic freedoms to catch a few criminals is not the American way of doing things. End of soapbox mode.) I suggest we in these groups set aside any differences we may have had with RSA (and don't look at me....I have both MacPGP *and* a fully legal copy of "MailSafe"!) and instead work with them as quickly as we can. RSA?, Jim?, are you listening? -Tim May P.S. I reserve the right to retract these opinions if it should turn out that RSA Data Security was involved in the Clipper proposal. -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. From clark at metal.psu.edu Sat Apr 17 17:59:31 1993 From: clark at metal.psu.edu (Clark Reynard) Date: Sat, 17 Apr 93 17:59:31 PDT Subject: How to Block the Big Brother Proposal--Petition, fax, mail? Message-ID: <9304180148.AA00469@metal.psu.edu> I've looked into the issue a little more. I think it's probably the most important cypherpunk issue. Perhaps it _is_ time to write the White House. But I think individual emailed letters to the White House ought to be combined with some sort of petition, carefully drafted, and sent by (telegram/fax/snailmail) and signed by everyone we can get, copied as one of those mailer files like shareware uses for registration, so that anyone can print it out, sign it and stamp it. Though individually-written letters would have a greater impact, the sheer volume of mail achievable by a large crosspost (I don't like massive crossposts, but one is necessary.) of the mailer, even if only .1% of the readership considers it worth doing. In addition, individual letters to government officials of note, in particular Representative Rohrbacker (anyone have an email/ snailmail address?), Lloyd Bentsen and anyone else who potentially could have an interest. Does anyone have any specific input about what ONE person could do to fulfill his part of the obligation to block this lame Nazi bullshit? Again, I think a petition would be a good idea, but getting it signed by everyone would be difficult, and signing it electronically via PGP might be considered just a _mite_ provocative, like making a peace offering to William Bennett by offering him a toke off a J. Any input? ---- Robert W. Clark rclark at nyx.cs.du.edu PGP signature available by mail or finger From marc at Athena.MIT.EDU Sat Apr 17 18:52:23 1993 From: marc at Athena.MIT.EDU (Marc Horowitz) Date: Sat, 17 Apr 93 18:52:23 PDT Subject: repost from sci.crypt Message-ID: <9304180152.AA34123@oliver.MIT.EDU> I just posted this to sci.crypt. You conspiracy theorists out there are probably going to start getting ulcers soon. Marc From: marc at mit.edu (Marc Horowitz N1NZU) Newsgroups: sci.crypt Subject: The source of that announcement Date: 18 Apr 1993 01:19:38 GMT Organization: Massachusetts Institute of Technology Lines: 38 Distribution: world Message-ID: NNTP-Posting-Host: oliver.mit.edu The message from the NIST about the clipper chip comes from the following address: clipper at csrc.ncsl.nist.gov (Clipper Chip Announcement) Just who is that, I asked myself, or rather, I asked the computer. % telnet csrc.ncsl.nist.gov 25 Trying... Connected to csrc.ncsl.nist.gov. Escape character is '^]'. 220 first.org sendmail 4.1/NIST ready at Sat, 17 Apr 93 20:42:56 EDT expn clipper 250- 250- 250- 250- 250- 250- 250- 250- 250- 250- 250- 250 quit 221 first.org closing connection Connection closed. Well, isn't that interesting. Dorothy Denning, Mitch Kapor, Marc Rotenberg, Ron Rivest, Jim Bidzos, and others. The Government, RSA, TIS, CPSR, and the EFF are all represented. I don't suppose anybody within any of these organizations would care to comment? Or is this just the White House's idea of a cruel joke on these peoples' inboxes? Marc -- Marc Horowitz N1NZU 617-253-7788 From clark at metal.psu.edu Sat Apr 17 19:08:56 1993 From: clark at metal.psu.edu (Clark Reynard) Date: Sat, 17 Apr 93 19:08:56 PDT Subject: PGP & RSA -> Legal Message-ID: <9304180257.AA00395@metal.psu.edu> If RSA wished to make it extremely difficult to get its patent revoked, it could raise its regular price to something on the order of $50,000. Then, it could offer a $49,900.00 discount to those who would be willing to perform for them the 'service' of writing to the government to complain about any possible outlawing of cryptographic technology. Then, if the government wished to illegalize this software, since the software was legal at the time of purchase, it could not be confiscated without due payment of value. If thousands of people were to say, "Hey, this software's worth fifty thousand dollars, you have to pay that." It would throw at least something of a legal obstacle in the path of this obscene government menace. Does anyone know of any legal precedent which might be binding to a case of this nature? I know that eminent domain laws are usually _very_ generous in compensation for property seized for public works, if there is even the slightest _trace_ of impropriety in their actions. ---- Robert W. Clark rclark at nyx.cs.du.edu PGP signature available by mail or finger From ld231782 at longs.lance.colostate.edu Sat Apr 17 19:55:51 1993 From: ld231782 at longs.lance.colostate.edu (ld231782 at longs.lance.colostate.edu) Date: Sat, 17 Apr 93 19:55:51 PDT Subject: BIGBROTHER: a public attack plan in 14 points Message-ID: <9304180255.AA22660@longs.lance.colostate.edu> Someone please wake me from this nightmare. OK, I'll try to be pragmatic and cut the fiery rhetoric here and avoid choir-preaching. This thing is out. Let's man the battlestations. Here's a nice little summary sheet of things that we should emphasize in public on the proposal, for the tip-of-the-tongue comments to friends, coworkers, and your grandmother. The public stance should be as straightforward and nontechnical as possible. We should attempt to derail the plan on as many nontechnical points as possible, because to attack technical points lends an aura of legitimacy to it, making it sound like `they had good intentions, but it's not going to work.' The truth (of course) is that this proposal is an illegitimate child, this time borne of grotesque bedfellows (e.g. Denning, Clinton and the NSA) but a monster no matter WHO the parents... Without further ado, the 14 Points... 1. Look how the proposal was `handed down' like a unilateral decree. It smacks of a government making decisions for us and excluding us from the process. The whole proposal sounds kind of sinister when viewed in the light of its tone of ``we know what's best for you'' and ``if you don't cooperate, we may have to roll out more nasty things.'' This unilateral handing-down is really obnoxious, because the administration has wholly bypassed the congress and the public at large! It has all the noxious smell of something a dictator (or a naive president prodded by the sheer force of a massively funded secret federal agency) would do. 2. Clearly there has been a huge amount of secret development on this and taxpayer money funding it. Why is it that this process has been wholly shielded from public view until now? Why is so much money being spent on depriving Americans of their rights? Why are we spending so much money to eavesdrop on our neighbors (esp. when they seem like such *nice* people)? It's all so horrifyingly undemocratic and authoritarian and impolite. Does our government have something to hide? Do they think we are too stupid to understand the details? Or are they afraid we would become more disgusted the more we hear? 3. AT&T has already committed, say the rumors, to building phones with the chip. There must be some sleazy backroom collusion between executives of this company and the government. Why were others excluded? Is this part Clinton's vision of free enterprise? Does the government play favorites among companies? Isn't there something blatantly illegal about this? 4. The announcement is outright obfuscatory. It specifically excludes any mention of the NSA when its noninvolvement is a total fantasy. In fact, the sheet in stating that other agencies are behind it is something of a lie in this regard. We should attack the proposal as being absurdly vague on extremely important, *central* points (such as which two agencies carry the keys), but that even if the swiss-cheese-quality holes were diminished, the proposal would *still* be unacceptable; it is fundamentally flawed, a wrong idea that has no merit whatsoever. 5. Here is a neat analogy. Notice how Joe Policeman has to buy his cars at any regular car dealer. We don't get excited when we hear that hoodlums and terrorists and drug dealers can buy cars at the same place. In other words, law enforcement agencies are not entitled to special perks or privileges from private industry. And we don't tolerate extreme obstructions in our ability to buy cars when we have the money, the car is there, and we like it. And the government doesn't restrict us from having cars that can drive faster than policecars. We don't let the government install special boxes in our cars that can cripple them by remote control when a cop is chasing us! (note that analogies have to be perfect or they turn into minutae bogs) 6. More on the free enterprise issue. Why was this single company that created the Clipper Chip favored by the government? What gives them the right to have a monopoly? Why is the government deliberately *creating* a monopoly? It is thumbing its nose at all those other poor hardworking cryptography companies who worked so hard, coming up with better schemes, and were rejected (a little melodrama for grandma there) 7. The chip was developed by `government engineers'. Who? Why is the government in the realm of something that is the role of private industry? What is our government doing creating `state of the art' stuff *at*all*? And why, of all the things they could be improving, are they coming up with a device to invade people's privacy? 8. We have to attack the ``state-of-the-art'' thing ad infinitum. Has the government *ever* come up with something state of the art? Do we Americans want to be state-of-the-art in the field of privacy deprivation? How do we know it is `state-of-the-art' when we can't *look* at it for ourselves, and only hear it from people who are involved in the project saying `trust us, it's way cool'? Even if it was as sophisticated as a Cray Supercomputer, are there just some machines that shouldn't be built? Are there some devices, that, while technically feasible, shouldn't be built? 9. One of the most important claims is that ``this chip provides no new authority to wiretap''. We've got to focus on this one. We can say the constitution specifically prohibits illegal search and seizure, and that we don't really remember who it was that decided that the government had free reign on wiretapping. We can say that it has always been the right of the government to obtain warrents, but it has always been the right of people to speak in codes, and now new technology is *helping* people to exercise a right that has always existed but lay undiscovered because of complexity. 10. In fact, we have to make it sound like new technology like encryption and cyberspace is going to help us rediscover our rights, and that vast government agencies that have been built up because we simply were ignorant of these dormant rights, and are based on our lack of exercising them, are going to gradually dissolve away, like the way those associated with the Cold War have, because they are superfluous. Sure, people will get displaced, and be noisy in their complaints, but their jobs are no longer necessary or even *possible* in the 21st century (allusions to breakup of NSA). In fact, maybe we should get a Privacy Dividend like the much-heralded Peace Dividend when our government agencies no longer have the capability to intercept private communication. How about that--tell the public that we all get a Privacy Dividend if they embrace unbreakable encryption! 11. Notice that the problem with surveillance and wiretapping is that it has always been a catch-22---the government needs the data to prove you are a criminal, but shouldn't have access to that data unless it can prove you are a criminal. Notice that the proposal talks about The solution lay in not wiretapping, of course! And now we have technology to *enforce* this choice. And the proposal talks about `criminals and terrorists' as if we know exactly who they are---but (as I understand it, and last I checked!) that is the point of a court to decide. 12. The plan makes it sound like we can somehow boost technological competitiveness (a real button-pushing hot topic among the public) by protecting the private communications of companies etc. We have to attack this and say that these companies only benefit if they have control over the scheme and it is not `imposed from above' and that when it is `imposed from above' it actually has the effect of *weakening* their technological competiveness, because it restricts their choices into buying something that may not be right for their needs. We should point out that privacy is complex and the ability for the government to foresee all needs is ridiculous, and furthermore even if it had such a capability it would not be its proper role. We have to really drive this one home: privacy choices (i.e. encryption) is an issue that has to be decided by the individual. That's the American Way (tm) -- insert at this point the National Anthem, flag waving, smiling kid eating apple pie. 13. ``The government must develop consistent, comprehensive policies'' regarding the use of the new infrastructure of data highways. Well, yes and no. We should talk about data highways as not like real ones in that people can't have accidents, they are virtually impossible to damage with mere data, they can withstand tremendous strains in traffic, regulating mechanisms are *built in* to the software and hardware, hence the need for government `regulations' is a bit misguided and inapplicable. Also, the government has no business telling you that you can only drive one kind of car, or that your car has to be crippled so it can't go faster than 55 MPH, or that you have to tell them where you're going every time you get in it, etc. 14. The proposal makes it sound like if the government is just shrewd enough, they will always be able to intercept and decrypt traffic. We have to drive home the point that no amount of ingenuity whatsoever can plug the dike of advancing technology, and that it is not the case that we warp or befuddle the technology to support our government--increasingly we will be adapting our government to harness new and powerful technology! I.e. we require a fundamental change in our governing systems, to `access' our newfound rights that have lain dormant for too long via novel technology, and this proposal can be viewed as a `last gasp' of a dying system... Finally, the bright side (really?). We can point out that this proposal, while intrinsically flawed and nauseatingly abhorrent, is bringing into public view important issues of cryptography, that much more sophisticated cryptography will be discovered and widely utilized, that it reveals the true aims of and weaknesses in our government process that we can alter, fix, or remove, that people are starting to realize how much wiretapping is going on and that the sensible and patriotic goal is to not encourage but limit or abolish it (by making it impossible), that it reveals the need for trully strong encryption easily accessable by all the unwashed masses, that it is just a tiny thread starting the weaving of an entirely new colorful tapestry in our nation and our government's history (oops, here comes the blaring music and the flapping flag and the bright-eyed kid again...) I insert my patriotic and emotional salute to us Cypherpunks here... p.s. we should point out that Thomas Jefferson actually came up with a highly sophisticated cryptographic rotor code that was so secure it was used even for a long time at the beginning of this century, and that clearly a Founding Father has a strong commitment to strong cryptography! (see The Codebreakers by Kahn for more info on Jefferson's code) ``If it were necessary to choose between the Government and Privacy, I should not hesitate to prefer the latter...'' ``Give me Privacy, or give me Death...'' p.s. we should point out that Thomas Jefferson actually came up with a highly sophisticated cryptographic rotor code that was so secure it was used even for a long time at the beginning of this century, and that clearly a Founding Father has a strong commitment to strong cryptography! From habs at Panix.Com Sat Apr 17 20:06:37 1993 From: habs at Panix.Com (Harry Shapiro) Date: Sat, 17 Apr 93 20:06:37 PDT Subject: Even more Message-ID: <199304180306.AA14149@sun.Panix.Com> csspab is the first name on the clipper list it expands as follows: Trying 129.6.48.199 ... Connected to mail-gw.ncsl.nist.gov. Escape character is '^]'. 220 mail-gw.ncsl.nist.gov sendmail 4.1/rbj/jck-3 ready at Sat, 17 Apr 93 23:04:29 EDT 250- 250-Bill Colvin 250- 250-John Kuyers 250- 250- 250- 250- 250- 250- 250-Eddie Zeitler 250-Cris Castro 250 -- Harry Shapiro habs at panix.com List Administrator of the Extropy Institute Mailing List Private Communication for the Extropian Community since 1991 From MAILER-DAEMON at Panix.Com Sat Apr 17 20:29:11 1993 From: MAILER-DAEMON at Panix.Com (Mail Delivery Subsystem) Date: Sat, 17 Apr 93 20:29:11 PDT Subject: Returned mail: User unknown Message-ID: <199304172211.AA00916@sun.Panix.Com> ----- Transcript of session follows ----- While talking to toad.com: >>> RCPT To: <<< 550 ... User unknown 550 cyhperpunks at toad.com... User unknown ----- Unsent message follows ----- Received: by sun.Panix.Com id AA00914 (5.65c/IDA-1.4.4 for cyhperpunks at toad.com); Sat, 17 Apr 1993 18:11:23 -0400 Received: by sun.Panix.Com id AA29602 (5.65c/IDA-1.4.4 for habs); Sat, 17 Apr 1993 17:42:12 -0400 Date: Sat, 17 Apr 1993 17:42:12 -0400 From: Mail Delivery Subsystem Message-Id: <199304172142.AA29602 at sun.Panix.Com> To: habs Subject: Returned mail: User unknown Sender: habs ----- Transcript of session follows ----- While talking to toad.com: >>> RCPT To: <<< 550 ... User unknown 550 cypherpunk at toad.com... User unknown ----- Unsent message follows ----- Received: by sun.Panix.Com id AA29600 (5.65c/IDA-1.4.4 for extropians at gnu.ai.mit.edu); Sat, 17 Apr 1993 17:42:12 -0400 From: Harry Shapiro Message-Id: <199304172142.AA29600 at sun.Panix.Com> Subject: PGP & RSA -> Legal To: cypherpunk at toad.com, extropians at gnu.ai.mit.edu (Harry Shapiro) Date: Sat, 17 Apr 1993 17:42:11 -0400 (EDT) Reply-To: habs Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 698 I recall at some point that RSA put something out on the net which allowed anyone to use the "patents or source code" for non-commercial use. Do I remember correctly? (I replied to the announcement) If I am remembering correctly, would that give me a defacto licensing of PGP for con-commercial use? The reason I bring this up is that if the feds crack down, they many decide to "help" RSA by legally fighting PGP users. Which why it would be in our interest to legally (patent-wise, despite how you feel about RSA, etc.) use PGP. -- Harry Shapiro habs at panix.com List Administrator of the Extropy Institute Mailing List Private Communication for the Extropian Community since 1991 From habs at Panix.Com Sat Apr 17 20:52:37 1993 From: habs at Panix.Com (Harry Shapiro) Date: Sat, 17 Apr 93 20:52:37 PDT Subject: Big Brother: True Names Message-ID: <199304180352.AA16131@sun.Panix.Com> Here are some background I was able to gather about those people on the csspab at mail-gw.ncsl.nist.gov, who had accounts directly on that machine. Eddie Zeitler is vice president of information security for Fidelity Investment Corp. He used to work for Pacific National Bank, Glendale, Calif., Cris Castro is director of information security programs at SRI International. Bill Colvin is NASA Inspector General John Kuyers is Ernst & Young's Dallas-based regional director of information systems auditing -- Harry Shapiro habs at panix.com List Administrator of the Extropy Institute Mailing List Private Communication for the Extropian Community since 1991 From 76630.3577 at CompuServe.COM Sat Apr 17 20:55:09 1993 From: 76630.3577 at CompuServe.COM (Duncan Frissell) Date: Sat, 17 Apr 93 20:55:09 PDT Subject: 1st Amendment Clipped? Message-ID: <930418035104_76630.3577_EHK38-1@CompuServe.COM> Potential First Amendment problems with an encryption ban -- Let's assume that the Clinton administration bans non-Clipper encryption technology. I then transmit the following and am arrested -- -----BEGIN PGP MESSAGE----- Version: 2.2 hIwChU7iviyBI+EBA/sFwcGJ3KIanoLN5d+oFYCeyhIL9m+8GAF/xTQMIoQGX16i zfsnJ8IdgquMDlPBce5fmt/Pz+IzL+Y9H7k+mSchAVv/HiTHUaCusmc5qzFJtis0 z4AiKyOnZT+BuIhs04B2nbUJnyZOTCLVmGiMTi04ZEcftdYz3FxMzUG2SyG++6YA AAGxsWH/fc9TOe4v4RmKtOl713URBrhsBImhcMVwsfWkLcUAHuXiV28K/e0dBX4e UqY73zGWxX8wC3Xd6ccc2cE9oUQHimHLerM5tX70CyyIF8mwOrY9gl+MmUXlrmQu p0KTmphFTltBuw5yRzQ0m8jjU1KR2t4lr8GbpQ+bvFyyLZNKRgfDATPTDNNB5g1F OiFI/Nxjl0ZjkP98rKjOqKpx3iPCSQnZ/LZ9eRKOAHlicrZmIgKHJuqk0XdYB+kr g2X0UVjBWW+xaBNpMbdUtT0HnKDCcOcjFPVP3sKqDCUQaK90PCd9cy18RHnpWiVo /Ri68Kx/s1UKBCK+wO3qQrKmz5vdgu8Mmh5mUXuO9Wzr7VLGqmsOTNdih7flQRvx QNGlSiXnxES2tyTxmSFxcDLXl5aXEbOVbY7BoenxhN0vn/dsHyK3dylcH7ybB1Fh UrroXxB8mLOEyuG84OZm3/zCjL5cuwdDPRBM+UIeFzfla2TXHa+nm7sCzOFA3zF2 Yry5VbmKFV8OrmbX5W0cl0uSNHKBzV+JhVrkccoeZAJfF4tkVb/sS9iv2b+f5Fxz B5u2jQ== =i5Mq -----END PGP MESSAGE----- Won't the prosecution be embarrassed when I decrypt it in court and present the plaintext: 1st Amendment Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances. I don't see how the mere fact of encryption itself fits a message into one of the 1st amendment exceptions -- pornography, national security, libel, etc. Since it is easy to establish in information theory that a cyphertext is a form of *information* itself and not just a *means* of transmitting the information contained in the plaintext, outlawing the encryption of plaintext because the algorithm is unapproved is classic censorship of a writing *because* of its content. Additionally, there are several types of communications that cannot legally be wiretapped. These would include lawyer-client and husband-wife as well as certain others. Since the privacy of these communications requires that you make an effort to keep them private, you could argue that in these cases the use of secure encryption is legally required. The crypto-fascists have used these sorts bluffs ever since the late 1920s when someone was discouraged from publishing a history of the State Department's code office. The NSA also threatened to lock up the developers of the RSA encryption system if they published "A Proposal for a Public Key Encyption System" in the Proceedings of the IEEE in 1977. They published anyway and are still walking around. Don't let them bluff anyone again. It is neither legally nor technically possible to ban secure cryptography. Duncan Frissell From habs at Panix.Com Sat Apr 17 21:25:38 1993 From: habs at Panix.Com (Harry Shapiro) Date: Sat, 17 Apr 93 21:25:38 PDT Subject: More True Names: The NIST Security Board Message-ID: <199304180425.AA17780@sun.Panix.Com> The csspub mailing list: csspab at mail-gw.ncsl.nist.gov, and address on the clipper mailing list, seems to contain basically the members of the NIST security board. In addition to the names already posted, their true names are as follows: burrows at ecf = James Burrows a director of NIST's National Computer Systems Laboratory mcnulty at ecf = F. Lynn McNulty an associate director for computer security at the National Institute of Standards and Technology's Computer Systems Laboratory Gangemi at dockmaster.ncsc.mil = Gaetano Gangemi is director of the secure systems program at Wang Laboratories Inc. He wrote: Computer Security Basics by Deborah Russell and G. T. Gangemi, Sr. -1991, O'Reilly and Associates slambert at cgin.cto.citicorp.com = Sandra Lambert is vice-president of information security at Citibank, N.A. lipner at mitre.org = Lipner is Mitre Corp.'s director of information systems. gallagher at dockmaster.ncsc.mil = Patrick Gallagher, director of the National Security Agency's National Computer Security Center and a security board member walker at tis.com = Stephen Walker a computer security expert and president of Trusted Information Systems, Inc. in Glenwood, Md willis at rand.org = Willis H. Ware a the Rand Corp. executive who chairs the security board. whitehurst at vnet.ibm.com = William Whitehurst is a security board member and director of IBM Corp.'s data security programs. -- Harry Shapiro habs at panix.com List Administrator of the Extropy Institute Mailing List Private Communication for the Extropian Community since 1991 From uni at acs.bu.edu Sat Apr 17 21:36:28 1993 From: uni at acs.bu.edu (Shaen Bernhardt) Date: Sat, 17 Apr 93 21:36:28 PDT Subject: Reaction time and Crypto Message-ID: <9304180436.AA49530@acs.bu.edu> I must complement the group on the speed and vigor with which they have pursued the Clinton proposal. It is my hope that we can somehow make it apparent to the public that they are losing, not winning here. It seems to me that the following technologies are going to be of increasing import despite the outcome of the Clinton proposal. 1. Raw headerless output from packages like PGP. It seems obvious that if crypto is regulated, it must be easier to disguise the type of crypto one is using, or indeed if one is using crypto. 2. Methodology for the disguising of cyphertext in more innocous data. 3. The proliferation and consistant use of Crypto for even everyday communications. 1> The harder it is to find, the less potential there is for regulation. 2> The harder it is to look for, the less potential there is for regulation. 3> The harder it is to abolish, the less potential there is for regulation. More than the specific plan here, I am stunned by the emerging MOVEMENT that seems to be at work here. I can only ask, what's next? I don't think any proposal to regulate crypto will focus on the users, but rather the development and distrubution of said crypto. This is what frightens me the most. The precedent for regulation of private software and hardware applications is painfully visable on the horizion. Someone said before: Be afraid, be very afraid. uni (Dark) From TO1SITTLER at APSICC.APS.EDU Sat Apr 17 21:53:11 1993 From: TO1SITTLER at APSICC.APS.EDU (TO1SITTLER at APSICC.APS.EDU) Date: Sat, 17 Apr 93 21:53:11 PDT Subject: Fear Message-ID: <930417225056.12c3@APSICC.APS.EDU> I just thought I should add that I agree with the last poster. Cryptography will be increasingly hard to learn in the future, if this kind of thing goes on. But it will be ten or fifteen years before anyone has computers which can crack an 128-bit version of DES. I am cryptologically naive, but I think that people can always find privacy when they want it. An underground cypherpunk movement may be the only way to bring up new cryptographers. More important is the issue of equipment. Is a computer communications equipment? If so, we might have clipper chips on our motherboards. Reading input from the keyboard. This is a crisis for privacy. Can someone, preferably the people who run the cypherpunk list, set up a Privacy Advertising Fund? I would be willing to donate money, and hopefully many other cypherpunks would too. We might win that way. Urge people to protest with full-page ads in newspapers. With 30- second TV spots. With demonstrations. I will donate, if it is formed, but I can not form it except under the most extreme conditions. I have no experience in advertising or management. Be afraid. Be very afraid. Kragen Sittler From MJMISKI at macc.wisc.edu Sat Apr 17 22:27:53 1993 From: MJMISKI at macc.wisc.edu (Matthew J Miszewski) Date: Sat, 17 Apr 93 22:27:53 PDT Subject: CLIP: Legal Aspects Message-ID: <23041800272877@vms2.macc.wisc.edu> Clinton Clipper Legal Stuff: With regard to the fear that the issuance of your 'Klinton Key' will allow your favorite TLA to decrypt all conversations taped previous to the issuance of the warrant granting the key, there is precedence that disallows it. In US v. Plamondon 407 US 297, the Supreme Ct. held that *prior* judicial approval is a must for any evidence sought to be admitted. Therefore, while the precedence does not prevent them from actually decyphering your previous conversations, there is support that states it can not be used against you. In US v. Donovan (sorry lost the cite), the court held that the actual application must Identify *all* parties to be surveilled. Thus, the CIA cannot simply run a tape on you and expect to use it in court. It is important that everyone understand that none of these cases *prevent* any agency from *doing* the surveillance, and that probable cause is still an easy standard to meet in order to get the warrant. These cases merely tell you what would be admissable against anyone in court (i.e. this does not affect TLA (three letter acronyms) from blackmailing you or scaring the hell out of you. There is an enormous body of law out there on this topic and could use some guidance from the Cypherpunk elders for search topics. What's needed out there. Email me privately. TOTALLY aside from the Clipper topic: Just got the new WIRED. Excellent article. Groovy pix. Which one is Murdering Thug? 8^) mjmiski at macc.wisc.edu CyberLaw, etc. Matt From MJMISKI at macc.wisc.edu Sat Apr 17 22:37:03 1993 From: MJMISKI at macc.wisc.edu (Matthew J Miszewski) Date: Sat, 17 Apr 93 22:37:03 PDT Subject: CLIP: Media Blitz Message-ID: <23041800363830@vms2.macc.wisc.edu> Cypherpunks, I know Ive got a huge list of fax/phone numbers and addresses of all of the MAJOR media sources in this country. Im going to find it now. The idea is a major blitz on the media's editorial boards from plain old outraged readers (OK cypherpunks aren't plain or old), the media shows like Larry King, et al would love a point counterpoint on this topic and this could create a cypher phenomenon from the roots up. If this sounds like a good idea to others out there let me know. I believe that a groundswell (or apparent one) will catch the eye of those in Congress and in WAShington much more than will petitions or letters from an ambiguous and generally anonymous email list (although everyones thoughts are in the right place). People in Washington react to what appears to be public sentiment. So lets create it :-) Ill post the media list unless many people would rather me not do so. Matt From karn at qualcomm.com Sat Apr 17 23:23:43 1993 From: karn at qualcomm.com (Phil Karn) Date: Sat, 17 Apr 93 23:23:43 PDT Subject: 1st Amendment Clipped? Message-ID: <9304180623.AA28101@servo> >I then transmit the following and am arrested -- >-----BEGIN PGP MESSAGE----- [cipher text deleted] >Won't the prosecution be embarrassed when I decrypt it in court and present >the plaintext: > 1st Amendment > Congress shall make no law respecting an establishment of [remaining text deleted] No, they won't. Possession of such an OBVIOUSLY subversive document will prove conclusively that you're a dangerous enemy of the state, and must be severely dealt with. You'll be lucky to have a swift and painless execution. Thought for the day: "All I want is peace on earth, good will toward men." "We're the United States Government. We don't do that sort of thing!" --Sneakers (great flick, just saw it. Seemed appropriate.) Phil From zane at genesis.mcs.com Sat Apr 17 23:30:31 1993 From: zane at genesis.mcs.com (Sameer) Date: Sat, 17 Apr 93 23:30:31 PDT Subject: PGP & RSA -> Legal In-Reply-To: <9304180257.AA00395@metal.psu.edu> Message-ID: In message <9304180257.AA00395 at metal.psu.edu>, Clark Reynard writes: > since the software was legal at the time of purchase, it could > not be confiscated without due payment of value. If thousands Ha. (Sorry, but I'm feeling cynical.) -- | Sameer Parekh-zane at genesis.MCS.COM-PFA related mail to pfa at genesis.MCS.COM | | Apprentice Philosopher, Writer, Physicist, Healer, Programmer, Lover, more | | "Be God" - Me __ "Specialization is for Insects" - Robert A. Heinlein ____/ \_____________/ \____________________________________________________/ From TO1SITTLER at APSICC.APS.EDU Sat Apr 17 23:32:34 1993 From: TO1SITTLER at APSICC.APS.EDU (TO1SITTLER at APSICC.APS.EDU) Date: Sat, 17 Apr 93 23:32:34 PDT Subject: CLIP: Media Blitz Message-ID: <930418003021.13c0@APSICC.APS.EDU> Sorry I can't quote, but Giant media blitz sounds like a great idea to me. Post the media list and put it on the FTP site too. Roots-up sounds much more cypherpunk than funds- and TV- and newspaper-down. Thank you, Matt. Kragen From karn at unix.ka9q.ampr.org Sun Apr 18 00:20:07 1993 From: karn at unix.ka9q.ampr.org (Phil Karn) Date: Sun, 18 Apr 93 00:20:07 PDT Subject: Thoughts on the proposal Message-ID: <9304180722.AA01178@unix.ka9q.ampr.org> Some points to add, some of which I don't think have been made yet. It is entirely possible that Clinton, if he understands anything at all about this proposal, sincerely thinks that he's helping the cause of personal privacy. Consider that his entire education on the subject of cryptography probably consisted of a 5 minute briefing that probably went something like this: The US government is making available, for widespread public use, encryption technology developed by the greatest cryptographers in the world - NSA's. Civilian cryptographers are simply not capable of producing anything as good, so what does it matter if the keys are registered with the government? Users will still be better off than they are now, so what do they have to lose? And I bet that this would sound perfectly reasonable to the average man on the street, too. Well...I'd say we know better. And we have a big educational job to do. We need to let the public know that civilian cryptography is already quite good. Good enough that the communications industry doesn't need any "help" in the form of new chips from the government to secure its communications, thank you very much. And simple and cheap enough that it would have already have been made widely available in products such as digital cellular telephones if the government hadn't considered it "too good" and done everything they could behind the scenes to stop it. Clinton needs to learn that if he *really* wants to help the cause of civilian cryptography, he only needs to call off the goons over in NSA. We don't need their "help". We just want them to get the hell out of our private conversations and our private lives. Phil From tcmay at netcom.com Sun Apr 18 00:59:23 1993 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 18 Apr 93 00:59:23 PDT Subject: Comments from Jim Bidzos, Pres. of RSA Data Security Message-ID: <9304180759.AA05469@netcom.netcom.com> Jim Bidzos, Pres. of RSA Data Security, sent me a nice note this evening in response to my posting on sci.crypt. In that post, I suggested that only RSA has the algorithms and protocols ready to go for an alternative to Clipper, and that perhaps we should set aside our differences with RSA (over patents on software, etc.) and instead seek an alliance. Basically, Jim said he knew *nothing* of Clipper until he read about it in the Friday morning papers!! If true, this is astounding. (And having met Jim several times, I believe him.) He's also preparing a FAQ entitled "RSA/PKP/Clipper Flap FAQ" to deal with the many questions raised. Jim has some interesting theories about the motivations for Clipper, and why AT&T was so quick to jump on the bandwagon. Please don't quote my comments in public discussions of this issue (Jim asked me not to, which is why I'm being vaguely elliptic here.) This is all I can say for now, but I remain convinced that RSA was not involved (I suspect the presence of "jim at rsa.com" on the NIST mailing list, as reported in this group by a couple of folks, is not necessarily the cabal that put Clipper together). Interesting times indeed! -Tim May -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available. From gg at well.sf.ca.us Sun Apr 18 01:20:05 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Sun, 18 Apr 93 01:20:05 PDT Subject: Thoughts on the proposal Message-ID: <199304180819.AA14555@well.sf.ca.us> Agreed with Phil here. Clipper can't have been developed since Inauguration Day; it has to be a hand-me-down from the Bush administration, and I'm willing to bet that Clinton has been sold a bill of goods to get his support. Now a lot of folks on this list are ideologically committed to positions which are opposite to those of the Clinton amdministration, but please let's not let that blur our perception here. Clinton has shown a decent commitment to civil liberties (particularly concerning sexual freedom and reproductive rights, a very hard place to take a stand because there's such strong rightwing opposition); he's also shown an interest in telecom issues; I suspect what we're facing here isn't malice but lack of information on his part. Crypto is an elite area in math and computer science; for most people outside of this circle it's something they assume that they could never possibly understand and so they tend to accept the word of experts at hand. And the experts who are closest to the White House are at Fort Meade. The task we face is to bring the expertise of the best minds on our side, to the attention of the White House. -gg From szabo at techbook.com Sun Apr 18 02:07:06 1993 From: szabo at techbook.com (Nick Szabo) Date: Sun, 18 Apr 93 02:07:06 PDT Subject: Wiretapping chip Message-ID: I agree we should write letters, but not (or not just) to government officials. Consider targetting the big phone makers -- both domestic and overseas. Let them know our privacy needs as customers -- that we want secure encryption, that means encryption with _published algorithms_ and without having the key available to _any_ third party, be it the U.S. or any other government, or any nontrustworthy private organization. I almost agree with Sandy that "we've won", but an important part of the market process that brings such victory is giving good customer feedback to communications suppliers. Also for consideration: boycott AT&T and all other companies making phones with the wiretap chip, and let the phone makers know about the boycott early and often. Also I am curious specifically how (a) encrypted international phone calls and (b) foreign-made phones will fair under this proposal (or possible follow-on proposals when they see the weak points in this one). Can the U.S. government dictate key registration to the world? I agree with Perry that "cypherpunks" is a bad label when these kinds of issues get raised in public, and would also add "crypto-anarchy" to that. Our main "talking point" is privacy, and other less popular stuff is best kept -- private. Nick Szabo szabo at techbook.com From tcmay at netcom.com Sun Apr 18 02:11:07 1993 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 18 Apr 93 02:11:07 PDT Subject: A Long History for Clipper... Message-ID: <9304180909.AA07839@netcom.netcom.com> George Gleason writes: >Agreed with Phil here. Clipper can't have been developed since Inauguration >Day; it has to be a hand-me-down from the Bush administration, and I'm >willing to bet that Clinton has been sold a bill of goods to get his >support. Now a lot of folks on this list are ideologically committed to It's clearly stated that the program is at least 4 years old and that, for example, the contracts with VLSI Tech and Mxxxxtronix (I keep forgetting the name of the previously obscure So. Cal. defense contractor) were let 14 months ago, that production of the chips has begun, blah blah. No argument that the program started under Bush, and perhaps under Reagan (recall his various NSDDs and the Computer Security Act...). This doesn't mean the proposal will be casually tossed aside by Clinton as some objections are raised. Most policies of this sort percolate up through the entrenched bureacracies in Justice, State, Defense, NSA, etc. In this case, the AG, Janet Reno, was a well-known drug warrior in the Miami/Dade area....undoubtedly she made use of wiretaps, seizures, etc. She also probably understands the issues of law enforcement pretty well and fully understands what the proposal means. So, I don't think Clinton will easily change this policy. A firestorm of proposed civil disobedience, scoffing at the Clipper, etc., *might* have some effect. But I don't favor concentrating on legislative fixes. Give me technology any day. -Tim P.S. However, I'm trying to find the net address to send ersatz "protest" letters to Intergraph Corp about "Clipper." Clipper is the name of their 32-bit RISC chip--my thought is that enough indignant letters to Intergraph, deliberately confusing the Clinton Clipper with their product, will get Intergraph's lawyers to file a protest with the Administration! Perhaps even a name change will be ordered....a minor embarrassment, to be sure, but a stick in their eye nonetheless. -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available. From szabo at techbook.com Sun Apr 18 02:42:38 1993 From: szabo at techbook.com (Nick Szabo) Date: Sun, 18 Apr 93 02:42:38 PDT Subject: Wiretapping chip: vid clips & sound bites Message-ID: I was on a Portland-area TV forum this evening and was able to raise the wiretap chip issue to a lay audience (in addition to being in some ways a lay person myself on this issue, but quite concerned). Here are some talking points and phrases I found helpful: * Compared and contrasted a "wiretap chip", which gives government agencies the keys to your private conversations, and a "privacy chip" where you keep the keys (come to think of it, I'm not sure that second point is technically correct -- how would a truly private phone handle the keys?) * Compared giving government agencies crypto keys to giving the IRS the keys to your house and filing cabinet. * As examples I used lawyer/client, psychiatrist/patient, priest/confessor and political campaign work done over the phone. * Showed New York Times front page story (Fri. 4/16) to the camera, to demonstrate that this is important, not a fringe issue and that the wiretap chip is real. Quoted Stephen Bryen of Secured Communications Technologies Inc., "I think the government is creating a monster." * Emphasized importance of learning about telephone and e-mail technology, and how they can be made private with open cryptography. (As opposed to top-secret chip designs which I called "closed cryptography"). * Stated that I was switching from AT&T to another provider in protest of their selling phones containing wiretap chips. I wanted to use a see-thru telephone as a prop to point at computer chips inside the phone, but wasn't able to locate one in time. Some of this may sound corny and less accurate than a technical presentation, but I needed to make the lay audience at least mildly informed, sympathetic and perhaps even motivated to write their phone company or their Congresscritters within about the three minutes of air time. Further suggestions for sound bites, vid clips etc. to use in a media campaign greatly appreciated. Nick Szabo szabo at techbook.com From rjc at gnu.ai.mit.edu Sun Apr 18 03:58:15 1993 From: rjc at gnu.ai.mit.edu (rjc at gnu.ai.mit.edu) Date: Sun, 18 Apr 93 03:58:15 PDT Subject: Wiretapping chip: vid clips & sound bites In-Reply-To: <9304180942.AA03151@churchy.gnu.ai.mit.edu> Message-ID: <9304181058.AA75057@hal.gnu.ai.mit.edu> The best innovation you came up with is calling it the "wiretap chip." I propose that we stop referring to this chip as the "clipper chip" and always refer to it as "the wiretap chip." Also, when using analogies, don't bring up drug smugglers or terrorists. One key to winning this battle is to wage an information war. We have to manipulate the image of this proposal so it looks more like a menace instead of a "protection." -- Ray Cromwell | Engineering is the implementation of science; -- -- EE/Math Student | politics is the implementation of faith. -- -- rjc at gnu.ai.mit.edu | - Zetetic Commentaries -- From habs at Panix.Com Sun Apr 18 05:29:13 1993 From: habs at Panix.Com (Harry Shapiro) Date: Sun, 18 Apr 93 05:29:13 PDT Subject: Media Blitz: May ourselves available Message-ID: <199304181229.AA27858@sun.Panix.Com> If there is going to me some kind of media blitz then we have to put some of ourselves forward as "experts" for the media to interview. Tim May, John Gilmore, come to mind. Any of us that are clean shaven and wear suits, etc. would also make good spoke-folks /harry -- Harry Shapiro habs at panix.com List Administrator of the Extropy Institute Mailing List Private Communication for the Extropian Community since 1991 From habs at Panix.Com Sun Apr 18 05:50:09 1993 From: habs at Panix.Com (Harry Shapiro) Date: Sun, 18 Apr 93 05:50:09 PDT Subject: The mysterious mailing list (fwd) Message-ID: <199304181248.AA28813@sun.Panix.Com> There have been reports about a mailing list set-up at NIST that had a number of people on it including Mitch Kapor. The list is named "clipper" and it was through that list that part of the Wire Tap Chip announcement came. I asked Mitch directly, what is involvement with that list was; I asked him if he was involved with the development of the Wire Tap Chip. Below is is reply. I believe him. /harry a conscious being, Mitchell Kapor wrote: > From mkapor at eff.org Wed Apr 17 23:11:38 1993 > Message-Id: <199304181111.AA05559 at eff.org> > Date: Sun, 18 Apr 1993 07:11:38 -0800 > To: habs at Panix.Com > From: Mitchell Kapor > Subject: The mysterious mailing list > > I believe the list in the question is an informational list set up at NIST. > My name was placed on it. I did not ask to be put on such a list. We > were (obviously) not involved in the development of Clipper. > I was sent the Clipper announcement fact sheet, for instance. > There has been a small amount of traffic on it, none of it consequential. > I would appreciate it if you would make these facts known. I have told Mitch I will put this info out and have asked that he make clipper list mail public at some FTP site. I have also asked him when he started getting traffic from this list. /harry -- Harry Shapiro habs at panix.com List Administrator of the Extropy Institute Mailing List Private Communication for the Extropian Community since 1991 From baumbach at atmel.com Sun Apr 18 06:14:20 1993 From: baumbach at atmel.com (Peter Baumbach) Date: Sun, 18 Apr 93 06:14:20 PDT Subject: The gov't makes sense ;-) Message-ID: <9304180514.AA25169@sole.chp.atmel.com> My eyes have been opened, after reading the White House press release. Privacy can only be allowed if the users don't break any laws. If through accident or other means we find that someone who is using privacy has broken the law, we need to be able to discover what has been hidden by privacy in the past to see if other laws were broken. It is for the greater good! Let's have the gov't set a good example for us too follow. I want all government employees and anyone they have spoken to, to be recorded always. The tapes will be encrypted and stored safely in the hands of all losing presidential candidates. If a citizen has probable cause to believe that a person in gov't has broken the law, then, with proper safeguards, he will be given copies of the appropriate tapes and the keys, to get to the bottom of this. If through accident or other means we find that someone who is using privacy has broken the law, we need to be able to discover what has been hidden by privacy in the past to see if other laws were broken. It is for the greater good. Peter Baumbach baumbach at atmel.com From habs at Panix.Com Sun Apr 18 06:22:00 1993 From: habs at Panix.Com (Harry Shapiro) Date: Sun, 18 Apr 93 06:22:00 PDT Subject: Mitch on the Clipper Mailing list Message-ID: <199304181319.AA29552@sun.Panix.Com> I had asked Mitch to repost any communications that have gone over this list. He has. I appreciate his willing to clear up this issue. As I have stated before, I believe him, that NIST simply created this list of people they wanted to be in direct contact with. /harry a conscious being, Mitchell Kapor wrote: > From mkapor at eff.org Sun Apr 18 00:58:00 1993 > Message-Id: <199304181257.AA06031 at eff.org> > Date: Sun, 18 Apr 1993 08:58:00 -0800 > To: habs at Panix.Com > From: Mitchell Kapor > Subject: Re: The mysterious mailing list > > I received the statement of the Press Secretary and the public fact sheet > from Ed Roback. I have not repoduced the full text as it is readily > available elsewhere. > > Following this is a thread between Gerano Cannoni and Martin Hellman. I > have deleted the text of Marty's longest response, as it is being > circulated elsewhere. > Last, there is a single message from A. Pagett Patterson. > And that's it (assuming I haven't missed something in reviewing my mail stream). > Feel free to re-post this, put in on an FTP, whatever. I don't have any > more time to deal with this issue. > > Date: Fri, 16 Apr 93 11:02:59 EDT > From: Ed Roback > Organization: FIRST, The Forum of Incident Response & Security Teams > Posted-Date: Fri, 16 Apr 93 11:02:59 EDT > To: clipper at csrc.ncsl.nist.gov > Subject: text of White House announcement and Q&As on clipper chip encryption > > Note: This file will also be available via anonymous file > transfer from csrc.ncsl.nist.gov in directory /pub/nistnews and > via the NIST Computer Security BBS at 301-948-5717. > --------------------------------------------------- > > THE WHITE HOUSE > > Office of the Press Secretary > > _________________________________________________________________ > > For Immediate Release April 16, 1993 > > > STATEMENT BY THE PRESS SECRETARY > > > The President today announced a new initiative that will bring > the Federal Government together with industry in a voluntary > program to improve the security and privacy of telephone > communications while meeting the legitimate needs of law > enforcement. > ... > > Date: Fri, 16 Apr 93 16:44:10 EDT > From: Ed Roback > Organization: FIRST, The Forum of Incident Response & Security Teams > Posted-Date: Fri, 16 Apr 93 16:44:10 EDT > To: clipper at csrc.ncsl.nist.gov > Subject: White House Public Encryption Management Fact Sheet > > > > Note: The following was released by the White House today in > conjunction with the announcement of the Clipper Chip > encryption technology. > > FACT SHEET > > PUBLIC ENCRYPTION MANAGEMENT > > The President has approved a directive on "Public Encryption > Management." The directive provides for the following: > ... > > Posted-Date: Sat, 17 Apr 93 01:26:06 +0200 > From: caronni at nessie.cs.id.ethz.ch (Germano Caronni) > Date: Sat, 17 Apr 93 01:26:06 +0200 > To: clipper at csrc.ncsl.nist.gov > Subject: Clipper-Chip Escrow-System Flaws > Newsgroups: > alt.privacy,sci.crypt,alt.security,comp.security.misc,comp.org.eff.talk > Organization: Swiss Federal Institute of Technology (ETH), Zurich, CH > Cc: > > > Good day, > as a non-citizien of USA I have read your announcment of the > 'Clipper-Chip' with great interest, and am happy to see a increase > in lawful privacy in the USA. I hope this policy will extend to > other countries too. > In the meantime I suspect two flaws in the 'Clipper-Chip' as it was > announced today via NIST/electronic media. > > 1) Keeping secret the algorithm which performs encryption is in my > humble opinion a bad idea. It hinders 'Clipper' to get publicly > accepted, and hinders the minute examination of the Clipper- > Algorithm by other then a few experts. > But I am sure this was well considered. > > Now the important suggestion :=) > > 2) By splitting the 80-Bit-Key of clipper in two parts, and give > them to different organizations, you add an uneeded WEAKNESS > to the escrow-system. This way, corruption of one escrow will > allow an easier attack on the Key than might be possible. > (e.g. if I obtain 40 bits of possible 80 bits keys, exhaustive > keysearch is definitively no problem.) > You might instead generate 2 (or even more, if this ist not > politically indesired) 80-Bit-Sequences which, when XOR-ed > together will provide the original, needed key, but alone they > are worthless. I am sure persons with knowledge in this area, which > surely can be found at NIST (or wherever) will agree. > > I hope that this remark is of interest for you. > > Friendly greetings, > > Germano Caronni > > > P.S. > I am sure you have remarked, that the current policy is interpretable > to tend toward an abolition of 'unbreakable' secure communication > via electronic Media, and hope that this will _not_ come true. > > Disclaimer: This mail is in now way whatsoever connected to the Swiss > Federal Inst. of Technology, but expresses my personal thoughts. > > > > > Organization: FIRST, The Forum of Incident Response & Security Teams > Posted-Date: Fri, 16 Apr 93 22:32:14 PDT > Date: Fri, 16 Apr 93 22:32:14 PDT > From: "Martin Hellman" > To: caronni at nessie.cs.id.ethz.ch, clipper at csrc.ncsl.nist.gov > Subject: Re: Clipper-Chip Escrow-System Flaws > > I received your message suggesting: > > 2) By splitting the 80-Bit-Key of clipper in two parts, and give > them to different organizations, you add an uneeded WEAKNESS > to the escrow-system. This way, corruption of one escrow will > allow an easier attack on the Key than might be possible. > (e.g. if I obtain 40 bits of possible 80 bits keys, exhaustive > keysearch is definitively no problem.) > You might instead generate 2 (or even more, if this ist not > politically indesired) 80-Bit-Sequences which, when XOR-ed > together will provide the original, needed key, but alone they > are worthless. > > In a conversation with NSA today, I was told > that two random 80-bit numbers will be XORed to produce > the 80-bit key and the two individual numbers kept by > two separate escrow authorities -- who they are is > to be decided. So your suggestion is, in fact, how it > will be handled. > > martin hellman > > Disclaimer: this in no way should be interpreted to mean > that I approve of the Clipper Chip. While I am still in the > process of learning more about it, my immediate reaction > was not positive. More later. > > Organization: FIRST, The Forum of Incident Response & Security Teams > Posted-Date: Sat, 17 Apr 93 23:05:23 PDT > Date: Sat, 17 Apr 93 23:05:23 PDT > From: "Martin Hellman" > To: ...clipper at csrc.ncsl.nist.gov... > Subject: Clipper Chip > > > Most of you have seen the announcement in Friday's NY Times, > etc. about NIST (National Institute of Standards & Technology) > announcing the "Clipper Chip" crypto device. Several messges > on the net have asked for more technical details, and some have > been laboring under understandable misunderstandings given > the lack of details in the news articles. So here to help out > is your friendly NSA link: me. I was somewhat surprised Friday > to get a call from the Agency which supplied many of the missing > details. I was told the info was public, so here it is (the cc of this > to Dennis Branstad at NIST is mostly as a double check on my > facts since I assume he is aware of all this; please let me know > if I have anything wrong): > > ... > > > Organization: FIRST, The Forum of Incident Response & Security Teams > Posted-Date: Sat, 17 Apr 93 08:55:31 -0400 > Date: Sat, 17 Apr 93 08:55:31 -0400 > From: padgett at tccslr.dnet.mmc.com (A. Padgett Peterson) > To: "clipper at csrc.ncsl.nist.gov"@uvs1.dnet.mmc.com > Subject: Panel > > I would like to be considered for the "outside panel" assessing the > Clipper Technology. > A. Padgett Peterson, P.E. > > > -- Harry Shapiro habs at panix.com List Administrator of the Extropy Institute Mailing List Private Communication for the Extropian Community since 1991 From habs at Panix.Com Sun Apr 18 06:24:16 1993 From: habs at Panix.Com (Harry Shapiro) Date: Sun, 18 Apr 93 06:24:16 PDT Subject: It is two 80-bit "halfs" Message-ID: <199304181322.AA29623@sun.Panix.Com> >From Mail sent via the Clipper Mailing list, forwarded to me: > In a conversation with NSA today, I was told that two random 80-bit > numbers will be XORed to produce the 80-bit key and the two individual > numbers kept by two separate escrow authorities -- who they are is to > be decided. So your suggestion is, in fact, how it will be handled. > martin hellman /HARRY -- Harry Shapiro habs at panix.com List Administrator of the Extropy Institute Mailing List Private Communication for the Extropian Community since 1991 From MAILER-DAEMON at Panix.Com Sun Apr 18 06:30:37 1993 From: MAILER-DAEMON at Panix.Com (Mail Delivery Subsystem) Date: Sun, 18 Apr 93 06:30:37 PDT Subject: Returned mail: Deferred: Connection reset by peer during greeting wait with churchy.gnu.ai.mit.edu Message-ID: <199304181241.AA28611@sun.Panix.Com> ----- Transcript of session follows ----- While talking to toad.com: >>> RCPT To: <<< 550 ... User unknown 550 cyhperpunks at toad.com... User unknown 451 extropians at gnu.ai.mit.edu... timeout waiting for input 421 churchy.gnu.ai.mit.edu (TCP)... Deferred: Connection reset by peer during greeting wait with churchy.gnu.ai.mit.edu ----- Unsent message follows ----- Received: by sun.Panix.Com id AA28608 (5.65c/IDA-1.4.4 for extropians at gnu.ai.mit.edu); Sun, 18 Apr 1993 08:41:03 -0400 From: Harry Shapiro Message-Id: <199304181241.AA28608 at sun.Panix.Com> Subject: Re: More True Names: The NIST Security Board (fwd) To: cyhperpunks at toad.com, extropians at gnu.ai.mit.edu (Harry Shapiro) Date: Sun, 18 Apr 1993 08:41:03 -0400 (EDT) Reply-To: habs Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 1199 a conscious being, David Farber wrote: From banisar at washofc.cpsr.org Sun Apr 18 06:43:31 1993 From: banisar at washofc.cpsr.org (Dave Banisar) Date: Sun, 18 Apr 93 06:43:31 PDT Subject: AT&T Press Release on Clipper Message-ID: <9304180949.AA35839@hacker2.eff.org> Here's AT&T's announcement on the Clipper. AT&T TO INCORPORATE NEW 'CLIPPER' CHIP INTO SECURE COMMUNICATIONS PRODUCT LINE GREENSBORO, N.C., April 16 AT&T (NYSE: T) said today it is moving to improve the security and privacy of telephone communications by incorporating a just-announced new U.S. government technology for voice encryption into its secure communications product line. AT&T will use the Clipper chip, announced today by President Clinton as a new technology for voice encryption, in all of its secure telephone products except those specially designed for government classified customers. The Commerce Department has announced a six-month timetable for the final certification of Clipper. "AT&T is pleased to be the first company to publicly commit to adoption of the Clipper chip," said Ed Hickey, AT&T vice president, Secure Communications Systems. "We believe it will give our customers far greater protection in defeating hackers or eavesdroppers attempting to intercept a call. "And now all commercially available AT&T voice encryption products will be compatible with each other, a major step forward in bringing secure communications capabilities to the business community." In standardizing AT&T voice encryption products on the Clipper chip, AT&T will include the algorithm in the Telephone Security Device as well as in the Secure Voice/Data Terminal. The AT&T Telephone Security Device is a compact, lightweight unit that brings advance encryption technology to conventional land-line and cellular telephones. It provides a powerful, convenient and reliable way to protect the most sensitive telephone conversations. The device works with a conventional land-line or transportable/mobile cellular phone. It turns the phone's signal into a digital stream of encrypted information that is decrypted by a Telephone Security Device attached to the phone at the receiving end of the call. The AT&T Telephone Security Device connects easily to desk telephones or tranportable or mobile phones. It weighs 1.5 pounds and is 7 inches long, 4.5 inches wide and 1.5 inches high. And it's as easy to use as it is portable. The AT&T Secure Voice/Data Terminals are desktop telephones that provide encryption for both telephone calls and data transmissions. These AT&T secure communications products use an enhanced voice encryption technique that provides very high voice quality. This technology allows calls placed with these products to approach the voice quality of normal calls. To further enhance interoperability, AT&T will consider licensing to other manufacturers its enabling technologies for interoperability. Interoperability of encryption devices requires common technology beyond the use of a common encryption algorithm, specifically common methods of digital voice encoding and signaling. AT&T has already performed integration tests with Clipper chips manufactured by the government's supplier, Mykotronx Inc., of Torrence, Calif., and is preparing to integrate the chip into the manufacturing of its secure products. AT&T's Clipper-equipped telephone security devices will be available to customers by the end of the second quarter. The federal government intends to adopt the Clipper chip as the standard for voice encryption to help protect proprietary information, protect the privacy of personal phone conversations and prevent unauthorized release of data transmitted electonically. At the same time, use of the Clipper chip will preserve the ability of federal, state and local law enforcement agencies to intercept lawfully the phone conversations of criminals. "Adoption of Clipper will support both the government's efforts to protect the public and the public's right to privacy," Hickey said. AT&T Secure Communication Systems provides products to protect voice, data, fax, cellular and video communications. It also engineers and integrates secure communications applications. Its customers include the governments of the United States and other nations as well as major corporations around the world. AT&T Secure Communications Systems is headquartered in Greensboro. For more information about the AT&T Telephone Security Device 3600 and other AT&T Secure Communications Products, call David Arneke at 919-279-7680. CONTACT: David Arneke of AT&T Secure Communications Systems, 919-279- 7680,or after hours, 919-273-5687, or Herb Linnen of AT&T Media Relations, 202-457-3933, or after hours, 202-333-9162 From banisar at washofc.cpsr.org Sun Apr 18 07:10:18 1993 From: banisar at washofc.cpsr.org (Dave Banisar) Date: Sun, 18 Apr 93 07:10:18 PDT Subject: Media Sugestions, History of Clipper and Conspiracy theories Message-ID: <9304181016.AA32068@hacker2.eff.org> RE: Press Blitz I have found from experience, with some success, that the best way to handle press if you to contact local press and present yourself as a local expert on the subject. This gives them a local connection for their stories. You should have apack ready to send them, including copies of the White House documents, and a 1 page fact sheet of your own pointing out the problems with the proposal. Present yourself as a local computer scientist who sees the deeper issues behind this proposal and wants to air them. The major national newspapers are already covering this but its the smaller local papers that most people read. Only a few million people total read the NY Times, Washinging Post etc. Thinks of the millions that read their local papers and get to them. If they respond, this will be killed. History of Clipper: As I mentioned before, Iwas at the NIST press Conference on Fri. They responded to a question by saying that they had been working on this for 4 years and had been implimenting it for 14 months. Suggestion for campaign name: Clip the Clipper! Mailing List: No CPSR, etc. were not involved as a cabal supporting this dingbat proposal. If you beliueve that then go back to reading your endless JFK/CIA/Mafia/aliens conspiracy theory books and let the rest of us go on living in the real world. They have put together a very slick electronic media blitz here, sending the proposal to every applicable newsgroup etc. Dave Banisar CPSR Washington Office From habs at Panix.Com Sun Apr 18 07:35:37 1993 From: habs at Panix.Com (Harry Shapiro) Date: Sun, 18 Apr 93 07:35:37 PDT Subject: Test, please ignore Message-ID: <199304181435.AA10152@sun.Panix.Com> Just a alias test - please ignore /harry -- Harry Shapiro habs at panix.com List Administrator of the Extropy Institute Mailing List Private Communication for the Extropian Community since 1991 From R.Tait at bnr.co.uk Sun Apr 18 07:46:56 1993 From: R.Tait at bnr.co.uk (R.Tait at bnr.co.uk) Date: Sun, 18 Apr 93 07:46:56 PDT Subject: What Clinton's proposal will mean to the Rest of the World Message-ID: <199304181446.7907@bnsgs200.bnr.co.uk> Cypherpunkers, Having just digested the press release, and the subsequent followups on sci.crypt and on here, I am beginning to wonder what ramifications this might have in other countries, specifically the "Superpowers". Surely setting such a precedent in his own country will spark off a flurry of activity in places such as the UK, Germany, France et al, so that they are not "left behind", so-to-speak? To be quite honest, I can't see the English government taking such radical steps about secure telecommunications, quite simply, because BT have such a lacsidasical [sp?] approach to new and emerging technologies. Take for instance, IDSN. Their philosophy of marketing and "selling" ISDN is laughable - I once read a newspaper article which related a tale of a Corporation who wanted to learn if ISDN could be useful to it's business practices, and it seems that BT just kept jostling them between department (Dept X: "Phone Dept Y", Dept Y: "Phone Dept X" etc). Can anyone really see that the US government (or whoever) will completely outlaw all strong data encryption? This violates the basic human right of free communications/privacy. What a world we live in, huh? -- Rick M. Tait Bell Northern Research Europe Tel: +44-81-945-3352, Fax: +44-81-945-3352 Network Management Systems New Southgate, London. UK email: ricktait at bnr.co.uk || rt at cix.compulink.co.uk || ricktait at bnr.ca From pfarrell at cs.gmu.edu Sun Apr 18 08:14:28 1993 From: pfarrell at cs.gmu.edu (Pat Farrell) Date: Sun, 18 Apr 93 08:14:28 PDT Subject: Media Blitz: Make ourselves available Message-ID: <40480.pfarrell@cs.gmu.edu> Harry Shapiro writes: >Any of us that are clean shaven and wear suits, etc. would >also make good spoke-folks I can't claim expert status, but I do live "inside the Beltway" wear suits, have gray hair, have appeared on CNN during the Morse worm discussions, presented a paper on security at the National Computer Security Conference last Fall, work for a high-tech software firm, think the big brother chip is a crock, and am willing. How do I make myself more available? My 24-hour voicemail number is (703) 267-2986. Pat From pfarrell at cs.gmu.edu Sun Apr 18 08:14:40 1993 From: pfarrell at cs.gmu.edu (Pat Farrell) Date: Sun, 18 Apr 93 08:14:40 PDT Subject: Knowledge of cryptography, Was: RE: More True Names: The NIST Security Board Message-ID: <40485.pfarrell@cs.gmu.edu> Harry identified several names on the CLIPPER list, including: >mcnulty at ecf = F. Lynn McNulty an associate director for computer >security at the National Institute of Standards and Technology's >Computer Systems Laboratory At this Fall's National Computer Security Conference, Mr. McNulty was a speaker on the NIST's digital signature session. They talked about both the non-RSA DSS, and use of Certifying Authorities with a RSA-based scheme. At that same conference, I gave a paper on security that described a fishnet of trust between systems. This was written in February 92, well before I read Phil's "web of trust" from the PGP docs, which I read sometime over the summer. During the Q&A, I asked Mr NcNulty to compare the advantages and disadvantages of a heirarchical CA approach to an interlocking fishnet/web of trust. I hoped he would at least recognize that any heirarchy has problems from the top down if an upper level is compromised. Instead, he could not address any differences. I believe that working in the government has made the hierarchy seem to be the only implementation that he envisioned. He fobbed the question off to one of his technical underlings, but he, too, was unable to answer it (or even coherently address it). I believed then (and still do) that the closed loop process used by NIST and the TLAs has caused them to overlook a number of promissing alternatives. This means that we crypto-provacy advocates must start an education effort. Pat From pfarrell at cs.gmu.edu Sun Apr 18 08:15:32 1993 From: pfarrell at cs.gmu.edu (Pat Farrell) Date: Sun, 18 Apr 93 08:15:32 PDT Subject: A Long History for Clipper... Message-ID: <40466.pfarrell@cs.gmu.edu> Timothy C. May) writes: >George Gleason writes: >> Clipper can't have been developed since Inauguration >>Day; ... >It's clearly stated that the program is at least 4 years old and that, >[supporting stuff deleted] >This doesn't mean the proposal will be casually tossed aside by Clinton as >some objections are raised. Most policies of this sort percolate up through >the entrenched bureacracies in Justice, State, Defense, NSA, etc. I was listening to a lecture by Dr. Denning (Peter J) about a week ago. He was referencing NREN, not his wife's key registration idea, but in light of Clipper, the comments are germane. He said that some of his left-coast collegues were all concerned about NREN providing equal access so it won't be a "yuppie-only" communication medium. Prof. Denning said that these well meaning folks are too late. Gore's data superhighways were announced as a big deal for political reasons by the Clinton Administration, but it was actually the result of nearly 10 years of work. He said these things take years to create, and that the consensus is in place before it announced so acceptance is assured. Clearly CLIPPER has been percolating thru the TLAs for quite some time. I think the self selection process (see The New Republic's Clincest article) has allowed those who have been sending up trial balloons to think they've reached an acceptable position. It was clear at last Fall's National Computer Security Conference (sponsored by NSA) that the TLAs were going to keep pushing to get this thru. BTW, I live "inside the Beltway" and have been trying to figure out a way to use my ability to easily popover the DC for face to face meetings to help stop this madness. I tried working with EFF last Fall, but they couldn't figure out how to use volunteer help. If any crypo-privacy list readers have ideas, please let me know. Pat (My pgp key is on the utmb and mit servers.) From 0005037030 at mcimail.com Sun Apr 18 09:36:17 1993 From: 0005037030 at mcimail.com (AJ Janschewitz) Date: Sun, 18 Apr 93 09:36:17 PDT Subject: Another one-way street Message-ID: <51930418163515/0005037030ND3EM@mcimail.com> -----BEGIN PGP SIGNED MESSAGE----- Well, the Clintoon Administration has opened up yet another electronic channel besides the one on CI$. The White House can also be reached at 5895485 at mcimail.com. Their usual rules apply: Give a snail return address if you want a response. Looks like the "data highway" is, for the time being, a one-way street ... ==a.j.== -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK9F98xk4MFKFFwHhAQH42AP/ZRh7WRDqdP2LpkDiO2/IGzEbaVr9UR7y AeqRQAAjSCmC5o1ApJ5oAd22GIqyeaRfnpXy0WuRsJRkxdEpDLbzYnGLSCaT4DOh o4Hj4EHTFIy7exN9vRkAFaXA1E7E9dl7D1xajbv7F4L6Y26TivvhMP5WRtKuHIxW re2YpapLOuY= =amKI -----END PGP SIGNATURE----- From MJMISKI at macc.wisc.edu Sun Apr 18 10:09:08 1993 From: MJMISKI at macc.wisc.edu (Matthew J Miszewski) Date: Sun, 18 Apr 93 10:09:08 PDT Subject: MEDIA: Partial List Message-ID: <23041812084521@vms2.macc.wisc.edu> Cypherpunks, OK a couple of things. First, this is a partial list as should be obvious by the truncation of the first entry. If and when I can find the whole and complete list I will post it. Second, I post this grudgingly realizing that some might abuse it. I do feel however that the tone of discussion on the list has been positive and intellectual enough to positively affect the cause. I realize this list is not exhaustive but it is a start. Ill work on expansion. I suggest, as have others, that we utilize one simple technology extensively - fax/fax-modems. Also remember that Washington responds to perceived PUBLIC opinion. Most people dont understand crypto much less know our names. It should appear that these comments are coming from a good cross section of the country. Finally, I agree with the poster that suggested that we put forth some spokespeople of sorts. Media types love point people rather than the horizontal structure of cypherpunks. I know we will never get total agreement on whom they should be, but I think that Tim May, John Gilmore, Eric Hughes, etc. are pretty much acceptable (They represented us eloquently in WIRED) Use the list with good intent. -------------------8<---------------8<----------------- Lane Vernardos Fax: 212 7652724 Associated Press 50 Rockefeller Plaza New York NY 10020 Phone: 212 6211600 This Week With David Brinkley 1717 De Sales St., NW Washington DC 20036 David Glodt Phone: 202 8877777 Fax: 202 8877977 CBS Evening News 524 W. 57th St. New York NY 10019 Tom Bettag Phone: 212 9753693 Fax: 212 9751519 CBS This Morning 524 W. 57th St. New York NY 10019 Eric Sorenson Phone: 212 9752824 Fax: 212 9752115 CSM Publishing Society One Norway St. Boston MA 02115 Phone: 800 2257090 One CNN Center Box 105366 Atlanta GA 30348 Phone: 404 8271500 CNN, Washington Bureau 111 Massachusetts Ave., NW Washington DC 20001 Phone: 202 8987900 Face the Nation, CBS News 2020 M St., NW Washington DC 20036 Marianne Brooks Phone: 202 4574321 Fax: 202 4666237 Good Morning America, ABC News 1965 Broadway New York NY 10023 Jack Riley Phone: 212 4961800 Fax: 212 8874724 Larry King Show, Mutual Radio 1755 S. Jefferson Davis Hwy. Arlington VA 22202 Pat Piper Phone: 703 6852175 Fax: 703 6852142 Larry King Live TV, CNN 111 Massachusetts Ave., NW Washington DC 20001 Thomas Haddad Phone: 202 8987900 Fax: 202 8987617 Los Angeles Times Times-Mirror Square Los Angeles CA 90053 Phone: 800 5281637 Fax: 213 2377679 MacNeil/Lehrer News Hour P.O. Box 2626 Washington DC 20013 Phone: 703 9982870 MacNeill/Lehrer News Hour WNET 356 W. 58th St. New York NY 10019 Les Crystal Phone: 212 5603113 Fax: 212 5817353 Meet the Press, NBC News 4001 Nebraska Ave., NW Washington DC 20016 Christie Basham Phone: 202 8854200 Fax: 202 3622009 Morning Edition, NPR 2025 M St., NW Washington DC 20036 Phone: 202 8222000 N B C Nightly News 30 Rockefeller Plaza New York NY 10112 Steven Freidman Phone: 212 6644971 Fax: 212 6646045 New York Times, DC Bureau 1627 Eye St., NW, 7th Floor Washington DC 20006 Phone: 202 8620300 New York Times 229 W. 43rd St. New York NY 10036 Phone: 212 5561234 Newsweek 444 Madison Ave. New York NY 10022 Phone: 212 3504000 Nightline, ABC News 47 W. 66th St. New York NY 10023 Dorrance Smith Phone: 212 8874995 Fax: 212 4563335 ABC News 1717 DeSales, NW Washington DC 20036 Ted Koppel Phone: 202 8877364 Public Broadcasting Service 1320 Braddock Pl. Alexandria VA 22314 Phone: 704 7395000 Time Magazine, DC Bureau Washington DC 20001 Mr. Cloud, Bureau Chief Phone: 202 8614000 Time Warner, Inc. Time Life Bldg. Rockefeller Center New York NY 10020 Phone: 212 5221212 The Today Show 30 Rockefeller Plaza New York NY 10112 Tom Capra Phone: 212 6644249 USA Today 1000 Wilson Blvd. Arlington VA 22229 Phone: 703 2763400 U S News & World Report 2400 N St., NW Washington DC 20037 Phone: 202 9552000 United Press International 1400 Eye St., NW Washington DC 20006 Phone: 202 8988000 WETA-TV P.O. Box 2626 Washington DC 20013 Phone: 703 9982626 Wall Street Journal 200 Liberty St. New York NY 10281 Phone: 212 4162000 Washington Post 1150 15th St., NW Washington DC 20071 Phone: 202 3346000 From uni at acs.bu.edu Sun Apr 18 10:43:58 1993 From: uni at acs.bu.edu (Shaen Bernhardt) Date: Sun, 18 Apr 93 10:43:58 PDT Subject: Media Blitz Message-ID: <9304181743.AA38488@acs.bu.edu> Having sent faxes to all the targets on my media list, I'm looking for the following: 1> A Fax number for AT&T public relations so I can explain to them that they can count my business out if they don't wise up. 2> A Fax number for Intergraph Corp 3> Internet addresses for same. I sent the following text to several media contacts: April 18, 1993 Sir or Madam, I am sending this text to call your attention to what I and others believe to be a grievous attack on privacy for the private sector and the public at large. On April 16, 1993 the White House Office of the Press Secretary issued a statement regarding the administration's emerging policy on encryption hardware and technology. In short this policy is a ruse. With the increasing reliance on data links and E-Mail to communicate, cryptography has evolved to protect the otherwise vulnerable data traffic in this country. E-Mail and data transfers are not as secure from tampering and compromise as is the postal service. Messages sent through mail nets have no "envelopes" and are unprotected from the prying eyes of system administrators on any of the many nodes a message may pass through. Indeed those using electronic mediums for mail services are entitled to some reasonable assurance of privacy. As a result, cryptography and encryption have become fruitful industries in this country. The Clinton administration seems well on the way to destroying this industry and stomping on the rights of citizens to secure their communications from surveillance. The "Clipper Chip Proposal," which is becoming known in the academic community as the "Big Brother Proposal," bills itself as a solution to the conflict between law enforcement and "crypto industry." It is not. By enforcing the Clipper technology as a standard, the Clinton administration has taken the first step in regulating all encryption technology and selling short the American people. The Clipper technology, by the administration's own admission, is compromised from the beginning. Cipher keys for Clipper hardware are to be segmented and stored in depositories maintained by two agencies, (which remain yet unnamed) and released with "the proper authorization." No one educated in the nuances of encryption would take such a system seriously. Willingness to accept a system that comes already compromised is simply unimaginable, at least while other systems are still around. The administration insists that the algorithm for the Clipper technology is secret, and will not be released to the academic sector or the public at large. A vital part of the development process of any new algorithm is its' ability to withstand the scrutiny of the academic and private sectors. The current encryption standard (DES) is a prime example. The algorithm for DES was made available to the academic and private sectors at no loss of security to those using DES based systems. Indeed the weaknesses of DES were eventually revealed by the academic sector as a direct result of this scrutiny. Part of the mark of a well designed system is in the ability to remain secure despite disclosure of the algorithm. No entity can be expected to trust such a system without being able to review it for additional "backdoors" written into the system. I cannot fathom that the administration has not realized these points. They must know that such a system as the Clipper Chip is unmarketable and doomed to failure in its' current state. As long as other technology remains available, who would buy the Clipper Chip? And how does the introduction of the Clipper Chip aid law enforcement in protecting American citizens? Alone it does not. Any organization, criminal or otherwise, would be quite content to patronize other vendors not employing the Clipper Chip, many of which currently exist. I can only assume then that the administration's next step is to place heavy regulations on other hardware and software products not utilizing Clipper Chip technology, using the availability of Clipper systems to justify their move. The increasingly authoritarian methods the administration continues to adopt deserve careful scrutiny. The precedents established by this move, namely the regulation of the software industry, denial of reasonable freedom from government intrusion in personal affairs, and government created technology monopolies, are more than alarming, but dangerous. When confronted with the possibility of facing fines or criminal penalties for which computer program we use, the phrase I hear more and more often is, "I can't believe it's happening here." Most Concerned, [Signature] Shaen Logan Bernhardt I (uni at acs.bu.edu) Are my letters annyoing anyone yet? uni (Dark) From sward+ at cmu.edu Sun Apr 18 11:02:18 1993 From: sward+ at cmu.edu (David Reeve Sward) Date: Sun, 18 Apr 93 11:02:18 PDT Subject: MEDIA: Adam Smith Message-ID: <4foNRYG00Uh_E2XtYF@andrew.cmu.edu> One person I didn't see listed is Adam Smith. Sometime during the last week of March he aired a piece about privacy - use of SSN, the information you can get via computer & modem and others. He may be receptive to wiretap chip debate. -- David Sward sward+ at cmu.edu Finger or email for PGP public key 3D567F fingerprint = E5 16 82 B0 3C 96 DB 6F B2 FB DC 8F 82 CB E9 45 From tcmay at netcom.com Sun Apr 18 12:11:02 1993 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 18 Apr 93 12:11:02 PDT Subject: Fighting the Wiretap Chip Plan Message-ID: <9304181911.AA04196@netcom.netcom.com> (I'm using the "Wiretap Chip" name instead of "Clipper," as someone has suggested. It _does_ carry a better message.) This essay is bit rambling, as I'm in my lousy editor and don't have time to rearrange things into a more formal essay. Instead, I'll just make a number of points. I've seen a lot of discussion here about who to talk to, how to phrase the issues, and so forth. Fax numbers (good!), phone numbers, etc. But let me point out that the public discussion is not likely to do very much, for several reasons. 1. A very tiny universe of listeners. Crypto is too abstract for most people. I doubt anything we say can change this. And "privacy" is a complicated theme....the anti- and pro-abortion sides have been bandying it about for over a decade, to little avail. The key is to reach the relatively small fraction of policy shapers, both outside government and inside. 2. Journalists want the pithy quote, the sound bite, the attention grabber. They don't really care if 37 faxes have been received in support of some position--that just isn't news. I often shake my head in despair at the demands for "good quotes," but I still try to spew them out. Ironically, my .sig block, with all the comments about "crypto anarchy," "information markets," "zero knowledge," etc., often were the triggers that got me in touch with journalists. For example, Julian Dibell of the "Village Voice" saw my stuff in sci.crypt last fall and called me...only then did he learn of the existence of the Cypherpunks group. Likewise, Kevin Kelly, of "Whole Earth Review" fame, and now editor of "Wired," contacted me to ask about the terms in my cryptically cryptic sig. (Some people have already put good stuff about "Stop the Big Brother Chip" and "Say No to the Wiretap Chip" in their sigs...this is great advertising!) 3. I've been interviewed on crypto matters by several journalists, all of whom I respect. (They were, for the record: Steven Levy, for the "Wired" piece, Kevin Kelly, as editor of "Wired" and for a possible story in "Whole Earth Review," Julian Dibell, for "The Village Voice" (forthcoming, he tells me), Dave Mandl, for a radio station in New Jersey, and a couple of minor quotes here and there. (I can't begin to compete of course with John Gilmore or Eric Hughes, in terms of numbers of interviews.) 4. My conclusion is that the very term "Cypherpunks" was useful--even though I had little to do with choosing the name and sometimes find it distasteful (I prefer Miles Davis to Nine Inch Nails, for example). Consider that there are already several well-publicized groups devoted to various aspects of computer privacy: the EFF, the CPSR, the ACLU, etc. (these groups should be well-known to all of you). Before we came along, complete with our semi-outlaw, trendy name, the standard process when a crypto or privacy issue came up would be to get obligatory interviews with John Perry Barlow (I like him, but if I read one more account of his experiences as a lyricist for the Grateful Dead I'm going to puke...this is overexposure with a capital "O"), Mitch Kapor, and various folks from the ACLU and CPSR. The Cypherpunks provide a useful contrast, in my opinion. 5. And the Cypherpunks turn out to have a lot of very bright and interesting people, including many from the phone phreaker community, the PGP development community, and various other subcultures (like FidoNet, modem makers, wireless communications, and so on). This automatically makes us more diverse than groups like the CPSR and ACLU. 6. In a sense, we occupy an ecological niche that meets certain journalistic needs. 7. In summary, I wouldn't place a lot of emphasis on standard political actions...it just doesn't go very far. Talking to our friends and family will have a miniscule effect, both in raw numbers and because the next election is a long way off. Need I say more? Subversive actions that generate media attention, that trigger other people to begin to do things (such as homebrew voice encryption with SoundBlaster boards and CELP compression, as just one example), and that create new communities (Cypherpunks, Extropians, etc.), are much more effective. By the way, in a more standard way of doing things, I've been in touch with Jim Bidzos, President of RSA Data Security. I sent out a note on this recently. And I'll be meeting this evening with Eric Hughes, who's visiting the Monterey Bay area. We may be calling an emergency meeting of the Cypherpunks soon. Stay tuned. Don't get me wrong, folks. These are crucial times. A "War on Crypto" that mimics the "War on Drugs" is a distinct possibility. Any actions we take, from writing letters to calling t.v. stations to boycotting vendors of the "Wiretap Chip," will be useful. -Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. From karn at qualcomm.com Sun Apr 18 12:14:32 1993 From: karn at qualcomm.com (Phil Karn) Date: Sun, 18 Apr 93 12:14:32 PDT Subject: Clipper details via Hellman Message-ID: <9304181914.AA03014@servo> From jwarren at autodesk.com Sun Apr 18 12:23:27 1993 From: jwarren at autodesk.com (Jim Warren) Date: Sun, 18 Apr 93 12:23:27 PDT Subject: illustrating govt's preoccupation with terrorism Message-ID: <9304181915.AA01239@megalon.YP.acad> This is an excerpt from a LONG msg echoed to me by Dave Farber. Though it's from USIA -- not a police/enforcement agency -- it is nonetheless heavily concerned with "terrorism", the theme repeatedly referenced in the White House's Clipper Chip announcement. I've included the first part down through the first article as an example, and gave only the headlines of the remaining articles -- but you get the idea. Just FYI. [And, no, I don't know where/how Dave got it electronically in the first place. :-) ] --jim =============== Posted-Date: Sat, 17 Apr 1993 11:15:04 -0500 From: David Farber X-Sender: farber at linc.cis.upenn.edu Subject: I hope this continues to be distributed To: interesting-people at eff.org (interesting-people mailing list) >UNITED STATES INFORMATION AGENCY >FOREIGN MEDIA REACTION--DAILY DIGEST > >For further information: Anne Chermak, Chief >Media Reaction Staff (P/M), Tele. No. (202) 619-6511 > >Monday, April 12, 1993 > > TERRORISM AND WORLD INSECURITY > >In recent editorials, Iran was universally recognized as the source >of the double threat of state-sponsored terrorism and Islamic >extremism. But beyond this fear and condemnation, journalists found >little common ground that would compel both North and South, and Arab >and non-Arab nations to work together to combat the global threat of >terrorism. For example, Egyptian and Algerian papers were in the >forefront in charging U.S. complicity in the current instability in >the Middle East. Those commentators asserted that the United States >had promoted Islamic fundamentalism during the Afghanistan War and >had further added to regional instability by alternately encouraging >Iraq and Iran. > >India's papers weighed the pros and cons of helping the West to >identify Pakistan's role in promoting terrorism, noting on the one >hand that doing so could "bring ruination to Islamabad's Kashmir >cause" but, on the other, could also bring India's security apparatus >uncomfortably close to the CIA and the Mossad. Arab papers continued >to portray Iraq and Libya as being unfairly treated by the UN while >Israel remains unpunished for resolutions which it has violated. > >Concerning Northern Ireland, President Clinton's message of >consolation to the victims of the Warrington bombing was seen in >British tabloids as signalling a tougher stance by the American >government against violence by the IRA. > > > >This survey is based on 32 reports from 10 countries, April 1-12. > >EDITOR: Gail H. Burke > > ===== This goes on for many pages with a range of article summaries including: > MIDDLE EAST >ALGERIA: "Middle East Equation Has Changed" >"Injustice Will Not Defeat Dignity" >"After the Neglect...Wake Up, Washington!" >"U.S. Did Not Make the Best Choice" >"Change of Tone" >EGYPT: "West Will Not Let Go Of Libya" >"Can Anybody Explain U.S. Contradictory Posture Regarding Iran?" >"Who Will Anti-Terrorism Front Target?" >"Puzzling Approach To Abdel Rahman's Stay In U.S." >"An Insult To Egyptian People, Leadership" >"Islamic Extremism Threat Has Links To Afghanistan War" >JORDAN: "Call For Arab Unity" >"Clinton Administration Should Start A New Page with Iraq" >"Arabs Should Not Support The U.S. Against Iran" >MOROCCO: "Something New In Lockerbie Issue?" >"The West Has To Understand Libya's Flexibility" >TUNISIA: "Why The War On Muslims?" > SOUTH ASIA >INDIA: "Time To Be Worldly-Wise" >"War By Other Means" >"Perils Of Intelligence Links With The CIA And Mossad" >"Embittering Ties With Pakistan" >PAKISTAN: "Another Step Closer" >"Terrorism In Kashmir" > EUROPE >BRITAIN: "Northern Ireland--Significant Gesture By Clinton" >"Clinton's Blown To IRA Killers" >ITALY: "Enter Iran" >"The Ayatollah's Latest Threat" >"Silence Over Israel" >"Warning to Iran, Islamic Fundamentalism" > > LATIN AMERICA >CHILE: "Iran's Objectives" From newsham at wiliki.eng.hawaii.edu Sun Apr 18 12:47:23 1993 From: newsham at wiliki.eng.hawaii.edu (Timothy Newsham) Date: Sun, 18 Apr 93 12:47:23 PDT Subject: clipper Message-ID: <9304181947.AA03035@toad.com> smb at att.com has created a newsgroup for clipper conversation. alt.privacy.clipper I believe. I think it would be best (in keeping traffic here down and in getting everybody interested in clipper together) if everyone uses that newsgroup for clipper topics if possible. From hal at alumni.cco.caltech.edu Sun Apr 18 12:55:09 1993 From: hal at alumni.cco.caltech.edu (Hal Finney) Date: Sun, 18 Apr 93 12:55:09 PDT Subject: IMPORTANT! Message-ID: <9304181952.AA16918@alumni.cco.caltech.edu> Based on some of the suggestions I've seen here and on the net, I am inclined more to believe that there is no threat to make non Clipper cryptography illegal. The plan instead is to make it a de facto standard for all encrypted voice communications. You will notice in the AT&T press release posted here that AT&T is offering to release its technical information in order to allow this standardization to proceed. (As the release said, you need more than just a common encryption standard, you also need standardization on the voice encoding.) AT&T is obviously in bed with the government on this, and it doesn't really matter at this point why. It's a big company and the government can do a lot for it. AT&T is apparently determined to take whatever steps are necessary for this standardization to come about. As far as non-clipper encryption, I imagine the government will initially exert as much influence as it can to prevent any competing standard from getting a toehold. They have apparently waited until the chips were ready to deliver in quantity. AT&T is promising to release clipper phones later this year. It's doubtful that anyone else could even come up with a standard that soon, let alone get it into hardware (or firmware). If the standard does become established, it could be tough to defeat it. How easy is it going to be to sell a phone which is incompatible with everybody else's for secure communication? You'd have to buy one for everybody in your company or group who wanted to communicate. Then if they wanted to make a secure call to someone outside (say, a supplier or distributor) they wouldn't be able to do it. It would be a similar problem to the video phones. Why buy one when almost no one else has one and so you can hardly ever use it? Who will buy a Beta VCR today? An RCA non-laser video disk? Non-clipper encrypted phones may experience similar lack of success. I think this is their main strategy. If it doesn't work, they have a fallback before they would have to forbid encryption in the way we have feared. That is to forbid the sale of commercial devices with non-clipper encryption. You don't stop private individuals from making their own devices, you just make it illegal to sell them. There is precedent for this, I think, in the scanner business. You can't sell scanners capable of eavesdropping on cellular calls. But nothing stops you from building your own if you are an electronics whiz. (I am not expert on the legalities of scanner law. Someone please correct me if I am wrong here.) Notice that in their document they said that U.S. citizens do not have the right to unlimited-strength commercial encryption. I didn't pay much attention to the word "commercial" before, but now I think it is important. This would imply that their next step would be to ban only commercial implementations of cryptography. This way they can counter our civil-liberties arguments by saying that nothing stops anyone from encrypting his messages if he really wants to; he's doing it in the privacy of his own home, after all. But when he gets out in the commercial arena the government has many precedents for limiting what is bought and sold, the scanner laws being just one of many. I'm not sure how ominous such a world would be - clipper chips dominating the (small) encrypted phone market, no commercial competition, and only a few hobbyists with PC's and modems able to set up clumsy untappable conversations via modem-to-modem links. I might be able to talk to Tim May securely, but not to Mom and Dad. In a way, I can still have privacy, if I really want it. But it won't be available to most people. I wouldn't be surprised if something similar to this vision were the goal of those behind the clipper. Hal From ncselxsi!drzaphod at ncselxsi.netcom.com Sun Apr 18 13:06:37 1993 From: ncselxsi!drzaphod at ncselxsi.netcom.com (Doctor Zaphod) Date: Sun, 18 Apr 93 13:06:37 PDT Subject: CLIP: Chip -- Modification? Message-ID: <46995.drzaphod@ncselxsi> I havn't waded thru the entire stream of CypherPunks mail yet... but I thought I'd make a suggestion. If the clipper chip DOES in fact become widespread, in telephones, modems, whatever.. why don't we make an alternative chip [say.. based off the IDEA cypher and PGP keys] that uses the same pinouts as the Clipper chip. We, on the list, have been waiting for devices with the capability for encryption.. and it sounds as if ATT will be making it easier for us! Of course there might be some legal conflict with modifiying the devices.. and I think that's where our battle begins. --------------------------------------------------------------------- | DrZaphod | Stop, or I'll Encrypt! | | [AC/DC] / [DnA][HP] | Xcitement is Technology and Creativity | | [drzaphod at ncselxsi.uucp] | [Mind Police Censored] | --------------------------------------------------------------------- DrZaphod [AC/DC] / [DnA][HP] [drzaphod at ncselxsi.uucp] Technicolorized From jwarren at autodesk.com Sun Apr 18 13:39:06 1993 From: jwarren at autodesk.com (Jim Warren) Date: Sun, 18 Apr 93 13:39:06 PDT Subject: Hellman cogitates on the Clipper Chip Message-ID: <9304182028.AA01470@megalon.YP.acad> Received this on Saturday and got Marty's permission to repost it to 'punks. --jim ====== From karn at qualcomm.com Sun Apr 18 13:47:37 1993 From: karn at qualcomm.com (Phil Karn) Date: Sun, 18 Apr 93 13:47:37 PDT Subject: Followup message from Hellman Message-ID: <9304182047.AA03182@servo> From zane at genesis.mcs.com Sun Apr 18 15:03:02 1993 From: zane at genesis.mcs.com (Sameer) Date: Sun, 18 Apr 93 15:03:02 PDT Subject: Media Sugestions, History of Clipper and Conspiracy theories In-Reply-To: <9304181016.AA32068@hacker2.eff.org> Message-ID: In message <9304181016.AA32068 at hacker2.eff.org>, Dave Banisar writes: > > RE: Press Blitz > > I have found from experience, with some success, that the best way to > handle press if you to contact local press and present yourself > as a local expert on the subject. This gives them a local connection This seems to be an EXCELLENT idea. I wholeheartedly think that every cypherpunk with a strong knowledge of crypto (I haven't a strong knowledge yet-- still a newbie) contact the local press and offer your services as a local crypto-expert. I think that I probably know 10-15 times more than the general public about crypto, and it also seems that most of the people on this list know about 10-15 times more about crypto than myself. Thus there's a HUGE gulf of knowledge which must be remedied. -- | Sameer Parekh-zane at genesis.MCS.COM-PFA related mail to pfa at genesis.MCS.COM | | Apprentice Philosopher, Writer, Physicist, Healer, Programmer, Lover, more | | "Be God" - Me __ "Specialization is for Insects" - Robert A. Heinlein ____/ \_____________/ \____________________________________________________/ From zane at genesis.mcs.com Sun Apr 18 15:04:12 1993 From: zane at genesis.mcs.com (Sameer) Date: Sun, 18 Apr 93 15:04:12 PDT Subject: Putting out a paper-magazine Message-ID: I HIGHLY suggest that publishing-inclined cypherpunks start publishing cypherpunk-oriented PAPER newsletters to: A) Get out the word about how Clipper sucks B) Educate people about strong crypto, in layman's terms (tough one) C) Raise public support for strong crypto. There are probably other reasons why we want to do this as well. (When the discussion here was about technical details, I was greatly interested, but I had nothing to say-- now that the time has come for activism.. I feel that I can help..) The idea for full-page ads is nice. I'd advertise for raising funds for such a venture in my libertarian-leaning newsletter. -- | Sameer Parekh-zane at genesis.MCS.COM-PFA related mail to pfa at genesis.MCS.COM | | Apprentice Philosopher, Writer, Physicist, Healer, Programmer, Lover, more | | "Be God" - Me __ "Specialization is for Insects" - Robert A. Heinlein ____/ \_____________/ \____________________________________________________/ From clark at metal.psu.edu Sun Apr 18 15:04:20 1993 From: clark at metal.psu.edu (Clark Reynard) Date: Sun, 18 Apr 93 15:04:20 PDT Subject: Cypherpunks--Mission Statement Needed Message-ID: <9304182253.AA01388@metal.psu.edu> CP is for Crypto Privacy, because we feel that privacy and cryptography are now more inextricably linked than ever. We shall likely have to use crypto to hide our crypto. CP is for Changing Policy, both CP policy and existing government policy. CP is for Conscious Paranoia. We know and understand the issues involved, both the political and the scientific. We _are_ paranoid, but we know _why_ we're paranoid, and justify it as a _rational_ response. [The use of 'paranoia' is loose, of course, since the strict meaning and popular meaning differ widely.] CP is for Cypher Punks. Cypher because not only do we use cyphers, but in a certain sense we _are_ cyphers. Punks? A contemptuous term created by those contemptuous of those who fail to pay allegiance to the Almighty Government. Should it be a badge of pride, or a shameful term used for a shameful purpose? I believe that if we are to be effective, we ought to decide on a number of tenets which just aren't in the FAQ now. Tim May's .signature seems as good a place to start as any. Methods of implentation, boat-rocking and some form of plan will likely be necessary. Send mail to me or to the list, preferably to my mail address at nyx.cs.du.edu; and I will summarize and post, stripping headers if requested and eliminating redundant entries. The FAQ needs to be revised, I believe, to reflect the current crisis, and I am more than willing to help re-write it if anyone finds it agreeable. Thank you. [Aside: I appear to be getting two copies of many letters-- if anyone makes a snide comment about multiple postings of articles, I'll, I'll, I'll, uh, grin and look sheepish-- and I wonder if others have this problem; it's not a double sub, per se, as some letters _aren't_ doubled. Ah, well, it's probably nothing, just the side effects of the surveillance software.] ---- Robert W. Clark rclark at nyx.cs.du.edu PGP signature available by mail or finger From zane at genesis.mcs.com Sun Apr 18 15:06:34 1993 From: zane at genesis.mcs.com (Sameer) Date: Sun, 18 Apr 93 15:06:34 PDT Subject: Address of major telecom decision makers (AT&T, etc.) In-Reply-To: <9304170414.AA23048@churchy.gnu.ai.mit.edu> Message-ID: If someone has the addresses of these people it would be a very good idea to post these addresses (addresses of the NIST, Denning, etc. folk would be good as well.. I don't know those but those are probably more well-known than head-AT&T folk) here so that we can inundate them with mail and use these addresses in the full-page ads we buy in the newspapers. -- | Sameer Parekh-zane at genesis.MCS.COM-PFA related mail to pfa at genesis.MCS.COM | | Apprentice Philosopher, Writer, Physicist, Healer, Programmer, Lover, more | | "Be God" - Me __ "Specialization is for Insects" - Robert A. Heinlein ____/ \_____________/ \____________________________________________________/ From uni at acs.bu.edu Sun Apr 18 15:17:31 1993 From: uni at acs.bu.edu (Shaen Bernhardt) Date: Sun, 18 Apr 93 15:17:31 PDT Subject: Status of Voice Encryption with PC/Mac? Message-ID: <9304182217.AA114200@acs.bu.edu> I keep hearing about voice scrambling technology in conjunction with high speed modems and soundblaster cards.... Anyone care to comment on the availability of said devices? The Supra people mentioned something, I'll check into it. how about the potential for RAW cyphertext from PGP? Hiding cyphertext in other mediums...? Is any of this available today? uni (Dark) From karn at unix.ka9q.ampr.org Sun Apr 18 15:31:38 1993 From: karn at unix.ka9q.ampr.org (Phil Karn) Date: Sun, 18 Apr 93 15:31:38 PDT Subject: voice privacy for the masses Message-ID: <9304182233.AA01522@unix.ka9q.ampr.org> I think Hal Finney's analysis is not far from the mark. Saner elements in the government probably do realize the utter impossibility of a complete ban on uncrackable crypto given the existence of talented, knowledgeable and highly motivated (especially now!) "cypherpunks". But the government has also found that with very little effort, they can still have an enormous practical effect on the non-cypherpunk masses. Heck, look at what the NSA did to the digital cellular standards by standing in the shadows and quietly threatening to withhold export approval to phones with meaningful technology. The NSA barely had to whisper its objections, because the industry simply doesn't care very much about customer privacy. Certainly not enough to risk not only their non-US markets, but also the ability to have phones manufactured overseas for the US market. And then NSA rubs salt in the wound by brazenly claiming that they're only concerned about encryption getting into the hands of unfriendly foreign governments. As far as they're concerned, they say with a perfectly straight face, Americans are free to use any encryption scheme they want. I wonder how people like that can sleep at night. Well, the implications are obvious. If the public is ever to benefit on a large scale from strong encryption technology, it cannot depend on a normal market to sell it to them in turnkey packages. As soon as you go into business overtly selling such packages, the government pressure will begin. They will make sure that you do not become too successful, either by banning exports or by flooding the market with inferior technology that they can break (like Clipper). So we need to create a rather nonconventional "market". More specifically, we need to find a way to bring the efforts of the cypherpunks to the public with minimal cost and in a way that the government cannot control. By far the best way to do this is to write and distribute free crypto software that requires only readily available general purpose hardware to run. As we know, duplicating and distributing software is so trivial that controlling it is virtually impossible. And while it's theoretically somewhat easier for the government to ban or regulate, say, modems faster than 2400 bps or CPUs faster than 10 MHz 286s, general purpose computer hardware like this has so many other "legitimate" uses that in practice a ban would again be impossible. I've contributed a little to this effort myself with my public domain DES code, but it's the PGP effort that has really made this a reality. PGP is now unstoppable, and it's well on the way toward providing large scale privacy for email and other textual information. But voice is still a problem. What we really need now is "PGVP" ("Pretty Good Voice Privacy"), i.e., a package of public domain software that, when again combined with readily available general purpose computer hardware, produces a highly secure telephone. We already have two of the three hardware components of a digital secure telephone well in hand: CPUs capable of encrypting digital voice in real time, and reasonably fast telephone modems. The one remaining piece to the puzzle is the vocoder, as conventional waveform sampling of speech produces a data rate too high for telephone modems. (Faster modems might alleviate the need for a low bit rate vocoder, but current generation modems are already running very close to theoretical limits, and there won't be too many more improvements.) Ready-made vocoders are available. In fact, my company (Qualcomm) just announced one (the Q4400) as a spinoff of our CDMA digital cellular system. It's a mask-programmed AT&T DSP-16A DSP chip. Unfortunately, like many leading-edge products, it's not cheap: $69/ea in quantity 1000, and reportedly nearly $200 in small quantities. A second alternative is to run your own vocoder software. But vocoders are notoriously compute-intensive, and they're traditionally run on DSPs. And DSPs do not yet qualify as "widely available general purpose computer hardware". That leaves a third possibility: tuning vocoder software to run in real time on a fast general purpose processor like a 486. John Gilmore has already obtained and distributed public domain code that implements the Federal standard CELP vocoder algorithm (used in government secure telephones, a nice twist) but my understanding is that it's too slow to run in real time on popular computers. Van Jacobson at LBL has reportedly tuned it to run in better than real time on a Sparc 1+, but he hasn't released it yet and he's a notoriously hard guy to get ahold of. So the request of the day is this: who's willing to take that CELP code, bum enough instructions out of it so it will run in real time on a 486, and place his or her work back out into the public domain? Phil From uni at acs.bu.edu Sun Apr 18 15:43:22 1993 From: uni at acs.bu.edu (Shaen Bernhardt) Date: Sun, 18 Apr 93 15:43:22 PDT Subject: FAQ's Message-ID: <9304182243.AA107262@acs.bu.edu> Perhaps someone should cook up a frequently asked questions sheet with regard to our position on the Wiretap chip proposal? Something bent a little more in the direction of consequences and not promises? Q: What will the Clipper Chip really mean for Privacy? A: The Clipper chip bills itself as the answer to a nations right for privacy, when indeed it is less secure than many of the algorithms in circulation today. Buying a Clipper Chip device is the same as handing the government your login password and accepting the promise, "We'll only use it with proper authorization..." Admittedly my example is less than eloquent, perhaps someone can come up with better? Given this format, and if the questions and answers are kept in layman's terms, it could reasonably be distrubuted to some of the less technical news groups and things like comp.mac.comm and such.... uni (Dark) From psionic at wam.umd.edu Sun Apr 18 16:18:11 1993 From: psionic at wam.umd.edu (Haywood J. Blowme) Date: Sun, 18 Apr 93 16:18:11 PDT Subject: Amiga programmers. Message-ID: <199304182317.AA18599@rac3.wam.umd.edu> A curious thought occurred to me several months ago, and it was recently brought up again when someone mentioned doing it on IBM's with soundblasters. This idea has been sitting basically on the back burner for a while now. But now with the current climate (Wiretap chip proposed) I think it is relevant. This idea basically applies to Commodore Amiga computers. So if you are a programmer and would like to help me with this please E-Mail me about it. The basic idea I think would need the following: - A sound digitizer - High speed modem - 68020 or above processor (for speed purposes) - Good encryption algorithm (IDEA for example) Implementing the system would involve using the digitizer to digitize the voice. Then processing the sample (in real time) through the encryption algorithm and sending the output to the modem for transmission. The process would be repeated on the other end. The problems I see occurring are the following - Speed of the computer affecting real time encryption - Synchronizing the data packets for accurate decryption on the other side. - simultaneous I/O on the serial and parallel ports(for modem and digitizer) - outputing to speakers on receiving end. - having the whole process operate in a full duplex mode (ie. both people can talk at the same time). I think the majority of functions can be handled by the system libraries and outside sources (such as xpkidea.library for encryption). Does this sound feasible?? ============================================================================= /// | psionic at wam.umd.edu | Q: How did the govt. decide to use an 80 __ /// C= | Craig H. Rowland | bit key for the new clipper chip? \\\/// Amiga| PGP Key Available | A: They combined Bill and Hillary \/// 1200 | by finger. | Clintons' IQ's. ============================================================================= From zane at genesis.mcs.com Sun Apr 18 16:23:16 1993 From: zane at genesis.mcs.com (Sameer) Date: Sun, 18 Apr 93 16:23:16 PDT Subject: CLIP: Sample/Draft letter to the editor Message-ID: I wrote up a letter to the editor on the issue, which I will send to the local newspapers and the major newspapers. I'd like comments, and criticisms so that I may make the letter more effective. I also plan on writing an article in my newsletter _The Free Journal_ on this big brother plan. (I plan on including excerpts from _From Crossbows to Cryptography_ in this "Crypto" issue as well.) Editor: The Clinton administration on Friday unveiled their plan for establishing a standard data encryption system for voice communications. This plan is abhorrent and reeks of Big Brother. President Clinton says that he wants to bring the United States into the twenty-first century. This proposal is bringing us to 1984. First I will mention technical reasons why the system is inadequate. The encryption algorithim is classified. Only a select group of people will be allowed to examine the algorithim for flaws. The members of the cryptographic community emphasize that the only way to make sure that a cryptographic system is secure is to have as many people as possible analyze and try to break it for as long as possible. A system which has been examined by a small segment of the population will not be trusted to be secure. The key used in this algorithim is very small-- it is easily attacked by brute-force. The encryption key is only eighty bits long. Such a small key lends itself to easy decryption by an unauthorized party. It would lend a false sense of security to laypersons in the field who do not realize that a key of such simplicity could be cracked easily by any talented criminal. Apart from the technical flaws in the system, there are many political problems with the recent big brother proposal. First, there is the assumption that the government has a right to spy on its own citizens. The proposal for this wiretap chip includes the registration of keys with two escrow agencies. This is purported to allow law enforcement to keep track of "terrorists" and "drug-dealers." The first flaw in this key-escrow system is that no self-respecting criminal will use a cryptography system which can be easily tapped by law enforcement officials-- they will use strong cryptography. Thus the only people who may end up using the wiretap encryption system will be law-abiding laypeople who don't fully understand cryptography. (Law-abiding citizens who do understand cryptography will use strong cryptography to preserve their privacy from a talented criminal.) The proposal says that in order to obtain the key of a wiretap chip user a law enforcement agency must first establish that they have a valid interest in the key. Translated out of legalese, that means that all a government agency will have to do to get access to all of the private communications between, for example, a lawyer and her client will be to fill out the necessary forms. Registering cryptographic keys with the government is similar to giving the IRS the keys to your house and filing cabinet. The chip is being manufactured exclusively by one company. The release stated that the Attorney shall request (i.e. coerce) telecommunication product manufacturers to use this product. This aspect of the system is a government-mandated monopoly. Such monopolies result in high prices and the elimination of market forces which drive the improvement of technology. (One needs only look at the state of the Soviet Union to see how the lack of market forces affects consumer technology.) What is feared the most from the proposal is that if the wiretap chip becomes the standard, strong cryptography will be declared illegal. If such is the case, then only criminals will have access to strong cryptography. As I have stated above-- the wiretap chip will not be used by criminals because of the obvious flaws in the crypto-system-- criminals will use strong crypto, while law-abiding citizens will have to use a system which can be easily defeated by any criminal. Strong cryptography already exists for data communications, for -free-. Strong cryptography for voice communications for -free- is only a few months away for people who own a personal computer. There is no way that making strong cryptography illegal will stop it-- it will only turn otherwise law-abiding citizens into criminals. Sincerely, Sameer Parekh -- | Sameer Parekh-zane at genesis.MCS.COM-PFA related mail to pfa at genesis.MCS.COM | | Apprentice Philosopher, Writer, Physicist, Healer, Programmer, Lover, more | | "Be God" - Me __ "Specialization is for Insects" - Robert A. Heinlein ____/ \_____________/ \____________________________________________________/ From newsham at wiliki.eng.hawaii.edu Sun Apr 18 17:03:28 1993 From: newsham at wiliki.eng.hawaii.edu (Timothy Newsham) Date: Sun, 18 Apr 93 17:03:28 PDT Subject: Amiga programmers. In-Reply-To: <199304182317.AA18599@rac3.wam.umd.edu> Message-ID: <9304190003.AA06605@toad.com> > The basic idea I think would need the following: > > - A sound digitizer > - High speed modem > - 68020 or above processor (for speed purposes) > - Good encryption algorithm (IDEA for example) > > Implementing the system would involve using the digitizer to digitize the > voice. Then processing the sample (in real time) through the encryption > algorithm and sending the output to the modem for transmission. The process > would be repeated on the other end. > > The problems I see occurring are the following > > - Speed of the computer affecting real time encryption > - Synchronizing the data packets for accurate decryption on the other side. > - simultaneous I/O on the serial and parallel ports(for modem and digitizer) > - outputing to speakers on receiving end. > - having the whole process operate in a full duplex mode (ie. both people > can talk at the same time). > > > I think the majority of functions can be handled by the system libraries and > outside sources (such as xpkidea.library for encryption). > > Does this sound feasible?? >From what I gather CELP takes about 10 to 15 MIPS and LPC takes somewhere under 5 MIPS on DSP chips. Instructions including fixed point multiplies and accumulations (not counting divisions). Thats quite a load for a 68020 to bear and still do encryption and communications isnt it? I have been working on an encrypted link protocol, I have written a unix end (w/ sockets for debugging) as well as some prototype amiga ends (nothing nice yet). It is basically a term program with an encrypted mode built in. I have released the unfinished but operational unix end so far (link.tar.Z) but have been too pressed for time to work on it lately. I am also working with a DSP chip and plan to implement LPC at bandwidths of about 2000 bps. This will be low quality (less than toll quality, but "good enough" for.. well for me :) I hope the end product will be reproduceable for under $50. (I am using the ADSP 2105 DSP microcontroller which offers 10 MIPS for about $12) Someone has mentioned that there is a ZYXEL chip that has CELP built in to it, this might be a faster way to go, does anyone have more details? I plan to incorporate the two when I am finished to allow encrypted voice between two endpoints, and hopefully also over some networks (were delay time doesnt cause too much problems, long distances over packet switching might not work so nicely). progress: I have developed and implemented the protocol engine of the link protocol and written a unix end. I have started assembling (but not programming) the DSP board, I plan later to add on-board d/a and a/d but for the time being I will be importing samples from the amiga, and retrieving LPC coded data. I am encouraging other people to use my protocol engine and incorporate it into terminal programs. From sommerfeld at orchard.medford.ma.us Sun Apr 18 17:37:05 1993 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Sun, 18 Apr 93 17:37:05 PDT Subject: Followup message from Hellman In-Reply-To: <9304182047.AA03182@servo> Message-ID: <9304190011.AA00158@orchard.medford.ma.us> Quoting Martin Helmann as forwarded by Steve Belloving and Phil Karn: she [Denning -sommerfeld] says the message is not double encrypted. The system key (or family key as she was told it is called) only encrypts the serial number or the serial number and the encrypted unit key. This is not a major difference, but I thought it should be mentioned and thank her for bringing it to my attention. This sounds pretty unlikely to me -- if the message isn't double-encrypted, the "tags" could be separated from the ciphertext without too much effort. Of course, it's not clear whether the receiving system checks the serial number, or whether the serial number is factored into E[M;K]; conceivably, those things could be reconstituted on the other end if the receiving wiretap chip needed them.. - Bill From vanam at phazer.ksu.ksu.edu Sun Apr 18 18:04:43 1993 From: vanam at phazer.ksu.ksu.edu (Stephen LeeSecond son of Caine) Date: Sun, 18 Apr 93 18:04:43 PDT Subject: unsub Message-ID: <9304190104.AA16243@phazer.ksu.ksu.edu> unsubscribe me please thanx.... Stephen From MJMISKI at macc.wisc.edu Sun Apr 18 18:14:20 1993 From: MJMISKI at macc.wisc.edu (Matthew J Miszewski) Date: Sun, 18 Apr 93 18:14:20 PDT Subject: MEDIA: Calm Message-ID: <23041820135802@vms2.macc.wisc.edu> Everyone, Im glad to see so many insightful letters being sent/broadcast to media types. I think that our cause would be better served with a toning down of the rhetoric and techno-talk. I understand what your saying but Joe Byline may not. Keep it simple. On that note, I think one more effective strategy is for some cypherpunks to write thoughtful letters which appear (or do) come from strict lay people scared at the thought of the "Wiretap Chip". If it appears that only techno- types care about this issue, then no one else will. I know non-crypto experts read this list, so this is a call to you to express your opinions publically as john/jane doe on the street. You dont have to speak to the technical side of things at all. Simply let the world know your afraid and so should everyone else. Leave the cryptoanalysis to the experts (Tim, Eric, et al) Keep up the good work everyone. Matt From hkhenson at cup.portal.com Sun Apr 18 19:21:06 1993 From: hkhenson at cup.portal.com (hkhenson at cup.portal.com) Date: Sun, 18 Apr 93 19:21:06 PDT Subject: AT&T Press Release on Clipper Message-ID: <9304181828.2.10206@cup.portal.com> On Sun, 18 Apr 1993 09:49:35 -0500 Dave Banisar posted: >Subject: AT&T Press Release on Clipper > >Here's AT&T's announcement on the Clipper. > > > AT&T TO INCORPORATE NEW 'CLIPPER' CHIP INTO SECURE COMMUNICATIONS >PRODUCT LINE > >GREENSBORO, N.C., April 16 > > AT&T (NYSE: T) said today it is moving to improve the security and privacy >of telephone communications by incorporating a just-announced new U.S. >government technology for voice encryption into its secure communications >product line. > > AT&T will use the Clipper chip, announced today by President Clinton as a [mucho deleted] > AT&T Secure Communications Systems is headquartered in Greensboro. > For more information about the AT&T Telephone Security Device 3600 >and other AT&T Secure Communications Products, call David Arneke at >919-279-7680. > CONTACT: David Arneke of AT&T Secure Communications Systems, 919-279- >7680,or after hours, 919-273-5687, or Herb Linnen of AT&T Media Relations, >202-457-3933, or after hours, 202-333-9162 Expecting to get a recording or something of the like, I called the last of these numbers, and got a considerably agitated Herb Lennen--at home--who had already been the recipient of a call or two. He was not happy, to put it mildly! I kindly informed him that his home phone number had been posted all over the computer nets by someone posting an official ATT press release, and that the government's universal wiretap chip, er Clipper chip, was fast becoming a controversial topic. He accused me of being with an "organized hacker group," and stated that he only talks to people from news organizations of the NYT and Wall Street Journal size. I offered to send him a sample of the comments, but he declined to give me his email address. (Though I suspect that Herb_Lennen at att.com might work.) Most interesting though, he told me that John Markoff had written the definitive (and he implied positive) story on the chip. Yo John! If you are not reading the cypherpunks list for the "other side" of this story, you might want to. Keith Henson From psionic at wam.umd.edu Sun Apr 18 19:50:39 1993 From: psionic at wam.umd.edu (Haywood J. Blowme) Date: Sun, 18 Apr 93 19:50:39 PDT Subject: Amiga Crypto Message-ID: <199304190250.AA12313@rac3.wam.umd.edu> Return-Path: >> The basic idea I think would need the following: >> >> - A sound digitizer >> - High speed modem >> - 68020 or above processor (for speed purposes) >> - Good encryption algorithm (IDEA for example) >> >> Implementing the system would involve using the digitizer to digitize the >> voice. Then processing the sample (in real time) through the encryption >> algorithm and sending the output to the modem for transmission. The process >> would be repeated on the other end. >> >> The problems I see occurring are the following >> >> - Speed of the computer affecting real time encryption >> - Synchronizing the data packets for accurate decryption on the other side. >> - simultaneous I/O on the serial and parallel ports(for modem and digitizer) >> - outputing to speakers on receiving end. >> - having the whole process operate in a full duplex mode (ie. both people >> can talk at the same time). >> >> >> I think the majority of functions can be handled by the system libraries and >> outside sources (such as xpkidea.library for encryption). >> >> Does this sound feasible?? newsham at wiliki.eng.hawaii.edu Writes: >From what I gather CELP takes about 10 to 15 MIPS and LPC takes >somewhere under 5 MIPS on DSP chips. Instructions including >fixed point multiplies and accumulations (not counting divisions). >Thats quite a load for a 68020 to bear and still do encryption >and communications isnt it? [Stuff deleted] This is true. But if a sampling rate of about 9000-10,000 samples per second are used this will allow for good voice quality and the encryption algorithm should be able to handle it. The IDEA implementations I have seen for the Amiga run about 30-50K per second on my Amiga 1200 with 68020. This should be fast enough. If you then can send that data directly to the serial port with a fast modem 14.4K it should work. But it might sound choppy (haven't done the figures yet on how much data would be going to the modem while the person speaks, but it may be substantial enough to make the use of a high speed modem not feasible. Also I have to consider that data compression in the form of LAP/M or MNP will be ineffective against the encrypted data as it will appear as white noise and will be largely uncompressable.. ============================================================================= /// | psionic at wam.umd.edu | Q: How did the govt. decide to use an 80 __ /// C= | Craig H. Rowland | bit key for the new clipper chip? \\\/// Amiga| PGP Key Available | A: They combined Bill and Hillary \/// 1200 | by finger. | Clintons' IQ's. ============================================================================= From ld231782 at longs.lance.colostate.edu Sun Apr 18 22:06:28 1993 From: ld231782 at longs.lance.colostate.edu (ld231782 at longs.lance.colostate.edu) Date: Sun, 18 Apr 93 22:06:28 PDT Subject: musings from a madman Message-ID: <9304190506.AA09069@longs.lance.colostate.edu> Hellman's Hints --------------- [Hellman] >When a message is to be sent it will first be >encrypted under K, then K will be encrypted under the unit key UK, >and the serial number of the unit added to produce a three part >message which will then be encrypted under the system key SK >producing > > E{ E[M; K], E[K; UK], serial number; SK} > >When a court order obtains K1 and K2, and thence K Just a quibble, Mr. Hellman says earlier that K1 and K2 lead to unit key UK, not family code K. And given the above, how do they ever decrypt the message if they don't have K, unless the scheme is insecure under the `family code'? (>barf<, leave it for the Ministry of Truth to come up with some user-friendly term for something inherently nauseating like `friendly fire', I wonder if Dingaling is behind this one too...) Do you get it? -------------- This little formula is not obvious to me. It seems to me two basic questions have to be answered, could someone spell these out given what's known? 1. How the phones interact prior/during a call 2. How the sinister TLAs wiretap 3. How casual eavesdropping by other than billion-dollary agencies is prevented (if at all) The Flimsy Code --------------- The family code is clearly a propaganda wrench in the works. `They' now have some pretty powerful ammunition--it must be secure if you get to change your code whenever you want, right? It's so simple anyone can use it! I'm a bit surprised it wasn't mentioned in the announcement. I guess all the hoopla and slick and vapid AT&T ads about `wow, you get to *choose* your combination!' will come a bit later, it'll fit in quite nicely with their `I' plan, as in Illegal... (I hope Sprint and MCI sue the pants off AT&T and the government for this outrageous collusion, unless of course they are in the collusion too...) Conspiracy Theories ------------------- how is it that CPSR and EFF came out with responses to the initial announcement virtually instantaneously after its release? Are they just really swift? I want to know what >every< single person on those mailing lists has to say about how their name got there and how long they knew about this abomination (and before they have a chance to agree on stories!). I don't appreciate Mr. Banisar's little slash suggesting that the issue is already closed and that anyone who thinks something just a tad unusual is going on is a deranged conspiracy monger... I think its kind of cute how he says that `nothing significant' appeared in the traffic... Who Has the Keys? ----------------- The evasion of `who stores the keys' makes me wonder. It suggests that the proposal was poorly crafted (which is true in any case), but, more likely, IMHO, the scheme is weak enough for the NSA (but maybe not cops) to break regardless, and hence their casual disregard for this seemingly monumentally crucial point. Also, they can make it sound like they are `compromising' by giving the appearance of public debate on the agencies, because it won't really matter, while diverting attention from the *real* issues (look here! see your rights? now you see 'em, now you don't... pick a key, any key---was it this one? >wow< how'd you *do* that?). What IS Acceptable ------------------ We should be prepared to say what >is< acceptable for the government to do; don't get caught off guard with a question like ``well, what are you people proposing as an alternative?'' Here are a few ideas... 1) Get the hell out of the cryptography and hardware development business, and leave private industry alone to do what it does best when not harrassed by extortionists and terrorists who shall remain nameless but have the initials N.S.A. ... 2) Let the NIST pick a phone encryption scheme after totally open debates and total noninvolvement by the NSA, who is obviously biased. We can note that this has been attempted to be followed for other encryption schemes (e.g. digital signature, DES, etc.) why not here? what's so special? 3) Let communications companies loose on it, stay out of the way or get trampled by the stampede, and we'll all be happy. Ministry of Truth (1993-?) -------------------------- Finally, drive home the point: the government may have always had the `precedent' (don't ever use `right' here) to *listen*, there has never been any assurance that they must *understand* what is being said, and we are assured by our Noble Constitution that we can say what we please, and if by exercising this fundamental and inalienable right we upset the fragile status quo, then so be it, because the monument of freedom of speech will always overshadow the weak and tenuous `precedent to listen'. Cryptography simply alters their *understanding* of what is on a line from the meaningful to the meaningless, and only the Ministry of Truth is allowed to regulate *meaning* (hm, maybe that will be the next government agency created under the New Regime...) Mea Culpa --------- sorry for the rough editing on the last message, that's what happens in the heat of the moment from one of those impatient and extremely agitated cypherpunks... For those of you keeping score at home, the ``Notice how the proposal talks about'' non sequitur should read ``Notice how the proposal talks about criminals and terrorists without any qualifications such as `alleged' and `suspected' ''. as my penance you have this little beauty in front of you... How Does Cypherpunk Sound? -------------------------- `cypherpunk' actually has some pretty endearing qualities as a name, and I'd be a bit horrified to give it up, just when I was waiting for the T shirt ``Cypherpunks do it stealthily'' (secretly? sneakily?). The public seems to have a bit of fascination for `cyberpunk' right now and we are just riding on it (stealthily? secretly? sneakily?). OK, so we don't publicize that term, but it could actually increase the glamor and mystery of the cause; we shouldn't pretend that we're not seriously pissed off... Quote Corner ------------ ``the TURNCOATS ARE COMING!'' ``REMEMBER THE LIBERTY!'' ``They're HEEEERE...'' ``Keys? I thought YOU had the keys! Do you have a crypt hanger? We better call the cryptsmith...'' From dasher at well.sf.ca.us Sun Apr 18 22:48:08 1993 From: dasher at well.sf.ca.us (D Anton Sherwood) Date: Sun, 18 Apr 93 22:48:08 PDT Subject: gentlemen Message-ID: <199304190547.AA19600@well.sf.ca.us> Who was the statesman who said, two generations ago, "Gentlemen do not read each other's mail"? By the way, the San Francisco Chronicle's business section's Saturday headline was Secret Phone Plan Under Fire or maybe it was Secure Phone Scheme Draws Fire *\\* Anton Ubi scriptum? From jamesdon at infoserv.com Sun Apr 18 23:27:00 1993 From: jamesdon at infoserv.com (James A. Donald) Date: Sun, 18 Apr 93 23:27:00 PDT Subject: subscribe In-Reply-To: Message-ID: <2bd1c9a7.jamesdon@infoserv.com> subscribe James A. Donald In case a human is reading this, I wish to subscribe to the cypherpunks mailing list. --------------------------------------------------------------------- | James A. Donald | Joseph Stalin said: "Ideas are more powerful | than guns. We would not let our enemies have jamesdon at infoserv.com | guns, why should we let them have ideas." From wbe at bbn.com Sun Apr 18 23:29:17 1993 From: wbe at bbn.com (Winston Edmond) Date: 18 Apr 93 23:29:17 Subject: Figuring out ZyXEL's CELP specs In-Reply-To: <116416f1@ofa123.fidonet.org> Message-ID: After various people expressed interest in the ZyXEL modem CELP specs... Tyrone.Horton at p101.f701.n202.z1.fidonet.org replied: > As far as CELP, ZyXEL will not be releasing the specs. OK. In that case, it's up to us to figure it out. :-) I saw the following post about 4800 CELP on another newsgroup and thought it might help someone here get closer to figuring out how ZyXEL's 9600 CELP works. PLEASE: the following message mentions a source of CELP source code that's free. Rather than everyone calling all at once, I suggest: (1) If you live in the D.C. area, maybe go ahead and call anyway and then post the results in this newsgroup. Otherwise (2) If you have a high interest and it's likely you'll actually do something with the information, POST A NOTE TO THIS NEWSGROUP saying so and wait a couple of days so we can all see who else is interested. (3) When the dust settles, the most interested, and/or those nearest Washington, D.C., call to get the source code and then post it to the newsgroup (if permitted). (Unfortunately, you may have to consider U.S. export restrictions, but since the author says the code "is available for worldwide distribution", I don't expect this to be a problem.) -WBE --------------------------------------------------------------------------- From: jpcampb at afterlife.ncsc.mil (Joe Campbell) Newsgroups: comp.compression.research Subject: Re: CELP vocoder refs Date: 17 Jan 93 21:38:07 GMT Organization: The Great Beyond Hi, I hope that the following information answers your questions. Joe The U.S. DoD's Federal-Standard-1016 based 4800 bps code excited linear prediction voice coder version 3.2 (CELP 3.2) Fortran and C simulation source codes are available for worldwide distribution at no charge (on DOS diskettes, but configured to compile on Sun SPARC stations) from: Bob Fenichel National Communications System Washington, D.C. 20305 1-703-692-2124 1-703-746-4960 (fax) Example input and processed speech files, a technical information bulletin, and the official standard "Federal Standard 1016, Telecommunications: Analog to Digital Conversion of Radio Voice by 4,800 bit/second Code Excited Linear Prediction (CELP)" are included at no charge. The following articles describe the Federal-Standard-1016 4.8-kbps CELP coder (it's unnecessary to read more than one): Campbell, Joseph P. Jr., Thomas E. Tremain and Vanoy C. Welch, "The Federal Standard 1016 4800 bps CELP Voice Coder," Digital Signal Processing, Academic Press, 1991, Vol. 1, No. 3, p. 145-155. Campbell, Joseph P. Jr., Thomas E. Tremain and Vanoy C. Welch, "The DoD 4.8 kbps Standard (Proposed Federal Standard 1016)," in Advances in Speech Coding, ed. Atal, Cuperman and Gersho, Kluwer Academic Publishers, 1991, Chapter 12, p. 121-133. Campbell, Joseph P. Jr., Thomas E. Tremain and Vanoy C. Welch, "The Proposed Federal Standard 1016 4800 bps Voice Coder: CELP," Speech Technology Magazine, April/May 1990, p. 58-64. The U.S. DoD's Federal-Standard-1015/NATO-STANAG-4198 based 2400 bps linear prediction coder version 53 (LPC-10e v53) Fortran or C simulation source codes are available on a limited basis upon written request to: Tom Tremain Department of Defense Ft. Meade, MD 20755-6000 USA The U.S. Federal Standard 1015 (NATO STANAG 4198) is described in: Thomas E. Tremain, "The Government Standard Linear Predictive Coding Algorithm: LPC-10," Speech Technology Magazine, April 1982, p. 40-49. There is also a section about FS-1015 in the book: Panos E. Papamichalis, Practical Approaches to Speech Coding, Prentice-Hall, 1987. The voicing classifier used in the enhanced LPC-10 (LPC-10e) is described in: Campbell, Joseph P., Jr. and T. E. Tremain, "Voiced/Unvoiced Classification of Speech with Applications to the U.S. Government LPC-10E Algorithm," Proceedings of the IEEE International Conference on Acoustics, Speech, and Signal Processing, 1986, p. 473-6. Copies of the official standards "Federal Standard 1015, ...", and "Federal Standard 1016, Telecommunications: Analog to Digital Conversion of Radio Voice by 4,800 bit/second Code Excited Linear Prediction (CELP)" are available for US$ 2.50 each from: GSA Rm 6654 7th & D St SW Washington, D.C. 20407 1-202-708-9205 Realtime DSP code for FS-1015 and FS-1016 is sold by: John DellaMorte DSP Software Engineering 165 Middlesex Tpk, Suite 206 Bedford, MA 01730 1-617-275-3733 1-617-275-4323 (fax) dspse.bedford at channel1.com DSP Software Engineering's FS-1016 code can run on a DSP Research's Tiger 30 (a PC board with a TMS320C3x and analog interface suited to development work) or on Intellibit's AE2000 TMS320C31 based 3" by 2.5" card. DSP Research Intellibit 1095 E. Duane Ave. P.O. Box 9785 Sunnyvale, CA 94086 McLean, VA 22102-0785 (408)773-1042 (703)442-4781 (408)736-3451 (fax) (703)442-4784 (fax) -- ............................................................................. ; Dr. Campbell N3JBC jpcampb at afterlife.ncsc.mil 74040.305 at compuserve.com ; ; My opinions are mine! Happiness = Reality - Expectations, Click & Clack ; ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From crunch at netcom.com Mon Apr 19 00:11:33 1993 From: crunch at netcom.com (John Draper) Date: Mon, 19 Apr 93 00:11:33 PDT Subject: My comments on the Clipper or Tapper chip, Message-ID: <9304190711.AA12484@netcom4.netcom.com> I don't know wheter or not I should post this in alt.security.pgp, or other newsgroups, but here's my official comments on what I think of the Clinton Adm "Clipper" or "Tapper" chip. Any press people are welcome to use it, and feel free to send it out wherever it will help. My official statement and comments on the "Tapper chip" ======================================================= I believe that the Clintom Admin is trying to push this idea through without giving much thought on the ramifications of this rather intreguing idea of "registering" your keys with some government agency. This overwhelming urge to "tap into" our private conversations is just going to promote private encryption and voice scrambling. It is not going to make law enforcement's job any easier to catch criminals, because they will also encrypt their voice and data. It reminds me of that popular bumper sticker "If guns are outlawed, then only outlaws will have guns". It is clear that the government considers encryption as a "weapon", used by the enemy to keep nosey people away. Look at the current export laws to convince yourself of that. I guess I can think of it as a weapon to preserve my privacy. This is not only going to get a bad reception in the industry, but it will cost the government more money by adding huge administration costs. Talk about government "FAT"? I thought our goals are to cut government spending, not add to it. Lets see!! You need two agencys (Hopefully ones that people can trust). Gee!! I cannot even think of just ONE agency that I can trust!! can you? Then, these agencys have to keep track of one half of an 80 bit key. I guess there is one key for each "clipper" chip, so there has to be the capability of millions of keys, each one has to perfectly match the other half. Then there will be people needed to "register" these "tapper" phones. Lets not even think about what happens when one decides to sell it!! MORE government FAT!!. I guess thats why they're called FAT CATS. Now, if I were a criminal, do you think I would be dumb enough to "register" my phone with the government. Of course not. I would probably get mine on the black market, or though some other illicit means!! If I were a law abiding citizen, would I trust some government agency with my encryption key? Would you?? Then, there is this classified algorithm used in the clipper chip itself. I'm sure its pretty good, and it is probably hard to attack and crack. But can you really be absolutely sure that there isn't some sort of "back door" in it?? It is clear that the industry hasn't been consulted, or ideas were not put forth in some public forum. So, where is this democratic process?? We ARE still a democracy, aren't we? How was this company that sells the "Clipper chip" selected?? Was RSA data security people contacted?? It is clear that a lot of questions have to be answered before something like this can be accepted. I just hope the right people make the right decision, and that PRIVATE encryption be the responsibility of the user, and NOT the carriers. It is important that more and more private encryption programs, equipment, etc, can be made available on the market. If RSA is two tight with their licensing fees and policys, then there should be more math whiz types making better algorithms than RSA's. The field is wide open, so lets exploit them!! John D. From hkhenson at cup.portal.com Mon Apr 19 00:21:09 1993 From: hkhenson at cup.portal.com (hkhenson at cup.portal.com) Date: Mon, 19 Apr 93 00:21:09 PDT Subject: Fighting the Wiretap Chip Plan Message-ID: <9304190012.2.12250@cup.portal.com> When this "Clipper chip" story broke, I was off on an extropian (if not cypherpunk) activity--helping freeze Alcor's 27 patient (another HIV+ case.) I doubt I am the strongest hardware person on these groups, but nobody else has commented on this aspect. You just *can't* make chips entirely resistant to reverse engineering. I know, I have spent close to 10% of my engineering career reverse engineering things. Given time and a few samples, *any* chip can be reverse engineered. This is especially true with tools such as SEM stimulator/state readers and Focused Ion Beam chip slicers and dicers widely available. *Somebody* will dig out every gate in their spare time. Thus the following statement looks very odd: >Q: How strong is the security in the device? How can I be sure > how strong the security is? > >A: This system is more secure than many other voice encryption > systems readily available today. While the algorithm will > remain classified to protect the security of the key escrow > system, Say what? Does this mean that if somebody slices up a chip and publishes the algorithm the "security of the key escrow system" is broken? Can a representative of the government say why, or if, this is the case? If it is not the case, why not publish the algorithm and be done with it? Because, soon as the chip can be bought over the counter or stolen, the algorithm will be deduced. > we are willing to invite an independent panel of > cryptography experts to evaluate the algorithm to assure all > potential users that there are no unrecognized > vulnerabilities. Well, unless the "independent panel" includes people who can follow the algorithm all the way through to silicon, I would not trust their report even if I trusted the experts, and that goes double for the next set of masks. Keith Henson From norm at netcom.com Mon Apr 19 01:31:45 1993 From: norm at netcom.com (Norman Hardy) Date: Mon, 19 Apr 93 01:31:45 PDT Subject: Hellman's Hints Message-ID: <9304190831.AA17466@netcom4.netcom.com> I presume that Hellman meant to say "K1 and K2, and thence UK" in place of "K1 and K2, and thence K" at least it makes sense that way. A later posting from Hellman (I think) emmended the description of the transmitted message from E{ E[M; K], E[K; UK], serial number; SK} to E[M; K], E{ E[K; UK], serial number; SK} If you know SK then you can compute (E[K; UK], serial number) Then knowing UK (= K1+K2) you can compute K from which you get M via E[M; K]. From arms!72 at bikini.cis.ufl.edu Mon Apr 19 05:47:20 1993 From: arms!72 at bikini.cis.ufl.edu (Lestat) Date: Mon, 19 Apr 93 05:47:20 PDT Subject: Request Message-ID: <2bd298b2.arms@arms.uucp> Please add me to your mailing list; as a passionate support of freedom of speech and expression of all kinds in all mediums, I'm concerned about the ClipperChip and interested in what you have to offer. Thanks, Lestat, aka Howard S. Jones 72 at arms.uucp From david at staff.udc.upenn.edu Mon Apr 19 05:58:09 1993 From: david at staff.udc.upenn.edu (R. David Murray) Date: Mon, 19 Apr 93 05:58:09 PDT Subject: Hellman's Hints In-Reply-To: <9304190831.AA17466@netcom4.netcom.com> Message-ID: <9304191256.AA17713@staff.udc.upenn.edu> Please excuse some questions from a somewhat crypto-naive person, but I'd like to try to understand this thing a little better so I don't make any stupid goofs if I talk about it. I presume that we can simply consider this 'universal' key as if it didn't exist? Well, actually, I suppose it prevents 'joe average' from getting the serial number, but certainly not foreign agents or any criminal who has motivation to get it(*). After all, a secret known by more than one person will not remain a secret long, and this one is going to be known by thousands. Why even bother with it? It seems like it just adds compute overhead that could be better used for other things. (* I assume the TLAs get it legally) The fact that the serial number is effectively in the clear then means that traffic analysis attacks can glean information for anyone who can get at the phone lines, yes? Even if the states were to outlaw caller id, these tapper phones would reintroduce that level of traceability. Even worse, in some ways, since your tapper 'identity' goes with you if you change phone numbers as long as you keep your old phone. Finally, can anyone explain to me how this thing /works/, at the simple 'this is what you do with this key' level of description of how RSA works? I can't figure out how two phones can communicate with each other without compromising one key or another, since RSA does /not/ seem to be involved in this (there is no public key registry, right?) Sorry if this is a dumb question . . . -- david david at staff.udc.upenn.edu From trystro!kaya at Think.COM Mon Apr 19 06:00:58 1993 From: trystro!kaya at Think.COM (Kaya Bekiroglu) Date: Mon, 19 Apr 93 06:00:58 PDT Subject: subscribe Message-ID: <9304191300.AA05048@Early-Bird.Think.COM> subscribe me. From sommerfeld at orchard.medford.ma.us Mon Apr 19 06:37:00 1993 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Mon, 19 Apr 93 06:37:00 PDT Subject: Amiga Crypto In-Reply-To: <199304190250.AA12313@rac3.wam.umd.edu> Message-ID: <9304191229.AA00116@orchard.medford.ma.us> I think you're off by a factor of 8.. 8K samples/sec is 8K bytes/second, not 8Kbits/sec If we had universal ISDN at 56kb/s or 64kb/s, encrypted voice using PC-class machines would be trivial. Instead, we have to compress down to a data rate comparable to ~1800 8-bit samples/second (V.32bis speed; modem compression won't do very much -- unless nobody's talking -- as voice samples do *not* compress effectively using compression algorithms optimized for ASCII text). While fiddling with my SoundBlaster and some dialogue sampled from a T.V. program last night, it became clear to me that cutting back to ~4K 4-bit samples/second isn't quite good enough, and the compression in either UNIX compress or PGP isn't really tuned for audio samples. It's not the crypto that's the limiting factor, it's the compression. That's why the CELP technology that Phil Karn and John Gilmore are talking about is so important.. - Bill From sommerfeld at orchard.medford.ma.us Mon Apr 19 06:37:27 1993 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Mon, 19 Apr 93 06:37:27 PDT Subject: Hellman's Hints In-Reply-To: <9304190831.AA17466@netcom4.netcom.com> Message-ID: <9304191241.AA00129@orchard.medford.ma.us> It occurred to me that the "clipper chip" makes it easier for the government to tap voice telephone trunks & do traffic analysis. Current long-haul phone technology uses out-of-band signalling on different, reportedly encrypted, trunks, so to make any sense out of the data trunks you also have to listen in on the signalling trunks and correllate what you record there with what you record off the data trunks. With the wiretap chip in place, all they need to do is to "surf" the data trunks looking for the encrypted serial number of the devices they're interested in. Depending on what the encryption tag blocks *really* look like, you might not even need SK in order to do traffic analysis. Even if the tag blocks are built with confounders and similar randomness included to discourage ciphertext matching, the SK can be found in *every single chip* and it's only a matter of time before someone gets it, either by electron microscope or by bribing some of the hundreds of people likely to have access to the key. - Bill From dmandl at shearson.com Mon Apr 19 07:12:24 1993 From: dmandl at shearson.com (David Mandl) Date: Mon, 19 Apr 93 07:12:24 PDT Subject: Mailing list name Message-ID: <9304191232.AA17766@tardis.shearson.com> > In the light of recent developments concerning government cryptography > initiatives, we might soon find ourselves innundated by working press. > > Given this, I think that the name "cypherpunks" produces the wrong > connotations -- it makes us sound like criminals when we are in fact > people who are interested in expanding personal privacy with > technology. Often, little things like this end up being of tremendous > importance in the long haul. > > I would propose changing the name of the mailing list to > "cryptoprivacy" or something similar. It denotes what we are about in > a way that mundane people understand better, and it portrays us in the > proper light -- as people struggling to improve the prospects for > personal freedom, not a bunch of "punks". > > Perry Perry, I'm absolutely stunned. What next: should we all make sure we shave every day (women: don't forget those legs and armpits!)? Or make tcmay remove the word "anarchy" and other ungood words from his .sig? Anyone who feels like talking to the press or lobbying her representatives (and I'm not claiming that those tactics are either good or bad) can wear a suit, makeup, a respectable haircut, or whatever--that's their decision. I can understand the need to confront this issue as a large and united group, and I suspect that other groups like the EFF, CPSR, etc., are better for that purpose anyway. You don't need to mention that you're a "cypherpunk" when dealing with media or government officials if you think that'll diminish your credibility or legitimacy. It's easy to be idealistic when things are good. At the _very first hint_ of trouble, we shouldn't immediately cower and go straight (this may seem like an exaggeration, but the name-change proposal strikes me as a dangerous first step). Shit, we're not even doing anything _illegal_. Relax. Love and Kisses, --Dave. From grady at netcom.com Mon Apr 19 07:38:12 1993 From: grady at netcom.com (1016/2EF221) Date: Mon, 19 Apr 93 07:38:12 PDT Subject: more specific address for 'agrep' Message-ID: <9304191438.AA13031@netcom.netcom.com> I've been asked to supply more specific directions for automated fetching of the source and documentation for "agrep," the powerful similarity pattern matching tool. It is at cs.arizona.edu 192.12.69.5 in directory /agrep/README /agrep/agrep-2.04.tar.Z /agrep/agrep.ps.1.Z /agrep/agrep.ps.2.Z (The .ps suffixed files are the optional postscript docs; a reasonably good research report with benchmarks is included.) Note for Macintosh MPW users: after a few hours of drudgery, I ported the tool to MPW 3.2.3 running under System 7.1. If you would like me to e-mail a binhexed copy of the tool suitable for dropping in to your MPW/tools folder, please write... I've been having lots of fun picking up the "lost" references to things I'm interested in. For example, starting a search like: agrep -1 -i 'Burning Chrome' cyberpunkspool immediately finds references like 'burning crome' that I have always missed before. See how many times John Gilmore's name is mentioned in the CUD archives (and how often misspelled). How about _your_ name? As usual, I will e-mail the uuencoded tar.Z upon request if you cannot do anonymous FTP. From grady at netcom.com Mon Apr 19 07:56:43 1993 From: grady at netcom.com (1016/2EF221) Date: Mon, 19 Apr 93 07:56:43 PDT Subject: Do it yourself voice encryption CELP Message-ID: <9304191456.AA14568@netcom.netcom.com> For those interested in off-the-shelf vocoders that implement the high-compression CELP algorithms, you might be interested in the ZyXEL model U1496E+ modem (about $400) that offers 19.8(and maybe v.fast when specified)/14.4 kbps fax/ CELP (subscribe to comp.dcom.modems for more info). For those interested in the CELP algorithm directly here is some specific directions on getting your own copy: From ESPAULDING at CENTER.COLGATE.EDU Mon Apr 19 07:57:31 1993 From: ESPAULDING at CENTER.COLGATE.EDU (ERIC "Thin 'n Crispy" SPAULDING) Date: Mon, 19 Apr 93 07:57:31 PDT Subject: Subscription request Message-ID: <01GX6YAQC7EQ90NU0W@CENTER.COLGATE.EDU> I wish to subscribe to the mailing list. Thank you. From dstalder at gmuvax2.gmu.edu Mon Apr 19 09:01:51 1993 From: dstalder at gmuvax2.gmu.edu (Darren/Torin/Who ever...) Date: Mon, 19 Apr 93 09:01:51 PDT Subject: AT & T Contact Point Message-ID: <9304191602.AA20825@gmuvax2.gmu.edu> I talked to Herb Linnen at AT & T. He talked to me some but kept harping on the point of how ATT is devoted to customer privacy and that the ATT Vice-President of Information Systems (I forget his name) is an expert on cryptography and he obviously can't be wrong when he says that the wiretap chip is robust. He asked that I call David Arneke or Bill Jones at 919-279-7680 to discuss this since his department wasn't involved in the wiretap chip. The ATT operators dealing with calling cards and residential phone service have had other people cancelling their accounts because of this... Think free, -- Defeat the Torin/Darren Stalder/Wolf __ Big Brother Internet: dstalder at gmuvax2.gmu.edu \/ PGP2.x key available. Proposal! Bitnet: dstalder at gmuvax Finger me. Write me for Sprintnet: 1-703-845-1000 details. Snail: 10310 Main St., Suite 110/Fairfax, VA/22030/USA DISCLAIMER: A society where such disclaimers are needed is saddening. From matt at oc.com Mon Apr 19 09:02:56 1993 From: matt at oc.com (Matthew Lyle) Date: Mon, 19 Apr 93 09:02:56 PDT Subject: Article from Knight/Ridder Wire Message-ID: <199304191602.AA04097@ra.oc.com> I hadn't seen this article fly by yet, so... ----- New Scrambler Designed to Protect Privacy, But Allow Police Monitoring By Christopher Drew, Chicago Tribune Knight-Ridder/Tribune Business News WASHINGTON--Apr. 19--As a step toward the development of vast new data "superhighways," the federal government has designed a powerful device that would protect the privacy of electronic communications by encoding them but still allow police to eavesdrop. Critics say the project, announced Friday by the Clinton administration, raises serious questions about the protection of civil liberties as more people use cellular and cordless phones and computer-based communications. They also warned that the device is not likely to help law-enforcement agents foil high-tech criminals unless it becomes the most widely used commercial encryption system - and drives private competitors out of the business. "'A.k.a. Big Brother,' that's what I call it," said Stephen Bryen, a former Pentagon official who runs a company developing a rival encryption system. Bryen said it was "very disturbing" that the government has gone so far with the previously classified project "without consulting with experts in the industry" whose investments could be wiped out. One high-ranking federal official, Raymond Kammer, acknowledged that such concerns are part of an "appropriate debate" that needs to be held over the project. "Maybe it turns out that society, as it debates this, finds it unacceptable," said Kammer, acting director of the National Institute for Standards and Technology. "I'm not sure. This is the start of that debate." Millions of people who exchange information via computers and make calls from cordless and cellular phones, which are especially vulnerable to interception, could be affected. Experts say an era is dawning in which traveling executives exchange electronic memos and negotiate sensitive deals via hand-held communicators using vulnerable wireless transmitters. In endorsing the plan, the White House described it Friday as an outgrowth of federal efforts to capitalize on advances in telephone and computer technology while preventing drug dealers and terrorists from finding new ways to mask their misdeeds. In last year's campaign, President Clinton pledged to invest billions of dollars in faster and more secure data links to enhance the standing of U.S. firms in the global economy. But as the computer industry has developed systems to enable businesses to scramble data transfers and telephone conversations as a safeguard against industrial espionage, a growing number of criminals also have begun using them to foil court-authorized wiretaps. Under the new plan, engineers at the National Security Agency invented a new coding device, called the "Clipper Chip," which is said to be much harder to crack than encoding systems now on the market. The government licensed two California companies - Mykotronx and VLSI Technology - to make the computer chips. The chips will form the "brains" inside small scrambling devices that can be attached to individual telephones. To spur the venture, the Justice Department will soon purchase several thousand of the devices. Military and spy agencies also are expected to use them. Private businesses would not be required to use the technology. But federal officials hope their sponsorship will establish the Clipper chips as the new industry standard and crowd out competing systems. Indeed, AT&T announced Friday that it will use the new chips in a desktop device for encrypting telephone conversations that it expects to sell for $1,195. But in return for gaining the extra encoding power built into the new system, users would have to accept the fact that government code-breakers would always hold the keys to tap into the information. In an effort to prevent abuses of civil liberties, federal officials said, they will set up a system in which they would have to match two coding keys held by different officials to unscramble any communications. National-security and law-enforcement officials could bring the keys together only under court- authorized operations. But Bryen said it is hard to see how the Clipper chips project will provide much help to the FBI. Even if the new coding devices drove others off the U.S. market, Bryen said, sophisticated criminals would simply buy encoding devices overseas, as many already do. Multinational and foreign-based companies also could prove leery of a system that has a built-in point of entry for U.S. authorities. The FBI separately is seeking legislation that would force telephone companies to modify their equipment to keep other advances in technology from hampering its ability to perform wiretaps. AT&T and other phone companies have opposed this idea. END!B&?TB-SCRAMBLER Transmitted: 93-04-18 23:12:00 EDT From matt at oc.com Mon Apr 19 09:02:59 1993 From: matt at oc.com (Matthew Lyle) Date: Mon, 19 Apr 93 09:02:59 PDT Subject: Article 2 from Knight/Ridder Message-ID: <199304191602.AA04101@ra.oc.com> -- Matthew Lyle (214) 888-0474 OpenConnect Systems matt at oc.com Dallas, TX "...and once you have tasted flight, you will walk the earth with your eyes turned skyward, for there you have been, and there you long to return..." Computer Group, Libertarians Question Clinton Phone Privacy Stance By Rory J. O'Connor, San Jose Mercury News, Calif. Knight-Ridder/Tribune Business News SAN JOSE, Calif.--Apr. 17--Civil libertarians and a major computer industry group raised concerns Friday about how much protection a Clinton administration plan would afford private electronic communications, from cellular telephone calls to computer data. The administration Friday said it would begin using technology developed by the government's National Institute of Standards and Technology to balance two competing interests: the desire of citizens to keep their conversations private and the need for law enforcement agencies to monitor those conversations after getting a court order. The technology that enables this is a computer chip called the Clipper Chip that scrambles a telephone call or computer message using a secret algorithm, or formula. But each chip also comes with a pair of electronic "keys" that could be used by law enforcement agencies to decipher the secret messages generated by the chip. The Clinton proposal calls for one key to be held by each of two separate "trusted" third parties, who would release them to law enforcement agencies that obtained legal authority to intercept the communications. Both keys would be needed to decipher a message. The Electronic Frontier Foundation, a not-for-profit civil liberties group, praised the administration for considering the issue. But it criticized the lack of public input into the plan. "They've announced a big inquiry with public input, but they've reached a conclusion before they started," said Daniel J. Weitzner, staff counsel for the Washington-based foundation. Although the administration's plan calls only for equipping government telephones with the security devices, some groups are concerned the plan might become a standard for all manner of electronic communication before the public has a chance to debate its merits. "I don't want to sound too stridently opposed to this," said Ken Wasch, executive director of the Software Publishers Association (SPA) in Washington. "But...we feel blindsided." The SPA was discussing data security issues with Clinton administration officials but had not expected any White House action until August, said Ilene Rosenthal, general counsel. Besides the lack of initial hearings, both groups said they had two major concerns about the Clinton plan: - Because the algorithm itself is secret, the groups say it is impossible for the public to discern if it is truly secure. Users can't be certain government spy agencies have not hidden a "back door" in the software that will allow them to read anything they want. "So far there hasn't been a credible explanation about why the algorithm has to be secret," Weitzner said. - The administration hasn't decided who will be the escrow agents, and it seems unlikely any government agency, corporate entity or other organization would be deemed trustworthy by every user. Even assuming all concerned can agree on who will hold them, civil libertarians are concerned that the keys, by giving law enforcement agencies access to individuals' private communications, might pose a threat to constitutional protections against self-incrimination. Washington sources who requested anonymity suggested the White House might have drafted its plan quickly because of concern over sales of an AT&T device that encrypts phone calls using an older standard, Data Encryption Standard. The sources said law enforcement officials feared the device would create an explosion in secured telephone traffic that would severely hamper their efforts to wiretap calls. American Telephone & Telegraph Co. announced Friday it would adapt the $1,200 product, called the Telephone Security Device, to use the Clipper Chip by the end of this fiscal quarter. AT&T makes a related device, which encrypts voice and computer data transmissions, that could be converted to the Clipper technology, said spokesman Bill Jones. Jones said he wasn't aware of any concern by the government over the current model of the Telephone Security Device, which has been sold to government and business customers. At least one company was quite pleased with the plan: San Jose chip maker VLSI Technology, which will manufacture the Clipper chips for a Torrance company that is selling them to the government and to AT&T. VLSI, which invented a manufacturing method the company said makes it difficult to "reverse engineer" the chip or discern the encryption scheme, expects to make $50 million in the next three years selling the device, said Jeff Hendy, director of new product marketing for the company. END!A?SJ-SECURITY Transmitted: 93-04-18 21:06:00 EDT From wixer!wixer.bga.com!gumby at cactus.org Mon Apr 19 09:44:57 1993 From: wixer!wixer.bga.com!gumby at cactus.org (Douglas Barnes) Date: Mon, 19 Apr 93 09:44:57 PDT Subject: Wiretap Chip Questions Message-ID: <9304191559.AA19235@wixer> I am working on articles and article proposals for some local media outlets. I need to get some specific information regarding the Clipper Chip (aka Wiretap Chip) proposal: Questions: 1) What is a rough estimate of how long it would take a brute-force attack on an 80-bit key using a parallel architecture system costing less than, say, $25,000 two to three years from now. 2) How, in your opinion, would this affect the creation of international standards for encryption? Would this help or hinder development of the global economy? 3) I understand that the scheme relies on the secrecy of the encryption algorithm to protect the transmission of keys at the beginning of a session. (It uses a system key to encyrpt the keys for the two devices). If the algorithm is successfully reverse-engineered, does this compromise the entire system? 4) I am assuming that this system would be just as vulnerable to a "known plaintext attack" as other schemes. Is this correct? Please identify yourself and your credentials, and indicate whether or not you wish to be quoted in any articles on this subject. Thanks, Douglas Barnes gumby at wixer.bga.com From jthomas at coconut.MITRE.ORG Mon Apr 19 10:07:52 1993 From: jthomas at coconut.MITRE.ORG (Joe Thomas) Date: Mon, 19 Apr 93 10:07:52 PDT Subject: CLIPPER: Network World article Message-ID: <9304191612.AA04115@coconut> >From Network World, April 19, 1993, quoted without permission: --- Clinton security plan hints of Big Brother Clipper Chip would let governemnt eavesdrop on encrypted voice and data communications. By Ellen Messmer Senior Correspondent WASHINGTON, D.C. -- President Clinton last week announced a policy review of encryption while endorsing a new encryption technology called Clipper Chip that would give law enforcement agencies a key to unlock users' encrypted communications. [rehash of various press releases deleted] But government officials had a difficult time last week rebutting the question why any criminal would use a Clipper Chip-based product when the person knows the government could listen in, particularly since there are a host of other encryption products available on the market that are, in theory, unbreakable codes. "A criminal probably wouldn't use it," said Mike Agee, marketing manager for secure products at AT&T, adding that the Clipper Chip is for the rest of the world. [familiar Kapor quote deleted] --- Nice quote, that. I like the headline, too. Joe From jthomas at coconut.mitre.org Mon Apr 19 10:09:58 1993 From: jthomas at coconut.mitre.org (Joe Thomas) Date: Mon, 19 Apr 93 10:09:58 PDT Subject: Article from Knight/Ridder Wire Message-ID: <9304191709.AA04224@coconut> matt at oc.com (Matthew Lyle) writes: > New Scrambler Designed to Protect Privacy, But Allow Police Monitoring By > Christopher Drew, Chicago Tribune Oh, well, if only Chris can do it, I guess it's okay. I trust him with my keys... ;^) Joe From pmetzger at lehman.com Mon Apr 19 10:25:07 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Mon, 19 Apr 93 10:25:07 PDT Subject: Mailing list name In-Reply-To: <9304191232.AA17766@tardis.shearson.com> Message-ID: <9304191724.AA16244@snark.shearson.com> David Mandl says: > > In the light of recent developments concerning government cryptography > > initiatives, we might soon find ourselves innundated by working press. > > > > Given this, I think that the name "cypherpunks" produces the wrong > > connotations -- it makes us sound like criminals when we are in fact > > people who are interested in expanding personal privacy with > > technology. Often, little things like this end up being of tremendous > > importance in the long haul. > > > > I would propose changing the name of the mailing list to > > "cryptoprivacy" or something similar. It denotes what we are about in > > a way that mundane people understand better, and it portrays us in the > > proper light -- as people struggling to improve the prospects for > > personal freedom, not a bunch of "punks". > > > > Perry > > Perry, I'm absolutely stunned. What next: should we all make sure we shave > every day (women: don't forget those legs and armpits!)? Or make tcmay remove > the word "anarchy" and other ungood words from his .sig? I notice, David, that you wear a tie when you come in to work in the morning. (I happen to work with Dave.) Why do you do this, in spite of your general dislike for imposed standards? Because you want something out of your employer and feel its better to put up with the minor inconvenience of wearing a tie. Look, we can give people cryptography, or we can change their notions of what "punk" means. Its not necessarily possible to do both at the same time. I vote for keeping the world free, and putting up with minor inconveniences in the meantime. I never liked "cypherpunks" in the first place. I'm not a punk. I'm a reasonable person. Reasonable people want the world to be free -- its not just a "punk" viewpoint. We want people to have privacy via cryptography. Something like "cryptoprivacy" seems like a better reflection of who we are. Perry From deltorto at aol.com Mon Apr 19 10:31:30 1993 From: deltorto at aol.com (deltorto at aol.com) Date: Mon, 19 Apr 93 10:31:30 PDT Subject: FWEE!: Silence is Golden, already Message-ID: <9304191332.tn35237@aol.com> Gang, Lance Detweiler wrote a rather stinging (and somewhat rude, IMHO) rebuttal of Will Kinney's posting: >>Mr. Kinney's comments annoy me tremendously. They bespeak a lukewarm, >>lackadaisical, and wishwashy view of something of extreme importance. >>Frankly, it bothers me that it has taken this long just to get the >>whistleblower group going. I don't think anything is being accomplished >>by delaying newsgroup creation. It just gives people who are enemies >>more time to mount a concerted attack against this new blip in the status >>quo. Mr. Detweiler's (who is otherwise pretty sensible and intelligent on this list) comments annoy me tremendously. To imagine that Mr. Kinney is without passion just because he doesn't run across the ice without listening for cracks first is to vastly underestimate his intelligence. That sort of thinking gets your tail wet every time, Lance. Better to proceed cautiously and stay dry. Who says a measured, patient build doesn't result in solid software (to be metaphorical)? Using Lance's logic, we'd all throw together code "real fast" and not worry about it crashing on everyone's systems. I like my 1.0's more stable than that, and I just don't understand this need that some folks have to rush the WB into the public light. In fact, I can't imagine why it should be public at all! I think Lance and others have no clue about how Whistleblowing works! However, I think I might have an idea why Lance et. al. are so confused: There are TWO DIFFERENT WB systems being discussed here! That's right! TWO! DIFFERENT! [1] Lance is talking about a USENET newsgroup. [2] I'm talking about a service that uses the Internet, but NOT a NEWSGROUP! Why does WB info need to be placed in public view? Since when does someone with sensitive information blow it all over the front pages? Never. They call a reporter first and let him do the legwork with proof they provide: THEN the reporter blows it all over the front page. I believe that Lance and the USENET folks want to get their jollies and read all about it in public on their own personal USENET front page newsgroup (doomed to be a "narc fest" as someone sagely termed it), whereas MY idea is to have the Cypherpunks pool technology and assistance to set up something that is used by others outside the inbred USENET community for the common good and taking advantage of the inherent advantages of anon/encrypted email technology. My original concept was not intended to glorify anyone, least of all the Cypherpunks. In fact it shoould be as QUIET AS POSSIBLE to be of any good at all. Why is it necessary to get all this glory if the WB system provides REAL WORLD BENEFITS to the people? Hmmm? Think about it: whose good are we in it for: our own or everybody's? Let me be a bit more specific about my vision, lest Lance or anyone jump all over Will Kinney or anyone else with sound ideas (and decent Sun Tzu quotes) any further: [1] The WB System is a stand-alone email system using anonymous mixes and encryption to provide secure, safe communications between two primary groups: - Whistleblowers: People in Government and Industry who have first-hand information about abuse of human rights, public funds and/or the Constitution, etc. by members of Corporate and Government entities. - Users: Members of the Press, members of Congress and representatives of public-interest activist groups (eg. Ralph Nader, James Love, Greenpeace, Amnesty Int'l, Worldwatch, Consumer Reports, NORML, etc.) who can INVESTIGATE the reports and TAKE ACTION on them against the abusers in the public eye and in the Courts. Many of these people are clueless about email, much less the Internet, anonymous remailers or encryption - but they know what they need and they know we've got it. [2] The system consists of a network of anonymous mixes laid over the Internet and reaching in and out of the borders of the US wherever applicable. It is not a USENET newsgroup for public digest, although occasional digests would be posted to USENET by interested Cypherpunks. Anyone who insists on discussing these sensitive plans in public is IMHO working against the interests of the WB Team and should be considered one of the Enemy. Anyone who wants to test the technology should be encouraged to do so on the Cypherpunks list and NOT on USENET, thus maintaining a certain amount of "radio silence." Broadcasting the D-Day invasion was considered Treason: broadcasting the WB launch is the same kind of betrayal of the Cypherpunk Ethos, IMHO. THose who would betray us should be asked to go away in the interest of all those people who would be hurt by a crippled WB system. What we need is cunning and stealth, not big-mouthed dweebs (present readership excluded, natch) who can't keep something quiet. >>If you think that you are the whistleblower moderator, fine. Be one. >>But we need a completely unmoderated group. If you think you have any >>right to hold up an unmoderated group to squeeze through your own >>bottleneck, please go elsewhere. I don't think any such thing. If nominated, I will not run, if elected, I will not serve. However, I think your idea that WB should be a group, moderated or otherwise, is completely off-kilter. All I'm asking is that you let go of the glory and let it do its work quietly and effectively, without me, even. >>I just don't get it. This is a group like any other. >>Why do you think the whole international public has >>to be prepared for its creation by you personally? I'm not even sure if I should bother to answer such a completely misguided question, but I will: I do not think this, and have never even implied anything of the sort. Furthermore, IMHO, it ain't a group: it's a new kind of beast and you're trying to apply old paradigms to it. Shift, man. I am only trying to help something be born properly. >>You are talking to many people (i.e. bureacrats and legislators) who >>may be totally displaced and bypassed (i.e. lose illegitimate power) by >>this service. There are a great many people you are talking to, I >>think, whose every interest is to totally castrate the project of any >>`offensiveness'. I think you are trying to operate on a much more >>respectable level than is possible currently. That level can only be >>attained by a gradual evolution of the medium, starting with something >>rather crude, kludgy, and unsophisticated. Call your local Congressperson's office and tell them there is a possibility that they could receive whistleblowing info on Govt abuses from reliable sources reporting via direct anon/encrypted email and see if they think it's offensive. My experience is that they rub their hands with glee - it might be dirt on their opponents. Try the same thing with ANY member of the Press or any Activist Org (I suggest your local Amnesty Int'l office). If they complain it's "offensive," and you can prove that, I will personally buy you a car. If you can get them to label it as "respectable" I'll throw in a boat. Since I'm poor, you can gather that I feel pretty certain it won't happen. >>Your efforts amount to singlehandedly educating the public about the >>Internet. Nope, just email. How to get it and send it anonymously and encrypt it with PGP, but that's enough for most people. They could use CompuServe, I don't care. Whatever's easy. No messy Newsgroups, no Internet user's guides, nothing fancy: I leave stuff like that to Ed Krol. This is WB-ing for the common person. Lowcommondenominatorsville. I can't IMAGINE where you read this stuff into my postings - it must be YOUR agenda laid over mine... >>>- We haven't figured out who'll be polled to send in msgs and exactly HOW >>>we'll offer them some sort of anonymity and what they need to do >>afterward. >> >>polled? sounds like an election, like something democratic, like >>something that can be twisted by a misguided majority. Again, you sound >>like you are looking for a group with high quality control. >>Unfortunately, I think this goal is largely antithetical the essential >>spirit of the whistleblower idea. The whistleblower is alone and >>isolated, almost by definition. Somehow, the word has to be passed across the Internet and other media (print, TV) to potential WBers. I invite your ideas as to how to do this. >>Your ideas on filtering incoming >>messages, gained from those you've talked to, sound rather naive and >>dangerous to me. Filtering? Did I say that? I think I said that the Users would have to filter out the useful WB messages from the bogus, as they would with any volume of WB info coming in. This is their job, not mine and is the natural thing to do. Call if "verification" if you like, it's still a LOT of work for them, not for us (or me). There's nothing naive about this: if someone calls you and says "the DOD spent $80K on a toothbrush," you would have to make sure it was true before you went to Congress or to a Court or the front page. Simple as that. >>The [US Constitution] is not perfect. There are flaws and cracks >>that have poked through after 200 years. Do you think our judicial >>system is as effective as possible? Do you think our legislative system >>is the most representative of people's expectations of and directives >>to their subservient government? Do you think our government today >>truly represents, in all ways, the intentions of its founders? Do you >>think they considered all possible scenarios? Do you think they would >>not want to make some minor adjustments or major changes after seeing >>200 years pass from their noble experiment? Do you think that anything >>that is dynamic can be static? Do you think I would be working so hard on a friggin' Whistleblower project if I could answer 'yes' to _any_ of those questions? What are you THINKing? >>Look at everything that is efficient in the world, and you will see >>that it is so because of *independently operating* components, with >>minimized centralized control. >>[...] >>Message transmission on the internet is so >>reliable because virtually an infinite number of routing pathways exist >>that a message can take, avoiding any obstacles, each component >>performing its job *independently*. Exactly why Wb should be a non-USENET-oriented phenomenon, not associated with any attackable entity, totally in the hands of individual WB's and their corresponding Users. >>Now, let me hear again how you want >>us to submit all our public keys to you, submit the group guidelines >>for your personal perusal (and presumably veto), and wait for all your >>congressional friends to understand the concept? And how this will >>ultimately lead to an ideal and robust system? Man, you really don't read me very carefully, do you? I don't want all your Public keys so I can control anything, I want them so I can discuss elements of the technology with each of you who volunteer to add a brick to the structure of the system. Period. If you want to discuss things in the clear, that's your right, I just might not want to send you sensitive info that might compromise others, so it's your loss. Besides, why are you guarding your PUBLIC key like I'm some sort of enemy? And I have NO INTEREST and have never espoused any interest in becoming a veto power over the Guidelines, only the collector of everyone's ideas, a position i would GLADLY vacate at the drop of a SprintPin if someone else was doofus enough to volunteer. As for waiting for all my "congressional friends:" I have no friends in Congress, in fact, I have very little respect for anyone holding public office. The only reason I called any of them was [1] because they might impart a bit of respectability to our efforts if they sign on early, and [2] congressional committees and their investigators routinely raise hell with other branches of Govt (eg. the Military) and the prospect of supplying them with ammunition to shoot at each other pleases me immensely. >>You simply don't understand. This idea is bigger than you, it is bigger >>than me. Anyone who tries to wrap themselves completely around it will >>explode from the pressure. Thanks for your advice. Sheesh. FYI, the only thing I wrap myself completely around is a burritto. Bang! :) >>Let's' start a mailing group for `nambypambypunks'. This sort of ad hominem puerility doesn't even deserve a response. I'm tired of discussing this here: If anyone is still too dense to understand what I'm saying about patience, silence and persistence at this point, they have no business using anything as complicated as a computer. If those people continue to insist on trashing all the leg and phonework I have put in contacting Users by blorting the WB concept all over USENET with half-assed, ill-conceived newsgroups and Votes on Vaporware, I may just go elsewhere to do my good works and see if there are any people who have good invisible ink technology and can make up physical envelopes without leaving fingerprints. I imagine that those Cypherpunks who've put significant time into coding the anon and crypto technology can empathize. I don't feel like repeating myself any more. Let's be Golden, shall We? dave (slow and steady but getting pretty fed up by now) From deltorto at aol.com Mon Apr 19 10:40:50 1993 From: deltorto at aol.com (deltorto at aol.com) Date: Mon, 19 Apr 93 10:40:50 PDT Subject: FWEE!: Silence is Golden, already Message-ID: <9304191339.tn35251@aol.com> Gang, Lance Detweiler wrote a rather stinging (and somewhat rude, IMHO) rebuttal of Will Kinney's posting: >>Mr. Kinney's comments annoy me tremendously. They bespeak a lukewarm, >>lackadaisical, and wishwashy view of something of extreme importance. >>Frankly, it bothers me that it has taken this long just to get the >>whistleblower group going. I don't think anything is being accomplished >>by delaying newsgroup creation. It just gives people who are enemies >>more time to mount a concerted attack against this new blip in the status >>quo. Mr. Detweiler's (who is otherwise pretty sensible and intelligent on this list) comments annoy me tremendously. To imagine that Mr. Kinney is without passion just because he doesn't run across the ice without listening for cracks first is to vastly underestimate his intelligence. That sort of thinking gets your tail wet every time, Lance. Better to proceed cautiously and stay dry. Who says a measured, patient build doesn't result in solid software (to be metaphorical)? Using Lance's logic, we'd all throw together code "real fast" and not worry about it crashing on everyone's systems. I like my 1.0's more stable than that, and I just don't understand this need that some folks have to rush the WB into the public light. In fact, I can't imagine why it should be public at all! I think Lance and others have no clue about how Whistleblowing works! However, I think I might have an idea why Lance et. al. are so confused: There are TWO DIFFERENT WB systems being discussed here! That's right! TWO! DIFFERENT! [1] Lance is talking about a USENET newsgroup. [2] I'm talking about a service that uses the Internet, but NOT a NEWSGROUP! Why does WB info need to be placed in public view? Since when does someone with sensitive information blow it all over the front pages? Never. They call a reporter first and let him do the legwork with proof they provide: THEN the reporter blows it all over the front page. I believe that Lance and the USENET folks want to get their jollies and read all about it in public on their own personal USENET front page newsgroup (doomed to be a "narc fest" as someone sagely termed it), whereas MY idea is to have the Cypherpunks pool technology and assistance to set up something that is used by others outside the inbred USENET community for the common good and taking advantage of the inherent advantages of anon/encrypted email technology. My original concept was not intended to glorify anyone, least of all the Cypherpunks. In fact it shoould be as QUIET AS POSSIBLE to be of any good at all. Why is it necessary to get all this glory if the WB system provides REAL WORLD BENEFITS to the people? Hmmm? Think about it: whose good are we in it for: our own or everybody's? Let me be a bit more specific about my vision, lest Lance or anyone jump all over Will Kinney or anyone else with sound ideas (and decent Sun Tzu quotes) any further: [1] The WB System is a stand-alone email system using anonymous mixes and encryption to provide secure, safe communications between two primary groups: - Whistleblowers: People in Government and Industry who have first-hand information about abuse of human rights, public funds and/or the Constitution, etc. by members of Corporate and Government entities. - Users: Members of the Press, members of Congress and representatives of public-interest activist groups (eg. Ralph Nader, James Love, Greenpeace, Amnesty Int'l, Worldwatch, Consumer Reports, NORML, etc.) who can INVESTIGATE the reports and TAKE ACTION on them against the abusers in the public eye and in the Courts. Many of these people are clueless about email, much less the Internet, anonymous remailers or encryption - but they know what they need and they know we've got it. [2] The system consists of a network of anonymous mixes laid over the Internet and reaching in and out of the borders of the US wherever applicable. It is not a USENET newsgroup for public digest, although occasional digests would be posted to USENET by interested Cypherpunks. Anyone who insists on discussing these sensitive plans in public is IMHO working against the interests of the WB Team and should be considered one of the Enemy. Anyone who wants to test the technology should be encouraged to do so on the Cypherpunks list and NOT on USENET, thus maintaining a certain amount of "radio silence." Broadcasting the D-Day invasion was considered Treason: broadcasting the WB launch is the same kind of betrayal of the Cypherpunk Ethos, IMHO. THose who would betray us should be asked to go away in the interest of all those people who would be hurt by a crippled WB system. What we need is cunning and stealth, not big-mouthed dweebs (present readership excluded, natch) who can't keep something quiet. >>If you think that you are the whistleblower moderator, fine. Be one. >>But we need a completely unmoderated group. If you think you have any >>right to hold up an unmoderated group to squeeze through your own >>bottleneck, please go elsewhere. I don't think any such thing. If nominated, I will not run, if elected, I will not serve. However, I think your idea that WB should be a group, moderated or otherwise, is completely off-kilter. All I'm asking is that you let go of the glory and let it do its work quietly and effectively, without me, even. >>I just don't get it. This is a group like any other. >>Why do you think the whole international public has >>to be prepared for its creation by you personally? I'm not even sure if I should bother to answer such a completely misguided question, but I will: I do not think this, and have never even implied anything of the sort. Furthermore, IMHO, it ain't a group: it's a new kind of beast and you're trying to apply old paradigms to it. Shift, man. I am only trying to help something be born properly. >>You are talking to many people (i.e. bureacrats and legislators) who >>may be totally displaced and bypassed (i.e. lose illegitimate power) by >>this service. There are a great many people you are talking to, I >>think, whose every interest is to totally castrate the project of any >>`offensiveness'. I think you are trying to operate on a much more >>respectable level than is possible currently. That level can only be >>attained by a gradual evolution of the medium, starting with something >>rather crude, kludgy, and unsophisticated. Call your local Congressperson's office and tell them there is a possibility that they could receive whistleblowing info on Govt abuses from reliable sources reporting via direct anon/encrypted email and see if they think it's offensive. My experience is that they rub their hands with glee - it might be dirt on their opponents. Try the same thing with ANY member of the Press or any Activist Org (I suggest your local Amnesty Int'l office). If they complain it's "offensive," and you can prove that, I will personally buy you a car. If you can get them to label it as "respectable" I'll throw in a boat. Since I'm poor, you can gather that I feel pretty certain it won't happen. >>Your efforts amount to singlehandedly educating the public about the >>Internet. Nope, just email. How to get it and send it anonymously and encrypt it with PGP, but that's enough for most people. They could use CompuServe, I don't care. Whatever's easy. No messy Newsgroups, no Internet user's guides, nothing fancy: I leave stuff like that to Ed Krol. This is WB-ing for the common person. Lowcommondenominatorsville. I can't IMAGINE where you read this stuff into my postings - it must be YOUR agenda laid over mine... >>>- We haven't figured out who'll be polled to send in msgs and exactly HOW >>>we'll offer them some sort of anonymity and what they need to do >>afterward. >> >>polled? sounds like an election, like something democratic, like >>something that can be twisted by a misguided majority. Again, you sound >>like you are looking for a group with high quality control. >>Unfortunately, I think this goal is largely antithetical the essential >>spirit of the whistleblower idea. The whistleblower is alone and >>isolated, almost by definition. Somehow, the word has to be passed across the Internet and other media (print, TV) to potential WBers. I invite your ideas as to how to do this. >>Your ideas on filtering incoming >>messages, gained from those you've talked to, sound rather naive and >>dangerous to me. Filtering? Did I say that? I think I said that the Users would have to filter out the useful WB messages from the bogus, as they would with any volume of WB info coming in. This is their job, not mine and is the natural thing to do. Call if "verification" if you like, it's still a LOT of work for them, not for us (or me). There's nothing naive about this: if someone calls you and says "the DOD spent $80K on a toothbrush," you would have to make sure it was true before you went to Congress or to a Court or the front page. Simple as that. >>The [US Constitution] is not perfect. There are flaws and cracks >>that have poked through after 200 years. Do you think our judicial >>system is as effective as possible? Do you think our legislative system >>is the most representative of people's expectations of and directives >>to their subservient government? Do you think our government today >>truly represents, in all ways, the intentions of its founders? Do you >>think they considered all possible scenarios? Do you think they would >>not want to make some minor adjustments or major changes after seeing >>200 years pass from their noble experiment? Do you think that anything >>that is dynamic can be static? Do you think I would be working so hard on a friggin' Whistleblower project if I could answer 'yes' to _any_ of those questions? What are you THINKing? >>Look at everything that is efficient in the world, and you will see >>that it is so because of *independently operating* components, with >>minimized centralized control. >>[...] >>Message transmission on the internet is so >>reliable because virtually an infinite number of routing pathways exist >>that a message can take, avoiding any obstacles, each component >>performing its job *independently*. Exactly why Wb should be a non-USENET-oriented phenomenon, not associated with any attackable entity, totally in the hands of individual WB's and their corresponding Users. >>Now, let me hear again how you want >>us to submit all our public keys to you, submit the group guidelines >>for your personal perusal (and presumably veto), and wait for all your >>congressional friends to understand the concept? And how this will >>ultimately lead to an ideal and robust system? Man, you really don't read me very carefully, do you? I don't want all your Public keys so I can control anything, I want them so I can discuss elements of the technology with each of you who volunteer to add a brick to the structure of the system. Period. If you want to discuss things in the clear, that's your right, I just might not want to send you sensitive info that might compromise others, so it's your loss. Besides, why are you guarding your PUBLIC key like I'm some sort of enemy? And I have NO INTEREST and have never espoused any interest in becoming a veto power over the Guidelines, only the collector of everyone's ideas, a position i would GLADLY vacate at the drop of a SprintPin if someone else was doofus enough to volunteer. As for waiting for all my "congressional friends:" I have no friends in Congress, in fact, I have very little respect for anyone holding public office. The only reason I called any of them was [1] because they might impart a bit of respectability to our efforts if they sign on early, and [2] congressional committees and their investigators routinely raise hell with other branches of Govt (eg. the Military) and the prospect of supplying them with ammunition to shoot at each other pleases me immensely. >>You simply don't understand. This idea is bigger than you, it is bigger >>than me. Anyone who tries to wrap themselves completely around it will >>explode from the pressure. Thanks for your advice. Sheesh. FYI, the only thing I wrap myself completely around is a burritto. Bang! :) >>Let's' start a mailing group for `nambypambypunks'. This sort of ad hominem puerility doesn't even deserve a response. I'm tired of discussing this here: If anyone is still too dense to understand what I'm saying about patience, silence and persistence at this point, they have no business using anything as complicated as a computer. If those people continue to insist on trashing all the leg and phonework I have put in contacting Users by blorting the WB concept all over USENET with half-assed, ill-conceived newsgroups and Votes on Vaporware, I may just go elsewhere to do my good works and see if there are any people who have good invisible ink technology and can make up physical envelopes without leaving fingerprints. I imagine that those Cypherpunks who've put significant time into coding the anon and crypto technology can empathize. I don't feel like repeating myself any more. Let's be Golden, shall We? dave (slow and steady but getting pretty fed up by now) From deltorto at aol.com Mon Apr 19 10:40:50 1993 From: deltorto at aol.com (deltorto at aol.com) Date: Mon, 19 Apr 93 10:40:50 PDT Subject: BIZ: Mailing list name Message-ID: <9304191340.tn35254@aol.com> > In the light of recent developments concerning government cryptography > initiatives, we might soon find ourselves innundated by working press. > > Given this, I think that the name "cypherpunks" produces the wrong > connotations -- it makes us sound like criminals when we are in fact > people who are interested in expanding personal privacy with > technology. Often, little things like this end up being of tremendous > importance in the long haul. > > I would propose changing the name of the mailing list to > "cryptoprivacy" or something similar. How about Cypherfolks? Cryptoids? PrivacyWarriors? :) dave From deltorto at aol.com Mon Apr 19 10:43:57 1993 From: deltorto at aol.com (deltorto at aol.com) Date: Mon, 19 Apr 93 10:43:57 PDT Subject: FWEE!: more on kiosks Message-ID: <9304191342.tn35269@aol.com> Yo Peoples, Eric responded to my "Three Strikes" against public kiosks: >>>[1] Strike One: Installation and maintenance costs (economics again). >>>[They are too high.] >> >>I'm not talking about building a network of machines just for the >>purpose of whistleblowing. I'm talking about making interfaces to >>existing systems. In particular, the public machines at sfnet would >>_also_ be interfaces to any whistleblowing system. The incremental >>cost is minimal; it's a small bit of software at the server. >> >>>[2] Strike Two: Lack of Privacy while using the kiosks. >> >>There is a different kind of privacy in a public space than in private >>space. In a private space, everyone may know where you live, but >>nobody knows what goes on inside. In a public space, everyone may see >>what happens, but no one knows who you are. Please consider these >>approximations to reality. In theory, I think it's not a dead idea, ie. there are possibilities here to be explored, and yes it's basically a simple software addition to SF Net by a remailer coder such as Eric. HOWEVER, having used the SF Net tables, I am a bit dubious about their Privacy viability in their current state. I have had bozos lean over my shoulder buggin me when I am having a "private" conversation with someone, and I have even seen people _photograph_ someone at the screen without their permission (amazing, huh?). IF there was a sort of Passport PhotoBooth approach, it might mitigate such physical problems: THEN the software end would become more feasible. Also, unless there is encryption built into SF Net (made unlikely by the overhead?), I probably wouldn't drive over from the Federal Building to log on and blow the whistle on some blue-suited government weasel. I still think that this is several stages away from being a useful idea UNTIL we have a working model with anonymity and encryption working on USENET first. >>In particular, since it is anonymity which is desired, a public place >>is sufficient. >> >>>I think Eric Hughes' argument (with due respects to Eric) about the >>>expensive economics of monitoring the kiosks falls down just a tad >>>when you consider that these would not even be _moving targets_! >> >>The cost of placing a video camera to monitor a computer inside a >>coffeehouse must also include the possibility of negative publicity >>and lawsuit when such an emplacement is discovered. Monitoring a >>public place in advance of any "crime" being committed is _very_ bad >>for job security and department funding. Well, your point is taken Eric, but I still stress that video monitoring would be trivial. First of all, if I was a three-letter agency, i SURE as hell wouldn't go to the operators of say, Brainwash Cafe and ASK to put a video cam up on the ceiling! I'd sneak in late one night and place a more sophisticated (and extremely tiny) unit over the table where it couldn't easily be found. Secondly, since when does the FBI worry about job security? I think they could easily convince a federal judge that they had reason to believe that government secrets might be leaked in public and get permission to monitor "that subversive group known as the 'Whistleblowers' and _every public terminal_ they've placed around SF." Maybe it's unlikely, but then so was the notion that CREEP would break into the Watergate Towers and stick bugs on McGovern's phones... >>>[...] but any such defenses would pale in comparison with the Privacy >>>inherent in the WB input from a single user's personal system. >> >>I am also not talking about replacing the ability to post from home. >>I am talking about expanding the number of entry points into the >>distribution system. I do understand this point, I'm just not totally convinced that public kiosks are the best solution to this problem. I am open to suggestions along this line, and I do think that it would at least be worth a test on SF Net. >>The largest benefit for public-space access is that you can use this >>if you don't have a computer at home. You can also use it if you >>don't have a computer at work. Agree 100%. I don't intend to discriminate against people just because they don't have a computer. >>>have the feeling that they would be a PRIMARY contributor to the overall >>>bullshit noise that would clutter up a decent WB systems and exponentially >>>increase the difficulty of filtering out the "good" stuff for proper use. >> >>A whistleblower system, by default, must be free of judgements about >>what is "good" to be on it and what is "bad". If someone thinks that >>something ought to be brought to light, then I say let them speak, no >>matter how trivial or inappropriate it might be. Forgive my semantics. When I say "good" (note the quotes), I refer to useful material that eventually produces the desired results. As far as the apparent triviality of an item, that is entirely up to the users (ie. the Press, Activist, or other operatives who "process" the information). As I have stated, it is not up to us to preview anything, only to help make it more likely that useful information from determined WB's with strategic info gets to the right people who can do something about it. This is a tough one, I admit. I believe that the key to this problem is part technology and part psychology: make the system easy enough to use that as many potential whistleblowers as possible will look at it, and just difficult enough so that only the most determined will actually send in their information. >>It is easy to ignore messages you don't want to consider. It is much, >>much harder to read messages that the author hesistates to write for >>fear of reprisal. A whistleblower system can tolerate more noise than >>usenet, since the core content of it can be so extremely valuable. A valid proposition. Keep in mind that part of the initial acceptance of the system among the users will be a high signal-to-noise ratio (at least during the early phases). >>If there is only access to a whistleblowing system for those who own >>computers or are provided access to them, then any such system will >>remain only a tool of the wealthy. You do not hear of abuses in labor >>law from anybody but the employees; these employees do not have >>computers. Agree 95%. >>Anybody who has NATIONAL SECRETS to tell is, I would guess, a fool to >>post twice from a particular location. Anybody who has anything >>lengthy or digitally copied to say cannot easily use this system. >>It's not conducive to digital signatures. "Level 10 WB" (with serious national secrets to divulge, such as unmentioned abuses at nuclear waste disposal plants, etc.) MUST be able to post from ANY location using a key established through preliminary contact with a WB Central User Registry. Ie., once a WB has established credentials by providing verifiable info, s/he must be given a key to a "WB PO Box" wherein s/he can leave msgs from any terminal with anonymity and encryption. FYI, a TV reporter mentioned that the most useful information usually crops up in the third or fourth contact with a WB - after all, there's a lot of preliminary "getting-to-know-each-other" formality to get past (the Trust Factor goes both ways, especially if the WB is placing him/herself in Jepoardy). Such capabilities should be built into any kiosk calling itself "fully WB-enabled." Perhaps SF Net tables could be considered "Introducing Stations" and not full-blown (pun intended) WB Stations, used only for a preliminaries. >>Public kiosks are not a panacea. To argue that they should therefore >>not exist is nonsense. I'm certainly glad I didn't say that in any way, as I hate being nonsensical. Phil Karn's excellent (and adventurous) suggestion that kiosk(s) be thought of more as a public mailbox than a public phone, strikes at the crux of the issue, though it presupposes that SF Net tables have floppy drives (of the correct type eg. Mac- or DOS-compatible drives?) and other technological amenities that they do not (yet?) have. The idea that a WB could prepare material in the privacy of his/her own home is very, very appealing. I genuinely apreciate all thoughful comments on the project. dave From internaut at aol.com Mon Apr 19 11:08:57 1993 From: internaut at aol.com (internaut at aol.com) Date: Mon, 19 Apr 93 11:08:57 PDT Subject: FWEE!: the importance of being patient Message-ID: <9304191408.tn35454@aol.com> Yo, Apropos of my earlier posting calling for a delay in the establishment of the WB remailer, I herein repost portions of Marc Ringuette's excellent comments from March 26th on Remailer strategies: >>We must address a strategy question before it jumps on us. >>Do we want to be yet another "this remailer exists, let's >>stomp on it" whipping boy, or will another tactic be more >>effective? >> >>I have the following suggestion. Do not announce our >>cypherpunks remailers right away. This is not the right time. >>Instead, announce that we intend, at a later date, to install >>remailers which are "friendly" in the sense that they use a >>special header line, but which will be not be able to be shut >>down. Essentially, Marc and I agree on this issue (if I read him correctly). Marc's point seems to be that prematurely establishing anon remailers such as the WB system before the World is really ready for them will make us vulnerable to attack on a policy level and will significantly dimish the viability of such systems in general, by opening debate on whether or not this is a good idea before most potential users even understand WHAT it is we're trying to do. >>[ My suggestion for how to do this: encourage thousands of >>users who support anonymity to run the software, and make it >>easy for them to do so. Then, thousands of users must be >>kicked out in order to prevent remailers being available! ] This gets back to what I was saying about educating WB users, providing them with friendly software and getting lots of support before going public. >>But, here's the important part, DELAY RELEASE until after a >>waiting period. The delayed release is intended to allow >>concerned network sites and individuals to install filters for >>these messages, and to allow users the time to discuss this >>(and, for instance, to voice their objections to catch-all >>anonymity filters at the news-relay level). It also prevents >>our opponents from achieving a sense of "something must be >>done" urgency. [...] I couldn't have put it better. Opponents are looking for a chink in the theoretical anon armor, and at this point there are many. Calling all remailer specialists... dave ----- ASIDE: I'm not sure how many of you saw the posting about Port Watson in the Bahamas "An Island in the Net...", but it got me to thinking about how many Cypherpunks, Extropians and Libertarians would actually be interested in collaborating on setting up a physical location for the preservation of a secure, encrypted, anon remailing site on an island not legally bound by any nation (ie. no more problems like Julf has). I suppose it's a bit fantastic to consider, but I'm looking into the viability of selling/renting my SF house and moving down there. Anyone want to join me for a meeting on this subject? Would it be appropriate for discussion at the next physical meeting? From internaut at aol.com Mon Apr 19 11:08:57 1993 From: internaut at aol.com (internaut at aol.com) Date: Mon, 19 Apr 93 11:08:57 PDT Subject: ANON: accountability Message-ID: <9304191408.tn35455@aol.com> greg at ideath.goldenbear.com contributed: >>It's this slippery notion of 'accountability' that is perhaps >>at the root of this 'anonymity' problem - the idea that there's >>gonna be some hell to pay if somebody writes to >>'postmaster at leviathan.com', and complains about Chris Jones. >>The fact is, you can mail to 'postmaster at goldenbear.com' and >>whine all you like, it's just another alias for the same damn >>person (me). I think there are going to be more & more people >>like me in the future - I *am* my boss, the postmaster, and the >>sysadmin - and if people don't like what I do or say on the >>net, that's just too damn bad. I think Greg is right on the money here. The first time someone complained to my sysadmin (me), I'd send that person a sorrowful note apologizing for the nasty-icky behaviour prompting the complaint and assuring the complainer that the offending user on my system (also me) would have his account cancelled immediately. Then, I'd go back to living my life as I please. :) Seems to me that this approach would guarantee accountability on my system and keep everyone happy. dave Level Seven Design From TO1SITTLER at APSICC.APS.EDU Mon Apr 19 12:10:27 1993 From: TO1SITTLER at APSICC.APS.EDU (TO1SITTLER at APSICC.APS.EDU) Date: Mon, 19 Apr 93 12:10:27 PDT Subject: ÿûalt.privacy.clipper Message-ID: <930419130811.1b3e@APSICC.APS.EDU> NOT all of us have usenet! Please keep convercation on cypherpunks! Kragen Sittler From fnerd at smds.com Mon Apr 19 12:14:30 1993 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Mon, 19 Apr 93 12:14:30 PDT Subject: Mad Musings/Sneath Message-ID: <9304191859.AA25735@smds.com> ld231782 at longs.lance.colostate.edu sez> > > `cypherpunk' actually has some pretty endearing qualities as a name, > and I'd be a bit horrified to give it up, just when I was waiting for > the T shirt ``Cypherpunks do it stealthily'' (secretly? sneakily?). Cypherpunks do it with Sneath. (Sneath is a road near San Francisco.) Hey, did anybody think to just mail the people on that Clipper chip announcements list and ask them how they got on it? -fnerd quote me From david at staff.udc.upenn.edu Mon Apr 19 13:03:35 1993 From: david at staff.udc.upenn.edu (R. David Murray) Date: Mon, 19 Apr 93 13:03:35 PDT Subject: How tapper works: see alt.privacy.clipper Message-ID: <9304192001.AA18866@staff.udc.upenn.edu> If it is not too late, please ignore my previous request for an explanation of how tapper works. I found the answer in alt.privacy.clipper. The missing piece of info was that the session key must be negotiated separately. -- david david at staff.udc.upenn.edu From fnerd at smds.com Mon Apr 19 13:18:00 1993 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Mon, 19 Apr 93 13:18:00 PDT Subject: AT&T Announcement? Message-ID: <9304192015.AA26036@smds.com> > AT&T announced yesterday that will will begin selling devices with these > Clippers in them immediatly. We've been sold down the river by ma bell again. > > Dave Banisar > CPSR Washington Office Does someone know how to get an official-looking printed form of this announcement? I want something to xerox and send in when I switch long distance service. -fnerd quote me From TO1SITTLER at APSICC.APS.EDU Mon Apr 19 13:26:38 1993 From: TO1SITTLER at APSICC.APS.EDU (TO1SITTLER at APSICC.APS.EDU) Date: Mon, 19 Apr 93 13:26:38 PDT Subject: Another forwarded message Message-ID: <930419142408.1d39@APSICC.APS.EDU> From: APSICC::GR2KITTRELL "TOO MANY SECRETS" 18-APR-1993 21:52:10.16 To: TO1SITTLER CC: Subj: Process From: SMTP%"igor at e5.ijs.si" 18-APR-1993 18:05:57.69 To: gr2kittrell at apsicc.aps.edu CC: Subj: (fwd) Re: Secret algorithm [Re: Clipper Chip and crypto key-escrow] Date: Mon, 19 Apr 1993 01:34:02 +0200 From: Igor Petrovski Message-Id: <199304182334.AA00721 at kekec.e5.ijs.si> To: gr2kittrell at apsicc.aps.edu Subject: (fwd) Re: Secret algorithm [Re: Clipper Chip and crypto key-escrow] Newsgroups: sci.crypt Organization: Open Systems & Networks, ijs, Slovenia Relay-Version: VMS News - V6.1 30/1/93 VAX/VMS V5.5-1; site cathy.ijs.si Path: cathy.ijs.si!arnes.si!scsing.switch.ch!ira.uka.de!sol.ctr.columbia.edu!zaphod.mps.ohio-state.edu!darwin.sura.net!haven.umd.edu!uunet!looking!brad Newsgroups: sci.crypt Subject: Re: Secret algorithm [Re: Clipper Chip and crypto key-escrow] Message-ID: <1993Apr17.204850.26711 at clarinet.com> From: brad at clarinet.com (Brad Templeton) Date: Sat, 17 Apr 1993 20:48:50 GMT References: Organization: ClariNet Communications Corp. Keywords: encryption, wiretap, clipper, key-escrow, Mykotronx Lines: 24 One presumes the system could work as follows: a) Blank clips are manufactured by Mykotronx and VLSI. The number produced is carefully audited and they are shipped to the first escrow house. It programs the chips with its half the key, and prints out a paper slip with the key half and non-secret chip serial number. The reams of paper are filed in locked boxes in the vault, a fuse is burnt in the chip so that the key is now unreadable. The chip then goes to the next escrow house, where the same thing is done. This continues through N escrow houses, perhaps, could be more than 2. The last one provides the chip to the cellular phone maker. And yes, this has to be a public key system or it would be almost impossible to handle. It might not be RSA, but that does not mean that PKP doesn't get paid. Until 1997, PKP has the patent on the general concept of public key encryption, as well as the particular implementation known as RSA. -- Brad Templeton, ClariNet Communications Corp. -- Sunnyvale, CA 408/296-0366 From robichau at lambda.msfc.nasa.gov Mon Apr 19 14:20:56 1993 From: robichau at lambda.msfc.nasa.gov (Paul Robichaux) Date: Mon, 19 Apr 93 14:20:56 PDT Subject: Intergraph speaks! (sort of) Message-ID: <9304192120.AA00819@lambda.msfc.nasa.gov> I just had a nice phonecon with Jim Ruester of Intergraph's public relations department. For those of you who don't follow CAD, Intergraph produces a line of workstations based on the Clipper CPU, a private-label RISC chip that Intergraph acquired from Fairchild some years ago. He hadn't seen the press release, or heard of the wiretap chip. His (predictable) reaction was to say that he'd forward it to their legal department. I asked that he pass any comments back to me for reposting here. A plea: please *don't* call Intergraph and bother them about this. Putting pressure on AT&T (which has announced products based on the wiretap chip) is one thing. Harrassing a company with a similarly named (and trademarked!) product, in the hope that they'll put pressure on the gov't, is nothing more than bothersome. -Paul -- Paul Robichaux, KD4JZG | HELP STOP THE BIG BROTHER CHIP! NTI Mission Software Development Div. | RIPEM key on request. From jet at nas.nasa.gov Mon Apr 19 15:34:26 1993 From: jet at nas.nasa.gov (J. Eric Townsend) Date: Mon, 19 Apr 93 15:34:26 PDT Subject: non-cypher related question on audio analysis Message-ID: <9304192234.AA26763@boxer.nas.nasa.gov> This is only the tiniest bit related to crypto, but that doesn't seem to be much outside the criteria for submissions to this list.. :-) Anyone got pointers to decoding audio tones? An intro book, source code, newsgroup, mailing list, somebody I can take to lunch? I'd like to sample audio with my SGI, and suck out various simple tones and combinations of tones. (DTMF, single pitch variant tones, etc.) thx. -- J. Eric Townsend jet at nas.nasa.gov 415.604.4311 NASA Ames Numerical Aerodynamic Simulation | play: jet at well.sf.ca.us Parallel Systems Support, CM-5 POC | '92 R100R / DoD# 0378 PGP2.1 public key available upon request or finger jet at simeon.nas.nasa.gov From andrew at cubetech.com Mon Apr 19 15:41:05 1993 From: andrew at cubetech.com (Andrew Loewenstern) Date: Mon, 19 Apr 93 15:41:05 PDT Subject: comments on the clipper Message-ID: <9304191939.AA11767@valinor.cubetech.com> Going through all the messages on the Clipper, I noticed what may be a flaw that wasn't quite addressed... The family key, which is the same for all devices, is hardwired onto the chip with the algorithm. However, the device serial number and the unit key must be burned into a ROM. This is somewhat like the EIN/MIN burned into the ROM of a cellular phone. Just ask anyone who is familiar with cellular fraud how difficult it is to change the EIN/MIN of the phone. So it should be more than possible for anyone to throw a wrench into the system by using hacked phones that have a random device serial number. In this way it would not be possible for authorities to obtain the proper unit key since the device serial number would not exist in the escrow authority's database or would have the incorrect unit key associated with it. Of course, it is possible that the scheme (i.e. the algorithm and the handshaking) is not secure. Assuming it is not truly secure, I would think that only such agencies as the NSA and FBI would have not only the resources to decrypt Clipper generated communications without the session key, but the resources to keep such equipment from public knowledge (i.e. there is a companion device that breaks such communications). It would most likely be too difficult to keep such equipment secret if it were available to local and state authorities. Furthermore, the whole idea of escrow agents is hogwash to me. How difficult is it to get someone's credit report? How difficult is it to get social security records on a person? Apparently no information held by a government or even private agency like TRW is impossible or even exceedingly difficult to obtain, and anyone wishing to intercept your communications will simply have to buy off the appropriate persons at each escrow authority. To sum up, I think the whole idea stinks. andrew From sneal at muskwa.ucs.ualberta.ca Mon Apr 19 16:03:21 1993 From: sneal at muskwa.ucs.ualberta.ca (Sneal) Date: Mon, 19 Apr 93 16:03:21 PDT Subject: The first casualty of war Message-ID: <9304192302.AA10374@muskwa.ucs.ualberta.ca> ld231782 at longs.lance.colostate.edu writes: >Who Has the Keys? >----------------- > >The evasion of `who stores the keys' makes me wonder. It suggests that >the proposal was poorly crafted (which is true in any case), but, more >likely, IMHO, the scheme is weak enough for the NSA (but maybe not >cops) to break regardless, and hence their casual disregard for this >seemingly monumentally crucial point. It appears that the opposition is using the old rhetorical trick of "begging the question." Rather than stating the important question (which is "Should there be a key registration scheme?"), they jump right over it to "Who will register the keys?". The purpose is to focus debate on the latter issue without anyone stopping to examine the former. However, two can play at that game, as in: "Nobody seems to have thought about what will happen when Clipper is broken." "Developing a system that is "impervious" (to anyone but its developers) required at least four years." Sleazy? Yeah. Not that I'm advocating fighting fire with fire or anything. From kinney at pprince.colorado.edu Mon Apr 19 16:09:38 1993 From: kinney at pprince.colorado.edu (KINNEY WILLIAM H) Date: Mon, 19 Apr 93 16:09:38 PDT Subject: True Randoms Message-ID: <9304192309.AA11889@pprince.colorado.edu> A little nuclear physics anyone? Seems like one real bitch with roll-your-own cryptography is the scarcity of good random numbers to work with. I've read about various schemes using I/O buffers, or keystroke timing like PGP does (even there, true randoms are referred to as "precious"). So I thought a bit about how one could construct a true random generating box. Went out to Sears and bought a $7 smoke detector, a "Family Gard" model FG888D, and took it apart. What's inside is a 1.0 microCurie chunk of Americium 241 (I checked other models, and they seem to all be AM241, right around the 1 uCi activity range, although I have an older one at home with 5.0 uCi). I did a little research on the isotope in the CRC Handbook and the Brookhaven National Lab's online database, and what I found was pretty interesting: About AM241: Half-Life: 458 years Decay: AM241 ---> (Neptunium 237) + (5.5 MeV alpha particle) 1.0 uCi = 37,000 decays/second average NP237 has a half-life of around 2 million years This is very good design. AM241 has only one basic decay mode, and it decays to an essentially inert daughter product without any intermediate daughters to worry about. Very simple and safe. In addition, the 1.0 uCi activity of the sample makes the decay rate just right for counting alphas with electronic devices -- a 100 KHz sample rate would be overkill for resolving individual alphas. And the half-life is long enough to make the source relatively stable over a reasonable period of use. I took my sample into the lab and it barely registered on the geiger counter, but when I set it up on a scintillating detector, I got about 1200 counts/sec above a background of 25 count/sec. A nice clear signal. Seems to me it would be pretty easy to buy a small solid-state detector and a couple of chips and wire it up to toggle a pin on an RS232 cable, giving a nice true random source -- for instance, assuming the 1200 counts/sec rate I saw in the lab, you could count alphas for 10 milliseconds and send a 1 down the cable if you saw an odd number, a 0 if you saw an even number. Could probably do better than 1200 /sec, too, I bet. Does anyone see a real need for something like this? Any hardware jocks out there who could lend some expertise? Radiological safety data (permissible quarterly intake): AM241 (oral): 7.6 uCi AM241 (inhalation): 3.8E-03 uCi NP237 (oral): 6.2 uCi NP 237 (inhalation): 2.5E-03 uCi In other words, whatever you do, don't smoke it... -- Will From cburian at uiuc.edu Mon Apr 19 17:20:17 1993 From: cburian at uiuc.edu (cburian at uiuc.edu) Date: Mon, 19 Apr 93 17:20:17 PDT Subject: send info Message-ID: <199304200020.AA11361@ux4.cso.uiuc.edu> send info #or, if you're human, _please_ send info on how to subscribe & send the FAQ. #Thanks, Chris Burian -------------------------------------------------------------------------- | Chris Burian | PGP public key available on a server near you | -------------------------------------------------------------------------- From greg at amex-trs.com Mon Apr 19 17:25:05 1993 From: greg at amex-trs.com (Greg Thompson) Date: Mon, 19 Apr 93 17:25:05 PDT Subject: Subscribing Message-ID: <9304192016.AA39795@tonga.cs90-dev.amex-trs.com> Hello, Please add me to your list of subscribers. Thanks. Greg Thompson greg at amex-trs.com From rorvig at plains.NoDak.edu Mon Apr 19 17:32:22 1993 From: rorvig at plains.NoDak.edu (Nathan Rorvig) Date: Mon, 19 Apr 93 17:32:22 PDT Subject: Unsubscribe Message-ID: Please, unsubsribe me now. Thanks. The mail volume is way to much. From fergp at sytex.com Mon Apr 19 17:54:10 1993 From: fergp at sytex.com (Paul Ferguson) Date: Mon, 19 Apr 93 17:54:10 PDT Subject: Let's see here ... Message-ID: Once again, I pull together my collective thoughts (that _was_ rather difficult) and send them along for the remainder of the cypherpunks to ponder. It would appear that several things have happened; let's see if I can summarize - - The Clinton administration was presented with a golly-gee proposal from either the NSA or the NIST (probably both) on a way to "offer" public encryption. ('Nuf said.) - From what we have surmised (researched, hypothesized and down-right taken for face value), the government (whether it be the NIST or whomever) has obviously been working on this "technology" for a few years. Albeit, their negligence to inform anyone. - Mr. Clinton and crew obligingly acknowledge this new, technological wonder, and think that they're doing us all a favor. - Enter the "Clipper Chip", and all it's fanfare. Okay. I took The Dark One's advice (not that I needed the prodding, mind you) and faxed every one of the contacts on the list that he posted earlier (a couple of which were voice numbers, BTW). The big three (ABC, NBC and CBS + CNN) got my fax and my thoughts on the subject. I'm mad as hell, too -- yet I'm more prone to bringing this highly volatile subject (it would seem that it's only an explosive situation to those of us who understand it's implications) into the public eye. Let's put this topic into proper prospective -- for the layman, for the "man in the streets." Let me try to put this into prospective for some of our less politically inclined participants. For those of you who live within earshot of the "Beltway", you are probably familiar with the G. Gordon Liddy radio show. Well, to make a long story short, one afternoon the topic was computer crime. A young man called in to express his concern with the topic of "underground" computer virus distribution and all that rot. He was talking on a deaf ear, folks. The program was dominated by yuppies, calling in worried about their precious credit records and how they could possibly be disclosed or damaged by the computer criminals. I turned off the show in disgust at that point, but the point is this: No matter how hard you attempt to bring matters into the light that the _computer_ public should be concerned about, they revert into their own realm of protected computerdom. This is an observation, not a conviction. What we need to do, is to make folks understand that this is not just a computer issue -- it's privacy issue, for cryin' out loud! If the techno-fascists within certain levels of government service think that they can _impose_ their will on the computer community at large, they are most definately ill-informed. Most would probably think that they could fluff this little tidbit of "legislation" into reality. Bottom line: I stand by the ideals that we have every right, as common citizens, to encrypt and cipher as we see fit. Legality be damned. (This is not a legality issue, for christ's sake!) This is an issue where the government is playing bully and we find ourselves on the receiving end of their quest for superiority. I urge each and every one of you to take the time to write your congressman, fax the closest televison or radio station and make this topic as public as possible! I refuse to be treated like a criminal because I desire electronic privacy. Say "No". Cheers. Oh. By the way, I'm looking for some kind sort to offer an avenue to place Legal Net News on an archive site on a regular basis. I find it extremely difficult to meet subscription requests and would prefer to offer this compilation as an anon FTP'able newsletter. Any takers? Issue 2 has bee released, which covers our recent travails .... Paul Ferguson | Uncle Sam wants to read Network Integration Consultant | your e-mail... Alexandria, Virginia USA | Just say "NO" to the Clipper fergp at sytex.com | Chip... From jet at nas.nasa.gov Mon Apr 19 18:14:40 1993 From: jet at nas.nasa.gov (J. Eric Townsend) Date: Mon, 19 Apr 93 18:14:40 PDT Subject: NSA and all this (was Let's see here ... In-Reply-To: Message-ID: <9304200114.AA02335@boxer.nas.nasa.gov> Paul Ferguson writes: > - The Clinton administration was presented with a golly-gee proposal > from either the NSA or the NIST (probably both) on a way to "offer" > public encryption. ('Nuf said.) Actually, according to an ex-NSA'er I know, probably not the NSA. They claim that this sort of thing gets attributed to them quite often when they in fact have little, if anything, to do with "minor stuff like that". They went on to say "anybody who really *needs* to have crypto cellular calls will already buys stuff from other countries and modifies it for use here." Think about the resources *that* implies. Also, if the clipper thing is "minor", I'm not sure I want to know what major is. From peb at PROCASE.COM Mon Apr 19 18:17:10 1993 From: peb at PROCASE.COM (peb at PROCASE.COM) Date: Mon, 19 Apr 93 18:17:10 PDT Subject: Mailing list name Message-ID: <9304200115.AA03350@banff> I vote for cryptoprivacy because it is more appropriate, and due to recent events, it helps to be clear about these things when the media gets involved. Examples: 1. The infamous CBS coverage of the Hacker's Conference that turned "Cracker" Conference in the nightly news regardless of what the reporters were told. 2. Notice how the NIST press release said ``This system is more secure than many other voice encryption systems readily available today. [^^^^^^^^^^^^^^^^^^^^^^ not claiming the best] While the algorithm will remain classified to protect the security of the key escrow.'' but the Knight-Ridder translated this into: ``...National Security Agency invented a new coding device, called the "Clipper Chip," which is said to be much harder to crack than encoding systems now on the market. Now the wiretap chip sounds better than any equipment on the market rather than "better than many" which is a very weak claim. Happens all the time. Information must be very clear. Punk isn't the right word. Paul E. Baclace peb at procase.com From peb at PROCASE.COM Mon Apr 19 18:42:50 1993 From: peb at PROCASE.COM (peb at PROCASE.COM) Date: Mon, 19 Apr 93 18:42:50 PDT Subject: Sound bite time Message-ID: <9304200141.AA03355@banff> Okay, here are my sound bytes: 1. The long one (needed when they try to outlaw encryption): As we move into the electronic frontier, the freedom to use crypto-privacy technology is becoming the equivalent to the right to bear arms: it is the last line of defense against a tyrannic government. The good news is that privacy is a defensive technology, not an offensive one. Giving up this un-enumerated right could be disasterous to future generations. 2. The short one (simple-minded Clipper is no good): Crypto Privacy is like a bullet proof vest for your transmitted speech; the Clipper chip is a paper jacket with extra zippers in the back. Paul E. Baclace peb at procase.com From fnerd at smds.com Mon Apr 19 19:01:07 1993 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Mon, 19 Apr 93 19:01:07 PDT Subject: The Wing-Clipper Message-ID: <9304200142.AA27709@smds.com> > Matthew Lyle (214) 888-0474 > OpenConnect Systems matt at oc.com > Dallas, TX > > "...and once you have tasted flight, you will walk the earth with your > eyes turned skyward, for there you have been, and there you long > to return..." It's the Wing-Clipper chip. Great emblem: a bald eagle with its wings clipped. -fnerd quote me From mckang at solomon.technet.sg Mon Apr 19 19:03:57 1993 From: mckang at solomon.technet.sg (Kang Meng Chow) Date: Mon, 19 Apr 93 19:03:57 PDT Subject: Subscribe me Message-ID: SUBSCRIBE ME From marc at GZA.COM Mon Apr 19 19:04:36 1993 From: marc at GZA.COM (Marc Horowitz) Date: Mon, 19 Apr 93 19:04:36 PDT Subject: Sound bite time In-Reply-To: <9304200141.AA03355@banff> Message-ID: <9304200203.AA15663@mu-hsu-chicken.aktis.com> Neither of those is aimed at Joe Average Citizen. The first isn't any good, because most people don't see any need to protect against a tyranny. The second is no good because although people might be afraid of getting shot, most people don't go around wearing bulletproof vests all the time. I'd be for something applicable and simple like "Giving the government keys to your encrypted messages is like giving them keys to the front door of your house." People can relate to that. Marc From grady at netcom.com Mon Apr 19 19:37:39 1993 From: grady at netcom.com (1016/2EF221) Date: Mon, 19 Apr 93 19:37:39 PDT Subject: Waco, crypto, and unbreakable links Message-ID: <9304200237.AA14578@netcom.netcom.com> We can only speculate that the loss of life might have been much fewer if the Branch Davidian cult had a copy of PGP as well as a 2m packet radio. They could have maintained private links with journalists who could have given us their side of the story, which now, tragically will never be told. From tcmay at netcom.com Mon Apr 19 19:42:36 1993 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 19 Apr 93 19:42:36 PDT Subject: True Randoms Message-ID: <9304200242.AA15040@netcom.netcom.com> William Kinney writes: >A little nuclear physics anyone? > >Seems like one real bitch with roll-your-own cryptography is the >scarcity of good random numbers to work with. I've read about various >schemes using I/O buffers, or keystroke timing like PGP does (even >there, true randoms are referred to as "precious"). > >So I thought a bit about how one could construct a true random generating >box. Went out to Sears and bought a $7 smoke detector, a "Family Gard" > >Does anyone see a real need for something like this? >Any hardware jocks out there who could lend some expertise? What follows is my standard "alpha particles as sources of random numbers" posting, which I have forwarded to the list a couple of times. (I'm not being at all critical of William Kinney for raising the issue again.) Quick summary: thermal noise in a back-biased diode is easier to get, has more bandwidth, doesn't have safety concerns, and is readily buildable. From: tcmay (Timothy C. May) Message-Id: <9210260530.AA00679 at netcom2.netcom.com> Subject: Alpha Particles and One Time Pads To: cypherpunks at toad.com Date: Sun, 25 Oct 92 22:30:54 PDT Cc: tcmay (Timothy C. May) X-Mailer: ELM [version 2.3 PL11] Fellow Cypherpunks, Here's a posting I just sent to sci.crypt, dealing with using alpha particle sources as noise sources for generating one-time pads. Ordinarily I wouldn't bother you folks with this, especially since you're all reading sci.crypt (aren't you? Only the FidoNetters have a good excuse not to.). But this thread ties together two aspects of my life, cryptography and alpha particle errors in chips. --Tim Newsgroups: sci.crypt Path: netcom.com!tcmay From: tcmay at netcom.com (Timothy C. May) Subject: Re: Hardware random number generators compatible with PCs? Message-ID: <1992Oct26.051612.29869 at netcom.com> Organization: Netcom - Online Communication Services (408 241-9760 guest) X-Newsreader: Tin 1.1 PL5 References: <1992Oct25.224554.1853 at fasttech.com> Date: Mon, 26 Oct 1992 05:16:12 GMT Bohdan Tashchuk (zeke at fasttech.com) wrote: : The recent post on building a random number generator using a zener diode got : me to thinking once again about commercial alternatives. : : I haven't seen any commercial alternatives discussed here recently. And since : the market is so specialized, they may well exist but I'm simply not aware of : them. : : The ideal product would have the following features: : : * cost less than $100 : * use a radioactive Alpha ray emitter as the source It's a small world! In my earlier incarnation as a physicist for Intel, I discovered the alpha particle "soft error" effect in memory chips. By 1976 chips, especially dynamic RAMs, were storing less than half a million electrons as the difference between a "1" and a "0". A several MeV alpha could generate more than a million electron-hole pairs, thus flipping some bits. (Obviously the effect of alphas on particle detectors was known, and smoke detectors were in wide use, but nobody prior to 1977 knew that memory bits could be flipped by alphas, coming from uranium and thorium in the package materials. It's a long story, so I won't say any more about it here.) : * connect to an IBM PC serial or parallel port : * be "dongle" sized, ie be able to plug directly onto the port, and : not have a cable from an external box to the port : * be powered directly from the port : * generate at least 1000 "highly random" bits per second This should be feasible by placing a small (sub-microcurie) amount of Americium-241 on a small DRAM chip that is known to be alpha-sensitive (and not all of them are, due to processing tricks). Errors would occur at random intervals, depending on which bits got hit. Getting 1000 errors a second would be tough, though, as such high intensities would also tend to eventually destroy the chip (through longterm damage to the silicon, threshold voltage shifts, etc.). If you really want to pursue this seriously, I can help with the calculations, etc. : Details: : : Certainly in high volume these things can be made cheaply. Smoke detectors : often sell for under $10, and have a radioactive source, an IC, a case, etc. Yes, but smoke detectors use ionization in a chamber (the smoke from a fire makes ionization easier). That is, no real ICs. But ICs, and even RAM chips, are cheap, so your $10 figure is almost certainly in the ballpark. A bigger concern is safety, or the _perceived_ safety. Smoke detectors have, I understand, moved away from alpha particle-based detectors to photoelectric detectors (smoke obscures beam of light). Don't underestimate the public's fear of radioactivity, even at low levels. : Using a well-designed circuit based on Alpha decay should mean that the : randomness is pretty darn good. But not necessarily any better than noise from a Zener. With the higher bit rate from diode noise, more statistical tricks can be done. The relatively low bit rate from alpha decay gives less flexibility. On the other hand, alpha hits are undeniably quite random, with essentially no way to skew the odds (unlike with diode noise). : Everyone these days has either a serial or parallel port available, either : directly or thru a switch box. : : The tiny "dongle" size is a convenience. If it is small and powered directly : from the port, there are no cables to get in the way. There is enough power : available from the signal lines on these ports to power simple devices. E.g. : most mice don't require an external power supply. : : For most applications 1000 bits per second should be adequate. For example, : it would be quite adequate for session keys. For generating pseudo : one-time-pads, an overnight run should generate plenty of values. Continuously : generating values for a month would produce about 300 MB, which should be : enough to exchange new CD-ROM key disks once a month. One time pads are complicated to use. Only very high security applications that can also afford them use them. For example, some diplomatic traffic. I can't conceive of a case where 300 MB a month could be used. And _theft_ (or copying) of the CD-ROM one time pads has got to be a much bigger issue that whether alpha particle noise sources are better than diode noise sources! By about 10 orders of magnitude I would say. Black bag jobs on the sites holding the keys will be the likeliest attack, not trying to analyze how random the noise is (even a fairly crummy noise source will not yield enough information to a cryptanalyst trying to break a one-time pad). Having said all this, I'm glad you gave some thought to alphas. For a time in the late 1970s this was the chip industry's number one headache...it was definitely the most exciting time of my life. --Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | PGP 2.0 and MailSafe keys by arrangement. From uni at acs.bu.edu Mon Apr 19 20:13:41 1993 From: uni at acs.bu.edu (Shaen Bernhardt) Date: Mon, 19 Apr 93 20:13:41 PDT Subject: Sound Bite Message-ID: <9304200313.AA107798@acs.bu.edu> "Giving the government keys to your encrypted messages is like giving them keys to the front door of your house." + "and accepting the promise, we'll only use them with proper authority." From sward+ at cmu.edu Mon Apr 19 20:52:04 1993 From: sward+ at cmu.edu (David Reeve Sward) Date: Mon, 19 Apr 93 20:52:04 PDT Subject: Sound Bite In-Reply-To: <9304200313.AA107798@acs.bu.edu> Message-ID: > "Giving the government keys to your encrypted messages is like giving > them keys to the front door of your house." > > + "and accepting the promise, we'll only use them with proper authority." "*wink* *wink*" -- David Sward sward+ at cmu.edu Finger or email for PGP public key: 3D567F Fingerprint = E5 16 82 B0 3C 96 DB 6F B2 FB DC 8F 82 CB E9 45 Stop the Big Brother Chip - Just say NO to the Clipper "Wiretap" Chip! From sasha at cs.umb.edu Mon Apr 19 21:01:14 1993 From: sasha at cs.umb.edu (Alexander Chislenko) Date: Mon, 19 Apr 93 21:01:14 PDT Subject: Is 40 bits too little? Message-ID: <199304200401.AA26166@ra.cs.umb.edu> Yes, in just a trillion iterations you can test all possible keys. But if for testing *each* key you will have to figure out whether a text /signal you produced represents sensible speech... - it may be prohibitively expensive. Alex Chislenko. From tcmay at netcom.com Mon Apr 19 21:02:58 1993 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 19 Apr 93 21:02:58 PDT Subject: (fwd) THE CLIPPER CHIP: A TECHNICAL SUMMARY Message-ID: <9304200403.AA18854@netcom3.netcom.com> Cypherpunks, Here's the most complete and readable summary of the Wiretap Chip I've seen. Ironically, it comes from none other than Dorothy, the Wicked Witch of the East, who claims she knew nothing of it until Thursday night, just before the announcement. Curiouser and curiouser. -Tim May From: denning at guvax.acc.georgetown.edu Newsgroups: sci.crypt Subject: THE CLIPPER CHIP: A TECHNICAL SUMMARY Date: 19 Apr 93 18:23:27 -0400 Distribution: world Organization: Georgetown University The following document summarizes the Clipper Chip, how it is used, how programming of the chip is coupled to key generation and the escrow process, and how law enforcement decrypts communications. Since there has been some speculation on this news group about my own involvement in this project, I'd like to add that I was not in any way involved. I found out about it when the FBI briefed me on Thursday evening, April 15. Since then I have spent considerable time talking with the NSA and FBI to learn more about this, and I attended the NIST briefing at the Department of Commerce on April 16. The document below is the result of that effort. Dorothy Denning --------------- THE CLIPPER CHIP: A TECHNICAL SUMMARY Dorothy Denning April 19, 1993 INTRODUCTION On April 16, the President announced a new initiative that will bring together the Federal Government and industry in a voluntary program to provide secure communications while meeting the legitimate needs of law enforcement. At the heart of the plan is a new tamper-proof encryption chip called the "Clipper Chip" together with a split-key approach to escrowing keys. Two escrow agencies are used, and the key parts from both are needed to reconstruct a key. CHIP STRUCTURE The Clipper Chip contains a classified 64-bit block encryption algorithm called "Skipjack." The algorithm uses 80 bit keys (compared with 56 for the DES) and has 32 rounds of scrambling (compared with 16 for the DES). It supports all 4 DES modes of operation. Throughput is 16 Mbits a second. Each chip includes the following components: the Skipjack encryption algorithm F, an 80-bit family key that is common to all chips N, a 30-bit serial number U, an 80-bit secret key that unlocks all messages encrypted with the chip ENCRYPTING WITH THE CHIP To see how the chip is used, imagine that it is embedded in the AT&T telephone security device (as it will be). Suppose I call someone and we both have such a device. After pushing a button to start a secure conversation, my security device will negotiate a session key K with the device at the other end (in general, any method of key exchange can be used). The key K and message stream M (i.e., digitized voice) are then fed into the Clipper Chip to produce two values: E[M; K], the encrypted message stream, and E[E[K; U] + N; F], a law enforcement block. The law enforcement block thus contains the session key K encrypted under the unit key U concatenated with the serial number N, all encrypted under the family key F. CHIP PROGRAMMING AND ESCROW All Clipper Chips are programmed inside a SCIF (secure computer information facility), which is essentially a vault. The SCIF contains a laptop computer and equipment to program the chips. About 300 chips are programmed during a single session. The SCIF is located at Mikotronx. At the beginning of a session, a trusted agent from each of the two key escrow agencies enters the vault. Agent 1 enters an 80-bit value S1 into the laptop and agent 2 enters an 80-bit value S2. These values serve as seeds to generate keys for a sequence of serial numbers. To generate the unit key for a serial number N, the 30-bit value N is first padded with a fixed 34-bit block to produce a 64-bit block N1. S1 and S2 are then used as keys to triple-encrypt N1, producing a 64-bit block R1: R1 = E[D[E[N1; S1]; S2]; S1] . Similarly, N is padded with two other 34-bit blocks to produce N2 and N3, and two additional 64-bit blocks R2 and R3 are computed: R2 = E[D[E[N2; S1]; S2]; S1] R3 = E[D[E[N3; S1]; S2]; S1] . R1, R2, and R3 are then concatenated together, giving 192 bits. The first 80 bits are assigned to U1 and the second 80 bits to U2. The rest are discarded. The unit key U is the XOR of U1 and U2. U1 and U2 are the key parts that are separately escrowed with the two escrow agencies. As a sequence of values for U1, U2, and U are generated, they are written onto three separate floppy disks. The first disk contains a file for each serial number that contains the corresponding key part U1. The second disk is similar but contains the U2 values. The third disk contains the unit keys U. Agent 1 takes the first disk and agent 2 takes the second disk. The third disk is used to program the chips. After the chips are programmed, all information is discarded from the vault and the agents leave. The laptop may be destroyed for additional assurance that no information is left behind. The protocol may be changed slightly so that four people are in the room instead of two. The first two would provide the seeds S1 and S2, and the second two (the escrow agents) would take the disks back to the escrow agencies. The escrow agencies have as yet to be determined, but they will not be the NSA, CIA, FBI, or any other law enforcement agency. One or both may be independent from the government. LAW ENFORCEMENT USE When law enforcement has been authorized to tap an encrypted line, they will first take the warrant to the service provider in order to get access to the communications line. Let us assume that the tap is in place and that they have determined that the line is encrypted with Clipper. They will first decrypt the law enforcement block with the family key F. This gives them E[K; U] + N. They will then take a warrant identifying the chip serial number N to each of the key escrow agents and get back U1 and U2. U1 and U2 are XORed together to produce the unit key U, and E[K; U] is decrypted to get the session key K. Finally the message stream is decrypted. All this will be accomplished through a special black box decoder operated by the FBI. ACKNOWLEDGMENT AND DISTRIBUTION NOTICE. All information is based on information provided by NSA, NIST, and the FBI. Permission to distribute this document is granted. -- From mdiehl at triton.unm.edu Mon Apr 19 21:35:40 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Mon, 19 Apr 93 21:35:40 PDT Subject: Is 40 bits too little? In-Reply-To: <199304200401.AA26166@ra.cs.umb.edu> Message-ID: <9304200423.AA04402@triton.unm.edu> > Yes, in just a trillion iterations you can test all possible keys. > But if for testing *each* key you will have to figure out whether a text > /signal you produced represents sensible speech... - it may be prohibitively > expensive. > Well, what if you're "close?" Will it sound "kinda sensible?" Perhapse it would sound like long distance.... ;^) Just a thought. +-----------------------+-----------------------------+---------+ | J. Michael Diehl ;-) | I thought I was wrong once. | PGP KEY | | | But, I was mistaken. |available| | +-----------------------------+---------+ | mdiehl at triton.unm.edu | "I'm just looking for the opportunity | | mike.diehl at fido.org | to be Politically Incorrect! | | (505) 299-2282 | | +-----------------------+---------------------------------------+ From wcs at anchor.ho.att.com Mon Apr 19 21:35:53 1993 From: wcs at anchor.ho.att.com (wcs at anchor.ho.att.com) Date: Mon, 19 Apr 93 21:35:53 PDT Subject: Is 40 bits too little? Message-ID: <9304200435.AA00977@anchor.ho.att.com> h Yes, 40 bits would be too little, especially since you can probably tell if you've got the correct key by the form of the data, but they're actually generating your 80-bit key as the XOR of two other 80-bit numbers, and searching 2**80 still takes reasonably long. Unfortunately, the method of generating the two 80-bit numbers is disturbingly suspect; see articles in sci.crypt and alt.privacy.clipper posted by Steve Bellovin and somebody with email from Martin Hellman and Dorothy Denning. Bill Stewart From 74076.1041 at CompuServe.COM Mon Apr 19 22:38:04 1993 From: 74076.1041 at CompuServe.COM (Hal) Date: Mon, 19 Apr 93 22:38:04 PDT Subject: Is 40 bits too little? Message-ID: <930420053136_74076.1041_FHD37-1@CompuServe.COM> Just to remind everyone, the clipper key is not 40 bits. It is 80 bits. It is not divided up into two 40-bit halves. It is the result of xor'ing two 80-bit numbers, each of which would be held separately. Knowing one of the numbers would not improve your chances of guessing the key. Hal From wixer!wixer.bga.com!gumby at cactus.org Mon Apr 19 23:43:34 1993 From: wixer!wixer.bga.com!gumby at cactus.org (Douglas Barnes) Date: Mon, 19 Apr 93 23:43:34 PDT Subject: Sound bite (a bit crude) Message-ID: <9304200447.AA28123@wixer> Came up during brainstorm session for article: "Clipper Chip Encryption: A leaky condom for the masses?" -- Doug (gumby at wixer.bga.com) From karn at qualcomm.com Mon Apr 19 23:53:42 1993 From: karn at qualcomm.com (Phil Karn) Date: Mon, 19 Apr 93 23:53:42 PDT Subject: Sound bite time Message-ID: <9304200653.AA10987@servo> Paul E. Baclace: >As we move into the electronic frontier, the freedom to use crypto-privacy >technology is becoming the equivalent to the right to bear arms: >it is the last line of defense against a tyrannic government. The good >news is that privacy is a defensive technology, not an offensive one. >Giving up this un-enumerated right could be disasterous to future >generations. I really, *REALLY* hope that this argument doesn't catch on. Regardless of your opinions on gun control, you have to admit that linking crypto to weapons saddles it with an enormous amount of political baggage that we simply doesn't need. And it plays right into the hands of those in the government who consider it as a "munition" for export control purposes. I think we already have plenty of strong arguments in defense of the right to encrypt without opening up this can of worms. It can only turn off a lot of people who would otherwise support us. Phil From uunet!netcom.com!tcmaydenning at guvax.acc.georgetown.edu Mon Apr 19 21:39:00 1993 From: uunet!netcom.com!tcmaydenning at guvax.acc.georgetown.edu (Timothy C. May Timothy C. May) Date: Tue, 20 Apr 93 00:39 EDT Subject: (fwd) THE CLIPPER CHIP: A TECHNICAL SUMMARYTHE CLIPPER CHIP: A TECHNICAL SUMMARY Message-ID: <9304200403.AA18854@netcom3.netcom.com> Paul Ferguson | The future is now. Network Integrator | History will tell the tale; Centreville, Virginia USA | We must endure and struggle fergp at sytex.com | to shape it. Stop the Wiretap (Clipper/Capstone) Chip. From tcmay at netcom.com Tue Apr 20 01:08:21 1993 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 20 Apr 93 01:08:21 PDT Subject: Sound bite time Message-ID: <9304200808.AA15339@netcom.netcom.com> Phil Karn, referring to some parallels with gun control, writes: >I really, *REALLY* hope that this argument doesn't catch on. >Regardless of your opinions on gun control, you have to admit that >linking crypto to weapons saddles it with an enormous amount of >political baggage that we simply doesn't need. And it plays right into >the hands of those in the government who consider it as a "munition" >for export control purposes. > >I think we already have plenty of strong arguments in defense of the >right to encrypt without opening up this can of worms. It can only >turn off a lot of people who would otherwise support us. I agree. Mentioning guns raises too many confusing issues, including emotional reactions, talk of private vs. public ownership, etc. Several decades ago it might have been better received. The compelling "sound bites" revolve around these kinds of examples: - having to deposit copies of all your private letters with the authorities, "in case" they need to later read them... - not being allowed to use locks--on anything--that the government can't bypass - recording all private conversations and escrowing the tapes, just in case the government later wants to hear them - video cameras in all bedrooms to allow the police to check for illegal activities (even with proper "court orders," most people will react with shock at this suggestion) These are things that everyone can understand. And be shocked by. When they realize just how similar the "key escrow" idea is to these examples, they may get more indignant. -Tim May -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, smashing of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available. Waco Massacre + Big Brother Wiretap Chip = A Nazi Regime From pmetzger at lehman.com Tue Apr 20 03:09:46 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Tue, 20 Apr 93 03:09:46 PDT Subject: Another Clipper Weakness In-Reply-To: <9304200403.AA18854@netcom3.netcom.com> Message-ID: <9304201009.AA21829@snark.shearson.com> Another clipper weakness. The unit key is derived directly from the serial number for the chip. We are supposed to feel comfy that the unit key is 80 bits long -- but the unit serial numbers are only 30 bits long! Am I crazy, or could you could systematically generate all possible unit keys! Perry From jrk at information-systems.east-anglia.ac.uk Tue Apr 20 03:21:00 1993 From: jrk at information-systems.east-anglia.ac.uk (Richard Kennaway) Date: Tue, 20 Apr 93 03:21:00 PDT Subject: True Randoms Message-ID: <23693.9304201020@sys.uea.ac.uk> I have seen mentioned in sci.electronics (not recently) that true random number generator chips are available off-the-shelf. Texas Instruments was mentioned as one source, but I don't remember details. -- ____ Richard Kennaway \ _/__ School of Information Systems Internet: jrk at sys.uea.ac.uk \X / University of East Anglia uucp: ...mcsun!ukc!uea-sys!jrk \/ Norwich NR4 7TJ, U.K. From pcw at access.digex.com Tue Apr 20 05:21:01 1993 From: pcw at access.digex.com (Peter Wayner) Date: Tue, 20 Apr 93 05:21:01 PDT Subject: Objections... Message-ID: <199304201220.AA27725@access.digex.com> I think one very serious objection to the SkipJack system is that the secrecy prevents us from coming up with Software implementations of the system. Naturally, they don't want that to happen because people start finding easy ways to screw up the encrypted block of key information needed by the government. But regardless of that, software implementations of DES have been extremely useful for everyone. There is probably 10 times as much encryption done using software DES than hardware. Maybe 1000 times as much. The fact is that software protection is much easier for the public to use. They don't need to buy an extra chip for their computer. They just run some software. It's cheaper. More populist. I think this is the most practical and non-inflamatory argument for public access to the algorithm. -Peter Wayner From robichau at lambda.msfc.nasa.gov Tue Apr 20 06:03:37 1993 From: robichau at lambda.msfc.nasa.gov (Paul Robichaux) Date: Tue, 20 Apr 93 06:03:37 PDT Subject: NPR piece on "Clipper Chip" this morning Message-ID: <9304201303.AA23547@lambda.msfc.nasa.gov> NPR did a (for them, anyway) well-balanced piece on the wiretap chip this morning. Per their standard, the reporter (Dan Charles) had sound bites from both sides: Whit Diffie, representing the strong-privacy-through-crypto crowd, and the (acting?) director of NIST, Raymond whose-last-name-I-forget. Highlights: Diffie compared Clipper to a real estate lockbox. The feds don't have to have the key to the house (=phone), just the key to the lockbox. If you change your Clipper key, the chip keeps a copy. NIST guy said that he strongly supports individual privacy, but law enforcement needs have to be counted, too. Diffie (rough quote): "Technology makes policy. If the gov't spends hundreds of millions of dollars on a chip which allows them to tap phones, they will do so because the technology's there." Good for NPR. A balanced piece. -Paul -- Paul Robichaux, KD4JZG | HELP STOP THE BIG BROTHER CHIP! NTI Mission Software Development Div. | RIPEM key on request. From zane at genesis.mcs.com Tue Apr 20 06:35:33 1993 From: zane at genesis.mcs.com (Sameer Parekh) Date: Tue, 20 Apr 93 06:35:33 PDT Subject: CLIP: Revised sample letter Message-ID: I finished my letter about the wiretap chip. (I still need to proof for grammar, but the content I have set.) I'm posting it here so others may see it and their efforts could be aided. Feel free to distribute this AS MUCH as possible. If you want to comment on the letter, so so publicly, because I am sending this tomorrow morning and sending to me privately will do no good-- I will have sent it by the time I read your comments. Comments *will* be helpful though for other people. I will keep the lists informed as to what response I get from my letter if people wish. -- | Sameer Parekh-zane at genesis.MCS.COM-PFA related mail to pfa at genesis.MCS.COM | | Apprentice Philosopher, Writer, Physicist, Healer, Programmer, Lover, more | | "Be God" - Me __ "Specialization is for Insects" - Robert A. Heinlein ____/ Editor: The Clinton administration on Friday unveiled their plan for establishing a standard data encryption system for voice communications. President Clinton says that he wants to bring the United States into the twenty-first century. This proposal is bringing us to 1984. I will mention first the technical reasons why the system is inadequate. The encryption algorithim is classified; only a select group of people will be allowed to examine the algorithim for flaws. The members of the cryptographic community continually and persistently emphasize that the only way to ensure security in a cryptographic system is to have as many people as possible analyze and try to break it for as long as possible. A system which has been examined by a small segment of the population should not be trusted. Release of the algorithim is crucial to verification of a good encryption method. The earlier Data Encryption Standard (DES) for data storage encryption was a very strong standard; the academic world examined it and after a number of months found weaknesses, spawning the now-standard "triple-DES" system which is more secure. From what little is known about the encryption system, it appears to be a weak system. Such a weak system lends itself to easy decryption by an unauthorized party. It would lend a false sense of security to laypersons in the field who do not realize that a key of such simplicity could be cracked easily by any talented criminal. The necessarily secure communications between a doctor and his patient could be thus breached. If the system were strong, the government would use it for internal use, but according to the AT&T release, the government will not be using the same chip which is marketed to consumers. Apart from the technical flaws in the system, there are many political problems with this big brother proposal. First, there is the assumption that the government has a right to spy on its own citizens. The proposal for this wiretap chip includes the registration of keys with two escrow agencies. This proposal is purported to allow law enforcement to keep track of "terrorists" and "drug-dealers." The first flaw in this key-escrow system is that no self-respecting criminal will use a cryptography system which can be easily tapped by law enforcement officials-- they will use strong cryptography. The only people who may end up using the wiretap encryption system will be law-abiding laypeople who don't fully understand cryptography. (Law-abiding citizens who do understand cryptography will use strong cryptography to preserve their privacy from a talented criminal.) The proposal states that in order to obtain the key of a wiretap chip user a law enforcement agency must first establish that they have a valid interest in the key. Translated out of legalese, that means that all a government agency will have to do to get access to all of the private communications, for example, between a lawyer and her client will be to fill out the necessary forms. Registering cryptographic keys with the government is similar to giving the IRS the keys to your house and filing cabinet. A criminal who wants access to the communications between a priest and confessor needs only to find a corrupt judge. The chip is being manufactured exclusively by one company. The release stated that the Attorney shall request (i.e. coerce) telecommunication product manufacturers to use this product. This aspect of the system is a government-mandated monopoly. Such monopolies result in high prices and the elimination of market forces which drive the improvement of technology. (One needs only look at the state of the Soviet Union to see how the lack of market forces affects consumer technology.) The system exposes our President's hypocrasy because of his campaign promise to protect womens' rights to privacy and that he will see a Supreme Court nominee who believes that the Bill of Rights guarantees a right to privacy. By mandating a weak cryptosystem he is reneging on his promise to provide privacy rights to the nation's citizenry. If Clinton supported a right to privacy to limit government interference with regards to abortions, he must limit government interference with regards to communication. Another element of Clinton's hypocrasy lies in his promise to reduce the budget deficit. By introducing additional responsibilities for government agencies (keeping track of the millions of keys registered in escrow) he is only using our tax dollars to invade our privacy, tax dollars which are better spent lowering the budget deficit. What I fear most from the proposal is that if the wiretap chip becomes the standard, strong cryptography will be declared illegal. If such is the case, then only criminals will have access to strong cryptography. As I have stated above-- the wiretap chip will not be used by criminals because of the obvious flaws in the crypto-system-- criminals will use strong crypto, while law-abiding citizens will have to use a system which can be easily defeated by any criminal. Strong cryptography already exists for data communications, for -free-. Strong cryptography for voice communications for -free- is only a few months away for people who own a personal computer. There is no way that making strong cryptography illegal will stop it-- it will only turn otherwise law-abiding citizens into criminals. Sincerely, Sameer Parekh 829 Paddock Lane Libertyville, IL 60048-3743 zane at genesis.mcs.com 708-362-9659 From pat at tstc.edu Tue Apr 20 06:43:02 1993 From: pat at tstc.edu (Patrick E. Hykkonen) Date: Tue, 20 Apr 93 06:43:02 PDT Subject: Waco, crypto, and unbreakable links Message-ID: <9304201342.AA08444@tstc.edu> > We can only speculate that the loss of life > might have been much fewer if the Branch Davidian > cult had a copy of PGP as well as a 2m packet > radio. > > They could have maintained private links with journalists > who could have given us their side of the story, which > now, tragically will never be told. I thought about this yesterday at lunch, at about the time the fire started in the Davidian compound. Only as it applies to the overthrow of a government or such. Agree on the initial frequency and time, then send the next frequency and time encoded in the message text to avoid jamming. "A rebellion is not a few men huddled around a candle talking in whispers. But a large, well funded, organization with an intricate communications network." - Unknown -- Pat Hykkonen, N5NPL Texas State Technical College at Waco {pat,postmaster}@tstc.edu Instructional Network Services PGP Key available by finger. 3801 Campus Dr. Waco, Tx 76705 V:(817) 867-4830 F:(817) 799-2843 From jim at tadpole.com Tue Apr 20 08:41:58 1993 From: jim at tadpole.com (Jim Thompson) Date: Tue, 20 Apr 93 08:41:58 PDT Subject: (fwd) THE CLIPPER CHIP: A TECHNICAL SUMMARY In-Reply-To: <9304200403.AA18854@netcom3.netcom.com> Message-ID: <9304201041.ZM1104@chiba> Note that SCIF is not Secure Computer Information Facility, its Secure Compartment(alized) Information Facility. One can only wonder what else Dottie Denning got wrong. What happens to the disk that has 'U' on it? :-) Jim From 74076.1041 at CompuServe.COM Tue Apr 20 08:56:46 1993 From: 74076.1041 at CompuServe.COM (Hal) Date: Tue, 20 Apr 93 08:56:46 PDT Subject: Another Clipper weakness Message-ID: <930420155129_74076.1041_FHD54-1@CompuServe.COM> Perry asks about the 30-bit serial number. Actually, it appears that the unit key UK is a function of the serial number plus the two 80-bit random numbers input by the escrow agents when the chips are programmed. This would prevent an easy guessing attack as long as these random numbers S1 and S2 are unknown. The one problem is that S1 and S2 are not changed for each chip, but are rather kept the same in programming a batch of about 300 chips. Then they are supposed to be destroyed. The potential weakness is that if someone managed to keep a copy of the S1 and S2 values which were used to program all clipper chips (only about 3000 such values for a million chips), then Perry's suggested attack could work. This would be few enough bits that the unit key could be guessed. Those who are asked to judge the safety of the system will presumably pay careful attention to the measures used to insure that S1 and S2 are not saved. I don't know how they'll check for NSA micro-cameras in the vault ceiling, though... Hal From dstalder at gmuvax2.gmu.edu Tue Apr 20 09:10:21 1993 From: dstalder at gmuvax2.gmu.edu (Darren/Torin/Who ever...) Date: Tue, 20 Apr 93 09:10:21 PDT Subject: WIRETAP: Non-technical statement Message-ID: <9304201606.AA10704@gmuvax2.gmu.edu> I've had some people ask me about a non-technical synopsis of the Wiretap Chip proposal. What follows is it. Can you please look over it for errors? I am still very much the amateur when it comes to cryptography. The WIRE-TAP Proposal: Problems with it. The White House sent out a press release on Friday 16 April about a voice encryption chip called the Clipper chip. This has come to be known as the Wiretap chip since it allows any Law Enforcement agency to automatically decrypt any conversations made with it with a search warrant. The LE presents said search warrant to two different escrow agencies to obtain the keys (80 bits long) that automatically decrypts your conversation. The Electronic Freedom Foundation (EFF) and the Computer Professionals for Social Responsibility (CPSR) have both criticized the proposal. There was even a negative article already in Network World (19 Apr 93). The paragraphs that follow are facts and problems I have collected by listening to other discuss the Wiretap chip. Say you wanted to encrypt your talk with someone over a phone. Well, since you and the person you want to talk to both have the Wiretap (Clipper) chip in your phones, you can automatically encrypt your conversation. All fine and good encryption for the consumer. Now, what if you come under investigation by the local constabulary? The get a court order and ask the escrow agencies (non-law enforcement types) for your key. They already have the family key since that is the same in each chip. They now have your specific key. With these two keys, they can decrypt all conversations that you have. This includes conversations that are not legal to wiretap such as attorney-client, doctor-patient and so on. They also have that key for any all future sessions that you use that phone for. Start to see the problem? This part is all legal... Search warrants are even exceedingly easy to get at times. There have been reports of the FBI get groups of 50 signed and blank search warrants from the DoJ. Now, there are other problems. Would you give the IRS keys to your house and filing cabinet as long as they promised that they would only use it under proper authorization? The key length of 80 bits is still considered cryptographically weak. It would take determined effort by an agency with a supercomputer but your key could be broken. The cryptographic algorithm is also being kept classified. This is not the usual practice. In the cryptographic community, algorithms are public. This way people can be assured there aren't any back doors and that the algorithm can stand on its own strengths, not that of secrecy. It has also been hinted at by NIST (the agency behind the technical implementation of the chip.) that the chip could be compromised if the algorithm was made public. It is not that difficult to reverse engineer a chip these days. Finally, some of the implications behind this announcements are dire. The Wiretap chip could become the market or legislative standard. This could mean that other implementations of cryptographic voice transactions would be very difficult to obtain or would be illegal to obtain. Why would a criminal use the Wiretap chip when they knew it wouldn't encrypt their conversations against the LE agencies? They wouldn't, they would use other encryption technologies. Would this mean that using something other than the Wiretap chip is probable cause and puts you under suspicion? One last fishy thing is that AT&T has already (on the same day) announced phones with this chip. This implies (means?) that AT&T has known about this chip for a while. They seem to be more concerned about getting a jump on the competition than producing a product that will actually give their users real security. 'Course, there is the question of collusion between the governement and industry. Only two companies will be allowed to manufacture the chip, VLSI and Mykotronix. Jeff Hendy, director of new product marketing for VLSI, says his company expects to make $50 million of the chip in the next 3 years. (This from the San Jose Mercury News.) Hopefully, I haven't left stuff out. I am going to forward this to cypherpunks for the experts there to check it out. Think free, -- Defeat the Torin/Darren Stalder/Wolf __ Wiretap Chip Internet: dstalder at gmuvax2.gmu.edu \/ PGP2.x key available. Proposal! Bitnet: dstalder at gmuvax Finger me. Write me for Sprintnet: 1-703-845-1000 details. Snail: 10310 Main St., Suite 110/Fairfax, VA/22030/USA DISCLAIMER: A society where such disclaimers are needed is saddening. From peb at PROCASE.COM Tue Apr 20 10:31:28 1993 From: peb at PROCASE.COM (peb at PROCASE.COM) Date: Tue, 20 Apr 93 10:31:28 PDT Subject: Sound bite time Message-ID: <9304201727.AA03474@banff> I like the newer sound bites. ``Having to deposit copies of all your private letters with the authorities, "in case" they need to later read them...'' and ``Giving the government keys to your encrypted messages is like giving them keys to the front door of your house.'' seem best. Phil, About the right to bear arms and crypto-privacy...you are right--it is not a good sound bite for J. Q. Public, but could be a good angle for *understanding* (uhg, I hate this sound bite stuff.) Paul E. Baclace peb at procase.com From wcs at anchor.ho.att.com Tue Apr 20 10:35:05 1993 From: wcs at anchor.ho.att.com (wcs at anchor.ho.att.com) Date: Tue, 20 Apr 93 10:35:05 PDT Subject: Wiretapping chip: vid clips & sound bites Message-ID: <9304201734.AA09381@anchor.ho.att.com> I strongly agree with Ray Cromwell's suggestions that we consistently refer to "the wiretap chip", and avoid "drug dealer" examples. One that might be closer to home when you need an example is "Suppose the IRS thinks you may have cheated on your income tax and decides they want to wiretap your phone ..." It's within the range of things people imagine could happen to them, and it makes the point that it's *their* phone that's being trapped, not some public enemy bogeyman. Making it personal is important... Bill # Bill Stewart wcs at anchor.ho.att.com +1-908-949-0705 Fax-4876 # AT&T Bell Labs, Room 4M-312, Crawfords Corner Rd, Holmdel, NJ 07733-3030 From jet at nas.nasa.gov Tue Apr 20 10:40:23 1993 From: jet at nas.nasa.gov (J. Eric Townsend) Date: Tue, 20 Apr 93 10:40:23 PDT Subject: Waco, crypto, and unbreakable links In-Reply-To: <9304200237.AA14578@netcom.netcom.com> Message-ID: <9304201740.AA18148@boxer.nas.nasa.gov> 1016/2EF221 writes: > We can only speculate that the loss of life > might have been much fewer if the Branch Davidian > cult had a copy of PGP as well as a 2m packet > radio. Yes, we can only speculate. We can only speculate what would have happened if the members who had left had told what they knew -- they had/have many chances, including one member who called media from prison. Maybe the BD's didn't have anything to say in the first place? Koresh et al got plenty of radio time, and had even more time offered. His lawyers negotiated with media for film rights... I don't think PGP/packet would have helped him a bit. Having all his neurons operating in a reality the rest of us live in might have helped a bit more. (I used to live in Texas, and have long known of the "Wackos in Waco", so my sympathy level is a bit low...) From hughes at soda.berkeley.edu Tue Apr 20 11:01:07 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Tue, 20 Apr 93 11:01:07 PDT Subject: Ad hoc Cypherpunks meeting April 24 Message-ID: <9304201754.AA23465@soda.berkeley.edu> ANNOUNCEMENT ============ Ad Hoc Cypherpunks Meeting on the recent Wiretap Chip proposal. Where: Cygnus Support, Mt. View (directions follow) When: 12:00 noon sharp - 6:00 p.m. I'm mad as hell. I know that a lot of other folks are too. So I'm calling an ad hoc meeting to vent some spleen, to calm our heads, and to plan a counterattack. If you have any interest in this whatsoever, please attend. As with all cypherpunks meetings, this meeting is open. Tell anyone you want to tell. Show up. Encourage your friends to show up. I'm going to try to get some of the folks from RSA Data Security to show up, as well as some others who would normally not attend. Eric Hughes cypherpunks list and ftp maintainer AGENDA ====== 12:00 - 6:00 Wiretap chip discussions. There will be a break. DIRECTIONS ========== Cygnus Support 1937 Landings Drive Mt. View, CA 94043 +1 415 903 1400 switchboard +1 415 903 1418 John Gilmore Take US 101 toward Mt. View. From San Francisco, it's about a 40-minute drive. Get off at the Rengstorff Ave/Amphitheatre Parkway exit. If you were heading south on 101, you curve around to the right, cross over the freeway, and get to a stoplight. If you were heading north on 101, you just come right off the exit to the stoplight. The light is the intersection of Amphitheatre and Charleston Rd. Take a right on Charleston; there's a right-turn-only lane. Follow Charleston for a short distance. You'll pass the Metaphor/Kaleida buildings on the right. At a clump of palm trees and a "Landmark Deli" sign, take a right into Landings Drive. At the end of the road, turn left into the complex with the big concrete "Landmark" sign. Follow the road past the deli til you are in front of the clock tower that rises out of one of the buildings, facing you. Enter through the doors immediately under the clock tower. They'll be open between noon and 1PM at least. (See below if you're late.) Once inside, take the stairs up, immediately to your right. At the top of the stairs, turn right past the treetops, and we'll be in 1937 on your left. The door is marked "Cygnus". If you are late and the door under the clock tower is locked, you can walk to the deli (which will be around the building on your left, as you face the door). Go through the gate in the fence to the right of the deli, and into the back lawns between the complex and the farm behind it. Walk forward and right around the buildings until you see a satellite dish in the lawn. Go up the stairs next to the dish, which are the back stairs into the Cygnus office space. We'll prop the door (or you can bang on it if we forget). Or, you can find the guard who's wandering around the complex, who knows there's a meeting happening and will let you in. They can be beeped at 965 5250, though you'll have trouble finding a phone. Don't forget to eat first, or bring food at noon! I recommend hitting the burrito place on Rengstorff (La Costen~a) at about 11:45. To get there, when you get off 101, take Rengstorff (toward the hills) rather than Amphitheatre (toward the bay). Follow it about ten blocks until the major intersection at Middlefield Road. La Costen~a is the store on your left at the corner. You can turn left into the narrow lane behind the store, which leads to a parking lot, and enter by the front door, which faces the intersection. To get to the meeting from there, just retrace your route on Rengstorff, go straight over the freeway, and turn right at the stoplight onto Charleston; see above. See you there! John Gilmore From TO1SITTLER at APSICC.APS.EDU Tue Apr 20 12:23:58 1993 From: TO1SITTLER at APSICC.APS.EDU (TO1SITTLER at APSICC.APS.EDU) Date: Tue, 20 Apr 93 12:23:58 PDT Subject: cypherpunks vs. cryptoprivacy Message-ID: <930420132135.2132@APSICC.APS.EDU> I agree with those who think that "CypherPunks" is a bad name for the list. It brings up negative associations in the minds of outsiders, who are, after all, the people who we want to influence against the Big Brother wiretap chip. Kragen From 74076.1041 at CompuServe.COM Tue Apr 20 13:13:48 1993 From: 74076.1041 at CompuServe.COM (Hal) Date: Tue, 20 Apr 93 13:13:48 PDT Subject: Another Clipper weakness Message-ID: <930420195747_74076.1041_FHD36-1@CompuServe.COM> -----BEGIN PGP SIGNED MESSAGE----- From: "Perry E. Metzger" > I've just looked over the proposal again, and I've seen no mention of > random inputs -- only that the 30 bit key would get a "fixed 34 bit > padding" added to it. Here is what Denning's writeup says: At the beginning of a session, a trusted agent from each of the two key escrow agencies enters the vault. Agent 1 enters an 80-bit value S1 into the laptop and agent 2 enters an 80-bit value S2. These values serve as seeds to generate keys for a sequence of serial numbers. To generate the unit key for a serial number N, the 30-bit value N is first padded with a fixed 34-bit block to produce a 64-bit block N1. S1 and S2 are then used as keys to triple-encrypt N1, producing a 64-bit block R1: R1 = E[D[E[N1; S1]; S2]; S1] . Similarly, N is padded with two other 34-bit blocks to produce N2 and N3, and two additional 64-bit blocks R2 and R3 are computed: R2 = E[D[E[N2; S1]; S2]; S1] R3 = E[D[E[N3; S1]; S2]; S1] . R1, R2, and R3 are then concatenated together, giving 192 bits. The first 80 bits are assigned to U1 and the second 80 bits to U2. The rest are discarded. The unit key U is the XOR of U1 and U2. U1 and U2 are the key parts that are separately escrowed with the two escrow agencies. Here, the notiation E[X; Y] means to encrypt 64-bit number X using 80-bit key Y with the Skipjack algorithm. U1 and U2 come from concatenating R1, R2, and R3. Each of R1, R2, and R3 is a function not only of N, the serial number, along with the 3 fixed 34-bit blocks, but also S1 and S2, the two random numbers entered by agents from the escrow organizations. > > The one problem is that S1 and S2 are not changed for each chip, but are > > rather kept the same in programming a batch of about 300 chips. Then > > they are supposed to be destroyed. > > This was not clearly implied, either. Furthermore, no clear reason has > been stated why all this complexity is needed and U1 and U2 can't just > be randomly generated. All Clipper Chips are programmed inside a SCIF (secure computer information facility), which is essentially a vault. The SCIF contains a laptop computer and equipment to program the chips. About 300 chips are programmed during a single session. The SCIF is located at Mikotronx. I agree that the process seems complex. Why should the keys U1 and U2 be correlated with the serial number in this way? Here is one thought: The most straightforward approach would be to get two random seeds, S1 and S2, and use them to run a PRNG that produces U1 and U2, the two key-halves, and N, the serial number. But the problem with this is that you are depending on the security of your PRNG to ensure that there is no correlation between N and U1/U2. Ordinary PRNG's might allow some correlation to exist. This would be weak because then just knowing the N of your chip might allow a good organization like NSA to crunch out U1 and U2 without going through the escrow agencies, by exploiting weaknesses in the PRNG. Instead, they go through a roundabout process which appears to show that the relationship between N and U1/U2 is as strong as the Skipjack algorithm itself, in fact when run in a triple-encryption mode. If NSA had a way, given N, to produce U1/U2, then it would appear that they must be able to break Skipjack, in which case they wouldn't need U1/U2. So this key generation process can be argued not to introduce any new vulnerability in the system. Hal -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK9QrV6gTA69YIUw3AQGGrAP/Rmx0H603b1EdBIsiGuc637wptW133IFU /irxw+aCPrL3yOzuBTQbUW+LeMIwpC+Y8DARkAohxnIjhuu/aQXVnIvJPPiUSPr0 fz2PLxhA5tgjVAH0e5xvl9K+CgWnRXazd9Tp+Zbi/xAiWz0PI6kff4QtNG13p1xw /V0dGDb4tec= =XgfH -----END PGP SIGNATURE----- From pmetzger at lehman.com Tue Apr 20 13:32:50 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Tue, 20 Apr 93 13:32:50 PDT Subject: Another Clipper weakness In-Reply-To: <930420195747_74076.1041_FHD36-1@CompuServe.COM> Message-ID: <9304202032.AA23137@snark.shearson.com> Hal says: > Here is what Denning's writeup says: > > At the beginning of a session, a trusted agent from each of the two key > escrow agencies enters the vault. Agent 1 enters an 80-bit value S1 > into the laptop and agent 2 enters an 80-bit value S2. These values > serve as seeds to generate keys for a sequence of serial numbers. > > To generate the unit key for a serial number N, the 30-bit value N is > first padded with a fixed 34-bit block to produce a 64-bit block N1. > S1 and S2 are then used as keys to triple-encrypt N1, producing a > 64-bit block R1: [...] I've reread the text again. There seems to be no assurance at all that S1 and S2 are random or that they are not the same for all chips. There also seems to be no rational explanation of why N is only thirty bits long -- its a strange number in the modern world of computing. > I agree that the process seems complex. Why should the keys > U1 and U2 be correlated with the serial number in this way? Here is > one thought: > > The most straightforward approach would be to get two random seeds, > S1 and S2, and use them to run a PRNG that produces U1 and U2, the > two key-halves, and N, the serial number. The number N is not secret and is not random -- it is therefore not necessary that the PRNG generate N, and indeed N is not generated, it is given. Its presumably just an ordinary serial number. > But the problem with this is that you are depending on the security > of your PRNG to ensure that there is no correlation between N and > U1/U2. Ordinary PRNG's might allow some correlation to exist. This > would be weak because then just knowing the N of your chip might allow > a good organization like NSA to crunch out U1 and U2 without going > through the escrow agencies, by exploiting weaknesses in the PRNG. > > Instead, they go through a roundabout process which appears to show that > the relationship between N and U1/U2 is as strong as the Skipjack > algorithm itself, in fact when run in a triple-encryption mode. > If NSA had a way, given N, to produce U1/U2, then it would appear > that they must be able to break Skipjack, in which case they wouldn't > need U1/U2. So this key generation process can be argued not to > introduce any new vulnerability in the system. Why not just generate U1 and U2 by a more straighforward approach that doesn't involve strange padding and odd randomly selected constants? Indeed, why not just use true random numbers? Surely a radioactive source isn't unavailable to Mykotronix. Furthermore, Denning says about 300 chips are programmed in a batch using baroque methods in a vault. Well, folks, that just won't do if twenty or thirty million of these babys are being sold a year -- or even if just five million are sold a year. Seems to me that the processing is going to have to get more efficient, and likely thus much more sloppy. Perry From szabo at techbook.com Tue Apr 20 13:33:45 1993 From: szabo at techbook.com (Nick Szabo) Date: Tue, 20 Apr 93 13:33:45 PDT Subject: WIRETAP: Non-technical statement In-Reply-To: <9304201609.AA20256@churchy.gnu.ai.mit.edu> Message-ID: > [proposed press statement] > .... > This has come to be known as the > Wiretap chip since it allows any Law Enforcement agency to automatically > decrypt any conversations made with it with a search warrant. > ... I understand there are some situations where law enforcement agencies can gain access to keys _without_ a search warrant, and furthermore access to the keys allows wiretapping of conversations that go well beyond the scope of the search warrant. This might be better phrased "with, or in many cases even without, a search warrant". Does anybody know of specific examples of wiretapping without a search warrant, or beyond the scope of the search warrant that we can cite? Especially famous ones (didn't Nixon wiretap somebody?) Question: does there need to be a warrant to search *both* parties in a conversation, or just one? What if one of the parties is a foreign citizen calling from their homeland? What about conference calls? In addition to lawyer-client and doctor-patient conversations, ubiquity of the wiretap chip allows the U.S. government exclusive access to recording the following calls under the rubric of a "secure" system: * husband-wife * psychologist-client * priest-confessor * foreign tourists, businessmen, and diplomats * international phone calls * phone calls outside the U.S. involving Clipper phones (last I heard AT&T was planning to export the wiretap chip phone, can that be verified?) * etc. We might design a special press release to be sent to the *international* press and foreign companies. We might especially target electronics giants like Matsushita, Phillips, Siemens, Fujitsu, NEC, etc. that can make alternative chips if they feel there is market demand for privacy from U.S. spooks who speak of using the wiretap chip to "enhance U.S. economic competitiveness". This might be a joint venture with U.S. companies like Security Technologies Inc. that AT&T and the U.S. government have screwed with their collusion. The vast majority of consumer-product chips are manufactured outside the U.S. It is doubtful that VLSI can compete, much less corner the market if international concern is raised over the potential U.S. wiretapping monopoly. However, we do need to do this in such a way that we do not encourage foreign government escrow-key schemes. Let's use the term "wiretap chip" for the entire class of escrow-key hardware schemes. I think we have a shot at giving the entire class of Denning-style schemes a bad reputation in the international community. One desirable foreign government action would be to ban the import of phone equipment containing escrow-key chips from the U.S.; a very undesirable outcome is for foreign governments to set up their own escrow-key systems. Primarily, we want to give wiretap chips a bad reputation in the market. We also need to dig up information on the phone call archives being kept by the NSA and other agencies. How extensive are they? Is there any guarantee phone calls will be deleted after some period, or are phone calls once tapped stored forever on some CD-ROM? Can foreign companies operating in the U.S. have any confidence that the U.S. government is not wiretapping their phones, gleaning trade secrets and distributing them to favored U.S. megacorps like AT&T? If we don't have answers to these questions we need to ask them, in public and often. Nick Szabo szabo at techbook.com From ld231782 at longs.lance.colostate.edu Tue Apr 20 14:01:03 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Tue, 20 Apr 93 14:01:03 PDT Subject: Denning Unmasked Message-ID: <9304202034.AA24791@crestone> Denning, April 19 >I'd like to add that I was not in >any way involved. I found out about it when the FBI briefed me on >Thursday evening, April 15. Mr. May calls Mrs. Denning's claims that she was ``not in any way involved'' with this project ``curious''. I'm a bit amazed at everyone's tiptoeing around Mrs. Denning and reluctance to challenge her outright given overwhelming evidence as to her two-facedness. Maybe it is her established reputation in the field, maybe it is her cryptography book, maybe it is her participation at conferences like CFP. Nevertheless, I cannot let lies stand. Mrs. Denning wants to have her cake and eat it too. She wants to be perceived as an unbiased academic and taken seriously for her participation in scientific forums. She also wants to mask her involvement in this proposal, which for me, appears unequivocal, and only the *degree* and *extent* is unclear. I cannot comprehend how she cannot be involved. It would not be so outrageous if she stated that ``I cannot comment on my involvement for obvious reasons''. But her denial to me has all the signs of a desperate fabrication. Lets look at what she's done: 1. She was the *first*, if I'm not mistaken, to bring up the idea of splitting keys among impartial agencies many months ago on sci.crypt after the firestorm and barrage of protests on the initial balloon on key registration. 2. She has shown ``prescient insight'' (as another tiptoer noted on sci.crypt) into anticipating major aspects of the proposal. Key registration itself was largely unheard-of until she began advocating the idea. She posts a massive technical description to sci.crypt less than a week after her initial ``briefing''. 3. The rhetoric (more aptly called propaganda) of the public announcement closely mirrors words and arguments she used in the initial debate on sci.crypt, esp. the ``need to balance legitimate law enforcement goals with privacy.'' 4. Since she persists in her sheer, ugly chutzpuh, and people here and on sci.crypt are still pussyfooting around her, I must offer my new evidence. In early April I became extremely concerned about her continuing advocation of key registration in the recent further CACM articles in the face of such vocal opposition and defiance on sci.crypt. I was astonished with the claims in her latest posting to sci.crypt when I read it on 28 March, and replied to it. I expressed my appreciation for her postings, because ``you're definitely one of the most highly regard personalities in this area posting publicly,'' (I was disenchanted enough then not to say `authority') and I wrote of my extreme concern with her seeming evasion of addressing critical aspects of the key-registration idea from a scientific standpoint. I advised her to ``abandon the idea to salvage the remainder of your reputation''. I will be quoting only some critical parts of her letter now (there is only one, but it speaks volumes), and I ask that I not be assaulted for this, because in my opinion the extreme circumstances merit it, and her hypocrisies cannot go unchallenged! Her comments follow her pattern of revealing a few more details of the overall plan after being violently assaulted on the revealed ones. (I remind the reader that this all transpired before any knowledge on my part whatsoever of the Clipper proposal, but apparently not before her own...) - - - L.D.: (Sun, 28 Mar 93 22:13:06 -0700) >The issue is not that "the government is corrupt QED" but that such a >system would be such a tremendous temptation to a government only bordering >on moral rectitude, as ours generally is... Part of the idea of >democracy is not even INTRODUCING mechanisms that have a potential for >extremely insideous and treacherous abuse. D.D.: (Tue, 30 Mar 93 17:23:14 EST) >I am convinced that with the new technologies and crypto, we can make it >extremely difficult -- much more difficult than now -- for the government >to perform illegal taps. L.D.: (Sun, 28 Mar 93 22:13:06 -0700) >I like those new technologies for the same revolutionary reasons. >hehe, we can make it IMPOSSIBLE right now for the government to tap AT >ALL. I guess you can imagine how appealing your proposal is in the face >of this. We're doing just fine, thank you very much. The best thing >the government can do on this issue is STAY OUT OF IT. Given it's >unweildy and intrusive history, this is quite an optimistic expectation. - - - L.D.: (Sun, 28 Mar 93 22:13:06 -0700) >There are just no good assurances that these kind of systems won't >be radically abused, and until you describe precisely how to do this >most reasonable people will not touch your proposals with a 20ft >pole, even in cyberspace... D.D.: (Tue, 30 Mar 93 17:23:14 EST) >Obviously a much more detailed proposal would be needed in >order to answer all the questions people have asked. L.D.: (Tue, 30 Mar 93 17:03:04 -0700) >We eagerly await such a proposal from you or others, to show how none >of the specifics can possibly be implemented without a totalitarian >state, bizarre and unrealistic assumptions, unbearable and >anti-competitive commercial restrictions, or new grotesque government >bureacracies. - - - L.D.: (Sun, 28 Mar 93 22:13:06 -0700) >The issue is not that "criminals won't comply QED" >but that "enforcement is impossible except in a totalitarian state". D.D.: (Tue, 30 Mar 93 17:23:14 EST) >Not necessarily if you don't try to demand 100% compliance. Everyone is >required to register their car, and this has not required a totalitarian state. >Compliance might be enforced only when there is already probably cause and >a warrant issued. Compliance might be promoted by putting requirements on >products that are sold. L.D.: (Tue, 30 Mar 93 17:03:04 -0700) >I object to this vehemently. I consider this somewhat of a subterfuge. >The public then may not be aware how much they are spending to promote >an agenda of the anointed government officials' plans detrimental to >privacy. It would weaken technological competiveness, for companies to >be burdened by these artificial and warped restrictions. > >Unfortunately, I find it one of your most dangerously insidious ideas, >because it has the most likelihood of influencing some naive, >uninformed, and misguided policymaker... > >These policies you have in mind are exactly the kind that sound good on >paper and intent, but when implemented come nothing close to the >intentions of the purveyors, who on hint of failure would then >disassociate themselves, saying that ``it wasn't implemented according >to my suggestions.'' That's the problem, its an inherently flawed idea >to begin with, and NO implementation would have the desired effect... - - - D.D.: (Tue, 30 Mar 93 17:23:14 EST) >I do not find >sci.crypt a constructive environment to explore the issues or try to develop >a more concrete proposal, so I will use other forums for this. L.D.: (Tue, 30 Mar 93 17:03:04 -0700) >definitely, Usenet has all the delicacy, subtlety and finesse of a >melee. On the other hand, it also has a low tolerance for pretentious >and impractical ideas ... > >I'm serious. I think you ought to stop promoting the idea. Otherwise, >the label "Denning Proposal" will have all the valiant credibility that >the label "Chamberlain Treaty" had after WWII.... Don't say I didn't warn >you! > >Do you know how much trouble the NSA has caused for the development and >proliferation of cryptography? Do you think they have harmed American >interests in the international market? Weakened their ability to >compete? I guarantee that all this would PALE TOTALLY in comparison to >any kind of key-registration scheme, and would earn its advocates, in >historical hindsight, the utmost black discredit imaginable. - - - Mrs. Denning did not respond to my letter of Tue, 30 Mar 93 17:03:04 -0700, for obvious reasons... Let me add that of all the things she wrote about, the `commercial compliance by requirements on products sold' alarmed me the most, and I thought she might be hinting at Telephony-style bill. I considered sending a warning to the cypherpunk list, but decided that it would be premature and I intended to watch and wait for more signs first... Perhaps I am condemning aspects of my own future in academic circles for attacking Denning. Perhaps I am the subject of zealous blacklisting at this moment for my public comments on the Clipper chip. But I cannot be silent in the face of repulsive and outrageous hypocrisy. Because of her denial, I have no alternative but to recognize Mrs. Denning as the intellectual and moral equivalent of a double-agent. She is a traitor to at least *one* cause. I hope her friends involved in the Clipper proposal appreciate her work in that area, because, for me, she no longer has any credibility whatsoever as an unbiased cryptographic authority or an honest and ethical scientist. Like a compromised code, the integrity has been lost... NOTE! this letter is a *warning* for the private cypherpunks list only! I do not grant, and specifically prohibit, redistribution. If Mrs. Denning publicly addresses the points I have raised in this letter, I will consider my sincere trust misguided and violated. From 74076.1041 at CompuServe.COM Tue Apr 20 14:26:00 1993 From: 74076.1041 at CompuServe.COM (Hal) Date: Tue, 20 Apr 93 14:26:00 PDT Subject: Another Clipper weakness Message-ID: <930420210931_74076.1041_FHD64-1@CompuServe.COM> -----BEGIN PGP SIGNED MESSAGE----- From: "Perry E. Metzger" > The number N is not secret and is not random -- it is therefore not > necessary that the PRNG generate N, and indeed N is not generated, it > is given. Its presumably just an ordinary serial number. Yes, sorry, I was confused about that. N is indeed an ordinary serial number. > Why not just generate U1 and U2 by a more straighforward approach that > doesn't involve strange padding and odd randomly selected constants? > Indeed, why not just use true random numbers? Surely a radioactive > source isn't unavailable to Mykotronix. Again, I think the fact that the S1 and S2 are introduced by agents of the escrow organizations is supposed to make the process appear more trustworthy. Since the escrow organizations must be trusted, it does not add any weaknesses to have them creating the random seeds for the keys. Getting numbers from a true random source would be better in some ways, but it would be hard to know whether the source was truly random and was not subtly hacked by the NSA to reduce the randomness. Verifying the randomness of a black box could not be done easily on site. With the S1/S2 approach, theoretically an escrow agent could stop the process at some point and issue a challenge, making S1 and S2 public and verifying that the keys were in fact generated by the specified algorithm. However, there has been no discussion of such a challenge in the key-creation protocol. > Furthermore, Denning says about 300 chips are programmed in a batch > using baroque methods in a vault. Well, folks, that just won't do if > twenty or thirty million of these babys are being sold a year -- or > even if just five million are sold a year. Seems to me that the > processing is going to have to get more efficient, and likely thus > much more sloppy. Yes, this is a good point, although it depends on the specific numbers of chips being produced and how long it takes to go through this process for a batch of 300 chips. I gather that the chips are actually programmed in this vault, under control of the laptop computer which holds the keys (and is then destroyed? Ha!). If they had a batch programmer which actually did 300 chips in a tray, then several batches could be done in a sitting. There are probably a few hundred million phones in the U.S., but I doubt that more than a few percent of them would be secure phones in the next three or four years. This might correspond to a production level of a few hundred thousand chips per year, which would be a couple of dozen batches per week. This sounds doable. Beyond this point there would be problems, though. Probably other manufacturers would be involved by then. Hal -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK9Q8HKgTA69YIUw3AQEYkwP/USkSY0pWeJEBXT+A8guzc+pVXJzNXExk alGJoOLo3E9ZvJEW/e1sbO9TM1AjGnXdHrPMACqIdPUHdn+wnKE3jLBH/026ncQw POeYBIaKuqvkV0HMkf3ebu4YXr06D9o3sapl0DnpZDm5RNUkoGpUvKpWa6EEJUDt yBuCGiW5qsk= =tpn9 -----END PGP SIGNATURE----- From norm at netcom.com Tue Apr 20 14:45:48 1993 From: norm at netcom.com (Norman Hardy) Date: Tue, 20 Apr 93 14:45:48 PDT Subject: Webs of Trust vs Trees of Trust Message-ID: <9304202145.AA19546@netcom2.netcom.com> I have worked with the NCSC (National Computer Security Center) on certifying operating systems according to the "Orange Book". As I understand RIPEM there is a tree of agencies such that everyone must trust all elements of the tree between him and the root. This is much ingrained in all of the legally mandated security systems that I am aware of. It assumes, at first glance, that there is a root, an inner sanctum, which is totally trusted by all. The Orange Book for operating system security has such assumptions embedded deeply. We had to essentially weeken our security features by disableing our "mutually supicious user" logic to meet their requirements. >In <40485.pfarrell at cs.gmu.edu> Pat Farrell says: >At this Fall's National Computer Security Conference, Mr. McNulty >was a speaker on the NIST's digital signature session. They talked about >both the non-RSA DSS, and use of Certifying Authorities with a RSA-based >scheme. >>At that same conference, I gave a paper on security that described >a fishnet of trust between systems. This was written in February 92, >well before I read Phil's "web of trust" from the PGP docs, which I >read sometime over the summer. >During the Q&A, I asked Mr NcNulty to compare the advantages and >disadvantages of a heirarchical CA approach to an interlocking fishnet/web >of trust. I hoped he would at least recognize that any heirarchy has >problems from the top down if an upper level is compromised. Instead, >he could not address any differences. I believe that working in the >government has made the hierarchy seem to be the only implementation that >he envisioned. He fobbed the question off to one of his technical >underlings, but he, too, was unable to answer it (or even coherently >address it). It is a pervasive mind-set in military security. From norm at netcom.com Tue Apr 20 15:46:00 1993 From: norm at netcom.com (Norman Hardy) Date: Tue, 20 Apr 93 15:46:00 PDT Subject: Webs of Trust vs Trees of Trust Message-ID: <9304202246.AA26311@netcom2.netcom.com> I have worked with the NCSC (National Computer Security Center) on certifying operating systems according to the "Orange Book". As I understand RIPEM there is a tree of agencies such that everyone must trust all elements of the tree between him and the root. This is much ingrained in all of the legally mandated security systems that I am aware of. It assumes, at first glance, that there is a root, an inner sanctum, which is totally trusted by all. The Orange Book for operating system security has such assumptions embedded deeply. We had to essentially weeken our security features by disableing our "mutually supicious user" logic to meet their requirements. >In <40485.pfarrell at cs.gmu.edu> Pat Farrell says: >At this Fall's National Computer Security Conference, Mr. McNulty >was a speaker on the NIST's digital signature session. They talked about >both the non-RSA DSS, and use of Certifying Authorities with a RSA-based >scheme. >>At that same conference, I gave a paper on security that described >a fishnet of trust between systems. This was written in February 92, >well before I read Phil's "web of trust" from the PGP docs, which I >read sometime over the summer. >During the Q&A, I asked Mr NcNulty to compare the advantages and >disadvantages of a heirarchical CA approach to an interlocking fishnet/web >of trust. I hoped he would at least recognize that any heirarchy has >problems from the top down if an upper level is compromised. Instead, >he could not address any differences. I believe that working in the >government has made the hierarchy seem to be the only implementation that >he envisioned. He fobbed the question off to one of his technical >underlings, but he, too, was unable to answer it (or even coherently >address it). It is a pervasive mind-set in military security. From norm at netcom.com Tue Apr 20 17:08:25 1993 From: norm at netcom.com (Norman Hardy) Date: Tue, 20 Apr 93 17:08:25 PDT Subject: Anonymous Remailers, WB etc. Message-ID: <9304210008.AA25503@netcom4.netcom.com> If I were chartered to be prepared to find the source of anonymous mail, and had the money, attitude and resources that skeptics among us assume are available for such efforts, here is how I would proceed. This plan is due, in part, to my experience in building secure operating systems. I would catalog the various weaknesses of Unix and perhaps other systems where the remailers live. I would make a list of remailers and suspected remailers. I would design programs that would inhabit the remailer machines benignly except for gathering information that I need. Such efforts are a natural by product of the public NCSC charter to know OS weaknesses. I would further examine the IP protocols for weaknesses. Those protocols trust not only the machines thru which the data flows but also trusts other machines on the net not to introduce phony datagrams that at least bolix legitimate traffic and may well spoof it. This is aided by a real time passive tap on the links carrying the legitimate traffic. It is not the style of this group to study OS security and I don't propose to change the style. OS security and protocol security may, however, be an Achilles heel to anonymity. From uni at acs.bu.edu Tue Apr 20 17:23:27 1993 From: uni at acs.bu.edu (Shaen Bernhardt) Date: Tue, 20 Apr 93 17:23:27 PDT Subject: No Subject Message-ID: <9304210023.AA194636@acs.bu.edu> Does anybody know of specific examples of wiretapping without a search warrant, or beyond the scope of the search warrant that we can cite? Especially famous ones (didn't Nixon wiretap somebody?) ----- By exec. order (12333 is it?) those suspected of espionage for a foreign may be wiretaped, searched without warrant. (foreign = foreign power) From zane at genesis.mcs.com Tue Apr 20 17:28:52 1993 From: zane at genesis.mcs.com (Sameer) Date: Tue, 20 Apr 93 17:28:52 PDT Subject: Petition to Clinton, digisigned Message-ID: I noticed someone post about writing up a petition and emailing it to Pres. Clinton, signing it with digital signatures, but that was in a joking manner. To me it seems like a good idea. What do others think? Good/bad? (I'm not too PGP-experienced-- The petition would be circulated and people would create "signature certificates" and forward those to the person sending the petition-- once all the signatures are collected then the petition and all the certificates would be sent together? I'd imagine that the signatures certs could be sent in a different package than the petition, but I don't think Clinton's aides would be able to recognize that all the certificates belong with the petition.) -- | Sameer Parekh-zane at genesis.MCS.COM-PFA related mail to pfa at genesis.MCS.COM | | Apprentice Philosopher, Writer, Physicist, Healer, Programmer, Lover, more | | "Be God" - Me __ "Specialization is for Insects" - Robert A. Heinlein ____/ \_____________/ \____________________________________________________/ From psionic at wam.umd.edu Tue Apr 20 19:37:26 1993 From: psionic at wam.umd.edu (Haywood J. Blowme) Date: Tue, 20 Apr 93 19:37:26 PDT Subject: Artilce Message-ID: <199304210237.AA27464@rac3.wam.umd.edu> The Washington Times April 17, 1993 Saturday, Final Edition Government picks affordable chip to scramble phone calls. By Frank J. Murray [Nasty sarcastic comments inserted by psionic at wam.umd.edu ] [Typing errors by me. ] President Clinton gave a major boost yesterday to one telephone- scrambler technology in a decision its delighted manufacture likens to the choice of VHS over Beta for videotape machines. Mr. Clinton's action could allow the use of relatively cheap scramblers on almost every cellular, business and government phone and make scramblers common even on ordinary home telephones. An administration official said the consideration will be given to BANNING more sophisticated systems investigators cannot crack, thereby creating a balance between banning private encryption and declaring a public right to unbreakably coded coversations. ^^^^^ [Does this assert that the government has an inherent right to ] [hear everything its citizens say? Or does it mean that only ] [the government has a right to good encryption systems?? ] "We've got a balance we've got to strike between the public's important need for privacy and the public's need to be assured it's save from crime," ^^^^^ [What crime? Please cite an example where an encrypted message was later] [proven to be connected with a criminal activity. (Messages intercepted ] [from the CIA don't count because they never do anything illegal.) ] [Also what are the chances that a criminal that doesn't want to get ] [caught will actually use this crippled chip? ] said Raymond G. Kammer, acting director of the National Institute of Standards and Technology, which developed the system with the National Security Agency. [And of course the NSA would never think of listening to every sattelite ] [communication coming into and out of this country would they? ] In an unusual decision he said was examined by the National Security Council, Mr. Clinton directed the Commerce and Justice departments to encourage the development of the high-tech system, which inludes electronic master keys to enable law enforcement officials to decode transmissions if they obtain court orders. "This technology preserves the ability of federal, state and local law enforcement agencies to intercept lawfully the phone conversations of criminals." Mr. Clinton said, citing the fear that encryptoed phones could aid terrorists and drug dealers. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ [If you want to spook americans, just say the word terrorist or drug ] [dealer. Realistically, they have the money to buy good, secure crypto] [gear. Again, is this system to realy catch "Drug dealers" and ] ["terrorists", or is it to spy on citizens and businesses?? ] The system is designed to protect from unauthorized interception the electronic transmission of conversations, computer data and video images at a cost per telephone that could be under $30, said Ted Bettwy, executive vice president of the manufactureer, Mykotronx Inc. of Torrance, Calif. He said the chip announced yesterday, internally referred to as MYK-78, costs about $40 and uses an algorithm 16 million times more complex than that used by chips now on the market. Computer hackers have penetrated the current chips. ^^^^^^^^^^^^^^ [This is incorrect. If they have penetrated the "Current Chips" this is ] [news to me. If they could break the current technology so easily then ] [there would be no need for the clipper chip would there? ] The new chip uses an 80-bit code instead of the 56-bit code that is the digital encryption standard (DES). [Yeah, well IDEA uses a 128 bit key. My RSA Public key is 1024 bits. ] [If I were to use an 80 bit public key that would be considered weak. ] [So I don't care how many bits it has, I want to see the algorithm and ] [then decide. Too bad it's classified... ] The new chip eventually could sell in lots of 10,000 for about $25 each, Mr. Kammer said, with later versions priced around $10 each. Government engineers at NSA and the Commerce Department's NIST designed and developed the chip, which was then produced by privately owned Mykotronx and a publicly traded subcontractor, VLSI Technology. A Silver Spring [Maryland] competitor cried foul, particularly because the commercial device was developed without notice or competitive bids in a classified laboratory that does work for the National Security Agency. "If the purpose of this chip is to catch bad guys, then no bad guy will use it." said Stephen Bryen of Secure Communications Technology in Silver Spring, which produces a competitive chip he said could sell for $10. "The answer is to invest more money intor breaking codes," Mr. Bryen said in an interview after yesterday's announcement. "They're trying to put us out of business." Mr. Kammer said the secrecy was justified. "The technology we're using was actually developed in a classified environment in the first place and then transferred to a sole-source supplier. I don't know that there was any way around it," he said in an interview. The Justice Department will buy several thousand of the Mykotronx devices, which use a "Clipper Chip." They are being incorporated into other systems by Mororola and American Telegraph & Telephone Co., Mr Bettwy said. [So this means that secret agencies will still have access to secure ] [communications devices. While the ordinary person will not. Sounds ] [fair enough for me! ] Other sophisticated encryption systems do not allow ready access for authorized law enforcement purposes, said Mr. Bryen, who predicted that an ^^^^^^^^^^ [Also don't allow access for unauthorized law enforcement either] elaborate security plan for the electronic master key would not prevent misuse. Mike Newman, a spokesman for the National Institute of Standards and Technology, said "The key is split into two parts and stored separately to ensure security of the key system." ^^^^^^^^^^^^^^^ [If the key is stored in a computer database, then unauthorized access] [is possible no matter what precautions are taken to ensure security. ] Access would be provided to the two parts for an agency that produced legitimate authority or a court order, he said. The Justice Department will determine whether the two parts will be held by separate federal agencies or a federal agency and a private agency. "This chip is going to do something that we, the citizens, really need, and that is to allow us the privacy we want as common citizens," Mr. Bettwy said in a telephone interview from California yesterday. [Translation: "This chip is going to do something that we, the NSA, ] [really need, and that is to allow us to listen to whoever we want ] [whenever we want to, whether they are private citizens, or commercial] [organizations." ] He said the vital part of yesterday's decision is the government's declaration that it intends to use the device. Mr. Bettwy says that use will establish his device as the new standard and will require private facilities to use the same system to communicate with the govenment. He said the decision's impact is "exactly" like the adoption of VHS standards, making most private use of Beta video systems obsolete. [But that doesn't mean that VHS is better just because it is the standard] "I hope that's true," he said of the business implications for Mykotronx. "We're hoping this will become the new standard." [Translation: "I hope that's true," he said of the business implications] [for Mykotronx. "Because were going to reap a lot of cash out of this ] [bloated hoax of a system. ] Only compatible phones can receive secure communications from a phone using a clipper chip. "To me the real siginificance is if everybody uses this, everybody can talk to anyone else," Mr. Bettwy said. [And only the govt. can listen. That makes me feel safe.] "It creates false hope," Mr. Bryen said. "The secret key could fall into other people's hands. When you create a system that has a back door, other people will find the back door." [Amen. ] ------------ end of article ----------------- The government is making this chip out as a great gift to humanity. This is really too bad because people are losing quite a bit of privacy with this new farce the government is trying to pull. I'm writing my congressman tommorrow to voice my concerns. Also I'll try to contact the company mentioned in there (in Silver Spring, MD) to find out information about their chip. I'll post the information here.. ============================================================================= /// | psionic at wam.umd.edu | Fight the WIRETAP CHIP!! Ask me how! __ /// C= | | \\\/// Amiga| PGP Key Available | "Those who would give up liberty for \/// 1200 | by request. | security deserve neither." ============================================================================= From eab at msc.edu Tue Apr 20 20:20:57 1993 From: eab at msc.edu (Edward Bertsch) Date: Tue, 20 Apr 93 20:20:57 PDT Subject: Ad hoc Cypherpunks meeting April 24 In-Reply-To: <9304201754.AA23465@soda.berkeley.edu> Message-ID: <9304210320.AA01800@uh.msc.edu> As I wasn't able to attend this meeting (for obvious geographic reasons) I did the next best thing (and urge every concerned list member to do the same): I gave my elected goons^h^h^h^h^hpoliticians a barrage of fax messages on the subject. If you don't have a fax modem, it's about time you get one, it really is the best way to make your views heard by your elected thugs (and to have them heard in your words, not summarized like will happen when you call and give your message to their staff by voice). I write one leter, then select multiple (local) fax phone #'s to send it to. The program takes care of the rest. (I use a multitech modem with a beta version of the windows print capture fax software) Get PGP22 before it becomes illegal! Edward A. Bertsch (eab at msc.edu) Minnesota Supercomputer Center, Inc. Operations/User Services 1200 Washington Avenue South (612) 626-1888 work Minneapolis, Minnesota 55415 (612) 645-0168 voice mail FAX: (612) 624-6550 From newsham at wiliki.eng.hawaii.edu Tue Apr 20 20:30:16 1993 From: newsham at wiliki.eng.hawaii.edu (Timothy Newsham) Date: Tue, 20 Apr 93 20:30:16 PDT Subject: Artilce In-Reply-To: <199304210237.AA27464@rac3.wam.umd.edu> Message-ID: <9304210329.AA07440@relay2.UU.NET> this is exactly like the vhs vs. beta issue. Beta is technically superior, yet it isnt used because its non-standard, its just too good for our public :) From markh at wimsey.bc.ca Tue Apr 20 20:43:40 1993 From: markh at wimsey.bc.ca (Mark C. Henderson) Date: Tue, 20 Apr 93 20:43:40 PDT Subject: Webs of Trust vs Trees of Trust Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Subject: Re: Webs of Trust vs Trees of Trust On Apr 20, 14:45, Norman Hardy wrote: } Subject: Webs of Trust vs Trees of Trust } As I understand RIPEM there is a tree of agencies such that everyone } must trust all elements of the tree between him and the root. I just want to point out (as has been pointed out before) that it is a mistake to confuse RIPEM with PEM. RIPEM is an implementation of a subset of PEM. At this moment, RIPEM has absolutely no support for certificates or signed public keys. PEM on the other hand, is a draft internet standard which requires certificates and a hierarchy that can be described as a "Tree of Trust". There are at least a couple of full PEM implementations. Probably the best known at this point is the one from T.I.S. which is currently in beta test. Apologies in advance for cluttering the mailboxes of the majority of cypherpunks who already know this. Mark - -- Mark Henderson mch at squirrel.wimsey.bc.ca markh at wimsey.bc.ca -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK9S+T+I11LPFgBXjAQF9EwP+J69peq9ccWAvKIlzVRI88QbD5ZN4RIwA GmVw8FzOCAu0tK3MQqoeBu+//gQfD6MoEBeGXvBzXJffNGVc2UvPk8vr/uB1y9Je K5y7mlQNrGoil9wxv6kR9IgVgHzkOsXBSo3Uv/ldpVQL82jR4Ms0qccF8fAcjpHB wDtNiEZkPc4= =Yo4O -----END PGP SIGNATURE----- From ebrandt at jarthur.Claremont.EDU Tue Apr 20 21:07:30 1993 From: ebrandt at jarthur.Claremont.EDU (Eli Brandt) Date: Tue, 20 Apr 93 21:07:30 PDT Subject: Article In-Reply-To: <199304210237.AA27464@rac3.wam.umd.edu> Message-ID: <9304210407.AA29203@toad.com> > From: "Haywood J. Blowme" [ quoting an article ] > President Clinton gave a major boost yesterday to one telephone- > scrambler technology in a decision its delighted manufacture likens to the > choice of VHS over Beta for videotape machines. Interesting that they picked that particular analogy. It's quite close, in that it's an inferior technology winning over a superior one. It's different, of course, in that the Federales had nothing to do with videotape standards (afaik), and certainly didn't outlaw Beta. > An administration official said the consideration will be given to > BANNING more sophisticated systems investigators cannot crack, thereby > creating a balance between banning private encryption and declaring a public > right to unbreakably coded coversations. Right on schedule. "Consideration will be given", will it? This looks like a good time to load up on source code and photocopy relevant journal articles. While it won't sway Joe Public much, it's worth remembering that the suppression of strong communications privacy will also make it difficult or impossible to get good digicash (or other systems relying on cryptographic techniques) deployed before our government proposes its "just one little loophole" scheme, HarmoniousBalanceCash. Don't worry, transaction records will only be released upon formal request from the IRS or a major marketing division, and only suspected drug users and potential terrorists will have their assets annulled. And statute strictly prohibits intelligence agencies from padding their assassination budgets by using the loophole to forge cash. PGP 2 key by finger or e-mail (offer void when prohibited) Eli ebrandt at jarthur.claremont.edu From szabo at techbook.com Tue Apr 20 21:08:38 1993 From: szabo at techbook.com (Nick Szabo) Date: Tue, 20 Apr 93 21:08:38 PDT Subject: European front: wiretapping vs. GSM Message-ID: Forwarded from comp.dcom.telecom: Subject: Re: Truly Amazing, Truly Amazing ... Feds Reply-To: Michael_Lyman at sat.mot.com Message-ID: Organization: Motorola Inc. - Satellite Communications Sender: Telecom at eecs.nwu.edu In article 1 at eecs.nwu.edu, naddy at mips.ruessel.sub.org (Christian Weisgerber) writes: > I wonder, is the signal only digitally encoded or digitally encoded > and *additionally* encrypted? Yes on both counts. On the air interface between the base station ( BSS ) and mobile station ( MS ) the signals are digitally encoded. Traffic channel rate is 13 Kb/s. In addition to this, ciphering is done to protect the signalling channel such that user data privacy is provided then, encryption is provided for all voice traffic. As an aside, the GSM system also assigns "alias" subscriber numbers which are changed automatically with ( usually ) every call -- the subscribers real phone number is never ( well, almost never ) used over the air. > I'm getting a little paranoid over this, but in Germany when you buy > an approved wireless phone you are told that it is impossible to > listen in to it. Bullsh*t. In fact it's only impossible to listen in > with another (unmodified) wireless phone -- just get a scanner and > you're in. For GSM, the level of privacy for both signalling and voice is considerable. Just to give you an idea, encryption keys change for each call made by the subscriber and the encryption algorithms use the changing physical properties of the radio channel. As a matter of fact, GSM is SO secure that several European governments including Britain are insisting that the scrambling algorithm ( called A5 in GSM ) be modified to allow at least government operatives ( read "undercover eavesdroppers" ) to listen in on suspected criminal activities. Agencies such as GCHQ, the British government's listening post near Cheltenham and the FBI in America are concerned that the A5 scrambling algorithm provided with the GSM Mobile Stations is equivalent to many military systems and in fact when exported may be adapted for military applications. Vendors of GSM equipment are starting to run into export problems due to the nature of the encryption / ciphering. Although there are some industrious "scanners" out there, I dare say that listening in on a GSM conversation will be a bit of a job. Michael Lyman Motorola - Iridium Phoenix, Arizona From wixer!wixer.bga.com!gumby at cactus.org Tue Apr 20 21:11:35 1993 From: wixer!wixer.bga.com!gumby at cactus.org (Douglas Barnes) Date: Tue, 20 Apr 93 21:11:35 PDT Subject: Objections... In-Reply-To: <199304201220.AA27725@access.digex.com> Message-ID: <9304210108.AA07845@wixer> Peter Wayner writes: > I think this is the most practical and non-inflamatory argument > for public access to the algorithm. Along the same lines, I am left scratching my head about the "baroque activities in the vault." Surely this is going to add substantially to the cost of these chips over a system that uses a known algorithm and non-escrowed keys. Given that such a system would be cheaper to produce and would offer stronger security, I think it is not especially inflamatory to suggest that the government is contemplating either an outright ban or the strong discouragement of alternative systems. -- Doug Barnes (gumby at wixer.bga.com) From tcorcora at sunlab.cit.cornell.edu Tue Apr 20 21:36:07 1993 From: tcorcora at sunlab.cit.cornell.edu (Travis Corcoran) Date: Tue, 20 Apr 93 21:36:07 PDT Subject: Radical politics Message-ID: <9304210435.AA11296@vinca.cit.cornell.edu> Sheesh, it's enough to make one turn into a radical libertarian/anarchist (if one wasn't already...). I firmly suggest that we all call ou [ unauthorized communication, re: Sec 12-2, .2-12.6; channel closed under Anti-Terrorist-Communications Act on 00:30 21 MAR 93. Authorization 4ff0 -NIST] From mark at coombs.anu.edu.au Tue Apr 20 22:30:50 1993 From: mark at coombs.anu.edu.au (Mark) Date: Tue, 20 Apr 93 22:30:50 PDT Subject: Just a thought... Message-ID: <9304210524.AA11273@coombs.anu.edu.au> Whilst being heavily opposed to the chip although less affected by it since I dont reside on US soil, one useful purpose of it would to exploit the functions of it to send your pre-encrypted data through it and have it come out the other end in the same form, thus using it's protocols of retransmission and error correction. Using the encryption part of it isnt worth considering due to the real lack of data integrity if (as?) the TLA's have backdoors. Basically mooch it's good points and ignore the bad points as your data wont be channeled to the phone in cleartext anyway. (This isnt an advocacy of the damn thing, just a note that it has SOME functionality for those that wont use the encryption functions). Mark mark at coombs.anu.edu.au From fergp at sytex.com Tue Apr 20 22:41:11 1993 From: fergp at sytex.com (Paul Ferguson) Date: Tue, 20 Apr 93 22:41:11 PDT Subject: Meets 'n Greets Message-ID: <3Tcc3B1w165w@sytex.com> On Tue, 20 Apr 93 10:54:00 -0700, Eric Hughes wrote - EH> ANNOUNCEMENT EH> ============ EH> Ad Hoc Cypherpunks Meeting on the recent Wiretap Chip proposal. EH> Where: Cygnus Support, Mt. View (directions follow) EH> When: 12:00 noon sharp - 6:00 p.m. EH> I'm mad as hell. I know that a lot of other folks are too. You're right, Eric -- we are mad as hell, too. But I'm not about to jump on a flight to the west coast to simply share strategies. The fact that I would even consider it negates the functions which we are working towards, no? I propose that us east coasters organize and meet as well. Pat and I are DC bourne, for those interested, I'd like to propose a DC local meeting. Suggestions? Keep in mind that I'm in NYC during the week, so my only available meeting times aare on the weekends. (By the way, lets get our shit together DC'ers. We need technologists, not lacidaisical idealisms.) Your DC based Cypherpunk group is hereby established. BTW, if anyone noticed, the EFF is drawing some serious fire by the public press. "Sold out to commercialism", one headline reads. Cheers. Paul Ferguson | Uncle Sam wants to read Network Integration Consultant | your e-mail... Alexandria, Virginia USA | Just say "NO" to the Clipper fergp at sytex.com | Chip... From fergp at sytex.com Tue Apr 20 22:41:15 1993 From: fergp at sytex.com (Paul Ferguson) Date: Tue, 20 Apr 93 22:41:15 PDT Subject: A few notes on the WIRED article (kudos) Message-ID: <61ac3B1w165w@sytex.com> I hope this goes over well. I found this article to be just what we need --- publicity. The kind that opens eyes. Tim, Eric and John -- I sat to thee, "How come this only happens in California?" ;-) - Snip, Snip ----- 8< ------ From the "For What It's Worth Department"... A totally biased review of Steven Levey's "Crypto Rebels" article in WIRED, Volume 1, Issue 2, May/June 1993 I was a bit interested when a fellow cypherpunk mentioned that there was a "decent" write-up in WIRED on the cypherpunk issues. Somehow, I envisioned some sidebar mention. In these interesting times, any mention of our efforts on the computer privacy frontier gets A-1 attention in my book. However, I was startled (and pleasantly surprised) when I took a jaunt down to my local magazine-ary on Broadway and found that my internaut campadres were on the cover, no less. Golly gee, imagine that. The cover itself conjures images of computer cultist symbolism. Tim May, Eric Hughes and John Gilmore strike an interesting pose wearing plain white, plastic carnival masks. The American flag held in their hands is even more striking considering the topic at hand. (What the hell does the Russian inscription mean?) I remember reading the post announcement in the cypherpunks mail area about that meeting in Mountain View. (If I had known that you western cypherpunks would get all the press attention, I would've hopped a red-eye and met you guys at Cygnus.) It's ironic that this topic built steam and attention _before_ the "Clipper Chip" fiasco and still provides the computer community with viable (perhaps not altogether proper) alternatives. I knew it would. Ha. Steven Levey has long since established himself as a solid, factual and sometimes thought-provoking writer. His book "Hackers" is considered by many professionals in the field to be the authoritative work on the progression of computer hackers. Levey earns himself one more brownie badge by bringing attention to the cypherpunk dilemma. The article is thought provoking (read: it is not designed for disinterested parties), accurate and for the most part, right on the mark. Key statements are sprinkled on the page margins, including "In the Cypherpunk mind, cryptography is too important to leave to government or even well-meaning companies. To insure that the tools of privacy are available to all, individual acts of heroism are required." That piece alone is enough to invoke thoughts of ... A key profile is included about John Gilmore and his headaches with the NSA, the Cypherpunk subscription mail group and several other side-bar notes that lend some valuable credibility to the otherwise incredulous auspices of the cypherpunk image. Not only is this article well written, as far as information blurbs go, this is good stuff, even for us neanderthals on the east coast. In a broader aspect, WIRED is a magazine that deserves your attention. Pick up this rag and give it the once-over. Somehow, I classify this 'zine as a combination of INFO World, The New Yorker and Mondo 2000. Isn't that a draw? Humor and seriousness implied... Paul Ferguson, Editor, Legal Net News - Snip, Snip --- 8< ----- I loved the feel of the magazine, too. All recycled. Ain't that great? Cheers. Paul Ferguson | Uncle Sam wants to read Network Integration Consultant | your e-mail... Alexandria, Virginia USA | Just say "NO" to the Clipper fergp at sytex.com | Chip... From cnotting at cosmos.gmu.edu Tue Apr 20 23:12:26 1993 From: cnotting at cosmos.gmu.edu (Craig Nottingham) Date: Tue, 20 Apr 93 23:12:26 PDT Subject: Meets 'n Greets In-Reply-To: <3Tcc3B1w165w@sytex.com> Message-ID: <9304210612.AA02469@toad.com> > You're right, Eric -- we are mad as hell, too. But I'm not about to > jump on a flight to the west coast to simply share strategies. The > fact that I would even consider it negates the functions which we are > working towards, no? I propose that us east coasters organize and > meet as well. Pat and I are DC bourne, for those interested, I'd like > to propose a DC local meeting. Suggestions? Keep in mind that I'm in > NYC during the week, so my only available meeting times aare on the > weekends. (By the way, lets get our shit together DC'ers. We need > technologists, not lacidaisical idealisms.) > > Your DC based Cypherpunk group is hereby established. BTW, if anyone > noticed, the EFF is drawing some serious fire by the public press. > "Sold out to commercialism", one headline reads. > > Cheers. > > Paul Ferguson | Uncle Sam wants to read > Network Integration Consultant | your e-mail... > Alexandria, Virginia USA | Just say "NO" to the Clipper > fergp at sytex.com | Chip... > There is plenty of DC area support fr such a group. The only problem that presents it self is where to hold a meeting where there will be no hassles. In addition a thought that many people are overlooking- the wiretap chip transmissions of encrypted data would make a perfect envelope for the transfer of more secure information encrypted with powerful encryption schemes. There would be no easy way to tell the diffence between pre-encypted transmissions and wiretap chip encrypted conversation. ~~~~~ Craig Nottingham -Reality is for people who lack imagination NeXTmail -I hate to advocate drugs, alcohol, violence or insanity to anyone, but they've always worked for me. <=> Hunter S Thompson -A good cap of acid costs five dollars and for that you can hear the Universal Symphony with God singing solo and the Holy Ghost on drums. <=> H.S Thompson ~~~~~ From tcmay at netcom.com Tue Apr 20 23:26:27 1993 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 20 Apr 93 23:26:27 PDT Subject: Proliferating Cypherpunks Groups! In-Reply-To: <3Tcc3B1w165w@sytex.com> Message-ID: <9304210626.AA22823@netcom3.netcom.com> Paul Ferguson writes: > You're right, Eric -- we are mad as hell, too. But I'm not about to > jump on a flight to the west coast to simply share strategies. The > fact that I would even consider it negates the functions which we are > working towards, no? I propose that us east coasters organize and > meet as well. Pat and I are DC bourne, for those interested, I'd like > to propose a DC local meeting. Suggestions? Keep in mind that I'm in > NYC during the week, so my only available meeting times aare on the > weekends. (By the way, lets get our shit together DC'ers. We need > technologists, not lacidaisical idealisms.) > > Your DC based Cypherpunk group is hereby established. BTW, if anyone Hear, hear! We need more such groups! I get occasional messages from folks bemoaning the fact that the Silicon Valley seems to be where it's all happening. Well, it's easier for *you folks* in other areas to pull together a local meeting than it was for Eric Hughes and others of us to set up the first such meeting last September. A list now exists and that helps a lot. (I'll grant you that some of your communities may be more scattered and out-of-touch with each other than our community was...it seems we in the Bay Area mostly all know each other through frequent parties, Hackers Conferences, science fiction groups and parties, high-tech startups, Xanadu, VR, "Mondo 2000," "Wired," and so on. In other less-interconnected areas, you may have to advertise well in advance on this list and perhaps even elsewhere to reach enough like-minded people. But not to sound snotty or anything, that's how your "backwater" regions like Washington can become "happening" places like our area....actually, this is a gross exaggeration, as D.C. has had a very active "2600" group, as has NYC, so neither is a backwater.) There are currently 3 groups holding physical meetings, that I know of: * Silicon Valley/San Francisco Bay Area, meeting since September. * UK Cypherpunks, meeting in London since around December/January. * Boston Cypherpunks, just had its first meeting recently. There are several very active Cypherpunks in the Southern California area, covering San Diego, LA, and as far north as Santa Barbara. Some of them have asked us to have a Cypherpunks meeting down there, which we may still do (personally, I favor some kind of "West Coast Cypherpunks" meeting just before or just after the Crypto Conference this summer, held as always in Santa Barbara. Santa Barbara is about halfway between the two extremes, and is a nice place to meet.). But a better idea is for the SoCal Cypherpunks to form their own group. Likewise, the Washington, D.C. area seems a natural spot, as there are several Cypherpunks that I know of off-hand who're in the area. New York, too. Well, you get the point. No permission is needed! Good luck in these dark days. -Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. From szabo at techbook.com Tue Apr 20 23:26:42 1993 From: szabo at techbook.com (Nick Szabo) Date: Tue, 20 Apr 93 23:26:42 PDT Subject: FAQ: Overview of crypto Message-ID: The wiretap chip has generated quite a bit of new interest in learning how to protect our electronic privacy. We need to bring folks up to speed quickly on practical use of crypto, so I'm going to write up some mini-FAQs. Experts, please send me succinct descriptions of PGP, anonymous remailers, the Clipper wiretap chip, GMS, or anything else you feel is an important basic. Alternatively, write up and post your own FAQ, and we'll sort it out later. Here is an overview of computer-based crypto that Bill Stewart posted a few weeks ago. Nick Szabo szabo at echbook.com ----------------------------------------------------------------- You can get a proper faq by ftp from rsa.com, in the directory pub/faq. Cryptography = writing stuff only authorized people can read. Real crypto depends on algorithms that are secure as long as the Bad Guys don't know the keys, even if they know everything else. Most of the interesting stuff depends on mathematical processes that take exponential amounts of time, so a 56-bit key would take 2**56 attempts to guess - you can't guess it a bit at a time in 56 steps. Factoring large numbers is believed to take roughly expontential time. M = plaintext message Cyphertext C = E(k, M), E = encryption function, k = key. Plaintext M = D(k, C) ITAR - International Traffic In Armaments Regulations - the US has a bunch of laws about exporting munitions, and crypto hardware and software count as munitions - algorithms are OK, but our Benevolent Govt KNOWS that foreigners aren't bright enough to turn algorithms into code. Lots of flamewars discuss exactly the boundaries, and the laws are contradictory about which bureaucrats are really in control, but nobody's wanted to get thrown in jail for arms dealing badly enough to force a court case .... Appears to apply to importing crypto also, though that hasn't been something anybody's made a big deal about. Other countries besides the US may have major restrictions as well. Alice and Bob - the people sending messages to each other. Eve may be eavesdropping, and Charlie may be around also, Secret-Key Cryptosystem, also called Symmetric-key or private-key - the same key k is used for E and D, or at least a closely related key that's easy to derive if you know the other one. DES = Data Encryption Standard = IBM/NSA-designed secret-key system, very widely used, keys 56 bits long which may be a bit short, some people worry there may be an trapdoor put there by NSA, but if I told you I'd have to kill you :-) Banks use it, for instance. IDEA - a Swiss-written secret-key system, maybe more secure than DES, newer anyway. Patented in Switz but not US, easy licensing. Public-Key CryptoSystem - Encryption key ke and Decryption key kd are related, but in a way that you can't determine kd knowing only ke. ke is called the public key and kd the private key - you can publish ke where everyone can see it and encrypt stuff to mail to you, you can decrypt with private key kd. (If you want to reply, you've got to get their public key.) Public-key algorithms are pretty slow, so generally people use create a random secret key, encrypt their message with a secret-key algorithm like DES, and encrypt the secret key with the recipient's public key; recipient decrypts the secret key with his private key, then uses it to decrypt the message. Digital Signatures - if you can do public-key crypto, then you can do the reverse as well to sign a message - you *decrypt* the message with your private key, and the recipient encrypts it with your public key - if it restores the original message, she knows it's good and knows that *you* sent it, because only you have your private key. For speed, you normally make a "hash" checksum of the message, and sign the hash instead of the whole thing. Some public-key algorithms can only be used for encryption, some only for signatures, some for both but you need different keys. MD-4 and MD-5 - Message Digest hashing algorithms from (?) Rivest, which are thought to be unforgeable, unlike the CRC checksums used by many programs which are easily forged. RSA - A public-key algorithm developed by Rivest, Shamir, and Adelman. It's the only well-known public-key algorithm that does everything everybody wants, including signatures and public-key, that's secure enough that you can't crack it as long as you use reasonably long keys. Unfortunately, it's patented in the US, by Public Key Partners, a company R, S, A, and friends started that owns most of the interesting patents related to public-key. On the other hand, to avoid having the NSA classify their patent right when they applied (the NSA can do that), they published the algorithm before applying, which means that it's public-knowledge in most of the world and you can't patent it there, even in places that do allow algorithm patents. Their claims about what techniques their patents cover are *very* broad; if you want to do anything public-key related in the US, you've got to deal with them or carry a BIG lawyer, and so far everybody's chosen to deal with them rather than risk a long expensive difficult court case, or else chosen to ignore or infringe their patent but not sell their products for cash, and hoped to get away with it. RSAREF - an RSA implementation from PKP, which you may use free for personal non-commercial use as long as you agree to follow a set of rules that are much less restrictive than they used to be; you can't export it outside the US and Canada, and can't change the interface without their permission, and a few other terms. Better implementations of RSA's algorithms have been done, but you can use this one free, with their permission. Or you can pay them money and get support for incorporating their techniques into your products. Key certification - Public Keys are usually long - RSA keys are often 1024 bytes. Public keys crypto is only secure if you can be SURE you have the public key for the person you're trying to send a message to, like Bob, and that Eve hasn't handed you HER public key instead - she could be intercepting all your mail to Bob, decrypting it, and re-encrypting with Bob's key. So you need to find a secure way to transmit public keys, where "secure" means it can't be forged without you knowing about it (though anybody can read them.) Publishing in the New York Times classified ads is one approach, as is any other broadcast method you can be SURE everyone gets correctly. Another method is to use digital signatures - somebody you trust, whose public key you can be sure you know accurately, gets Bob's public key from Bob, and signs it with their public-key. Since not everybody knows somebody who knows Bob, the problem can be handled by a chain or hierarchy of key certifications - Charlie signs Bob's, Dave signs Charlie's ... and You know Xerxes yourself. Or George Bush signs all the general's keys, the generals all sign the keys for the colonels under them, the colonels sign for the majors under them, .... and you can check some sergeant's key because it's got a certificate from his lieutenant on up to Bush, and Bush's key is in the Phone Book. PGP - Phil's Pretty Good Privacy program - a nice packaging of this technology that can be used easily to prepare secure email. The original version used RSA and a choice of DES or a home-brew secret-crypto system; the current version uses RSA and IDEA. For certification, the method is non-hierarchical - you have a "keyring" containing public keys you know, maybe with certificates, and you can sign the ones *you* trust and give your signed keyring to your friends. Hierarchies imply the potential for control; this is cooperative anarchy, and there's no chain of people you HAVE to obey to exchange keys. When PGP version 1 first came out, RSA yelled at Phil Zimmerman, the author, and told him he was risking patent infringement lawsuits and such if he didn't cease and desist, so he's no longer distributing it. But some of those SNEAKY FOREIGNERS *somehow* got a copy, and so ongoing development of PGP is taking place outside the US, unhindered by patent problems. Version 2.1 is out, 2.2 real soon. Parts of PGP are probably not covered by PKP's patents, and parts are clearly not covered by ITAR, but some parts are a problem. RIPEM - Mark Riordan's public-key email system, which uses RSAREF to do RSA, so it's legally kosher but not exportable, and is related to the internet Privacy Enhanced Mail stuff that was being developed for a while. Still real new, but probably Pretty Good also; I seem to remember its key certification was more hierarchical. ---- More PGP info - PGP was originally written for a DOS environment (there are problems trusting any system you don't totally control, and it's tough to say you totally control a multi-user system), but it's been ported to lots of things by now, including UNIX and some early Mac ports (work is in progress to make the Mac port feel like Mac-stuff rather than Unix-stuff.) You can get the source, compile it, play with it, and do anything you want that doesn't infringe PKP's patent, so remember not to use it to exchange keys with anyone or send them mail unless you've got a licensing agreement..... Once it's compiled, type pgp -h to get help, and/or read the documentation. Where to get things: The fun place to shop is nic.funet.fi, by anonymous ftp, but if you telnet to an archie server like archie.rutgers.edu (login as archie) you can ask it wher to find anything. Using a US site would be potentially better legally, and also cuts down on the bandwidth used between here and Finland.... Bill Stewart From szabo at techbook.com Tue Apr 20 23:39:37 1993 From: szabo at techbook.com (Nick Szabo) Date: Tue, 20 Apr 93 23:39:37 PDT Subject: FAQ: where to get PGP Message-ID: Here is a list of PGP sites generated by "archie". I have checked sony.com which has PGP 2.2 but have not checked the other sites. If you know any of these sites to be down, out of date, etc. please let me know and I'll update the list. Also let me know of sites archie did not catch. Strong crypto is available worldwide, but the Clinton Adminstration has threatened to ban it in the U.S. In the age of digitial telecom and fascist governments, strong crypto is your only guarantee of electronic privacy. Get it, learn it, and use it while it's still legal! Nick Szabo szabo at techbook.com ----------------------------------------------- /usr2/users/szabo> archie pgp Host sony.com Location: /pub DIRECTORY drwxr-xr-x 512 Apr 9 20:26 pgp Host quepasa.cs.tu-berlin.de Location: /pub/os/386BSD/386bsd-0.1/unofficial/doc/software FILE -rw-rw-r-- 12121 Feb 2 00:01 pgp Host reseq.regent.e-technik.tu-muenchen.de Location: /informatik.public/comp/usenet/alt.sources DIRECTORY drwxrwxr-x 512 Dec 9 01:24 pgp Host ftp.uni-kl.de Location: /pub1/unix/security DIRECTORY drwxrwxr-x 512 Feb 24 19:24 pgp Host cwdynm.echem.cwru.edu Location: /scriptures/ALL.plain FILE -r--r--r-- 167535 Sep 11 1991 pgp Host goya.dit.upm.es Location: /tmp DIRECTORY drwxr-xr-x 512 Aug 22 1992 pgp Host walton.maths.tcd.ie Location: /src/misc/pgp-2.0/src FILE -rwxr-xr-x 316640 Oct 18 00:00 pgp Host ftp.uu.net Location: /pub/security DIRECTORY drwxrwxr-x 512 Mar 9 15:13 pgp Host isy.liu.se Location: /pub/misc DIRECTORY drwxr-xr-x 512 Mar 11 23:54 pgp Host ftp.luth.se Location: /pub/infosystems DIRECTORY drwxr-xr-x 512 Jan 27 12:59 pgp Host unix.hensa.ac.uk Location: /pub/uunet/pub/security DIRECTORY drwxr-xr-x 512 Mar 19 07:35 pgp From ral at telerama.pgh.pa.us Wed Apr 21 00:54:03 1993 From: ral at telerama.pgh.pa.us (Robert Luscombe) Date: Wed, 21 Apr 93 00:54:03 PDT Subject: PGP help? Message-ID: I am in search of any MSDos (or Windows, but not preferred) offline mail readers, text editors, etc. that work well with PGP-- anything to help me use PGP for everyday email. I use a dial-up internet connection, so i have no choice but to use the remote system's PINE mail reader... if anyone knows of anything that will let me compose and encrypt email locally and format the messages into a .QWK packet for upload, that would be IDEAL, but anything else could still help. (BTW-- i have already posted on alt.security.pgp and nothing ever came of it. So it goes.) --Robert Luscombe Internet: ral at telerama.pgh.pa.us Voice:412/488-0941 robert at well.sf.ca.us (Finger for PGP Pub Key) From jhart at agora.rain.com Wed Apr 21 01:31:06 1993 From: jhart at agora.rain.com (Jim Hart) Date: Wed, 21 Apr 93 01:31:06 PDT Subject: GSM vs. wiretapping: Australia Message-ID: Forwarded from comp.org.eff.talk In article <1993Apr12.081136.1 at cc.curtin.edu.au>, zrepachol at cc.curtin.edu.au (Paul Repacholi) writes: > In article <1993Apr11.175007.10136 at news.acns.nwu.edu>, jlacour at merle.acns.nwu.edu (John LaCour) writes: > Have not seen a proposal like the FBI one yet, doesn't mean it isn't out there > though. One thing that has happened is the delaying of the new GSM digital > mobile phones. It seems that ASIO and friends have been told by GCHQ about > the dificulty of breaking MD5. Info is still a bit thin. You could try posting > to aus.comms. > Please note, I have added aus.comms and aus.politics to this one. I enquired of Austel ( the Australian telecoms regulatory body), and the Federal Atourny Generals Office today. The Telecom GSM trail marketing that started in Brisbane in March has been canceled. GSM will *NOT* be legal in Australia till the use of MD% encryption is changed, or the system is altered to allow monitoring of calls. This is a requirement of the 'Telecomunications Interception Act'( AG perth.) There are also prohibitions on using codes and cyphers in the 'Crimes Act' various state police acts and criminal codes ( thought these would not affect Telecomms, as that is federal jusistiction. I will try to find the acts, and quote the relevent sections on this. There has also been posts on 'pen-recorders' I notice. The .au situation on this is that a commisioned officer of the federal police can give the telco a written notice requiring the supplying of cal info for the date range in the notice. I saw this some monthes ago, and had the impression that this included info *PRIOR* to the notice, info Telecom claims not to have if mear chattels inquire! Strange, wonder where it matterializes from. Note the absence of words like 'warrant', 'judge', 'court' or other such! I think there is a requirement for the commisioner of the FP to include in his anual report to parlament the number of notices issued. All this has been in place in one form or another for decades. I first saw this sort of stuff when I worked in the post office ( ob history: the post offie used to run the phon system in australia years ago ) As I worked both as a night shift telephonist and in the office itself, I had to sign a stack of secrecy stuff, and a copy of the 'Posts and Telegraphs Act' was standard issue. This had a prohibition on "unlawfull codes, cyphers and secret writings" The Comercial Telex Code was the *ONE* allowed code. Any other code used in a telegram *HAD* to be stated on the logment form. Don't know what happened after that. Small country town, never saw one. Only the banks used codes. This would have been Dec '67 or '68 I think. Will try to fill in the gaps, and post a full account later. Note that I will be probably away next week, ( school hols ) so it may be a while. I will also try to get some extra info on use etc. ~Paul From ggoebel at sun1.ruf.uni-freiburg.de Wed Apr 21 02:21:35 1993 From: ggoebel at sun1.ruf.uni-freiburg.de (Garrett Goebel) Date: Wed, 21 Apr 93 02:21:35 PDT Subject: cypherpunks vs. cryptoprivacy Message-ID: <9304210921.AA17398@sun1.ruf.uni-freiburg.de> All, Kragen writes: } I agree with those who think that "CypherPunks" is a bad name for the list. } It brings up negative associations in the minds of outsiders, who are, after } all, the people who we want to influence against the Big Brother wiretap chip Is anyone against changing the name from cypherpunks to cryptoprivacy? Seems to be the general consensus... that cryptoprivacy would be more PC. Unoriginal Thought: couldn't the list/group name be changed to "CP"? o For outsiders, and formally, it could stand for CryptoPrivacy o To insiders... it could still stand for CypherPunks o CP is the opposite of PC (I like that). back to lurking, Garrett -- C. Garrett Goebel From gnu Wed Apr 21 02:51:51 1993 From: gnu (John Gilmore) Date: Wed, 21 Apr 93 02:51:51 PDT Subject: FAQ: Overview of crypto In-Reply-To: Message-ID: <9304210951.AA05964@toad.com> > You can get a proper faq by ftp from rsa.com, in the directory pub/faq. Last time I looked, it was something like 75 pages. Those questions aren't all asked *that* frequently. > ITAR - International Traffic In Armaments Regulations - the US has a bunch ... > Appears to apply to importing crypto also, though that hasn't been > something anybody's made a big deal about. This part is false. The ITAR does *not* apply to importing crypto. I have read the regs and found no evidence of import regulations on cryptography. If anyone tells you that they exist, ask for a copy of the regulations, or a citation of the regulations, or a citation of a court case that was based on the regulations. Any of these will let me (or you) determine what is actually happening. [Nobody who I've asked for this stuff has ever been able to produce it.] > as archie) you can ask it wher to find anything. Using a US site would > be potentially better legally, and also cuts down on the bandwidth > used between here and Finland.... Ditto -- no legal problem, just bandwidth. Though the posting appears to assume that the reader is in the U.S., a bad assumption. `Using a local site...`? John Gilmore From kelly at pleiku.netcom.com Wed Apr 21 02:55:38 1993 From: kelly at pleiku.netcom.com ($HOME/.sig) Date: Wed, 21 Apr 93 02:55:38 PDT Subject: Meets 'n Greets In-Reply-To: <3Tcc3B1w165w@sytex.com> Message-ID: <9304210955.AA04369@netcomsv.netcom.com> A non-text attachment was scrubbed... Name: not available Type: text/x-pgp Size: 1801 bytes Desc: not available URL: From crunch at netcom.com Wed Apr 21 03:00:20 1993 From: crunch at netcom.com (John Draper) Date: Wed, 21 Apr 93 03:00:20 PDT Subject: Lets connect the meetings together Message-ID: <9304211000.AA09748@netcom4.netcom.com> I propose that the E. Coaster Cypherpunks connect via computer to the one on the West Coast on the 24th. Perhaps on a private IRC channel, but doing it via encryption would be the best. From habs at Panix.Com Wed Apr 21 05:29:39 1993 From: habs at Panix.Com (Harry Shapiro) Date: Wed, 21 Apr 93 05:29:39 PDT Subject: The Family Key Message-ID: <199304211229.AA28337@sun.Panix.Com> I think the largest weakness in the whole Clipper scheme, and I am not sure If I am right about this is,.... The NSA knows the family key (the key that is built into each chip; or perhaps large meta batch of chips). The family key encrypts the Law Enforcement Block [LEB] of the message, which contains the serial number for the chip in the device being used to communicate. This key is known to NSA. Thus, the NSA will be able to maintain an active traffic pattern analysis of ALL communications sent via the Clipper chiped devices. I think in many ways that traffic watching can and does often reveal more information about someone than at time listening in to what is actually being said. The big point here is the the press release claims that the Clipper chip doesn't provide anything more than what Law Enforcement already has. That is not true. What they get is a complete serialized, accurate method of traffic analysis. Note: Denning claims that a proper order to wire tap an encrypted communication will be "gotten" prior to decoding the LEB. Then a second batch of paper work will be processed once the serial number is revealed to get the encrypted/escrowed keys. -- Harry Shapiro habs at panix.com List Administrator of the Extropy Institute Mailing List Private Communication for the Extropian Community since 1991 From pat at tstc.edu Wed Apr 21 06:19:37 1993 From: pat at tstc.edu (Patrick E. Hykkonen) Date: Wed, 21 Apr 93 06:19:37 PDT Subject: Meets 'n Greets (IRC Meetings Maybe?) Message-ID: <9304211319.AA12656@tstc.edu> > You're right, Eric -- we are mad as hell, too. But I'm not about to > jump on a flight to the west coast to simply share strategies. The > fact that I would even consider it negates the functions which we are > working towards, no? I propose that us east coasters organize and > meet as well. Pat and I are DC bourne, for those interested, I'd like > to propose a DC local meeting. Suggestions? Yeah. Does anybody have the resources to setup an IRC at a known cypherpunk site? -- Pat Hykkonen, N5NPL Texas State Technical College at Waco {pat,postmaster}@tstc.edu Instructional Network Services PGP Key available by finger. 3801 Campus Dr. Waco, Tx 76705 V:(817) 867-4830 F:(817) 799-2843 From ah at uknet.ac.uk Wed Apr 21 07:07:09 1993 From: ah at uknet.ac.uk (ah at uknet.ac.uk) Date: Wed, 21 Apr 93 07:07:09 PDT Subject: No Subject Message-ID: <9304211406.AA10509@toad.com> To: cypherpunks at toad.com Subject: Re: The Family Key Newsgroups: ml.cypherpunks In-Reply-To: <199304211229.AA28337 at sun.Panix.Com> Organization: Dunathad Cc: In article <199304211229Y.AA28337 at sun.Panix.Com> wrote: >I think the largest weakness in the whole Clipper scheme, and >I am not sure If I am right about this is,.... >... >Thus, the NSA will be able to maintain an active traffic pattern >analysis of ALL communications sent via the Clipper chiped devices. > >I think in many ways that traffic watching can and does often reveal >more information about someone than at time listening in to what >is actually being said. > I can't help feeling that they'll be looking for a little more, an edge; not enough that their promises to the executive are broken, but enough to get an edge if they need to decrypt without the key. No offense against the NSA of course, but that's how I'd expect the British to work "in the National Interest". Rgds Alan --- Alan Hunter Johnson Hunter Ltd Isle of Islay, Scotland A.Hunter at dunaad.co.uk fax: +44-496-2336 voice: +44-496-2286 From pfarrell at cs.gmu.edu Wed Apr 21 07:09:25 1993 From: pfarrell at cs.gmu.edu (Pat Farrell) Date: Wed, 21 Apr 93 07:09:25 PDT Subject: Webs of Trust vs Trees of Trust Message-ID: <36516.pfarrell@cs.gmu.edu> In norm at netcom.com (Norman Hardy) writes: >This is much ingrained in all of the legally mandated security >systems that I am aware of. It assumes, at first glance, that there >is a root, an inner sanctum, which is totally trusted by all. > >It is a pervasive mind-set in military security. While I can't claim to understand the military mind set, I can believe that it is pervasive. It is also at best simplistic. Under the "new world order" we must forge aliances according the the needs of the situation, so that the trusted aliance's members vary over time. Economic aliances have similar dynamics, with trust and allegiance changing. The government's view seems to be that trust is transitive. I believe that it can't be, because the world is not a simplistic heirarchy that starts with Billery and flows down. The tree of trust also ignores international exchanges, as Billery's signature means far less to an European than to a US citizen. There was a recent article about a ring of college students in Texas selling forged driver's licenses. They used Montana and Idaho as samples, with the expectation that a bouncer in a Texas bar wouldn't know a real Idaho license if he saw one. Seems like the value of a US-based signature would be lowered in Sydney or Delhi in a similar manner. More importantly, I expect that digital signatures will be used for commercial transactions accross the net. This means that there is money involved, and with a tree of trust, the higher level trees are _worth_ bribing, forging, and perhaps killing for. Once a high level node is compromised, all lower nodes are worthless. This is why we need a serious education effort for the "decision makers" in the government. Pat Pat Farrell Grad Student pfarrell at cs.gmu.edu Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include From grady at netcom.com Wed Apr 21 08:33:40 1993 From: grady at netcom.com (1016/2EF221) Date: Wed, 21 Apr 93 08:33:40 PDT Subject: alt.encrypted Message-ID: <9304211533.AA16188@netcom.netcom.com> I guess the cryptowranglers read this group too. But of course I knew that because it is so easy to do. There is not a single doubt in my mind that every byte that passes every significant gateway or 'bone is captured for the colligation of data about __________? (Maybe your name is here). Maybe we should start a newsgroup for the distribution of encrypted posts intended of members of affinity groups with a shared private key. For example at the coming up Cypherpunks meeting, a private key corresponding to that particular meeting could be passed out by a moderator. Minutes, followup comments to other participants, and so on could be posted to the alt.encrypted group for the use of the people who attended. Communiques intended by the group for non-attendees could of course just be signed using the private key but otherwises not encrypted. Starting a alt.encrypted newsgroup rather than just maintaining mailing lists is better for several reasons. First, it would be easier to archive for people who might join a group "late" and who might like to easily read earlier posts; second, traffic analysis to know exactly to whom an affinity message is directed would be foiled; three, a newsgroup is much more public and would serve to publicize available privacy measures on the internet. And it would be fun to accumulate a secret keyring full of such keys -- it beats giving out t-shirts as a door prize. We could send a copy of alt.encrypted directly to Judge William Sessions or Admiral Studeman to save them the time of having it collected for them. -- grady at netcom.com 2EF221 / 15 E2 AD D3 D1 C6 F3 FC 58 AC F7 3D 4F 01 1E 2F From yerazunis at aidev.enet.dec.com Wed Apr 21 08:48:35 1993 From: yerazunis at aidev.enet.dec.com (Communism is like MS-DOS: It doesn't work, and you wouldn't want to use it even if it did. 21-Apr-1993 1120) Date: Wed, 21 Apr 93 08:48:35 PDT Subject: Making Clippers More Secure Message-ID: <9304211548.AA29737@enet-gw.pa.dec.com> Agreeing with all the previous problems and issues put forth; key-escrow, secret algorithms that can't be formally tested, etc... So, let's *assume* that the US Gummint makes all other encryption illegal, except those that use this chip, and they intend to check all messages that look encrypted to verify that they have the correct system key: Well, we can use more than one chip, or use it in ways that were "unanticipated". F'rinstance: Use PGP (or SROT, or some other p.d. crypto package) to encrypt once, and then use a Clipper to put a legal-looking wrapper on the message. The problem with this is that *if* there is a law making all other cryptosystems illegal, then you still do time. Then the gummint says "You can use chips, but ONLY chips. No other encryptation.". Well, how 'bout this: Use three chips. The first two are BOTH fed the message, and the resulting bitstreams are XORed together and then fed to the third chip (to provide a legal-looking "wrapper") The XORing should obscure the serial numbers of the first two chips, meaning that the NSA can not go to a key-escrow authority with a blanket court order and obtain the keys. Rather, assuming the "secret algorithm" is good, the worst-case scenario is either a full search of the keyspace (if the secret algorithm forms a mathematical "group", or an exhaustive search of [issued-keyspace]^2. Yes, the above does not address the issue of decoding (as stated above, you can't recover the plaintext.) But that's soluble, by inserting a known (but secret) string into the start of the bitstream for both the encoding and decoding second chips; the result is that by the time the second decoding chip needs to start knowing what was XORed into the incoming stream, the first decoding chip has already decoded that part of the message, which can be re-encoded using the first encoding chip's keys to provide the continuing bitstream needed for the XOR. Now, the BIG issue is this: is it possible to obtain the serial numbers of a pair of Clipper chips from the XOR of two output streams? How about three? How about N, where N is large? Without knowing the algorithm, this will be difficult to answer... -Bill % ====== Internet headers and postmarks (see DECWRL::GATEWAY.DOC) ====== % Received: by enet-gw.pa.dec.com; id AA02474; Wed, 21 Apr 93 05:13:14 -0700 % Received: from mc by mc.lcs.mit.edu id ak02907; 20 Apr 93 11:15 EDT % Received: from enet-gw.pa.dec.com by mc.lcs.mit.edu id aa02377; 20 Apr 93 10:20 ED % Received: by enet-gw.pa.dec.com; id AA27388; Tue, 20 Apr 93 07:19:42 -0700 % Message-Id: <9304201419.AA27388 at enet-gw.pa.dec.com> % Received: from aidev.enet; by decwrl.enet; Tue, 20 Apr 93 07:19:43 PDT % Date: Tue, 20 Apr 93 07:19:43 PDT % From: "Dulce et decorum est pro patria mori. 20-Apr-1993 0950" % To: elbows at mc.lcs.mit.edu % Cc: aidev::yerazunis % Apparently-To: elbows at mc.lcs.mit.edu % Subject: Clipper Chip From fergp at sytex.com Wed Apr 21 09:43:51 1993 From: fergp at sytex.com (Paul Ferguson) Date: Wed, 21 Apr 93 09:43:51 PDT Subject: DC Cypherpunks Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Wed, 21 Apr 93 09:15:25 EST, Pat Farrell writes - PF> Craig, there is no problem having a meeting, you just have to have PF> more sense than the kids who think Pentagon City Mall is public PF> space. A small meeting can be in my house, or at Maggie's bar over PF> beer and pizza. You've got my vote for beer and pizza. ;-) Pat, let's plan accordingly. I'd like to be there for the first meeting, so I'll give you a call and we can discuss this at length. In the meantime, I'm keeping a list and building a kering of interested parties. Cheers. -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK9VurZRLcZSdHMBNAQG6GQP/aWlhwgaBwLU2QFUsjdoauIuPYrVRiu5f 87z4s8YhRj/dNX/alIO6LTGIT0Q4V5UW7w9gu2EChok618KJly3zgqg1slDBhg0x F6ZIJjbdiPmkeNGjlswfm/x/yGF2NWLu+F2YsMfbXEjnmdOaZaooiOQFA1tiMN2x AysEJYTBnJs= =q/Pf -----END PGP SIGNATURE----- Paul Ferguson | Uncle Sam wants to read Network Integration Consultant | your e-mail... Centreville, Virginia USA | Just say "NO" to the Clipper fergp at sytex.com | Chip... From fergp at sytex.com Wed Apr 21 09:44:18 1993 From: fergp at sytex.com (Paul Ferguson) Date: Wed, 21 Apr 93 09:44:18 PDT Subject: DC Cypherpunks Message-ID: On Wed, 21 Apr 93 2:07:49 EDT, Craig Nottingham wrote - CN> There is plenty of DC area support fr such a group. The only CN> problem that presents it self is where to hold a meeting where CN> here will be no hassles. I'm putting together of interested parties who would like to get together for physical meetings on a "psuedo-random" basis. As Pat mentioned earlier, my free time is non-existant at least until mid-May (getting re-married May 1), but I'm eager to meet, unite and build a DC chapter. Solidarity and determination, my brothers and sisters! Also, send your pubkey. Little things mean alot. Paul Ferguson | Uncle Sam wants to read Network Integration Consultant | your e-mail... Centreville, Virginia USA | Just say "NO" to the Clipper fergp at sytex.com | Chip... From strat at intercon.com Wed Apr 21 10:55:58 1993 From: strat at intercon.com (Bob Stratton) Date: Wed, 21 Apr 93 10:55:58 PDT Subject: DC Cypherpunks Message-ID: <9304211239.AA53513@horton.intercon.com> > Subject: DC Cypherpunks > From: fergp at sytex.com (Paul Ferguson) > Date: Wed, 21 Apr 93 12:16:22 EDT > > -----BEGIN PGP SIGNED MESSAGE----- > > On Wed, 21 Apr 93 09:15:25 EST, > Pat Farrell writes - > > PF> Craig, there is no problem having a meeting, you just have to have > PF> more sense than the kids who think Pentagon City Mall is public > PF> space. A small meeting can be in my house, or at Maggie's bar over > PF> beer and pizza. > > You've got my vote for beer and pizza. ;-) > > Pat, let's plan accordingly. I'd like to be there for the first > meeting, so I'll give you a call and we can discuss this at length. In > the meantime, I'm keeping a list and building a kering of > interested parties. Hear, hear. I think I can also swing permission to have it at my office in Herndon, if having a T1 to the Net is at all helpful. I'll ask, if anyone's interested. --Strat, whose company actually took a position on the Clipper chip! (It's the right one, BTW) Help stop the wiretap chip! (a.k.a "Clipper") RIPEM and PGP keys available on request. From gnu Wed Apr 21 11:17:43 1993 From: gnu (John Gilmore) Date: Wed, 21 Apr 93 11:17:43 PDT Subject: Meets 'n Greets (IRC Meetings Maybe?) -- Internet audio? In-Reply-To: <9304211319.AA12656@tstc.edu> Message-ID: <9304211816.AA14002@toad.com> We could set up an encrypted `vat' audio session between the locations. Cygnus has T1 connectivity to the Internet. Someone would need to provide a good self-powered speaker to plug into the Sun audio port (a standard mini phono plug). We have a microphone that will possibly work, though we should run some tests before the meeting. Cygnus does not have multicast support, so we can't feed the `mbone' (multicast backbone) with it, but we can attempt one or several point-to-point links. `vat' runs on Suns and is available from ftp.ee.lbl.gov or ftp.cygnus.com:/pub/vat.1.56.tar.Z. It's `Van's Audio Tool', unfortunately available only in binary. Its encryption option requires that the participants agree on a key in advance, and type it into each workstation at the time of the conference. John Gilmore From uni at acs.bu.edu Wed Apr 21 11:37:47 1993 From: uni at acs.bu.edu (Shaen Bernhardt) Date: Wed, 21 Apr 93 11:37:47 PDT Subject: Meets 'n Greets Message-ID: <9304211837.AA240185@acs.bu.edu> de_armor_file: infile = AppDisk:fm ?, outfile = AppDisk:fm ?.$00, curline = 0 ERROR: Badly formed ASCII armor checksum, line 28. Error: Transport armor stripping failed for file AppDisk:fm ? Please resend From szabo at techbook.com Wed Apr 21 12:32:20 1993 From: szabo at techbook.com (Nick Szabo) Date: Wed, 21 Apr 93 12:32:20 PDT Subject: Intergraph employee claims trademark violation Message-ID: Forwarded from Libernet: Date: Tue, 20 Apr 93 10:30:47 PDT From: ald at clipper.clipper.ingr.com (Al Date) Subject: "Clipper Chip" --NOT! To: libernet at Dartmouth.EDU Clipper TM chip is a registered trademark of Intergraph Corp. The so-called Clipper chip which was recently mentioned here and in other media with respect to encryption is being used in violation of that trademark. The Intergraph Clipper chip is a Unix microprocessor, originally developed by Fairchild Semiconductors, and has no relationship to the encryption chip whatsoever. I mention this here with the hope that someone reading this will intercede before the group alt.privacy."clipper" is established. --Al Date From ral at telerama.pgh.pa.us Wed Apr 21 12:46:46 1993 From: ral at telerama.pgh.pa.us (Robert Luscombe) Date: Wed, 21 Apr 93 12:46:46 PDT Subject: PGP again. Message-ID: I apologize for this, but... If anyone sent me a response re:pgp help, i just lost my incoming mailbox before i read my mail. I did see a few responses listed in my new mail, but they were gone when i tried to read them. Sorry for the hassle, but could anyone who did send me something re-send it? I am not too happy about all my lost mail. --Robert Luscombe Internet: ral at telerama.pgh.pa.us Voice:412/488-0941 robert at well.sf.ca.us (Finger for PGP Pub Key) From morrison at tantalus.scl.ameslab.gov Wed Apr 21 12:55:29 1993 From: morrison at tantalus.scl.ameslab.gov (Andrew Morrison) Date: Wed, 21 Apr 93 12:55:29 PDT Subject: Cancellation Message-ID: <9304211951.AA19740@tantalus.scl.ameslab.gov> Please remove me from the list. I have limited access to my e-mail, and can't keep up. Thank you, Andrew Morrison From peb at PROCASE.COM Wed Apr 21 13:09:45 1993 From: peb at PROCASE.COM (peb at PROCASE.COM) Date: Wed, 21 Apr 93 13:09:45 PDT Subject: Free Speech Message-ID: <9304211949.AA03767@banff> What do people think about crypto being considered Free Speech? This might be the most powerful angle. Freedom of expression would be a great way to protest a ban on hard crypto; detecting the use of crypto on the Internet would be like Prodigy monitoring all news groups for non-family (and non-Prodigy) material. Not only that, but if the proported crypto material wasn't actually crypto but random bits, then no laws would be broken. The next step for the tyrant in this arms race is to send messages that merely appear to contain crypto illegal. By analogy, the FCC can fine people for joking about the metal detector and xray equipment security check points. I don't know if this is a law, but the FCC could enforce its fine by not allowing you to fly again on a commercial airline. (Monopolies, they work just great. ;^) A further step in this scenario is for the pro-free-speech people to start using various data compression techniques--a proliferation of non-standards for various reasons (well, C++ compression could be specialized--no dictionary need be sent if the reciever knows it is C++; same for English used on particular news groups, poetry, etc.). This would cause massive false positives of packets that appear to be encrypted. Obviously, fairly enforcing a law against such usage would be impossible. I can see two outcomes at this stage: (1) the laws are eliminated, or (2) they are enforced only selectively. Considering the way things usually work, (2) seems more likely, however the fact that the merger of phones and computers is already happening (e.g., Sun ss10 with ISDN has a complete phone answering system written by Jeff Peck at Sun), the volume of resistance can easily be *large* and *convenient*. Few protests are convenient; with this, people don't even have to leave work! (The downside is, however, that it would be difficult to get media attention for doing it...TV camera pointed at the workstation, OK, I'm pressing the Send button now. Hah! Take that!) If the powers-that-be then come up with a law that crypto is illegal only if used for illegal activity, I wouldn't complain so much. Changing your name is legal as long as you don't commit fraud, so there are tolerable examples of this type of law now. Paul E. Baclace peb at procase.com From jwarren at autodesk.com Wed Apr 21 13:38:10 1993 From: jwarren at autodesk.com (Jim Warren) Date: Wed, 21 Apr 93 13:38:10 PDT Subject: more details from Denning Message-ID: <9304211652.AA24148@megalon.YP.acad> I've been collecting this flow over the last few days, and finally have a chance to upload it to 'punks. I think all of it is new, but part of it might have already appeared in the last several daze [sic] deluge. If so, apologies for repetition. And, a coupla tidbits about Dorothy: I have known her for several years, worked closely with her on creating the first Computers, Freedom & Privacy conference in 1991, have absolutely the *highest* regard for her integrity, honesty and candor -- and absolutely trust what she says ... even when it's about a subject on which we may disagree. Dorothy Denning is an honorable person with great personal integrity, and I urge that she be treated as such -- even in disagreement. --jim Jim Warren, MicroTimes futures columnist; InfoWorld founder; DataCast founder; founder & chair, First Conf. on Computers, Freedom & Privacy, blah blah blah :-) ============echoing the messages of significance========== From anton at hydra.unm.edu Wed Apr 21 13:51:24 1993 From: anton at hydra.unm.edu (Stanton McCandlish) Date: Wed, 21 Apr 93 13:51:24 PDT Subject: FAQ: PGP where? Message-ID: <9304212051.AA14092@hydra.unm.edu> For those with modems but not full Internet access, you can obtain PGP2.2 from the BBS listed in the .sib below. Full access first call. I stock the DOS, Mac, and Unix versions, the source code/utils package (in .ZIP format), and the DOS menu/shell program. Look in the LOGIN and NON- IBM file areas. All are direct from wel established FTP sites (garbo, oak, etc.), NOT from uploads or from other BBSs. Clean as whistle! If you wish anonymity, you can get the DOS ver, source and shell from the LOGIN file area, if you login as GUEST password GUEST. Don't futz about though, the GUEST acct. is quite time-restricted. Best bet is login normally. If you never plan to call again, just enter x and 0000 for all the question- naire fields, and leave a "delete me" omment to sysop, if you would. -- Testes saxi solidi! ********************** Podex opacus gravedinosus est! Stanton McCandlish, SysOp: Noise in the Void Data Center BBS IndraNet: 369:1/1 FidoNet: 1:301/2 Internet: anton at hydra.unm.edu Snail: 8020 Central SE #405, Albuquerque, New Mexico 87108 USA Data phone: +1-505-246-8515 (24hr, 1200-14400 v32bis, N-8-1) Vox phone: +1-505-247-3402 (bps rate varies, depends on if you woke me up...:) From tcmay at netcom.com Wed Apr 21 13:53:57 1993 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 21 Apr 93 13:53:57 PDT Subject: Crypto Activism and Respectability Message-ID: <9304212053.AA23743@netcom.netcom.com> Crypto Activism and Respectability, or, Should We Become "Suits"? Several Cyperpunks, er, "Privacy Advocates," have called for the name "Cypherpunks" to be changed to something more serious, more respectable, less likely to scare the horses. Something like "Cryptography Privacy" or "Cryptologic Research Association." Some even want a parallel to the NRA, such as the "National Cryptography Association." Further, there have been comments that referring to "crypto anarchy," as I've been doing for several years (my "Crypto Anarchist Manifesto" was first distributed in 1988) is, to put it bluntly, "not helpful to the cause." Talk of libertarian ideas, "If crypto is outlawed, only outlaws will have crypto," and other such "crypto radicalism" is seen as unrespectable, as counterproductive. We're not speaking the language of the "suits," it's said. Middle America will be turned off by the hippie radicals in t-shirts, leather jackets, sandals, and beards. (Some readers of this list have volunteered that they'd make better spokespersons for the Cause because they are clean-shaven, they look like good corporate citizens, and they know how to make the right soothing noises to interviewers. I say, "Great! We need more publicity." Just don't tell the rest of us California types, where sandals, beards, and jeans remain common, that we need to "go corporate." Picture a "smiley" here, if that's your style.) I want to respond by making several comments: * Radicals like ourselves have always been under pressure to conform to societal norms, whether to dress in the "gray flannel suit" in the 1950s or to eschew long hair and beads in the 60s. * Guess what? The message is almost more important than the messenger. People have a pretty clear idea of what people are saying, despite their appearance. And, frankly, my guess is that even most of Middle America will feel somewhat more comfortable listening to a John Gilmore, for example, than a Bill Gates-type nerd clone. People know honesty and sincerity when they see it, and they know lawyers when they see them. It's been 25 years since the hippie heyday, and most Americans have adjusted to varying outward appearances. (Actually, they've internalized and accepted long hair and beards....shaved heads, nose piercings, and body adornments they probably haven't yet accepted. But most of the "crypto anarchist cypherpunks" are of the more conventional kind of "disreputable" appearance, so the point is moot.) * The more serious message of toning down our calls for complete and total access to whatever crypto tools we can get is potentially more divisive to this group. We don't all have the same politics...some of us are anarcho-capitalists, some are socialists (I hear), some are nonpolitical (as near as I can tell), some decline to state, and some may off in their own uncharted territory. But what we all seem to believe in common is that no government has the right to force us to make tape recordings of all of our conversations (to be placed in escrow, in case the government someday needs to listen to them!), to tap our phones, to insist we speak in government-approved non-coded language, and to use their "Wiretap Chips." I said "potentially" more divisive. In practice, nobody on this list is really disagreeing in a major way with our general goals of privacy and access to tools (to borrow the "Whole Earth" phrase). A few people disagreed with the way remailers, like our home-grown remailers and like Johan Helsingius' (he's also on this list, of course), were being handled. But that's the kind of debate we want. * To some, like David Sternlight, Dorothy Denning, and Andrew Molitor, these are radical, unreasonable, and subversive views. "Remember, children, the policeman is your *friend*." seems to sum up their view of crypto. It's hard to imagine just what we have to "be reasonable" about with such people. A basic ideological divide separates us. * I fully agree with many of you that the name "Cypherpunks" has some, shall we say, _unusual_ connotations. Some will assume we're skateboarding geeks, others will assume we're "crypto primitives" who pierce our bodies and spend all our time at raves. But the name has undeniable appeal to many, and certainly grabs a lot of attention. It seems improbable that some staid name like "Northern California Cryptography Hobbyists Association" would've gotten much attention, let alone a write-up in "Wired" (and upcoming pieces in "Whole Earth Review," "The Village Voice," etc.). (Perhaps you out there who first heard about us via an article in "Mondo 2000," or "Wired," or a reference someplace, like MindVox or sci.crypt, can tell us what grabbed your attention, what you liked and disliked about the name, etc. Just as feedback.) In any case, it's much too late to change the name now. Publicity of "Cypherpunks" has spread the name, lots of journalists are intrigued by it, and it basically *does* capture the spirit of our group. After all, for basic civil liberties and cyberspace issues, the ACLU, CPSR, and EFF already exist and do a fair job at presenting lawyer-like faces to the press. And for conventional "phreaking," the group "2600" is having their own meetings. We don't have to be the group with the subdued and staid image. And note tha the "Hackers Conference" has not changed _their_ name, either, despite the negative publicity given the name. (A meta-rule: There is no such thing as negative publicity. All they have to do is spell your name right. Ironically, in a recent "MacWorld" column, Steven Levy misspelled our name as "Cipherpunks." He got it right in his "Wired" piece, though.) * As for respectablity, is our goal to be "co-opted" into the Establishment? (Geez. these words I'm writing could've been written in 1968!) Is it to be a respectable voice for moderation and the gentle process of negotiating? I think not. (Note that the Wiretap Chip was *not* presented for discussion and for industry comment. Neither the Bush nor Clinton camps presented this for public debate--unless you consider Dorothy Denning's comments to be the "trial balloon" I suggested it was last fall in sci.crypt...Denning has made the curious claim that she knew "nothing" of the Clipper plan until the night before it was publicly announced. This plan is a fait accompli, production of the chips is underway, and AT&T has already announced their Clipper-tapped phone. The best we can do is undermine the proposal, deploy strong crypto as widely as possible before it's outlawed completely (Clipper will fail if strong crypto alternatives are available...what do you think Big Brother plans to do about this?), and continue to make as much noise as we can about the evils of invading privacy in this way. I see little indication that reasonable negotiation is being invited.) * There are already several groups, as I've mentioned, made up of lawyers and "respectable spokesmen" like Mitch Kapor and Mike Godwin (wherever he is now). In a sense, Cypherpunks fill an important ecological niche by being the outrageous side, the radical side...perhaps a bit like the role the Black Panthers, Yippies, and Weather Underground played a generation ago. (By the way, "The Crypto Underground" was one of my favorite name proposals....aren't you glad now we settled on Jude Milhon's "Cypherpunks" suggestion?) * Cypherpunks write code, as Eric put it. They write code, they build remailers, they test systems to see how they break, they share their findings, they ignore restrictions on crypto, they look at the consequences of strong crypto, and they write articles like this. * Now I'm all for respectability in certain ways, ways that come naturally to each of us. When I talk to journalists, I speak in complete sentences, I explain things in the most straightforward way possible, etc. I don't roll in on my skateboard and say "Dewd! Yo bro, let's skank this Clipper shit!" But I don't plan to shave off my beard, cut my hair, start wearing suits, or be "moderate and reasonable" in my arguments. Nor do I intend to water down my messages about digital money, anonymous systems, and crypto anarchy. "Let a thousand flowers bloom." --Mao (not one of my heroes) "Live dangerously." --Nietzsche (one of my heroes) -Tim May, Cypherpunk -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, smashing of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available. Waco Massacre + Big Brother Wiretap Chip = A Nazi Regime From fergp at sytex.com Wed Apr 21 14:42:24 1993 From: fergp at sytex.com (Paul Ferguson) Date: Wed, 21 Apr 93 14:42:24 PDT Subject: WIRED snippet Message-ID: On Wed, 21 Apr 93 11:30:24 -0600, L. Detweiler LD> EFF is drawing fire on the proposal or EFF is drawing fire on LD> itself? I read this elsewhere, but I just can't remember where, off the top of my head. Anyway, here is a snippet from WIRED (Vol 1, Issue 2, May/June 1993, page 97) that also mentions it - 8<------- Cut Here ------------ HYPE LIST Current Position Months Position Last Month on List -------- ---------- ------- Cryptography 1 4 3 Wireless Everything 2 - 2 Wired 3 - 1 EFF Sells Out 4 - 1 Piercing 5 - 2 1. Cryptography Cryptography continues to rise in popularity as the solution for all digital ills. The use of the software encryption package Pretty Good Privacy (PGP) for e-mail is now tres hip among the network elites, and public keys are being traded like baseball cards. Of course, encryption is just a way to hide the same boring messages, but it does add that element of intrigue. Crypto-philes are a '90s version of the NRA gun nuts: paranoid of the government's attempts to legislate, and coonvinced that their guns (codes) are necessary for freedom. "If encryption is outlawed, only outlaws will have encryption," is already splattered around the Net. 2. Wireless Everything There seems to be an unwritten rule nowadays that every product announcement must trumpet the fact that the new gizmo is, even if only in some minor way, wireless. We now have wireless mice, keyboards, modems, printers, and networks. The once-esoteric deliberations concerninng radio bandwidth auctioning have become front page news in the Wall Street Journal. What's strange is that there is no corresponding consumer clamor for wireless products. In fact, wireless keyboards and printers have flopped every time thay have been introduced. But don't expect this to stop Buck Rogers-obsessed electronics companies anytime soon. 3. Wired The glut of recent media hype surrounding this new rag is proof the WIRED staff has read and understood its Marshall McLuhan. Through deliberate manipulation of broadcasters, spin-doctored press releases, and billboards everywhere, WIRED has achieved near total ubiquity, including spots on everything from Good Morning America to NPR. While the mainstream media looks on in disbelief, the reaction on the Net has been more divided. Some on alt.cyberpunk see it as the unholy offspring of M2 and the Economist, while others see it as a rehash of the Same Old Stuff, down to the obligatory article on virtual sex. Like VR, it's a viewpoint-dependent medium. 4. EFF Sells Out The Electronic Frontier Foundation's announcement of their reorganization and the closure of their Cambridge office was greeted with cries of betrayal and the ripping of membership cards. Many people on the Net saw the reorganization as a move by the EFF towards a more slick-corporate-Washington D.C.-Clinton-ass-kicking type of organization. The critics have grossly exaggerated the charges, but there is a kernel of truth to them: The EFF gets most of its financial support from large corporations such as AT&T and Apple, and John Perry Barlow has admitted that this has influenced the EFF's actions. (Heck, how many times hhave you seen John Sculley standing next to Clinton in the past four months?) But a well-endowed EFF is sure to be more effective than a politically correct one -- we just need to hope that what is best for Apple is also best for us. 5. Piercing Body piercing has been hyped for the last five years, but only recently has it really caught on in the computer community. Now it seems as though every programmer in San Jose has a pierced nipple and is eagerto tell you about it. As Jaron Lanier said, piercing is the only thing left that can still get a rise from a teenager's ex-hippy parent. Cyberpunk lit has always emphasized body malfunctions, from fake eyes to knives implanted under yourr finger nails, and piercing is a cheap and easy way to be like your heros -- and it;s oh so rebellious. I just hope that liposuction becomes the next big trend with this group. - Steve Steinberg 8<----- Cut Here --------- Cheers. Paul Ferguson | Uncle Sam wants to read Network Integration Consultant | your e-mail... Centreville, Virginia USA | Just say "NO" to the Clipper fergp at sytex.com | Chip... From tcmay at netcom.com Wed Apr 21 14:47:02 1993 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 21 Apr 93 14:47:02 PDT Subject: Crypto Activism and Respectability Message-ID: <9304212146.AA01218@netcom.netcom.com> Crypto Activism and Respectability, or, Should We Become "Suits"? Several Cyperpunks, er, "Privacy Advocates," have called for the name "Cypherpunks" to be changed to something more serious, more respectable, less likely to scare the horses. Something like "Cryptography Privacy" or "Cryptologic Research Association." Some even want a parallel to the NRA, such as the "National Cryptography Association." Further, there have been comments that referring to "crypto anarchy," as I've been doing for several years (my "Crypto Anarchist Manifesto" was first distributed in 1988) is, to put it bluntly, "not helpful to the cause." Talk of libertarian ideas, "If crypto is outlawed, only outlaws will have crypto," and other such "crypto radicalism" is seen as unrespectable, as counterproductive. We're not speaking the language of the "suits," it's said. Middle America will be turned off by the hippie radicals in t-shirts, leather jackets, sandals, and beards. (Some readers of this list have volunteered that they'd make better spokespersons for the Cause because they are clean-shaven, they look like good corporate citizens, and they know how to make the right soothing noises to interviewers. I say, "Great! We need more publicity." Just don't tell the rest of us California types, where sandals, beards, and jeans remain common, that we need to "go corporate." Picture a "smiley" here, if that's your style.) I want to respond by making several comments: * Radicals like ourselves have always been under pressure to conform to societal norms, whether to dress in the "gray flannel suit" in the 1950s or to eschew long hair and beads in the 60s. * Guess what? The message is almost more important than the messenger. People have a pretty clear idea of what people are saying, despite their appearance. And, frankly, my guess is that even most of Middle America will feel somewhat more comfortable listening to a John Gilmore, for example, than a Bill Gates-type nerd clone. People know honesty and sincerity when they see it, and they know lawyers when they see them. It's been 25 years since the hippie heyday, and most Americans have adjusted to varying outward appearances. (Actually, they've internalized and accepted long hair and beards....shaved heads, nose piercings, and body adornments they probably haven't yet accepted. But most of the "crypto anarchist cypherpunks" are of the more conventional kind of "disreputable" appearance, so the point is moot.) * The more serious message of toning down our calls for complete and total access to whatever crypto tools we can get is potentially more divisive to this group. We don't all have the same politics...some of us are anarcho-capitalists, some are socialists (I hear), some are nonpolitical (as near as I can tell), some decline to state, and some may off in their own uncharted territory. But what we all seem to believe in common is that no government has the right to force us to make tape recordings of all of our conversations (to be placed in escrow, in case the government someday needs to listen to them!), to tap our phones, to insist we speak in government-approved non-coded language, and to use their "Wiretap Chips." I said "potentially" more divisive. In practice, nobody on this list is really disagreeing in a major way with our general goals of privacy and access to tools (to borrow the "Whole Earth" phrase). A few people disagreed with the way remailers, like our home-grown remailers and like Johan Helsingius' (he's also on this list, of course), were being handled. But that's the kind of debate we want. * To some, like David Sternlight, Dorothy Denning, and Andrew Molitor, these are radical, unreasonable, and subversive views. "Remember, children, the policeman is your *friend*." seems to sum up their view of crypto. It's hard to imagine just what we have to "be reasonable" about with such people. A basic ideological divide separates us. * I fully agree with many of you that the name "Cypherpunks" has some, shall we say, _unusual_ connotations. Some will assume we're skateboarding geeks, others will assume we're "crypto primitives" who pierce our bodies and spend all our time at raves. But the name has undeniable appeal to many, and certainly grabs a lot of attention. It seems improbable that some staid name like "Northern California Cryptography Hobbyists Association" would've gotten much attention, let alone a write-up in "Wired" (and upcoming pieces in "Whole Earth Review," "The Village Voice," etc.). (Perhaps you out there who first heard about us via an article in "Mondo," or "Wired," or a reference someplace, like MindVox or sci.crypt, can tell us what grabbed your attention, what you liked and disliked about the name, etc. Just as feedback.) In any case, it's much too late to change the name now. Publicity of "Cypherpunks" has spread the name, lots of journalists are intrigued by it, and it basically *does* capture the spirit of our group. After all, for basic civil liberties and cyberspace issues, the ACLU, CPSR, and EFF already exist and do a fair job at presenting lawyer-like faces to the press. And for conventional "phreaking," the group "2600" is having their own meetings. We don't have to be the group with the subdued and staid image. And note tha the "Hackers Conference" has not changed _their_ name, either, despite the negative publicity given the name. (A meta-rule: There is no such thing as negative publicity. All they have to do is spell your name right. Ironically, in a recent "MacWorld" column, Steven Levy misspelled our name as "Cipherpunks." He got it right in his "Wired" piece, though.) * As for respectablity, is our goal to be "co-opted" into the Establishment? (Geez. these words I'm writing could've been written in 1968!) Is it to be a respectable voice for moderation and the gentle process of negotiating? I think not. (Note that the Wiretap Chip was *not* presented for discussion and for industry comment. Neither the Bush nor Clinton camps presented this for public debate--unless you consider Dorothy Denning's comments to be the "trial balloon" I suggested it was last fall in sci.crypt...Denning has made the curious claim that she knew "nothing" of the Clipper plan until the night before it was publicly announced. This plan is a fait accompli, production of the chips is underway, and AT&T has already announced their Clipper-tapped phone. The best we can do is undermine the proposal, deploy strong crypto as widely as possible before it's outlawed completely (Clipper will fail if strong crypto alternatives are available...what do you think Big Brother plans to do about this?), and continue to make as much noise as we can about the evils of invading privacy in this way. I see little indication that reasonable negotiation is being invited.) * There are already several groups, as I've mentioned, made up of lawyers and "respectable spokesmen" like Mitch Kapor and Mike Godwin (wherever he is now). In a sense, Cypherpunks fill an important ecological niche by being the outrageous side, the radical side...perhaps a bit like the role the Black Panthers, Yippies, and Weather Underground played a generation ago. (By the way, "The Crypto Underground" was one of my favorite name proposals....aren't you glad now we settled on Jude Milhon's "Cypherpunks" suggestion?) * Cypherpunks write code, as Eric put it. They write code, they build remailers, they test systems to see how they break, they share their findings, they ignore restrictions on crypto, they look at the consequences of strong crypto, and they write articles like this. * Now I'm all for respectability in certain ways, ways that come naturally to each of us. When I talk to journalists, I speak in complete sentences, I explain things in the most straightforward way possible, etc. I don't roll in on my skateboard and say "Dewd! Yo bro, let's skank this Clipper shit!" But I don't plan to shave off my beard, cut my hair, start wearing suits, or be "moderate and reasonable" in my arguments. Nor do I intend to water down my messages about digital money, anonymous systems, and crypto anarchy. "Let a thousand flowers bloom." --Mao (not one of my heroes) "Live dangerously." --Nietzsche (one of my heroes) -Tim May, Cypherpunk -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, smashing of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available. Waco Massacre + Big Brother Wiretap Chip = A Nazi Regime From psionic at wam.umd.edu Wed Apr 21 14:55:01 1993 From: psionic at wam.umd.edu (Haywood J. Blowme) Date: Wed, 21 Apr 93 14:55:01 PDT Subject: New Algorithm... Message-ID: <199304212154.AA15610@rac3.wam.umd.edu> As promised, I spoke today with the company mentioned in a Washington Times article about the Clipper chip announcement. The name of the company is Secure Communicatiions Technology (Information will be given at the end of this message on how to contact them). Basically they are disturbed about the announcement for many reasons that we are. More specifically however, Mr. Bryen of Secure Communications brought to light many points that might interest most of the readers. His belief is that AT&T was made known of the clipper well before the rest of the industry. This is for several reasons, several of which are: - A company of AT&T's size could never be able to make a decision to use the new chip on the SAME DAY it was announced. - Months ago they proposed using their own chip for AT&T's secure telephone devices. AT&T basically blew them off as being not interested at all. This stuck them as strange, until now... Also I spoke with Art Melnick, their cryptographer, he expressed several concerns over the new Clipper Chip: - The obvious backdoor will be able to let many people decrypt the code. - Once the key is released to authorities the security of the crypto system is lost forever. These keys can end up in the hands of any agency of the government. - The fact that the escrowed keys never change means that the algorithm is vulnerable over time to an attacker. - The classified algorithm may hide another backdoor. But he feels that it is probably to keep people from forging fake serial numbers, or changing the keys themselves. - Additionally he feels that the NSA has probably spent enough time and money in working on a way to keep this chip from being reversed engineered, that he feels that reverse engineering it will be very difficult to do. He feels that they have developed a suitable technique to protect the chip from this attack. Also he feels that the chip is hardware encoded with the algorithm and not microcoded onto the chip. Additonally I spoke with Mr. Melnick about their algorithm. He couldn't tell me much about their new agorithm because it hasn't been patented yet. However he told me a little: - The algorithm will be released for public review after patents have been granted for it. This is so the crypto community can see that it is secure. - The algorithm is called NEA for New Encryption Algorithm. The details were sketchy because now it is held as a trade secret until the patent was issued, but I was told that it will incorporate the following: - It will have fast encryption of data (Exact specs not given, but Mr. Melnick stated "Much faster than what an RS-232 can put out.") - It is a symmetric cipher, just like IDEA and DES. - It will use 64 bit data blocks for encryption (like DES and IDEA). - The key length was not given to me, but Mr. Melnick states that it is _adujustable_ and is "More than adequate for security." - The algorithm is written in C and Assembler in software form, and can be ported to many platforms (Unlike the the Clipper Chip which is hardware ONLY and cannot be made into software) This I consider a definite plus for the NEA for widespread use. - The algorithm will accomodate public key distribution techniques such as RSA or Diffie-Hellman. This will also be supported in the hardware chip. - Right now the projected cost of the NEA chip will be about 10 dollars for each!! (Clipper will run 25 each chip [that is if it is produced enough, which probably won't happen]). - They currently sell a program called C-COM that uses the algorithm and a special streaming protocol that does not divide the encrypted data into "blocks." This could prevent plaintext attacks if you know what the block header is. This program operates at all supported RS-232 speeds and uses the software implementation of the algorithm. - Most importantly: IT DOES NOT HAVE A BACKDOOR!! Right now the company is afraid that the new clipper chip will put them out of business. This is a very real possibility. So they really need help in stopping the clipper chip from becoming a standard. If you want to contact them, they can be reached at.. Secure Communications Technology 8700 Georgia Ave. Suite 302 Silver Spring, MD (301) 588-2200 I talked to Mr. Bryen who represents the company. He can answer any questions you have. ============================================================================= /// | psionic at wam.umd.edu | Fight the WIRETAP CHIP!! Ask me how! __ /// C= | -Craig H. Rowland- | \\\/// Amiga| PGP Key Available | "Those who would give up liberty for \/// 1200 | by request. | security deserve neither." ============================================================================= From tcmay at netcom.com Wed Apr 21 15:09:54 1993 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 21 Apr 93 15:09:54 PDT Subject: Crypto Activism and Respectability Message-ID: <9304212209.AA03876@netcom.netcom.com> Crypto Activism and Respectability, or, Should We Become "Suits"? Several Cyperpunks, er, "Privacy Advocates," have called for the name "Cypherpunks" to be changed to something more serious, more respectable, less likely to scare the horses. Something like "Cryptography Privacy" or "Cryptologic Research Association." Some even want a parallel to the NRA, such as the "National Cryptography Association." Further, there have been comments that referring to "crypto anarchy," as I've been doing for several years (my "Crypto Anarchist Manifesto" was first distributed in 1988) is, to put it bluntly, "not helpful to the cause." Talk of libertarian ideas, "If crypto is outlawed, only outlaws will have crypto," and other such "crypto radicalism" is seen as unrespectable, as counterproductive. We're not speaking the language of the "suits," it's said. Middle America will be turned off by the hippie radicals in t-shirts, leather jackets, sandals, and beards. (Some readers of this list have volunteered that they'd make better spokespersons for the Cause because they are clean-shaven, they look like good corporate citizens, and they know how to make the right soothing noises to interviewers. I say, "Great! We need more publicity." Just don't tell the rest of us California types, where sandals, beards, and jeans remain common, that we need to "go corporate." Picture a "smiley" here, if that's your style.) I want to respond by making several comments: * Radicals like ourselves have always been under pressure to conform to societal norms, whether to dress in the "gray flannel suit" in the 1950s or to eschew long hair and beads in the 60s. * Guess what? The message is almost more important than the messenger. People have a pretty clear idea of what people are saying, despite their appearance. And, frankly, my guess is that even most of Middle America will feel somewhat more comfortable listening to a John Gilmore, for example, than a Bill Gates-type nerd clone. People know honesty and sincerity when they see it, and they know lawyers when they see them. It's been 25 years since the hippie heyday, and most Americans have adjusted to varying outward appearances. (Actually, they've internalized and accepted long hair and beards....shaved heads, nose piercings, and body adornments they probably haven't yet accepted. But most of the "crypto anarchist cypherpunks" are of the more conventional kind of "disreputable" appearance, so the point is moot.) * The more serious message of toning down our calls for complete and total access to whatever crypto tools we can get is potentially more divisive to this group. We don't all have the same politics...some of us are anarcho-capitalists, some are socialists (I hear), some are nonpolitical (as near as I can tell), some decline to state, and some may off in their own uncharted territory. But what we all seem to believe in common is that no government has the right to force us to make tape recordings of all of our conversations (to be placed in escrow, in case the government someday needs to listen to them!), to tap our phones, to insist we speak in government-approved non-coded language, and to use their "Wiretap Chips." I said "potentially" more divisive. In practice, nobody on this list is really disagreeing in a major way with our general goals of privacy and access to tools (to borrow the "Whole Earth" phrase). A few people disagreed with the way remailers, like our home-grown remailers and like Johan Helsingius' (he's also on this list, of course), were being handled. But that's the kind of debate we want. * To some, like David Sternlight, Dorothy Denning, and Andrew Molitor, these are radical, unreasonable, and subversive views. "Remember, children, the policeman is your *friend*." seems to sum up their view of crypto. It's hard to imagine just what we have to "be reasonable" about with such people. A basic ideological divide separates us. * I fully agree with many of you that the name "Cypherpunks" has some, shall we say, _unusual_ connotations. Some will assume we're skateboarding geeks, others will assume we're "crypto primitives" who pierce our bodies and spend all our time at raves. But the name has undeniable appeal to many, and certainly grabs a lot of attention. It seems improbable that some staid name like "Northern California Cryptography Hobbyists Association" would've gotten much attention, let alone a write-up in "Wired" (and upcoming pieces in "Whole Earth Review," "The Village Voice," etc.). (Perhaps you out there who first heard about us via an article in "Mondo," or "Wired," or a reference someplace, like MindVox or sci.crypt, can tell us what grabbed your attention, what you liked and disliked about the name, etc. Just as feedback.) In any case, it's much too late to change the name now. Publicity of "Cypherpunks" has spread the name, lots of journalists are intrigued by it, and it basically *does* capture the spirit of our group. After all, for basic civil liberties and cyberspace issues, the ACLU, CPSR, and EFF already exist and do a fair job at presenting lawyer-like faces to the press. And for conventional "phreaking," the group "2600" is having their own meetings. We don't have to be the group with the subdued and staid image. And note tha the "Hackers Conference" has not changed _their_ name, either, despite the negative publicity given the name. (A meta-rule: There is no such thing as negative publicity. All they have to do is spell your name right. Ironically, in a recent "MacWorld" column, Steven Levy misspelled our name as "Cipherpunks." He got it right in his "Wired" piece, though.) * As for respectablity, is our goal to be "co-opted" into the Establishment? (Geez. these words I'm writing could've been written in 1968!) Is it to be a respectable voice for moderation and the gentle process of negotiating? I think not. (Note that the Wiretap Chip was *not* presented for discussion and for industry comment. Neither the Bush nor Clinton camps presented this for public debate--unless you consider Dorothy Denning's comments to be the "trial balloon" I suggested it was last fall in sci.crypt...Denning has made the curious claim that she knew "nothing" of the Clipper plan until the night before it was publicly announced. This plan is a fait accompli, production of the chips is underway, and AT&T has already announced their Clipper-tapped phone. The best we can do is undermine the proposal, deploy strong crypto as widely as possible before it's outlawed completely (Clipper will fail if strong crypto alternatives are available...what do you think Big Brother plans to do about this?), and continue to make as much noise as we can about the evils of invading privacy in this way. I see little indication that reasonable negotiation is being invited.) * There are already several groups, as I've mentioned, made up of lawyers and "respectable spokesmen" like Mitch Kapor and Mike Godwin (wherever he is now). In a sense, Cypherpunks fill an important ecological niche by being the outrageous side, the radical side...perhaps a bit like the role the Black Panthers, Yippies, and Weather Underground played a generation ago. (By the way, "The Crypto Underground" was one of my favorite name proposals....aren't you glad now we settled on Jude Milhon's "Cypherpunks" suggestion?) * Cypherpunks write code, as Eric put it. They write code, they build remailers, they test systems to see how they break, they share their findings, they ignore restrictions on crypto, they look at the consequences of strong crypto, and they write articles like this. * Now I'm all for respectability in certain ways, ways that come naturally to each of us. When I talk to journalists, I speak in complete sentences, I explain things in the most straightforward way possible, etc. I don't roll in on my skateboard and say "Dewd! Yo bro, let's skank this Clipper shit!" But I don't plan to shave off my beard, cut my hair, start wearing suits, or be "moderate and reasonable" in my arguments. Nor do I intend to water down my messages about digital money, anonymous systems, and crypto anarchy. "Let a thousand flowers bloom." --Mao (not one of my heroes) "Live dangerously." --Nietzsche (one of my heroes) -Tim May, Cypherpunk -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, smashing of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available. Waco Massacre + Big Brother Wiretap Chip = A Nazi Regime From phantom at u.washington.edu Wed Apr 21 15:29:58 1993 From: phantom at u.washington.edu (The Phantom) Date: Wed, 21 Apr 93 15:29:58 PDT Subject: JOBS: Cypherpunks employing Cypherpunks Message-ID: Clipper: If anyone wants it, I can send you the text to the letter I just sent President Clinton and the local papers. I think it is a decent, fairly non-technical letter that might point out some of the parallels between this crypto chip and invasion of privacy to the common person. In my local area, I have now been responsible for 'educating' over 30 people to my interpretation of the meaning of this chip offering. I think it is important that the public knows a little about what is going on so that they can make a conscious decision about the usefulness of it. I don't however, wish to waste list bandwidth with the text of it, as I don't personally think it is a masterpeice. :) Cypherpunks employing Cypherpunks: On another note, I hate it when people use the list for purely personal reasons, but I really need a summer job / internship. If you own your own business [ :) ] or know of a _possible_ opening in a company you work for, please, please contact me and run it by me. I am an Electrical Engineering student at the University of Washington (I hold a 3.2 in my EE classes) and have very few qualms about relocating over the summer (it might even be nice if it were in the bay area, as then I could make it to a Cypherpunk meeting!) It'd be really nice to finally meet some of the people I've been talking to for all of these months. Any leads or ideas would be appreciated. Matt Thomlinson University of Washington, Seattle, Washington. Internet: phantom at u.washington.edu phone: (206) 528-5732 PGP 2.2 key available via email or finger phantom at hardy.u.washington.edu From anton at hydra.unm.edu Wed Apr 21 15:31:36 1993 From: anton at hydra.unm.edu (Stanton McCandlish) Date: Wed, 21 Apr 93 15:31:36 PDT Subject: Crypto Activism and Respectability In-Reply-To: <9304212055.AA04324@churchy.gnu.ai.mit.edu> Message-ID: <9304212230.AA21644@hydra.unm.edu> RE: becoming suits. No. Cypherpunks is a unique group, don't cheapen it. Get the suits sympathetic to you (and among you) to do the suit thing. RE: change the name. Why? It is not as if cypherpunks is a cable network. It is a mailing list. Most people will never know it exists. If you send out missives for the masses, just sign them with you name, and don't put "cypherpunks" on it, if you fear it will be misinterpreted. I know how it feels. My BBS sounds like a hackers' den, but it is a clean, legal online library, and has not that much in common with the typical BBS. Sometimes I think of changing the name and then I think, "No, no Noise in the Void was the name, is the name, will be the name." If people want a Nat'l. Cryptography Assoc., let them go make one. Re: why I joined, and if it has anything to do with the name. I signed on the list, because I needed info on crypto, and sci.crypt is in- convenient (I hardly use UseNet anymore, it becomes more worthless by the second it seems.) However I did grin punkishly at the name. I like it. If the list had been Nat'l. Crypto. Assoc., I would likely have avoided it, simple because it sounds suit, and I have no patience with suits, and do not trust them. -- Testes saxi solidi! ********************** Podex opacus gravedinosus est! Stanton McCandlish, SysOp: Noise in the Void Data Center BBS IndraNet: 369:1/1 FidoNet: 1:301/2 Internet: anton at hydra.unm.edu Snail: 8020 Central SE #405, Albuquerque, New Mexico 87108 USA Data phone: +1-505-246-8515 (24hr, 1200-14400 v32bis, N-8-1) Vox phone: +1-505-247-3402 (bps rate varies, depends on if you woke me up...:) From derek at cs.wisc.edu Wed Apr 21 15:57:49 1993 From: derek at cs.wisc.edu (Derek Zahn) Date: Wed, 21 Apr 93 15:57:49 PDT Subject: "Cypherpunks Write Code" Message-ID: <9304212257.AA15529@lynx.cs.wisc.edu> Hmm, I write code -- but so far no cyphercode. Since I'd like to be part of the cypherdelic revolution, what code needs writing? I agree that the PC/modem scrambled telephone is a good idea, but others are already bashing that out; there must be other neat projects that want doing. Any thoughts? derek psypherdelic psypherdewd (in training) From peb at PROCASE.COM Wed Apr 21 16:07:41 1993 From: peb at PROCASE.COM (peb at PROCASE.COM) Date: Wed, 21 Apr 93 16:07:41 PDT Subject: The Family Key Message-ID: <9304212235.AA03841@banff> >From: Harry Shapiro >press release claims that the Clipper >chip doesn't provide anything more than what Law Enforcement already >has. That is not true. I was about to say this myself too, but Hellman already pointed it out. However, it is worth mentioning for emphasis. The Family key is known not only to the NSA, but to the FBI with their black box units. No special protection is given to this key and it allows the equivalent of Caller-ID *and* Callee-ID over all transmissions using Clipper regardless of how the calls are routed. This is *much* cheaper than speaker recognition used in roving wiretaps! Roving wire taps are given out sparingly, but it seems that Clipper would make the scanning of huge numbers of calls and saving traffic info the normal mode of operation. In my letter to Casa Blanca I mentioned that I noticed this deception in the NIST press release. Another feature of the F key is that it could be changed in new runs of chip making, but evidently, protecting F is not a great concern by NIST/FBI, et al. The 3, 34 bit pads, if/when the entire system is entirely compromised, could be changed--in fact they could do it regularly anyway--they can keep a list of Serial number to pad mappings. This would prevent the system from entirely being compromised by an outside [NSA] entity, so it is somewhat robust to that possibility. Paul E. Baclace peb at procase.com From a2 at well.sf.ca.us Wed Apr 21 16:09:53 1993 From: a2 at well.sf.ca.us (Arthur Abraham) Date: Wed, 21 Apr 93 16:09:53 PDT Subject: The (very) next Saturday Meeting Message-ID: <199304212309.AA12908@well.sf.ca.us> I will be presenting a short talk entitled: Clipper (Nail* | *Ship): External Functionality based on the hardware specs of this topical device. p.s. I tried to get samples, but the price was $300,000 for 10,000 units, and I didn't think that many pe From a2 at well.sf.ca.us Wed Apr 21 16:09:55 1993 From: a2 at well.sf.ca.us (Arthur Abraham) Date: Wed, 21 Apr 93 16:09:55 PDT Subject: The (very) next Saturday Meeting Message-ID: <199304212309.AA12929@well.sf.ca.us> I will be presenting a short talk entitled: Clipper (Nail* | *Ship): External Functionality based on the hardware specs of this topical device. p.s. I tried to get samples, but the price was $300,000 for 10,000 units, From 0005533039 at mcimail.com Wed Apr 21 16:25:05 1993 From: 0005533039 at mcimail.com (Giuseppe Cimmino) Date: Wed, 21 Apr 93 16:25:05 PDT Subject: Meets 'n Greets Message-ID: <42930421215924/0005533039ND1EM@mcimail.com> DC's 26oo meetings are held in the food court of a local mall. The location doesn't require scheduling, can be gotten to via Metro and while private property, usually doesn't run into problems with peaceful gathering. A National Park would solve (for the time being) the later problem (perhaps the park in front of the White House?). Any other DC folks interested? From pmetzger at lehman.com Wed Apr 21 16:43:45 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Wed, 21 Apr 93 16:43:45 PDT Subject: Should we become "suits"? Message-ID: <9304212343.AA29698@snark.shearson.com> No one said anything about becoming "suits", Tim. The problem is this: the name "Cypherpunks" makes us sound like people who break into computers for fun or other such stuff. I was on the phone with John Markoff of the New York Times a couple of days ago, and I was unhappy that no one had yet changed the name of the group because I frankly felt that I could not encourage him to subscribe -- the results would be unpredictable. I encouraged him to read more sci.crypt instead, which he has already been doing. I've been associated with radical political causes for a while. I've found that in general, the radicals are their own worst enemy. People are NOT happy about being lectured to by strange-acting people. Bill Winter of the Libertarian Party of New Hampshire was their chairman over the period in which the LPNH went from four members of the state party to actually becoming a force in New Hampshire politics. New Hampshire is the *only* LP outpost to make any significant electoral inroads, *anywhere*. He once told me this: you can get people to accept strange sounding ideas when promulgated by normal looking people. You can get them to accept normal-sounding ideas when promulgated by strange looking people. You can't get them to accept strange ideas when promulgated by strange people. No, I'm not saying you should wear a suit. I'm not saying John Gilmore should cut his hair and start wearing Armani. I'm just saying that our name is a stumbling block. Why shoot ourselves in the foot for something worthless? The simple change in our name from something confrontational that makes us sound like machine crackers to something that expresses what this group is about would make a radical positive change in our image. Now, what are the benefits of keeping the current name "cypherpunks"? Well, lets see Tim's list. >In a sense, Cypherpunks fill an important ecological niche by >being the outrageous side, the radical side...perhaps a bit like the role >the Black Panthers, Yippies, and Weather Underground played a generation >ago. None of whom accomplished any of their goals. You REALLY want to emulate them? I've been an occassional visitor to #9 Bleeker Street, where Dana Beal, last of the Yippies, holds court. He doesn't wash regularly, and he wonders occassionaly why no one takes his drug legalization crusade seriously. Hint: they are connected. We can't afford to lose this fight. This is a matter of life and death. Playing out fantasy games about being 1960s radicals is fine and well -- when you don't care about the outcome. We can't afford to lose, so we can't afford to emulate losing strategies. > And, frankly, my guess is that even most of Middle America will >feel somewhat more comfortable listening to a John Gilmore, for example, >than a Bill Gates-type nerd clone. People know honesty and sincerity when >they see it, and they know lawyers when they see them. It's been 25 years >since the hippie heyday, and most Americans have adjusted to varying >outward appearances. Well, I'm not proposing that John not be a spokesman -- most of our interaction with the media is happening electronically and not in person, and John is eloquent. But you are fooling yourself if you think people listen to Hippies over Suits. I'm speaking as a person who used to have long hair and worked exclusively in Tee-shirt and shorts. I feel more comfortable dressed that way -- but these days I wear a suit because thats what gets me paid. I'm also speaking as a person who's extensively looked at this question in connection with my activism in the Libertarian Party. The fact is this: over and over again, every scientific study thats been done (by lots of people), every anecdotal comparison I can make in things like why one LP candidate did well and another did poorly or why one local group soared while another failed, each one of them point to the same conclusion: that conclusion is, sadly, that you are completely wrong Tim, and that people judge by appearances, and that even the most down and out people in our society will take the word of a person who looks respectable over a person who doesn't. This includes hackers -- hackers will trust grungy looking people as soon as they have verified that they are fellow hackers, but watch what they do sometime when they drive by a hitchhiker as casually dressed as themselves. Take a sample of hackers, put them in a sociology lab, show them videotapes of people making statements who are dressed like hippies and dressed like bankers, and five will get you ten that they react just like the rest of the population. Influencing the public is not a guessing game any more -- its a science. People have done honest to god studies on this. I'll happily forward you references if you want. >We don't all have the same politics...some of us are >anarcho-capitalists, some are socialists (I hear), some are nonpolitical >(as near as I can tell), some decline to state, and some may off in their >own uncharted territory. But what we all seem to believe in common is that >no government has the right to force us to make tape recordings of all of >our conversations (to be placed in escrow, in case the government someday >needs to listen to them!), to tap our phones, to insist we speak in >government-approved non-coded language, and to use their "Wiretap Chips." Fine and dandy, but how does changing our name to "cryptoprivacy" harm any of this? >In any case, it's much too late to change the name now. No its not. Its perfectly easy. >And note tha the "Hackers Conference" has not changed _their_ name, >either, despite the negative publicity given the name. They aren't doing any lobbying. Their name doesn't matter. Their image makes no difference at all. Ours does. >As for respectablity, is our goal to be "co-opted" into the >Establishment? Tim, I'm an anarchist. Do you REALLY think I'm about to become co-opted by the establishment? Is it REALLY your belief that changing the name of the group to "cryptoprivacy" would turn me into a raving statist, foaming at the mouth about imposing regulatory control structures? >There are already several groups, as I've mentioned, made up of lawyers >and "respectable spokesmen" like Mitch Kapor and Mike Godwin (wherever he >is now). No one can log in to their groups -- we provide an essential service. I WANT the New York Times reporter reading this group, but I don't want him to think we are crackers or nuts. >But I don't plan to shave off my beard, cut my hair, start wearing suits, >or be "moderate and reasonable" in my arguments. Who asked you to? You aren't going on television, and moderating your ARGUMENTS is useless. I'm talking about appearances, nothing more. Our name is cheap and easy to change. It costs us little, and I'm not proposing we change anything else. Perry From baumbach at atmel.com Wed Apr 21 17:00:53 1993 From: baumbach at atmel.com (Peter Baumbach) Date: Wed, 21 Apr 93 17:00:53 PDT Subject: The Wiretap Chip and the reaction so far Message-ID: <9304212342.AA00841@minnow.chp.atmel.com> I have been suprised at how wide the knowledge of the Wiretap Chip has spread. (and how quickly!) My mom even heard about it before I could tell her. Most of the people I've talked to don't like the idea of the gov't having the keys. These people came to this conlusion on their own. The sources of their information might be biasing their view. :-) I heard a commentary on National Public Radio that was against it! Keep up the fight. It's not a loosing battle. There is also a bright side to this battle. Look at all the free publicity that privacy has gotten. Our gov't has given ground in the early rounds of the negotiation by stating there is a right to encryption. They want to completely control that right to encryption, and this we will fight and win. -----tactic I recommend telling people about the freedom and privacy gained in other countries by their use of PGP. Tell them that the secret police can no longer spy on their citizens as effectively. privacy == freedom no privacy == tyranny Peter Baumbach baumbach at atmel.com Boycott the KGB chip Boycott the IRS chip From Danny.Swerdloff at f246.n107.z1.ieee.org Wed Apr 21 19:05:15 1993 From: Danny.Swerdloff at f246.n107.z1.ieee.org (Danny Swerdloff) Date: Wed, 21 Apr 93 19:05:15 PDT Subject: John Draper Message-ID: <28187.2BD5FC66@nisc.ieee.org> Anyone know how I can contact John Draper ("Cap'n Crunch") Thanx... Danny -- =*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*= Danny Swerdloff - Internet: Danny.Swerdloff at f246.n107.z1.ieee.org From gnu Wed Apr 21 19:35:26 1993 From: gnu (John Gilmore) Date: Wed, 21 Apr 93 19:35:26 PDT Subject: Wired `Cypherpunk' issues will be available at the meeting Message-ID: <9304220235.AA23434@toad.com> I got a box of magazines and will be selling them at the cover price ($5) at the meeting. It's the May/June issue. The cover features three masked cypherpunks behind a flag; the whole crew appears on page 54. People who aren't coming to the meeting can get copies at their local bookstore, or call George Clark at Wired at +1 415 904 0660. If you want to subscribe (6 issues/year, $20), you can call +1 800 SO WIRED or send a check to Wired, 544 2nd St, SF, CA 94107. John From TO1SITTLER at APSICC.APS.EDU Wed Apr 21 19:49:43 1993 From: TO1SITTLER at APSICC.APS.EDU (TO1SITTLER at APSICC.APS.EDU) Date: Wed, 21 Apr 93 19:49:43 PDT Subject: Is this list still operational? Message-ID: <930421204720.302b@APSICC.APS.EDU> Ive been wondering if the list still exists. Ive seen very little traffic in the last few hours, and Im wondering if this mailing list is still around. Kragen From karn at qualcomm.com Wed Apr 21 19:58:00 1993 From: karn at qualcomm.com (Phil Karn) Date: Wed, 21 Apr 93 19:58:00 PDT Subject: The Family Key Message-ID: <9304220257.AA22606@servo> At 08:29 AM 4/21/93, Harry Shapiro wrote: >Thus, the NSA will be able to maintain an active traffic pattern >analysis of ALL communications sent via the Clipper chiped devices. > >I think in many ways that traffic watching can and does often reveal >more information about someone than at time listening in to what >is actually being said. I think this is an extremely important point. The US precedents regarding traffic analysis (e.g., telephone "pen registers") are very anti-privacy. I would not be at all surprised to see decisions saying that law enforcement could use the Chipper ID anyway they liked, without a warrant. Phil From tcmay at netcom.com Wed Apr 21 20:52:03 1993 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 21 Apr 93 20:52:03 PDT Subject: Duplicate messages--Sorry! Message-ID: <9304220352.AA07384@netcom.netcom.com> Multiple copies of my "Suits?" posting went out earlier today. I apologize profusely, as this was caused by my mailer software (and me), not by anything in the list software. Basically, my mailer program (Eudora, for the Mac) would choke part way through uploading a message...sometime numbers in the message, as in "Mondo xxxx" cause it to think data is about to be sent and it chokes. (Why it does it on some files and not others is a mystery to me. I'm investigating it further.) I fiddled with the files and tried again...I didn't think any of the files had actually gotten through until I sent a modified file through that just had "Mondo" instead of "Mondo xxxx" in it. (When the file transfer choked with an "SMTP Error," it left the file marked as unsent.) Anyway, very sorry! Deep apologies. -Tim From dstalder at gmuvax2.gmu.edu Wed Apr 21 21:23:00 1993 From: dstalder at gmuvax2.gmu.edu (Darren/Torin/Who ever...) Date: Wed, 21 Apr 93 21:23:00 PDT Subject: family key Message-ID: <9304220255.AA23546@gmuvax2.gmu.edu> Is it true that all LE agencies will have the family key to the wiretap chip? If not, can any LE angency obtain the family key with a search warrant/court order? I am putting the statements about traffic monitoring into my non-technical description of the problems with the wiretap chip proposal. Thanks, -- Defeat the Torin/Darren Stalder/Wolf __ Wiretap Chip Internet: dstalder at gmuvax2.gmu.edu \/ PGP2.x key available. Proposal! Bitnet: dstalder at gmuvax Finger me. Write me for Sprintnet: 1-703-845-1000 details. Snail: 10310 Main St., Suite 110/Fairfax, VA/22030/USA DISCLAIMER: A society where such disclaimers are needed is saddening. From fergp at sytex.com Wed Apr 21 22:05:29 1993 From: fergp at sytex.com (Paul Ferguson) Date: Wed, 21 Apr 93 22:05:29 PDT Subject: Problems Message-ID: I relaize that this is a bit off-topic, but I'm experiencing a problem that may be just a case of either user stupidity or Stacker. (Okay, hold the leers and jeers, my laptop has Stacker installed for a reason.) Trying to (-e) encrypt a textfile with someone's pubkey produces both "DOS general read errors" and "device not ready" errors. I suspect that PGP is using some direct BIOS calls for this, which bypass Stacker, however I haven't looked at the source code yet. (Silly me.) Every other function of PGP that I have utilized seems to work okay. After invoking PGP with the following parameters - PGP -e text.txt userid I get these errors. Also, after being bumped back out to the system prompt, any further requests to access the file system is greeted with the same errors. (Lucky me.) Anyway, after rebooting the system and fixing the file allocations errors (yes, usually two to three files created by PGP named filename.$01, filename.$02, etc. are classified by DOS as mis-allocated), everything is just peachy. Like I said before, all othere PGP functions (adding and validating keys, etc) work okay. I point the finger at Stacker, but I figured it might be worth my time to toss a message into the group for advice... Cheers. For what it's worth, I don't normally use Stacker for the same reasons that Steve Gibson forbids his employees to use any disk compression software -- the problems and possibilty for irreversible data loss greatly outweigh the silly need to compress. Paul Ferguson | Uncle Sam wants to read Network Integration Consultant | your e-mail... Centreville, Virginia USA | Just say "NO" to the Clipper fergp at sytex.com | Chip... From tcmay at netcom.com Wed Apr 21 22:26:12 1993 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 21 Apr 93 22:26:12 PDT Subject: Should we become "suits"? Message-ID: <9304220526.AA14476@netcom.netcom.com> Perry Metzger has written a clear summary of his position, which differs from mine. I won't restate my points, as both our positions are clear. (As disputes go, it's quite minor...if a good enough alternative to the name "Cypherpunks" were to be invented, one that still captured our "no-compromises" position, I would certainly listen with interest. But if something ain't provably broke....) I will answer a couple of Perry's specific points: >The problem is this: the name "Cypherpunks" makes us sound like people >who break into computers for fun or other such stuff. I was on the >phone with John Markoff of the New York Times a couple of days ago, >and I was unhappy that no one had yet changed the name of the group >because I frankly felt that I could not encourage him to subscribe -- >the results would be unpredictable. I encouraged him to read more >sci.crypt instead, which he has already been doing. I talked to Markoff at the Hackers Conference in October...he is already aware of Cypherpunks. He placed a call to me last week, before the Clippershit hit the fan, but I was out. His message to me in e-mail was that he wanted to check up on what the Cypherpunks were doing....so clearly he knows all about it. As it turned out, he talked to others. I can only assume Eric Hughes, who talked to him on Friday, filled him in on Cypherpunks doings...though by Friday the focus had of course shifted dramatically. I think Perry is overly worried about the reaction to our name. Neither Markoff, nor Levy, nor Kelly, nor Dibbell, nor Mandl has seemed disturbed by the name. And like I said, the name is interesting and acts as a kind of "Schelling point" (a natural gathering place) for the subculture of crypto rebels and privacy advocates. >I've been associated with radical political causes for a while. I've >found that in general, the radicals are their own worst enemy. People >are NOT happy about being lectured to by strange-acting people. I can only hope Perry is not referring to *me*! Perry comments on my mention of radical groups in the 60s: >None of whom accomplished any of their goals. You REALLY want to >emulate them? I've been an occassional visitor to #9 Bleeker Street, >where Dana Beal, last of the Yippies, holds court. He doesn't wash >regularly, and he wonders occassionaly why no one takes his drug >legalization crusade seriously. Hint: they are connected. I wasn't holding them up as moral beacons, just noting that various "niches" exist, in kind of a good cop/bad cop sort of way. Journalists like some "color" and will seek out those who'll provide it. Readers, too, seek some excitement. The "Crypto Rebels" title of Steven Levy's piece bespeaks volumes. (Frankly, I really like the name "Crypto Rebels"...I should note that some of the names we debated last fall were of this flavor, including "Crypto Liberation Front," "The Crypto Underground," and "Crypto Radicals." Even a whimsical "Cryptoids." I guess it's clear that the West Coast camp is somewhat more radical than Perry might like.) >We can't afford to lose this fight. This is a matter of life and >death. Playing out fantasy games about being 1960s radicals is fine >and well -- when you don't care about the outcome. We can't afford to >lose, so we can't afford to emulate losing strategies. Well, I think referring to our activities as "playing out fantasy games" is somewhat intemperate and misleading. Sounds like rhetorical excess to me. And implying that I, or the others in our group, don't care about the outcome is also misleading and, I think, unfair. I won't list our achievements as a group or as individuals, but I'll remind Perry that I was the one who correctly picked up on Denning's tone in her Computer Security Conference paper and posted the original alert to sci.crypt, the "A Trial Balloon to Ban Encryption?" posting. Last time I counted, there were more than a thousand replies--some good, some crap, some repetitive--to this thread. In my opinion, this helped prepare the readers of sci.crypt, comp.org.eff, Cypherpunks, and Extropians in the current situation. I'm hoping you were merely carried away by the exuberance of your rhetoric and do not really believe these charges. >..... But you are fooling yourself if you >think people listen to Hippies over Suits. I didn't argue this. I was arguing that Gilmore, Hughes, and others, are perfectly acceptable messengers to the journalists I know. If "suits" are available and are as articulate, fine. I don't see any around here, though! Sidenote: I hold to one other fairly debatable view: I don't think reaching Middle America, Mom and Pop, our neighbors, the Silent Majority, etc., is really all that important. The battle, such as it is happening, is taking place amongst a fairly small elite. Others believe that Joe Average needs to be sold on the virtues of crypto and privacy. Maybe so, but that's not a battle I see Cypherpunks fighting and winning. If this is really your point, that the Crypto Rebels/Cypherpunks approach will not be convincing to the folks in Peoria, then I basically *agree* with you. To reach them, you'll need Madison Avenue ad campaigns, Perot-style populism, and legions of smooth talkers hitting the talk shows and airwaves. Not something Cypherpunks have any intentions of doing, so far as I've heard. As I said in my first message, perhaps a large lobbying group is needed. The NRA is a useful model, but recall how long it had to get rolling before the assault on the Second Amendment started in earnest. In this battle, there are few lobbying groups, few sources of NRA-style publicity and funding, and the government has *already* struck. Remember, this is not a proposal, it's a done deal...our only hope now is to demolish it with withering criticism, with sabotage of trust in it, and with the rapid deployment of strong crypto alternatives. (I don't want to belabor the parallels with the NRA, for various reasons. Suffice it to say that with gun-owners, Americans had long owned and used guns and the right was included as the Second Amendment. The NRA thus had a running head start and had lots of sources of funding. The crypto situation is much newer, much more abstract, and only has a tiny handful of active users. Ironically, most of them are balking at paying *anything* to RSA Data Security to use convincingly strong crypto, so I don't see many folks shelling out even $25 a year for a subscription to "American Cryptographer" or whatever. However, I wish anyone who forms such a group the best luck. I'll certainly support them.) Back to Perry's points: >The fact is this: over and over again, every scientific study thats >been done (by lots of people), every anecdotal comparison I can make >in things like why one LP candidate did well and another did poorly or >why one local group soared while another failed, each one of them >point to the same conclusion: that conclusion is, sadly, that you are >completely wrong Tim, and that people judge by appearances, and that >even the most down and out people in our society will take the word of >a person who looks respectable over a person who doesn't. Yes, you've made this point clear a couple of times. Speaking about the existing groups I mentioned, Perry writes: >No one can log in to their groups -- we provide an essential service. >I WANT the New York Times reporter reading this group, but I don't >want him to think we are crackers or nuts. Well, while the list is open to all subscribers, it has never been intended, so far as I know, as a *resource service* for reporters! Perhaps it *should* be, but that's a much different sort of list than we now have. (For the Extropians who are reading this, it would be like making the Extropians list a resource for those trying to learn about the basics of libertarianism or whatnot, rather than a list for those "already clued in.") Several reporters have, at times, subscribed to the list, for brief periods of time. They were mostly "lurkers." A couple of times I got e-mail, as I suspect others did, asking me to clarify some point or send more information. This I did whenever possible. And with an open list, nothing can be done to censor or stop postings that make us seem "crackers or nuts," to use Perry's terms. That's just the way it is. The list is for crypto rebels and people fed up with crypto laws and regulations, not as an educational arena for outsiders. And not for sanitized discussions. People on the list want to talk about digital money, data havens, anonymous mail services, ways to subvert governments, and so on. They don't want to just have some unified front that is palatable to reporters. (If I'm wrong in this judgement, I hope others will give their views as well.) Your ideas may make sense, Perry, for *some* group. EFF and CPSR operate roughly in this way, with a paid staff of "reasonable" lawyers and spokespersons (the newsgroups, like comp.org.eff.talk, are another thing altogether...as wild and crazy as our list can be). But Cypherpunks does not seem to fit the bill. We're an anarchy, with no formal rules, no formal political agenda, and just a bunch of spontaneously ordered crypto rebels. (Personally, I hope EFF takes a leading role in the fight. They have recently been sidetracked into stuff about ISDN and away from core issues like privacy in the electronic frontier. They have the resources, lawyers, speakers, etc.) As always, I appreciated Perry's comments. Some are reasonable, some I disagree with strongly. Two hundred other Cypherpunks will probably have their own views. Enough for now. -Tim May -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, smashing of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available. Waco Massacre + Big Brother Wiretap Chip = A Nazi Regime From mdiehl at triton.unm.edu Wed Apr 21 23:14:12 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Wed, 21 Apr 93 23:14:12 PDT Subject: Problems In-Reply-To: Message-ID: <9304220606.AA27912@triton.unm.edu> > I relaize that this is a bit off-topic, but I'm experiencing a problem > that may be just a case of either user stupidity or Stacker. (Okay, > hold the leers and jeers, my laptop has Stacker installed for a > reason.) I don't think this is off-topic. If it affects the way we use pgp, it is on topic. > Trying to (-e) encrypt a textfile with someone's pubkey produces both > "DOS general read errors" and "device not ready" errors. I suspect > that PGP is using some direct BIOS calls for this, which bypass > Stacker, however I haven't looked at the source code yet. (Silly me.) > Every other function of PGP that I have utilized seems to work okay. > After invoking PGP with the following parameters - I don't get an error when I do this, but when I do it from a batch file, I sometimes get a 0-length encrypted file. Seems related to your problem. > PGP -e text.txt userid Only I use pgp -we text.txt uid. +-----------------------+-----------------------------+---------+ | J. Michael Diehl ;-) | I thought I was wrong once. | PGP KEY | | | But, I was mistaken. |available| | +-----------------------------+---------+ | mdiehl at triton.unm.edu | "I'm just looking for the opportunity | | mike.diehl at fido.org | to be Politically Incorrect! | | (505) 299-2282 | | +-----------------------+---------------------------------------+ From tcmay at netcom.com Thu Apr 22 00:48:28 1993 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 22 Apr 93 00:48:28 PDT Subject: Explanation of Clipper Chip Name Message-ID: <9304220748.AA00962@netcom3.netcom.com> In the days before Xerox machines, one provided copies of correspondence to others by using sheets of carbon paper to make duplicates when typing. This is the origin of "cc" or "cc:" on memos and correspondence. Henceforth, "cc" refers to the automatic carbon copy provided by the "cc" chip, the Clipper Chip. BB (Big Brother) gets a CC of everything. (I know, it's a voice encryption standard, and it's voluntary, but a quick look at the "Capstone" chip reveals it's a complete crypto package, containing the DSS government signature standard, and lots of other stuff. The Wiretap Chip will be used for more than just voice, I'll be willing to bet.) -Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. From dstalder at gmuvax2.gmu.edu Thu Apr 22 00:54:38 1993 From: dstalder at gmuvax2.gmu.edu (Darren/Torin/Who ever...) Date: Thu, 22 Apr 93 00:54:38 PDT Subject: Non-Technical description of problems with wiretap chip Message-ID: <9304220755.AA00743@gmuvax2.gmu.edu> The WIRE-TAP Proposal: Problems with it. The White House sent out a press release on Friday 16 April about a voice encryption chip called the Clipper chip. This has come to be known as the Wiretap chip since it allows any Law Enforcement agency to automatically decrypt any conversations made with it with a search warrant. The LE presents said search warrant to two different escrow agencies to obtain the keys (80 bits long) that automatically decrypts your conversation. The Electronic Frontier Foundation (EFF) and the Computer Professionals for Social Responsibility (CPSR) have both criticized the proposal. There was even a negative article already in Network World (19 Apr 93). The paragraphs that follow are facts and problems I have collected by listening to other discuss the Wiretap chip. Say you wanted to encrypt your talk with someone over a phone. Well, since you and the person you want to talk to both have the Wiretap (Clipper) chip in your phones, you can automatically encrypt your conversation. All fine and good encryption for the consumer. Now, what if you come under investigation by the local constabulary? The get a court order and ask the escrow agencies (non-law enforcement types) for your key. They already have the family key since that is the same in each chip. They now have your specific key. With these two keys, they can decrypt all conversations that you have. This includes conversations that are not legal to wiretap such as attorney-client, doctor-patient and so on. They also have that key for any all future sessions that you use that phone for. Start to see the problem? This part is all legal... Search warrants are even exceedingly easy to get at times. There have been reports of the FBI get groups of 50 signed and blank search warrants from the DoJ. Now, there are other problems. Would you give the IRS keys to your house and filing cabinet as long as they promised that they would only use it under proper authorization? The key length of 80 bits is still considered cryptographically weak. The cryptographic algorithm is also being kept classified. This is not the usual practice. In the cryptographic community, algorithms are public. This way people can be assured there aren't any back doors and that the algorithm can stand on its own strengths, not that of secrecy. It is clear from the description that the plan for key registration would be compromised if the algorithm was made public; anyone could make chips or software that implemented it, using their own keys. These keys, of course, would not be registered. It is not that difficult to reverse engineer a chip these days. It may also be true that the algorithm itself is too weak to be shown to the public. This was true of a digital cellular encryption standard (IS-54B). It is not available to the public and is incredibly weak. Finally, some of the implications behind this announcements are dire. The Wiretap chip could become the market or legislative standard. This could mean that other implementations of cryptographic voice transactions would be very difficult to obtain or would be illegal to obtain. Why would a criminal use the Wiretap chip when they knew it wouldn't encrypt their conversations against the LE agencies? They wouldn't, they would use other encryption technologies. Would this mean that using something other than the Wiretap chip is probable cause and puts you under suspicion? The way the encryption works also allows for ludicrously easy call-tracing. Each chip has a serial number that is transmitted with each message. That serial number is encrypted with the "Family" key. This key is the *same* for every chip. You gain that key and you can track when and for how long any person or groups of people calls *anyone* else. (Easy to do, since any LE agency can gain the 'family' key with a search warrant. It would leak easily into other hands.) One last fishy thing is that AT&T has already (on the same day) announced phones with this chip. This implies (means?) that AT&T has known about this chip for a while. They seem to be more concerned about getting a jump on the competition than producing a product that will actually give their users real security. 'Course, there is the question of collusion between the governement and industry. Only two companies will be allowed to manufacture the chip, VLSI and Mykotronix. Jeff Hendy, director of new product marketing for VLSI, says his company expects to make $50 million of the chip in the next 3 years. (This from the San Jose Mercury News.) Permission is granted to distribute this document to whomsoever you should desire. You may change it only if you send me the changes. Think Free, -- Defeat the Torin/Darren Stalder/Wolf __ Wiretap Chip Internet: dstalder at gmuvax2.gmu.edu \/ PGP2.x key available. Proposal! Bitnet: dstalder at gmuvax Finger me. Write me for Sprintnet: details. Snail: 10310 Main St., Suite 110/Fairfax, VA/22030/USA DISCLAIMER: A society where such disclaimers are needed is saddening. From gg at well.sf.ca.us Thu Apr 22 01:04:35 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Thu, 22 Apr 93 01:04:35 PDT Subject: Intergraph employee claims trademark violation Message-ID: <199304220802.AA20104@well.sf.ca.us> Most interesting about Intergraph! Someone look into this one QUICK and if there are any attorneys reading this, could you help Intergraph go after whoever might be violating their trademark... in particular AT&T...? -gg From tcmay at netcom.com Thu Apr 22 01:31:16 1993 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 22 Apr 93 01:31:16 PDT Subject: A Volunteer in a Suit Has Appeared! Message-ID: <9304220831.AA26386@netcom.netcom.com> I am pleased to announce that the Search Committee has found an Executive Director for the newly renamed "Privacy Institute." He will serve as both manager and as external spokesman for the Institute. We searched for a respectable person, preferably middle-aged, who knew how to communicate with bureaucrats and was prepared to relocate to the Washington, D.C. area to act as our official lobbyist (the matter of his compensation will be dealt with in a later memo, one which also explains our dues structure. membership grades, and official bylaws). Our candidate is an active poster in sci.crypt, is well-known to the Net, and yet has strong connections with the Washington bureaucracy. We feel he will do much to project a more proper, even anal, image of our group. We hope his appointment as Executive Director, The Privacy Institute, will go a long way toward improving the image we developed during our first phase of existence when we were known by the c-word name. Our new Director intends to immediately correct many of the wrongs he sees. Without further ado, here is his name: David Sternlight I hope you'll all join me in welcoming Sternie, or Sterno, as his friends call him, to the Privacy Institute. -Tim May, Recording Secretary, The Privacy Institute ("Don't call us Cypherpunks!") (The preceeding spoof was brought to you as a public service.) From gg at well.sf.ca.us Thu Apr 22 02:07:59 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Thu, 22 Apr 93 02:07:59 PDT Subject: Making Clippers More Secure Message-ID: <199304220907.AA26844@well.sf.ca.us> As for me, I still think software-based steganography is the answer. If you can't detect it, you can't prosecute. For instance, how many people do you think are fired from their jobs for LSD on their drug tests...? Far fewer than do LSD, according to people I know in Silicon Valley who say that certain mil subcontractors are infested with acid-taking Deadheads; because LSD dissapears from the bloodstream a couple of days after you take it. From fergp at sytex.com Thu Apr 22 07:18:55 1993 From: fergp at sytex.com (Paul Ferguson) Date: Thu, 22 Apr 93 07:18:55 PDT Subject: Crypto Activism and Respectability Message-ID: Let'em all eat cake. On Wed, 21 Apr 93 14:46:55 -0700, Timothy C. May wrote - TM> Crypto Activism and Respectability, or, Should We Become TM> "Suits"? In a word: No. The name is fine (Cypherpunks), and the attitude is great. There are plenty of us who do wear ties on a daily basis and have our hearts in the right place. ;-) Thanks for the sanity check. You've got my support. Now if we can "Win the hearts and minds" of the public and change the venue of our own Stalinistic government... BTW, who (off-hand) knows the fax number of the G. Gordon Liddy show at WJFK in Washington? I have this fax I need for him to see .... Cheers. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.2 mQCNAiuk0/8AAAEEALqlLc+x9lmgiJCRSpu/aPhQdi0hMjwiGlN2B/GJQqgZPhTb pR+u5/blGogqT+WwcXZ2XfEdIV19FrJY4BXGGn4+4TjdVN3XuuCHuueoygBAmOQD IloU6SJuDqJa0kFA5X/i/1ELn86I5+8A4Hx88FiYJIVUBR6SApRLcZSdHMBNAAUR tB9QYXVsIEZlcmd1c29uIDxmZXJncEBzeXRleC5jb20+ =0Kua -----END PGP PUBLIC KEY BLOCK----- Paul Ferguson | Uncle Sam wants to read Network Integration Consultant | your e-mail... Centreville, Virginia USA | Just say "NO" to the Clipper fergp at sytex.com | Chip... From grady at netcom.com Thu Apr 22 07:21:37 1993 From: grady at netcom.com (1016/2EF221) Date: Thu, 22 Apr 93 07:21:37 PDT Subject: name change? Message-ID: <9304221421.AA10279@netcom.netcom.com> I vote we change our name to the "CryptOrchids." Many people like flowers and lots of people don't care for dangling gobbets of flesh. ObCrypt: Leonard Rosenthal of Aladdin Systems, Inc. confirms that the previously strong DES family encryption option has been replaced in Stuffit 3.0 with a system that has been 'approved' for export. However, Leonard asks me not to call it a 'weak XOR' system because he says no one has broken it yet. ObCrypt Prime: I am testing the IDEA block cipher implementations and needs some golden test vectors. I've looked through the postscript IDEA chapter but the single example gives me zero degrees of freedom. I'll contact the inventor if necessary but since we are paying him money for use of his invention, I'd like to offload this from him. Anybody got vectors? (No disease vectors, please). From hughes at soda.berkeley.edu Thu Apr 22 07:36:31 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Thu, 22 Apr 93 07:36:31 PDT Subject: ADMIN: delayed mail yesterday Message-ID: <9304221433.AA19686@soda.berkeley.edu> Some of you may have worried that the list was down to due government interference yesterday. The truth is much more prosaic. toad.com, where the mailing list resides, is on the commercial side of the Appropriate use barrier. In order to send to NSFNET hosts, all the traffic must pass through uunet. The default mail router that toad uses, relay2.uu.net, was munged for mail yesterday. All the queue has been flushed out at this point. Thanks to Hugh Daniel and John Gilmore for figuring this out. Eric From hughes at soda.berkeley.edu Thu Apr 22 08:00:04 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Thu, 22 Apr 93 08:00:04 PDT Subject: Automation package. In-Reply-To: <9304172100.AA00859@triton.unm.edu> Message-ID: <9304221456.AA21041@soda.berkeley.edu> I may have already answered your letter about telix scripts, etc., so pardon me if this is a duplicate. The pgp developers maintain a collection of utilities that integrate pgp into various other pieces of software. You should send your stuff to Phil Z. and he'll forward it to the right people. It may be added to the contrib directory of the next release. Eric From hughes at soda.berkeley.edu Thu Apr 22 08:14:26 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Thu, 22 Apr 93 08:14:26 PDT Subject: CLIP: Legal Aspects In-Reply-To: <23041800272877@vms2.macc.wisc.edu> Message-ID: <9304221511.AA21674@soda.berkeley.edu> > With regard to the fear that the issuance of your 'Klinton Key' >will allow your favorite TLA to decrypt all conversations taped >previous to the issuance of the warrant granting the key, there >is precedence that disallows it. [citations deleted] It is true that evidence from an illegal wiretap cannot be used as evidence in court; this is called the Exclusionary Rule. While the ER has been weakened in the last decade, it still basically holds. Unfortunately, that is not where the main threat lies. Exploratory wiretaps, illegally made and whose evidence is not directly admissible, provide information that may lead investigators to other information. This secondary information _is_ admissible. It would be a wonderful if the ER were strengthened so that all evidence which resulted from an illegal search _and all of its subsidiaries_ were conidered tainted. That battle, however, is a much longer one to fight. Even in that situation, though, the defense would have to prove that an unauthorized wiretap took place. Eric From steve at oc3s-emh1.army.mil Thu Apr 22 08:24:01 1993 From: steve at oc3s-emh1.army.mil (Steve Greenberg) Date: Thu, 22 Apr 93 08:24:01 PDT Subject: SUBSCRIBE steve@oc3s-emh1.army.mil Message-ID: <9304221523.AA04591@toad.com> SUBSCRIBE steve at oc3s-emh1.army.mil From hughes at soda.berkeley.edu Thu Apr 22 08:26:31 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Thu, 22 Apr 93 08:26:31 PDT Subject: Thoughts on the proposal In-Reply-To: <9304180722.AA01178@unix.ka9q.ampr.org> Message-ID: <9304221523.AA22213@soda.berkeley.edu> >It is entirely possible that Clinton, if he understands anything at >all about this proposal, sincerely thinks that he's helping the cause >of personal privacy. Consider that his entire education on the >subject of cryptography probably consisted of a 5 minute briefing [rest elided] Phil points out indirectly in this post one of the very clever tactics used by the PR people on the wiretap side: They presented strong hardware cryptography and the backdoor as inextricably linked. I've gone through some of the press coverage on the chip from last weekend and their argument basically goes like this: "This is stronger than most cryptography currently existing. And it also lets us spy on the BAD people!" Now the first claim is true and irrelevant, since most stuff is not encrypted. And the second claim is presented without mentioning that you can make strong crypto without backdoors. Therefore, one educational goal must be that strong cryptography is possible in hardware which doesn't have backdoors. For press coverage, the announcement of a new hardware device with longer keys and no backdoor could point out this difference and could get press coverage by explicitly denying the gov't claims. I would suggest a triple-keyed DES chip would satisfy this nicely and be very quick to engineer. Eric From hughes at soda.berkeley.edu Thu Apr 22 08:44:29 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Thu, 22 Apr 93 08:44:29 PDT Subject: WIRETAP: boycotts In-Reply-To: Message-ID: <9304221541.AA23538@soda.berkeley.edu> >Also for consideration: boycott AT&T and all other companies making >phones with the wiretap chip, and let the phone makers know about >the boycott early and often. Boycotting AT&T overall isn't going to do much economic harm, since the number of anti-wiretap chips is small in comparison to the number of long-distance companies. If you want to hurt them, get them where it counts. 1. The AT&T wiretap phone is designed by a division in Greensboro. Find out everything that this specific division makes. 2. Take this list and in the second column write down all the products which directly compete with those in the first column; these are the alternatives. 3. Get Communication Week to give (or sell) you a mailing list of their subscribers; these folks are already qualified purchasers of telecom equipment. 4. Send and educational mailing to this list, explaining that if they support AT&T in wiretapping, that soon they'll be screwed themselves. Include the list of AT&T products and alternatives and urge people to voice their frustration by buying from someone else. They might also want to send in the sample protest letter you've included. Now this strategy has a few characteristics I'd like to point out. First, if no one buys wiretap chips, the wiretap chip doesn't gain market share, a very important point where compatibility creates positive feedback loops in the market. Second, it's selective in it's targets; the model here is to target one division. When sales actually suffer, there is the possibility of getting the division manager fired for taking an action not in the best interest of the company. A shareholder lawsuit might also help here. If you can bring down wrath on one manager's head, you will deter others from following the same strategy. Third, since this is such a charged issue, you might be able to get donated mailing lists, ad agency consults (Jerry Mander comes to mind), etc. free or cheap. At the very least, such a campaign doesn't cost a lot (on corporate terms) to do entirely commercially; CPSR and/or EFF could mount it. As a second round, target the PBX division of AT&T, since that's where the next round of chip deployments are. Eric From dmandl at lehman.com Thu Apr 22 08:46:54 1993 From: dmandl at lehman.com (David Mandl) Date: Thu, 22 Apr 93 08:46:54 PDT Subject: Should we become "suits"? Message-ID: <9304221546.AA17697@tardis.shearson.com> 1) God bless Tim May. I am in complete agreement with his response to Perry Metzger re his name change proposal (shouldn't be a surprise, as I believe I was the first one to express my horror at it). 2) The time I can devote here at work to this sort of thing is very limited. If I had more time, I'd send a much more in-depth response to Perry's proposal; I don't, so this will have to be shorter and pithier than I'd like. Perry says: > No one said anything about becoming "suits", Tim. I think you did, even if it was indirectly. > The problem is this: the name "Cypherpunks" makes us sound like people > who break into computers for fun or other such stuff. I was on the > phone with John Markoff of the New York Times a couple of days ago, > and I was unhappy that no one had yet changed the name of the group > because I frankly felt that I could not encourage him to subscribe -- > the results would be unpredictable. I encouraged him to read more > sci.crypt instead, which he has already been doing. I don't have the same problem you do with people who "break into computers," though I wouldn't do it. Nevertheless, the cypherpunks as a group never advocate, and rarely even discuss, cracking. I couldn't care less what journalists think, especially journalists from the New York Times. If someone makes an inference like that (the sort of distortion or basic cluelessness I wouldn't be surprised to see in the NYT), he's a bad journalist, and that's his problem. And what does our name have to do with "the results" of subscribing to the group? I take it you're referring to the content of our discussions, which wouldn't change along with our name--unless you're also suggesting that we should tone down our more inflammatory rhetoric (and I think it's a short step from the name change to that anyway). > I've been associated with radical political causes for a while. I've > found that in general, the radicals are their own worst enemy. People > are NOT happy about being lectured to by strange-acting people. So don't lecture them. I don't lecture people. I think people are open- minded about reasonable-sounding ideas if they make sense and are explained in a reasonable way. > Bill Winter of the Libertarian Party of New Hampshire was their > chairman over the period in which the LPNH went from four members of > the state party to actually becoming a force in New Hampshire > politics. New Hampshire is the *only* LP outpost to make any > significant electoral inroads, *anywhere*. He once told me this: you > can get people to accept strange sounding ideas when promulgated by > normal looking people. You can get them to accept normal-sounding > ideas when promulgated by strange looking people. You can't get them > to accept strange ideas when promulgated by strange people. Big deal. If they became a wing of the Democratic Party they'd have even more supporters. The electoral system is a scam, and the LP is deluding itself by getting involved in it. (Ancient anarchist wisdom: "If voting could change anything, it would be illegal.") I won't get any deeper into this, because it's getting way off the subject. > The simple change in our name from something confrontational that > makes us sound like machine crackers to something that expresses what > this group is about would make a radical positive change in our image. > > Now, what are the benefits of keeping the current name "cypherpunks"? > > Well, lets see Tim's list. > > >In a sense, Cypherpunks fill an important ecological niche by > >being the outrageous side, the radical side...perhaps a bit like the role > >the Black Panthers, Yippies, and Weather Underground played a generation > >ago. > > None of whom accomplished any of their goals. You REALLY want to Do you really think the Black Panthers would have accomplished more if they wore suits? Ever hear of Cointelpro? The murder of Fred Hampton? In fact, the Panthers were much more reasonable than John Q. Public thought they were. There was a massive propaganda campaign from the government and the straight press to appeal to white America's basic racism and make the Panthers look like some crazed niggers who wanted to kill whitey and rape his daughter. It would have been the same thing no matter what. I've got news for you: if we do change our name, and the FBI is pissed enough, they'll call us crackers and cypherpunks anyway. There are millions of precedents for this. > emulate them? I've been an occassional visitor to #9 Bleeker Street, > where Dana Beal, last of the Yippies, holds court. He doesn't wash > regularly, and he wonders occassionaly why no one takes his drug > legalization crusade seriously. Hint: they are connected. I know Dana. People don't take him seriously because he's a jerk. > I WANT the New York Times reporter reading this group, but I don't > want him to think we are crackers or nuts. How can the name we use influence his opinion of us more than the 50 messages a day posted to the group? I don't have time to respond to the rest of Perry's message; there's just too much to say. But I repeat: there are more "respectable" groups involved, like the EFF and CPSR, so you're free to work with them when talking to the media. Perry, I have very strong differences with your views of how the media and the "spectacle" work, and I can't do justice to the subject given this limited space and time; it's also not directly relevant to cypherpunks business. For anyone wanting a more modern take on how the media works today, I humbly suggest you read the situationists, who addressed all these issues twenty-five years ago, or Jerry Mander's great book "Four Arguments for the Elimination of Television." --Dave. From uri at watson.ibm.com Thu Apr 22 09:30:02 1993 From: uri at watson.ibm.com (uri at watson.ibm.com) Date: Thu, 22 Apr 93 09:30:02 PDT Subject: more details from Denning In-Reply-To: <9304211652.AA24148@megalon.YP.acad> Message-ID: <9304221629.AA14269@buoy.watson.ibm.com> Jim Warren says: > And, a coupla tidbits about Dorothy: I have known her for several years, > worked closely with her on creating the first Computers, Freedom & Privacy > conference in 1991, have absolutely the *highest* regard for her integrity, > honesty and candor -- and absolutely trust what she says ... > about a subject on which we may disagree. > Dorothy Denning is an honorable person with great personal integrity, and ^^^^^^^^^^^^^^^^ ^^^^^ ^^^^^^^^^ I don't see it from her actions. > I urge that she be treated as such -- even in disagreement. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ no objective reasons, your words only. I disagree with your conclusions and believe, that your high esteem of her is rather subjective. But this is way off the topic of this list. Now: > No single person or authority should have the power to > authorize wiretaps > No single person does, at least for FBI taps. After completing a mound > of paperwork, an agent must get the approval of several people on a chain > that includes FBI legal counsel before the request is even taken to the > Attorney General for final approval. > Dorothy Denning Don't you just love that "must get approval"... Fine, but what if that agent just happens to have a key or two left over from previous tap? And another one is willing to trade him the key he wants now, for one of those other ones? How on Earth is this going to be detected? Once the key (Unit Key) is released - there's no force in the Universe to make it un-released again! From now on, everything encrypted with this chip is essentially clear - AND THIS WILL ENDANGER EVERYBODY TALKING TO THIS CHIP, no matter whether YOU have YOUR key "released" or not... Besides, isn't the described "authorized" tapping procedure the same good old one in use today? How come it doesn't stop illegal wiretaps? [I guess, people break laws?! :-] -- Regards, Uri uri at watson.ibm.com scifi!angmar!uri N2RIU ----------- >From cypherpunks-request Thu Apr 22 11:57:15 1993 From hughes at soda.berkeley.edu Thu Apr 22 09:38:52 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Thu, 22 Apr 93 09:38:52 PDT Subject: Status of Voice Encryption with PC/Mac? In-Reply-To: <9304182217.AA114200@acs.bu.edu> Message-ID: <9304221635.AA28138@soda.berkeley.edu> >I keep hearing about voice scrambling technology in conjunction >with high speed modems and soundblaster cards.... Paul Rubin is going to demonstrate some of the voice coders he's been working on at the meeting Saturday, hardware willing. As far as soundblaster cards, I would recommend instead something like a bigmouth board, which already has the phone line access and handset on it. Secure phones will be a large topic Saturday, since that's where the first deployment of the wiretap chip will be. Eric From falcor at agora.rain.com Thu Apr 22 09:43:28 1993 From: falcor at agora.rain.com (Andy Burt) Date: Thu, 22 Apr 93 09:43:28 PDT Subject: ADD falcor@agora.rain.com Message-ID: Or, if this is human-maintained, please add falcor at agora.rain.com to your mailing list! (cypherpunks) Thanks! -- ------------------------------------------------------------------------------ // Falcor, aka // InterNet: falcor at agora.rain.com // If you're bored, // // Andy Burt // FidoNet: 1:105/354.0 // you must not be // // // // paying attention // ------------------------------------------------------------------------------ From hughes at soda.berkeley.edu Thu Apr 22 10:04:16 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Thu, 22 Apr 93 10:04:16 PDT Subject: non-cypher related question on audio analysis In-Reply-To: <9304192234.AA26763@boxer.nas.nasa.gov> Message-ID: <9304221700.AA00422@soda.berkeley.edu> >Anyone got pointers to decoding audio tones? An intro book, source >code, newsgroup, mailing list, somebody I can take to lunch? I'd like >to sample audio with my SGI, and suck out various simple tones and >combinations of tones. (DTMF, single pitch variant tones, etc.) I've got a good book on DSP by Rabiner and Gold. There are a few DSP newsgroups where the local experts hang out. Also the modem design groups. After you know something, remember this: The FIR filter is the same mathematically as a FFT, multiplication by a filter window function, and an inverse FFT. As I recall, you can process multiple FIR's in parallel. All the DSP manufacturers come with lots of example source code for standard filters (FFT, FIR, IIR, etc.). Eric From wln at ground.cs.columbia.edu Thu Apr 22 10:10:45 1993 From: wln at ground.cs.columbia.edu (William Lee Nussbaum) Date: Thu, 22 Apr 93 10:10:45 PDT Subject: DC Meeting this weekend? Message-ID: <199304221710.AA14284@ground.cs.columbia.edu> Hello, all... If there is going to be a DC meeting this weekend, please try to determine by this evening what it will be... I won't have mail access after about 9am tomorrow until the end of the weekend, and I will be in DC (Although, since I'm traveling with others, I don't know whether I'll be able to make it even if I do know, but if I have some sort of contact information, that can be worked out in other ways.) Please excuse the pushiness, just trying to get a hectic couple of weeks organized... - Lee From fergp at sytex.com Thu Apr 22 10:18:26 1993 From: fergp at sytex.com (Paul Ferguson) Date: Thu, 22 Apr 93 10:18:26 PDT Subject: Fowarded messages from RISKS Message-ID: Greets. These two forwarded message are from the RISKS Forum (14.51). I thought some of you folks might be interested. (Padgett Peterson is a fellow assembler buff who is better known on comp.virus.) ---- Forwded Messages -------------------------- Date: Mon, 19 Apr 93 9:21:53 EDT [RISKS-14.51] From: Clipper Chip Announcement Organization: FIRST, The Forum of Incident Response & Security Teams Subject: Slide presented at White House briefing on Clipper Chip Note: The following material was handed out a press briefing on the Clipper Chip on 4/16. Chip Operation Microchip User's Message +----------------------+ ------------------> | | 1. Message encrypted | Encryption Algorithm | with user's key | | | Serial # | 2. User's key encrypted | |--> with chip unique key | Chip Unique Key | User's Encryption | | 3. Serial # encrypted Key | Chip Family Key | with chip family key ------------------> | | | | +----------------------+ For Law Enforcement to Read a Suspect's Message 1. Need to obtain court authorized warrant to tap the suspect's telephone. 2. Record encrypted message 3. Use chip family key to decrypt chip serial number 4. Take this serial number *and* court order to custodians of disks A and B 5. Add the A and B components for that serial number = the chip unique key for the suspect user 6. Use this key to decrypt the user's message key for this recorded message 7. Finally, use this message key to decrypt the recorded message. - ------------------------------ Date: Sat, 17 Apr 93 09:12:57 -0400 [RISKS-14.51] From: padgett at tccslr.dnet.mmc.com (A. Padgett Peterson) Subject: "Clipper Chip" I suppose we should have expected something after all of the sound and fury of the last few years. The announcement does not really give enough information though. My first thought involves conventional compromise: what happens if the keys are captured through theft *and you know about it* - how difficult is it to change the keys ? What do you do between the time the loss is detected and the time a new key set is approved. How difficult is it to program the chip or do you need a new one ? (and if the chip can be reprogrammed, how do you prevent covert changes that will not be discovered until authorization to tap is received and the agency finds out that it cannot ?). Potentially this must occur every time a trusted employee leaves. For some time, I have been playing with dynamic access cards ("tokens") as seeds for full session encryption rather than just for password devices. Since the encryption requires three parts (PIN, challenge, and token) which are only physically together at the secure system, and since only the challenge passes on the net, and since once encryption starts you have not only provided protection to the session, you have also authenticated both ends simultaneously (by the fact that you can communicate), it seems ideal. *And everything necessary already exists*. >From several US companies. It just has not been put together as a commercial product (FUD at work 8*(. Since key generation is on-the-fly at the onset of the session, obviously what the gov needs is not the key but the "key to the key" (of course computers, even a PC, are really good at this. The real question is "Why a new chip ?" The technology to do this has been around for years and several DES chips are available commercially today. The BCC laptop (I like Beaver better 8*) 007 provides this internally today with (I believe) the LSI-Logic chip and Enigma-Logic's PC-SAFE (plugs) does the same with software alone. As indicated in the announcement, financial institutions have been using encrypted transmissions for years without any great outcry. IMHO the real hold-up has been $$$ - cheap error-correcting modem technology to prevent synch losses rather than a lack of good crypto algorithms. Today this is a done deal (actually we have known how to keep in synch since the sixties but you couldn't buy 56kb for under $300.00 at BizMart - now part of K-Mart ! - then). True, there are a lot of questions yet to be answered, but again IMHO most center on the exception cases and not the encryption technology itself. Padgett ---- End Forwarded Messages -------------------------- Cheers. Paul Ferguson | Uncle Sam wants to read Network Integration Consultant | your e-mail... Centreville, Virginia USA | Just say "NO" to the Clipper fergp at sytex.com | Chip... From fergp at sytex.com Thu Apr 22 10:20:54 1993 From: fergp at sytex.com (Paul Ferguson) Date: Thu, 22 Apr 93 10:20:54 PDT Subject: Answers revealed! Film at Eleven! Message-ID: To make a long story short, don't try to (-e) encrypt anything with PGP on a STACKERed drive -- it ain't gonna work. When I got in this morning, I proved this point by encrypting without nary a problem on a non-compressed drive. The proof is in the pudding, so to speak. Cheers. (BTW, Kelly -- the second message that you sent is still crippled. What are you doing? Software (PGP) development? ;-) Paul Ferguson | Uncle Sam wants to read Network Integration Consultant | your e-mail... Centreville, Virginia USA | Just say "NO" to the Clipper fergp at sytex.com | Chip... From hughes at soda.berkeley.edu Thu Apr 22 10:30:37 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Thu, 22 Apr 93 10:30:37 PDT Subject: ADMIN: Should we become "suits"? In-Reply-To: <9304221546.AA17697@tardis.shearson.com> Message-ID: <9304221727.AA03341@soda.berkeley.edu> David Mandl writes: >2) The time I can devote here at work to this sort of thing is very limited. This is true for all of us right now. This topic is a time waster. As list maintainer and thus occasional bringer of order, I declare this topic off limits for two weeks. Don't talk about it on the list; if you've got a gripe about this, mail me directly. As for John Markoff, the New York Times reporter, he was put on the list last September or October and was on until last month. A special note for Perry: If you don't like the name, you are free to do whatever you want, as you have said yourself in other forums. You are in particular free to start your own mailing list called cryptoprivacy. _Verbum sapienti satis est_. Eric From ld231782 at longs.lance.colostate.edu Thu Apr 22 11:21:52 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Thu, 22 Apr 93 11:21:52 PDT Subject: cypherpunks vs. nambypambypunks and cyphercranks In-Reply-To: <9304212343.AA29698@snark.shearson.com> Message-ID: <9304221821.AA12903@longs.lance.colostate.edu> (For this I move out of my vitriol vein, to dish out something non-overly-`stinging' even though it *could* be deadly.) P. Metzger: >We can't afford to lose this fight. This is a matter of life and >death. Playing out fantasy games about being 1960s radicals is fine >and well -- when you don't care about the outcome. We can't afford to >lose, so we can't afford to emulate losing strategies. Mr. Metzger, surely you realize you can call yourself anything you like in the mainstream media. However, I was attracted to this list precisely because of the name, find it highly descriptive and apropos, and I think trying to change it is counterproductive, superfluous, and highly disillusioning, and am becoming increasingly annoyed with attempts to do so. I will proudly wear the banner of `cypherpunk' even if it becomes an epithet. You seem to take it as given that `punk' has negative connotations, but I assure you that it has a distinct ingredient of allure in the public consciousness. Less colorful terms would only provoke blandness and sabotage the vigor of our cause. Young leaders of the American Revolution would aptly be deemed ``punks'' by the robe-cladded wig-wearing British establishment, had the term been around... Nathan ``Give Me Liberty or Give Me Death'' Hale was quite a punk... The list is private. People can choose to present themselves in public any way they like. If they prefer to say that they belong to the "cryptoprivacy group," fine. But I believe you are deliberately ignoring the fundamental underlying personalities of people who are members of the list in your irritating, noisy, and desperate advocation to change the name. In fact, this agenda seems to me very much like someone trying to impose leadership on anarchy. Join EFF or CPSR; they seem to think like you do. ``Obviously, to partake in a revolution, one must, by definitition, at the very minimum, be nonconforming with and disrespectful of the status quo.'' From AOLCHTNN at vax1.tcd.ie Thu Apr 22 11:23:15 1993 From: AOLCHTNN at vax1.tcd.ie (AOLCHTNN at vax1.tcd.ie) Date: Thu, 22 Apr 93 11:23:15 PDT Subject: life, universe, everything Message-ID: <01GXBKLI1Q1C000HXH@vax1.tcd.ie> I got your address in mondo8. I need information on encryption software. Unfortunately, external telnets have been impossible for some time now, so I can't look for it through the usual channels. Thanks in advance. AOL From elee9sf at Menudo.UH.EDU Thu Apr 22 11:26:30 1993 From: elee9sf at Menudo.UH.EDU (elee9sf at Menudo.UH.EDU) Date: Thu, 22 Apr 93 11:26:30 PDT Subject: "Cypherpunks Write Code" Message-ID: <199304221826.AA25404@Menudo.UH.EDU> Derek writes: > > Since I'd like to be part of the cypherdelic revolution, > what code needs writing? I agree that the PC/modem Heh, lots of stuff could be done: 1) Hack around with the anonymous remailers. Eric mentioned he is working on a "second generation" remailer which allows users to specify cut marks, etc. I've been fooling with one that caches all incoming messages in a directory, and then at midnight (by using the at command) mails/routes each messages on its way. Still got problems with it, though... 2) DC Nets. Yanek Martinson is working on a DC Net implementation using email. A TCP/IP version would be nice! 3) CELP. Don't know much about this other that porting it and hand coding parts in assembly for speed would be welcome. Then, we could have our own encrypted conversations. 4) Digital Bank. A full-blown implementation (RSA encryption and decryption, blinded messages, etc). I have written a scaled down digital bank which provides privacy and security by using random cash and random account numbers, and does not correlate account numbers with usernames. It's written in the Korn shell, and I plan many improvements once the semester is over (rewrite in PERL for one...) But my bank does not implement Chaum's digicash scheme, and that would be best. 5) Once that is done, we can experiment with a "cash accepting" remailer - one that will only remail if valid digicash is included in the header, or whatever. Then, such a system may be expanded to do anonymous or pseudonymous usenet posting, which may be an acceptible (to folks who are vehemently against anonymous posting, etc.) solution to helping prevent abuse by such services. 6) Steganography, hiding code in other documents. For example, hiding each bit of a message (encrypted or not) in the low order bits of an image, gif, tiff, whatever. I've played around with the tiff format and will try to use Sam Lieffler's (sp?) tiff package to help out. Writing a program that will automatically embed a message in a picture and read a message out will be useful. ("hey everyone, be sure to get the denning.gif from alt.binaries.pictures.misc and read my comments about the clipper chip!") 7) Misc stuff. Check out the scripts which help in the use of the anonymous remailers - they are for UNIX and DOS. Amiga, Mac, etc. versions needed. 8) Take your favorite unix utility (mail for example) or whatever and add encryption automatically. Sure, using it on a multi-user systems may not be the best thing to do, but the code, techniques, and solutions would be of value and would aid others. 9) probably lots of other stuff that would be nice... /-----------------------------------\ | Karl L. Barrus | | elee9sf at menudo.uh.edu | <- preferred address | barrus at tree.egr.uh.edu (NeXTMail) | \-----------------------------------/ From root at pleiku.netcom.com Thu Apr 22 11:29:32 1993 From: root at pleiku.netcom.com ($HOME/.sig) Date: Thu, 22 Apr 93 11:29:32 PDT Subject: ANON SITES: Message-ID: <9304221829.AA05811@netcomsv.netcom.com> The present plan prosed by John Gilmore is good 3-4 U.S. Sites willing to risk litigation and counter-litigation. And I have a another sort of plan that still really requires an out of country A-server(anonymous posting server). A number of PGP-related services may be set up behind such a screen. Having PGP encryption in the style of PAX would be crucial to maintain the anonymity of such services. #1. Michael Grafs PGP Key-Server #2. Anonymous Digital "face" banks(ala Chaum) #3. Gray Market Exchange #4. Encrypted Anonymous Mailing Lists(Example: Dark Technology) #5. Data Havens. #6. alt.whistleblowers(really "hearing aid" see Brunner, J. "Shockwave Rider" A vast network of anonymous servers may be maintained behind the screen of a single foreign site A-server ready to come on line at a single command if suppression attempts are experienced. However AARM type scripts will continue to be a threat,I also think we should look at the possibility of both port 25 and port 119 manipulation with auto-search and random selection of NNTP and SMTP open servers as well as header addition to confuse path analysis... I know this is normally regarded as unprofitable but considering what we are up against... Addition dialup slip and ppp hosts could use a variety of 9.6-56kb dialup sites to provide rotating xntp synchronized anonymous posting and mail services.Uucp sites could play as well on email-based services via uucp. Are any foreign sites up for running David Clunies PAX Code??? cheers kelly - -------- - -- To add the following key block to your PGP2.0 Public Key Ring save this entire message to a file and enter the following command: pgp -ka [name_of_file_saved] The above key block is included on every message I send from - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.2 mQCNAiqua1sAAAEEAMhfx9J4HPDUZReVFsxS1EZh1jArbIKYtFsL8qit1xCDU8xk Sg/MyOVg37CXv/zKGhjrYt1/F4zntHewIDMm3LkH/G/do74zq1R1NrukD5PUbU8/ aeOvsFmjI3HGJGQNpPXXd8eegxHeggOpQPqLNbsl+VSFY5qka/gXinP2G6VzAAUR tB9rZWxseSA8cGxlaWt1IWtlbGx5QG5ldGNvbS5jb20+tBFzbmFrZUBjYWRlbmNl LmNvbbQdS2VsbHkgR29lbiA8a2VsbHlAbmV0Y29tLmNvbT6JAJUCBRAq0+Yk4nXe Dv9n9wsBAUbXA/9nPYjlRcak+JHZzrU8IHwqvSi/eA8IxKfviB0aaOgEkJOgoSrD FzGl0wq9usgqywl1cG05pHhy9dE5YisPrhQUq7Vo3piOxsrhAxdX3OP14wEfqpIU g23lgq55DKKHVf5ea+/F84mdTO7l3Ef4BzfwdKa7YfsFzLOcjWthwnQa84kAlQIF ECq1XovhoOw8SgKpbwEB8bgD/RkyuGei5GZFmXACvF5tBJ2UsCOmmv1c4y4gFQ6U /YO+lO22kVbW497tKJYZyJIMqCj9AnlhqPePiYrj76n951tF3R5AkmTaBIC1SAB6 2oB7xgOSnrt0LxZJml6cLROM6ZpFYIvOVp5GHGlVWu9vxP7BKo+z4LnzFlQzu83O Et4U =PfOI - -----END PGP PUBLIC KEY BLOCK----- pleiku!kelly at netcom.com.... ------- End of Unsent Draft From crunch at netcom.com Thu Apr 22 11:39:14 1993 From: crunch at netcom.com (John Draper) Date: Thu, 22 Apr 93 11:39:14 PDT Subject: A question... Message-ID: <9304221839.AA00612@netcom4.netcom.com> Excuse the high bozo factor, but... I have a question... Does the Clipper Er: Wiretap chip provide a means of authentification? From newsham at wiliki.eng.hawaii.edu Thu Apr 22 11:42:26 1993 From: newsham at wiliki.eng.hawaii.edu (Timothy Newsham) Date: Thu, 22 Apr 93 11:42:26 PDT Subject: non-cypher related question on audio analysis In-Reply-To: <9304221700.AA00422@soda.berkeley.edu> Message-ID: <9304221842.AA08140@toad.com> > > After you know something, remember this: The FIR filter is the same > mathematically as a FFT, multiplication by a filter window function, > and an inverse FFT. As I recall, you can process multiple FIR's in > parallel. you can do two FFT's by using the fact that: FFT( x(t) + j y(t) ) = Z(w) then X(l) = 1/2 ( Z(l) + Z*(N-l)) and Y(l) = 1/2j (Zl) - Z*(N-l)) Where x(t) <-> X(w) y(t) <-> Y(w) N is the length of both arrays j is sqrt(-1) Z* is the conjugate of Z (a+jb <-> a-jb ) From 72114.1712 at CompuServe.COM Thu Apr 22 11:47:22 1993 From: 72114.1712 at CompuServe.COM (Sandy) Date: Thu, 22 Apr 93 11:47:22 PDT Subject: AT&T/SUITS Message-ID: <930422182755_72114.1712_FHF70-2@CompuServe.COM> _________________________________________________________________ FROM THE VIRTUAL DESK OF SANDY SANDFORT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Punksters, AT&T: CO-CONSPIRATORS At the last physical San Francisco meeting, I mentioned a curious conversation I had with an AT&T representative. I had called him for info about the ATT Secure Phone 3600. What I reported to the meeting was that while the representative would not "confirm or deny" that the 3600 had a backdoor, his demeanor suggested to me that it did. Now in reviewing the conversation in my memory, I realize that what I was hearing from him was a SMUGNESS. It had the flavor of the cat that swallowed the canary. He obviously knew about the upcoming announcement. In retrospect, I see that he was playing with me by dropping hints such as: "If the NSA were to ask us to put a backdoor in the 3600, of course we would have to cooperate." Talk about your "secret government." Where are Slick Willie's "town hall meetings" when you need them? SUITS ME Let a hundred flowers blossom. Those of us who wish to fight the good fight in suits, should do so. Likewise, those who wish to remain long-haired, maggot-infested, dope-smoking hippies, should follow their hearts. I have no problem with the "Cypherpunks" moniker. It hasn't hurt us, and it has brought us some favorable publicity. I think Perry is being an alarmist. In one point, though, Perry is right. He said people will listen to unconventional folks who present reasonable ideas. But it appears that Perry thinks our support of freedom and privacy is somehow unreasonable in the eyes of Joe Lunchbucket. I respectfully disagree. I think we represent the essence of American values. All we have to do is put it in terms the are immediate and personally relevant to the average American. For the record though, as Tim May can attest, I am bi-cultural. I have gotten in touch with the Suit inside me. If Cypherpunks ever needs a spokesperson in a "dress for success" suit, I'll be glad to volunteer. There is one condition, however. I will only do it if I'm teamed with someone not in a suit; preferably with long hair and wearing tie-dyed. Think of the photo op! S a n d y _________________________________________________________________ PLEASE RESPOND TO: ssandfort at attmail.com (except from CompuServe) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From anton at hydra.unm.edu Thu Apr 22 11:49:26 1993 From: anton at hydra.unm.edu (Stanton McCandlish) Date: Thu, 22 Apr 93 11:49:26 PDT Subject: MAIL: threaded mail reader? In-Reply-To: <199304221826.AA25404@Menudo.UH.EDU> Message-ID: <9304221849.AA13917@hydra.unm.edu> Anyone know of a mail reader a la elm that works on a threaded basis like trn, so I can kill entire threads at once (or, gods forbid, READ them in some sort of meaningful order?) SOrry if this is dreadfully off topic, but you folks seem to know a LOT about mail tech, so... -- Testes saxi solidi! ********************** Podex opacus gravedinosus est! Stanton McCandlish, SysOp: Noise in the Void Data Center BBS IndraNet: 369:1/1 FidoNet: 1:301/2 Internet: anton at hydra.unm.edu Snail: 8020 Central SE #405, Albuquerque, New Mexico 87108 USA Data phone: +1-505-246-8515 (24hr, 1200-14400 v32bis, N-8-1) Vox phone: +1-505-247-3402 (bps rate varies, depends on if you woke me up...:) From habs at Panix.Com Thu Apr 22 11:54:31 1993 From: habs at Panix.Com (Harry Shapiro) Date: Thu, 22 Apr 93 11:54:31 PDT Subject: AT&T in Greensboro Message-ID: <199304221854.AA24393@sun.Panix.Com> Eric mentioned boycotting AT&T products produced at facilities in Greensboro. I did a quick search of AT&T Greensboor for the last years, looking through trade and tech pubs. Basically their is mention of their Federal Systems group and there Federal systems advanced technologies group. They have a AT&T Proposal center there and a business called AT&T Technical Service Co. Bell Labs/Federal Systems group runs the Guilford Center complex there. They annouced they are building a 5 Million dollar plant for building telecommunications products for the US Gov. and for the International Commerical Markets. (This was within this years, and may or may not have been, at that time, a cover to hide what ever facilities were being built for the WireTap Chip project. It should be noted that Public Key Partners is located in Greensboro. That the AT&T deal with them at the time, was probally completed so that the WireTap phone systems AT&T will sell will not violate RSA/PKP patents. /harry -- Harry Shapiro habs at panix.com List Administrator of the Extropy Institute Mailing List Private Communication for the Extropian Community since 1991 From root at pleiku.netcom.com Thu Apr 22 12:00:41 1993 From: root at pleiku.netcom.com ($HOME/.sig) Date: Thu, 22 Apr 93 12:00:41 PDT Subject: REMAIL: The other shoe drops Message-ID: <9304221833.AA06368@netcomsv.netcom.com> And John Gilmore Spake: (Much Deleted) > To permanently restore at least last month's level of service, we need > a couple of dedicated, firewalled, buttressed sites. You want a few > geographically separated people who own their own systems (or who own > or run the company that owns them), who have solid network links > (possibly redundant), and who are fully committed to the idea -- as > committed as funet.fi to persist past the vilification and harassment > and threats. > > And those people need backup from the rest of us -- legal help if they > need or want it, money to pay the networking bill if things get tight, > loans of backup equipment during failures under load, system > administration when folks try to break in and trash their machines, > software creation and maintenance, advocacy, policy work, advice, and > a bunch of shoulders to cry on and warm words of encouragement. > > Three to five people providing such setups, in collaboration, would > wedge a steel-toed boot so firmly in the door that it couldn't be > slammed by any dyspeptic "net god". > > Are we up to this job? If not, let's scale back what we're trying to > do. I'd rather succeed at raising consciousness on the issue for a > later try, than try now to set up such a beachhead and fail at it. John I am forced to agree with you here..... I dont think we have the "juice" to carry off a maximum effort at this point... I would gladly volunteer to setup such a site AND I would need a peacenet feed instead of the "gratis" connections I obtain from netcom.... I AM already uncoercible... as you well know and I would need you as well as others in backing on this effort...OK kids... Here we have one volunteer if we can get at least 3 other sites(my mininum buyin is 4 US sites).... Hey John... what about you??? cheers kelly p.s. I would be willing to maintain a PAX type anon operation as well as an anon-remailer.....and a KEY server... would also offer the PGP archives via mail server... note that I am uucp connected and would need to upgrade to 56 kb leased or V-FAST technology... - ------- End of Forwarded Message ------- End of Unsent Draft From root at pleiku.netcom.com Thu Apr 22 12:02:13 1993 From: root at pleiku.netcom.com ($HOME/.sig) Date: Thu, 22 Apr 93 12:02:13 PDT Subject: POLITICAL DISPERSION: Contact with Christic Institute Message-ID: <9304221837.AA06911@netcomsv.netcom.com> Hi All, Due to a recent posting in alt.conspiracy I was finally able to make contact with the Christic Institute. These are the people who were continually suing the CIQA during the 80's for violations of intelligence laws. They were almost completely wiped out by questionable decisions in a federal lawsuit and loss of their non-profit tax status during the last days of the bush administration. Their present status is as follows, 286/AT class machines 20-30 mb hard disks, 1200 baud connectivity only. and have said they will attempt to acquire a 9600 baud modem...(maybe someone on the list has a spare that they could donate). they have only 1 person who knows about "software" and he sounds like he doesnt have a whole lot of time on his hands I was either thinking about obtaining a pubnix account on their behalf..( or cheap commercial shell account(netcom). or installing waffle along with pgp2.2 and praying. Any suggestions from the group would be welcome. BTW I have worked at expressing the power and connectivity of the internet to him. I dont know how much sunk in at the time.The person I talked to was Dave Reed Christic Institute, 310-287-1556 310-287-1559 FAX 8773 Venice Blvd Los Angeles, Ca 90034 In addition I have been attempting to make contact with the Santa Cruz Action Team to get them connected. I will be making contact with many human rights/eco/etc groups over the next month...(I feel like a crypto-anarchist Johnny Appleseed) - -------- - -- To add the following key block to your PGP2.0 Public Key Ring save this entire message to a file and enter the following command: pgp -ka [name_of_file_saved] The above key block is included on every message I send from - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.2 mQCNAiqua1sAAAEEAMhfx9J4HPDUZReVFsxS1EZh1jArbIKYtFsL8qit1xCDU8xk Sg/MyOVg37CXv/zKGhjrYt1/F4zntHewIDMm3LkH/G/do74zq1R1NrukD5PUbU8/ aeOvsFmjI3HGJGQNpPXXd8eegxHeggOpQPqLNbsl+VSFY5qka/gXinP2G6VzAAUR tB9rZWxseSA8cGxlaWt1IWtlbGx5QG5ldGNvbS5jb20+tBFzbmFrZUBjYWRlbmNl LmNvbbQdS2VsbHkgR29lbiA8a2VsbHlAbmV0Y29tLmNvbT6JAJUCBRAq0+Yk4nXe Dv9n9wsBAUbXA/9nPYjlRcak+JHZzrU8IHwqvSi/eA8IxKfviB0aaOgEkJOgoSrD FzGl0wq9usgqywl1cG05pHhy9dE5YisPrhQUq7Vo3piOxsrhAxdX3OP14wEfqpIU g23lgq55DKKHVf5ea+/F84mdTO7l3Ef4BzfwdKa7YfsFzLOcjWthwnQa84kAlQIF ECq1XovhoOw8SgKpbwEB8bgD/RkyuGei5GZFmXACvF5tBJ2UsCOmmv1c4y4gFQ6U /YO+lO22kVbW497tKJYZyJIMqCj9AnlhqPePiYrj76n951tF3R5AkmTaBIC1SAB6 2oB7xgOSnrt0LxZJml6cLROM6ZpFYIvOVp5GHGlVWu9vxP7BKo+z4LnzFlQzu83O Et4U =PfOI - -----END PGP PUBLIC KEY BLOCK----- pleiku!kelly at netcom.com.... ------- End of Unsent Draft From habs at Panix.Com Thu Apr 22 12:05:35 1993 From: habs at Panix.Com (Harry Shapiro) Date: Thu, 22 Apr 93 12:05:35 PDT Subject: Info on Mykotronx Message-ID: <199304221905.AA25268@sun.Panix.Com> Please forward this message far and wide. - Harry I am looking for Info on Mykotronx the company that designed the WireTap chip for the NSA/NIST/FBI. They are said to be a contractor to NSA. Thus we can assume that most if not all of what they do is "hidden from view." I was shocked when I did a database search using the name Mykotronx and Mycotronx (both spellings have been used), in publications that report on these areas: trade, technical, business and financial markets. I also searched press wires and some newspapers. Prior to April 16/17 I have found NO References to this company. Clearly this company takes it security seriously; but such a lack of coverage seems strange. It leads me to wonder if they really existed much prior to April 16/17 - they could be a division of the NSA, for example. Of course the data bases I searched don't have everything in them and they could have been scrubbed... Can anyone find references to this company prior to April 16 1993? Can anyone provide alternative spellings for their name? Thanks, /harry -- Harry Shapiro habs at panix.com List Administrator of the Extropy Institute Mailing List Private Communication for the Extropian Community since 1991 From wixer!wixer.bga.com!gumby at cactus.org Thu Apr 22 12:11:33 1993 From: wixer!wixer.bga.com!gumby at cactus.org (Douglas Barnes) Date: Thu, 22 Apr 93 12:11:33 PDT Subject: Mass producing chips In-Reply-To: <199304212309.AA12929@well.sf.ca.us> Message-ID: <9304221619.AA19426@wixer> Arthur wrote: > > p.s. I tried to get samples, but the price was $300,000 for 10,000 units, > How are they going to produce them at these prices and in that quantity given the "baroque activities in the vault" described by Denning? (Not to mention the destruction of the laptop computer... :-) Doug (gumby at wixer.bga.com) From peb at PROCASE.COM Thu Apr 22 12:35:28 1993 From: peb at PROCASE.COM (peb at PROCASE.COM) Date: Thu, 22 Apr 93 12:35:28 PDT Subject: Crypto Activism and Respectability Message-ID: <9304221824.AA05177@banff> >From: tcmay at netcom.com (Timothy C. May) >And note tha the "Hackers Conference" has not changed _their_ name, Yes, but they are not trying to gain any media attention. If the CPSR or EFF is the main media presence, then fine; the role of cypherpunks is to write code and spread memes. The only downside I see to this approach is that EFF and CPSR are afraid of being critical about wiretapping in general--that's how their press releases read. If they have a deeper agenda, it doesn't show. The attention getting name *could* be used for certain kinds of media and then branching off with pointers to EFF and CPSR would be a good strategy. Paul E. Baclace peb at procase.com From pmetzger at lehman.com Thu Apr 22 13:08:12 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Thu, 22 Apr 93 13:08:12 PDT Subject: New Algorithm... In-Reply-To: <199304212154.AA15610@rac3.wam.umd.edu> Message-ID: <9304222007.AA05127@snark.shearson.com> "Haywood J. Blowme" says: [Lots about some J. Random Companies encryption chip] All fine and well, but since we have IDEA already, why should we want it? For virtually all applicatons these days other than fully encrypting network traffic, software is fine. DES implementations in software can handle 1.5 Mbit/s on reasonable machines. Beyond that, if we need hardware, why not use one of the currently publically known algorithms like DES or IDEA, or a combination of them? Why use some other companies algorithm? Perry From dstalder at gmuvax2.gmu.edu Thu Apr 22 13:19:28 1993 From: dstalder at gmuvax2.gmu.edu (Darren/Torin/Who ever...) Date: Thu, 22 Apr 93 13:19:28 PDT Subject: DC meeting Message-ID: <9304222020.AA29093@gmuvax2.gmu.edu> This is to announce a DC area cypherpunks meeting on Monday 26 April at 1800 (or so) until whenever at my office. Call me or write me for info on how to get here... Think free, -- Defeat the Torin/Darren Stalder/Wolf __ Wiretap Chip Internet: dstalder at gmuvax2.gmu.edu \/ PGP2.x key available. Proposal! Bitnet: dstalder at gmuvax Finger me. Write me for Sprintnet: 1-703-845-1000 details. Snail: 10310 Main St., Suite 110/Fairfax, VA/22030/USA DISCLAIMER: A society where such disclaimers are needed is saddening. From meyer at mcc.com Thu Apr 22 13:47:20 1993 From: meyer at mcc.com (Peter Meyer) Date: Thu, 22 Apr 93 13:47:20 PDT Subject: New Algorithm... In-Reply-To: <9304222007.AA05127@snark.shearson.com> Message-ID: <19930422204625.1.MEYER@OGHMA.MCC.COM> Date: Thu, 22 Apr 1993 15:07 CDT From: "Perry E. Metzger" "Haywood J. Blowme" says: [Lots about some J. Random Companies encryption chip] All fine and well, but since we have IDEA already, why should we want it? For virtually all applicatons these days other than fully encrypting network traffic, software is fine. DES implementations in software can handle 1.5 Mbit/s on reasonable machines. Beyond that, if we need hardware, why not use one of the currently publically known algorithms like DES or IDEA, or a combination of them? Why use some other companies algorithm? Perry Even when using encryption software there may be reasons to use something other than DES. One possible reason (apart from doubts about whether NSA can break DES in one or more of its modes) is that, although the security and speed of an encryption algorithm is of central importance, the quality of the user-interface is also important. For example, if you want to encrypt/decrypt thirty files in five different subdirectories twice a day, and do it in an office with your colleagues looking over your shoulder, you won't want to be using software that encrypts only one file at a time and also displays the encryption key as you type it in (though you might like to have the key echoed when no-one else is about). There are lots of other things to be considered besides the algorithm itself when designing good encryption software, e.g. if someone accidentally yanks out the power cord to the computer during decryption do you kiss goodbye to the data? -- Peter Meyer From pg3448 at csc.albany.edu Thu Apr 22 14:17:49 1993 From: pg3448 at csc.albany.edu (Harbinger ) Date: Thu, 22 Apr 93 14:17:49 PDT Subject: unsubscribe me Message-ID: <9304222117.AA16771@sarah.albany.edu> I cannot keep up with all the mail.. 50+ per day is just too much.. can I please be taken off the subscribed list? thank you.. PG _______________________________________________________________________________ _ @__ ############ ## /\ /\ /\ | \\ ######### ########## ###### _ || || || | \\ ###### ########## / \ || || || _|\ \\ ## ________________ ` / || || || \ \ ++ ___--- / \ \ ---___ | \\||// \ l || _-- / /\ \ \ --_ * ~||~ T\\ || _____/ / / /\ \ \ \_____ || | \\ || \_ / / /__\_\ \ _/ || | \\ ++ -__ / / /________\ __- __ || | \// .-. _ ---___\/___________/___--- _ || || | //\ . | | | ` --___ ___-- / \--+|============--_ | // .\\| t-' | _ ---------------- \_/--+|======||====-- @~~ `.| | t_| The Harbinger is watching! ||__ || ~ ` -- _______________________________________________________________________________ From pmetzger at lehman.com Thu Apr 22 14:18:57 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Thu, 22 Apr 93 14:18:57 PDT Subject: A Volunteer in a Suit Has Appeared! In-Reply-To: <9304220831.AA26386@netcom.netcom.com> Message-ID: <9304222118.AA05266@snark.shearson.com> I wonder, Tim, why you bother to wear clothes at all. After all, they are merely attempts by conservative people to make you fit into a conventional mold. Indeed, why speak in english? Why not invent your own language that no one else understands? After all, using the same language that other people do is a callow and conformist act. In fact, why not just go to the top of a giant tower and get publicity for us by shooting random passers by? After all, as you've noted, there is no such thing as "bad publicity". I assure you that you will be covered by thousands of times more TV and radio stations for such an act. I've watched the Libertarian Party self destruct because many activists are such fools that they can't make a distinction between whats important and random rebellion for the sake of rebellion. People will refuse to be polite, refuse to phrase their arguments comprehensably, refuse to be nice to reporters, and refuse to appear to be reasonable or even rational, and then later on they wonder why it is that everyone makes fun of them and no one listens. Our goal is not to maintain use of the word "cypherpunks". Nor is our goal to change the fashion industry. Our goal is privacy. Tim agreed in his reply to my message with virtually every substantive point that I made. None the less, he makes fun of my comments. He agrees that people do judge on appearances. He agrees that the radical protest movements of the 1960s were largely failures. Yet he wants us to appear unreasonable, and he wants us to emulate these failures. Tim has reacted with extreme vehemence to the minor question of our name. Its a small thing to us personally -- but it could help advance our goals. I can only conclude that since Tim more or less admits that he's wrong but still insists on his position that he is not acting on the basis of rational motivations. I'll repeat -- this is not a fight that we can afford to lose. Why machine gun ourselves in the feet? Perry Timothy C. May says: > > I am pleased to announce that the Search Committee has found an Executive > Director for the newly renamed "Privacy Institute." He will serve as both > manager and as external spokesman for the Institute. > > We searched for a respectable person, preferably middle-aged, who knew how > to communicate with bureaucrats and was prepared to relocate to the > Washington, D.C. area to act as our official lobbyist (the matter of his > compensation will be dealt with in a later memo, one which also explains > our dues structure. membership grades, and official bylaws). > > Our candidate is an active poster in sci.crypt, is well-known to the Net, > and yet has strong connections with the Washington bureaucracy. > > We feel he will do much to project a more proper, even anal, image of our > group. We hope his appointment as Executive Director, The Privacy > Institute, will go a long way toward improving the image we developed > during our first phase of existence when we were known by the c-word name. > > Our new Director intends to immediately correct many of the wrongs he sees. > > > Without further ado, here is his name: > > > David Sternlight > > > I hope you'll all join me in welcoming Sternie, or Sterno, as his friends > call him, to the Privacy Institute. > > > -Tim May, Recording Secretary, The Privacy Institute ("Don't call us > Cypherpunks!") > > > > (The preceeding spoof was brought to you as a public service.) > From ghoast at gnu.ai.mit.edu Thu Apr 22 14:49:35 1993 From: ghoast at gnu.ai.mit.edu (ghoast at gnu.ai.mit.edu) Date: Thu, 22 Apr 93 14:49:35 PDT Subject: tapping method unmentioned Message-ID: <9304222149.AA47908@hal.gnu.ai.mit.edu> In all the articles that I've seen posted, and in the grumbling done about the advancement of government regulated cryptography, I haven't seen much mentioned on *how* the government would go about collecting a certain exchange. Pardon me if I'm missing something key here, but wasn't there some bill circulating in the legislature that proposed that phone co's build tappability into the newer non-copper phone system? Is the phone co's cooperation on this issue part of a bargain to exclude such capability from the system (yeah, right) or is the government focusing on this issue now because it has already accomplished what it wants in other areas of privacy (read: tapping) ~ From treason at gnu.ai.mit.edu Thu Apr 22 14:52:14 1993 From: treason at gnu.ai.mit.edu (treason at gnu.ai.mit.edu) Date: Thu, 22 Apr 93 14:52:14 PDT Subject: What should be done. Message-ID: <9304222151.AA12576@spiff.gnu.ai.mit.edu> I agree as well that this mail is horrendous. 50+ mailings a day is a troublesome thing. I would like to suggest a method of mailing that would be less pain to the mailer, and more useful for storing purposes. I suggest we start an archive. All mail sent to the list in one day is put within this archive, and mailed ONCE per day. Sure this mailing would be rather large, and you may have to wade though alot of stuff that may be uninteresting to you to get to what you want to see, but you could store it in temp, and use vi on it or something...it would be a minor inconvienience. Much more livable than what we have now. I have seen a great list done in this same way. It has the mail header for the list, an index of all articles subjects within at the start, and then basically each article stored linearly with mail headers intact. For those who have seen the archive for the Ultrasound Digest, you know what Im talking about. I suspect that the individual running the list has an automation program generating this Digest each day, and mailing it when the time is appropriate. There are examples of this digest on archive.epas.utoronto.ca in /pub/pc/ultrasound/digest for those of you who want to see what it looks like. I would be happy to consult the list moderator and beg for the software in the lists best interest if we get a good number of wants. treason From zane at genesis.mcs.com Thu Apr 22 14:55:15 1993 From: zane at genesis.mcs.com (Sameer) Date: Thu, 22 Apr 93 14:55:15 PDT Subject: PGPHELP: Digisigning that petition Message-ID: I was looking over PGP in order to figure out how digisigning a petition could work, and I couldn't figure out how to get PGP to do it properly. (It was frustrating, because I remembered doing it before.) What I *want* PGP to output is: -- Begin PGP Signed Message -- We hate the clipper -- End PGP Signed Message -- -- Begin PGP Sig --- dsfDSCSA43523csdcsad235s -- End PGP Sig --- In the same form as many post to this list. How about the format which makes a seperate file out of the PGP -sig, and STILL brackets the PGP signed message. (The PGP sig file would be in ascii armor following a message saying: "This is a PGP-sig cert." I *do* remember doing this before.. I can't figure out HOW I did it though.) -- | Sameer Parekh-zane at genesis.MCS.COM-PFA related mail to pfa at genesis.MCS.COM | | Apprentice Philosopher, Writer, Physicist, Healer, Programmer, Lover, more | | ----STOP THE WIRETAP CHIP/BIG BROTHER PROPOSAL!---MAIL ME FOR DETAILS! __/ | "Be God" - Me __ "Specialization is for Insects" - Robert A. Heinlein__/ \_____________/ \___________________________________________________/ From a2 at well.sf.ca.us Thu Apr 22 15:06:57 1993 From: a2 at well.sf.ca.us (Arthur Abraham) Date: Thu, 22 Apr 93 15:06:57 PDT Subject: the WireTap Chip sobriquet Message-ID: <199304222206.AA14436@well.sf.ca.us> Actually, this is the worst named product since GM decided to name an electric car the "Impact" (they've since announced that they're not going to make it.) This device is very simply the "Privacy Clipper" chip .... "nuf said" -- Stan Lee -a2. From karn at qualcomm.com Thu Apr 22 15:21:45 1993 From: karn at qualcomm.com (Phil Karn) Date: Thu, 22 Apr 93 15:21:45 PDT Subject: WIRETAP: boycotts Message-ID: <9304222221.AA01871@servo> Boycotts seldom do much by direct economic pressure. If they accomplish anything, they generally do so by the publicity they generate. Phil From karn at qualcomm.com Thu Apr 22 15:21:48 1993 From: karn at qualcomm.com (Phil Karn) Date: Thu, 22 Apr 93 15:21:48 PDT Subject: CLIP: Legal Aspects Message-ID: <9304222221.AA01876@servo> At 08:11 AM 4/22/93 -0700, Eric Hughes wrote: >Exploratory wiretaps, illegally made and whose evidence is not >directly admissible, provide information that may lead investigators >to other information. This secondary information _is_ admissible. > >It would be a wonderful if the ER were strengthened so that all >evidence which resulted from an illegal search _and all of its >subsidiaries_ were conidered tainted. That battle, however, is a much >longer one to fight. I thought this was already true, at least in theory. It's known as the "fruit of the poisoned tree" doctrine. Evidence gathered as a consequence of illegally gathered evidence is in itself inadmissable. Of course, this is probably what has been weakened the most by the Reagan/Bush Supreme Court. >Even in that situation, though, the defense would have to prove that >an unauthorized wiretap took place. *This* is the fundamental problem. There are many possible ways that illegal wiretaps can further the collection of other evidence, without the existence of the illegal wiretap ever having to be revealed. Phil From tcmay at netcom.com Thu Apr 22 15:36:14 1993 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 22 Apr 93 15:36:14 PDT Subject: A Volunteer in a Suit Has Appeared! In-Reply-To: <9304222118.AA05266@snark.shearson.com> Message-ID: <9304222236.AA27147@netcom3.netcom.com> Lighten up, Perry! My comments in my lighthearted "A Volunteer Suit Has Appeared" were not directed at you or your position. After all, I was the one who first mentioned "suits," so my comments were not targeted at you use of the term. > In fact, why not just go to the top of a giant tower and get publicity > for us by shooting random passers by? After all, as you've noted, > there is no such thing as "bad publicity". I assure you that you will > be covered by thousands of times more TV and radio stations for such > an act. Perry, Perry, Perry! Please, you're taking my comments and extrapolating them to absurd levels. Is this what you call being reasonable? I haven't said that *anything* goes, rather, I've said that the slightly outre image of our group is not ipso facto a bad thing. But I don't want your time or my time or the list's time this way. > Tim agreed in his reply to my message with virtually every substantive > point that I made. None the less, he makes fun of my comments. He > agrees that people do judge on appearances. He agrees that the radical > protest movements of the 1960s were largely failures. Yet he wants us > to appear unreasonable, and he wants us to emulate these failures. Again, not true. > Tim has reacted with extreme vehemence to the minor question of our > name. Its a small thing to us personally -- but it could help advance > our goals. I can only conclude that since Tim more or less admits that > he's wrong but still insists on his position that he is not acting on > the basis of rational motivations. ?????? All I can say is that I hope Perry cools off a bit. While the Clipper Chip is indeed a serious and dismal matter, I see no call for such anger and charges that I've admitted I'm wrong, that I want our efforts to fail, that I want us to appear unreasonable, and that I am "not acting on the basis of rational motivations." It's clear Perry doesn't like the name of our group. Repeating this over and over again does not seem to be all that produtive. And the issues go beyond that of the mere name, which is a relatively minor issue. My post about "respectability" yesterday had much more to do with addressing the calls by some that our agenda be changed (e.g., reducing discussion of crypto anarchy, of guerilla distribution of software, of offshore remailers, of digital money, of money laundering, and the like), that we deemphasize the "crypto rebel" aspects and instead adopt a more mainstream line. It's clear that some are uncomfortable with these crypto rebel issues, these discussions on the list, and the possible repercussions. Well, these are the topics that got us started, and the latest Clipper Chip is no reason for us to turn into a carbon copy of the CPSR, EFF, and ACLU. Nor is it a reason to lose our sense of humor about things. -Tim May P.S. I'm quite serious that my little joke about Sternlight was not directed at Perry personally. I had already responded at length, and quite reasonably (I thought) to his comments. The Sternlight point came as I was reading Sternie's posts in sci.crypt and realized that what he (Sternlight) seems to want more than anything else is to be the "voice of reason" in the crypto debate. Hence my satire. If I'd wanted to satirize Perry, which I can't honestly say I've wanted to do, I'd've used some kind of material from him, or his kind of words. Cheers. -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. From wcs at anchor.ho.att.com Thu Apr 22 15:37:31 1993 From: wcs at anchor.ho.att.com (wcs at anchor.ho.att.com) Date: Thu, 22 Apr 93 15:37:31 PDT Subject: Info on Mykotronx Message-ID: <9304222236.AA15100@anchor.ho.att.com> Harry Shapiro said he wasn't able to find much information on Mykotronx. The San Francisco Chronicle says it's a "little-known company in Torrance, CA"; "Mykotronx Inc., founded in 1979 by two former engineers from TRW Inc., already sells classified encryption chips to protect satellite communications." "San Jose-based VLSI Research Inc. will manufacture the chip, called the Clipper. VLSI was chosen largely because it has a unique manufacturing process that makes it nearly impossible to take the chip apart and decode it." The Washington Times says that "Government engineers at NSA and [...] NIST designed and developed the chip, which was then produced by privately owned Mykotronx and a publicly traded subcontractor, VLSI Technology." In their discussion of comments by Ted Bettwy, exec VP of Mykotronx, "He said the chip announced yesterday, internally referred to as MYK-78, costs about $40 and uses an algorithm 16 million times more complex than that used by chips now on the market. Computer hackers have penetrated the current chips." Bill Stewart From tcmay at netcom.com Thu Apr 22 15:58:13 1993 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 22 Apr 93 15:58:13 PDT Subject: Being Reasonable to Reporters In-Reply-To: <9304222118.AA05266@snark.shearson.com> Message-ID: <9304222258.AA28208@netcom3.netcom.com> Sorry, gang, but I just can't let this one pass without commenting: Perry Metzger writes: > I've watched the Libertarian Party self destruct because many > activists are such fools that they can't make a distinction between > whats important and random rebellion for the sake of rebellion. People > will refuse to be polite, refuse to phrase their arguments > comprehensably, refuse to be nice to reporters, and refuse to appear > to be reasonable or even rational, and then later on they wonder why > it is that everyone makes fun of them and no one listens. Speaking for myself, I've been *very* polite to reporters. I can only hope Perry is speculating about some Cypherpunks I haven't heard about. John Gilmore, Eric Hughes, myself, and many other members of the list have been quite reasonable, quite articulate, and quite "nice" in our comments to reporters. I hosted Kevin Kelly, Steven Levy, and Julian Dibbell each for several hours, at their request, at my home in Aptos. These were for the various pieces coming out in their publications. I answered their questions, outlined the issues of privacy and crypto as I saw them, explained the workings of new protocols, and so on. Some of them showed up at our meetings, where they were well-treated. The Levy piece is already out, in "Wired," and I've seen the draft of Kelly's piece coming out soon in "Whole Earth Review." Neither paint us as Texas Tower whackos nor as blue-sky dreamers. These journalists are very well-versed in the issues. Julian Dibbell's forthcoming piece I haven't seen, but I doubt it will be a hatchet job or otherwise treat us as crazies. I think this qualifies as being nice and reasonable to reporters. Note: I did not talk to John Markoff this time around, but I have in the past. My understanding is that others talked to him. Cheers. -Tim May From wcs at anchor.ho.att.com Thu Apr 22 16:00:36 1993 From: wcs at anchor.ho.att.com (wcs at anchor.ho.att.com) Date: Thu, 22 Apr 93 16:00:36 PDT Subject: Verbosity by Mail from NIST Message-ID: <9304222257.AA15315@anchor.ho.att.com> I called the phone number for NIST given in one of the announcements, and was routed to Sherry Hankey 1-301-975-2820, who faxed me their package of information they're sending out. There's no new technical information (Dorothy Denning's article and some non-technical viewgraphs), but there's a lot of newspaper clippings, pro and con, the announcements we've seen on the net from Clinton, Q&A, etc., and what look like viewgraphs from a couple of talks. Overall, it looks like they don't know much more than we do :-). One talk is "U.S. Technology Initiative for Secure Telecommunications" Raymond G. Kammer, Acting Director, NIST, 4/16/93 which is basically the announcements turned into viewgraphs (if I've sucessfully decoded the tangle of fax paper :-). Another part of the package looks like another talk, which covers Wiretap cases by the FBI and other agencies, including a summary table for 1982-1991 of State and Federal wiretap authorizations, arrests, and convictions (there's a footnote that reporting of convictions seems to substantially lag actual convictions, though the ration of arrests to convictions has decreased, averaging 2:1 over 10 years, 3:1 recently.) Most wiretaps are State and local, not FBI. Cases they cited included the usual drug dealing and money laundering, a judge taking bribes, a Chicago street gang El Rukn proposing to shoot down an airliner for the Libyans, some Mafiosi, a RICO case against the Concrete and Cement Workers Union "Prevented economic loss $585Mil", some fraud in defense contracting and health care contracting, and the Masters of Disaster "computer hackers" case. Bill Stewart wcs at anchor.att.com # Bill Stewart wcs at anchor.ho.att.com +1-908-949-0705 Fax-4876 # AT&T Bell Labs, Room 4M-312, Crawfords Corner Rd, Holmdel, NJ 07733-3030 From hughes at soda.berkeley.edu Thu Apr 22 16:25:11 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Thu, 22 Apr 93 16:25:11 PDT Subject: Info on Mykotronx In-Reply-To: <9304222236.AA15100@anchor.ho.att.com> Message-ID: <9304222321.AA02657@soda.berkeley.edu> the vp from mycotoxin spoke, and some reporter said: "He said the chip announced yesterday, internally referred to as MYK-78, costs about $40 and uses an algorithm 16 million times more complex than that used by chips now on the market. Computer hackers have penetrated the current chips." 16 M is approx 2^24 80 bit wiretap chip key - 56 bit DES key = 24 Just because the key is 24 bits longer doesn't mean the chips are that much more complex. Biham and Shamir have reduced the security of DES down to 2^47 (maybe down a few more in the exponent), but that does not mean that it has been broken. 2^47 chosen plaintexts is not a feasible attack in a reasonably deployed system. This is the best known attack. Biham and Shamir are not computer hackers, either. So assuming the reporter was basically accurate, what's the score for our VP? One deceit and one outright lie combined with a gratuitous slander. Eric From szabo at techbook.com Thu Apr 22 16:27:48 1993 From: szabo at techbook.com (Nick Szabo) Date: Thu, 22 Apr 93 16:27:48 PDT Subject: WIRETAP: boycotts In-Reply-To: <9304222221.AA01871@servo> Message-ID: Agreed, not much economic pressure would come from directly boycotting Clipper phones, or for that matter from people boycotting AT&T for ideological reasons. Rather, it would come from AT&T getting a reputation as putting the U.S. government's needs before the needs of their customers; and not caring very much about the privacy of their customers' phone calls. What international business, law firm, etc. wants to trust their communications to a company that puts NSA wiretap chips in their phones and touts them as "secure"? A good outcome here is for this fiasco to get wide publicity, and for Sprint, MCI, etc. to subtly use doubts about AT&T's concern for privacy in their ad campaigns. A recent cypherpunks post refferred to a conversation with an AT&T marketing type, who kept insisting that AT&T is very concerned about customer privacy, it's a high priority, etc. AT&T knows they need a good reputation for privacy. Keep up the pressure! Nick Szabo szabo at techbook.com From hughes at soda.berkeley.edu Thu Apr 22 16:30:05 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Thu, 22 Apr 93 16:30:05 PDT Subject: WIRETAP: press articles wanted. Message-ID: <9304222326.AA03395@soda.berkeley.edu> Speaking as the ftp site maintainer, I'm looking for all the press coverage there is on this wiretap chip, both national and local coverage. I've seen quotes from several other sources, but not whole articles. So type in what's at hand and send it to me. I'll put it up for ftp. I've got Saturday's article from the SF Chronicle here, which I haven't yet typed in, but I should warn you that this piece is one of the most slanted things I've seen in that paper. (Those of you who've read the Chron know this is a real insult.) I'll get it typed in myself unless someone can send me a copy. Eric From hughes at soda.berkeley.edu Thu Apr 22 16:42:50 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Thu, 22 Apr 93 16:42:50 PDT Subject: Reaction time and Crypto In-Reply-To: <9304180436.AA49530@acs.bu.edu> Message-ID: <9304222339.AA05222@soda.berkeley.edu> >It seems to me that the following technologies are going to be of increasing >import despite the outcome of the Clinton proposal. >1. Raw headerless output from packages like PGP. It seems obvious that >if crypto is regulated, it must be easier to disguise the type of crypto >one is using, or indeed if one is using crypto. Removing the headers from PGP will accomplish only the most cursory security. The PGP packet structure is recognizable out of a random byte stream even without the headers. More generally, just because _you_ don't know how to recognize something doesn't mean your opponent is similarly lacking. In order to really know it can't be done, you need a proof, that is, an argument that covers all possible ways of looking for something. This principle applies to all forms of steganography. >2. Methodology for the disguising of cyphertext in more innocous data. See my comment above for my opinion on this. >3. The proliferation and consistant use of Crypto for even everyday >communications. I think work done to get PGP, for example, in mail readers is something that should be done with a bit more zeal. I, personally, don't use it much because of my computing environment (receiving mail on a widely-known-to-be-insecure Unix box, dialed in from MSDOS). The integration problems are pressing. >1> The harder it is to find, the less potential there is for regulation. >2> The harder it is to look for, the less potential there is for regulation. >3> The harder it is to abolish, the less potential there is for regulation. True up to a point. Remember, internet users are still a small percentage of the whole. Eric From pete at cirrus.com Thu Apr 22 16:46:01 1993 From: pete at cirrus.com (Pete Carpenter) Date: Thu, 22 Apr 93 16:46:01 PDT Subject: Mass producing chips Message-ID: <9304222251.AA25007@ss2138.cirrus.com> >tried to get samples, but the price was $300,000 for 10,000 units, How are they going to produce them at these prices and in that quantity given the "baroque activities in the vault" described by Denning? Doug (gumby at wixer.bga.com) Assuming that there is some EEPROM, or bipolar fuse PROM (like PALs) they can easily be programmed during the final (packaged) test stage. After the device passes its tests, give it a number. There are already some PALs that have a "silicon signature", a lot number embedded on the chip, which allows process or lot tracing of devices that don't work up to spec. Testing on peripheral controllers is well below 5 seconds each (gross ballpark - not giving away any secrets here) CPUs may be more, but a "wire-tap" chip should be much easier to test than a CPU. Testers can run close to 24 hours a day, and 24*3600/5 is 17,000 chips a day from one test head. QFP trays have 50 chips/tray, and since the tester knows when the trays are full, it can easily use this to form lot/tray/batch,etc numbers, as well as individual device numbers. I don't like what they're doing, but it all sounds technically feasible to me. Pete Carpenter IC Design Engineer Cirrus Logic Inc. pete at cirrus.com From schmittec at MJ.LAAFB.AF.MIL Thu Apr 22 17:02:36 1993 From: schmittec at MJ.LAAFB.AF.MIL (schmittec at MJ.LAAFB.AF.MIL) Date: Thu, 22 Apr 93 17:02:36 PDT Subject: subscribe Message-ID: <2BD7301A@CN.LAAFB.AF.MIL> subscribe, schmittec at mj.laafb.af.mil From GR2KITTRELL at APSICC.APS.EDU Thu Apr 22 17:18:32 1993 From: GR2KITTRELL at APSICC.APS.EDU (TOO MANY SECRETS) Date: Thu, 22 Apr 93 17:18:32 PDT Subject: IRC setup Message-ID: <930422181609.329c@APSICC.APS.EDU> I really don't know if it can be accomplished in time, but TO1SITTLER is working on setting up a client here for IRC. If this can be used for any meetings, just write. GR2KITTRELL at APSICC.APS.EDU Albuquerque, New Mexico (Land of Enchantment) "Right" From strat at intercon.com Thu Apr 22 17:27:14 1993 From: strat at intercon.com (Bob Stratton) Date: Thu, 22 Apr 93 17:27:14 PDT Subject: DC meeting Message-ID: <9304221926.AA59903@horton.intercon.com> [Note: in the interests of hitting everyone interested, this message might be duplicated for several of you. Please accept my apologies in advance --Strat] > Subject: DC meeting > Date: Thu, 22 Apr 93 16:20:50 EDT > From: dstalder at gmuvax2.gmu.edu (Darren/Torin/Who ever...) > > This is to announce a DC area cypherpunks meeting on Monday 26 April at > 1800 (or so) until whenever at my office. Call me or write me for info > on how to get here... A couple of things: - I was reading mail to post my announcement, when I read yours :-) - I'm more than willing to defer to the majority, though I think there's something to be said for networking the meetings, especially if we have good tools. I've also already received a great deal of response to the idea of a Saturday meeting, even from out-of-towners. To that end, I'm going to post an announcement for a Saturday meeting, and see what happens. Several of us have been planning it for a couple of days now, so don't take it personally or anything. - Paul Ferguson and a couple of others and I have been cobbling together a list of people we thought would be interested in meeting in the DC area, so as to do preliminary planning without polluting Cypherpunks too much. I can see that there are more DC area people than I had originally envisioned, which makes me happy. Sorry if we missed you originally. - Eric and I have discussed the idea of audio teleconferencing the various meetings, either via the Internet or by phone. I've got both a Sun IPC equipped to do the former, and a Western Electric conference telephone (and 6- way on my switch) for the latter. Well readers, which do you prefer? --Strat Help stop the wiretap chip! (a.k.a "Clipper") RIPEM and PGP keys available on request. From strat at intercon.com Thu Apr 22 17:43:28 1993 From: strat at intercon.com (Bob Stratton) Date: Thu, 22 Apr 93 17:43:28 PDT Subject: MEET: Ad Hoc Washington meeting Saturday 4/24/93 Message-ID: <9304221943.AA13465@horton.intercon.com> Washington, DC area ad hoc Cypherpunks meeting. Saturday, April 24, 1993 2:00 PM EDT -> not later than 8:00 PM EDT LOCATION: Unless I hear resounding acclaim for the Monday night meeting, I'm going to hold out our original offer of a Saturday meeting, April 24th, from 2:00PM until sometime not later than 8:00PM, at the offices of: InterCon Systems Corporation 950 Herndon Parkway Suite 420 Herndon, Virginia 22070 DIRECTIONS: InterCon is two blocks north of exit 2 on the Dulles Toll Road (Route 267). From the Beltway, take 267 West to exit 2 (Herndon), and make a right onto Eldon Street. Go through the traffic light at Herndon Parkway (there'll be a shopping center with a big Giant Food on your left), and make an immediate right into the office building on the corner of Eldon and Herndon Parkway labelled "Ford Center". Meet at the front entrance of the building where the Riggs Bank ATM is, and I'll come down and let you in. If you find a way, in, take the elevator to the 4th floor, and walk straight out of it to our office door, which you'll be looking at when the elevator doors open. NOTE: The building locks at 1PM. There is a security phone at the rear entrance, but you'll have to get them to find me, and I don't know what extension we'll be at, so the operative word is "punctuality". I'll make periodic sweeps to the FRONT entrance to look for people, but I can't canvass every door looking for people coming by later. If you come by, and don't see an easy way in, wait by the Riggs Bank ATM entrance, and someone will let you in. (I'll need volunteers to occasionally do that, BTW) COMMUNICATIONS: If you need to reach me, you can try the following: Office phone: +1 703 709 5525 Pager(VA): +1 703 826 5238 (Use an area code!) -or- if you're terribly confused or stranded, call: 800 225 0256, Pager ID: 209267 (This is an operator service, try to make it fit within 80 chars) Help stop the wiretap chip! (a.k.a "Clipper") RIPEM and PGP keys available on request. From GR2KITTRELL at APSICC.APS.EDU Thu Apr 22 18:32:39 1993 From: GR2KITTRELL at APSICC.APS.EDU (TOO MANY SECRETS) Date: Thu, 22 Apr 93 18:32:39 PDT Subject: OOPS Message-ID: <930422193017.3b98@APSICC.APS.EDU> Sorry, To1sittler was trying to set up an IRC HOST, not client.. My apologizes.. If anyone knows massive amounts about IRC, PLEASE, help! gr2kittrell at apsicc.aps.edu From TO1SITTLER at APSICC.APS.EDU Thu Apr 22 18:55:49 1993 From: TO1SITTLER at APSICC.APS.EDU (TO1SITTLER at APSICC.APS.EDU) Date: Thu, 22 Apr 93 18:55:49 PDT Subject: IRC Message-ID: <930422195325.3929@APSICC.APS.EDU> NO! I was NOT trying to set up a host, I was trying to set up a CLIENT! I don't have source for a host, nor do I have room in my disk quota for it! I do, however, have source for two IRC clients, neither of which works yet. But really Chris, I think the Clipper is more important. Not only to the people who read the list, but to me too. This is the biggest reason why my time online does not get spent hacking the IRC client into shape. Please stop posting these messages to THIS list. Kragen From root at pleiku.netcom.com Thu Apr 22 19:35:59 1993 From: root at pleiku.netcom.com ($HOME/.sig) Date: Thu, 22 Apr 93 19:35:59 PDT Subject: ANON: Anonymized Mailing Lists Message-ID: <9304230236.AA06951@netcomsv.netcom.com> Hi There, Has any one combined PGP2.2 and one of the mailing lists servers such as MajorDomo to produce an Anonymous multiple recipient Mailing List? I know David Clunie was working on this for PAX at one point but he didnt finish it I believe. Any one got anything like this? cheers kelly - -------- - -- To add the following key block to your PGP2.0 Public Key Ring save this entire message to a file and enter the following command: pgp -ka [name_of_file_saved] The above key block is included on every message I send from - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.2 mQCNAiqua1sAAAEEAMhfx9J4HPDUZReVFsxS1EZh1jArbIKYtFsL8qit1xCDU8xk Sg/MyOVg37CXv/zKGhjrYt1/F4zntHewIDMm3LkH/G/do74zq1R1NrukD5PUbU8/ aeOvsFmjI3HGJGQNpPXXd8eegxHeggOpQPqLNbsl+VSFY5qka/gXinP2G6VzAAUR tB9rZWxseSA8cGxlaWt1IWtlbGx5QG5ldGNvbS5jb20+tBFzbmFrZUBjYWRlbmNl LmNvbbQdS2VsbHkgR29lbiA8a2VsbHlAbmV0Y29tLmNvbT6JAJUCBRAq0+Yk4nXe Dv9n9wsBAUbXA/9nPYjlRcak+JHZzrU8IHwqvSi/eA8IxKfviB0aaOgEkJOgoSrD FzGl0wq9usgqywl1cG05pHhy9dE5YisPrhQUq7Vo3piOxsrhAxdX3OP14wEfqpIU g23lgq55DKKHVf5ea+/F84mdTO7l3Ef4BzfwdKa7YfsFzLOcjWthwnQa84kAlQIF ECq1XovhoOw8SgKpbwEB8bgD/RkyuGei5GZFmXACvF5tBJ2UsCOmmv1c4y4gFQ6U /YO+lO22kVbW497tKJYZyJIMqCj9AnlhqPePiYrj76n951tF3R5AkmTaBIC1SAB6 2oB7xgOSnrt0LxZJml6cLROM6ZpFYIvOVp5GHGlVWu9vxP7BKo+z4LnzFlQzu83O Et4U =PfOI - -----END PGP PUBLIC KEY BLOCK----- pleiku!kelly at netcom.com.... ------- End of Unsent Draft From sommerfeld at orchard.medford.ma.us Thu Apr 22 19:38:04 1993 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Thu, 22 Apr 93 19:38:04 PDT Subject: crypto export controls. Message-ID: <9304230203.AA00114@orchard.medford.ma.us> I got an announcement last week of a presentation early this week at my place of work on the subject of cryptographic export controls, shortly before the cripple chip announcement was made. This struck me as at least suspicious. Well, turns that the timing was something of a coincidence; it was just a generic presentation on the current sorry state of the export regulations, by one who had to deal with them day in and day out. He seemed to have the right attitude towards "working the regulations" and what they should be, and had been involved in a few meetings with NSA-types. He commented that things have been getting better -- it used to be that they'd refuse to meet with you over the subject of exporting DES; now, they'll meet with you and just refuse to talk about it. The justification for ignoring the current wide availability of strong crypto outside the U.S. was that if they prevent strong crypto from falling into the hands of *one* bad guy, they will have accomplished something... He mentioned that the Software Publishers Association deal (where companies can now export software using crippled versions of RC2 and RC4 on short notice) was a surprise to him and much of the non-PC software industry and represented an almost complete capitulation on the SPA's part. It was also uninteresting to my employer as we aren't interested in using trivially breakable crypto in our products, and the quick turnaround is pretty much meaningless given the amount of lead time needed to get a product out the door. He also mentioned an upcoming amendment to the next version of the law which authorizes the ITAR and the commerce equivalent which would specifically allow the export of generally available encryption software; he didn't hold out much hope for it passing but considered it worth fighting for. He was also taken by surprise by the cripple chip announcement, and also considered it a bad and ominous thing... - Bill From a2 at well.sf.ca.us Thu Apr 22 19:55:12 1993 From: a2 at well.sf.ca.us (Arthur Abraham) Date: Thu, 22 Apr 93 19:55:12 PDT Subject: Don't Piss on Me Message-ID: <199304230254.AA23563@well.sf.ca.us> I refer you to my earlier posting requesting people to direct thier fire at something that needs to be ignighted -- like your local newspaper or local congress person or local president -- but it's definately not the Cypherpunks mailing list. We MUST NOT waste time writing each other letters that we'll learn nothing by reading. We should spend that same time writing to newspapers, congress people, phone companies, Clinton, Gore, and anybody else who thinks they can get away with this because they feel the citizenry either doesn't care about or doesn't understand the issues. What I'd like to see about the Privacy Clipper on this list is something I don't already know, like the name and address of AT&T's president's secretary -- s/he'll complain to the prez if enough privacy mail arrives. Better yet, how about more copies of the letters to the uninformed that you have already sent. Be imaginative, be active, rattle cages, but telling me how pissed you are won't change a thing, except to decrease the time we're both spending on doing something effective. Be effective. Please. -a2. From anton at hydra.unm.edu Thu Apr 22 19:56:39 1993 From: anton at hydra.unm.edu (Stanton McCandlish) Date: Thu, 22 Apr 93 19:56:39 PDT Subject: HUMOUR: re: Wiretap chip sobriquet In-Reply-To: <199304222206.AA14436@well.sf.ca.us> Message-ID: <9304230256.AA06274@hydra.unm.edu> > Actually, this is the worst named product since GM decided to name an > electric car the "Impact" (they've since announced that they're not > going to make it.) > > This device is very simply the "Privacy Clipper" chip .... Heh. Snip snip... But lets not forget a certain Finnish household cleaning product (similar to DiDi Seven), that failed DISMALLY in the English speaking world: Super Piss. No, really that was what it was called I do not lie. ANYWAY: I now have the OS/2 version of PGP available on NitV BBS (see .sig) -- Testes saxi solidi! ********************** Podex opacus gravedinosus est! Stanton McCandlish, SysOp: Noise in the Void Data Center BBS IndraNet: 369:1/1 FidoNet: 1:301/2 Internet: anton at hydra.unm.edu Snail: 8020 Central SE #405, Albuquerque, New Mexico 87108 USA Data phone: +1-505-246-8515 (24hr, 1200-14400 v32bis, N-8-1) Vox phone: +1-505-247-3402 (bps rate varies, depends on if you woke me up...:) From habs at Panix.Com Thu Apr 22 19:59:56 1993 From: habs at Panix.Com (Harry Shapiro) Date: Thu, 22 Apr 93 19:59:56 PDT Subject: Suit vs Non-Suits Message-ID: <199304230259.AA12758@sun.Panix.Com> I feel that perhaps I started this whole mess that is getting, imho, quite out of hand. I said in a post of several days ago, we need Tim M. and John G. to get out there and speak and we also need some people who wear suits. I think we need both. I agree with Perry about the desire to change things and the perception of a person gives off, etc. Still I think we need both, and since we have both people on this list, I don't see what has to really change. It would be nice to get Tim and John and a few suis to make a lobbying trip to washington. But lets stop the debate. /harry -- Harry Shapiro habs at panix.com List Administrator of the Extropy Institute Mailing List Private Communication for the Extropian Community since 1991 From MJMISKI at macc.wisc.edu Thu Apr 22 20:29:01 1993 From: MJMISKI at macc.wisc.edu (Matthew J Miszewski) Date: Thu, 22 Apr 93 20:29:01 PDT Subject: CLIP: Congress works with the Cypherpunks! Message-ID: <23042222282634@vms2.macc.wisc.edu> Cypherpunks (or cryptoprivacy professionals) :-), Hey, some good news. I just got some good information that the winds in Congress are blowing our way. In the latest "Communications Daily", the House of Reps. Telecommunications Subcommittee Chair Markey (D-Mass) has come out actively opposing the Wiretap Chip. He gave several reasons, most of them not technical but commercial. I think he could use some technical talking points too. This could be important guys. A chairman has mucho power (albeit he is only a subcom chair, but he may be well connected). I will digest the article and post it for Eric to put it on the ftp site. I will also get the vital info on this charming privacy advocate (Ill bet he wears a suit too! ;^) This is an incredible window of opportunity. Think, type, send but don't overdo it. This may be our only advocate. But he may have Senator Kennedy's ear. I guess this will test the cypherpunk effectiveness quotient. Progress. Matt mjmiski at macc.wisc.edu From anton at hydra.unm.edu Thu Apr 22 20:53:48 1993 From: anton at hydra.unm.edu (Stanton McCandlish) Date: Thu, 22 Apr 93 20:53:48 PDT Subject: PGP for Amiga Message-ID: <9304230353.AA08274@hydra.unm.edu> As I posted before, I have PGP for DOS, Unix and Mac available on my BBS. I just added the OS/2 version. Does anyone know of an Amiga version? Or any other version? I need site names and/or filenames (xarchie is a Good Thing!) Thanks in advance. -- Testes saxi solidi! ********************** Podex opacus gravedinosus est! Stanton McCandlish, SysOp: Noise in the Void Data Center BBS IndraNet: 369:1/1 FidoNet: 1:301/2 Internet: anton at hydra.unm.edu Snail: 8020 Central SE #405, Albuquerque, New Mexico 87108 USA Data phone: +1-505-246-8515 (24hr, 1200-14400 v32bis, N-8-1) Vox phone: +1-505-247-3402 (bps rate varies, depends on if you woke me up...:) From MJMISKI at macc.wisc.edu Thu Apr 22 21:01:08 1993 From: MJMISKI at macc.wisc.edu (Matthew J Miszewski) Date: Thu, 22 Apr 93 21:01:08 PDT Subject: HOUSE: Wiretap Support from Markey (D-Mass) Message-ID: <23042223002970@vms2.macc.wisc.edu> Here it is: Couldn't remember if the first two articles had been posted but I figured Eric could ftp them even if they were. The 3rd article is the one about Rep. Markey. Ill find his vital info ASAP. -----------------8<---------------------8<---------------- Communications Daily April 19, 1993, Monday Vol. 13, No. 74; Pg. 2 Clinton Sets Policy Review GOVT. WEIGHS IN ON PRIVACY-VS.-ENCRYPTION DEBATE, WITH ITS OWN TECHNOLOGY Clinton Administration Fri. announced sweeping policy directive designed to protect privacy of voice and data transmissions using govt.-developed encryption technology that ensures law enforcement agencies will have ability to eavesdrop. Encyrption is achieved through use of " Clipper Chip" that will be built into telephones, computers, fax machines. Although govt. will adopt new chip as its standard, use in private sector will be on voluntary basis. AT&T Fri. became first company to announce publicly support of Clipper Chip. "We believe it will give our customers far greater protection in defeating hackers or eavesdroppers in attempting to intercept a call," said AT&T Vp Secure Communications Systems Edward Hickey. Govt. already has purchased some evaluation units from AT&T with Clipper Chip installed, said Raymond Kramer, acting dir. of National Institute of Standards & Technology (NIST). Govt. expects to purchase "well over the thousands" of such Clipper Chip units, he said, but he couldn't give figures for how many it might buy from AT&T. AT&T spokesman said products with Clipper Chip included will be available commercially in 2nd quarter. President Clinton Thurs. signed Top Secret National Security Directive outlining details of privacy and encryption policy review. Review will bring together industry and govt. experts under direction of National Security Council in attempt to resolve long-running controversy on right of businesses and citizens to protect all forms of communication and govt. right to conduct lawful investigations. Review will take 3-4 months, NIST's Kramer said. Law enforcement agencies are concerned about rising popularity of digital encryption methods. Multinational businesses, worried about economic espionage, increasingly are incorporating encryption technology for all communications. Law enforcement agencies have voiced growing concern that if they don't move quickly to enact laws assuring them access to encrypted and digital communications, they will be at decided disadvantage in attempting to thwart criminal acts. FBI spokesman James Kallstrom acknowledged that "not many" criminals today are using encryption to skirt law, but putting methods in place now to assure means of intercepting such communications "is vital" to law enforcement's mission. Encryption program will be available to any vendor that wants to manufacture chips, Kramer said. However, company that developed and designed chip under sole-source contract from National Security Agency (NSA) -- Mykotronx, Torrance, Cal. -- has solid lead on market. Kramer acknowledged job was handed to it with NSA's full approval of noncompetitive bid contract. He defended noncompetition aspect: "We went out and found the only company capable of delivering this technology." He said govt. has been using Clipper Chip technology for "a while now in classified applications," but declined to say how long it had been in use before White House announcement. Each chip will have 3 unique "keys" issued to it. When manufactured, 2 of those keys will be sent to govt. and will be held by "escrow agents." For law enforcement agency to be able descramble transmissions, it first must get court order that allows keys held in escrow to be released. Only when those keys are used in tandem can law enforcement agencies unscramble codes and listen in on conversations. Attorney Gen.'s office will "make all arrangements with appropriate entities to hold keys," White House said. Those escrow keys could be held by private organizations, govt. agencies or others, Kramer said. But only 2 entities will be chosen and will be responsible for administering data base that will store keys. Attorney Gen.'s office is expected to select escrow key holders "within a couple of weeks," Kramer said. Plan already is drawing fire from civil liberties groups and privacy advocates. Electronic Frontier Foundation (EFF) said White House acted "before any public comment or discussion has been allowed." It said Administration will use "its leverage to get all telephone equipment vendors to adopt" technology. EFF criticized govt.'s sole-source contract, saying there may be other companies that have better encryption technology, and because encryption algorithm is classified, it can't be tested. "The public will only have confidence in the security of a standard that is open to independent, expert scrutiny," EFF said. Privacy experts are concerned that because Clipper Chip was developed under NSA contract, it might have "backdoor" known only to NSA that would allow agency to crack code and bypass court order. Kramer disagreed: "There is positively no backdoor to this technology." Because use of Clipper Chip is entirely voluntary, businesses and private users -- including criminals -- are free to choose other means of encryption, leaving govt. and law enforcement agencies with dilemma they now face. FBI's Kallstrom acknowledged criminals still could thwart investigations if they used non- Clipper Chip products, "but most criminals aren't so smart." Ability of govt. to eavesdrop on Clipper Chip -equipped devices still doesn't solve broader problem: Ability to wiretap conversations moving across digital telecommunications lines. That problem is being addressed separately by FBI's controversial digital wiretap legislation that has failed to find congressional sponsor and is languishing in Justice Dept., waiting for support of Attorney Gen. InformationWeek April 19, 1993 PHONE CHIP BLOCKS UNWARRANTED TAPS The Clinton administration is attempting to balance privacy concerns with law enforcement agencies' ability to eavesdrop on phone conversations and data transmissions. Last week, government engineers revealed they have developed a " Clipper Chip" that can be placed in ordinary phones to encrypt phone communications. Each device containing the chip will have two unique "key" devices that together can decode those communications. One key will be held by a government agency and one by a private organization. Law enforcement officials would need warrants to obtain the keys. The Justice Department plans to purchase several thousand chips, and AT&T immediately announced it will use Clipper in all of its secure communications products. Communications Daily April 20, 1993, Tuesday Vol. 13, No. 75; Pg. 7 [...] House Telecom Subcommittee Chmn. Markey (D-Mass.) has expressed reservations about govt. use of Clipper Chip, encrypted technology that secures transmissions (CD April 19 p2). Markey wrote to Commerce Secy. Ronald Brown asking whether use of technology could lead to "inadvertently increase[d] costs to those U.S. companies hoping to serve both" govt. and private markets. Chip would be mandatory for govt. use, but optional for private sector, although companies might find greater proprietary need to protect data than govt. Markey asked Brown response to 6 questions: (1) Has algorithm been tested by any entity besides National Security Agency, National Institute of Standards & Technology or vendor supplying chip? (2) Who would hold "key" to descrambling data? (3) Does algorithm have "trap door" or "back door" that could allow someone to crack code? (4) How well would encryption devices adapt to rapidly changing telecommunications technology? (5) What would chip cost federal govt.? (6) What is Commerce Dept. assessment on cost to U.S. exporters of computer and telecommunications hardware and software. Markey said he wanted answers by April 28. [...] National Assn. of State Utility Consumer Advocates opens 2-day conference April 22 on "Telecommunications 2000: What's at Stake for Consumers in the Next Century?" at Rayburn House Office Bldg., Rm. 2168. Rep. Markey (D-Mass.) will speak. Vice President Gore is invited luncheon speaker. Three-member panels Thurs. include: 9:30 a.m. -- National Telecommunications Infrastructure, with former Rep. Tauke (R-Ia.), now Nynex govt. affairs vp. 11 a.m. -- Funding Advanced Networks, with Bell Atlantic Federal Relations Exec. Dir. Edward Lowery. 3:30 p.m. -- New Technologies, with Bell Atlantic Information Services Exec. Dir. Steven Craddock. [I know we missed Thursday but can some suits make it tomorrow?] MultiLink has developed software quality assurance package for its audioconferencing bridge known as System 70. Equipment assures multipoint teleconferences will work through simulator that generates Dual Tone MultiFrequency signals to test 2-way digitized messages over telephone lines, company said. [For those interested in DTMF stuff (I know its an aside)] Ill. Bell has begun offering Call Trace for $4 per successful trace to 56 Chicago area communities. Customers would dial *57, preserving number for Bell's Annoyance Call Bureau or police authorities, although users wouldn't see it directly. Unlike Caller ID, offer is available only on per-call basis. [UUUGGGGHHHH!!!!] Matt mjmiski at macc.wisc.edu From sward+ at cmu.edu Thu Apr 22 21:08:57 1993 From: sward+ at cmu.edu (David Reeve Sward) Date: Thu, 22 Apr 93 21:08:57 PDT Subject: CLIPPER: Explanation sheet? Message-ID: I (along with others) have some sort of phrase in our .signature saying "Stop the Clipper Chip" or somesuch. Since adding this, I have had several people ask me about this, and I have fired off an explanation to them. I am wondering if there is a Wiretap Chip Explanation Sheet to send to people instead of trying to make sure I remember everything (and without double-checking everything I say). Has anyone written such a beast? -- David Sward sward+ at cmu.edu Finger or email for PGP public key 3D567F Stop the Big Brother Chip - Just say NO to the Clipper "Wiretap" Chip! From norm at netcom.com Thu Apr 22 21:40:43 1993 From: norm at netcom.com (Norman Hardy) Date: Thu, 22 Apr 93 21:40:43 PDT Subject: If strong crypto were illegal Message-ID: <9304230440.AA23805@netcom2.netcom.com> Curriously the chip ostensibly makes it nearly impossible for the government to prove that you are using strong crypto on top of skipjack (Clipper). From norm at netcom.com Thu Apr 22 21:40:55 1993 From: norm at netcom.com (Norman Hardy) Date: Thu, 22 Apr 93 21:40:55 PDT Subject: If strong crypto were illegal Message-ID: <9304230441.AA23828@netcom2.netcom.com> Curriously the chip ostensibly makes it nearly impossible for the government to prove that you are using strong crypto on top of skipjack (Clipper). I suppose that the a govenrment agency could use a trap-door to discover that plain text was not plain, then get a warrant, then present evidence that you were using strong crypto. Such might eventually lend credence to the belief that there was a trap-door. From mckang at solomon.technet.sg Thu Apr 22 21:42:05 1993 From: mckang at solomon.technet.sg (Kang Meng Chow) Date: Thu, 22 Apr 93 21:42:05 PDT Subject: OSF's DCE Message-ID: Can anyone tell me what is OSF's DCE, pls. And where can I find more information regarding DCE. Any ftp site carrying documentation on the DCE? Thanks. Kang From mccoy at ccwf.cc.utexas.edu Thu Apr 22 21:59:40 1993 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Thu, 22 Apr 93 21:59:40 PDT Subject: New Algorithm... In-Reply-To: <19930422204625.1.MEYER@OGHMA.MCC.COM> Message-ID: <9304230459.AA18293@tigger.cc.utexas.edu> > Date: Thu, 22 Apr 1993 15:46-0500 > From: Peter Meyer > > Date: Thu, 22 Apr 1993 15:07 CDT > From: "Perry E. Metzger" > > "Haywood J. Blowme" says: > [Lots about some J. Random Companies encryption chip] > > All fine and well, but since we have IDEA already, why should we want > it? For virtually all applicatons these days other than fully > encrypting network traffic, software is fine. DES implementations in > software can handle 1.5 Mbit/s on reasonable machines. [...] > [...] > > > There are lots of other things to be considered besides the algorithm > itself when designing good encryption software, e.g. if someone > accidentally yanks out the power cord to the computer during decryption > do you kiss goodbye to the data? Well, what if I need to the capability of doing 5-10 Mbyte/s? I am still haisng out a few design details of a "secure" BSD using encryption of the filesystem before I hit the code and right now this particular issue is one that I have still not worked out. I need it in hardware. Software is just not fast enough and I a not sure how much work it will require to get a DES card to do E(K1,D(K2,E(K1,x))) if I want to use 128 bit keys. Does anyone know if there is a hardware implementation of IDEA or another algorithm of suitable cryptographic strength available in a card or chip? Then again, maybe I could use a clipper chip... (big ;-) jim From warlord at MIT.EDU Thu Apr 22 22:35:54 1993 From: warlord at MIT.EDU (Derek Atkins) Date: Thu, 22 Apr 93 22:35:54 PDT Subject: MEET: Boston Area Cypherpunks Message-ID: <9304230535.AA14679@deathtongue> ANNOUNCEMENT: In lieu of the recent happenings in the cryptography field, and the Bay Area Cypherpunks meeting, I would like to call to order, an ad-hoc Boston Area Cypherpunks meeting. This meeting is to talk about the Wiretap Chip proposal, and to try to coordinate a counter-attack to the proposal. I hope to have an audio link to the west-coasters, encrypted (of course), so we can discuss these issues together. Place: MIT, Room 1-115, Cambridge. When: 3:00 pm - 9ish Please attend if you have any interest in this topic... DIRECTIONS: To get to MIT, room 1-115: via car: have fun! Building 1 is located right on Mass Ave., close to Memorial Drive. You can try to park anywhere around the area, if you can find a spot. via T: get off at kendall sq. (red line), and walk west... cross Ames St., and keep walking west. Enter the infinite corridor when you cannot walk outside any further, and keep walking west. Once you get into Lobby 7 (a big cathedral-like entryway at 77 Mass. Ave) there will be signs directing you to 1-115. See you there. If you need any more assistance, please feel free to send me e-mail, or call me at 868-4469... -derek From bobanderson%dlu.dnet at net.Vanderbilt.Edu Thu Apr 22 22:48:04 1993 From: bobanderson%dlu.dnet at net.Vanderbilt.Edu (boB -- Geekey Student Worker) Date: Thu, 22 Apr 93 22:48:04 PDT Subject: Request Message-ID: <9304230547.AA08681@net.Vanderbilt.Edu> Please put me on the cypherpunks mailing list Bob From a2 at well.sf.ca.us Thu Apr 22 23:06:32 1993 From: a2 at well.sf.ca.us (Arthur Abraham) Date: Thu, 22 Apr 93 23:06:32 PDT Subject: Meets 'n Greets Message-ID: <199304230606.AA07005@well.sf.ca.us> Craig Nottingham wrote: >In addition a thought that many people are overlooking- the wiretap chip >transmissions of encrypted data would make a perfect envelope for the >transfer of more secure information encrypted with powerful encryption >schemes. There would be no easy way to tell the diffence between >pre-encypted transmissions and wiretap chip encrypted conversation. If I was the LE and unwrapped a Privacy Clipper wrapper and found further encryption, I'd know I had found "probable cause" to... -a2. From warlord at MIT.EDU Thu Apr 22 23:25:24 1993 From: warlord at MIT.EDU (Derek Atkins) Date: Thu, 22 Apr 93 23:25:24 PDT Subject: MEET: Boston Area Cypherpunks Message-ID: Oops.. I forgot to mention a date in my last message... The date of the meeting is THIS SATURDAY, 24 April, 1993. Sorry for any confusion... See you there... -derek From wixer!wixer.bga.com!gumby at cactus.org Thu Apr 22 23:44:09 1993 From: wixer!wixer.bga.com!gumby at cactus.org (Douglas Barnes) Date: Thu, 22 Apr 93 23:44:09 PDT Subject: Mass producing chips In-Reply-To: <9304222251.AA25007@ss2138.cirrus.com> Message-ID: <9304230302.AA15092@wixer> I wrote: > How are they going to produce them at these prices and in that quantity > given the "baroque activities in the vault" described by Denning? > > Doug (gumby at wixer.bga.com) > My point was that given the additional escrow security measures described by D. Denning, I don't see how these prices or volumes will be possible. It is possible that: 1) Denning is describing the process incorrectly, or was merely outlining how the chips would be produced in the best of all possible worlds. 2) The manufacturer actually has many such vaults, and the escrow agencies will provide sufficient staff and disposable laptop computers at no charge to the manufacturer. 3) The chips will not, in fact, be produced in substantial volume (e.g. >1M / year would require over 3,000 "sessions" per working day) You responded: > Assuming that there is some EEPROM, or bipolar fuse PROM (like PALs) they can > easily be programmed during the final (packaged) test stage. After the device > passes its tests, give it a number. There are already some PALs that have a > "silicon signature", a lot number embedded on the chip, which allows process > or lot tracing of devices that don't work up to spec. > > Testing on peripheral controllers is well below 5 seconds each (gross ballpark - > not giving away any secrets here) CPUs may be more, but a "wire-tap" chip > should be much easier to test than a CPU. Testers can run close to 24 hours > a day, and 24*3600/5 is 17,000 chips a day from one test head. QFP trays have > 50 chips/tray, and since the tester knows when the trays are full, it can easily > use this to form lot/tray/batch,etc numbers, as well as individual device numbers. > (all of which I am familiar with) I was referring to: [... from D. Denning's sci.crypt posting ...] All Clipper Chips are programmed inside a SCIF (secure computer information facility), which is essentially a vault. The SCIF contains a laptop computer and equipment to program the chips. About 300 chips ^^^^^^^^^^^ are programmed during a single session. The SCIF is located at ^^^^ suggests only one vault Mikotronx. At the beginning of a session, a trusted agent from each of the two key escrow agencies enters the vault. Agent 1 enters an 80-bit value S1 into the laptop and agent 2 enters an 80-bit value S2. These values serve as seeds to generate keys for a sequence of serial numbers. [... technical info on key generation deleted ...] As a sequence of values for U1, U2, and U are generated, they are written onto three separate floppy disks. The first disk contains a file for each serial number that contains the corresponding key part U1. The second disk is similar but contains the U2 values. The third disk contains the unit keys U. Agent 1 takes the first disk and agent 2 takes the second disk. The third disk is used to program the chips. After the chips are programmed, all information is discarded from the vault and the agents leave. The laptop may be destroyed for additional ^^^^^^^^^^^^^^^ assurance that no information is left behind. The protocol may be changed slightly so that four people are in the room instead of two. The first two would provide the seeds S1 and S2, and the second two (the escrow agents) would take the disks back to the escrow agencies. From gnu Thu Apr 22 23:50:02 1993 From: gnu (John Gilmore) Date: Thu, 22 Apr 93 23:50:02 PDT Subject: CRYPTO '93 - Conference Announcement & Final Call for Papers Message-ID: <9304230649.AA23157@toad.com> I recommend this conference. It's cheap to attend, you'll meet almost all the world-class cryptographers there are (out in the open, as well as some of the spooks), the food is great, and the campus is a fun place to visit. Everything is in walking distance, and the ocean and cliffs are right there. As well as a lot of interesting people and discussions. I wouldn't submit a paper unless it was a serious academic paper, but you could submit a "rump session" talk about some of the cypherpunk activities you've been doing. You'll get five or ten minutes to explain and handle questions, with overhead slides. The presentations have ranged from how to break DES (Adi Shamir & Eli Biham) to ideas about building MSDOS viruses that would infect millions of PC's to do brute force crypto cracking (Steve White of IBM, I think). I've spoken at two of the last three rump sessions about one or another social or political aspect of cryptography. Whit Diffie chairs the rump session, which is held after dinner with beer and wine, and you can send him proposals for your talk by email (diffie at eng.sun.com). John ............................................................................ CRYPTO '93 - Conference Announcement & Final Call for Papers ............................................................................ The Thirteenth Annual CRYPTO Conference, sponsored by the International Association for Cryptologic Research (IACR), in cooperation with the IEEE Computer Society Technical Committee on Security and Privacy, the Computer Science Department of the University of California, Santa Barbara, and Bell-Northern Research (a subsidiary of Northern Telecom), will be held on the campus of the University of California, Santa Barbara, on August 22-26, 1993. Original research papers and technical expository talks are solicited on all practical and theoretical aspects of cryptology. It is anticipated that some talks may also be presented by special invitation of the Program Committee. - ------------------------- INSTRUCTIONS FOR AUTHORS: Authors are requested to send 12 copies of a detailed abstract (not a full paper) by April 26, 1993, to the Program Chair at the address given below. A limit of 10 pages of 12pt type (not counting the bibliography or the title page) is placed on all submissions. Submissions must arrive on time or be postmarked no later than April 21, 1993 and sent by airmail in order to receive consideration by the Program Committee. It is required that submissions start with a succinct statement of the problem addressed, the solution proposed, and its significance to cryptology, appropriate for a non-specialist reader. Technical development directed to the specialist should follow as needed. - ------------------------- Abstracts that have been submitted to other conferences that have proceedings are NOT eligible for submission. Submissions MUST BE ANONYMOUS. This means that names and affiliations of authors should only appear on the title page of the submission; it should be possible to remove this page and send the papers to Program Committee members. A Latex style file that produces output in this format is available by email from the Program Chair. Authors will be informed of acceptance or rejection in a letter mailed on or before June 21, 1993. A compilation of all accepted abstracts will be available at the conference in the form of pre-proceedings. Authors of accepted abstracts will be allowed to submit revised versions for the pre-proceedings. A revised abstract should contain only minor changes and corrections to the originally submitted abstract. All revised abstracts must be received by the Program Chair by July 16, 1993. THE 10 PAGE LIMIT WILL BE STRICTLY ENFORCED for the pre-proceedings. Complete conference proceedings are expected to be published in Springer- Verlag's Lecture Notes in Computer Science series at a later date, pending negotiation. - ------------------------- The Program Committee consists of D. Stinson (Chair, Nebraska) M. Bellare (IBM T. J. Watson) E. Biham (Technion, Israel) E. Brickell (Sandia National Labs) J. Feigenbaum (AT&T Bell Labs) R. Impagliazzo (UCSD) A. Odlyzko (AT&T Bell Labs) T. Okamoto (NTT, Japan) B. Pfitzmann (Hildesheim, Germany) R. Rueppel (R3, Switzerland) S. Vanstone (Waterloo, Canada) - ------------------------- Send submissions to the Program Chair: Douglas R. Stinson, Crypto '93 Computer Science and Engineering Department 115 Ferguson Hall, University of Nebraska Lincoln, NE 68588-0115 USA Telephone: (402)-472-7791 Fax: (402)-472-7767 Internet: stinson at bibd.unl.edu For other information, contact the General Chair: Paul C. Van Oorschot, Crypto '93 Bell-Northern Research (MAIL STOP 000) 3500 Carling Ave. Nepean, Ontario K2H 8E9 Canada Telephone: (613)-763-4199 Fax: (613)-763-2626 Internet: crypto93 at bnr.ca ............................................................................ CRYPTO '93 - General Information (August 22 - 26, 1993) ............................................................................ THE PROGRAM: Crypto'93 is the thirteenth in a series of workshops on cryptology held at Santa Barbara, and is sponsored by the International Association for Cryptologic Research, in cooperation with the IEEE Computer Society Technical Committee on Security and Privacy, the Computer Science Department of the University of California, Santa Barbara, and Bell-Northern Research (a subsidiary of Northern Telecom). The program for the workshop will cover all aspects of cryptology. Extended abstracts of the papers presented at the conference will be distributed to all attendees at the conference, and formal proceedings will be published at a later date. In addition to the regular program of papers selected or invited by the program committee, there will be a rump session on Tuesday evening for informal presentations. Facilities will also be provided for attendees to demonstrate hardware, software and other items of cryptographic interest. If you wish to demonstrate such items, you are urged to contact the General Chair so that your needs will be attended to. The social program will include hosted cocktail parties on Sunday and Monday. In addition, there will be a beach barbecue on Wednesday evening. The price of the barbecue is included in the room and board charge, and extra tickets may be purchased. ABOUT THE CONFERENCE FACILITIES: The workshop will be held on the campus of the University of California, Santa Barbara. The campus is located adjacent to the Santa Barbara airport and the Pacific Ocean. Accommodations are available in the university dormitories at relatively low cost for conference participants. Children under the age of 13 are not allowed to stay in the dormitories, so those bringing small children will need to make separate arrangements in one of several nearby hotels. More information on hotels is enclosed. Parking on campus is available at no cost to the participants. However, participants must indicate on the registration form if they desire a parking permit. TRAVEL INFORMATION: The campus is located approximately 2 miles from the Santa Barbara airport, which is served by several airlines, including American, America West, Delta, United, and US Air. Free shuttle bus service will be provided between the Santa Barbara airport and the campus on Sunday and Thursday afternoons. All major rental car agencies are also represented in Santa Barbara, and AMTRAK has rail connections to San Francisco from the north and Los Angeles from the south. Santa Barbara is approximately 100 miles north of Los Angeles airport, and 350 miles south of San Francisco. REGISTRATION: Participation is invited by interested parties, but attendance at the workshop is limited, and pre-registration is strongly advised. Late registrations, subject to a late registration fee, may be accepted if space is available, but there are NO GUARANTEES. To register, fill out the attached registration form and return to the address on the form along with payment in full before July 9, 1993. Campus accommodations will be available on a first come, first serve basis for attendees who register by July 9, 1993. The conference fees include participation in the program and all social functions, as well as membership to the IACR and a subscription to the Journal of Cryptology. The room and board charges include dormitory lodging and meals >from dinner on Sunday to lunch on Thursday. Technical sessions will run >from Monday morning to Thursday at noon. A very limited number of stipends are available to those unable to obtain funding. Applications for stipends should be sent to the General Chair before June 4, 1993. ............................................................................ CRYPTO '93 - CRYPTO '93 Registration Form ............................................................................ REGISTRATION DEADLINE: July 9, 1993 Last Name: _____________________________________________ First Name: _____________________________________________ Sex: (M)__ (F)__ Affiliation: _______________________________________________________________ Mailing Address: __________________________________________________________ __________________________________________________________ __________________________________________________________ ___________________________________________________________ Phone: __________________________________ FAX: ___________________________ Electronic Mail: __________________________________________________________ Payment of the conference fee entitles you to membership in the International Association for Cryptologic Research for one year at no extra charge, including a subscription to the Journal of Cryptology, published by Springer- Verlag, at no extra charge. Do you wish to be an IACR member? YES__ NO__ The conference fee also includes the conference proceedings when they become available, containing final versions of conference papers. The book of extended abstracts distributed at the conference will contain only shortened preliminary versions of these papers (maximum 10 pages). Conference fee: Regular ($280) US$ _______ Attended Eurocrypt'93, Norway ($230) _______ Full time student ($190) _______ deduct $50 if you do not wish proceedings _______ Total conference fee: US$_______ Room and Board (4 nights): Smoking ___ Non-smoking ___ Single room ($275 per person) _______ Double room ($225 per person) _______ Roommate's name: ____________________________________ Extra barbecue tickets ($20 each; one is included in room and board) _______ $40 late fee for registration after July 9; REGISTRATION NOT GUARANTEED AFTER JULY 9 _______ Total funds enclosed (U.S. dollars): US$ _______ Payment must be by check PAYABLE IN U.S. FUNDS, by money order IN U.S. FUNDS, or by U.S. BANK DRAFT, payable to: CRYPTO'93. Payment should be mailed to the General Chair: Paul C. Van Oorschot, CRYPTO'93 Bell-Northern Research (MAIL STOP 000) 3500 Carling Ave. Nepean, Ontario K2H 8E9 Canada ............................................................................ CRYPTO '93 - Hotel Information ............................................................................ For those who choose not to stay in the dormitories, the following is a partial list of hotels in the area. Those who choose to stay off campus are responsible for making their own reservations, and early reservations are advised since August is a popular season in Santa Barbara. Note that Goleta is closer to UCSB than Santa Barbara, but that a car will probably be required to travel between any hotel and the campus. All prices are subject to change; prices should be confirmed by calling the individual hotels directly. However, mention CRYPTO'93 when you are making your reservation and in several of the hotels listed you will be eligible for the university rate which can be significantly less than the normal rates. We are not able to block rooms in these hotels, so please make reservations as early as possible. The quality of the hotels range from rather expensive beach-front resorts to basic inexpensive accommodations. For further information, try contacting the Santa Barbara Convention and Visitors Center, (805)-966-9222. South Coast Inn: 5620 Calle Real, Goleta, CA 93117. Regular rates: Single $89, Double $94; call for University rates. Contact Murrill Forrester at (805)-967-3200 or toll-free at (800)-350-3614. Cathedral Oaks Lodge: 4770 Calle Real, Santa Barbara, 93110. Single rates not available, Double rates start at $84 including breakfast; no University rates. Call Tom Patton at (805)-964-3511 or toll-free at (800)-654-1965. Motel 6: 5897 Calle Real, Goleta, CA 93117. Single $33.95, Double $39.95, no University rate available. Call (505)-891-6161. The Sandman Inn: 3714 State St., Santa Barbara, CA 93105. Regular rates: Single or Double $84, $94 for king-size, University rate $65. Call Jean Ingerle at (805)-687-2468 or toll-free at (800)-350-8174. Miramar Hotel (Beachfront): 3 miles south of Santa Barbara on U.S. 101 at San Ysidro turnoff. Regular rates: $70-$135. No University rates. Call (805)-969-2203. Pepper Tree Inn: 3850 State St., Santa Barbara, CA 93105. Regular rates: $106-$112 for two people, University rates $96-$102 for two people. Call Christopher Oliphant at (805)-687-5511 or toll-free at (800)-338-0030. Encina Lodge: 220 Bath Street, Santa Barbara, CA 93105. Regular rates $106-$108 for two people, no University rates. Call Carol Wolford at (805)-682-7550 or toll-free at (800)-526-2282. Quality Suites: 5500 Hollister Ave, Santa Barbara, CA 93111 (close to campus). Regular rates: Single $125, Double $145, University rates $99 double (must mention you are attending a UCSB program). Call Michael Ensign at (805)-683-6722. Upham Hotel (bed-and-breakfast): 1404 De La Vina Road, Santa Barbara, CA 93101. University rate $85 (mention you are from Crypto). Call Sheila Donegan at (805)-962-0058.he best ------- End of Forwarded Message From wk0x at ANDREW.CMU.EDU Fri Apr 23 00:00:26 1993 From: wk0x at ANDREW.CMU.EDU (William Stephen Kish) Date: Fri, 23 Apr 93 00:00:26 PDT Subject: encrypted telnet Message-ID: Hello, I've created this simple little program that allows for encrypted telnet sessions (between unix hosts) without any modification to the system telnetd or telnet programs. The system consists of a pair of programs: 1 running on the target machine (Host B) and 1 running on the machine being telneted from (Host A). (These daemons require no special permissions -- they run as normal user processes. Also, both daemons are really the same program; each is started with a different switch to let it know which hat to wear...) Instead of telneting directly to Host B, the user telnets to a special port on his own machine ("telnet HostA 10000"). This connects him to the encryption daemon. Upon makeing this connection, this Host A encryption deamon opens a TCP connection to the peer encryption daemon on Host B. This Host B deamon then opens a connection to port 23 (the normal telnet port) on it's own machine. Thus, all data from the user is passed to the encryption daemon on its local machine where it is encrypted and sent over the net to the peer daemon on the target machine. There the data is decrypted before being passed to the local telnetd process. Data flowing in the reverse direction undergoes a similar process. All of this is transparent to the user and telnet processes. What I need now is a strong stream cypher to drop into these daemons. Can anyone supply references to apropriate algorithms or code? A good cypher should be resistant to known plaintext attacks, since telnet sessions start out with lots of known plaintext (telnet options, login banner, motd, user id, etc...). If there is interest, I'll look into releasing this when it's complete. Thanks, Bill Kish kish+ at cmu.edu From jisosaar at vipunen.hut.fi Fri Apr 23 00:00:33 1993 From: jisosaar at vipunen.hut.fi (Jukka Isosaari) Date: Fri, 23 Apr 93 00:00:33 PDT Subject: unsubscribe Message-ID: <199304230700.AA116628@vipunen.hut.fi> unsubscribe From lobo at puukko.hut.fi Fri Apr 23 00:01:29 1993 From: lobo at puukko.hut.fi (The last Czarnian) Date: Fri, 23 Apr 93 00:01:29 PDT Subject: subscribe Message-ID: <199304230701.AA21825@puukko.hut.fi> subscribe From uni at acs.bu.edu Fri Apr 23 00:17:18 1993 From: uni at acs.bu.edu (Shaen Bernhardt) Date: Fri, 23 Apr 93 00:17:18 PDT Subject: Overreaction..... Message-ID: <9304230717.AA58454@acs.bu.edu> Begin Forwarded Message Article 9566 (7 more) in alt.security: From: uni at acs.bu.edu (Shaen Bernhardt) Newsgroups: sci.crypt,alt.security,comp.org.eff.talk,comp.security.misc,comp.org.acm, comp.org.ieee Subject: Re: Overreacting (was Re: Once tapped, your code is no good any more) Message-ID: <116530 at bu.edu> Date: 23 Apr 93 02:36:14 GMT References: <1993Apr22.134214.18517 at rick.dgbt.doc.ca> Sender: news at bu.edu Followup-To: sci.crypt Distribution: na Organization: Boston University, Boston, MA, USA Lines: 82 In article <1993Apr22.134214.18517 at rick.dgbt.doc.ca> jhan at debra.dgbt.doc.ca (Jerry Ha n) writes: >In this giant bally-ho over this Clipper chip I noticed a rather >disturbing trend in some of the E-mail and posts I've tossing back and >forth. > >Somebody asked me what was wrong about overreacting in cases such as this. > >The reason is very simple: How many people do you want to die in a riot? >In a new Civil War? > >Everybody is jumping up and down and screaming about it, and I'm worried >that people are going to reach for their hammers and rifles before their pens >and paper. > >Can people work within the system before trying to break it? A circut court judge in Illinois once said "When dealing with a government that seeks continually new and more creative ways to spy on its' citizenry, one cannot discourage the move to empower the common citizen with the means to parry this attack on personal privacy." (Unfortunately the comment was with regard to the banning of radar detectors....) The point remains. More and more I see the government slowly washing away privacy. Even unwittingly. Do you think I will ever live in a soceity that issues smart cards to citizens at birth? Do you think I will live in a soceity that insists I register my crypto keys so they can keep track of what I'm saying? Even if there is no evidence of my guilt? Do you think I will ever live in a soceity that seeks to meddle in the affairs of its' citizenry without recourse of any kind? I'm tired of it. There is (IMHO) no compromise with an administration that seeks to implement these proposals under the guise of enhancing privacy. More than the proposals themselves, I read the language of the press releases, the obvious deception involved in presenting these pieces to the public, and I am sickened. I am revolted. I am repulsed. 90%, perhaps even 95% of this country could care less about the clipper chip, the wiretap bill, the smart card, because they are so entrapped in the rhetoric of the Clinton Administration. This saddens and frightens me. I am a conserveative believe it or not. A law and order conserveative. But the move to a centralized authoratarian regime really scares me, mostly because I know you cant go far wrong underestimating the intelligence of the American people. Tell them it's going to keep them safe from drug dealers and terrorists, and they will let you put cameras in their home. Even in the wake of Waco, you find those who support the increasingly totalatarian moves. >Somebody once said something like: "Armed Violence is meant only to be >used in response to an armed attack. It is not meant to be used in >agression. This is the difference between self-defence and murder." To be quite honest, the way things are going, I'd call it self defense. >Let's try to avoid killing things, eh? There's enough blood shed in the >world, without adding a couple of riots, Civil Wars, etc. > >I'm probably overreacting. But what I've read scared me a lot. I don't >want my children growing up in a War Zone. And I dont want mine growning up in the eyes of a security camera 24 hours a day. >-- >Jerry Han-CRC-DOC-Div. of Behavioural Research-"jhan at debra.dgbt.doc.ca" >///////////// These are my opinions, and my opinions only. \\\\\\\\\\\\\ >\\\\\\\\\ A proud and frozen member of the Mighty Warriors Band //////// >"Memories of those I've left behind, still ringing in my ears."-Genesis- uni -- uni at acs.bu.edu -> Public Keys by finger and/or request Public Key Archives: Sovereignty is the sign of a brutal past.<>Fight Clinton's Wiretap Chip! DF610670F2467B99 97DE2B5C3749148C <> Crypto is not a Crime! Ask me how! Forwarded message ends. I reposted this for the benefit of those who might not be actives on the newsgroups it was distributed to. After I wrote this reply, I went out for a beer with a friend of mine. We didn't talk about crypto or privacy (he's more into the Hartford Whalers) but I couldn't get it out of my mind. More and more I feel violated. We live in an age where direct marketers send mail to my address and I have no idea who gave it to them. We live in an age where you call up the chinese food place for a delivery and after getting your phone number, (with caller ID in some places) they ask you if you'll have "the usual" [no joke]. We live in an age where your credit card might have your digitized picture on it. We live in an age where despite the freedom of information act, your file, should you request it, is more than half inked out. We live in an age where your social security number is a "handle" to your life and habits. We live in an age where anyone can order a copy of your tax return and merely be asked "may I have your social security number please?" Privacy has become a joke. Plastic money, databases, credit reports, whereever you look, there is some entity looking to collect something else on you. I for one, have had it. It's true, I'm conserveative. But where will it end? How many more blows to liberty and privacy will be made before there is little left? I've studied intelligence, political science, international relations, and law here at B.U. Next year I will be at Georgetown working on my J.D. But I doubt I will stay here in the states. I think perhaps Liechtenstein offers a more hands off atmosphere. In retrospect, I really don't think I'm concerned with the pettyness of this or that blow to privacy, but the system that slowly builds. I'm a paranoid at heart. I don't TRUST the system. I never will. It's too bad others do. Someday I hope someone explains to the vast number of people the difference between freedom to, and freedom from. I never thought I'd sound like a revolutionary. uni (Dark) From szabo at techbook.com Fri Apr 23 02:11:46 1993 From: szabo at techbook.com (Nick Szabo) Date: Fri, 23 Apr 93 02:11:46 PDT Subject: Privacy International (fwd) Message-ID: The following forwarded from alt.privacy. Anybody have experience with this group? Have they taken a position on the wiretap chip? Subject: Group Info: Privacy International Message-ID: <1993Apr12.184129.11455 at mont.cs.missouri.edu> Originator: rich at pencil.cs.missouri.edu Organization: Privacy International PRIVACY INTERNATIONAL A WATCHDOG ON SURVEILLANCE GENERAL INFORMATION PRIVACY INTERNATIONAL - THE BIRTH OF A WORLDWIDE MOVEMENT We are posting this in the hope that you might get involved in a new organization which is actively involved world-wide in the protection of privacy. Privacy International is an independent Non Government Organization (NGO) established in 1990 to protect personal privacy and to monitor surveillance by governments, financial institutions, intelligence agencies, media, political groups, police, and other organizations. At the invitation of its members and member organizations throughout the world, Privacy International has conducted successful campaigns against surveillance in Asia, Europe and North America. Many of these campaigns have raised awareness about the dangers of proposals for identity cards, national numbering systems, computer linking programmes and military surveillance. Others have reinforced the importance of developing laws to protect personal privacy. WHO ARE PRIVACY INTERNATIONAL!S MEMBERS ? Over the past three years Privacy International has established an outstanding and very active member network of legal experts, human rights advocates, information systems experts, academics, data protection experts, social and political scientists , and a whole range of concerned individuals from more than 40 countries. These members, who comprise much of the world!s expertise in privacy protection, form an independent network that can respond fearlessly to problems of all kinds. SOME OF OUR WORK Privacy International has conducted campaigns on a wide variety of issues throughout Europe, North America and Asia Our first campaign was undertaken during 1991 in Thailand, where the government had established a central population registration and ID card system. The system, controlled by the powerful Ministry of the Interior, would link many departments and ministries, and had few legal safeguards. A seven week campaign by Privacy International raised awareness amongst politicians, human rights organizations and the public about the potential dangers of the system. The second campaign, concerning yet another ID card proposal was conducted in Manila during April and May of 1991. The invitation to Privacy International came from the Philippine Alliance of Human Rights Advocates (PAHRA), the peak human rights NGO in the Philippines. Several bills were pending in the Congress and the Senate mandating the establishment of a national identity card and numbering system. PAHRA felt that this proposal could infringe the rights of Filipinos, and create problems for the Philippines fragile democratic process. A comprehensive submission was made to the Senate of the Philippines, pointing out the likely costs, both in economic and civil rights terms, of the proposal. The third campaign involved the establishment by the New Zealand Government of a data matching and government benefits card system known generically as the "Kiwi Card". An invitation was issued to Privacy International by the Auckland Council for Civil Liberties in late August, and I travelled to Auckland in early September. The Council was concerned about the government's plan for a number of reasons. First, the plan to data match amongst government agencies lacked adequate legal protection. Second, the Kiwi Card plan raised issues of discrimination. A more general concern that developed throughout the subsequent campaign was whether the New Zealand legal and political system embraced enough protections and rights to ensure that the system would not be abused. Current Activities THE NORTHERN IRELAND SURVEILLANCE PROJECT This project, the first of its type ever undertaken in Northern Ireland, will investigate the full extent of surveillance throughout the country. It is to be sponsored by the Law Faculty of the Queen!s University of Belfast. Human rights organizations have expressed concern for some years over the loss of basic rights in Northern Ireland. The development of complex and powerful information technology has increased the risk of routine surveillance of citizens, and consequently the loss of personal privacy in Northern Ireland has escalated. The emergency legislation in force there compounds this unfortunate situation. The report will be made publicly available by the end of 1993. THE STASI FILE PROJECT One of the most complex civil and political rights issues for former eastern block countries is the dilemma of how to deal with the files of police and intelligence organizations. The problem is compounded by the absence of any international guidelines which could be used as a benchmark. Privacy International is planning to establish a project which will develop international guidelines for handling police and official files in countries which are in transition to democracy. Privacy International has established an expert group to develop the guidelines. he establishment of an independent The group will work closely closely with members of relevant countries seeking to develop such legislation. THE BIG BROTHER AWARDS Governments, private sector organizations, credit bureaus, police departments and the military in many countries are engaging in programs which have the effect of eroding the rights and privacy of individuals. These practices often breach international human rights conventions, and threaten the balance or evolution of free and open societies. In many cases, information technology is used for the purposes of increasing the power of authorities, while diminishing the rights of individuals. These violations occur in all parts of the world. The Big Brother awards sponsored by Privacy International, will be given to the organization, initiative, government or act which is most invasive of private life, or which is responsible for the most dangerous and intrusive acts of surveillance. Privacy International believes that there should be a more widespread awareness of these practices. We believe people have the right to know when governments or other organizations are engaging in intrusive practices that limit individual rights. We aim to provide an effective context for viewing these invasive practices, by establishing an international benchmark. The establishment of the Big Brother awards aims to provide a world-wide focus on surveillance and privacy. THE INTERNATIONAL PRIVACY BULLETIN Privacy International!s quarterly newsletter, The International Privacy Bulletin, contains reports from around the world on privacy and surveillance, together with articles on a wide spectrum of privacy issues such as telecommunications privacy, encryption, privacy legislation, corrupt disclosure of confidential files and news of Privacy International!s activities. The International Privacy Bulletin is distributed free to all members and supporters. THE INTERNATIONAL INTERNET PRIVACY ARCHIVE Computer Professionals for Social Responsibility (CPSR) has created an electronic library of reports, laws and commentary on privacy. The archive includes discussions of communications privacy, cryptography, texts of international documents on privacy and many other materials. There are several hundred documents in the archive and more are being added every day. There is also a special folder in the library for Privacy International documents including electronic versions of newsletters, updates, country reports and international documents. There are currently several dozen files available. Access is through Internet mail, FTP, Gopher or WAIS. Through mail, send the command: help as the first line of text in a message to listserv at cpsr.org. FTP/Gopher/WAIS to cpsr.org folder /cpsr. All access is free. Users of the archive are encouraged to submit their articles for others to use. People who are interested in submitting articles, please contact David Banisar at 1+202/544-9240 Email: banisar at washofc.cpsr.org If you are interested in getting involved in the work of Privacy International, please contact Simon Davies, Marc Rotenberg, or David Banisar at : Privacy International, 666 Pennsylvania Ave SE Suite 303 Washington, DC 20003 United States of America Phone (+1) 202 544 9240 Fax (+1) 202 547 5481 E.Mail: pi at washofc.cpsr.org PRIVACY INTERNATIONAL MEMBERSHIP FORM Name...................................................... Organisation.............................................. Address................................................... .......................................................... .......................................................... Phone..................................................... Fax....................................................... Email..................................................... Special interests ........................................ .......................................................... $20 (Low income) $50 (full membership) All personal information is strickly confidential and will not be disclosed without the prior consent of the indvidual. From gnu Fri Apr 23 02:13:24 1993 From: gnu (John Gilmore) Date: Fri, 23 Apr 93 02:13:24 PDT Subject: Spooks like Suns (FYI) Message-ID: <9304230913.AA26730@toad.com> ---------------------------------------------------------------------------- The Florida SunFlash SunFed Wins Contract With Defense Intelligence Agency SunFLASH Vol 52 #25 April 1993 ---------------------------------------------------------------------------- Contact: Carol Hartzell, SMCC PR at (415) 336-0598 Will Be Exclusive Supplier of Secure, RISC-based Network Servers and Workstations MILPITAS, Calif. -- April 21, 1993 -- Sun Microsystems Federal, Inc. (Sun Federal) has been selected by the Defense Intelligence Agency (DIA) under a requirements contract to supply a secure, RISC-based family of workstations and servers. The one-year (with four option years) SASS (System Acquisition and Support Strategy) multi-vendor acquisition contract anticipates purchasing 5,400 RISC-based Sun(TM) workstations, the majority of which will be used in a secure network environment. Sun Federal will provide workstations and network servers to enhance and leverage the investment of existing equipment as well as move the DIA from a mainframe environment to a secure client-server workgroup environment. Sun Federal will supply Sun SPARCstation(TM) IPX(TM) and SPARCstation 2 workstations, along with a version of the Solaris(R) operating environment that is being evaluated by the DIA for CMW (Compartmented Mode Workstation) operation. Options for file servers and SPARCstation 10 workstations are also included. Sun Microsystems Federal, Inc. is a wholly owned subsidiary of Sun Microsystems, Inc., the world's leading supplier of client-server computing solutions. Sun Federal, founded in 1984, is headquartered in Milpitas, Calif. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ For information send mail to info-sunflash at Sun.COM. Subscription requests should be sent to sunflash-request at Sun.COM. Archives are on solar.nova.edu, ftp.uu.net, sunsite.unc.edu, src.doc.ic.ac.uk and ftp.adelaide.edu.au All prices, availability, and other statements relating to Sun or third party products are valid in the U.S. only. Please contact your local Sales Representative for details of pricing and product availability in your region. Descriptions of, or references to products or publications within SunFlash does not imply an endorsement of that product or publication by Sun Microsystems. Send brief articles (e.g. third party announcements) and include contact information (non-800#, fax #, email, etc) to: John McLaughlin, SunFlash editor, flash at Sun.COM. +1 305 351 4909 From gg at well.sf.ca.us Fri Apr 23 02:26:35 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Fri, 23 Apr 93 02:26:35 PDT Subject: WIRETAP: boycotts Message-ID: <199304230926.AA09240@well.sf.ca.us> Re boycotting AT&T: Eric's proposal is great (cancel your AT&T long distance anyway) but I would suggest a more aggressive approach toward AT&T business telephone systems and consumer phone products. First of all, their equipment is mediocre at best. Their main business phone product, Merlin, is obsolete and truly nasty (details on request); System 75 (mid-sized PBX) is little better; their low-end key system (AT&T Spirit) is cheapy stuff, and although their Partner system is decent there are a number of better alternatives (Panasonic KXT-Hybrid is our favorite though if you want made in USA there's Comdial). AT&T have been pursuing an aggressive policy on initial pricing to try to kill off independent phone contractors, but their service doesn't measure up: expensive rates, delays, etc. So even if they drop their price by half on something to try to edge out a competitor, don't take the bait. Second, you can bet that they'll start introducing Tapper in their cordless phones pretty quickly, to try to win a market advantage based on having any kind of encryption at all. There are some cordless business phones available (one is designed for Merlin) and some new ones coming out soon. These will probably have Tapper in them. Ericsson have a cordless business phone system now, called FreeSet, which is essentially micro-cellular, and it uses a stronger European crypto standard if I'm not mistaken (I can go look up details if anyone wants to know). North Supply Premier is another version of same with some other encryption routine (ANYthing is better than Tapper at the moment) though not as adaptable as the Ericsson FreeSet system. For every AT&T phone set or system, there are plenty of better alternatives, and the time to start shifting your purchasing power is now. (oh BTW to clarify, what I meant by "new ones coming out soon" is that AT&T will probably try to jump on the Ericsson & North Premier bandwagon soon with their own version, with Tapper. "AT&T: phones with Big Brother Built Inside!" -gg From gg at well.sf.ca.us Fri Apr 23 02:55:40 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Fri, 23 Apr 93 02:55:40 PDT Subject: CLIP: Legal Aspects Message-ID: <199304230955.AA11325@well.sf.ca.us> Illegal taps: and keep in mind "investigative" taps used to gather deep background information... by the time that information gets to a useable form, its origin is so far obscured as to be impossible to prove... and most importantly, keep in mind the simple matter of political and economic intelligence. The British GCHQ routinely tapped trade unions; NSA went after the civil rights movement, history is full of cases like this. If you don't know COINTELPRO, look it up and get scared. The main thing here is not whether they can use evidence against you in court, but whether they can gather extracurricular info and use it to fuck up careers, runs for elected office, campaigns on public issues, labor negotiations, and all kinds of other things which we expect to be able to do freely in a nominal democracy. Clinton has expressed a commitment to civil rights causes, so I don't worryu about his administration pullling another WAtergate or COINTELPRO, but if we ever got another bunch of zealous authoritarians in there...! -gg From gg at well.sf.ca.us Fri Apr 23 02:58:28 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Fri, 23 Apr 93 02:58:28 PDT Subject: Info on Mykotronx Message-ID: <199304230957.AA11510@well.sf.ca.us> Re MycoToxin: contact the Covert Action Information Bulletin and ask if they have anything on anyone named in connection with MycoToxin. Do the same with other think-tanks that deal in defense-related issues, for example the Center for National Security Studies or some such. TRW is a scary thought indeed; and of course these people don't ever cut their ties for good... consider that TRW is a huge NSA partner and also maintains the Great Big Database of all our credit records & buying habits. Bad combinations, getting worse by the minute. -gg From gg at well.sf.ca.us Fri Apr 23 03:03:29 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Fri, 23 Apr 93 03:03:29 PDT Subject: WIRETAP: boycotts Message-ID: <199304231000.AA11712@well.sf.ca.us> Keep up the pressure: how about mailing to all law firms in the Bay Area to warn them not to buy AT&T phone systems since they might be getting Big Brother in the Box along with, if not now, then in some future upgrade innocently installed by a field tech. -gg From gg at well.sf.ca.us Fri Apr 23 03:23:08 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Fri, 23 Apr 93 03:23:08 PDT Subject: AT&T replacement offer Message-ID: <199304231022.AA13617@well.sf.ca.us> Re the AT&T boycott, I'm going to put my labor where my mouth is, and offer: Replacement of any AT&T business phone system or consumer telephone product, at a discount of 25% off normal retail (essentially a nonprofit rate). On business phone systems, this includes all AT&T key systems (Merlin, Spirit, Partner, etc) and PBX (system 75 and up); and includes one year's service contract. For smaller systems, we'll install anywhere from Santa Cruz to Mendocino; for larger ones, anywhere in California depending on the job; and we'll ship user-intallable ones anywhere you like. (User-installable systems typically involve 32 or fewer phones.) For each AT&T system we remove, we send a letter to AT&T explaining why. Then when we gather up enough of them to make a decent sized pile, do some kind of publicity event with them (any suggestions?). (Or maybe simply sell the old AT&T stuff to a secondary market dealer and donate the proceeds to an appropriate organisation?) -george gleason, Integrated Signal / Switched Networks, 510-644.8085 gg at well.sf.ca.us From warlord at Athena.MIT.EDU Fri Apr 23 03:39:31 1993 From: warlord at Athena.MIT.EDU (Derek Atkins) Date: Fri, 23 Apr 93 03:39:31 PDT Subject: encrypted telnet In-Reply-To: Message-ID: <9304231039.AA08262@snorkelwacker.MIT.EDU> Bill.. There are a couple of problems with your scheme. 1) You have to have this daemon already running on host B. I.e., you still need to have had (at one time) access to run this daemon. Basically, this means that you (or someone) has to have had root access to BOTH hosts A and B to set this up. Unless this becomes supported software, you can't guarantee that.... 2) How do you do key distribution? If you use Kerberos, then you need to have root access on host B. Otherwise, you need some way to securely get the encryption key from A to B.... 3) How do you deal with multiple encryptions? If you have more than one client who wants to use this program, you have to trust a single process (unless you run out of inetd, which requires #1) with all the different keys for all the different users! Basically, you're better off using ktelnet/ktelnetd to do this. In either case you have the same problem with modifying the workstation. Please, don't let this discourage you, but I think you might want to think this through a little more before you jump the gun! Have a Nice Day!!! :-) -derek PGP 2 key available upon request on the key-server: pgp-public-keys at toxicwaste.mit.edu -- Derek Atkins, MIT '93, Electrical Engineering and Computer Science Secretary, MIT Student Information Processing Board (SIPB) MIT Media Laboratory, Speech Research Group warlord at MIT.EDU PP-ASEL N1NWH From gg at well.sf.ca.us Fri Apr 23 03:50:21 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Fri, 23 Apr 93 03:50:21 PDT Subject: AT&T replacement Message-ID: <199304231050.AA15354@well.sf.ca.us> In case it wasn't clear, the offer is to replace any AT&T hardware *with equivalent or better competing technology* for 25% off. -gg From habs at Panix.Com Fri Apr 23 04:08:16 1993 From: habs at Panix.Com (Harry Shapiro) Date: Fri, 23 Apr 93 04:08:16 PDT Subject: Moving Target: Warning Message-ID: <199304231108.AA08218@sun.Panix.Com> I have thought that it is a losing strategy to debate the wire tap chip on purely tech terms as I feel the NSA would have more technology up their sleve, changing the MO as we object to specific points and probally making themselves SEEM responsive to the gov/congress/Admin. First we had 40 bit key halves then we got 80-bit XORed and now: CAPSTONE: THE NEXT GENERATION, with DSS, etc... We need to make broad specturm attacks on both spef. technical points and social points. We need to say/talk to How this country was founded. We did to say Ok, NSA/FBI is right and the world has changed. But it will keep on changing... like our Founders, we need to plot a course that will hold true not for a few years but for the next two hundred. This is stuff that shouldn't be debated in private by NSA and Bill C. /harry -- Harry Shapiro habs at panix.com List Administrator of the Extropy Institute Mailing List Private Communication for the Extropian Community since 1991 From wk0x at ANDREW.CMU.EDU Fri Apr 23 04:30:46 1993 From: wk0x at ANDREW.CMU.EDU (William Stephen Kish) Date: Fri, 23 Apr 93 04:30:46 PDT Subject: encrypted telnet In-Reply-To: <9304231039.AA08262@snorkelwacker.MIT.EDU> Message-ID: Excerpts from mail: 23-Apr-93 Re: encrypted telnet Derek Atkins at Athena.MIT. (1442) > Bill.. There are a couple of problems with your scheme. > 1) You have to have this daemon already running on host B. I.e., you > still need to have had (at one time) access to run this daemon. > Basically, this means that you (or someone) has to have had root > access to BOTH hosts A and B to set this up. Unless this becomes > supported software, you can't guarantee that.... Well, you really don't need root to run this daemon. You can simply telnet (normally) to machine B, start the daemon in the background, log off, start the daemon in the background on machine A, and go from there. There is only a problem if machine B kills off your process when you log out... To be completely safe, you should change your login password once you are on the encrypted link since the initial telnet to set up the daemon was in the clear... 2) How do you do key distribution? One possible solution is to use PGP to encrypt this telnet key and mail it to your account on B. Your private key on B can then decrypt the telnet key. (If B is a multi-user system, you do have the problems associated with root having access to your private key... But if root is evil, he can get around any sort of encrypted telnet scheme if he really wants...) > 3) How do you deal with multiple encryptions? If you have more than > one client who wants to use this program, you have to trust a single > process (unless you run out of inetd, which requires #1) with all the > different keys for all the different users! Currently, everyone would be responsible for their own encryption process. This really isn't meant to be a complete standard, just an ad-hoc solution until telnet's and telnetd's that support encryption become commonplace. > Basically, you're better off using ktelnet/ktelnetd to do this. In > either case you have the same problem with modifying the workstation. Kerberos requires a large amount of support by a site's system admins. Most sites don't yet support kerberos. (Also, kerberos has some problems of its own...) My solution is one that the average person can use without special system software. Thanks for the comments, Bill From grady at netcom.com Fri Apr 23 07:43:10 1993 From: grady at netcom.com (1016/2EF221) Date: Fri, 23 Apr 93 07:43:10 PDT Subject: Exchange fingerprints via radio Message-ID: <9304231443.AA25847@netcom.netcom.com> For other radio amateurs who are readers of this list I'd like to try an experiment in alternative (to the telephone) communication tomorrow, Saturday 4/23/93 at 17:00 UTC (10 am PDT). I'd like to contact as many of you as possible from my modest station in Humboldt County California. For Bay area people, let's try 7265 Mhz; for people elsewhere in the United States and elsewhere in the world, conditons permitting, how about 14.335 at 17:30 UTC. +-for QRM? I will be running 100w into a vertical, call is KN6CP I will be asking for checkins for the "Cypherpunks Net". For those interested, we can do key fingerprint exchanges at this time. Of course non-hams are free to listen on those frequencies (lower SSB for 7265, upper SSB for 14.335). I'd like to explore alternative communications nexi if for example the internet is down for some unforseen reason :-(. 73 de kn6cp Grady grady at netcom.com From a2 at well.sf.ca.us Fri Apr 23 07:49:51 1993 From: a2 at well.sf.ca.us (Arthur Abraham) Date: Fri, 23 Apr 93 07:49:51 PDT Subject: Family Key Message-ID: <199304231449.AA14480@well.sf.ca.us> At this time, there is no reason not to assume that every LE agency will have access to the family key. In the future there is every reason to expect that all LE agencies will develope a pressing need for family key(s) and decrypto equiptment. In the past in Nazi Germany, this sort of traffic analysis applied to telephone call records allowed the LE agencies to round up cells of resistance. To this day, such records are not kept in Germany. -a2. .. From 7025aj at gmuvax2.gmu.edu Fri Apr 23 07:56:45 1993 From: 7025aj at gmuvax2.gmu.edu (7025aj at gmuvax2.gmu.edu) Date: Fri, 23 Apr 93 07:56:45 PDT Subject: Is Rush Limbaugh giving Clinton sh*t about wiretap chip? Message-ID: <9304231457.AA22562@gmuvax2.gmu.edu> I'm under the impression that Rush Limbaugh's address is: 70277.2502 at compuserve.com Would a few articulate defenders of (privacy and) AMERICAN COMPETITIVENESS send him some convincing words, please? G. Gordon Liddy would be another good target, but I don't know his address. From hughes at soda.berkeley.edu Fri Apr 23 08:17:14 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Fri, 23 Apr 93 08:17:14 PDT Subject: encrypted telnet In-Reply-To: Message-ID: <9304231513.AA05622@soda.berkeley.edu> >2) How do you do key distribution? Derek asks this, and suggests using Kerberos. WSK responds by saying that you could encrypt a session key with PGP and send it. WSK replies properly that kerberos is a lot of overhead to get running, but his proposed solution is missing forward secrecy. If the PGP key is ever compromised, then all recorded prior traffic will be available to read. The solution is to use Diffie-Hellman key exchange. I'm not going to explain the details of the algorithm right here, right now, but I'll tell you it's salient properties. Each party makes a random number, applies a one-way function with very special properties, and sends it to the other. Then each party takes their secret number, combines it with the number they were sent, and makes a new (arbitrary) number which will be the same on both sides. This number cannot be derived from the publicly transmitted data. (The very special function is exponentiation in a finite field; those with sufficient math background may consider figuring out the details "a problem left to the reader.") Encrypting session keys with PGP is suggested often enough that this qualifies as a legitimate FAQ. I'll write up a description of this protocol next week if no one has one already written. As a design principle, every live end-to-end session should use D-H to make session keys. Only when you don't have interactivity should session keys be encrypted with a public key. Eric From a2 at well.sf.ca.us Fri Apr 23 08:18:46 1993 From: a2 at well.sf.ca.us (Arthur Abraham) Date: Fri, 23 Apr 93 08:18:46 PDT Subject: Suits Message-ID: <199304231518.AA20418@well.sf.ca.us> Though these missives were much longer than I'd like, they were extremely interesting, with good points on each side.... ...I seem to come down more on Tim's since "cypherpunks" is just a mailing list, and I just can't get scared or insulted by ASCII no matter how hard I try. And the name might wakeup an sleepy reader in a print article. In person (Perry's argument) a mailing list doesn't/can't have a reprentative, else Dotty could subscribe and pass herself off as a list member/representative. Actually, people just represent themselves, and have to be aware of how effective a presenter of their message they are no matter what they are doing. -a2. From yerazunis at aidev.enet.dec.com Fri Apr 23 08:20:22 1993 From: yerazunis at aidev.enet.dec.com (Welcome to Addendia, Mr. Lee. 23-Apr-1993 1109) Date: Fri, 23 Apr 93 08:20:22 PDT Subject: fingerprint keys over ham radio: Message-ID: <9304231520.AA17416@enet-gw.pa.dec.com> One thing to be careful of: Amateur radio must *not* use codes or cyphers to obscure meaning. All information transmission must be in the clear (not necessarily English, but no encryption of data). The one exception is this: codes and cyphers *may* be used to provide checksumming, error correction, and/or authentication. (examples- repeater control codes, autopatch codes, OSCAR control codes, etc. ) The meaning must still be in clear but you are allowed to send a authenticating "signature" in code, as long as the signature contains no information other than authentication itself that was not also transmitted in clear. That's why autopatch protocol requires you to say "I'm turning on the patch" before you transmit the (hopefully secret) autopatch control codes. Please keep this in mind- and be able to prove it to the FCC should they request it. It might even be worth announcing the "authentication only" mode at the start of your net, so both other amateurs and the FCC itself know what to expect. Posting software on a packet BBS for others to download and verify a "no hidden codes" status would probably be a reasonable action and a good protective measure. -Bill, N1KGX From grady at netcom.com Fri Apr 23 09:10:40 1993 From: grady at netcom.com (1016/2EF221) Date: Fri, 23 Apr 93 09:10:40 PDT Subject: radio fingerprinting Message-ID: <9304231610.AA03624@netcom.netcom.com> As N1KGX (William S. Yerazuni of Marloboro MA) points out, echanging PGP fingerprints rather than encrypting messages is completely permitted by FCC regulations (97.113 in particular). Also, amateurs particpating in tomorrow's net are reminded of the callsign server telnet callsign.cs.buffalo.edu 2000 in case their radios are near their net links... you can verify fingerprint, name, call, address, phone, or whatever coevally. Saturday 4/23/93 at 17:00 UTC > (10 am PDT). I'd like to contact as many > of you as possible from my modest station > in Humboldt County California. > > For Bay area people, let's try 7265 Mhz; > for people elsewhere in the United States and > elsewhere in the world, conditons permitting, > how about 14.335 at 17:30 UTC. +-for QRM? 73 de KD6ETH/KN6CP Grady Ward From fergp at sytex.com Fri Apr 23 09:42:26 1993 From: fergp at sytex.com (Paul Ferguson) Date: Fri, 23 Apr 93 09:42:26 PDT Subject: DC Digs Message-ID: <6mwg3B3w165w@sytex.com> On Thu, 22 Apr 1993 19:26:59 -0400, Bob Stratton wrote - BS> I'm more than willing to defer to the majority, though I think BS> there's something to be said for networking the meetings, BS> especially if we have good tools. I've also already received a BS> great deal of response to the idea of a Saturday meeting, even BS> from out-of-towners. To that end, I'm going to post an BS> announcement for a Saturday meeting, and see what happens. BS> Several of us have been planning it for a couple of days now, BS> so don't take it personally or anything. BS> Eric and I have discussed the idea of audio teleconferencing the BS> various meetings, either via the Internet or by phone. I've got BS> both a Sun IPC equipped to do the former, and a Western Electric BS> conference telephone (and 6-way on my switch) for the latter. BS> Well readers, which do you prefer? I'll be there Saturday -- all of you should know by now that (at least for the time being) I'm out-of-town on Mondays (and every other weekday). Also, I just read a message announcing the Boston (Cambridge) area meeting tomorrow as well, along with mention of an electronic conference call to the west coast group. See you there. Cheers. Paul Ferguson | Uncle Sam wants to read Network Integration Consultant | your e-mail... Centreville, Virginia USA | Just say "NO" to the Clipper fergp at sytex.com | Chip... From fergp at sytex.com Fri Apr 23 09:42:58 1993 From: fergp at sytex.com (Paul Ferguson) Date: Fri, 23 Apr 93 09:42:58 PDT Subject: New disclosures on 2600 case (Forwarded message) Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Although it's not directly related to the cypherpunks agenda, I wanted to forward this message to the list to show the lengths that law enforcement agencies will go to do their bidding. Unfortunately, it would appear that we can expect more of the same shady behaviour in the future. 8<------ Begin forwarded message ---------- Date: Wed, 21 Apr 1993 22:18:18 EST Reply-To: David Sobel Sender: Computer Professionals for Social Responsibility From: David Sobel Organization: CPSR Civil Liberties and Computing Project Subject: New disclosures in 2600 case New disclosures in 2600 case As you may recall, last November at a shopping mall outside of Washington, DC, a group of people affiliated with the computer magazine "2600" was confronted by mall security personnel, local police officers and several unidentified individuals. The group members were ordered to identify themselves and to submit to searches of their personal property. Their names were recorded by mall security personnel and some of their property was confiscated. However, no charges were ever brought against any of the individuals at the meeting. Computer Professionals for Social Responsibility ("CPSR") filed suit under the Freedom of Information Act and today received the Secret Service's response to the FOIA lawsuit, in which we are seeking agency records concerning the break-up of the meeting. I think it's safe to say that our suspicions have now been confirmed -- the Secret Service *did* obtain a list of names from mall security identifying the people in attendance at the meeting. There are three main points contained in the Secret Service's court papers that are significant: 1) The agency states that the information it possesses concerning the incident was obtained "in the course of a criminal investigation that is being conducted pursuant to the Secret Service's authority to investigate access device and computer fraud." 2) The agency possesses two relevant documents and the information in those documents "consists solely of information identifying individuals." 3) The information was obtained from a "confidential source," and the agency emphasizes that the FOIA's definition of such a source includes "any private institution which provided information on a confidential basis." Taken together, these facts seem to prove that the Secret Service wanted names, they had the mall security people collect them, and they came away from the incident with the list they wanted. The agency asserts that "[t]he premature release of the identities of the individual(s) at issue could easily result in interference to the Secret Service's investigation by alerting these individual(s) that they are under investigation and thus allowing the individual(s) to alter their behavior and/or evidence." CPSR, in conjunction with EFF and the ACLU, is planning to challenge the actions of the mall security personnel, the local police and the Secret Service on the ground that the incident amounted to a warrantless search and seizure conducted at the behest of the Secret Service. David Sobel CPSR Legal Counsel dsobel at washofc.cpsr.org 8<------ End of forwarded message ------- Cheers. -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK9gSjpRLcZSdHMBNAQG2EwP/VKX6j0F90NYWyfiyyP5C0gjtBVXG1ed4 AzETLqMOVnG+vjRS6h6cSTwoojJHhKhAmQGmW8gDlp98KLRAiY2ULMmxaMTA/cKW jIuECDaKLdA21lPgcPhvKsAqQEHPBv1AALA6WTSeGQ6IRlugPfXE4LX+TBYH6/Q7 f69b7sJZgZ8= =Ou0Z -----END PGP SIGNATURE----- Paul Ferguson | Uncle Sam wants to read Network Integration Consultant | your e-mail... Centreville, Virginia USA | Just say "NO" to the Clipper fergp at sytex.com | Chip... From dstalder at gmuvax2.gmu.edu Fri Apr 23 10:07:33 1993 From: dstalder at gmuvax2.gmu.edu (Darren/Torin/Who ever...) Date: Fri, 23 Apr 93 10:07:33 PDT Subject: MEET: Ad Hoc Washington meeting Saturday 4/24/93 In-Reply-To: <9304221943.AA13465@horton.intercon.com> Message-ID: <9304231708.AA03233@gmuvax2.gmu.edu> Bob Stratton spoke onto the world and said: > > Washington, DC area ad hoc Cypherpunks meeting. > Saturday, April 24, 1993 > 2:00 PM EDT -> not later than 8:00 PM EDT Okay...I'll cancel the Monday night meeting so that we can concentrate on the Saturday meeting. I'll be there too... I'll bring my laptop and pgp keyring and other can bring their keys and we can get more robust in using pgp also. Think free, -- Defeat the Torin/Darren Stalder/Wolf __ Wiretap Chip Internet: dstalder at gmuvax2.gmu.edu \/ PGP2.x key available. Proposal! Bitnet: dstalder at gmuvax Finger me. Write me for Sprintnet: 1-703-845-1000 details. Snail: 10310 Main St., Suite 110/Fairfax, VA/22030/USA DISCLAIMER: A society where such disclaimers are needed is saddening. From tcmay at netcom.com Fri Apr 23 10:23:17 1993 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 23 Apr 93 10:23:17 PDT Subject: WIRETAP: boycotts Message-ID: <9304231723.AA13722@netcom.netcom.com> George Gleason writes: >"AT&T: phones with Big Brother Built Inside!" > >-gg What a great little slogan! Those stickers that say "Intel Inside" could be modified to say something pithy like "Big Brother Inside." Crypto Yippies (Cryppies?) might even wander into stores like Fry's and paste them onto the AT&T phones on display. Professionally-made labels might even remain for months. Just another seditious thought. -Tim -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, smashing of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available. Waco Massacre + Big Brother Wiretap Chip = A Nazi Regime From jrk at information-systems.east-anglia.ac.uk Fri Apr 23 10:28:51 1993 From: jrk at information-systems.east-anglia.ac.uk (Richard Kennaway) Date: Fri, 23 Apr 93 10:28:51 PDT Subject: CLIP: Legal Aspects Message-ID: <13132.9304231213@sys.uea.ac.uk> George Gleason writes: >Clinton has expressed a commitment to civil rights causes, so I don't worryu >about his administration pullling another WAtergate or COINTELPRO, but if we >ever got another bunch of zealous authoritarians in there...! Pardon a perhaps clueless question from a foreigner, but how much control does the US president actually have over a potential bunch of zealous authoritarians elsewhere in the administration, especially in super-secret places like the NSA? How much control is it even possible for one person to hold? -- ____ Richard Kennaway \ _/__ School of Information Systems Internet: jrk at sys.uea.ac.uk \X / University of East Anglia uucp: ...mcsun!ukc!uea-sys!jrk \/ Norwich NR4 7TJ, U.K. From uri at watson.ibm.com Fri Apr 23 10:45:39 1993 From: uri at watson.ibm.com (uri at watson.ibm.com) Date: Fri, 23 Apr 93 10:45:39 PDT Subject: fingerprint keys over ham radio In-Reply-To: <9304231520.AA17416@enet-gw.pa.dec.com> Message-ID: <9304231745.AA15192@buoy.watson.ibm.com> "Welcome to Addendia, Mr. Lee. 23-Apr-1993 1109" writes: > One thing to be careful of: Amateur radio must *not* use codes or > cyphers to obscure meaning. All information transmission must be in > the clear (not necessarily English, but no encryption of data). That's OK - nobody's going to send encrypted data, just the keys...In plain English...And keys' fingerprints... Regards, Uri. ------------ From meyer at mcc.com Fri Apr 23 11:01:10 1993 From: meyer at mcc.com (Peter Meyer) Date: Fri, 23 Apr 93 11:01:10 PDT Subject: Anyone know where I can get a thesaurus by ftp? Message-ID: <19930423180014.9.MEYER@OGHMA.MCC.COM> Note that I need a thesaurus, not a dictionary. From fergp at sytex.com Fri Apr 23 11:11:37 1993 From: fergp at sytex.com (Paul Ferguson) Date: Fri, 23 Apr 93 11:11:37 PDT Subject: Congressional FAX numbers 4/4 Message-ID: <41Zg3B4w165w@sytex.com> [ continued from previous message ] RI 1 Ronald K. Machtley (202)225-4911 (202)225-4417 RI 2 John F. Reed (202)225-2735 (202)225-9580 RI S John H. Chafee (202)224-2921 (202)224-0166 RI S Claiborne Pell (202)224-4642 (202)224-4680 SC 1 Arthur Ravenel (202)225-3176 (202)225-4340 SC 2 Floyd Spence (202)225-2452 (202)225-2455 SC 3 Butler Derrick (202)225-5301 SC 4 Elizabeth J. Patterson (202)225-6030 (202)225-7664 SC 5 John M. Spratt (202)225-5501 (202)225-0464 SC 6 Robin M. Tallon (202)225-3315 (202)225-2857 SC S Ernest F. Hollings (202)224-6121 (202)224-3573 SC S Strom Thurmond (202)224-5972 (202)224-1300 SD 1 Tim Johnson (202)225-2801 (202)225-2427 SD S Thomas Daschle (202)224-2321 (202)224-2047 SD S Larry Pressler (202)224-5842 (202)224-1630 TN 1 James H. Quillen (202)225-6356 (202)225-7812 TN 2 John J. Duncan (202)225-5435 (202)225-6440 TN 3 Marilyn Lloyd (202)225-3271 (202)225-6974 TN 4 Jim Cooper (202)225-6831 (202)225-4520 TN 5 Bob Clement (202)225-4311 (202)225-1035 TN 6 Bart Gordon (202)225-4231 (202)225-6887 TN 7 Don Sundquist (202)225-2811 (202)225-2814 TN 8 John S. Tanner (202)225-4714 (202)225-1765 TN 9 Harold E. Ford (202)225-3265 (202)225-9215 TN S Albert Gore (202)224-4944 (202)224- TN S Jim Sasser (202)224-3344 (202)224-9590 TX 1 Jim Chapman (202)225-3035 (202)225-7265 TX 2 Charles Wilson (202)225-2401 (202)225-1764 TX 3 Sam Johnson (202)225-4201 TX 4 Ralph M. Hall (202)225-6673 (202)225-3332 TX 5 John Bryant (202)225-2231 TX 6 Joe Barton (202)225-2002 (202)225-3052 TX 7 Bill Archer (202)225-2571 (202)225-4381 TX 8 Jack Fields (202)225-4901 (202)225-6899 TX 9 Jack Brooks (202)225-6565 (202)225-1584 TX S Lloyd Bentsen (202)224-5922 TX S Phil Gramm (202)224-2934 TX 10 J. J. Pickle (202)225-4865 (202)225-1103 TX 11 Chet Edwards (202)225-6105 (202)225-0350 TX 12 Pete Geren (202)225-5071 (202)225-2786 TX 13 Bill Sarpalius (202)225-3706 (202)225-6142 TX 14 Greg Laughlin (202)225-2831 (202)225-1108 TX 15 E. (Kika) De la Garza (202)225-2531 (202)225-2534 TX 16 Ronald D. Coleman (202)225-4831 TX 17 Charles W. Stenholm (202)225-6605 (202)225-2234 TX 18 Craig Washington (202)225-3816 TX 19 Larry Combest (202)225-4005 (202)225-9615 TX 20 Henry Gonzalez (202)225-3236 (202)225-1915 TX 21 Lamar S. Smith (202)225-4236 TX 22 Thomas D. DeLay (202)225-5951 TX 23 Albert G. Bustamante (202)225-4511 (202)225-3849 TX 24 Martin Frost (202)225-3605 (202)225-4951 TX 25 Michael Andrews (202)225-7508 (202)225-4210 TX 26 Richard K. Armey (202)225-7772 (202)225-7614 TX 27 Solomon Ortiz (202)225-7742 (202)225-1134 US - George Bush (202)456-2168 UT 1 James V. Hansen (202)225-0453 (202)225-5857 UT 2 Wayne Owens (202)225-3011 (202)225-3524 UT 3 Bill Orton (202)225-7751 (202)225-1223 UT S Edwin (Jake) Garn (202)224-5444 UT S Orrin G. Hatch (202)224-5251 (202)224-6331 VA 1 Herbert Bateman (202)225-4261 (202)225-4382 VA 2 Owen B. Pickett (202)225-4215 (202)225-4218 VA 3 Thomas J. Bliley (202)225-2815 VA 4 Norman D. Sisisky (202)225-6365 (202)225-1170 VA 5 Lewis F. Payne (202)225-4711 (202)225-1147 VA 6 Jim Olin (202)225-5431 (202)225-9623 VA 7 D. French Slaughter (202)225-6561 VA 8 Jim Moran (202)225-4376 (202)225-0017 VA 9 Rick Boucher (202)225-3861 VA S John W. Warner (202)224-2023 (202)224-6295 VA S Charles Robb (202)224-4024 (202)224-8689 VA 10 Frank R. Wolf (202)225-5136 (202)225-0437 VT 1 Bernie Sanders (202)225-4115 (202)225-6790 VT S Patrick Leahy (202)224-4242 VT S Jim Jeffords (202)224-5141 (202)224-1507 WA 1 John R. Miller (202)225-6311 (202)225-0636 WA 2 Al Swift (202)225-2605 WA 3 Jolene Unsoeld (202)225-3536 (202)225-9095 WA 4 Sid Morrison (202)225-5816 (202)225-9293 WA 5 Thomas S. Foley (202)225-2006 WA 6 Norman D. Dicks (202)225-5916 (202)225-1176 WA 7 Jim McDermott (202)225-3106 (202)225-9212 WA S Slade Gorton (202)224-3441 (202)224-9393 WA S Brock Adams (202)224-2621 (202)224-0238 WA 8 Rod Chandler (202)-225-776 WI 1 Les Aspin (202)225-3031 WI 2 Scott Klug 1202)225-2906 (202)225-6942 WI 3 Steve Gunderson (202)225-5506 WI 7 David Obey (202)225-3365 WI 8 Toby Roth (202)225-5665 (202)225-0087 WI 9 F. James Sensenbrenner (202)225-5101 (202)225-3190 WI S Herbert Kohl (202)224-5653 (202)224-9787 WI S Robert Kasten (202)224-5323 (202)224-7700 WV 1 Alan B. Mollohan (202)225-4172 (202)225-7564 WV 2 Harley O. Staggers (202)225-4172 WV 3 Robert Wise (202)225-2711 WV 4 Nick Joe Rahall (202)225-3452 (202)225-9061 WV S John D. Rockefeller (202)224-6472 (202)224-1689 WV S Robert C. Byrd (202)224-3954 (202)224-4025 WY 1 Craig Thomas (202)225-2311 (202)225-0726 WY S Alan K. Simpson (202)224-3424 (202)224-1315 WY S Malcolm Wallop (202)224-6441 (202)224-3230 8<------ End of Forwarded message ----- Cheers. Paul Ferguson | Uncle Sam wants to read Network Integration Consultant | your e-mail... Centreville, Virginia USA | Just say "NO" to the Clipper fergp at sytex.com | Chip... From fergp at sytex.com Fri Apr 23 11:11:45 1993 From: fergp at sytex.com (Paul Ferguson) Date: Fri, 23 Apr 93 11:11:45 PDT Subject: Congressional FAX numbers Message-ID: A friend of mine forwarded this message to me a while back, and I just remembered (Silly me, again) that I had it stockpiled among some of my archives. I suggest that if you are feeling violated by Uncle Sam's sneaky introduction of the Wiretap Chip (Clipper), get off yer duff and make your voice heard. While I'm at home this weekend, I plan on faxing my locally elected Fat Cats on The Hill to let them know that I'm not a happy camper. You should do the same. 8<------- Begin forwarded message -------------- This list supplied by BULLET'N BOARD, 703-971-5565 (voice) or 703-971-4491 (modem). For further information on our lists and software products you can write to BULLET COMMUNICATIONS, 6118 Franconia Rd., Suite 214, Alexandria, VA 22310. ST DIST FIRST LAST PHONE FAX AK 1 Don Young (202)225-5765 AK S Frank H. Murkowski (202)224-6665 (202)224-5301 AK S Ted Stevens (202)224-3004 (202)224-1044 AL 1 Sonny Callahan (202)225-4931 (202)225-0562 AL 2 William L. Dickinson (202)225-2901 AL 3 Glen Browder (202)225-3261 (202)225-9020 AL 4 Tom Bevill (202)225-4876 (202)225-0842 AL 5 Bud Cramer (202)225-4801 AL 6 Ben Erdreich (202)225-4931 AL 7 Claude Harris (202)225-2665 AL S Howell Heflin (202)224-4124 (202)224-3149 AL S Richard Shelby (202)224-5744 (202)224-3416 AR 1 Bill Alexander (202)225-4076 AR 2 Ray Thornton (202)225-2506 (202)225-2506 AR 3 John Paul Hammerschmidt (202)225-4301 (202)225-7492 AR 4 Beryl Anthony (202)225-3772 (202)225-3646 AR S Dale L. Bumpers (202)224-4843 (202)224-6435 AR S David Pryor (202)224-2353 (202)224-8261 AZ 1 John J. Rhodes (202)225-2635 (202)225-0985 AZ 2 (202)225-4065 AZ 3 Bob Stump (202)225-4576 (202)225-6328 AZ 4 Jon L. Kyl (202)225-3361 (202)225-1143 AZ 5 Jim Kolbe (202)225-2542 (202)225-0378 AZ S Dennis DeConcini (202)224-4521 (202)224-8698 AZ S John McCain (202)224-2235 (202)224-8938 CA 1 Frank Riggs (202)225-3311 (202)225-5577 CA 2 Wally Herger (202)225-3076 (202)225-0996 CA 3 Robert T. Matsui (202)225-7163 (202)225-0566 CA 4 Vic Fazio (202)225-5716 (202)225-0354 CA 5 Nancy Pelosi (202)225-4965 (202)225-8259 CA 6 Barbara Boxer (202)225-5161 (202)225-1004 CA 7 George Miller (202)225-2095 (202)225-5609 CA 8 Ronald V. Dellums (202)225-2661 CA 9 Fortney (Pete) Stark (202)225-5065 CA S John Seymour (202)224-3841 (202)224-6031 CA S Alan Cranston (202)224-3553 (202)224-8128 CA 10 Don Edwards (202)225-3072 CA 11 Tom Lantos (202)225-3531 CA 12 Tom J. Campbell (202)225-5411 (202)225-5944 CA 13 Norman Y. Mineta (202)225-2631 CA 14 John T. Doolittle (202)225-2511 (202)225-5444 CA 15 Gary Condit (202)225-6131 (202)225-0819 CA 16 Leon E. Panetta (202)225-2861 CA 17 Calvin Dooley (202)225-3341 (202)225-9308 CA 18 Richard H. Lehman (202)225-4540 CA 19 Robert J. Lagomarsino (202)225-3601 (202)225-3096 CA 20 William M. Thomas (202)225-2915 (202)225-8798 CA 21 Elton Gallegly (202)225-5811 CA 22 Carlos J. Moorhead (202)225-4176 (202)225-1279 CA 23 Anthony Beilenson (202)225-5911 CA 24 Henry A. Waxman (202)225-3976 (202)225-4099 CA 25 Edward Roybal (202)225-6235 (202)225-1251 CA 26 Howard L. Berman (202)225-4695 (202)225-5279 CA 27 Mel Levine (202)225-6451 (202)225-6975 CA 28 Julian C. Dixon (202)225-7084 (202)225-4091 CA 29 Maxine Waters (202)225-2201 (202)225-7854 CA 30 Matthew G. Martinez (202)225-5464 (202)225-5467 CA 31 Mervyn M. Dymally (202)225-5425 (202)225-6847 CA 32 Glenn Anderson (202)225-6676 CA 33 David Dreier (202)225-2305 (202)225-4745 CA 34 Esteban Edward Torres (202)225-5256 (202)225-9711 CA 35 Jerry Lewis (202)225-5861 (202)225-6498 CA 36 George Brown (202)225-6161 (202)225-8671 CA 37 Al McCandless (202)225-5330 CA 38 Robert K. Dornan (202)225-2965 CA 39 William E. Dannemeyer (202)225-4111 (202)225-1755 CA 40 Christopher Cox (202)225-5611 (202)225-9177 CA 41 Bill Lowery (202)225-3201 CA 42 Dana Rohrabacher (202)225-2415 (202)225-0145 CA 43 Ronald C. Packard (202)225-3906 (202)225-0134 CA 44 Randy Cunningham (202)225-5452 (202)225-2558 CA 45 Duncan L. Hunter (202)225-5672 (202)225-0235 CO 1 Patricia Schroeder (202)225-4431 (202)225-5842 CO 2 David E. Skaggs (202)225-2161 CO 3 Ben Nighthorse Campbell (202)225-4761 CO 4 Wayne Allard (202)225-4676 (202)225-8630 CO 5 Joel Hefley (202)225-4422 CO 6 Dan Schaefer (202)225-7882 CO S Hank Brown (202)224-5941 CO S Timothy Wirth (202)224-5852 (202)224-1933 CT 1 Barbara Kennelly (202)225-2265 (202)225-1031 CT 2 Sam Gejdenson (202)225-2076 (202)225-4977 CT 3 Rosa . DeLauro (202)225-3661 CT 4 Christopher Shays (202)225-5541 (202)225-9629 CT 5 Gary Franks (202)225-3822 (202)225-5085 CT 6 Nancy L. Johnson (202)225-4476 (202)225-4488 CT S Joe Lieberman (202)224-4041 (202)224-9750 CT S Christopher J. Dodd (202)224-2823 (202)224- DE 1 Thomas Carper (202)225-4165 (202)225-1912 DE S Joseph Biden (202)224-5042 (202)224-0139 DE S William V. Roth (202)224-2441 (202)224-2805 FL 1 Earl D. Hutto (202)225-4136 (202)225-5785 FL 2 Pete Peterson (202)225-5235 (202)225-1586 FL 3 Charles E. Bennett (202)225-2501 (202)225-9635 FL 4 Craig James (202)225-4035 (202)225-1727 FL 5 Bill McCollum (202)225-2176 (202)225-0999 FL 6 Clifford B. Stearns (202)225-5744 (202)225-3973 FL 7 Sam Gibbons (202)225-3376 FL 8 C. W. Bill Young (202)225-5961 (202)225-9764 FL 9 Michael Bilirakis (202)225-5755 (202)225-4085 FL S Bob Graham (202)224-3041 (202)224-6843 FL S Connie Mack (202)224-5274 (202)224-9365 FL 10 Andy Ireland (202)225-5015 (202)225-6944 FL 11 Jim Bacchus (202)225-3671 (202)225-9039 FL 12 Tom Lewis (202)225-5792 (202)225-1860 FL 13 Porter J. Goss (202)225-2536 (202)225-6820 FL 14 Harry A. Johnston (202)225-3001 (202)225-8791 FL 15 Clay Shaw (202)225-3026 (202)225-8398 FL 16 Lawrence J. Smith (202)225-7931 (202)225-9816 FL 17 William Lehman (202)225-4211 (202)225-6208 FL 18 Ilena Ros-Lehtinen (202)225-3931 (202)225-5620 FL 19 Dante Fascell (202)225-4506 (202)225-0724 GA 1 Lindsay Thomas (202)225-5831 (202)225-6922 GA 2 Charles Hatcher (202)225-3631 (202)225-1117 GA 3 Richard Ray (202)225-5901 GA 4 Ben Jones (202)225-4272 (202)225-8675 GA 5 John Lewis (202)225-3801 (202)225-0351 GA 6 Newt Gingrich (202)225-4501 (202)225-4656 GA 7 George (Buddy) Darden (202)225-2931 GA 8 J. Roy Rowland (202)225-6531 GA 9 Ed Jenkins (202)225-5211 (202)225-0594 GA S Wyche Fowler (202)224-3643 (202)224-8227 GA S Sam Nunn (202)224-3521 (202)224-0072 GA 10 Doug Barnard (202)225-4101 (202)225-1873 HI 1 Neil Abercrombie (202)225-2726 (202)225-4580 HI 2 Patsy Mink (202)225-4906 (202)225-4987 HI S Spark M. Akaka (202)224-6361 (202)224-2126 HI S Daniel K. Inouye (202)224-3934 (202)224-6747 IA 1 Jim Leach (202)225-6576 (202)225-1278 IA 2 Jim Nussle (202)225-2911 (202)225-9129 [ continued next message ] Paul Ferguson | Uncle Sam wants to read Network Integration Consultant | your e-mail... Centreville, Virginia USA | Just say "NO" to the Clipper fergp at sytex.com | Chip... From fergp at sytex.com Fri Apr 23 11:13:45 1993 From: fergp at sytex.com (Paul Ferguson) Date: Fri, 23 Apr 93 11:13:45 PDT Subject: Congressional FAX numbers 3/4 Message-ID: [ continued from previous message ] MT S Max S. Baucus (202)224-2651 (202)224-4379 NC 1 Walter B. Jones (202)225-3101 (202)225-3354 NC 2 Tim Valentine (202)225-4531 (202)225-1539 NC 3 H. Martin Lancaster (202)225-3415 (202)225-0666 NC 4 David E. Price (202)225-1784 (202)225-6314 NC 5 Stephen L. Neal (202)225-2071 NC 6 Howard Coble (202)225-3065 (202)225-8611 NC 7 Charles Rose (202)225-2731 (202)225-2470 NC 8 W. G. Hefner (202)225-3715 (202)225-4036 NC 9 J. Alex McMillan (202)225-1976 (202)225-8995 NC S Terry Sanford (202)224-3154 (202)224-7406 NC S Jesse A. Helms (202)224-6342 (202)224-1376 NC 10 Cass Ballenger (202)225-2576 (202)225-1316 NC 11 Charles Taylor (202)225-6401 (202)225-0519 ND 1 Byron L. Dorgan (202)225-2611 (202)225-9436 ND S Kent Conrad (202)224-2043 (202)224-7776 ND S Quentin Burdick (202)224-2551 (202)224-1193 NE 1 Douglas Bereuter (202)225-4806 NE 2 Peter Hoagland (202)225-4155 (202)225-4684 NE 3 Bill Barrett (202)225-6435 (202)225-0207 NE S Bob Kerrey (202)224-6551 (202)224-7645 NE S J. James Exon (202)224-4224 (202)225-5213 NH - Smith (202)224-2841 (202)224-1353 NH 1 Bill Zeliff (202)225-5456 (202)225-4370 NH 2 DIck Swett (202)225-5206 (202)225-0046 NH S Warren Rudman (202)224-3324 NJ 1 Robert T. Andrews (202)225-6501 NJ 2 William Hughes (202)225-6572 (202)225-8530 NJ 3 Frank Pallone (202)225-4671 (202)225-9665 NJ 4 Christopher Smith (202)225-3765 (202)225-7768 NJ 5 Marge Roukema (202)225-4465 (202)225-9048 NJ 6 Bernard J. Dwyer (202)225-6301 (202)225-1553 NJ 7 Matthew Rinaldo (202)225-5361 NJ 8 Robert Roe (202)225-5751 (202)225-3071 NJ 9 Robert Torricelli (202)225-5061 (202)225-0843 NJ S Frank Lautenberg (202)224-4744 (202)224-9707 NJ S Bill Bradley (202)224-3224 (202)224-8567 NJ 10 Donald Payne (202)225-3436 (202)225-4160 NJ 11 Dean A. Gallo (202)225-5034 (202)225-0658 NJ 12 Dick Zimmer (202)225-5801 NJ 13 Jim Saxton (202)225-4765 (202)225-0778 NJ 14 Frank J. Guarini (202)225-2765 (202)225-7023 NM 1 Steven H. Schiff (202)225-6316 (202)225-4975 NM 2 Joe Skeen (202)225-2365 (202)225-9599 NM 3 Bill Richardson (202)225-6190 NM S Pete V. Domenici (202)224-6621 (202)224-7371 NM S Jeff Bingaman (202)224-5521 (202)224-1810 NV 1 James H. Bilbray (202)225-5965 (202)225-8808 NV 2 Barbara F. Vucanovich (202)225-6155 (202)225-2319 NV S Richard Bryan (202)224-6244 (202)224-1867 NV S Harry Reid (202)224-3542 (202)224-7327 NY 1 George J. Hochbrueckner (202)225-3826 (202)225-0776 NY 2 Thomas J. Downey (202)225-3335 (202)225-1275 NY 3 Robert J. Mrazek (202)225-5956 (202)225-7215 NY 4 Norman Lent (202)225-7896 (202)225-0357 NY 5 Raymond McGrath (202)225-5516 (202)225-3626 NY 6 Floyd H. Flake (202)225-3461 (202)225-4169 NY 7 Gary Ackerman (202)225-2601 NY 8 James Scheuer (202)225-5471 (202)225-9695 NY 9 Thomas J. Manton (202)225-3965 (202)225-1452 NY S Daniel P. Moynihan (202)224-4451 (202)224-9293 NY S Alfonse D'Amato (202)224-6542 (202)224-5871 NY 10 Charles E. Schumer (202)225-6616 (202)225-4183 NY 11 Edolphus Towns (202)225-5936 (202)225-1018 NY 12 Major R. Owens (202)225-6231 (202)225-0112 NY 13 Stephen Solarz (202)225-2361 (202)225-9469 NY 14 Susan Molinari (202)225-3371 (202)225-1272 NY 15 Bill Green (202)225-2436 (202)225-0840 NY 16 Charles B. Rangel (202)225-4365 (202)225-0816 NY 17 Ted Weiss (202)225-5635 (202)225-6923 NY 18 Jose Serrano (202)225-4361 NY 19 Eliot L. Engel (202)225-2464 NY 20 Nita M. Lowey (202)225-6506 (202)225-0546 NY 21 Hamilton Fish (202)225-5441 (202)225-0962 NY 22 Benjamin Gilman (202)225-3776 NY 23 Micheal McNulty (202)225-5076 (202)225-5077 NY 24 Gerald B. H. Solomon (202)225-5614 (202)225-1168 NY 25 Sherwood L. Boehlert (202)225-3665 (202)225-1891 NY 26 David O'B. Martin (202)225-4611 NY 27 James T. Walsh (202)225-3701 (202)225-4042 NY 28 Matthew F. McHugh (202)225-6335 NY 29 Frank Horton (202)225-4916 (202)225-5909 NY 30 Louise M. Slaughter (202)225-3615 (202)225-7822 NY 31 Bill Paxon (202)225-5265 (202)225-5910 NY 32 John J. LaFalce (202)225-3231 (202)225-8693 NY 33 Henry J. Nowak (202)225-3306 (202)225-3523 NY 34 Amo Houghton (202)225-3161 (202)225-5574 OH 1 Thomas Luken (202)225-2216 (202)225-2293 OH 2 Willis Gradison (202)225-3164 OH 3 Tony Hall (202)225-6465 (202)225-6766 OH 4 Michael Oxley (202)225-2676 OH 5 Paul E. Gillmor (202)225-6405 (202)225-1985 OH 6 Bob McEwen (202)225-5705 (202)225-0224 OH 7 David Hobson (202)225-4324 (202)225-1984 OH 8 John A. Boehner (202)225-6205 (202)225-0704 OH 9 Marcy Kaptur (202)225-4146 (202)225-7711 OH S Howard M. Metzenbaum (202)224-2315 (202)224-8906 OH S John H. Glenn (202)224-3353 (202)224-7983 OH 10 Clarence E. Miller (202)225-5131 (202)225-5132 OH 11 Dennis E. Eckart (202)225-6331 (202)225-6331 OH 12 John R. Kasich (202)225-5355 OH 13 Donald J. Pease (202)225-3401 (202)225-0066 OH 14 Thomas C. Sawyer (202)225-5231 (202)225-5278 OH 15 Chalmers Wylie (202)225-2015 OH 16 Ralph Regula (202)225-3876 (202)225-3059 OH 17 James A. Traficant (202)225-5261 (202)225-3719 OH 18 Douglas Applegate (202)225-6265 OH 19 Edward F. Feighan (202)225-5731 (202)225-1230 OH 20 Mary Rose Oakar (202)225-5871 (202)225-0663 OH 21 Louis Stokes (202)225-7032 OK 1 James M. Inhofe (202)225-2211 (202)225-9187 OK 2 Michael L. Synar (202)225-2701 (202)225-2796 OK 3 Bill Brewster (202)225-4565 (202)225-9029 OK 4 Dave McCurdy (202)225-6165 (202)225-9746 OK 5 Mickey Edwards (202)225-2132 (202)225-1193 OK 6 Glenn English (202)225-5565 (202)225-8698 OK S David L. Boren (202)224-4721 (202)224-0154 OK S Donald L. Nickles (202)224-5754 (202)224-6008 OR 1 Les AuCoin (202)225-0855 (202)225-2707 OR 2 Robert F. Smith (202)225-6730 (202)225-3129 OR 3 Ron Wyden (202)225-4811 OR 4 Peter A. DeFazio (202)225-6416 (202)225-0694 OR 5 Mike Kopetski (202)225-5711 (202)225-9477 OR S Mark O. Hatfield (202)224-3753 (202)224-0276 OR S Bob Packwood (202)224-5244 (202)224-9065 PA 1 Thomas Foglietta (202)225-4731 (202)225-0088 PA 2 William H. Gray (202)225-4001 PA 3 Robert A. Borski (202)225-8251 (202)225-4628 PA 4 Joseph P. Kolter (202)225-2565 (202)225-0526 PA 5 Richard Schulze (202)225-5761 (202)225-8464 PA 6 Gus Yatron (202)225-5546 (202)225-5548 PA 7 Curt Weldon (202)225-2011 (202)225-8137 PA 8 Peter H. Kostmayer (202)225-4276 (202)225-5060 PA 9 Bud Shuster (202)225-2431 PA S Harris Wofford (202)224-6324 (202)225-8187 PA S Arlen Specter (202)224-4254 (202)224-9029 PA 10 Joseph McDade (202)225-3731 (202)225-9594 PA 11 Paul Kanjorski (202)225-6511 PA 12 John P. Murtha (202)225-2065 (202)225-5709 PA 13 Lawrence Coughlin (202)225-6111 (202)225-1238 PA 14 William J. Coyne (202)225-2301 PA 15 Donald L. Ritter (202)225-6411 (202)225-5248 PA 16 Robert S. Walker (202)225-2411 (202)225-2484 PA 17 George Gekas (202)225-4315 (202)225-8440 PA 18 Rick Santorum (202)225-2135 (202)225-7747 PA 19 William Goodling (202)225-5836 (202)225-1000 PA 20 Joseph M. Gaydos (202)225-4631 PA 21 Thomas Ridge (202)225-5406 (202)225-1081 PA 22 Austin J. Murphy (202)225-4665 (202)225-4772 PA 23 William F. Clinger (202)225-5121 (202)225-4681 [ continued next message ] Paul Ferguson | Uncle Sam wants to read Network Integration Consultant | your e-mail... Centreville, Virginia USA | Just say "NO" to the Clipper fergp at sytex.com | Chip... From fergp at sytex.com Fri Apr 23 11:13:51 1993 From: fergp at sytex.com (Paul Ferguson) Date: Fri, 23 Apr 93 11:13:51 PDT Subject: Congressional FAX numbers 2/4 Message-ID: [ continued from previous message ] IA 3 David R. Nagle (202)225-3301 (202)225-9104 IA 4 Neal Smith (202)225-4426 IA 5 Jim Lightfoot (202)225-3806 (202)225-6973 IA 6 Fred Grandy (202)225-5476 IA S Charles Grassley (202)224-3744 (202)224-0473 IA S Tom Harkin (202)224-3254 (202)224-7431 ID 1 Larry LaRocco (202)225-6611 (202)225-1213 ID 2 Richard H. Stallings (202)225-5531 (202)225-2393 ID S Steven D. Symms (202)224-6142 (202)224-5893 ID S Larry Craig (202)224-2752 (202)224-2573 IL 1 Charles A. Hayes (202)225-4372 (202)225-7571 IL 2 Gus Savage (202)225-0773 (202)225-8608 IL 3 Marty Russo (202)225-5736 (202)225-0295 IL 4 George Sangmeister (202)225-3635 (202)225-4447 IL 5 William O. Lipinski (202)225-5701 (202)225-1012 IL 6 Henry Hyde (202)225-4561 (202)225-1240 IL 7 Cardiss Collins (202)225-5006 (202)225-8396 IL 8 Dan Rostenkowski (202)225-4061 IL 9 Sidney Yates (202)225-2111 (202)225-3493 IL S Alan J. Dixon (202)224-2854 (202)224-5581 IL S Paul Simon (202)224-2152 (202)224-2223 IL 10 John Edward Porter (202)225-4835 (202)225-0157 IL 11 Frank Annunzio (202)225-6661 IL 12 Philip M. Crane (202)225-3711 IL 13 Harris W. Fawell (202)225-3515 (202)225-9420 IL 14 J. Dennis Hastert (202)225-2976 (202)225-0697 IL 15 Ewing Thomas W. IL 16 John W. Cox (202)225-5676 IL 17 Lane Evans (202)225-5905 (202)225-5396 IL 18 Robert Michel (202)225-6201 (202)225-9249 IL 19 Terry L. Bruce (202)225-5001 IL 20 Richard J. Durbin (202)225-5271 (202)225-0170 IL 21 Jerry F. Costello (202)225-5661 (202)225-0285 IL 22 Glenn Poshard (202)225-5201 (202)225-1541 IN 1 Peter J. Visclosky (202)225-2461 IN 2 Philip R. Sharp (202)225-3021 (202)225-8140 IN 3 Tim Roemer (202)225-3915 (202)225-6798 IN 4 Jill Long (202)225-4436 IN 5 James Jontz (202)225-5037 (202)225-5870 IN 6 Dan Burton (202)225-2276 (202)225-0016 IN 7 John T. Myers (202)225-5805 (202)225-1649 IN 8 Frank McCloskey (202)225-4636 (202)225-4688 IN 9 Lee Hamilton (202)225-5315 IN S Richard G. Lugar (202)224-4814 IN S Dan Coats (202)224-5623 (202)224-8964 IN 10 Andrew Jacobs (202)225-4011 (202)225-4093 KS 1 Pat Roberts (202)225-2715 (202)225-5375 KS 2 Jim Slattery (202)225-6601 (202)225-1445 KS 3 Jan Meyers (202)225-2865 (202)225-0554 KS 4 Dan Glickman (202)225-6216 (202)225-5398 KS 5 Dick Nichols (202)225-3911 (202)225-9415 KS S Robert J. Dole (202)224-6521 (202)224-8952 KS S Nancy L. Kassebaum (202)224-4774 (202)224-3514 KY 1 Carroll Hubbard (202)225-3115 (202)225-1622 KY 2 William Natcher (202)225-3501 KY 3 Romano Mazzoli (202)225-5401 KY 4 Jim Bunning (202)225-3465 (202)225-0003 KY 5 Harold Rogers (202)225-4601 (202)225-0940 KY 6 Larry J. Hopkins (202)225-4706 (202)225-1413 KY 7 Carl C. Perkins (202)225-4935 (202)225-1411 KY S Mitchell McConnell (202)224-2541 (202)224-2499 KY S Wendell H. Ford (202)224-4343 (202)224-1144 LA 1 Bob Livingston (202)225-3015 (202)225-0739 LA 2 William J. Jefferson (202)225-6636 (202)225-1988 LA 3 Billy Tauzin (202)225-4031 (202)225-0563 LA 4 Jim McCrery (202)225-2777 (202)225-8039 LA 5 Jerry Huckaby (202)225-2376 (202)225-2387 LA 6 Richard Hugh Baker (202)225-3901 (202)225-7313 LA 7 James A. Hayes (202)225-2031 (202)225-1175 LA 8 Clyde C. Holloway (202)225-4926 (202)225-6252 LA S J. Bennett Johnston (202)224-5824 LA S John Breaux (202)224-4623 (202)224-9753 MA 1 John Oliver MA 2 Richard E. Neal (202)225-5601 (202)225-8112 MA 3 Joseph D. Early (202)225-6101 (202)225-3181 MA 4 Barney Frank (202)225-5931 MA 5 Chester G. Atkins (202)225-3411 MA 6 Nicholas Mavroules (202)225-8020 (202)225-8023 MA 7 Edward J. Markey (202)225-2836 (202)225-8689 MA 8 Joseph P. Kennedy (202)225-5111 (202)225-9322 MA 9 Joe Moakley (202)225-8273 (202)225-7804 MA S John Kerry (202)224-2742 (202)224-8525 MA S Edward M. Kennedy (202)224-4543 (202)224-2417 MA 10 Gerry Studds (202)225-3111 MA 11 Brian Donnelly (202)225-3215 MD 1 Wayne T. Gilchrest (202)225-5311 (202)225-0254 MD 2 Helen Delich Bentley (202)225-3061 (202)225-4251 MD 3 Benjamin L. Cardin (202)225-4016 (202)225-9219 MD 4 C. Thomas McMillen (202)225-8090 MD 5 Steny H. Hoyer (202)225-4131 (202)225-4300 MD 6 Beverly B. Byron (202)225-2721 (202)225-6159 MD 7 Kweisi Mfume (202)225-4741 (202)225-3178 MD 8 Constance A. Morella (202)225-5341 (202)225-1389 MD S Paul S. Sarbanes (202)224-4524 (202)224-1651 MD S Barbara Mikulski (202)224-4654 (202)224-8858 ME 1 Thomas H. Andrews (202)225-6116 (202)225-9065 ME 2 Olympia J. Snowe (202)225-6306 ME S William S. Cohen (202)224-2523 (202)224-2693 ME S George Mitchell (202)224-5344 MI 1 John Conyers (202)225-5126 (202)225-0072 MI 2 Carl Pursell (202)225-4401 MI 3 Howard Wolpe (202)225-5011 (202)225-8602 MI 4 Frederick S. Upton (202)225-3761 (202)225-4986 MI 5 Paul B. Henry (202)225-3831 MI 6 Bob Carr (202)225-4872 (202)225-1260 MI 7 Dale E. Kildee (202)225-3611 (202)225-6393 MI 8 Bob Traxler (202)225-2806 MI 9 Guy Vander Jagt (202)225-3511 MI S Carl M. Levin (202)224-6221 MI S Donald W. Riegle (202)224-4822 MI 10 Dave Camp (202)225-3561 (202)225-9679 MI 11 Robert W. Davis (202)225-4735 MI 12 David E. Bonior (202)225-2106 (202)225-1169 MI 13 Barbara-Rose Collins (202)225-2261 MI 14 Dennis M. Hertel (202)225-6276 MI 15 William Ford (202)225-6261 MI 16 John D. Dingell (202)225-4071 (202)225-7426 MI 17 Sander M. Levin (202)225-4961 (202)225-1033 MI 18 William Broomfield (202)225-6135 (202)225-1807 MN 1 Timothy J. Penny (202)225-2472 MN 2 Vin Weber (202)225-2331 (202)225-0987 MN 3 Jim Ramstad (202)225-2871 (202)225-6351 MN 4 Bruce F. Vento (202)225-6631 (202)225-1968 MN 5 Martin Olav Sabo (202)225-4755 MN 6 Gerry Sikorski (202)225-2271 (202)225-4347 MN 7 Collin C. Peterson (202)225-2165 (202)225-1593 MN 8 James L. Oberstar (202)225-6211 (202)225-0699 MN S David Durenberger (202)224-3244 (202)224-9846 MN S Paul Wellstone (202)224-5641 (202)224-8438 MO 1 William Clay (202)225-2406 (202)225-1725 MO 2 John Kelly Horn (202)225-2561 MO 3 Richard Gephardt (202)225-2671 (202)225-7452 MO 4 Ike Skelton (202)225-2876 MO 5 Alan Wheat (202)225-4535 (202)225-5990 MO 6 E. Thomas Coleman (202)225-7041 (202)225-4799 MO 7 Mel Hancock (202)225-6536 (202)225-7700 MO 8 Bill Emerson (202)225-4404 (202)225-9621 MO 9 Harold L. Volkmer (202)225-2956 (202)225-7834 MO S John C. Danforth (202)224-6154 MO S Christopher Bond (202)224-5721 (202)224-7491 MS 1 Jamie Whitten (202)225-4306 (202)225-4328 MS 2 Mike Espy (202)225-5876 MS 3 G. V. (Sonny) Montgomery (202)225-5031 (202)225-3375 MS 4 Mike Parker (202)225-5865 (202)225-5886 MS 5 Gene Taylor (202)225-5772 (202)225-7074 MS S Trent Lott (202)224-6253 (202)224-2262 MS S Thad Cochran (202)224-5054 (202)224-9450 MT 1 Pat Williams (202)225-3211 (202)225-1257 MT 2 Ron Marlenee (202)225-1555 (202)225-1558 MT S Conrad Burns (202)224-2644 (202)224-8594 [ continued next message ] Paul Ferguson | Uncle Sam wants to read Network Integration Consultant | your e-mail... Centreville, Virginia USA | Just say "NO" to the Clipper fergp at sytex.com | Chip... From talon57 at well.sf.ca.us Fri Apr 23 11:25:15 1993 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Fri, 23 Apr 93 11:25:15 PDT Subject: Cypherpunks Message-ID: <199304231824.AA07743@well.sf.ca.us> I would like to agree with Tim May about the continued use of the term Cypherpunk. More than anything else it accuratly portrays us as people who do things a little differently. Some of my other associates feel similiar about the use of the term Cyberpunk. I am very curious about the physical nature of the so called "wiretap" chip itself. Recent postings about the exotic nature of it's construction have me wondering. Could there be a hardware backdoor into the chip? I was also considering the value of refering to the clipper as a "Sneaker chip" after the movie. This would have the advantage of revealing it's flaws and the organizations involed at the same time, in a format familiar to the general public. One last thing, my e-mail address is at well.sf.ca.us, but I reside in Chicago IL, I reach y'all via a gateway here at Ameritech, but it's strickly telnet, and ftp for now....... Brian D Williams Cyber/Cypherpunk From kelly at pleiku.netcom.com Fri Apr 23 11:44:39 1993 From: kelly at pleiku.netcom.com ($HOME/.sig) Date: Fri, 23 Apr 93 11:44:39 PDT Subject: encrypted telnet In-Reply-To: Message-ID: <9304231844.AA24377@netcomsv.netcom.com> Please check out IDEA contained within PGP2.2 source code... also look at diffie hellman for session key exchange... cheers kelly -- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.2 mQCNAiqua1sAAAEEAMhfx9J4HPDUZReVFsxS1EZh1jArbIKYtFsL8qit1xCDU8xk Sg/MyOVg37CXv/zKGhjrYt1/F4zntHewIDMm3LkH/G/do74zq1R1NrukD5PUbU8/ aeOvsFmjI3HGJGQNpPXXd8eegxHeggOpQPqLNbsl+VSFY5qka/gXinP2G6VzAAUR tB9rZWxseSA8cGxlaWt1IWtlbGx5QG5ldGNvbS5jb20+tBFzbmFrZUBjYWRlbmNl LmNvbbQdS2VsbHkgR29lbiA8a2VsbHlAbmV0Y29tLmNvbT6JAJUCBRAq0+Yk4nXe Dv9n9wsBAUbXA/9nPYjlRcak+JHZzrU8IHwqvSi/eA8IxKfviB0aaOgEkJOgoSrD FzGl0wq9usgqywl1cG05pHhy9dE5YisPrhQUq7Vo3piOxsrhAxdX3OP14wEfqpIU g23lgq55DKKHVf5ea+/F84mdTO7l3Ef4BzfwdKa7YfsFzLOcjWthwnQa84kAlQIF ECq1XovhoOw8SgKpbwEB8bgD/RkyuGei5GZFmXACvF5tBJ2UsCOmmv1c4y4gFQ6U /YO+lO22kVbW497tKJYZyJIMqCj9AnlhqPePiYrj76n951tF3R5AkmTaBIC1SAB6 2oB7xgOSnrt0LxZJml6cLROM6ZpFYIvOVp5GHGlVWu9vxP7BKo+z4LnzFlQzu83O Et4U =PfOI -----END PGP PUBLIC KEY BLOCK----- From grady at netcom.com Fri Apr 23 11:47:36 1993 From: grady at netcom.com (1016/2EF221) Date: Fri, 23 Apr 93 11:47:36 PDT Subject: transmitting keys and fingerprints Message-ID: <9304231847.AA23525@netcom.netcom.com> uri at watson.ibm.com sez: >the keys...In plain English...And keys' fingerprints... I can automatically transmit all the data in Japanese or several foreign languages if you'd like, thanks to Macintalk and foreign language CD training discs... Hmmm.. that's an idea.. I could legally start QSTing the entire public key database worldwide in your choice of languages... I bet THAT would drive the NSA/FBI absolutely nuts... I guess I will attempt a test of that tomorrow during the cypherpunks radio net. 73 de kn6cp Grady For you code freaks, I can just as easily set up "code practice" by piping it all through supermorse at 13wpm -- sure beats those guy who send 20hrs of Biblical scripture through. From 72114.1712 at CompuServe.COM Fri Apr 23 11:52:49 1993 From: 72114.1712 at CompuServe.COM (Sandy) Date: Fri, 23 Apr 93 11:52:49 PDT Subject: MYKOTRONX Message-ID: <930423184013_72114.1712_FHF38-1@CompuServe.COM> _________________________________________________________________ FROM THE VIRTUAL DESK OF SANDY SANDFORT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Following Harry Shapiro's lead, I did some research on Mykotronx by calling up the California Franchise Tax Board. The bureaurats told me Mykotronx is a California corporation (#1403668) in good standing. Incorporated in April of '87, its address is 357 Van Ness Way; Torrence, CA. They could not tell me if Mykotronx were publicly traded. Its filings with the State are not available for public inspection. S a n d y _________________________________________________________________ PLEASE RESPOND TO: ssandfort at attmail.com (except from CompuServe) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From amb at ground.cs.columbia.edu Fri Apr 23 11:55:10 1993 From: amb at ground.cs.columbia.edu (andrew m. boardman) Date: Fri, 23 Apr 93 11:55:10 PDT Subject: Traffic analysis, anyone? (was: Anyone know where I can get a thesaurus by ftp?) In-Reply-To: <19930423180014.9.MEYER@OGHMA.MCC.COM> Message-ID: <199304231854.AA24203@ground.cs.columbia.edu> [from a help file] FTP directly to the Project Gutenberg archives: ftp mrcnext.cso.uiuc.edu login: anonymous password: your at login cd etext/etext91 [and get the preferred format of roget*; that's roget's thesaurus.] From fergp at sytex.com Fri Apr 23 12:11:26 1993 From: fergp at sytex.com (Paul Ferguson) Date: Fri, 23 Apr 93 12:11:26 PDT Subject: Aiding the cause (or, Spreading the word) Message-ID: <953g3B1w165w@sytex.com> For those of you who do not receive the comp.risks feed, the Wiretap Chip (Clipper) is debate is taking hold on several forefronts. What this tells me is this: People are starting to realize the negative implications of this Big Brother "technology." I say: Great, but there's alot of eyes to open out there and we need to let Joe and Janet Lunchbucket know how this will affect them. 8<------ Begin forwarded message ------------------------ Date: Thu, 22 Apr 93 12:12:44 -0700 From: Mark Seecof Subject: "key escrow" (Clipper Chip; RISKS 14.51) (At the risk of redundancy (with other contributors)): 1. Although gov't press releases and gov't surrogates like Dorothy Denning keep talking about warrants (actually, they say "proper authorization") for Clipper keys, the government has never abandoned (and does not even deny) the practice of conducting warrantless wiretaps for "national security" reasons. How will keys be obtained to decrypt such intercepts? My guess--the security of the "escrow" agencies will be secretly compromised. And then, the time will come when the NSA turns over political or criminal information with little or no "national security/foreign/military intelligence" content to the FBI, etc. My fallback guess is that the Skipjack algorithm will have a back door. 2. The key escrow scheme is a pottery container of fecal matter. Right now in California we are enjoying two scandals involving the release, to unauthorized persons, of "secret" data, by employees of government and private organizations, in violation of: their employers' policies, their own terms of employment, state criminal law, and common (civil) law. These (Anaheim PD employee release of DMV address info to anti-abortion terrorists; various people including police employees giving info to an ADL investigator) are representative, not exhaustive of the problem. Does anybody remember the Walker (U.S. Navy) spy scandal of a few years ago? Walker ring members, despite vetting by the military (perhaps inefficient, but more thorough than likely in civilian agencies), exposure to the most severe legal sanctions, and even the cultural pressures of their military communities, sold out Navy cipher secrets and keys to actual enemies for fairly small amounts of money. N.B.: the Walker ring had no ideological motivations. Anyone who says that the key escrow scheme will protect the privacy of Clipper users is naive, stupid, or wicked. Of course, as someone will point out: "the Walker ring got caught!"--but catching malefactors will not prevent the harm they do before they are detected. 3. The assertion that the government should, by rights, be able to decrypt private communications for "law enforcement" purposes should be challenged. Privacy advocates should not concede this important debate-framing assumption. Advances in digital computing have made it possible for ordinary people to use powerful machine cipher techniques. But such systems will not prevent police agents from eavesdropping directly or by various bugging methods. It may be (I suspect it is so) that depriving the police of convenient wiretapping might have little effect over, say, ten years, on their (police) ability to detect and interfere with criminals. Mark Seecof 8<----- End forwarded message ------------------------- Someone drop this guy a line to get him to join our cause! (Actually, I'v already done that.) We can always use a LA Times cypherpunk, can't we? ;-) Cheers. Paul Ferguson | Uncle Sam wants to read Network Integration Consultant | your e-mail... Centreville, Virginia USA | Just say "NO" to the Clipper fergp at sytex.com | Chip... From crunch at netcom.com Fri Apr 23 12:25:46 1993 From: crunch at netcom.com (John Draper) Date: Fri, 23 Apr 93 12:25:46 PDT Subject: Press, and a spokesperson and other things.. Message-ID: <9304231925.AA23225@netcom4.netcom.com> In regards to the name of the group... I think that we should organize and establish a Public relations group NOT associated directly with the cypherpunks, but with well established people in the industry that can and should put on a professional image to the public and be a spokesperson representing us as a whole. In this sense, the name of "cypherpunks" as our group is totally irrevelant. As far as I'm concerned it's just the name of the mailing list, but I sort of like that name myself, and have on ocassion used it in public interviews etc. It is publically known that I'm involved with the MacPGP effort in the cause to put forth my programming skills to better serve the Cypherpunk community. But I decline to be a spokesperson for several reasons I'll take up privatly with anyone who wants to know. With my bad rap, and somewhat controversial past, I feel that someone else can better serve the cypherpunk community in this PR effort. Just yesterday, I talked with Craig Larson who has offered some PR suggestions, and he says that he might drop by the cypherpunk meeting between 4 and 6 pm. In the meantime, I'll try and elaborate on some of his PR ideas with the group. First off, Craig suggests having 3 or more press briefings seperated by about two weeks, with emphesis on making it very newsworthey, and by professionals attening, such as the cypherpunks spokesperson, perhaps RSA folks, FBI folks, and other people on hand to ask the right questions that should bring out these issues to the public. I've delt with the press before, and all they are interested in is RAW NEWS, and anything else to sell the story. In other words, "money talks and bullshit walks". NEWS!! is the key.... The more controversy we can generate (And important issues) the better we will be able to get the word out to the John Q. Public. There are TV interviews, background stories, and lets not forget recent news of matters not so related to cryptography, such as hacker busts, and other newsworthey things related to the computer industry that CAN be somewhat related and tied to cryptography. The goals of the press meeting would be to get the word out to as many concerned citizens as possible with an emphasis on ANALOGYS such as "Clipper technology is like giving the police the keys to your house" or something like that. JD From kelly at pleiku.netcom.com Fri Apr 23 12:34:35 1993 From: kelly at pleiku.netcom.com ($HOME/.sig) Date: Fri, 23 Apr 93 12:34:35 PDT Subject: CLIPPER: THe battle continues Message-ID: <9304231934.AA00142@netcomsv.netcom.com> > Tim spake: >>George Gleason writes: > >>"AT&T: phones with Big Brother Built Inside!" >> >>-gg > >What a great little slogan! Those stickers that say "Intel Inside" could be >modified to say something pithy like "Big Brother Inside." > >Crypto Yippies (Cryppies?) might even wander into stores like Fry's and >paste them onto the AT&T phones on display. Professionally-made labels >might even remain for months. > >Just another seditious thought. > >- -Tim > > > >- -- >Timothy C. May | Crypto Anarchy: encryption, digital money, >tcmay at netcom.com | anonymous networks, digital pseudonyms, zero >408-688-5409 | knowledge, reputations, information markets, >W.A.S.T.E.: Aptos, CA | black markets, smashing of governments. >Higher Power: 2^756839 | Public Key: MailSafe and PGP available. >Waco Massacre + Big Brother Wiretap Chip = A Nazi Regime > > >------- End of Forwarded Message Now this is an idea I like... what about using the antitheft-metal base tags that leave a surface impression when removed... it currently leaves a checkboard pattern but that could be reworked to say INSECURE , or TAPPED... then post then on every ATT instrument around... including payphones the front of the label could make reference to CLIPPER and give a voicemail number to call for further info... yippie indeed... cheers kelly From grady at netcom.com Fri Apr 23 13:05:12 1993 From: grady at netcom.com (1016/2EF221) Date: Fri, 23 Apr 93 13:05:12 PDT Subject: fear of the NSA/FBI, etc. Message-ID: <9304232005.AA06149@netcom.netcom.com> Some readers have e-mailed me to warn of the consequences of annoying the NSA by QSTing (not "broadcasting" for you part 97.113 freaks) my cipher fingerprint tomorrow at 17:00 UTC (10 am Pacific Daylight Time) on 7265 Mhz and at 17:30 UTC on 14335 Mhz + or - for QRM. You should copy: pub 1016/2EF221 1993/03/16 Grady Ward (707) 826-7715 Key fingerprint = 15 E2 AD D3 D1 C6 F3 FC 58 AC F7 3D 4F 01 1E 2F spoken by my robot after I call the first Cypherpunks net for check-ins. As long as it's legal, fuck the NSA or any other entity that might try to intimidate. The worst kind of censorship is the mind-numbing self-censorship from fear. Hope to net with all you hams tomorrow! With my modest setup I should be able to cover the west coast from Alaska down to LA as far east, maybe, as Arizona on 40m. 20m should be better for people in the midwest. Easterners -- well, we'll see how the propagation is. 73 de kn6cp From crunch at netcom.com Fri Apr 23 13:05:59 1993 From: crunch at netcom.com (John Draper) Date: Fri, 23 Apr 93 13:05:59 PDT Subject: On getting local congressional representation for our cause Message-ID: <9304232006.AA26486@netcom4.netcom.com> I talked with Congressman Starks office today (My district) to discuss what the possibilities are for them to attend a cypherpunks meeting to hear our concerns, and to find out whats possible and the procedures to get them to attend. We would want congresspersons for each of the districts to attend, and people from each district should write them a letter, and include the possible future dates of the Cypherpunks meetings you would want them to attend. Please allow for about 6 weeks for them to schedule in to attend the meetings, as they have lots of other meetings to attend as we all know. After talking to Ron Dellums and Starks office, their procedures are pretty much standardized, and we should have no problem in getting them to attend of we follow their prescribed procedures. They are MOST INTERESTED in hearing our input on this controversial matter, so lets all get together and compose up this letter, and get them off to our local representitives. Before mailing the letter, one should call the local office, and obtain the name of the person who schedules their public appearances to attend such meetings. Once this name is obtained, include it in the letter, Attention Annie Zaitlan (Starks office). We have to do this for every local representitives office in the Bay area. JD From elee9sf at Menudo.UH.EDU Fri Apr 23 13:23:15 1993 From: elee9sf at Menudo.UH.EDU (elee9sf at Menudo.UH.EDU) Date: Fri, 23 Apr 93 13:23:15 PDT Subject: RADIO: keys, ham, and subliminal channels Message-ID: <199304232022.AA29561@Menudo.UH.EDU> > The meaning must still be in clear but you are allowed to send a > authenticating "signature" in code, as long as the signature > contains no information other than authentication itself that was > not also transmitted in clear. That's why autopatch Hmm... if authenticating signatures can be transmitted, then some enterprising and patient cryptographers can also transmit messages, encrypted if desired, back and forth using one of the "subliminal channel" protocols! A subliminal channel allows people to communicate by essentially disguising their true message in the digital signature of the message they transmit openly. It would take several exchanges between the two to transmit a real message, since I recall the subliminal channels I've looked at allow the transfer of a few numbers at a time, but it could be done! /-----------------------------------\ | Karl L. Barrus | | elee9sf at menudo.uh.edu | <- preferred address | barrus at tree.egr.uh.edu (NeXTMail) | \-----------------------------------/ From yerazunis at aidev.enet.dec.com Fri Apr 23 13:45:17 1993 From: yerazunis at aidev.enet.dec.com (Do you know what's in the trunk? 23-Apr-1993 1646) Date: Fri, 23 Apr 93 13:45:17 PDT Subject: subliminal channels on ham radio Message-ID: <9304232045.AA27921@enet-gw.pa.dec.com> KLB says: >Hmm... if authenticating signatures can be transmitted, then some >enterprising and patient cryptographers can also transmit messages, >encrypted if desired, back and forth using one of the "subliminal >channel" protocols! [and goes on to explain such steganography] yes, you could _theoretically_ use steganography in the authentication block, but it would be illegal. Very simply, you must not transmit a message over the Amateur bands if that message contains information that is not "in the clear". And I doubt any ham would knowingly transmit such a message... hams would consider it "poor form". Hams and amateur radio has been self- policing since WW 1 and Hiram Maxim's passage of a congressional bill *making* ham radio self-policing to the greatest extent possible. That's why the US hams were not silenced "for security reasons" during WW I, and the tradition of self-policing ham radio has held up ever since. Besides, essentially *all* ham traffic is monitored- usually by other hams, as well as by shortwave listeners, scanner groupies, and even, occasionally, the FCC. Hams will DF (direction-find) in on anybody on their frequencies who break the rules with the ruthless efficiency of Truly and Justly Annoyed Citizens, and the FCC has (at last!) agreed to accept tapes made by hams as legal evidence in seizure proceedings. Thus, the ham radio frequencies are "the wrong pool to piss in", if you get my drift. -Bill, N1KGX From pmetzger at lehman.com Fri Apr 23 15:31:07 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Fri, 23 Apr 93 15:31:07 PDT Subject: A parable Message-ID: <9304232230.AA11266@snark.shearson.com> I just posted this to the net. ---------------------------------------------------------------------- Newsgroups: alt.privacy.clipper,sci.crypt Subject: A Parable. References: <1993Apr20.013747.4122 at cs.sfu.ca> <1993Apr21.210353.15305 at microsoft.com> Distribution: usa Organization: Partnership for an America Free Drug scottmi at microsoft.com (Scott Miller (TechCom)) writes: >Stikes me that all this concern over the government's ability >to eavesdrop is a little overblown... what can't they do today? >My understanding is that they already can tap, listen, get access >exc. to our phone lines, bank records, etc. etc again. Well, they can't listen in on much of mine, since I already use cryptography for much of my electronic mail, and will start using it for my telephony as soon as practical. However, allow me to tell a parable. There was once a far away land called Ruritania, and in Ruritania there was a strange phenonmenon -- all the trees that grew in Ruritainia were transparent. Now, in the days when people had lived in mud huts, this had not been a problem, but now high-tech wood technology had been developed, and in the new age of wood, everyone in Ruritania found that their homes were all 100% see through. Now, until this point, no one ever thought of allowing the police to spy on someone's home, but the new technology made this tempting. This being a civilized country, however, warrants were required to use binoculars and watch someone in their home. The police, taking advantage of this, would get warrants to use binoculars and peer in to see what was going on. Occassionally, they would use binoculars without a warrant, but everyone pretended that this didn't happen. One day, a smart man invented paint -- and if you painted your house, suddenly the police couldn't watch all your actions at will. Things would go back to the way they were in the old age -- completely private. Indignant, the state decided to try to require that all homes have video cameras installed in every nook and cranny. "After all", they said, "with this new development crime could run rampant. Installing video cameras doesn't mean that the police get any new capability -- they are just keeping the old one." A wise man pointed out that citizens were not obligated to make the lives of the police easy, that the police had survived all through the mud hut age without being able to watch the citizens at will, and that Ruritania was a civilized country where not everything that was expedient was permitted. For instance, in a neighboring country, it had been discovered that torture was an extremely effective way to solve crimes. Ruritania had banned this practice in spite of its expedience. Indeed, "why have warrants at all", he asked, "if we are interested only in expedience?" A famous paint technologist, Dorothy Quisling, intervened however. She noted that people might take photographs of children masturbating should the new paint technology be widely deployed without safeguards, and the law was passed. Soon it was discovered that some citizens would cover their mouths while speaking to each other, thus preventing the police from reading their lips through the video cameras. This had to be prevented, the police said. After all, it was preventing them from conducting their lawful surveilance. The wise man pointed out that the police had never before been allowed to listen in on people's homes, but Dorothy Quisling pointed out that people might use this new invention of covering their mouths with veils to discuss the kidnapping and mutilation of children. No one in the legislature wanted to be accused of being in favor of mutilating children, but then again, no one wanted to interfere in people's rights to wear what they liked, so a compromise was reached whereby all homes were installed with microphones in each room to accompany the video cameras. The wise man lamented few if any child mutilations had ever been solved by the old lip reading technology, but it was too late -- the microphones were installed everwhere. However, it was discovered that this was insufficient to prevent citizens from hiding information from the authorities, because some of them would cleverly speak in languages that the police could not understand. A new law was proposed to force all citizens to speak at all times only in Ruritanian, and, for good measure, to require that they speak clearly and distinctly near the microphones. "After all", Dorothy Quisling pointed out, "they might be using the opportunity to speak in private to mask terrorist activities!" Terrorism struck terror into everyone's hearts, and they rejoiced at the brulliance of this new law. Meanwhile, the wise man talked one evening to his friends on how all of this was making a sham of the constitution of Ruritania, of which all Ruritanians were proud. "Why", he asked, "are we obligated to sacrifice all our freedom and privacy to make the lives of the police easier? There isn't any real evidence that this makes any big dent in crime anyway! All it does is make our privacy forfeit to the state!" However, the wise man made the mistake of saying this, as the law required, in Ruritanian, clearly and distinctly, and near a microphone. Soon, the newly formed Ruritanian Secret Police arrived and took him off, and got him to confess by torturing him. Torture was, after all, far more efficient than the old methods, and had been recently instituted to stop the recent wave of people thinking obscene thoughts about tomatoes, which Dorothy Quisling noted was one of the major problems of the new age of plenty and joy. From 74076.1041 at CompuServe.COM Fri Apr 23 15:36:29 1993 From: 74076.1041 at CompuServe.COM (Hal) Date: Fri, 23 Apr 93 15:36:29 PDT Subject: encrypted telnet Message-ID: <930423220355_74076.1041_FHD84-1@CompuServe.COM> I missed the context because my mailbox overflowed, but Eric mentioned Diffie-Hellman key exchange. If the need is for a one-shot quick-n-dirty session key exchange (as for the audio talk program John Gilmore mentioned) an alternative is to do a quick PGP keygen, send the session key across using the PGP key, then destroy the PGP key. The only reason I mention this is that it can be done in a couple of minutes with existing tools tomorrow, if you need it. Eric is right that if you are designing something from scratch DH is often more appropriate (although PK's allow for authentication if you have a trusted signature, preventing spoofing attacks). Hal From geoffw at nexsys.net Fri Apr 23 16:01:21 1993 From: geoffw at nexsys.net (Geoff White) Date: Fri, 23 Apr 93 16:01:21 PDT Subject: KPFA at Sat Meeting Message-ID: <9304232255.AA05714@nexsys.nexsys.net> I took the liberty of calling KPFA's (The Pacifica Affiliate here in the Bay Area and telling them about this saturday's meeting. I figured we could use the help of the "sympathetic pres" and they do have 50,000 watts of power. We could craft a real good statement that would go out to most of the "activist" types in the area. I've take one or two of their phone calls but have been vectoring them over to John (gnu at toad.com) and Tim` to answer more detailed questions. They seem to know about us as they mentioned John and Eric by name. I sent them the dirtections to the meeting and a couple of e-mail messages (press releases and a few comments) to their account on kpfa at well.sf.ca.us. Hope this is a help not a hinderance. ------------------------------------------------------------------------------- NEXUS SYSTEMS/CYBERTRIBE-5 Editor/Instigator/Catalyst : Geoff White Production Crew : Universal Movement Trinity "They might stop the party, but they can't stop the future" --PGP Public key available upon request-- ------------------------------------------------------------------------------- From valerie at valis.biocad.com Fri Apr 23 17:30:39 1993 From: valerie at valis.biocad.com (Valerie Lambert) Date: Fri, 23 Apr 93 17:30:39 PDT Subject: CLIPPER: Explanation sheet? Message-ID: <9304232306.AA27182@valis.biocad.com> In article , David Reeve Sward writes: >I (along with others) have some sort of phrase in our .signature saying >"Stop the Clipper Chip" or somesuch. Since adding this, I have had >several people ask me about this, and I have fired off an explanation to >them. I am wondering if there is a Wiretap Chip Explanation Sheet to >send to people instead of trying to make sure I remember everything (and >without double-checking everything I say). Has anyone written such a >beast? I have compiled a "layperson's" Clipper-shit I mean sheet containing a very short intro, announcements from the White House, AT&T, the EFF, the CPSR, and various news articles. David, I will mail you a copy. If anyone else wants one, let me know. -- Valerie Lambert * valerie at biocad.com * 415/903-3923 * AT&T: phones with Big Brother Built Inside! Just say "NO" to the Clipper wiretap chip. From fnerd at smds.com Fri Apr 23 18:29:05 1993 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Fri, 23 Apr 93 18:29:05 PDT Subject: Family key is symmetric Message-ID: <9304240107.AA18653@smds.com> As I understand it, the Skipjack system is symmetric, i.e., decrypt key= encrypt key. Also, the unit serial number seems to only get encrypted with the family key. So, once the family key and the algorithm are known, it will be possible to create messages with any unit serial number you want, right? Wouldn't this be enough to foil the casual traffic-analysis feature of the crippler? --fnerd the keyhole chip the wing clipper co-intel inside as seen on whitehouse stationery only open a crack the taped lock cyphergate "Daffy, you quack me up." --Elmer From banisar at washofc.cpsr.org Fri Apr 23 18:53:38 1993 From: banisar at washofc.cpsr.org (Dave Banisar) Date: Fri, 23 Apr 93 18:53:38 PDT Subject: Privacy International (fwd) Message-ID: <9304232159.AA20673@hacker2.eff.org> RE: PI and Clipper Privacy International recently nominated the FBI for its Big Brother Award (see below) for the digital telephony proposal. Need I say more? For more info on PI, check out the CPSR Internet Library at cpsr.org /privacy_international Dave Banisar Director, PI Washington Office (one of my many hats) ------ Forwarded Message The following forwarded from alt.privacy. Anybody have experience with this group? Have they taken a position on the wiretap chip? ... THE BIG BROTHER AWARDS Governments, private sector organizations, credit bureaus, police departments and the military in many countries are engaging in programs which have the effect of eroding the rights and privacy of individuals. These practices often breach international human rights conventions, and threaten the balance or evolution of free and open societies. In many cases, information technology is used for the purposes of increasing the power of authorities, while diminishing the rights of individuals. These violations occur in all parts of the world. The Big Brother awards sponsored by Privacy International, will be given to the organization, initiative, government or act which is most invasive of private life, or which is responsible for the most dangerous and intrusive acts of surveillance. Privacy International believes that there should be a more widespread awareness of these practices. We believe people have the right to know when governments or other organizations are engaging in intrusive practices that limit individual rights. We aim to provide an effective context for viewing these invasive practices, by establishing an international benchmark. The establishment of the Big Brother awards aims to provide a world-wide focus on surveillance and privacy. From honey at citi.umich.edu Fri Apr 23 22:10:51 1993 From: honey at citi.umich.edu (peter honeyman) Date: Fri, 23 Apr 93 22:10:51 PDT Subject: saltzer and schroeder on information protection Message-ID: <9304240438.AA11728@relay1.UU.NET> this is taken from a paper i'm writing with avi rubin. it's not a sound bite, more like a snack. peter =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Experts dismiss systems that hide cryptographic algorithms or protocols (a.k.a. "security through obscurity"). Kahn [1] cites Kerckhoffs' classic treatise on military security [2]. Saltzer and Schroeder [3] reflect the modern view in describing "open design" as one of the basic principles of information protection: The design should not be secret. The mechanisms should not depend on the ignorance of potential attackers, but rather on the possession of specific, more easily protected, keys or passwords. This decoupling of protection mechanisms from protection keys permits the mechanisms to be examined by many reviewers without concern that the review may itself compromise the safeguards. In addition, any skeptical user may be allowed to convince himself that the system he is about to use is adequate for his purpose. Finally, it is simply not realistic to attempt to maintain secrecy for any system which receives wide distribution. 1. D. Kahn, The Codebreakers, Macmillan Publishing Co., New York (1967). 2. A. Kerckhoffs, La Cryptographie Militaire, Libraire Militaire de L. Baudoin & Cie., Paris (1883). 3. J.H. Saltzer and M.D. Schroeder, "The Protection of Information in Computer Systems," Proc. of the IEEE, Vol. 63(9), pp. 1278-1307 (September, 1975). From keenan at acs.ucalgary.ca Sat Apr 24 11:32:09 1993 From: keenan at acs.ucalgary.ca (Tom Keenan) Date: Sat, 24 Apr 93 11:32:09 PDT Subject: hi guys... Message-ID: <9304241830.AA22592@acs3.acs.ucalgary.ca> sub Thomas P. Keenan -- Dr. Tom Keenan, I.S.P. Associate Dean, R&D, Faculty of Cont. Ed. University of Calgary 2500 University Dr. NW Calgary, AB T2N 1N4 CANADA (403) 220-4715 (voice) (403) 284-5702 (fax) keenan at acs.ucalgary.ca (email) From keenan at acs.ucalgary.ca Sat Apr 24 11:32:53 1993 From: keenan at acs.ucalgary.ca (Tom Keenan) Date: Sat, 24 Apr 93 11:32:53 PDT Subject: hi guys Message-ID: <9304241831.AA89944@acs3.acs.ucalgary.ca> sub Thomas P. Keenan -- Dr. Tom Keenan, I.S.P. Associate Dean, R&D, Faculty of Cont. Ed. University of Calgary 2500 University Dr. NW Calgary, AB T2N 1N4 CANADA (403) 220-4715 (voice) (403) 284-5702 (fax) keenan at acs.ucalgary.ca (email) From phantom at u.washington.edu Sat Apr 24 11:35:19 1993 From: phantom at u.washington.edu (The Phantom) Date: Sat, 24 Apr 93 11:35:19 PDT Subject: Summary sheet? Message-ID: Does anyone have a summary sheet they have come up with that I could distribute? With some of my mailings (to my congresspeople, mostly) I'd like to inform them to exactly what I am talking about. Anything this weekend I can get my hands on would help -- Matt Matt Thomlinson Say no to the Wiretap Chip! University of Washington, Seattle, Washington. Internet: phantom at u.washington.edu phone: (206) 528-5732 PGP 2.2 key available via email or finger phantom at hardy.u.washington.edu From MJMISKI at macc.wisc.edu Sat Apr 24 11:36:50 1993 From: MJMISKI at macc.wisc.edu (Matthew J Miszewski) Date: Sat, 24 Apr 93 11:36:50 PDT Subject: DEAD AIR Message-ID: <23042411582967@vms2.macc.wisc.edu> Wow, When the cypherpunks have a physical meeting cyberspace fills with an erie silence... Please for those of us who could neither attend the various meetings nor hook up with other transmissions, could ONE person post a good summary. My Mailbox was actually empty thisafternoon!!! Matt From sommerfeld at orchard.medford.ma.us Sat Apr 24 11:45:05 1993 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Sat, 24 Apr 93 11:45:05 PDT Subject: OSF's DCE In-Reply-To: Message-ID: <9304241349.AA00464@orchard.medford.ma.us> OSF's DCE is a "distributed systems toolkit" which provides tools and infrastructure for building distributed systems. The relevant point to cypherpunks is that it uses cryptographic techniques to provide authentication and (optionally) data privacy using DES and Kerberos V5. Unfortunately, the data privacy features must be disabled in the exportable versions. Contact the OSF or any of the many vendors (HP, IBM, DEC, Transarc, ...) selling ports of the code for more details. - Bill From pcw at access.digex.com Sat Apr 24 12:19:05 1993 From: pcw at access.digex.com (Peter Wayner) Date: Sat, 24 Apr 93 12:19:05 PDT Subject: saltzer and schroeder on information protection Message-ID: <199304241352.AA11064@access.digex.com> Although the "details" are classified at this time, I believe that the secrecy is just part of the plan to prevent software implementations that could easily spoof anyone who was trying to listen in by munging the law enforcement block. I'm sure the algorithm would continue to be secure even after the details are discovered. The secrecy is to control use not to prevent decryption. This is, I believe, the greatest achilles heel of this proposal. There are at least 40 million PC's in this country. They would like this chip to become the "standard" for all encryption. That would mean putting in every machine. The cost of this could range from $25 to $100 per machine. That means this whole plan could cost $1 billion to $4 billion dollars in real money. A new software encryption standard, however, could be promulgated with about one summer's work by an undergraduate handy with C. I believe that people aren't going to be willing to add the additional hardware to their PC boxes. Look how slowly better video standards have evolved in the PC domain. Look how slowly CD-ROMs are becoming standard. Everyone agrees that this technology would be nice, but no one is willing to raise the level of their standard boxes to include this hardware. Raising the price of their standard box puts them at a competitive disadvantage. So the lowest common denominator continues. DES chips have been around for _years_ and no one builds them into their boxes. Why is this chip going to be any different? -Peter From simona at Panix.Com Sat Apr 24 12:43:07 1993 From: simona at Panix.Com (Simona Nass) Date: Sat, 24 Apr 93 12:43:07 PDT Subject: SEA Letter to New York Times Editors re Clipper (fwd) Message-ID: <199304241942.AA14929@sun.Panix.Com> I faxed this out last night. The press release is our next step. We are looking to put together a more detailed, more technologically savvy version to send to computer mags and stuff. Those who want to help, subscribe to sea-media-request at panix.com. We can use your help on this next version. -S. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Society for Electronic Access Post Office Box 3131 Church Street Station New York, NY 10008-3131 Internet: sea at panix.com Phone Contact: Steve Barber, (212) 787-8421 April 23, 1993 Via Fax: (212) 556-3690 Letters to the Editor The New York Times 229 West 43rd St. New York, NY 10036 Dear Editor: Last week the Clinton Administration proposed a new standard for encrypting telephone messages and other electronic transmissions (see John Markoff's articles in the New York Times, "Electronics Plan Aims to Balance Government Access With Privacy," April 16, 1993, p. A1, and "Communications Plan Draws Mixed Reaction," April 17, 1993, p. 35). The announcement took by surprise many people who are concerned with the security and privacy of digital communications. The Society for Electronic Access, an organization concerned with civil liberties and access issues involving computers, believes that the government is acting with undue speed in its desire to begin widespread use of the "Clipper chip" in six months, before the full implications of its plans have been explored. We strongly believe that more thought and study should be directed to the government's decision. In its haste to mediate between the desire of government agencies to intercept unlawful communications and the right of citizens to privacy, the administration may end up promoting a plan that is responsive to neither side. Among the issues that raise serious concerns: + Other encryption techniques currently in wide use have been subjected to rigorous public scrutiny, but the "Skipjack" algorithm embodied in Clipper is secret. No one knows whether it may contain unforeseen vulnerabilities or even deliberately-inserted backdoors for easy decoding. Examination by a government-picked panel of cryptographic experts is not sufficient to guarantee its security -- and certainly not the abbreviated examination that would be possible under the administration's fast-track plan for putting Clipper into service. At a very minimum, the Administration has an obligation to allow inspection by more independent experts, and to say why this scheme must be kept private, while other encryption standards of the past two decades have been widely published + The proposal to hold user's keys in escrow for wiretapping is inadequately defined. No one knows who will hold the keys, how they will protect the key database from illicit access or how a Clipper phone might be re-secured once its keys have been released for tapping. (Consider, by the way, that a magnetic tape cartridge holding keys for all the telephones in America could fit in a shirt pocket.) Such crucial issues should be settled before Clipper is even considered. + By throwing its weight behind the Clipper chip, the government appears to be unfairly subsidizing a handful of companies at the expense of the rest of the U.S. telecommunications industry. (Indeed, others who have attempted to develop secure communications equipment have as often as not found roadblocks thrown in their way.) The rationale for awarding such an enormous potential windfall is unclear. + Because the Clipper chip is not intended for export, U.S. companies that adopt it could be at a serious disadvantage in international markets. They would have to develop and maintain dual product lines or else cede the global competition for secure telecommunications to other nations. The government should abandon its attempt to rush Clipper-based equipment into the market until these and other issues have been addressed. Although introduction of the Clipper chip does not (at least at the moment) appear intended to foreclose the development and sale of other encryption technologies, the government's preferred solution is likely to have a strong impact. If it turns out to be vulnerable, or if it impedes the entry of U.S. firms into the international market for secure telecommunications, both our constitutional freedoms and our economic competitiveness will be severely damaged. Any technology that bears such risks must be subjected to thorough public scrutiny and open debate before a decision is made on whether to adopt it. Sincerely, Simona Nass President Board of Directors: Stacy Horn Joe King John McMullen Simona Nass Lance Rose, Esq. Alexis Rosen Paul Wallich From mmidboe at uahcs2.cs.uah.edu Sat Apr 24 14:14:19 1993 From: mmidboe at uahcs2.cs.uah.edu (Matt Midboe Computer Science Dept., Univ. of Alabama-Huntsville) Date: Sat, 24 Apr 93 14:14:19 PDT Subject: CLIPPER: Intergraph and AT&T Message-ID: <9304240833.AA09866@uahcs2.cs.uah.edu> Some quick tidbits from a lurker...I had read about Intergraph being unhappy with AT&T. I called up Intergraph and talked to someone in their legal department about the possibility of them going after AT&T for trademark infringements. She said they were looking into that possibility, and asked me to send her what information I could on Clipper. Hopefully this will prove to be fruitful in disarming the Wiretap Chip. I'd post her email address but I don't have it at home with me right now. Also, this doesn't fall in line with the Wiretap chip, but has anyone implemented fossil routines with some type of encryption? I am not completely familiar with the ins and outs of cryptography but I am more than willing to write up all the fossil routines for a dos machine. I guess dos is the only thing that has fossils though. Lastly, I just wanted to see what other Huntsville cypherpunks might be lurking about. If so then I would like to hear from you. mmidboe at uahcs2.uah.edu From x62727g2 at usma8.USMA.EDU Sat Apr 24 16:56:03 1993 From: x62727g2 at usma8.USMA.EDU (Gatlin Anthony CDT) Date: Sat, 24 Apr 93 16:56:03 PDT Subject: Wiretap Chip Message-ID: <9304242352.AA03691@usma8.usma.edu> Intellectual Marvels and Omniscient Beings, I am looking for some books on advanced bit manipulation techniques, matrix manipulation algorithms, and variant functions. Does anyone have a good bibliography? Also, if you have the source code for any of these things, I would be interested in seeing it. Thank you very much! Anthony J. Gatlin |-------------------------------------| Cadet Private, Co. G-2 |PGP Public Key available on request. | United States Military Academy |-------------------------------------| From tburns at gmuvax.gmu.edu Sat Apr 24 18:22:30 1993 From: tburns at gmuvax.gmu.edu (Dave Burns) Date: Sat, 24 Apr 93 18:22:30 PDT Subject: CLIPPER: Explanation sheet? Message-ID: <9304250123.AA02389@gmuvax2.gmu.edu> >I have compiled a "layperson's" Clipper-shit I mean sheet containing a very >short intro, announcements from the White House, AT&T, td various news articles. David, I will mail you a copy. If anyone >else wants one, let me know. > >-- >Valerie Lambert * valerie at biocad.com * 415/903-3923 * AT&T: phones with Big >Brother Built Inside! Just say "NO" to the Clipper wiretap chip. May I have one? Wouldn't it be easier to just post it? Conside------------------------------------- Dave Burns tburns at gmuvax.gmu.edu 10310 Main St. #116 Fairfax, VA 22030 (703)993-1142 Wiretap Chip:IMPOSSIBLE (was Breakfast) ------------------------------------- From szabo at techbook.com Sat Apr 24 18:47:13 1993 From: szabo at techbook.com (Nick Szabo) Date: Sat, 24 Apr 93 18:47:13 PDT Subject: Consumer phone privacy info sheet Message-ID: Greetings cypherpunks, I'm preparing this consumer phone privacy info sheet to post to libernet, misc.consumers, etc. Any corrections or further information greatly appreciated. ---------------------------------------------------------------- Instead of developing phones allowing truly private conversations, which are now feasible, AT&T recently put a phone on the market that contains the NSA-designed "Clipper" wiretap chip. All users' encryption keys are registered with the U.S. government, giving it exclusive access to wiretapping this system's phones. The use of an unpublished algorithm and other features also make the system insecure; see the newsgroups sci.crypt and the mailing list "cypherpunks", cypherpunks-request at toad.com for details. AT&T by this action has demonstrated its contempt for its customers' privacy. Here are some other long-distance providers that may have more respect. All U.S. long-distance companies are required to surrender to telephone taps under government "authorization", but some require more "authorization" than others, or otherwise make a greater fuss about it. Companies which use primarily multichannel fiber optic lines are physically more difficult to tap. Allnet Long Distance Services 1-800-783-2020 MCI, commercial 1-800-888-0800 MCI, residential 1-800-950-5555 Metromedia Communications Corp. 1-800-275-2273 One-2-One Communications 1-800-293-4121 Sprint, residential 1-800-877-7746 Sprint, business 1-800-733-5566 True privacy can be obtained with a veil of encryption, by using pairs of phones containing privacy chips, which scramble the signals *and* keep the keys private. Contact your local business telephone dealers for privacy phones from Ericson and other companies. Please e-mail me detailed info on these phones, and also further info on long distance services, and I will post a summary along with my own research findings. Nick Szabo szabo at techbook.com Protect your electronic privacy with PGP -- public key available From gnu at cygnus.com Sat Apr 24 20:01:42 1993 From: gnu at cygnus.com (gnu at cygnus.com) Date: Sat, 24 Apr 93 20:01:42 PDT Subject: Brainstorm results from today's meeting Message-ID: <9304250301.AA00503@cacophony.cygnus.com> We brainstormed questions and issues resulting from Clinton's crypto policy review and `Clipper' proposal. Here's the raw results. Cypherpunks, please read it over; clarify your own questions if they didn't get transcribed correctly, and send me the updates (as Unix diffs or context diffs) at: gnu at toad.com. I'll collate the changes, and repost this document to cypherpunks. When we're happy with it, the group can disseminate it to sci.crypt, news media, or whoever else. John Gilmore Cypherpunks brainstorm question list (copy to tenney at netcom.com) Why is ATT the only one to find out early about this chip? Why was it developed in secret? Why not a competitive bid? How much will it cost the taxpayers and the government to maintain these two escrow agencies? How much will escrow cost? Who will pay for escrow? what's the smallest number of people who could compromise this system (in various configurations)? What are the court, legislative, execute and wartime excuses for the control of crypto? Is emulation of clipper illegal? Is reverse engineering illegal? Is revealing algorithm (reverse engineered etc) illegal? Consequences to the public if the algorithm or family key is revealed? Does key escrow violate ED trade rules (the data protection aspects, too)? What's the protocol for generating keys? How to regain privacy once a wiretap has been done? Does a subpoena reveal earlier, recorded conversations? How many people will know the family key? Why hand out keys during a wiretap rather than give the cyphertext to the escrow agency for decode? What sort of escrow agencies have been considered? Is it constitutional to delegate escrow to a private agency? Is there a "separation of powers" issue? How many people have access to the secret keys during generation? Will smaller groups be able to establish their own escrow agencies? How about privileged conversations (lawyer, doctor, clergy, client)? Will the NSA claim that there is no alternative way to read messages without the key(s)? (How) will U.S. escrow rules have an affect on other crypto systems like DigiCash? Will US take subpoenas from foreign countries? What protects US citizens fro foreign governments with violative laws? What effect occurs for multinational companies? Impact on intelligence gathering? Can traffic analysis be done with serial number? Will traffic analysis be done with serial number? Will keys be shared with foreign intelligence organizations? How many systems will there be to that can be used to decrypt? Who will control them? Would knowing the algorithms compromise security? If not, why not publish them? If yes, what would be the effect of their discovery? What protections do we have against blackmailing by escrow agents? What about steaganography? Will escrowed keys be shared with foreign intelligence organizations? Will the make chips available now for reverse engineering? Will it be illegal to encrypt before using clipper? How to enforce? Will intelligence agencies be able to listen to the conversations they are legally allowed to? Will any decryption devices be made available to foreign intelligence organizations? What's the lifetime flow of keys from manufacturer, to escrow, to wiretap agencies? What protects the keys at each stage? Why the hurry? Why no public evaluation before deployment? Where will all the decryption devices be kept? What was the policy-making procedure that was followed in producing this plan? Who owns/controls Mykotronix? Is the key escrow process online of offline? Where will all the decryption devices be? Since Skipjack was developed with government funds, how much is Mykotronix compensating the government for their monopoly? How are keys generated? Where are keys generated? How many key generation places/devices will there be? Who gave the government the right to listen in? How to citizens supply input to the crypto process? How to find out the status? How much will it cost to get a registered key? Does the government believe citizens have the right to use/sell crypto systems of our own choice? Is the review process classified? Do we have access to the outcome? Why? First and Fifth Amendment issues? Why was the Legislature not involved? Why was industry not involved? What evidence supports the governments claimed need to break into our conversations? What is it worth, breaking into our conversations? How much cost should we bear? What are the costs today of wiretaps? Will we have to register to buy secure devices? Will there be restriction on who can buy or sell them? Are the escrowed keys tied to hardware or people? Can we sell our clipper devices without re-registration? Will Clipper be exportable? Will individuals be able to take them overseas for personal use? How long has this process been underway? Which agencies have been involved? How long each? Is Clipper only for voice, or data and other applications too? Does it make sense to use Clipper for data storage? Is Clipper intended to replace DES in all applications? What scenarios dive the design of crypto policy? What scenarios drive the design of Clipper? What alternatives to Clipper have been considered? How many successfully prosecuted terrorist cases have included wiretap evidence? What is the expected useful lifetime of the Clipper technology? During the useful life what percent of keys is expected to be revealed? What other "family" members will be differentiated by different family keys? Have they filed an EIR on this? Will it be possible to reuse a device which has been compromised? What is the impact on society if the Clipper initiative doesn't succeed? How can a citizen tell if a Clipper-equipped product has been compromised by a prior tap? Can the chips be built overseas? Can they be imported? Have any Clipper chips been introduced to use yet? Where are those keys escrowed now? What challenge process have the Clipper chips survived? What's an appropriate challenge process for crypto systems? Who are the people with access to all the work products to build the chips -- masks, net lists, wafers, half-built wafers, reject wafers? What are the mechanisms for destroying the work products? What is the procedure when the family key is revealed? How can the public be sure keys will only be revealed upon proper warrant? How does a company qualify to manufacture Clipper chips? What does it cost? What environmental conditions will cause the chips programmed data to be lost? How does this (crypto) policy/process impact companies with existing or future business in crypto? How will backups of escrow agents be protected? How many single points of failure are in the system? Have war planners blessed the plan as acceptable risks during wartime? What agencies have approved this plan? What agencies have DISapproved this plan? Given a single point of failure, what are the implications to national security? What about Clipper chip second-source in case of inability to manufacture? What impact on the economy would a temporary or permanent problem in Mykotronix have? Is this system immune to spoofing? Are Clipper-encrypted devices more susceptible to jamming than other systems or plaintext? Does escrow release allow spoofing that user? Does family key allow any user to be spoofed? To hear both sides of a conversation, do you need two keys and two warrants? What kinds of protection is the government trying to encourage? Traffic analysis, Authenticity privacy, anonymity? What is the question for which Clipper is the answer? What was it's design goals? How will leaks in the registration process or escrow process be detected? (viz. leaks by SSA employees?) How long will use remain voluntary? Do citizens have the right to use any encryption system? Do citizens have the right to research any encryption system? Do non-citizens have the right to use/research encryption systems? What agency will be responsible for auditing the escrow process or use of revealed keys? Is there civil or other liability for escrow agents who reveal keys illegally? Will we get specifications of the Clipper interface so that we can build our own encryption chips? Will the chip transmit identifying info in the clear? As part of the standard protocol? As an option? Are users required to use the protocols as specified if they use the chip in their products? What does the government see as it's role in setting standards for domestic cryptography? How to restore security after a wiretap? What is the numerical risk of the system being cracked within a year? 5 years? 10 years? What is the risk of it's being cracked without the knowledge of the public? Will government feel that it is legal to record encrypted conversations without violated the subjects rights? (Because it is secure.) What measures will the government use to promulgate this proposal? Has government offered incentives to companies to encourage them to adopt it? How long will it take from warrant to obtain keys? (Fast response for terrorists?) How will the number of revealed keys be limited? By law? Currently less than 1000 wiretaps/year.) Will Clipper chips be allowed or required in pay phones? Is this proposed to be accompanied by changes to the phone systems as the Digital Telephony proposal suggested? Who bought Dorothy Denning and for how much? Where does Dorothy Denning's funding come from? If wiretappers record conversations how long will the be able to save them? Is Clipper suitable for use in a national health care information system? What are the national security implications of the availability of unavailability of encryption? What is the cost of alternative involving direct interception of voice using microphones? How will the other (non-search-warranted) person involved in a wiretap be protected? How does the government feel about a foreign company doing business in the US and talking to their own governments? How will encrypted cellular phone standards be determined? In a public process? How will end-to-end encryption standards for phones be determined? How will these be made interoperable? What is the legal process required to tap a persons communications? Then what further process is needed to decrypt intercepted communication? How will this scheme prevent criminals from circumventing the system? (Buy a phone, use it only once, etc) Does Clipper reveal the chip phone number it's receiving from, in normal operation, like caller ID? Can law enforcement ask for it's own keys (eg. in a sting operation?) Can citizens query the escrow database for their own keys? Can users determine their own chip number? How does this interface with ISDN? Does a warrant give access to all phones in the house (or other warranted site)? How will this jeopardize citizen's rights to anonymity in voting (and electronic voting)? Does this technology enable the same invasions as caller ID? What is the procedure if a phone is stolen? Why don't we develop a privacy policy rather than a policy on cryptography? What is the governments policy on privacy with respect to cryptography? What is the reaction from Data Protection Boards in other countries? Can an individual ask whether or not that are being wiretapped? What changes are recommended in those laws? What are they going to do about RSA patents on which they are infringing? Will a search warrant cover a phone, a line, a person, or device, or place? What is going to be done about "Clipper" trademark conflict? Can you find the unit key of your own device? What will be done about other patents being infringed? What are the implications of swapping chips between devices? How to government and private need for privacy differ? Is it worth risking the privacy of 240 million citizens for 1000 wiretaps a year? In what other areas can this technology be used (camcorders, FAX, etc) How will clipper keep up with current advances in semiconductor speed, given restrictions on who can build them? Who is Clipper for? Who benefits? Is chip packaging part of security of the device, or is it all in the fab? (eg. can it fit in any desirable package.) How does technology and fab requirements affect yield and price? How will chips and devices be tested? Are there "undocumented" test modes that might reveal properties of the algorithm or programming? How does current Clipper design relate to the designers previous designs? (personal design style, libraries used, etc) Could Clipper be integrated economically with a general purpose CPU? What statistics will the chip main on-board? Who will get specs? What info will Clipper subliminally transmit in messages? How does the strength of Clipper compare to DES, RSA, or IDEA? How does the efficiency compare? Do you plan to monitor peoples movie choices selected via "video dialtone" services? Will there be a mechanism for particular people to keep their IDs out of the database? (judges, law enforcement, etc) Will the NSA or law enforcement use Clipper themselves? Will their keys be escrowed in the same way? If Clipper is not good enough for law enforcement etc why is it good enough for private individuals? What secondary uses (without serial numbers) will be made of the escrow database? (ie. counts of families, where families were sold/shipped, etc) Will chip numbers be correlated with personal ID (soc sec number, etc)? How will they ensure that further uses of the escrow data base be prevented? (see census database misuses) What happens if a (the?) Global Crypto Review policy says Clipper is a bad design? What if it says that the government shouldn't be setting crypto policy? What is the implication of another company/country produces a competing device? Why is DES still not exportable? What is the cost to commerce of export controls on crypto? Cost to privacy? Cost to civil liberties? Cost to trust in government? Cost to programs where crypto is ancillary (Prokey, Aldus Freehand, PKZIP, etc) "Not for export outside US or Canada" How would a non-escrowed-key crypto policy work? How does export control of a work of art or literary work survive a First Amendment challenge? Can crypto source code be exported on paper, in a book, in human readable form? Can the same code be exported as bits? As bar code? Printed? What cryptographic systems can currently be cracked by the NSA? At what cost? How much has been spent on crypto research in the last 50 years? How many fundamental mathematical breakthroughs have been made and revealed? How many are still secret? What is the cost to society of the secrecy? Would disclosure of the Skipjack/Clipper process/method/algorithm compromise it? How will we find reputable independent cryptographers who are willing to live within the limits imposed by getting a security clearance? What tangible results have benefited society from the intelligence community? Were they worth the cost? Has the intelligence community ever prevented a nuclear war? A terrorist attack affecting N (100,000?) people? How does the security of ClipperPhones compare to STU-35's? The cost? How many patent secrecy orders on crypto exist? Communications secrecy? Total number of patent secrecy orders are now in effect? What is the expected incidence of finding encrypted material in wiretaps without Clipper? How many crypto documents been declassified and reclassified? Why? By what authority did the NSA stop the phone encryption standard? What is the proper role in NSA setting domestic cryptography standards? ...policy? How can NIST be made independent of the NSA influence in setting domestic policy? How does secrecy detract from America's global competitiveness? What would be the international equivalent of "Clipper", allowing international business and wiretapping by all the governments? How many Clipper chips does the government expect one person to own? Can a free society be founded upon a societal model that assumes no ability to have truly private conversations? Can strong cryptography be outlawed while keeping freedom of inquiry and expression? How does Clipper interrelate with ISDN? Should the Federal government be allowed to accomplish with it's commercial and publicity activities what is prohibited from doing with it's enumerated powers? Will Clipper allow banks to stop using DES? If stored data can be encrypted with Clipper, can a warrant be obtained to decrypt stored information? What procedural safeguard will exist, like special requirements for wiretap requirements? Under what conditions or protections can a person be forced to reveal your keys? ...an escrow agency...? How can freedom of conscience be preserved when there is no privacy? Can Clipper be used for authentication? Can the government circumvent this if so? Are there different levels of protection for different types of data? Why is Capstone chip just made known to the public? -- THAT'S ALL FOLKS!! From mdiehl at triton.unm.edu Sun Apr 25 02:30:36 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Sun, 25 Apr 93 02:30:36 PDT Subject: garbage files from pgp. Message-ID: <9304250754.AA07568@triton.unm.edu> I'm still having problems with pgp. Sometimes when I use the program to encrypt a file, I get an output file full of trash. Other times, it works fine. I don't understand. Is this a bug, or am I just not using it righ, still? Thanx in advance. +-----------------------+-----------------------------+---------+ | J. Michael Diehl ;-) | I thought I was wrong once. | PGP KEY | | | But, I was mistaken. |available| | +-----------------------------+---------+ | mdiehl at triton.unm.edu | "I'm just looking for the opportunity | | mike.diehl at fido.org | to be Politically Incorrect! | | (505) 299-2282 | | +-----------------------+---------------------------------------+ From whitaker at eternity.demon.co.uk Sun Apr 25 05:00:40 1993 From: whitaker at eternity.demon.co.uk (Russell E. Whitaker) Date: Sun, 25 Apr 93 05:00:40 PDT Subject: MEETING: UK Cryptoprivacy Association Message-ID: <4398@eternity.demon.co.uk> -----BEGIN PGP SIGNED MESSAGE----- Meeting of the UK Cryptoprivacy Association - ------------------------------------------- Saturday, 8 May 1993, 1500 To be held at the offices of: FOREST 4th floor 2 Grosvenor Gardens London SW1W 0DH This is located at the corner of Hobart Place, a couple of blocks west of Victoria Station, and almost directly across from the dark green cabbie shelter. If you have trouble finding the place, please call the office on 071-823-6550. Or, call me (Russell Whitaker) on my pager, 081-812-2661, and leave an informative message with the telephone number where you can be reached; I will return the call almost immediately. Discussion will range from the usual general topics, such as the use of secure public key cryptosystems to protect message data, to specific topics, such as recent moves by the U.S. government to restrict choice in data privacy (reference recent discussion on Usenet groups, e.g. sci.crypt and alt.security.pgp). All are invited. Particularly welcome are members of the newly-formed UK CommUnity group ... the local EFF-in-spirit-if-not-in-name folks. Those who plan to attend should email me and let me know. Please. All attendees are requested to bring diskettes - preferably MS-DOS - with their PGP 2.+ public keys. As is usual at these gatherings, several of us will bring our laptops, and will sign public keys, subject to the usual caveats (reference the documentation for PGP 2.2, specifically files PGPDOC1.DOC and PGPDOC2.DOC). If you do not already have a copy of PGP 2.2 (MS-DOS), and would like to have a copy of this public domain program, please bring a formatted, medium or high density 3.5 inch floppy PC diskette; you will be provided a copy of the program. Of course, you might prefer to ftp a version of the program from one of the various archive sites. I suggest trying Demon Internet Systems, which carries the full range of PGP (Phil Zimmerman's "Pretty Good Privacy") implementations: directory /pub/pgp at gate.demon.co.uk. Meetings are of indeterminate time. Those who are interested are invited to join the rest of us at a pseudorandomly determined pub afterwards. Please note: - ------------ In the past few months, interested people have emailed me, requesting FAQs and special information mailings. I regret that, except in very unusual cases (e.g. working press), I cannot, in a timely manner, respond to these requests. I will, however - and for the first time - do a writeup of this meeting, which I will post in various places. What I *am* willing to supply is general information on our activities for the maintainers of existing FAQs, such as that for alt.privacy. FAQ maintainers can contact me at whitaker at eternity.demon.co.uk Russell Earl Whitaker whitaker at eternity.demon.co.uk Communications Editor AMiX: RWhitaker EXTROPY: The Journal of Transhumanist Thought Board member, Extropy Institute (ExI) ================ PGP 2.2 public key available ======================= -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK9bG/ITj7/vxxWtPAQG0/AQAmPQKQl7KNB43DyniRyuDu5tixStXd2F7 k5CiWNwN/u9ExZfptPgajwY91dsafX0H53RV5+lT8OSnvIx35QMmgBmPQOJCGnGj ZUJ2eGiSvfuLtAmgMQtSLtJh5x/VXmUIl8SJHzrffIz3SjnKcENTzrQnGc7UdIQ6 x85InstiJzU= =Y9GS -----END PGP SIGNATURE----- -----END PGP SIGNATURE----- From x62727g2 at usma8.USMA.EDU Sun Apr 25 08:44:12 1993 From: x62727g2 at usma8.USMA.EDU (Gatlin Anthony CDT) Date: Sun, 25 Apr 93 08:44:12 PDT Subject: WIRED Message-ID: <9304251541.AA13969@usma8.usma.edu> How can I subscribe to WIRED? Anthony J. Gatlin |-------------------------------------| Cadet Private, Co. G-2 |PGP Public Key available on request. | United States Military Academy |-------------------------------------| From warlord at Athena.MIT.EDU Sun Apr 25 09:33:02 1993 From: warlord at Athena.MIT.EDU (Derek Atkins) Date: Sun, 25 Apr 93 09:33:02 PDT Subject: WIRED In-Reply-To: <9304251541.AA13969@usma8.usma.edu> Message-ID: <9304251632.AA10525@podge> I believe the number is +1 800 GO WIRED, but I'm not 100% sure... -derek Derek Atkins, MIT '93, Electrical Engineering and Computer Science Secretary, MIT Student Information Processing Board (SIPB) MIT Media Laboratory, Speech Research Group warlord at MIT.EDU PP-ASEL N1NWH From fergp at sytex.com Sun Apr 25 10:27:52 1993 From: fergp at sytex.com (Paul Ferguson) Date: Sun, 25 Apr 93 10:27:52 PDT Subject: Crypto references Message-ID: On Sat, 24 Apr 93 19:52:42 EDT, Gatlin Anthony CDT wrote - AG> I am looking for some books on advanced bit manipulation AG> techniques, matrix manipulation algorithms, and variant AG> functions. Does anyone have a good bibliography? The WIRED May/June issue (page 59) listed probably the most relevant books on the topics (including the not-so-relevant) - 8<------ Cut Here --------- The Bedside Crypto Reader Further Readings on Cypherpunk Topics General ------- The Codebreakers Puzzle Palace David Kahn (Macmillan, 1967). James Bamford (Penguin, 1983). The seminal cryptographic history. A classic expose of thr National Security Agency. Books on Cryptographic Systems ------------------------------ Contemporary Cryptography Cryptography and Data Security Edited by Gustavus J. Simmons Dorothy Denning (Addison-Wesley, (IEEE Press, 1991). A fairly 1982). A good primer to the technical volume offering solid workings of crypto systems. background on the subject, including a chapter on the history of public-key cryptography by Whitfield Diffie. Sci-Fi Novels Beloved by Cypherpunks ------------------------------------ Ender's Game Orson Scott Card (Tor, 1985). Some vivid scenarios in which crypto anonymity is crucial. Shock-Wave Rider John Brunner (Balintine, 1976). Chilling representation of an oppresive lack of privacy in a networked society. True Names Werner Vinge (Blue Jay Books, 1984). A novel of cyberspace-style sojourns that outline links between electronic identity and physical identity. Cheers. Paul Ferguson | Uncle Sam wants to read Network Integration Consultant | your e-mail... Centreville, Virginia USA | Just say "NO" to the Clipper fergp at sytex.com | Chip... From eggo at student.umass.edu Sun Apr 25 11:32:01 1993 From: eggo at student.umass.edu (Round Waffle) Date: Sun, 25 Apr 93 11:32:01 PDT Subject: WIRED In-Reply-To: <9304251541.AA13969@usma8.usma.edu> Message-ID: <9304251830.AA10237@titan.ucs.umass.edu> Possessed by The Unholy, Gatlin Anthony CDT scrawled the following in blood: > > How can I subscribe to WIRED? > > Anthony J. Gatlin |-------------------------------------| > Cadet Private, Co. G-2 |PGP Public Key available on request. | > United States Military Academy |-------------------------------------| > Here's the info: Wired PO Box 191826 San Francisco, CA 94119-1826 (800) SO-WIRED lr at wired.com -Lou Rossetto (editor) $19.95 for one year (6 issues) +- eggo at titan.ucs.umass.edu --><-- Eat Some Paste -+ +- Yorn desh born, der ritt de gitt der gue, -+ +- Orn desh, dee born desh, de umn bork! bork! bork! -+ +----------------- The Durex Blender Corporation -----------------+ From rustman at netcom.com Sun Apr 25 11:56:34 1993 From: rustman at netcom.com (Rusty Hodge) Date: Sun, 25 Apr 93 11:56:34 PDT Subject: Consumer phone privacy info sheet In-Reply-To: Message-ID: <9304251856.AA12774@netcom2.netcom.com> > Companies which use primarily multichannel fiber optic lines are > physically more difficult to tap. Don't think so. Unless you have fiber running from your location (your home) to the calling party's location. The tap is placed on the subscriber loop - which for the time being is analog for most voice service. And even if it is digital, it is still copper from the CO. If you are concerned with eavesdropping, then your statement is accurate. It is very easy to eavesdrop on microwave and satellite long distance. I suspect the Clipper chip will be used heavily in digital cellular phones, if it isn't too much of a power hog. -- From newsham at wiliki.eng.hawaii.edu Sun Apr 25 12:04:37 1993 From: newsham at wiliki.eng.hawaii.edu (Timothy Newsham) Date: Sun, 25 Apr 93 12:04:37 PDT Subject: encrypted irc Message-ID: <9304251904.AA09776@toad.com> I have implemented an encryption scheme with key exchange in an IRC client. It is now in working condition. Here are the details. Mail me if you wish to have a copy sent to you. ---- file: README ---------- this is a tinyirc client (client not written by me) but I added in encryption.. Right now encryption is done in DES for messages and RSA for key exchange. To set it up, unarchive (you probably already did this) then type : make this should make a program called 'sock' now you need to go into the RSA directory and make yourself a keypair. cd RSA make genrsa make genprim genrsa this makes two files 'public' and 'secret'. You need to install these: mv secret .. mv public ../ and give out your public key to everyone you want to talk to. This lets them send their key to you. run sock: cd .. sock join the same channel as your friend you wish to talk to: /join #channel send them your key, this lets them read any message typed by you (note you have to be in the same channel as them) /key (note the public key must be in the current directory) your friend will receive your key, and now everything you type can be read by him. In order to send your key to your friend you must have the file in your directory that is 's public key. He must have the matching secret key in the file 'secret' in his directory. If your friend changes nick's and the filename of his key isnt the same as his nick you can specify the file: /key thats it! Everything you type is encrypted with the same key which is chosen at random when you start up 'sock'. Every time you use sock a new key is used. Every time you want to talk to a new person you have to send them your key. Anyone who has your key can read any of your messages, so if you dont want people reading your messages dont give them your key. Everything you type is encrypted. some public keys are already provided in pubkeys/* copy them into current directory to use them. -------- Weaknesses: (1) serial number and DES key are generated with rand() after seeding with time value. They are generated at the same time, and serial number is a publically known value. This could allow people to brute force search through the pseudo-random numbers and find your key. This *should* be fixed, any ideas/ (2) RSA key as created by 'genrsa' is not very long! It is crackable right now. This could be lengthened easily enough by modifying genrsa.c . The rest of the program doesnt care what length key is used. (3) You can send alot of garbage to someone's screen by sending out wrong key's and/or sending out bad data matching keys already aquired. possible solution: header inside of the encrypted data. 1 character would give a 1/256 chance of this attack working. (4) probably alot more I didnt think about. ---------- Protocol: there are two types of messages, one to send keys across to other people, one to send across encrypted messages, all messages are sent to the current irc channel, not through messages to individual people: SKPJACK:xxxx:yyyy:zzzzz xxxx - the nick name of the intended recipient yyyy - the serial number of the key being transfered zzzz - ascii encoded RSA data messages of this format are used to send private keys (DES keys) to the recipient, ie /key nick. Messages received are ignored if xxxxx isnt our current nick. CLIPPER:xxxx:yyyy xxxx - the serial number of the key used to encrypt yyyy - the ascii encoded crypted data (DES) messages of this format are used to send encrypted chat messages. Messages received are ignored if we dont have the key corresponding to the serial number. ascii coding: each byte is broken into 2 nybbles (4 bits) and sent across as two characters, the first nybble is sent as hi+'a' and the second is sent as lo+'A' so alternate characters are always upper then lower then upper case and so on. (byte = hi<<4 + lo) Keys are generated randomly and each key has a random 32 bit serial number associated with it. The program uses the serial number to decided which key to decrypt with. The program keeps all the keys it receives. All messages you type are sent with your key, all messages you receive are decoded with the key matching the serial number sent with it. ----- CREDITS Alot of this software was not written by me, In fact my part was minimal. I stole code from the following people: The basic IRC client (tinyIRC) by: Nathan Laredo - "Green" gt7080a at prism.gatech.edu The RSA package by: (email address is no longer valid) Martin Nicolay ( martin at trillian.megalon.de ) Fliederstr. 23 4100 Duisburg 1 W-Germany I couldn't reach him via email. I got this package via anon-ftp, I hope he doesnt mind use of it in this program. The DES package (d3des): D3DES (V5.09) - A portable, public domain, version of the Data Encryption Standard. Written with Symantec's THINK (Lightspeed) C by Richard Outerbridge. Thanks to: Dan Hoey for his excellent Initial and Inverse permutation code; Jim Gillogly & Phil Karn for the DES key schedule code; Dennis Ferguson, Eric Young and Dana How for comparing notes; and Ray Lau, for humouring me on. Copyright (c) 1988,1989,1990,1991,1992 by Richard Outerbridge. (GEnie : OUTER; CIS : [71755,204]) Graven Imagery, 1992. He says "public domain" and then later "Copyright". I assume he means "freely distributable, useable". If any of you are out there thanx alot! Your code is much appreciated. From shipley at merde.dis.org Sun Apr 25 12:41:55 1993 From: shipley at merde.dis.org (Peter shipley) Date: Sun, 25 Apr 93 12:41:55 PDT Subject: Congressional FAX numbers Message-ID: <9304251939.AA00802@merde.dis.org> A non-text attachment was scrubbed... Name: not available Type: text/x-pgp Size: 1359 bytes Desc: not available URL: From pfarrell at cs.gmu.edu Sun Apr 25 13:47:04 1993 From: pfarrell at cs.gmu.edu (Pat Farrell) Date: Sun, 25 Apr 93 13:47:04 PDT Subject: Congressional phone/fax, VA 11th district Message-ID: <60448.pfarrell@cs.gmu.edu> The list that Paul sent out didn't even acknowledge that Virginia has an 11th district. The congresswoman is Leslie Byrne Phone (202) 225-1492 Fax (202) 255-2274 Pat Pat Farrell Grad Student pfarrell at cs.gmu.edu Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include From HARUP16 at delphi.com Sun Apr 25 17:15:18 1993 From: HARUP16 at delphi.com (HARUP16 at delphi.com) Date: Sun, 25 Apr 93 17:15:18 PDT Subject: ... Message-ID: <01GXFVM2XBFS8Y564R@delphi.com> Steve Levy of Wired Magazine told me I could get Pretty Good Pri from your group. His instructions weren't too clear, but he said to mail to this address. Please mail me with info. Thanks. From tenney at netcom.com Sun Apr 25 18:17:57 1993 From: tenney at netcom.com (Glenn S. Tenney) Date: Sun, 25 Apr 93 18:17:57 PDT Subject: No Subject Message-ID: <9304260117.AA12424@netcom.netcom.com> I received a fax of a letter from Representative Markey (Subcommittee on Telecommunications and Finance) to Ron Brown (Secretary of Commerce). Since encryption and the Clipper chip are raised in this letter, I felt it would be of interest to you. I understand that on 29 April, Mr. Markey will be holding a hearing on the questions raised in this letter. There may also be a follow-on hearing dedicated to the clipper chip, but that's not definite. I'm sending this to a few people (via BCC) and to a few mailing lists (listed in the TO line) related to privacy, encryption, clipper chip, etc. I'l also be posting this to the sci.crypt and alt.clipper newsgroups. Because of the traffic on some of the mailing lists, if you have a comment for me you should email directly to me. I've typed in the letter, which follows. Any errors in transcription are mine... --- Glenn Tenney tenney at netcom.com Amateur radio: AA6ER Voice: (415) 574-3420 Fax: (415) 574-0546 ------------------ letter of interest follows ---------------- April 19, 1993 The Honorable Ronald H. Brown Secretary Department of Commerce 14th and Pennsylvania Ave., NW Washington, DC 20236 Dear Secretary Brown: As you know, I have long been interested in the privacy and security of telecommunications transmissions and data in a networked environment. Recent reports concerning the Administration's endorsement of an electronic encryption standard, based upon "clipper chip" technology, have raised a number of related issues. The international competitiveness of U.S. high tech manufacturers and the software industry is a key factor that the government should consider when addressing issues of encryption and data security. As the nation moves forward in developing the national communications and information infrastructure, security of telecommunications transmissions and network data will be an increasingly important factor for protecting the privacy of users. The "hacker" community can compromise the integrity of telecommunications transmissions and databases linked by the network. The people and businesses that use the nation's telecommunications network and the personal computers linked through it increasingly are demanding that information be protected against unauthorized access, alteration, and theft. I am concerned that the Administration's plan may mean that to remain competitive internationally, U.S. companies would be compelled to develop two products -- one for U.S. government customers, and another for private, commercial users who may want a higher encryption standard. This may inadvertently increase costs to those U.S. companies hoping to serve both markets. To assist the Subcommittee's analysis of this issue, please respond to the following questions: 1. Has the encryption algorithm or standard endorsed by the Administration been tested by any entity other than NSA, NIST or the vendor? If so, please identify such entities and the nature of testing performed. If not, please describe any plans to have the algorithm tested by outside experts and how such experts will be chosen. 2. Under the Administration's plan, what entities will be the holders of the "keys" to decrypt scrambled data? What procedures or criteria will the Administration utilize to designate such key holders? 3. Does the encryption algorithm endorsed by the Administration contain a "trap door" or "back door," which could allow an agency or entity of the Federal government to crack the code? 4. It is clear that over time, changes in technologies used for communications will require new techniques and additional equipment. How will encryption devices adapt to the rapid advancement of telecommunications technology? 5. What additional costs would the proposed encryption place on the Federal government? What is the estimated cost to consumers and businesses which opt for the federal standard in their equipment? 6. What is the Commerce Department's assessment of the competitive impact of the Administration's endorsement of the "clipper chip" technology on U.S. exports of computer and telecommunications hardware and software products? I would appreciate your response by no later than close-of-business, Wednesday, April 28, 1993. If you have any questions, please have your staff contact Colin Crowell or Karen Colannino of the Subcommittee staff at (202) 226-2424. Sincerely, Edward J. Markey Chairman ### From valerie at valis.biocad.com Sun Apr 25 20:00:37 1993 From: valerie at valis.biocad.com (Valerie Lambert) Date: Sun, 25 Apr 93 20:00:37 PDT Subject: By popular request: A non-techy Clipper blurb Message-ID: <9304260159.AA13719@valis.biocad.com> Well, I received more than a dozen requests for this since I mentioned it here, and two people said I should post it. You have probably seen it all in one form or another already, but this is a handy package to send to other people who need an introduction to the issue. Embellish the intro, snip/forward at will. ----- begin blurb ----- INFORMATION ABOUT THE CLIPPER WIRETAP CHIP. DISTRIBUTE FREELY. The Clipper chip has been designed and introduced by the Federal government to standardize encryption technology so that law enforcement agencies can listen in on "private" conversations in electronic media. The device will initially be installed in government phones, and AT&T will also sell it for individual and business use. It is clear that the government would very much like the Clipper to become the standard for all future domestic electronic "private" communication. Many respected professionals in telecommunications and related industries fear that the government may soon make moves to outlaw or otherwise kill other encryption technology that could compete with the Clipper. This is not unlike the government demanding that you give them a sealed copy of all your future phone conversations and other computer-facilitated communications, just in case they ever want to open and examine them later. A pertinent quote from John Perry Barlow of the Electronic Frontier Foundation: The legal right to express oneself is meaningless if there is no secure medium through which that expression may travel. By the same token, the right to hold certain unpopular opinions is forfeit unless one can discuss those opinions with others of like mind without the government listening in. ...there is a kind of corrupting power in the ability to create public policy in secret while assuring that the public will have little secrecy of its own... This message contains announcements from the White House, AT&T, the Electronic Frontier Foundation, the Computer Professionals for Social Responsibility, and various news articles. Technical details and darker, deeper, evaluations of the Clipper project are available; see the usenet newsgroup sci.crypt for current info and pointers. _______________________________________________________________________________ FROM THE WHITE HOUSE From: clipper at csrc.ncsl.nist.gov (Clipper Chip Announcement) Subject: White House Public Encryption Management Fact Sheet Organization: National Institute of Standards & Technology Date: Fri, 16 Apr 1993 20:44:58 GMT Note: The following was released by the White House today in conjunction with the announcement of the Clipper Chip encryption technology. FACT SHEET PUBLIC ENCRYPTION MANAGEMENT The President has approved a directive on "Public Encryption Management." The directive provides for the following: Advanced telecommunications and commercially available encryption are part of a wave of new computer and communications technology. Encryption products scramble information to protect the privacy of communications and data by preventing unauthorized access. Advanced telecommunications systems use digital technology to rapidly and precisely handle a high volume of communications. These advanced telecommunications systems are integral to the infrastructure needed to ensure economic competitiveness in the information age. Despite its benefits, new communications technology can also frustrate lawful government electronic surveillance. Sophisticated encryption can have this effect in the United States. When exported abroad, it can be used to thwart foreign intelligence activities critical to our national interests. In the past, it has been possible to preserve a government capability to conduct electronic surveillance in furtherance of legitimate law enforcement and national security interests, while at the same time protecting the privacy and civil liberties of all citizens. As encryption technology improves, doing so will require new, innovative approaches. In the area of communications encryption, the U. S. Government has developed a microcircuit that not only provides privacy through encryption that is substantially more robust than the current government standard, but also permits escrowing of the keys needed to unlock the encryption. The system for the escrowing of keys will allow the government to gain access to encrypted information only with appropriate legal authorization. To assist law enforcement and other government agencies to collect and decrypt, under legal authority, electronically transmitted information, I hereby direct the following action to be taken: INSTALLATION OF GOVERNMENT-DEVELOPED MICROCIRCUITS The Attorney General of the United States, or her representative, shall request manufacturers of communications hardware which incorporates encryption to install the U.S. government-developed key-escrow microcircuits in their products. The fact of law enforcement access to the escrowed keys will not be concealed from the American public. All appropriate steps shall be taken to ensure that any existing or future versions of the key-escrow microcircuit are made widely available to U.S. communications hardware manufacturers, consistent with the need to ensure the security of the key-escrow system. In making this decision, I do not intend to prevent the private sector from developing, or the government from approving, other microcircuits or algorithms that are equally effective in assuring both privacy and a secure key- escrow system. KEY-ESCROW The Attorney General shall make all arrangements with appropriate entities to hold the keys for the key-escrow microcircuits installed in communications equipment. In each case, the key holder must agree to strict security procedures to prevent unauthorized release of the keys. The keys shall be released only to government agencies that have established their authority to acquire the content of those communications that have been encrypted by devices containing the microcircuits. The Attorney General shall review for legal sufficiency the procedures by which an agency establishes its authority to acquire the content of such communications. PROCUREMENT AND USE OF ENCRYPTION DEVICES The Secretary of Commerce, in consultation with other appropriate U.S. agencies, shall initiate a process to write standards to facilitate the procurement and use of encryption devices fitted with key-escrow microcircuits in federal communications systems that process sensitive but unclassified information. I expect this process to proceed on a schedule that will permit promulgation of a final standard within six months of this directive. The Attorney General will procure and utilize encryption devices to the extent needed to preserve the government's ability to conduct lawful electronic surveillance and to fulfill the need for secure law enforcement communications. Further, the Attorney General shall utilize funds from the Department of Justice Asset Forfeiture Super Surplus Fund to effect this purchase. _______________________________________________________________________________ FROM AT&T AT&T TO INCORPORATE NEW 'CLIPPER' CHIP INTO SECURE COMMUNICATIONS PRODUCT LINE GREENSBORO, N.C., April 16 AT&T (NYSE: T) said today it is moving to improve the security and privacy of telephone communications by incorporating a just-announced new U.S. government technology for voice encryption into its secure communications product line. AT&T will use the Clipper chip, announced today by President Clinton as a new technology for voice encryption, in all of its secure telephone products except those specially designed for government classified customers. The Commerce Department has announced a six-month timetable for the final certification of Clipper. "AT&T is pleased to be the first company to publicly commit to adoption of the Clipper chip," said Ed Hickey, AT&T vice president, Secure Communications Systems. "We believe it will give our customers far greater protection in defeating hackers or eavesdroppers attempting to intercept a call. "And now all commercially available AT&T voice encryption products will be compatible with each other, a major step forward in bringing secure communications capabilities to the business community." In standardizing AT&T voice encryption products on the Clipper chip, AT&T will include the algorithm in the Telephone Security Device as well as in the Secure Voice/Data Terminal. The AT&T Telephone Security Device is a compact, lightweight unit that brings advance encryption technology to conventional land-line and cellular telephones. It provides a powerful, convenient and reliable way to protect the most sensitive telephone conversations. The device works with a conventional land-line or transportable/mobile cellular phone. It turns the phone's signal into a digital stream of encrypted information that is decrypted by a Telephone Security Device attached to the phone at the receiving end of the call. The AT&T Telephone Security Device connects easily to desk telephones or tranportable or mobile phones. It weighs 1.5 pounds and is 7 inches long, 4.5 inches wide and 1.5 inches high. And it's as easy to use as it is portable. The AT&T Secure Voice/Data Terminals are desktop telephones that provide encryption for both telephone calls and data transmissions. These AT&T secure communications products use an enhanced voice encryption technique that provides very high voice quality. This technology allows calls placed with these products to approach the voice quality of normal calls. To further enhance interoperability, AT&T will consider licensing to other manufacturers its enabling technologies for interoperability. Interoperability of encryption devices requires common technology beyond the use of a common encryption algorithm, specifically common methods of digital voice encoding and signaling. AT&T has already performed integration tests with Clipper chips manufactured by the government's supplier, Mykotronx Inc., of Torrence, Calif., and is preparing to integrate the chip into the manufacturing of its secure products. AT&T's Clipper-equipped telephone security devices will be available to customers by the end of the second quarter. The federal government intends to adopt the Clipper chip as the standard for voice encryption to help protect proprietary information, protect the privacy of personal phone conversations and prevent unauthorized release of data transmitted electonically. At the same time, use of the Clipper chip will preserve the ability of federal, state and local law enforcement agencies to intercept lawfully the phone conversations of criminals. "Adoption of Clipper will support both the government's efforts to protect the public and the public's right to privacy," Hickey said. AT&T Secure Communication Systems provides products to protect voice, data, fax, cellular and video communications. It also engineers and integrates secure communications applications. Its customers include the governments of the United States and other nations as well as major corporations around the world. AT&T Secure Communications Systems is headquartered in Greensboro. For more information about the AT&T Telephone Security Device 3600 and other AT&T Secure Communications Products, call David Arneke at 919-279-7680. CONTACT: David Arneke of AT&T Secure Communications Systems, 919-279- 7680,or after hours, 919-273-5687, or Herb Linnen of AT&T Media Relations, 202-457-3933, or after hours, 202-333-9162 _______________________________________________________________________________ FROM THE ELECTRONIC FRONTIER FOUNDATION Date: Fri, 16 Apr 1993 15:17:02 -0400 From: Cliff Figallo Subject: EFFector Online 5.06 To: eff-news at eff.org (eff-news mailing list) ****************************************************************** ////////////// ////////////// ////////////// /// /// /// /////// /////// /////// /// /// /// ////////////// /// /// ****************************************************************** EFFector Online Volume 5 No. 6 4/16/1993 editors at eff.org A Publication of the Electronic Frontier Foundation ISSN 1062-9424 ... April 16, 1993 INITIAL EFF ANALYSIS OF CLINTON PRIVACY AND SECURITY PROPOSAL The Clinton Administration today made a major announcement on cryptography policy which will effect the privacy and security of millions of Americans. The first part of the plan is to begin a comprehensive inquiry into major communications privacy issues such as export controls which have effectively denied most people easy access to robust encryption as well as law enforcement issues posed by new technology. However, EFF is very concerned that the Administration has already reached a conclusion on one critical part of the inquiry, before any public comment or discussion has been allowed. Apparently, the Administration is going to use its leverage to get all telephone equipment vendors to adopt a voice encryption standard developed by the National Security Agency. The so-called "Clipper Chip" is an 80-bit, split key escrowed encryption scheme which will be built into chips manufactured by a military contractor. Two separate escrow agents would store users' keys, and be required to turn them over law enforcement upon presentation of a valid warrant. The encryption scheme used is to be classified, but they chips will be available to any manufacturer for incorporation into their communications products. This proposal raises a number of serious concerns . First, the Administration appears to be adopting a solution before conducting an inquiry. The NSA-developed Clipper chip may not be the most secure product. Other vendors or developers may have better schemes. Furthermore, we should not rely on the government as the sole source for Clipper or any other chips. Rather, independent chip manufacturers should be able to produce chipsets based on open standards. Second, an algorithm can not be trusted unless it can be tested. Yet the Administration proposes to keep the chip algorithm classified. EFF believes that any standard adopted ought to be public and open. The public will only have confidence in the security of a standard that is open to independent, expert scrutiny. Third, while the use of the split-key, dual-escrowed system may prove to be a reasonable balance between privacy and law enforcement needs, the details of this scheme must be explored publicly before it is adopted. What will give people confidence in the safety of their keys? Does disclosure of keys to a third party waive individual's fifth amendment rights in subsequent criminal inquiries? In sum, the Administration has shown great sensitivity to the importance of these issues by planning a comprehensive inquiry into digital privacy and security. However, the "Clipper chip" solution ought to be considered as part of the inquiry, not be adopted before the discussion even begins. DETAILS OF THE PROPOSAL: ESCROW The 80-bit key will be divided between two escrow agents, each of whom hold 40 bits of each key. Upon presentation of a valid warrant, the two escrow agents would have to turn the key parts over to law enforcement agents. Most likely the Attorney General will be asked to identify appropriate escrow agents. Some in the Administration have suggested one non-law enforcement federal agency, perhaps the Federal Reserve, and one non-governmental organization. But, there is no agreement on the identity of the agents yet. Key registration would be done by the manufacturer of the communications device. A key is tied to the device, not to the person using it. CLASSIFIED ALGORITHM AND THE POSSIBILITY OF BACK DOORS The Administration claims that there are no back door means by which the government or others could break the code without securing keys from the escrow agents and that the President will be told there are no back doors to this classified algorithm. In order to prove this, Administration sources are interested in arranging for an all-star crypto cracker team to come in, under a security arrangement, and examine the algorithm for trap doors. The results of the investigation would then be made public. GOVERNMENT AS MARKET DRIVER In order to get a market moving, and to show that the government believes in the security of this system, the feds will be the first big customers for this product. Users will include the FBI, Secret Service, VP Al Gore, and maybe even the President. FROM MORE INFORMATION CONTACT: Jerry Berman, Executive Director Daniel J. Weitzner, Senior Staff Counsel ... ============================================================= EFFector Online is published by The Electronic Frontier Foundation 666 Pennsylvania Ave., Washington, DC 20003 Phone: +1 202 544-9237 FAX: +1 202 547 5481 Internet Address: eff at eff.org Coordination, production and shipping by Cliff Figallo, EFF Online Communications Coordinator (fig at eff.org) Reproduction of this publication in electronic media is encouraged. Signed articles do not necessarily represent the view of the EFF. To reproduce signed articles individually, please contact the authors for their express permission. *This newsletter is printed on 100% recycled electrons* _______________________________________________________________________________ FROM THE COMPUTER PROFESSIONALS FOR SOCIAL RESPONSIBILITY April 16, 1993 Washington, DC COMPUTER PROFESSIONALS CALL FOR PUBLIC DEBATE ON NEW GOVERNMENT ENCRYPTION INITIATIVE Computer Professionals for Social Responsibility (CPSR) today called for the public disclosure of technical data underlying the government's newly-announced "Public Encryption Management" initiative. The new cryptography scheme was announced today by the White House and the National Institute for Standards and Technology (NIST), which will implement the technical specifications of the plan. A NIST spokesman acknowledged that the National Security Agency (NSA), the super- secret military intelligence agency, had actually developed the encryption technology around which the new initiative is built. According to NIST, the technical specifications and the Presidential directive establishing the plan are classified. To open the initiative to public review and debate, CPSR today filed a series of Freedom of Information Act (FOIA) requests with key agencies, including NSA, NIST, the National Security Council and the FBI for information relating to the encryption plan. The CPSR requests are in keeping with the spirit of the Computer Security Act, which Congress passed in 1987 in order to open the development of non-military computer security standards to public scrutiny and to limit NSA's role in the creation of such standards. CPSR previously has questioned the role of NSA in developing the so-called "digital signature standard" (DSS), a communications authentication technology that NIST proposed for government-wide use in 1991. After CPSR sued NIST in a FOIA lawsuit last year, the civilian agency disclosed for the first time that NSA had, in fact, developed that security standard. NSA is due to file papers in federal court next week justifying the classification of records concerning its creation of the DSS. David Sobel, CPSR Legal Counsel, called the administration's apparent commitment to the privacy of electronic communications, as reflected in today's official statement, "a step in the right direction." But he questioned the propriety of NSA's role in the process and the apparent secrecy that has thus far shielded the development process from public scrutiny. "At a time when we are moving towards the development of a new information infrastructure, it is vital that standards designed to protect personal privacy be established openly and with full public participation. It is not appropriate for NSA -- an agency with a long tradition of secrecy and opposition to effective civilian cryptography -- to play a leading role in the development process." CPSR is a national public-interest alliance of computer industry professionals dedicated to examining the impact of technology on society. CPSR has 21 chapters in the U.S. and maintains offices in Palo Alto, California, Cambridge, Massachusetts and Washington, DC. For additional information on CPSR, call (415) 322-3778 or e-mail . _______________________________________________________________________________ FROM THE CHICAGO TRIBUNE April 17, 1993 Privacy device leaves cops a key By Christopher Drew, Chicago Tribune. As a step toward the development of vast new data "superhighways," the federal government has designed a powerful device that would protect the privacy of electronic communications by encoding them but still allow police to eavesdrop. Critics say the project, announced Friday by the Clinton administration, raises serious questions about the protection of civil liberties as more people use cellular and cordless phones and computer-based communications. They also warned that the device is not likely to help law-enforcement agents foil high-tech criminals unless it becomes the most widely used commercial encryption system - and drives private competitors out of the business. "'A.k.a. Big Brother,' that's what I call it," said Stephen Bryen, a former Pentagon official who runs a company developing a rival encryption system. Bryen said it was "very disturbing" that the government has gone so far with the previously classified project "without consulting with experts in the industry" whose investments could be wiped out. One high-ranking federal official, Raymond Kammer, acknowledged that such concerns are part of an "appropriate debate" that needs to be held over the project. "Maybe it turns out that society, as it debates this, finds it unacceptable," said Kammer, acting director of the National Institute for Standards and Technology. "I'm not sure. This is the start of that debate." Millions of people who exchange information via computers and make calls from cordless and cellular phones, which are especially vulnerable to interception, could be affected. Experts say an era is dawning in which traveling executives exchange electronic memos and negotiate sensitive deals via hand-held communicators using vulnerable wireless transmitters. In endorsing the plan, the White House described it Friday as an outgrowth of federal efforts to capitalize on advances in telephone and computer technology while preventing drug dealers and terrorists from finding new ways to mask their misdeeds. In last year's campaign, President Clinton pledged to invest billions of dollars in faster and more secure data links to enhance the standing of U.S. firms in the global economy. But as the computer industry has developed systems to enable businesses to scramble data transfers and telephone conversations as a safeguard against industrial espionage, a growing number of criminals also have begun using them to foil court-authorized wiretaps. Under the new plan, engineers at the National Security Agency invented a new coding device, called the " Clipper Chip, " which is said to be much harder to crack than encoding systems now on the market. The government licensed two California companies - Mykotronx and VLSI Technology - to make the computer chips. The chips will form the "brains" inside small scrambling devices that can be attached to individual telephones. To spur the venture, the Justice Department will soon purchase several thousand of the devices. Military and spy agencies also are expected to use them. Private businesses would not be required to use the technology. But federal officials hope their sponsorship will establish the Clipper chips as the new industry standard and crowd out competing systems. Indeed, AT&T announced Friday that it will use the new chips in a desktop device for encrypting telephone conversations that it expects to sell for $1,195. But in return for gaining the extra encoding power built into the new system, users would have to accept the fact that government code- breakers would always hold the keys to tap into the information. In an effort to prevent abuses of civil liberties, federal officials said, they will set up a system in which they would have to match two coding keys held by different officials to unscramble any communications. National- security and law-enforcement officials could bring the keys together only under court-authorized operations. But Bryen said it is hard to see how the Clipper chips project will provide much help to the FBI. Even if the new coding devices drove others off the U.S. market, Bryen said, sophisticated criminals would simply buy encoding devices overseas, as many already do. Multinational and foreign-based companies also could prove leery of a system that has a built-in point of entry for U.S. authorities. The FBI separately is seeking legislation that would force telephone companies to modify their equipment to keep other advances in technology from hampering its ability to perform wiretaps. AT&T and other phone companies have opposed this idea. _______________________________________________________________________________ FROM THE WASHINGTON TIMES April 17, 1993 Government picks affordable chip to scramble phone calls Frank J. Murray; THE WASHINGTON TIMES President Clinton gave a major boost yesterday to one telephone- scrambler technology in a decision its delighted manufacturer likens to the choice of VHS over Beta for videotape machines. Mr. Clinton's action could allow the use of relatively cheap scramblers on almost every cellular, business and government phone and make scramblers common even on ordinary home telephones. An administration official said consideration will be given to banning more sophisticated systems investigators cannot crack, thereby creating a balance between banning private encryption and declaring a public right to unbreakably coded conversations. "We've got a balance we've got to strike between the public's important need for privacy and the public's need to be assured it's safe from crime," said Raymond G. Kammer, acting director of the National Institute of Standards and Technology, which developed the system with the National Security Agency. In an unusual decision he said was examined by the National Security Council, Mr. Clinton directed the Commerce and Justice departments to encourage the development of the high-tech system, which includes electronic master keys to enable law enforcement officials to decode transmissions if they obtain court orders. "This technology preserves the ability of federal, state and local law enforcement agencies to intercept lawfully the phone conversations of criminals," Mr. Clinton said, citing the fear that encrypted phones could aid terrorists and drug dealers. The system is designed to protect from unauthorized interception the electronic transmission of conversations, computer data and video images at a cost per telephone that could be under $30, said Ted Bettwy, executive vice president of the manufacturer, Mykotronx Inc. of Torrance, Calif. He said the chip announced yesterday, internally referred to as MYK-78, costs about $40 and uses an algorithm 16 million times more complex than that used by chips now on the market. Computer hackers have penetrated the current chips. The new chip uses an 80-bit code instead of the 56-bit code that is the digital encryption standard (DES). The chip eventually could sell in lots of 10,000 for about $25 each, Mr. Kammer said, with later versions priced around $10 each. Government engineers at NSA and the Commerce Department's NIST designed and developed the chip, which was then produced by privately owned Mykotronx and a publicly traded subcontractor, VLSI Technology. A Silver Spring competitor cried foul, particularly because the commercial device was developed without notice or competitive bids in a classified laboratory that does work for the National Security Agency. "If the purpose of this chip is to catch bad guys, then no bad guy will use it," said Stephen Bryen of Secure Communications Technology in Silver Spring, which produces a competitive chip he said could sell for $10. "The answer is to invest more money into breaking codes," Mr. Bryen said in an interview after yesterday's announcement. "They're trying to put us out of business." Mr. Kammer said the secrecy was justified. "The technology we're using was actually developed in a classified environment in the first place and then transferred to a sole-source supplier. I don't know that there was any way around it," he said in an interview. The Justice Department will buy several thousand of the Mykotronx devices, which use a " clipper chip. " They are being incorporated into other systems by Motorola and American Telephone & Telegraph Co., Mr. Bettwy said. Other sophisticated encryption systems do not allow ready access for authorized law enforcement purposes, said Mr. Bryen, who predicted that an elaborate security plan for the electronic master key would not prevent misuse. Mike Newman, a spokesman for the National Institute of Standards and Technology, said, "The key is split into two parts and stored Separately to ensure security of the key system." Access would be provided to the two parts for an agency that produced legitimate authority or a court order, he said. The Justice Department will determine whether the two parts will be held by separate federal agencies or a federal agency and a private agency. "This chip is going to do something that we, the citizens, really need, and that is to allow us the privacy we want as common citizens," Mr. Bettwy said in a telephone interview from California yesterday. He said the vital part of yesterday's decision is the government's declaration that it intends to use the device. Mr. Bettwy says that use will establish his device as the new standard and will require private facilities to use the same system to communicate with the government. He said the decision's impact is "exactly" like the adoption of VHS standards, making most private use of Beta video systems obsolete. "I hope that's true," he said of the business implications for Mykotronx. "We're hoping this will become the new standard." Only compatible phones can receive secure communications from a phone using a clipper chip. "To me the real significance is if everybody uses this, everybody can talk to anybody else," Mr. Bettwy said. "It creates a false hope," Mr. Bryen said. "The secret key could fall into other people's hands. When you create a system that has a back door, other people will find the back door." ______________________________________________________________________________ FROM THE NEW YORK TIMES April 16, 1993 Electronics Plan Aims to Balance Government Access With Privacy By JOHN MARKOFF, Special to The New York Times The Clinton Administration plans a new system of encoding electronic communications that is intended to preserve the Government's ability to eavesdrop for law enforcement and national security reasons while increasing privacy for businesses and individuals. New technology will be installed in some Government communications networks within weeks or months and could be available for business and even household use before the end of the year. It will use a new system of encoding voice and computer transmissions, including phone calls and electronic mail, to prevent unauthorized listening. The move is intended to resolve a long-standing dilemma of the information age: how to preserve the legitimate right for businesses and citizens to use codes to protect all sorts of digital communications -- be it a doctor's cellular phone call to a patient or a company's electronic transfer of a million dollars to an overseas client -- without letting criminals and terrorists conspire beyond the reach of the law. "There is a trade-off between individual privacy and society's safety from crime," one Government official said. "Our society needs to decide where to draw the line." But at least some communications experts, when told of the plan by a reporter, did not like what they heard. "I think the Government is creating a monster," said a former Pentagon official, Stephen D. Bryen, who is now president of Secured Communications Technologies Inc. in Silver Spring, Md., which makes data-security equipment. "People won't be able to trust these devices because there is a high risk that the Government is going to have complete access to anything they are going to do." Modern communications are becoming increasingly vulnerable to illegal listening. For example, cellular phone calls can be monitored by anyone with an inexpensive scanner. At the same time, computer chips and special software make it possible to code phone conversations and computer data, effectively garbling them so they cannot be deciphered by even the National Security Agency's most powerful code-breaking computers. Although computer encoding is now used in only a small portion of electronic communications, computer experts expect that volume to grow rapidly as more of the nation's commerce begins to flow over data networks -- especially wireless networks. The Government has proposed in the past to require the use of a hidden key in the coding hardware or software -- a way to crack the code, in other words -- to let police security agents decipher messages after obtaining court authorization to do so. Civil liberty concerns aside, computer experts have argued that any such key, no matter how sophisticated, might be figured out by any savvy computer hacker. The Administration's solution: require two separate keys, each to be held by different agencies or organizations. The new coding devices, which will be called Clipper Chips, have been designed by engineers at the National Institute for Standards and Technology and at the National Security Agency. They will be manufactured by Mycotronx, a military contractor based in Torrance, Calif., and VLSI Technology Inc., a Silicon Valley semiconductor manufacturer. The devices will be built into Government telephones and eventually into commercial telephones and computers. The new security plan has been a classified secret of several Government agencies, including the National Institute for Standards and Technology and the National Security Agency, and several law enforcement agencies, including the Federal Bureau of Investigation. The official said the Government planned to announce the technology, possibly within a week, and to propose it as a Government-wide standard later this year. Broad Review Ordered A White House official said today that President Clinton had ordered the National Security Council to conduct a formal review of the new plan as well as all Government cryptography policies. The review, which will take three to four months, will begin within weeks, and will consider both the domestic use and export of advanced cryptography systems. Several Administration officials said the security devices would be deployed first by law enforcement and intelligence agencies and also civilian agencies, like the Internal Revenue Service, that handle confidential information. But the new system is also viewed as a data security standard that the Clinton Administration believes will eventually be widely used in the nation's commercial telephone and computer networks. While the Administration currently has no plan to try imposing the technology on private industry, officials hope it will become a standard. Any communications or computer company doing business with the Federal Government, from A.T.& T. to I.B.M., would presumably have to incorporate the technology into their products. Moreover, the Government can authorize or deny the export of American-made computer and communications devices on the basis of whether it approves of any coding that may be used in the hardware and software. The new security standard, technically a set of computer algorithms, was developed by National Security Agency scientists. The Administration officials said they viewed the approach as a candidate for replacing the 15-year-old Data Encryption Standard that is now used to secure much of the nation's computer data. There is no known hidden key in this standard, although many industry experts believe that the agency can crack the code with its high-powered computers. ______________________________________________________________________________ FROM THE KNIGHT-RIDDER NEWS SERVICE (1) Knight-Ridder/Tribune Business News Computer Group, Libertarians Question Clinton Phone Privacy Stance By Rory J. O'Connor, San Jose Mercury News, Calif. SAN JOSE, Calif.--Apr. 17--Civil libertarians and a major computer industry group raised concerns Friday about how much protection a Clinton administration plan would afford private electronic communications, from cellular telephone calls to computer data. The administration Friday said it would begin using technology developed by the government's National Institute of Standards and Technology to balance two competing interests: the desire of citizens to keep their conversations private and the need for law enforcement agencies to monitor those conversations after getting a court order. The technology that enables this is a computer chip called the Clipper Chip that scrambles a telephone call or computer message using a secret algorithm, or formula. But each chip also comes with a pair of electronic "keys" that could be used by law enforcement agencies to decipher the secret messages generated by the chip. The Clinton proposal calls for one key to be held by each of two separate "trusted" third parties, who would release them to law enforcement agencies that obtained legal authority to intercept the communications. Both keys would be needed to decipher a message. The Electronic Frontier Foundation, a not-for-profit civil liberties group, praised the administration for considering the issue. But it criticized the lack of public input into the plan. "They've announced a big inquiry with public input, but they've reached a conclusion before they started," said Daniel J. Weitzner, staff counsel for the Washington-based foundation. Although the administration's plan calls only for equipping government telephones with the security devices, some groups are concerned the plan might become a standard for all manner of electronic communication before the public has a chance to debate its merits. "I don't want to sound too stridently opposed to this," said Ken Wasch, executive director of the Software Publishers Association (SPA) in Washington. "But...we feel blindsided." The SPA was discussing data security issues with Clinton administration officials but had not expected any White House action until August, said Ilene Rosenthal, general counsel. Besides the lack of initial hearings, both groups said they had two major concerns about the Clinton plan: - Because the algorithm itself is secret, the groups say it is impossible for the public to discern if it is truly secure. Users can't be certain government spy agencies have not hidden a "back door" in the software that will allow them to read anything they want. "So far there hasn't been a credible explanation about why the algorithm has to be secret," Weitzner said. - The administration hasn't decided who will be the escrow agents, and it seems unlikely any government agency, corporate entity or other organization would be deemed trustworthy by every user. Even assuming all concerned can agree on who will hold them, civil libertarians are concerned that the keys, by giving law enforcement agencies access to individuals' private communications, might pose a threat to constitutional protections against self-incrimination. Washington sources who requested anonymity suggested the White House might have drafted its plan quickly because of concern over sales of an AT&T device that encrypts phone calls using an older standard, Data Encryption Standard. The sources said law enforcement officials feared the device would create an explosion in secured telephone traffic that would severely hamper their efforts to wiretap calls. American Telephone & Telegraph Co. announced Friday it would adapt the $1,200 product, called the Telephone Security Device, to use the Clipper Chip by the end of this fiscal quarter. AT&T makes a related device, which encrypts voice and computer data transmissions, that could be converted to the Clipper technology, said spokesman Bill Jones. Jones said he wasn't aware of any concern by the government over the current model of the Telephone Security Device, which has been sold to government and business customers. At least one company was quite pleased with the plan: San Jose chip maker VLSI Technology, which will manufacture the Clipper chips for a Torrance company that is selling them to the government and to AT&T. VLSI, which invented a manufacturing method the company said makes it difficult to "reverse engineer" the chip or discern the encryption scheme, expects to make $50 million in the next three years selling the device, said Jeff Hendy, director of new product marketing for the company. _______________________________________________________________________________ FROM THE KNIGHT-RIDDER NEWS SERVICE (2) New Scrambler Designed to Protect Privacy, But Allow Police Monitoring By Christopher Drew, Chicago Tribune Knight-Ridder/Tribune Business News WASHINGTON--Apr. 19--As a step toward the development of vast new data "superhighways," the federal government has designed a powerful device that would protect the privacy of electronic communications by encoding them but still allow police to eavesdrop. Critics say the project, announced Friday by the Clinton administration, raises serious questions about the protection of civil liberties as more people use cellular and cordless phones and computer-based communications. They also warned that the device is not likely to help law-enforcement agents foil high-tech criminals unless it becomes the most widely used commercial encryption system - and drives private competitors out of the business. "'A.k.a. Big Brother,' that's what I call it," said Stephen Bryen, a former Pentagon official who runs a company developing a rival encryption system. Bryen said it was "very disturbing" that the government has gone so far with the previously classified project "without consulting with experts in the industry" whose investments could be wiped out. One high-ranking federal official, Raymond Kammer, acknowledged that such concerns are part of an "appropriate debate" that needs to be held over the project. "Maybe it turns out that society, as it debates this, finds it unacceptable," said Kammer, acting director of the National Institute for Standards and Technology. "I'm not sure. This is the start of that debate." Millions of people who exchange information via computers and make calls from cordless and cellular phones, which are especially vulnerable to interception, could be affected. Experts say an era is dawning in which traveling executives exchange electronic memos and negotiate sensitive deals via hand-held communicators using vulnerable wireless transmitters. In endorsing the plan, the White House described it Friday as an outgrowth of federal efforts to capitalize on advances in telephone and computer technology while preventing drug dealers and terrorists from finding new ways to mask their misdeeds. In last year's campaign, President Clinton pledged to invest billions of dollars in faster and more secure data links to enhance the standing of U.S. firms in the global economy. But as the computer industry has developed systems to enable businesses to scramble data transfers and telephone conversations as a safeguard against industrial espionage, a growing number of criminals also have begun using them to foil court-authorized wiretaps. Under the new plan, engineers at the National Security Agency invented a new coding device, called the "Clipper Chip," which is said to be much harder to crack than encoding systems now on the market. The government licensed two California companies - Mykotronx and VLSI Technology - to make the computer chips. The chips will form the "brains" inside small scrambling devices that can be attached to individual telephones. To spur the venture, the Justice Department will soon purchase several thousand of the devices. Military and spy agencies also are expected to use them. Private businesses would not be required to use the technology. But federal officials hope their sponsorship will establish the Clipper chips as the new industry standard and crowd out competing systems. Indeed, AT&T announced Friday that it will use the new chips in a desktop device for encrypting telephone conversations that it expects to sell for $1,195. But in return for gaining the extra encoding power built into the new system, users would have to accept the fact that government code-breakers would always hold the keys to tap into the information. In an effort to prevent abuses of civil liberties, federal officials said, they will set up a system in which they would have to match two coding keys held by different officials to unscramble any communications. National-security and law-enforcement officials could bring the keys together only under court- authorized operations. But Bryen said it is hard to see how the Clipper chips project will provide much help to the FBI. Even if the new coding devices drove others off the U.S. market, Bryen said, sophisticated criminals would simply buy encoding devices overseas, as many already do. Multinational and foreign-based companies also could prove leery of a system that has a built-in point of entry for U.S. authorities. The FBI separately is seeking legislation that would force telephone companies to modify their equipment to keep other advances in technology from hampering its ability to perform wiretaps. AT&T and other phone companies have opposed this idea. _______________________________________________________________________________ WHAT TO DO ABOUT IT by Philip Zimmermann Date: Sat, 24 Apr 93 01:03:53 PDT From: atfurman at cup.portal.com Newsgroups: comp.dcom.telecom Subject: Phil Zimmerman on the "Clipper initiative" Message-ID: Approved: telecom at eecs.nwu.edu The following was posted on the Usenet newsgroup alt.security.pgp by Philip Zimmermann, author of PGP (a public-key crypto program): --------------- Here are some ideas for those of you who want to oppose the White House Clipper chip crypto initiative. I think this is going to be a tough measure to fight, since the Government has invested a lot of resources in developing this high-profile initiative. They are serious about it now. It won't be as easy as it was defeating Senate Bill 266 in 1991. Possible actions to take in response: 1) Mobilize your friends to to all the things on this list, and more. 2) Work the Press. Talk with your local newspaper's science and technology reporter. Write to your favorite trade rags. Better yet, write some articles yourself for your favorite magazines or newspapers. Explain why the Clipper chip initiative is a bad idea. Remember to tailor it to your audience. The general public may be slow to grasp why it's a bad idea, since it seems so technical and arcane and innocent sounding. Try not to come across as a flaming libertarian paranoid extremist [*Moi?* -- ATF], even if you are one. 3) Lobby Congress. Write letters and make phone calls to your Member of Congress in your own district, as well as your two US Senators. Many Members of Congress have aides that advise them of technology issues. Talk to those aides. 4) Involve your local political parties. The Libertarian party would certainly be interested. There are also libertarian wings of the Democrat and Republican parties. The right to privacy has a surprisingly broad appeal, spanning all parts of the political spectrum. We have many natural allies. The ACLU. The NRA. Other activist groups that may someday find themselves facing a government that can suppress them much more efficiently if these trends play themselves out. But you must articulate our arguments well if you want to draw in people who are not familiar with these issues. 4) Contribute money to the Electronic Frontier Foundation (EFF) and Computer Professionals for Social Responsibility (CPSR), assuming these groups will fight this initiative. They need money for legal expenses and lobbying. 5) Mobilize opposition in industry. Companies that will presumably develop products that will incorporate the Clipper chip should be lobbied against it, from within and from without. If you work for a telecommunications equipment vendor, first enlist the aid of your coworkers and fellow engineers against this initiative, and then present your company's management with a united front of engineering talent against this initiative. Write persuasive memos to your management, with your name and your colleagues' names on it. Hold meetings on it. 6) Publicize, deploy and entrench as much guerrilla techno-monkeywrenching apparatus as you can. That means PGP, anonymous mail forwarding systems based on PGP, PGP key servers, etc. The widespread availability of this kind of technology might also be used as an argument that it can't be effectively suppressed by Government action. I will also be working to develop new useful tools for these purposes. 7) Be prepared to engage in an impending public policy debate on this topic. We don't know yet how tough this fight will be, so we may have to compromise to get most of what we want. If we can't outright defeat it, we may have to live with a modified version of this Clipper chip plan in the end. So we'd better be prepared to analyze the Government's plan, and articulate how we want it modified. Philip Zimmermann Forwarded to the Internet TELECOM Digest by Alan T. Furman, atfurman at cup.portal.com --- end --- From warlord at Athena.MIT.EDU Sun Apr 25 20:26:30 1993 From: warlord at Athena.MIT.EDU (Derek Atkins) Date: Sun, 25 Apr 93 20:26:30 PDT Subject: By popular request: A non-techy Clipper blurb In-Reply-To: <9304260159.AA13719@valis.biocad.com> Message-ID: <9304260326.AA15408@binkley.MIT.EDU> > This is not unlike the government demanding that you give them a sealed > copy of all your future phone conversations and other computer-facilitated > communications, just in case they ever want to open and examine them later. It's even worse than this. It's giving the government a sealed copy of all your *PAST*, present, and future phone conversations and messages... They can always record everything, and then use your key at some later date to recover the messages... -derek PGP 2 key available upon request on the key-server: pgp-public-keys at toxicwaste.mit.edu -- Derek Atkins, MIT '93, Electrical Engineering and Computer Science Secretary, MIT Student Information Processing Board (SIPB) MIT Media Laboratory, Speech Research Group warlord at MIT.EDU PP-ASEL N1NWH From mnemonic at eff.org Sun Apr 25 22:11:39 1993 From: mnemonic at eff.org (mnemonic at eff.org) Date: Sun, 25 Apr 93 22:11:39 PDT Subject: talking to media Message-ID: <9304260508.AA15134@soda.berkeley.edu> [During the audio hookup at Saturday's meeting, the following paper of Mike Godwin's got mentioned; I asked if he could send a copy to cypherpunks. It's going in the ftp site, as well--Eric] Go ahead and forward this to cypherpunks. This is the short posting I wrote in 1990 when I explained how I got the Steve Jackson Games case into the press. ----- :r talking This is a file I posted to an Austin BBS back when I gave the SJG story to the local papers. 104: Talking to Media, part 1 By: Johnny Mnemonic [54] Date: 11:07 3/18/90 As I've promised on another message base, here's the beginning of discussion of how to bring stories to the media. Since I keep thinking of different things people ought to know about how to take a story to the media, I'm going to make this a multi-post discussion. 1) TRY TO THINK LIKE THE REPORTER YOU'RE TALKING TO. One of the things that happens when people know about an event or series of events that may make a good news story is that they assume the importance of the story will be obvious to anyone. Sometimes this is true (when the tipster knows about a murder, for example). Often it's not. So, when I tell a reporter about a story I think she should want to cover, I make sure to stress the aspects of the story that are likely to interest that reporter and/or the readers of her publication. For example, when I spoke to Kyle Pope about the Illuminati seizure, I stressed the following: a) Steve Jackson Games is an Austin business that may end up being damaged by the seizure. b) Nobody has given this story anything like major coverage in the national media, or (so far as I knew) in other geographic areas. (I was telling him he had a major "scoop" opportunity.) c) There are some very dramatic aspects to this story. (I told him about the 20-year-old LoD member who woke up on the morning of March 1 with a gun pointed at him by a Secret Service agent.) 2) IF YOU'RE GOING TO MEET THE REPORTER IN PERSON, TRY TO BRING SOMETHING ON PAPER. There are lots of good reasons to follow this rule: a) Believe it or not, but people take stuff on paper a little more seriously than the spoken word. It's nice to give the reporter something that lends substance to what you're saying, even if the substance is printouts from your own computer. b) It makes life easier for the reporter, who doesn't have to write down every single thing you tell her. Reporters like to have materials they can use for reference as they research and write their stories. c) It helps you remember to say everything you want to say. Nothing is more frustrating than trying to get a reporter interested in your story, getting inconclusive results, and then realizing later that you should have told the reporter about something. (E.g., "Damn! I forgot to tell him what 'cyberpunk' means, so he won't know how the federal agents misinterpreted the manual.") When I went to the Statesman, I took edited printouts of discussions from Flight, from SMOF, and from comp.dcom.telecom on Usenet. I also took some private Email I had received, with the names of the senders deleted. And I took my copy of the WHOLE EARTH REVIEW with the article on Usenet. My object was to convey to him the scale of concern about the seizures, plus give him enough background to be able to ask reasonably informed questions of the people he talked to. 3) GIVE THE REPORTER OTHER PEOPLE TO TALK TO, IF POSSIBLE. Two basic justifications for this rule: First, it'll help your credibility (especially if you don't already know the reporter personally). Second, multiple sources or witnesses usually enable the reporter to filter out what is mere opinion or speculation from what everybody actually knows for a fact. 4) DON'T ASSUME THAT THE REPORTER WILL COVER THE STORY THE WAY YOU'D LIKE HER TO. Reporters' accuracy and focus in a story are constrained by several factors: a) The amount of available time. Reporters have to be quick studies, and often have to assimilate a complex story in a hurry. This necessarily increases the risk of inaccuracy in a story, and gives you an even greater reason to follow Rules 1 through 3. 2) The reporters' obligation to be fair. This means they have to talk to people on the other side of the issues from you. This in turn means that you're unlikely to get a story that represents or promotes your point of view at the expense of those who oppose you. --Mike From hughes at soda.berkeley.edu Sun Apr 25 22:25:51 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Sun, 25 Apr 93 22:25:51 PDT Subject: ADMIN: ftp usage statistics Message-ID: <9304260522.AA16143@soda.berkeley.edu> I get weekly statistics on the ftp usage at soda. We've been up at about near the top of the usage frequency for a while, but this week we hit number one, with over one third of the total ftp traffic here. We've even passed sfraves, which also runs on this machine. Hoo! Things are hoppin'. Eric ----------------------------------------------------------------------------- TOTALS FOR SUMMARY PERIOD Sat Apr 17 1993 TO Sun Apr 25 1993 For directory pub/cypherpunks: number of files: 1161 number of bytes: 180752541 From Marc.Ringuette at GS80.SP.CS.CMU.EDU Sun Apr 25 23:53:32 1993 From: Marc.Ringuette at GS80.SP.CS.CMU.EDU (Marc.Ringuette at GS80.SP.CS.CMU.EDU) Date: Sun, 25 Apr 93 23:53:32 PDT Subject: FWD: Jerry Berman, Mitch Kapor Message-ID: <9304260653.AA14004@toad.com> A couple of interesting messages from sci.crypt: an anonymously forwarded letter from 1985 from Jerry Berman (Exec Director of EFF) to David Chaum, and a response to the posting from Mitch Kapor. To sum up: Berman suggested to Chaum (in '85) that he prefers legal remedies to technological ones, and doesn't like the idea of a society where people routinely hide from the law. The anonymous reposter is concerned with the discrepancy between EFF policy and these sentiments from Berman. Kapor responds to his concerns by saying that Berman now recognizes the role of technological solutions in the privacy equation. The EFF continues to be the best representative of hacker culture in Washington. -- Marc Ringuette (mnr at cs.cmu.edu) From: nobody at alumni.cco.caltech.edu Subject: Jerry Berman on pseudonymous privacy Date: 24 Apr 1993 10:38:38 -0500 Sender: daemon at cs.utexas.edu Hello all, I thought you all might like to see this. It's a letter from Jerry Berman to David Chaum from November of 1985, in response to information that Mr. Chaum sent to Mr. Berman. While I have to congratulate EFF for its prompt response to the Clipper Chip announcement from the White House, I think it's important to recognize the philosophy of their Executive Director, as explained below. I agree that legal remedies are important, but when pressed, I'd prefer to retain the ability to use purely technical solutions to preserve my privacy, because they'll hold up under fire. Mr. Chaum has consented to the publication of this letter on the Net. I don't work for, nor am I a member of EFF, ACLU, or any similar organizations, but I do agree with them on a great many things. --Aristophanes ---------- AMERICAN CIVIL LIBERTIES UNION WASHINGTON OFFICE 122 Maryland Avenue, NE November 1, 1985 Washington, DC 20002 -------------------- National Headquarters Mr. David Chaum 132 West 43rd Street Centre for Mathematics and Computer Science New York. NY 10036 P.O. Box 4079 (212) 944-9800 19O9 AB Amsterdam Norman Dorsen President Dear Mr. Chaum: Ira Glasser Executive Director Eleanor Holmes Norton CHAIR National Advisory Council Thank you for sending me a most interesting article. A society of individuals and organizations that would expend the time and resources to use a series of 'digital pseudonyms' to avoid data linkage does not in my opinion make big brother obsolete but acts on the assumption that big brother is ever present. I view your system as a form of societal paranoia. As a matter of principle, we are working to enact formal legal protections for individual privacy rather than relying on technical solutions. We want to assume a society of law which respects legal limits rather than a society that will disobey the law, requiring citizens to depend on technical solutions. e.g. require a judical warrant for government interception of data communications rather than encrypt all messages on the assumption that regardless of the lawt the government will abuse its power and invade privacy. As a matter of practicality, I do not think your system offers much hope for privacy. First, the trend toward universal identifiers is as much.-a movement generated by government or industry's desire to keep track of all citizens as it is by citizens seeking simplicity and convenience in all transactions. At best, your system would benefit the sophisticated and most would opt for simplicity. The poor and the undereducated would never use or benefit from it. Finally where there's a will, there's a way. If government wants to link data bases, it will, by law, require the disclosure of various individual pseudonyms used by citizens or prohibit it for data bases which the government wants to link. Since corporations make money by trading commercial lists with one another, they will never adopt the system or if it is adopted, will use "fine printn contracts to permit selling various codes used by their customers to other firms. The solution remains law, policy, and consensus about limits on government or corporate intrusion into areas of individual autonomy. Technique can be used to enforce that consensus or to override it. It cannot be used as a substitute for such consensus. Sincerely Yours, /Sig/ Jerry J. Berman Chief Legislative Counsel & Direrector ACLU Privacy Technology Project cc: John Shattuck From: mkapor at eff.org (Mitch Kapor) Subject: Re: Jerry Berman on pseudonymous privacy Originator: mkapor at eff.org Sender: usenet at eff.org (NNTP News Poster) Date: Sat, 24 Apr 1993 17:16:28 GMT nobody at alumni.cco.caltech.edu correctly states Jerry Berman's 1985 view on privacy, but he mistakenly assumes that this represents Berman's 1993 view as EFF Executive Director. As one of the people who convinced Jerry that legal protections for privacy are insufficient, and that technical measures, especially public key cryptography, are also vitally necessary, I can tell you that Jerry and EFF are fully committed to this position. The previous poster is apparently unaware of a long series of EFF positions in support of this view. I suggest those interested read EFF's position on Clipper or our other work in digital privacy. Check ftp.eff.org for more details. One of the great things about human beings is that they are capable of change and evolution in their thinking. The idea that crypto is critical to privacy is one which is no longer limited to certain net afficianados, but is spreading to parts of the public policy community in Washington. Mitch Kapor co-Founder, EFF From 74076.1041 at CompuServe.COM Mon Apr 26 09:24:51 1993 From: 74076.1041 at CompuServe.COM (Hal) Date: Mon, 26 Apr 93 09:24:51 PDT Subject: REMAIL: Anonymous postin Message-ID: <930426161700_74076.1041_FHD66-1@CompuServe.COM> The message forwarded by Mark Ringuette was apparently posted to sci.crypt by using a cypherpunks remailer followed by a mail-to-news gateway. To recap on how to do this, put :: Request-Remailing-To: sci-crypt at cs.utexas.edu then a blank line at the front of your message, and mail to one of the remailers (Karl Barrus posts a list every month). For more security and in-practice untraceability, use one of Karl's scripts to set up a chained request with encryption. By bouncing your message around the country like this, decrypting at each stage, you get much better security than with just one hop. Change "sci-crypt" in the address above to the name of the newsgroup you want to post to, replacing the "." in the name with "-". (No, I don't know how you post to a newsgroup with a "-" in it. Maybe it just works.) I notice that the Comment field I put out on remailed message cautioning that it is coming from an anonymous remailer did not get passed through the mail-to-news gateway software at utexas. This leaves little clue about where it came from. It does make it pretty clear that you can't reply to it since it comes from "nobody at alumni.caltech.edu". As an aside, I'd like to encourage people not to use hal at alumni.caltech.edu so much and to use one of the others more. I have one at hfinney at shell.portal.com which I think may be more immune to political pressure. Unlike the alumni account, I'm paying for this one, which should give me some clout; and also, I remember hearing that at the hackers conference the head of Portal offered some support to the idea of anonymous remailers, so I'm hoping that management won't be quick to shut me down when people complain. Hal 74076.1041 at compuserve.com From 74076.1041 at CompuServe.COM Mon Apr 26 09:24:52 1993 From: 74076.1041 at CompuServe.COM (Hal) Date: Mon, 26 Apr 93 09:24:52 PDT Subject: CASH: Disney Dollars... Message-ID: <930426161723_74076.1041_FHD66-2@CompuServe.COM> I know we're all focused pretty closely on Clipper right now, but as time goes on we will pay attention to other things, and one of those is digital cash. We've had a lot of debate here about whether it would be legal to issue private cash. I went to Disneyland last week, and discovered that they are issuing their own form of cash: "Disney Dollars" (presumably a Disney trademark). Disney Dollars come in at least three denominations: $1.00, $5.00, and $10.00. They are very attractively printed notes, about the size and shape of American dollars. They're quite a bit more colorful but the layout of the bills is similar to other forms of currency. Disney Dollars can be exchanged with U.S. dollars on a one-for-one basis at the park. No sales tax is involved in the transaction. I saved a $1.00 Disney Dollar, a special issue to commemorate Mickey Mouse's 65th anniversary this year. Here is what it says: On the face: "Disney Dollars" "Mickey's 65th". In the fine print: "May be used as legal tender only at Disneyland park, Disneyland Hotel, Walt Disney World resort and the Disney Store (U.S.A. & Puerto Rico)." Another block of fine print: "Disney Dollars may be spent or collected and saved as souvenirs and are redeemable at any time before or after any period of inactivity." At the bottom: "A00651375A" "Series 1993" "One Disney Dollar". There is a picture of Mickey Mouse in the middle with the word "Mickey" under it. "Scrooge McDuck" has signed the bill above the word "Treasurer". On the back: "Disney Dollars" at the top; "One Disney Dollar" at the bottom, and a large colorful picture of Mickey in a car filling most of the middle. "(C) The Walt Disney Company" in fine print. If Disney can issue its own currency, maybe other people can, too. These are basically gift certificates. If somebody had some goods or services to sell, they could issue their own "dollars" which would be good for purchasing their things, but which could also be exchanged back for U.S. dollars if needed. Hal Finney 74076.1041 at compuserve.com From em at hub.ucsb.edu Mon Apr 26 10:04:13 1993 From: em at hub.ucsb.edu (Ed Mehlschau) Date: Mon, 26 Apr 93 10:04:13 PDT Subject: subscribe Message-ID: <9304261703.AA08512@topgun> subscribe (please) Thanks, -- Ed From em at hub.ucsb.edu Mon Apr 26 10:08:40 1993 From: em at hub.ucsb.edu (Ed Mehlschau) Date: Mon, 26 Apr 93 10:08:40 PDT Subject: apology Message-ID: <9304261708.AA08561@topgun> Damn! I forgot to put the "-request" in the address. My sincere apologies; you know, it's Monday. -- Ed From matt at oc.com Mon Apr 26 10:18:24 1993 From: matt at oc.com (Matthew Lyle) Date: Mon, 26 Apr 93 10:18:24 PDT Subject: MacWeek article on Clipper/Capstone Message-ID: <199304261717.AA24952@ra.oc.com> MacWEEK 04.26.93 Page 1 SECURITY CHIPS TRIGGER ALARM Clipper and Capstone open digital back door. By Mitch Ratcliffe Washington -- The White House and National Security Agency, as part of a wide-ranging retooling of U.S. privacy policies, are preparing two encryption chips for use in the computer and telecommunications industries. Privacy advocates cried foul last week because the chips include a back door that allows police to monitor communications. The Clipper chip announced this month can encrypt voice and data communications at up to 16Mbps. Clipper is due to debut in secure telephones from AT&T Co. this summer. The second chip, called Capstone and currently under development at the NSA, is a superset of Clipper that will implement the much-criticized Digital Signature Standard to add authentication capabilities. Its existence was revealed during a briefing at the Massachusetts Institute of Technology in Cambridge last week. President Clinton ordered the National Institute of Standards and Technology to establish Clipper as a federal standard. Since the government is the largest computer customer in the world, its Federal Information Processing Standards (FIPS) often are imposed on the industry as de facto standards. If Capstone follows Clipper into the FIPS requirements, DSS could usurp RSA Data Security Inc.'s public-key encryption scheme, which Apple licensed for AOCE (Apple Open Collaboration Environment). But Apple's representative at the NSA briefing, Gursharan Sidhu, technical director of collaborative computer and leader of the AOCE project, said he is not worried that the government will force an encryption scheme on the industry. "We were given the impression that they are very open to suggestions," Sidhu said, adding that the government is faced with a growing conundrum as it tries to simultaneously protect privacy and maintain its ability to tap lawbreakers' communications. "People have the idea that in cellular the security of communications had gone away, so there is pressure to encrypt. [Without a back door], even the casual criminal would be able to communicate with invincible security," Sidhu said. "Law-enforcement agencies wouldn't be able to collect intelligence." A spokesman for NIST said Capstone will not be introduced unless the president's review of national encryption policy conclueds it is needed. But he also said the Department of Defense and NSA are already working to develope a PCMCIA card-based implementation of Capstone for a classified defense messaging system. The NSA confirmed it is working on Capstone but could not confirm the Capstone PCMCIA card project. Clipper and Capstone use a "key escrow" technology that lets law-enforcement agencies with a court order unscramble conversations and documents. To reduce the potential for wiretap abuse, two agencies to be named by Attorney General Janet Reno will hold half of each key. The NSA said the key escrow agents will not be law-enforcement agencies. Privacy advocates complained that the algorithms that perform Clipper scrambling functions will remain classified. Encryptin technologies typically gain acceptance only after cryptographers pore over the component algorithms and key management systems. "We can't protect the key escrow features if we reveal the algorithm to the public ... that's caused some heartburn," said John Podesta, staff secretary to President Clinton. "I'm not suggesting that the public should trust us any more than any other government agency, but we are doing a more comprehensive review [than any previous administration]." Podesta said the Clinton team is taking a free-market approach to encryption, in contrast to the previous administrations, which tried to legislate simplified approaches. "In the wireless communications environment, we have to more the ball forward on security and privacy," Podesta said. "The jury's still out on whether [Clipper] is the answer." Jim Bidzos, president of RSA Data Security of Redwood City, Calif., said the NSA is using Clipper and Capstone in an attempt to confuse the market for privacy-enhancing technologies. "It takes three or four years fo rthis kind of proposal to die." Bidzos said. Computer and communications companies might withhold support for any standard, giving the NSA more time to prepare for the encrypted world, he said. Computer Professionals for Social Responsibility, a Washington, D.C. based public-interest group, has filed 11 Freedom of Information Act requests for access to Clipper development records. The group suspects the NSA and NIST violated the Computer Security Act of 1987, whic limits the NSA's role in development of public encryption technologies to providing advice and assistance. NSA said it developed both chips. From whitaker at eternity.demon.co.uk Mon Apr 26 10:56:20 1993 From: whitaker at eternity.demon.co.uk (Russell E. Whitaker) Date: Mon, 26 Apr 93 10:56:20 PDT Subject: Privacy International (fwd) Message-ID: <4567@eternity.demon.co.uk> Nick Szabo writes: > > The following forwarded from alt.privacy. Anybody have experience > with this group? Have they taken a position on the wiretap chip? > > Subject: Group Info: Privacy International > Message-ID: <1993Apr12.184129.11455 at mont.cs.missouri.edu> > Originator: rich at pencil.cs.missouri.edu > Organization: Privacy International > PRIVACY INTERNATIONAL > > A WATCHDOG ON SURVEILLANCE > > GENERAL INFORMATION > > PRIVACY INTERNATIONAL - THE BIRTH OF A WORLDWIDE MOVEMENT > > [Text elided for brevity] > If you are interested in getting involved in the work of > Privacy International, please contact Simon Davies, Marc > Rotenberg, or David Banisar at : > Simon Davies is in London now. He will have an email account soon. However, anyone who needs to contact him - on non-confidential matters - can send email to privacy at eternity.demon.co.uk. This is my machine; Simon will have his own soon. Russell Russell Earl Whitaker whitaker at eternity.demon.co.uk Communications Editor AMiX: RWhitaker EXTROPY: The Journal of Transhumanist Thought Board member, Extropy Institute (ExI) ================ PGP 2.2 public key available ======================= From tcmay at netcom.com Mon Apr 26 12:09:16 1993 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 26 Apr 93 12:09:16 PDT Subject: MEETING SUMMARY: 4-24-93 Cypherpunks Meeting Message-ID: <9304261909.AA29562@netcom.netcom.com> Several people have asked for summaries (or minutes) for our physical Cypherpunks meetings, especially for our "Emergency Ad Hoc Meeting" a few days ago. Some Reasons NOT to do Minutes: * it formalizes a fundamentally informal meeting (recall that Cypherpunks have no legal status, no structure, no voting procedures, no officers, etc.). * some folks may be leery of having their names appear. * the credit assignment problem: as soon as summaries are written, people begin to complain that someone else got the credit for their idea, that their views weren't mentioned in the summary, and so forth. * somebody has to take the notes needed to generate the summary. Some Reasons IN FAVOR of Minutes: * with 40 people at our last meeting (counting the audio conference call, via Internet, to Boston and Washington, D.C.), with more than 400 on our mailing list, and with the Wiretap Chip events, these are historic times. (Fortunately, the list itself is a valuable archive of our history. Let's hope good archives are being kept by someone!) * folks who cannot attend physical meetings may still want to know what's basically going on. (And perhaps other groups will nucleate and grow.) * even folks who were at the meeting may want a summary, to keep their memories refreshed. So, some pros and cons to writing up a summary. What I plan to do here is to just write up a very brief snapshot summary, oriented more toward informing the non-attendees than to reminding the attendees of action items or things they agreed to do. Anyone with additions to make is of course encouraged to do so. Using the "MEETING SUMMARY:" prefix might be useful. 1. The Meeting Itself. Saturday, 24 April 1993, 12 noon to past 6 p.m. (when I had to leave). Offices of Cygnus Support, in Mountain View. Approximately 25-30 in attendance, including several new faces. John Gilmore was selling issues of "Wired" at cost. An amazing conference call was made to sites in Northern Virginia (Bob Stafford, Paul Ferguson, others) and to Boston (Marc Horowitz, Derek Atkins, others). What was amazing was that the audio went through the Internet and was DES-encrypted (for a while at least, until complaints by one of the sites about the audio quality caused us to turn off the encryption). Still, seeing an encrypted Internet conference call was something...a small step toward the world of Vinge's "True Names." Jim Bidzos, President of RSA Data Security, intended to just speak briefly about the Clipper Chip, Capstone, and the view of RSA, but ended up staying and participating for several hours. Mike Godwin, of EFF, was present at the Boston (I think) site. Glenn Tenney, organizers of the Hackers Conference and general activist, was also present for the first time. The other usual folks were there, including many active in cryptography and data security. (My apologies for not mentioning any other luminaries here.) All in all, a stimulating meeting. 2. The Theme: The Clipper Chip. This of course dominated the discussion all day, and was the explicit reason for the emergency meeting. There's too much to cover here in detail. Jim Bidzos and Arthur Abraham both presented information on the Clipper Chip, including a long data sheet from Mykrotronx (sent to Arthur) on their Myk-78 chip. (Copies distributed, and also faxed to the remote sites.) There was some debate about who Mykotronx was and whether it was really independent from the NSA. Capstone, the follow-on program, is a superset of Clipper and contains the DSS signature standard (which RSA Data led the fight against...and most of thought it was a dead issue--then it appeared here!). No public key methods are known to be incorporated, thought they may be. (Lots of analysis and question-asking still to be done.) Reverse-engineering was also discussed. VLSI Technology, the chip company, is a partner with Mykrotronx and apparently has a tamper-resistant chip technology. 3. What Motivated the Clipper Chip? It appears the Clipper/Capstone program is initially intended to "buy market share" as quickly as possible, with government offices requiring Clipperphones (and probably for those they do business with). Perhaps the intent is undercut competing models and make Clipper the de facto standard, which can then be made the de jure standard. Some think the key escrow features were added _late_ in the proposal and may even be _expected_ to fail (fail in the sense of key escrow agencies never getting rolling, issues never getting resolved, etc.). This fits with the idea of built-in backdoor to the enciphered traffic. The Agency may be more interested in quickly proliferating a breakable "standard" for voice encryption than in implementing the key escrow idea. (Left unanswered in this speculation is how court-ordered wiretaps would then be executed...would the FBI and NSA simply acknowledge the weakness? I don't think so.) The secrecy of the Clipper/Capstone project was quite impressive. Bidzos confirmed again, and convincingly, that he knew *nothing* of this whole effort until the announcement (or possibly the night before, when a reporter called him?). Apparently John Markoff, who sometimes reads this list and can comment if he wishes, had figured out some aspects or had been told them by a source, and was preparing an article for the "NY Times." This may've prompted the announcement timing. Several people commented that several previously-puzzling events become clearer in retrospect, such as the then-unknown Mykrotronx sniffing around to get an RSA license (which they don't yet have). I can't recap all the discussion, much of which was similar to what's been going on in sci.crypt and elsewhere. Everyone agreed that this was a seminal event, that the Clipper/Capstone announcement is a crucial event. 3. Lobbying Against the Clipper Chip The profound consequences call for major efforts. We discussed boycotting products, spreading negative reports, and reverse engineering the algorithm and publishing it so software solutions can spoof/imitate _part_ of the system (i.e., so someone with a SoundBlaster board or other system can talk to someone with one of these Clipperphones without escrowing keys or being wiretappable) John Gilmore has already posted to the list the results of our brainstorming session to come up with questions to ask the FBI, NIST, NSA, Congress, and the Administration. Mike Godwin argued that a lot of embarrassing questions could quickly derail the plan. Others confirmed that the NSA mathematicians seemed to be put on the spot by the many questions. That is, it's conceivable this plan could begin to unravel fairly soon. 4. Educating the Public. The Boston group took this as their focus of the rest of the meeting (we went offline after about an hour or so on the conference call). I haven't heard the results. 5. Lobbying the Legislature and Officials. Similarly, the D.C. group took this as their area of involvement. No feedback yet. 6. What Happens if Clipper Flops? An interesting discussion out in the lobby (and I probably missed many such interesting discussions!) had to do with scenarios for how Clipper may fail. Whit Diffie described how the failure could either so greatly embarrass the Administration that they'd be loathe to try it again (the Viet Nam Syndrome, applied to crypto) or that it could provoke them to tighten restrictions even further, perhaps even to the point of an outright ban on the use of unapproved encryption at *any* level. (Issues of enforceability, detectability, Constitutional issues, etc., of course exist and will be points of attack on any such comprehensive ban.) (The question of whether Clipper and Capstone applies, either now or later, to *data* came up several times. The Capstone chip is rated at "10-16 Mbps," which implies it is targeted for Ethernet-type speeds, and hence data. There was general agreement by all I heard that the Clipper/Capstone program is indeed intended to target more than just voice encryption and that our fears about restrictions on strong crypto are justified.) 7. Other Miscellaneous Topics * Since Jim Bidzos was there, the topic of PGP naturally came up several times. Eric Hughes let this run for a while, then moved the discussion back to Clipper. Jim Bidzos clearly had some strong opinions, but also did not want this to be the forum for debating patents and the legality and ethics of PGP. He did acknowledge, in my opinion, the point that RSA Data Security had somewhat neglected the individual end-user (in products such as MailSafe, which hasn't changed since 1988), in favor of the many large deals with Lotus, Microsoft, Apple, etc., to get RSA installed in their e-mail software. He acknowledged that in some sense this left an ecological niche for a product like PGP to fill, though he insisted that such a product could be legally developed and distributed if it used the "RSAREF" package and wasn't sold commercially. (There are lots of threads and keywords here: RSAREF, RIPEM, TIPEM, B-SAFE, Apple's OCE, etc.) (Some of us continue to hope some accommodation can be reached between RSA Data and the PGP community. The upcoming battle over strong crypto is a bigger issue than this squabble. I remain convinced that RSA Data Security is "on our side" in this fight for continued access to strong crypto. In fact, in my opinion, the Clipper/Capstone program looks to be a complete end-run around RSA and public key techniques, a thinly disguised attempt to seize control of the crypto market from RSA. In this battle, RSA may be fighting for their economic survival!) * The issue of the name of our group, the Cypherpunks name, was not discussed. The U.K. group has apparently picked "U.K. Cryptoprivacy Group" as their name. * The normal schedule for meetings will continue, with the next regular Cypherpunks (Bay Area) meeting on Saturday, 8 May. Well, this is my summary. Feedback is welcome. While I don't want to take meticulous notes the way a "Recording Secretary" is supposed to, I don't mind writing up these kinds of snapshot summaries. May you live in interesting times, indeed! -Tim May -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, smashing of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available. Waco Massacre + Big Brother Wiretap Chip = A Nazi Regime From a2 at well.sf.ca.us Mon Apr 26 15:02:34 1993 From: a2 at well.sf.ca.us (Arthur Abraham) Date: Mon, 26 Apr 93 15:02:34 PDT Subject: MYK-78 Message-ID: <199304262202.AA13845@well.sf.ca.us> 26-Apr-93 For those awaiting my promised comments regarding this chip, I have the disappointing report that the individual I anticipated talking to was out of his town, and so not available today. If you have the data sheets for this chip, and have read them, I would be very interested to see your comments. Please respond to me directly, rather than the list at large, since my intent in this exercise it to replace deduction with disclosure, and avoid spreading any mis- or partial information. -a2. From fnerd at smds.com Mon Apr 26 15:17:49 1993 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Mon, 26 Apr 93 15:17:49 PDT Subject: Report on Adi Shamir talk Message-ID: <9304262127.AA28339@smds.com> Last Friday, the 23rd, Adi Shamir (the S of RSA) gave a talk at MIT about some recent crypto results of his. (He was introduced by Ron Rivest, the R of RSA.) Shamir is in the country to give a talk about the history of crypto, in Washington DC, I think. It was actually two related talks, one on each of two papers of his: "On the Generation of Multivariate Polynomials which are Hard to Factor" and "Efficient Signature Schemes Based on Birational Permutations" Any misrepresentations and misunderstandings here are mine. The first paper is about factoring polynomials that are products of two polynomials, F = PQ where all these polynomials are on numbers that are mod the product of two primes. n = pq There are a lot of cases where F is easy to factor, and sometimes the easy cases seem to be only slightly different from the hard cases, but Shamir has found a large, easy-to-specify class of forms of (P, Q) where factoring their product is as hard as factoring n (the notorious hard problem that's the basis for the supposed strength of RSA). The second paper is about looking for public key crypto methods that are as strong as RSA but don't require such large amounts of computing on one end. In regular RSA, for instance, the number of multiplications for decrypting (for the legitimate key owner) goes up with key size, and so does the difficulty of multiplication. Shamir has found a scheme that takes about 20 multiplies on each side, period. However, it would be easily breakable as a crypto scheme, so he shows a variation that doesn't give as much info to an attacker, but works as a signature scheme. It *looks* secure to him and others he's shown it to, but it isn't proven as hard as factoring big numbers. The tie between the two papers is that the keys used in the scheme in the second paper are polynomials of the form discussed in the first paper. --fnerd at smds.com (FutureNerd Steve Witham) From MCMAHON at Eisner.DECUS.Org Mon Apr 26 15:27:12 1993 From: MCMAHON at Eisner.DECUS.Org (John (FuzzFace/Fast-Eddie) McMahon) Date: Mon, 26 Apr 93 15:27:12 PDT Subject: MEETING SUMMARY: 4-24-93 Cypherpunks Meeting Message-ID: <01GXH67HAH8Y001HDW@Eisner.DECUS.Org> >>> "4. Educating the Public." I've seen several public/private debates open up just from "grass roots" circulation of the announcements and such. My only concerns are that: a) It's all pretty unfocused. b) It's being circulated on mailing lists (et al) where the discussion is inappropriate and probably would be viewed as annoying. But then again, any topic discussed on the network seems to have these problems initially. Fuzz From honey at citi.umich.edu Mon Apr 26 16:46:09 1993 From: honey at citi.umich.edu (peter honeyman) Date: Mon, 26 Apr 93 16:46:09 PDT Subject: Clipper letter Message-ID: <9304262346.AA25400@toad.com> here is the letter i sent my senators and representative, w/ a copy to clinton and gore. don't forget to write yours. peter =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= April 26, 1993 I'm writing to share my concern about the White House announcement of April 16, 1993, which provides for wiretap ability in telecommunica- tions networks and wireless communications links. The particulars of the announcement are not in and of themselves altogether alarming, but the implication is that this is just a foot in the door: Q: If the Administration were unable to find a technological solution like the one proposed, would the Administration be willing to use legal remedies to restrict access to more powerful encryption devices? A: This is a fundamental policy question which will be considered during the broad policy review. Thanks to the widespread use of software that provides for information protection and privacy, the most common "powerful encryption device" is the personal computer. The suggestion that computers and software in everyday use be declared contraband worries me. But at a more fundamental level, I am concerned about the right to privacy. Privacy in the modern day means information privacy: keeping to oneself computerized data about oneself. Because encryption is widely regarded by computer security experts as the only effective means of ensuring computer privacy, the White House's "broad policy review" promises to examine whether citizens should have the right to determine whether and how to provide for their own privacy. Your voice is needed in this debate. I hope that when the question is raised whether the government should hold exclusive rights to the protection of individual privacy, or whether the people should hold that right to themselves, you will stand on the side of the people. Sincerely yours, From karn at qualcomm.com Mon Apr 26 17:04:11 1993 From: karn at qualcomm.com (Phil Karn) Date: Mon, 26 Apr 93 17:04:11 PDT Subject: Consumer phone privacy info sheet Message-ID: <9304270003.AA25770@servo> >From: rustman at netcom.com (Rusty Hodge) I suspect the Clipper chip will be used heavily in digital cellular phones, if it isn't too much of a power hog. I seriously doubt it. I could easily have done DES in software on our CDMA digital cellphones using spare cycles in the CPU we already have (a '186) had I been allowed to do so. Why should I re-engineer my already designed products to use a $30 IC instead? Power is not the only issue. Phil From nowhere at bsu-cs.bsu.edu Mon Apr 26 18:02:54 1993 From: nowhere at bsu-cs.bsu.edu (Anonymous) Date: Mon, 26 Apr 93 18:02:54 PDT Subject: mycotoxin Message-ID: <9304270106.AA18106@bsu-cs.bsu.edu> NOTE to the person who sent this (if on the list) that I forwarded it to the list, you forgot the space after the colon on request-remailing-to. -- nowhere at bsu-cs.bsu.edu Here's some stuff I dug up on Mykotronyx. The are privately held (at least there are no SEC filings on the database). I also checked the patent database, but it came up empty. Note the discrepency in the first two entries: one lists sales of $252,900,000 and the other says $2,500,000. "Myko" apparently means "enchantress" in Japanese. Check out their company motto: "Securing the world of communications bit by bit" ---------------------------------------------------------------- Copyright (c) 1992 American Business Information Trinet America COMPANY DATABASE MYKOTRONX INC 357 VAN NESS WAY # 200 TORRANCE , CALIFORNIA 90501-1488 310-533-8100 NUMBER OF EMPLOYEES: 25 EXECUTIVE: CHIEF EXECUTIVE OFFICER: BOB GOTTFRIED NUMBER OF ESTABLISHMENTS: 1 SALES INFORMATION: TOTAL SALES ( $ ): 252,900,000 SIC CODE-INFO: PRIMARY: 8731 COMMERCIAL PHYSICAL/BIOLOGICAL RES CODE INFORMATION: STATE CODE (FIPS): 06 COUNTY CODE (FIPS): 037 LOS ANGELES TRINET NUMBER: 808764096 ---------------------------------------------------------------- Copyright (c) 1992 American Business Information Trinet America ESTABLISHMENT DATABASE MYKOTRONX INC 357 VAN NESS WAY # 200 TORRANCE, CALIFORNIA 90501 310-533-8100 SIC-CODES: PRIMARY SIC CODE: 8731 COMMERCIAL PHYSICAL/BIOLOGICAL RES SALES INFORMATION: SALES ( $ ): 2,500,000 SHARE OF MARKET (%): .09 NUMBER OF EMPLOYEES: 25 EXECUTIVE: BOB GOTTFRIED OWNER CODE INFORMATION: STATE CODE (FIPS): 06 COUNTY CODE (FIPS): 037 LOS ANGELES MSA: 4480 PARENT COMPANY INFORMATION: MYKOTRONX INC 357 VAN NESS WAY # 200 TORRANCE, CALIFORNIA 90501 310-533-8100 STATE CODE (FIPS): 06 PRIVATE OWNED ESTABLISHMENT NUMBER: 808764096 ---------------------------------------------------------------- CALIFORNIA STATE BOARD OF EQUALIZATION, SALES AND USE TAX INFORMATION NUMBER: AB127112520000 OWNER-NAME: MYKOTRONX INC. TYPE OF OWNERSHIP: CORPORATION MAILING-ADDRESS: 357 VAN NESS WAY,STE.200 TORRANCE, CA 90501 COUNTY: LOS ANGELES START-DATE: 04/1987 TYPE-OF-BUSINESS: PUBLISHERS, LIGHT INDUSTRIAL EQUIPMENT AND ALL OTHER PERMITTEES N.E.C. TAX-PROGRAM: REGULAR SALES TAX ---------------------------------------------------------------- Copyright 1993 Business Wire, Inc. Business Wire April 19, 1993, Monday DISTRIBUTION: Business Editors & Computers/Electronics Writers LENGTH: 697 words HEADLINE: Mykotronx develops "Clipper" chip designed to ensure communications privacy DATELINE: TORRANCE, Calif. BODY: "Securing the world of communications bit by bit" is not only the motto but the guiding philosophy of Mykotronx Inc., a Torrance small business specializing in the design and manufacture of unique digital components and equipment. Mykotronx Monday announced the introduction of an electronic chip -- designated "Clipper" -- that it believes will ensure the protection of sensitive information transmitted via cellular or regular phones, computer networks or fax machines. This chip and follow-ons will also find application in many other systems, e.g., cable TV and personal computers. Leonard J. Baker, president of Mykotronx, said: "This chip is a good example of the transfer of military technology to the commercial and general government fields with handsome cost benefits. For 15 years we have been evolving this technology to protect government and commercial spacecraft from being tampered with and to protect the data transmitted by the spacecraft to its ground users. This technology should now pay big dividends to U.S. taxpayers." Economic data of incalculable value is transmitted each day over various telecommunications media, including telephones, facsimiles, telex, cable and other communications networks. Each message is vulnerable to interception through relatively simple techniques. Exploitation of illegally obtained information can do tremendous damage to the parties involved, ranging from embarrassment to the loss of hundreds of millions of dollars to a hacker who knows the specifics of a competitor's business plans. Said Baker: "Just as technology provides the means for communicating the data, it can now minimize the threat of its loss." It is in this arena that the chip developed by Mykotronx comes into play. It contains an ENCODE and DECODE capability using the government's recently announced new algorithm (more than 16 million times more keys than available on DES -- the existing system) to defeat hackers or eavesdroppers attempting to intercept voice or data messages. This first of a series of Mykotronx chips, developed by a team under the direction of Richard J. Takahashi, vice president of engineering, has been delivered to AT&T for use in its Telephone Security Device (TSD). This device, PAGE 3 Business Wire, April 19, 1993 placed between the handset and base of an ordinary telephone, allows the encryption and decryption of conversations so that eavesdropping cannot occur. This inexpensive capability will first be utilized by government agencies to protect sensitive conversations. A similar chip has been delivered to Motorola for use in its secure telephone products and digital radios. More advanced chips, those that protect other data transmissions, will be available in the coming months. These chips are manufactured by VLSI Technology Inc. of San Jose, Calif., using its unique FSB technology. VLSI was selected by Mykotronx based on its ability to develop high-performance semiconductor chips. Mykotronx, a.k.a. Myko, was founded by Robert E. Gottfried and Kikuo Ogawa to develop cryptographic units to protect the communication channels between spacecraft and ground stations. The company has delivered equipment to the Department of Defense, NASA and most aerospace companies. The strength of Mykotronx lies in its people and their unrelenting drive for excellence. Their "can-do" attitude has allowed the company to deliver high-quality products on very short time schedules. Mykotronx has received numerous commendations for its quality program and was recently named "Supplier of the Year" for the second consecutive year by IBM's Federal Systems Co. of Boulder, Colo. Sales of more than $5 million in 1992 are expected to double in 1993. Transferring this technology from spacecraft to everyday uses will allow the company to fulfill its ambitious motto of "Securing the world of communications bit by bit." For further information concerning these products, contact John C. Droge, vice president of program development, at 310/533-8100, or fax 310/533-0527. CONTACT: Mykotronx Inc., Torrance John Droge, 310/533-8100 (phone) 310/533-0527 (fax) ORGANIZATION: MYKOTRONX -INC GEOGRAPHIC: CALIFORNIA COLORADO INDUSTRY: COMPUTERS/ELECTRONICS PRODUCT ---------------------------------------------------------------- Copyright 1993 PR Newswire Association, Inc. PR Newswire April 16, 1993, Friday SECTION: Financial News DISTRIBUTION: TO BUSINESS EDITOR LENGTH: 742 words HEADLINE: AT&T TO INCORPORATE NEW 'CLIPPER' CHIP INTO SECURE COMMUNICATIONS PRODUCT LINE DATELINE: GREENSBORO, N.C., April 16 KEYWORD: bc-AT&T-Clipper-chip BODY: AT&T (NYSE: T) said today it is moving to improve the security and privacy of telephone communications by incorporating a just-announced new U.S. government technology for voice encryption into its secure communications product line. AT&T will use the Clipper chip, announced today by President Clinton as a new technology for voice encryption, in all of its secure telephone products except those specially designed for government classified customers. The Commerce Department has announced a six-month timetable for the final certification of Clipper. "AT&T is pleased to be the first company to publicly commit to adoption of the Clipper chip," said Ed Hickey, AT&T vice president, Secure Communications Systems. "We believe it will give our customers far greater protection in defeating hackers or eavesdroppers attempting to intercept a call. "And now all commercially available AT&T voice encryption products will be compatible with each other, a major step forward in bringing secure communications capabilities to the business community." In standardizing AT&T voice encryption products on the Clipper chip, AT&T will include the algorithm in the Telephone Security Device as well as in the Secure Voice/Data Terminal. The AT&T Telephone Security Device is a compact, lightweight unit that brings advance encryption technology to conventional land-line and cellular telephones. It provides a powerful, convenient and reliable way to protect the most sensitive telephone conversations. The device works with a conventional land-line or transportable/mobile cellular phone. It turns the phone's signal into a digital stream of encrypted information that is decrypted by a Telephone Security Device attached to the phone at the receiving end of the call. The AT&T Telephone Security Device connects easily to desk telephones or tranportable or mobile phones. It weighs 1.5 poun PAGE 5 PR Newswire, April 16, 1993 inches wide and 1.5 inches high. And it's as easy to use as it is portable. The AT&T Secure Voice/Data Terminals are desktop telephones that provide encryption for both telephone calls and data transmissions. These AT&T secure communications products use an enhanced voice encryption technique that provides very high voice quality. This technology allows calls placed with these products to approach the voice quality of normal calls. To further enhance interoperability, AT&T will consider licensing to other manufacturers its enabling technologies for interoperability. Interoperability of encryption devices requires common technology beyond the use of a common encryption algorithm, specifically common methods of digital voice encoding and signaling. AT&T has already performed integration tests with Clipper chips manufactured by the government's supplier, Mykotronx Inc., of Torrence, Calif., and is preparing to integrate the chip into the manufacturing of its secure products. AT&T's Clipper-equipped telephone security devices will be available to customers by the end of the second quarter. The federal government intends to adopt the Clipper chip as the standard for voice encryption to help protect proprietary information, protect the privacy of personal phone conversations and prevent unauthorized release of data transmitted electonically. At the same time, use of the Clipper chip will preserve the ability of federal, state and local law enforcement agencies to intercept lawfully the phone conversations of criminals. "Adoption of Clipper will support both the government's efforts to protect the public and the public's right to privacy," Hickey said. AT&T Secure Communication Systems provides products to protect voice, data, fax, cellular and video communications. It also engineers and integrates secure communications applications. Its customers include the governments of the United States and other nations as well as major corporations around the world. AT&T Secure Communications Systems is headquartered in Greensboro. For more information about the AT&T Telephone Security Device 3600 and other AT&T Secure Communications Products, call David Arneke at 919-279-7680. CONTACT: David Arneke of AT&T Secure Communications Systems, 919-279-7680, or after hours, 919-273-5687, or Herb Linnen of AT&T Media Relations, 202-457-3933, or after hours, 202-333-9162 ORGANIZATION: AT&T TICKER-SYMBOL: T SUBJECT: New Products; Services GEOGRAPHIC: North Carolina INDUSTRY: Telecommunications CO: AMERICAN TELEPHONE & TELEGRAPH CO INC; PR Newswire, April 16, 1993 TS: T (NYSE); IND: 111 COMMUNICATIONS; ---------------------------------------------------------------- From hkhenson at cup.portal.com Mon Apr 26 18:21:06 1993 From: hkhenson at cup.portal.com (hkhenson at cup.portal.com) Date: Mon, 26 Apr 93 18:21:06 PDT Subject: MEETING SUMMARY: Message-ID: <9304261808.1.16634@cup.portal.com> Tim May closes his excellent summery with > May you live in interesting time, indeed! The rest of this curse is not as well known, but it goes "and attract the attention of important people." I suspect we are doing just that. Keith Henson From composer at Beyond.Dreams.ORG Mon Apr 26 19:21:44 1993 From: composer at Beyond.Dreams.ORG (Jeff Kellem) Date: Mon, 26 Apr 93 19:21:44 PDT Subject: a quick non-technical writeup on the Clipper chip... Message-ID: <9304270221.AA01280@Beyond.Dreams.ORG> The following is something I wrote for "What's Out There?", a column I write about what's available on the net. It's more for pointing out where to find out more information and such, but also includes a few of the concerns about the announcement. Feel free to send me comments. I'll be posting this to various USENET newsgroups in the near future, as the column won't be in hardcopy until about June, 1993. FYI... -jeff Jeff Kellem Internet: composer at Beyond.Dreams.ORG p.s. This is excerpted with permission, of course, since I am the author. ;-) ===CUT HERE=== [ NOTE: Please see the COPYRIGHT/LICENSE notice at the end of this document before ANY redistribution. ] The following is a portion of Volume 1, Issue 03 of "What's Out There?" written by Jeff Kellem . This is expected to appear in the May/June 1993 issue of the USENIX Association's hardcopy newsletter, ";login:". Excerpted from "What's Out There?", Volume 1, Issue 03... White House and NSA (Encryption) Clipper Chip Announcement ---------------------------------------------------------- On April 16, 1993, the White House announced the development of an encryption chip for voice communications developed in conjunction with the National Security Agency (NSA) called the Clipper Chip, along with an initiative regarding telecommunications and privacy which could literally affect almost every citizen in the United States. On the same day, AT&T announced a "secure" phone which incorporated this chip. Some important things to point out: o the encryption algorithm is remaining classified [ In the cryptography community, an encryption algorithm is only considered secure after it has been examined extensively and independently by a wide array of experts around the world. With an algorithm which is kept secret, there is no guarantee that it is secure and that the encryption method has no "back door" (allowing easy decryption for those, such as the NSA, that know the "back door"). ] o though the government has announced plans to use the chip in their own phones, they do NOT plan to use it for CLASSIFIED information, only for unclassified information. o this chip has been in the making for 4 years; it would seem that the Clinton Administration has already made plans to use the chip, without public comment or discussion on a matter which is so important to the privacy of that same public. o it would seem that the Government might be granting a monopoly to Mykotronx, Inc. and VLSI Technology. It's unclear whether each company makes the entire chip or just parts thereof. o the key, which allows the information encrypted with this chip to be decrypted, is embedded in the chip [ This means that once the key is known, the chip needs to be replaced to maintain private communications. In other words, a new encryption device, if the key is ever divulged, which could just mean a wire-tap. ] o the 80-bit key is split into two (2) 40-bit pieces and kept in databases at two different escrow agencies [ It's not clear how the key databases will be kept secure. It is also unknown if the classified encryption algorithm is any less secure to brute-force attacks, once half the key is known. ] o a successor chip has already been announced, called the Capstone chip. The Capstone chip is supposed to be a "superset" of the Clipper chip and will include the "digital signature standard" (DSS), which many in the cyprotgraphy community seem to consider insecure, as I recall. The NSA also developed DSS, which wasn't disclosed until CPSR filed a FOIA request with NIST (the National Institute of Standards & Technology). This announcement, in one way, is a step in the right direction -- privacy and encryption technology are important to the general public and for international economic competitiveness. An inquiry on whether export restrictions on encryption technology is good or bad is also a good thing. Currently, companies that want to include encryption as part of their products need to make two versions -- one for domestic distribution and one for international distribution. On the other hand, there are too many things about the announcement which are bothersome and need to be discussed publicly. Some of these items have been mentioned above. I recommend talking with your local congressman, writing letters, and discussing this with friends. Both the Electronic Frontier Foundation (EFF) and the Computer Professionals for Social Responsibility (CPSR) have made public statements against the announcement. The CPSR has filed Freedom of Information Act (FOIA) requests regarding the plan. Online discussions of the announcement have been occurring all over the Net in various USENET newsgroups and mailing lists. Here's a sample of where you might find discussions of the Clipper Chip: USENET newsgroups: alt.privacy.clipper sci.crypt alt.security alt.privacy comp.org.eff.talk comp.security.misc comp.society.cu-digest comp.risks Mailing lists: cypherpunks-request at toad.com Also, check the archives for the various groups listed above, as things may have changed by the time this comes to print in hardcopy come June 1993. The official White House press release of the Clipper Chip can be found via anonymous ftp from: csrc.ncsl.nist.gov in the /pub/nistnews directory, or via the NIST Computer Security BBS at +1 301 948 5717. It should also be available with the rest of the White House press release archives mentioned above. The EFF comments were first published in the EFFector Online Issue 5.06, which is available via anonymous ftp from: ftp.eff.org in the /pub/EFF/newsletters directory. Information from CPSR is available online via anonymous ftp from: ftp.cpsr.org in the /cpsr directory. The cypherpunks mailing list also maintains an archive. Information on the Clipper Chip can be found via anonymous ftp from: soda.berkeley.edu in the /pub/cypherpunks/clipper directory. Please do read the announcement of the Clipper Chip encryption technology, think about and discuss the implications of this with your friends, congressmen, and anyone else. ...End of excerpt. COPYRIGHT/LICENSE: This document is Copyright (c) 1993 Jeff Kellem/Beyond Dreams, composer at Beyond.Dreams.ORG. This copyright notice must be kept with each document. You have permission to freely redistribute this for non-commercial and non-profit purposes. It would be nice if you let the author know about any redistributions that are expected to reach more than a single person. :-) (This would include mirroring ftp sites, etc.) Please contact the author if you wish to use this document in ANY other fashion. Most likely, there won't be a problem. If you wish to redistribute this document for commercial purposes, you MUST contact the author for permission. Thank you. Jeff Kellem Composer of Dreams Beyond Dreams Internet: composer at Beyond.Dreams.ORG From tcmay at netcom.com Mon Apr 26 20:14:28 1993 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 26 Apr 93 20:14:28 PDT Subject: A correction, and another motive for Clipper Message-ID: <9304270314.AA12553@netcom3.netcom.com> Jim Bidzos of RSA informs me that Capstone does in fact use public key methods, and that his company will presumably receive royalty payments. (I remember this being discussd, now. The government itself has royalty-free access to the various public key patents, so I understand, but corporations selling equipement using the patents would presumably have to negotiate their own deals.) On another matter, I saw in the April 19th issue of "Network World," the headline on the front page: "Clinton security plan hints of Big Brother," with the subtitle: "Clipper Chip would let government eavesdrop on encrypted voice and data communications." The article is by Ellen Messmer. Along with the usual quotes from the White House announcement came this curious admission from an AT&T manager when asked why anyone, especially a criminal or terrorist, would use a tappable phone when alternatives exist. ---begin quote--- "A criminal probably wouldn't use it," said Mike Agee, marketing manager for secure products at AT&T, adding that the Clipper Chip is for the rest of the world. ---end quote--- Now I've heard several explanations for Clipper, ranging from buying market share to the stupidity of criminals (i.e., criminals _could_ buy non-Clipper alternatives under the current plan, but in practice they're too stupid to). Assuming non-Clipper encryption remains legal, why Clipper? It just occurred to me that perhaps the government is primarily interested in tapping its *own* phones! Not necessarily as part of a paranoid conspiracy plan, but because of the graft and bribery cases that keep coming up, such as the Defense Department scandals uncovered by Operatin Ill Wind a few years back. Ditto for "leaks" from offices. The Powers That Be may have looked at the coming age of untappable phones and concluded that at least they make sure they could tap the phones of those in government and defense contractors and suppliers, who will be the only ones actually _required_ to buy the Clipperphones. (Under the precise wording of the White House announcement; we can all still worry that this move is preparatory to wider restrictions.) Lest you think I'm becoming like David Sternlight and looking for the silver lining in every government move, I'm only floating this as a minor wrinkle on why the Clipperphones may be being deployed so quickly. --Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. From gnu Mon Apr 26 21:24:54 1993 From: gnu (John Gilmore) Date: Mon, 26 Apr 93 21:24:54 PDT Subject: He's all yours... Message-ID: <9304270424.AA29796@toad.com> I'll send him the master list of cypherpunks questions. You-all can do the rest. John ------- Forwarded Message From: schneier at chinet.com (Bruce Schneier) Subject: Comments on Clipper for Publication To: gnu at toad.com Date: Mon, 26 Apr 1993 20:27:26 -0500 (CDT) I am writing an article on Clipper for Network World. I am looking for comments and opinions (that I can quote) on the scheme, its implications for security and privacy, its acceptance here and overseas, etc. I am on very tight deadline (I need to finish this Wednesday night). Please call or E-Mail responses. If there is someone else at EFF I should be talking to, please send me his address and telephione number. Thanks, Bruce (708) 524-9461 ------- End of Forwarded Message From wcs at anchor.ho.att.com Mon Apr 26 21:35:30 1993 From: wcs at anchor.ho.att.com (wcs at anchor.ho.att.com) Date: Mon, 26 Apr 93 21:35:30 PDT Subject: Mykotronx and VLSI data sheets Message-ID: <9304270435.AA09033@anchor.ho.att.com> The data sheets arrived today! (Steve - I gave Matt a copy; I can fax it to you if yours hasn't shown) (Cypherpunks - Mykotronx 310-533-8100 fax-0527, VLSI 408-434-3100 fax-263-2511) The VLSI material didn't have anything Clipper-specific - lots of stuff on their ASIC libraries and chips, and some information on their tamper-proof technology. Their DES chip does 192 Mb/s, and they've got a vocoder chip for 13 kb/s GSM as well as 32 kb/s ADPCM G.721, ARM RISC, Z80 cores, high-speed comms stuff, PC support ASICs, etc. The Mykotronx material was interesting. It was about 18 pages long, and there are functional diagrams, pinouts, timing diags, command sets. It looks like there may be two versions, one commercial, one industrial-hard. The chip is 28-pin PLCC, with 4 bits control input, 8 leads for input/ output/config/status/test/alarm depending on command, the usual power, clock, strobe, busy, reset, and alarm leads, and two leads for higher-voltage write-once PROM. The internal clock is 15 MHz, and I'm not sure how fast it goes if you clock it externally (it uses the internal clock when it's doing the fun stuff, but can use externals for I/O, etc.) It looks like the encryption phase takes 64 clock cycles, but I'm not an electrician so I can't guarantee that that's what the timing diags mean; if that's the case it would seem to be slower than 16 mb/s throughput given I/O time? There are 5 functional blocks: controller, algorithm, Data Bus Buffer, self-test, and clock. There's an internal data bus (how wide? 8 bits?) with the controller, data buffer, and external clock accessible from outside, the self-test generating two output leads only, and the algorithm block isolated (only connected to the bus and self-test.) The basic sequence of operations, once the chip has booted and tested, is that you feed commands to initialize cryptographic variables (key, IV), tell it to encrypt or decrypt, strobe in data, let it crunch, and strobe out results. It's picky about getting commands in the right order, and rejects anything it isn't willing to do for security reasons. It can operate in 7 different modes: ECB-64, CBC-64, OFB-64, CFB-64/32/16/8. The number of bytes read or written depends on the mode, but I was interested to find that I couldn't tell from the data sheets how many bytes that is, which either means they deliberately aren't telling us where the wiretap block is or else they assume that the Output Buffer Full and Input Buf Empty leads are all you care about; I'll try to find a tasteful way to ask them. Commands: - Reset - Write Random Seed - must be done at startup; there's a pseudo-random generator for IVs. If you give it a zero, it asks for a better seed. - Write Config Register - done second, picks operating mode. If you're in IDLE mode, you need to do this before writing the CV or IV. - Write Crypto-Variable (CV) (loads 10 bytes key, 3 bytes checksum, automagically checks key when loaded.) - Write Initialization Vector (IV) - you can load it or generate. - Generate IV - using the pseudo-random. Outputs to data bus when done. - Start Encrypt Block - read data off bus, crunch, wait for Read Output, IDLE - Read Output - strobes out output - Start Decrypt Block - read data, crunch, wait for Read Output, repeat until you get a Terminate or other command - Terminate Encrypt/Decrypt - stop doing encryption (IDLE?) - Save Current State - output 8 bytes of state to data bus - Restore Current State - input 8 bytes of state from data bus - Read Status Register - outputs to bus - Read Test/Alarm Register - outputs to bus - Write Test/Alarm Register - read from bus, do tests If you want to order a copy, they were pretty quick about delivering it. The person I talked to was John Droge, VP, Program Development. Approximate prices are $30 (qty. 10,000), no mention of engineering samples, quotations on a case-by-case basis for now. Bill Stewart # Bill Stewart wcs at anchor.ho.att.com +1-908-949-0705 Fax-4876 # AT&T Bell Labs, Room 4M-312, Crawfords Corner Rd, Holmdel, NJ 07733-3030 From gnu Mon Apr 26 22:24:33 1993 From: gnu (John Gilmore) Date: Mon, 26 Apr 93 22:24:33 PDT Subject: Markey hearings on Thursday will be on the Internet MBone Message-ID: <9304270524.AA00805@toad.com> John Gage tells me that audio from the Congressional hearings on telephone privacy and Clipper will be multicast on the Internet `MBone' (multicast backbone). We don't yet know the multicast address. If someone who knows about the mbone could hook in and record a copy of the hearings (as an online sound file, or on tape), that would be great. I'll be at a conference on Thursday. John From tcmay at netcom.com Mon Apr 26 22:25:04 1993 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 26 Apr 93 22:25:04 PDT Subject: COMP.RISKS is where the action seems to be Message-ID: <9304270525.AA28002@netcom3.netcom.com> Comp.risks is carrying extensive coverage of the Clipper Chip issue, including Dorothy Denning attempting to defend the Clipper. Sci.crypt and alt.security.clipper still have more messages, but comp.risks seems to be the place I check first. Being a digest, though, a new one only appears a few times a week. -Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. From composer at Beyond.Dreams.ORG Mon Apr 26 22:35:49 1993 From: composer at Beyond.Dreams.ORG (Jeff Kellem) Date: Mon, 26 Apr 93 22:35:49 PDT Subject: a quick non-technical writeup on the Clipper chip -- corrections Message-ID: <9304270535.AA02062@Beyond.Dreams.ORG> Here are some minor corrections to the the non-technical writeup I posted earlier this evening. Note, that I also already corrected the typo regarding how the keys were constructed. Ignore the line numbers.. they'll be incorrect, as this is part of a larger article. FYI... -jeff Jeff Kellem Internet: composer at Beyond.Dreams.ORG ===CUT HERE=== *** /tmp/RCSA002047 Tue Apr 27 01:29:46 1993 --- whats-out-there-1.03.text Tue Apr 27 01:29:08 1993 *************** *** 188,203 **** important to the privacy of that same public. o it would seem that the Government might be granting a monopoly to ! Mykotronx, Inc. and VLSI Technology. It's unclear whether each ! company makes the entire chip or just parts thereof. o the key, which allows the information encrypted with this chip to be decrypted, is embedded in the chip [ This means that once the key is known, the chip needs to be ! replaced to maintain private communications. In other words, a new ! encryption device, if the key is ever divulged, which could just ! mean a wire-tap. ] o the 80-bit key is made from the xor of two (2) 80-bit keys, which are kept in databases at two different escrow agencies --- 188,206 ---- important to the privacy of that same public. o it would seem that the Government might be granting a monopoly to ! Mykotronx, Inc. and VLSI Technology. As far as I know, VLSI ! fabricates the chip and Mykotronx programs the keys into it. o the key, which allows the information encrypted with this chip to be decrypted, is embedded in the chip [ This means that once the key is known, the chip needs to be ! replaced to maintain private communications. This would usually ! mean replacing the entire device (e.g. telephone), anytime that ! the key was divulged, whether legally or not. The key is also ! transmitted along with your encrypted data, so that law enforcement ! can obtain it, which would allow them to decrypt your data without ! your knowledge. ] o the 80-bit key is made from the xor of two (2) 80-bit keys, which are kept in databases at two different escrow agencies *************** *** 223,235 **** for international distribution. On the other hand, there are too many things about the announcement which ! are bothersome and need to be discussed publicly. Some of these items ! have been mentioned above. I recommend talking with your local ! congressman, writing letters, and discussing this with friends. Both the Electronic Frontier Foundation (EFF) and the Computer Professionals for Social Responsibility (CPSR) have made public statements ! against the announcement. The CPSR has filed Freedom of Information Act (FOIA) requests regarding the plan. Online discussions of the announcement have been occurring all over the --- 226,243 ---- for international distribution. On the other hand, there are too many things about the announcement which ! are bothersome and need to be discussed publicly. Some of these items have ! been mentioned above. The Clipper Chip basically seems like it might ! provide privacy from some people, but not from the government. I recommend ! talking with your local congressman, writing letters, and discussing this ! with friends. Both the Electronic Frontier Foundation (EFF) and the Computer Professionals for Social Responsibility (CPSR) have made public statements ! against the announcement. The EFF supports the idea of reviewing ! cryptographic and privacy policies, but believes that the Clipper Chip ! announcement was premature and should be delayed until after the overall ! review and discussion. The CPSR has filed Freedom of Information Act (FOIA) requests regarding the plan. Online discussions of the announcement have been occurring all over the From composer at Beyond.Dreams.ORG Mon Apr 26 22:40:24 1993 From: composer at Beyond.Dreams.ORG (Jeff Kellem) Date: Mon, 26 Apr 93 22:40:24 PDT Subject: COMP.RISKS is where the action seems to be In-Reply-To: <9304270525.AA28002@netcom3.netcom.com> Message-ID: <9304270540.AA02095@Beyond.Dreams.ORG> On the cypherpunks mailing list, Tim May wrote... > Sci.crypt and alt.security.clipper still have more messages, but ^^^^^^^^ Minor correction: it's alt.privacy.clipper. FYI... -jeff Jeff Kellem Internet: composer at Beyond.Dreams.ORG From strat at intercon.com Mon Apr 26 22:47:14 1993 From: strat at intercon.com (Bob Stratton) Date: Mon, 26 Apr 93 22:47:14 PDT Subject: Markey hearings on Thursday will be on the Internet MBone In-Reply-To: <9304270524.AA00805@toad.com> Message-ID: <9304270547.AA10528@intercon.com> >>>>> On Mon, 26 Apr 93 22:24:31 -0700, gnu at toad.com (John Gilmore) said: John> John Gage tells me that audio from the Congressional John> hearings on telephone privacy and Clipper will be John> multicast on the Internet `MBone' (multicast backbone). John> We don't yet know the multicast address. Hrm..That's interesting. If you're on the MBONE, the Session Directory tool should show you upcoming events, and let you select them. It also fires off the appropriate client software with the proper arguments, which is the Right Thing. John> If someone who knows about the mbone could hook in and John> record a copy of the hearings (as an online sound file, John> or on tape), that would be great. I'll be at a John> conference on Thursday. I'm on the remote conferencing mailing list (rem-conf at es.net), and I have yet to see an announcement. If I can find it, I'll tape it. John, have your friend drop me a note with any details he might have, because the regular channels haven't had any information on this. Any pointers might help me track it down. --Strat From keenan at acs.ucalgary.ca Mon Apr 26 23:09:19 1993 From: keenan at acs.ucalgary.ca (Tom Keenan) Date: Mon, 26 Apr 93 23:09:19 PDT Subject: Clipper: International implications Message-ID: <9304270606.AA67332@acs3.acs.ucalgary.ca> It will be fascinating to see how non-US governments react to Clipper. Anybody have any info on this? I will contact the office of the Canadian minister responsible for Communictions (Hon. Perrin Beatty) and see if there has been a statement or reaction. Canada might prosper as a "phone haven" much as some Caribbean countries are "data havens." Somewhat related item in April 19/93 Communictions Week International (page 4) reports (in part): "Europe's mobile telephone industry is developing less-secure GSM digital cellular equipment to mollify government law-enforcement agencies and adjust to restrictions on high technology exports. New base station software and modified handset chips would make it easier for GSM calls to be tapped, a requirement of some governments, but would likely cost millions of dollars to install in existing networks and terminals." The export status of Clipper technology will also be an interesting thing to sort out. White House Statement just says "case by case." Dr. Tom Keenan, I.S.P. Associate Dean, R&D, U of Calgary & Technology Correspondent, CBC Television "Midday" From pleiku!kelly at netcom.com Mon Apr 26 23:47:02 1993 From: pleiku!kelly at netcom.com ($HOME/.sig) Date: Mon, 26 Apr 93 23:47:02 PDT Subject: COMP.RISKS is where the action seems to be In-Reply-To: <9304270540.AA02095@Beyond.Dreams.ORG> Message-ID: <9304270638.AA27096@netcomsv.netcom.com> -- Parts of this .sig borrowed with permission from T.C.May. Perhaps it will indeed get me busted also. .......................................................................... Kelly Goen | Crypto Anarchy: encryption, digital money, kelly at netcom.com | anonymous networks, digital pseudonyms, zero Intelligence Systems | knowledge, reputations, information markets, Specialists Inc. | black markets, face banks, data havens, dark | tech, covert channels, shared secrets, | alt.whistleblowers, collapse of governments. Technical Monkeywrench | Public Key: PGP 2.2. | .......................................................................... PGP 2.2 Key available from PGP Keyservers on the Internet. pub 1024/1BA573 1992/09/09 kelly Key fingerprint = EF 7A 38 99 22 84 E3 3B 90 2A DB 80 DC 65 DA 31 STOP THE WIRETAP CHIP(Clipper Chip)!! From szabo at techbook.com Tue Apr 27 03:17:43 1993 From: szabo at techbook.com (Nick Szabo) Date: Tue, 27 Apr 93 03:17:43 PDT Subject: How to protect your electronic privacy -- consumer pamphlet Message-ID: Here is a handout I've written for our next Portland-area libertarian meeting. Comments welcome. Feel free to distribute freely (you can edit out Portland-specific stuff) with attributions. ---------------------------------------------------------------- How to Protect Your Electronic Privacy Nick Szabo, April 30 1993 Distribute Freely We conduct more and more of our legal, political, and private business over the wires. Every decade, the number of phone calls that the government can record for later playback increases by a factor of ten. Commercial organizations gather and sell our transactions; marketers and governments cross-reference them, forming our vast electronic reputation. The number of e-mail messages doubles every year, and many political organizations are coming to rely on networks like Internet and LiberNet. Most e-mail users are unaware that it is the most public medium ever invented, and use it to write love letters, letters to their lawyer, discussion of illegal activities, etc. Vast volumes of e-mail can be stored on small magnetic tapes and searched in bulk for keywords, eg "mari[jh]uana". The good news is, the computer brings an even greater weapon to fight these threats to our privacy and political freedoms: widely available, automatic cryptography. Instead of developing phones allowing truly private conversations, which are now feasible, AT&T recently put a phone on the market that contains the NSA-designed "Clipper" wiretap chip. All users' encryption keys are registered with the U.S. government, giving it exclusive access to wiretapping this system's phones. The use of an unpublished algorithm and other features also make the system insecure. "Clipper" would also make traffic analysis (finding out who is calling whom, when, etc.) much easier. The goal of this government/Ma Bell collusion is to subsidize the creation of a standard that forces truly private phone systems off the market. By purposefully allowing a government backdoor in its "secure" phones, AT&T has demonstrated its contempt for its customers' privacy. Here are some other long-distance providers that may have more respect. All U.S. line providers are required to surrender to telephone taps under government "authorization", but some require more "authorization" than others, or otherwise make a greater fuss about it. Local wiretaps are beyond the control of long-distance companies, but long-distance eavesdropping is much more difficult if the company uses fiber optic instead of microwave links. Ask company representatives for details. Allnet Long Distance Services 1-800-783-2020 MCI, commercial 1-800-888-0800 MCI, residential 1-800-950-5555 Metromedia Communications Corp. 1-800-275-2273 One-2-One Communications 1-800-293-4121 Sprint, residential 1-800-877-7746 Sprint, business 1-800-733-5566 Real phone privacy can be obtained with a veil of encryption, by using pairs of phones containing privacy chips, which scramble the signals *and* keep the keys private. Contact your local business telephone dealers for privacy phones from Ericson, Cylink and other companies. Keep your eye out for portable-computer-based software with voice input that can be used to encrypt voice mail and send it over the networks like e-mail; these may be appearing on the market or as freeware within six months. Data privacy can be obtained with public-key encryption features which have been added to some of the newer e-mail packages from Microsoft, Apple, Novell, etc. Beware: most software encryption has been restricted by the U.S. government to very weak algorithms. "Cypherpunks" enjoy writing programs to crack the weakened file encryption in Word Perfect, Lotus, etc. Be sure the software contains the new "RSA" public-key algorithm, which probably cannot be cracked by anybody, even the NSA with their buildings full of supercomputers. A strong freeware RSA package is also available called Pretty Good Privacy (PGP); this is the international standard on the Internet. PGP can also be used for protecting the files on your PC. On an Internet machine type "archie pgp" to find out where PGP is available for download. Several BBS systems also have PGP available. In public key encryption, there are two keys, one used to lock (really scramble) the data, the other to unlock (unscramble) the data. To join the fun, publish or send your freinds your public key, and they can then send you messages only you can unlock with your private key. You collect other's public keys and do the same. PGP key distribution is based on an informal, voluntary web of trust instead of the government's rigid heirarchy which is vulnerable to failure at the top. Just as today's businessmen trade business cards, tommorrow's businessmen will trade public keys -- if the government doesn't ban them first. For more detailed information on electronic privacy, see: * Your local phone dealer. If he does not know about privacy issues and phone privacy products, ask him to find out! * The May/June issue of "Wired" magazine featuring "crypto-rebels" on the cover. A history computer cryptography and the "cypherpunk" movement, whose goal is to break the government monopoly on cryptography and to restore our right to privacy in the electronic age. * "Mondo 2000" #9 (most recent) features two good articles on PGP, and a third article on protecting our financial privacy from governments. * The Winter/Spring issue of "Extropy" features and article on digital cash. Unlike current electronic funds transfer, digital cash increases financial privacy. * On the Internet, the cypherpunks mailing list (cypherpunks-request at toad.com) and the newsgroups sci.crypt. In the Portland area two Internet providers are agora (293-1772 data) and techbook (220-0636 data). * Organizations helping lobby for electronic privacy: Electronic Frontier Foundation (eff.org), Computer Professionals for Social Responsibility (cpsr.org), Privacy International. These are not entirely libertarian (eg EFF tends to support Gore's socialist "Data Highway".) * James Bamford, _The Puzzle Palace_, 1983: A classic expose of the National Security Agency. Nick Szabo szabo at techbook.com From anton at hydra.unm.edu Tue Apr 27 03:52:40 1993 From: anton at hydra.unm.edu (Stanton McCandlish) Date: Tue, 27 Apr 93 03:52:40 PDT Subject: Clipper: International implications In-Reply-To: <9304270606.AA67332@acs3.acs.ucalgary.ca> Message-ID: <9304271052.AA20890@hydra.unm.edu> > statement or reaction. Canada might prosper as a "phone haven" > much as some Caribbean countries are "data havens." "are"? I was under the impression that that was a sci-fi motif. What do you mean the "are 'data havens'"? -- Testes saxi solidi! ********************** Podex opacus gravedinosus est! Stanton McCandlish, SysOp: Noise in the Void Data Center BBS IndraNet: 369:1/1 FidoNet: 1:301/2 Internet: anton at hydra.unm.edu Snail: 8020 Central SE #405, Albuquerque, New Mexico 87108 USA Data phone: +1-505-246-8515 (24hr, 1200-14400 v32bis, N-8-1) Vox phone: +1-505-247-3402 (bps rate varies, depends on if you woke me up...:) From karn at qualcomm.com Tue Apr 27 09:18:04 1993 From: karn at qualcomm.com (Phil Karn) Date: Tue, 27 Apr 93 09:18:04 PDT Subject: Markey hearings on Thursday will be on the Internet MBone Message-ID: <9304271617.AA01355@servo> Does anybody know if the hearings will be carried on CSPAN? Phil From a2 at well.sf.ca.us Tue Apr 27 09:37:01 1993 From: a2 at well.sf.ca.us (Arthur Abraham) Date: Tue, 27 Apr 93 09:37:01 PDT Subject: A correction, and another motive for Clipper Message-ID: <199304271636.AA22886@well.sf.ca.us> 27-Apr-93 Tim, Your suggestion has the validity of strong logic: it fits all the facts we know, leaves none out, and makes no external assumptions. In particular, while the rotten underbelly of society (terrorists, drug runners, producers of TV sitcoms) would have no compunctions about using further encryption within a Privacy Clipper wrapper, a government employee or contractor who did would be highly suspect, and -- knowing Big Uncle might be listening -- would be restrained from performing kick-back business as usual. Is this the technological fix to government corruption? Following this theory, I am sure we would all applaud legislation restraining the gov-guys from using non-Clipper crypto. The situation might come to resemble drug testing: legally mandated for individuals in "public saftey" positions, such as transportation workers and A-bomb builders, not required where not justified. The Attorney General is going to buy several thousand of these things, she already has the money -- and probably a signed contract with AT&T Greensboro -- and it's unlikely this can be stopped. What we can do is use it to our advantage. This may be maneuvered into a no-lose situation for us, as... either: a. The government taps itself, corruption is uncovered, and the national debt decreases. Society agrees that public officials don't deserve privacy, but citizens do. or: b. The government bureaucrats, seeing hard times coming, reject Privacy Clipping for themselves, and so everybody -- gov and citizens -- retains their privacy. (This is judo: use their weight against them.) Let me suggest this as a political position: Clipper Privacy for the Government, real privacy for Private citizens. -a2. From crunch at netcom.com Tue Apr 27 11:39:20 1993 From: crunch at netcom.com (John Draper) Date: Tue, 27 Apr 93 11:39:20 PDT Subject: Rave on... Message-ID: <9304271839.AA26005@netcom4.netcom.com> At the last Mt View Cypherpunks meeting, it was discussed about ways in which we can get the word out to as many people as possible. I have an idea on yet another way on how this can be done. Would like to get input and feedback on this from the rest of the group. One such place where lots of people meet are RAVES. My proposal is to set up a room with a bunch of donated PC's Macs or whatever, and have a booth set up where people can purchase PGP diskettes for slightly above cost of the diskettes. People attending raves can purchase their PGP diskettes and on the spot, generate their keys. They can sign each other's keys there, and handout literature can be made available for anyone attending that describes the "Clipper" proposals, and suggestions on what people can do to resist further government control over private cryptography. Already, at most raves, there are demonstrations set up for things like the new "body synth", VR demos, and other things, so this should fit right in. I'm in contact with a number of RAVE organizors, and plan on contacting them. If enough people from Cypherpunks are interested in bringing their portables or small PC's, Macs or whatever to raves, this might be a very good way of reaching the younger people who might not otherwize be plugged into the mainstream media like TV, or newspapers, or whatever. For those interested in donating a Sat evening, and wanting to have a little fun, by bringing their computers to future raves, please send me your Email address, and specifics on any equipment you might want to bring, I can put you in touch with the appropriate organizers. Anyway, I'm open for input on this, and how we can get the word out. At the Cypherpunks dinner, I mentioned to John Gilmore and others about the possibility of doing short video "skits" and "infomercials" on some hypothetical scenerios of a "Faschiist government" that outlaws encryption. We can make it fun and entertaining, and I don't think I would have a problem proposing it to those people capable of producing this video. We will need actors, and some people to write up the "skit". I don't think we would have any problem convincing KQED, or any other TV station to air it. It would reach a lot of people, and is a good instrument in getting the word out. I talked to Wes Thomas about this, and we can set up an ad hoc get together in Berkeley and perhaps Eric Hughes and John Gilmore can attend and we can "ad lib" for practice a few hypothetical skits and vide tape it some evening. I think it would be fun, and even John Gilmore might enjoy participating in this fun activity. Rave on - D00ds!! JD From mnemonic at eff.org Tue Apr 27 12:10:19 1993 From: mnemonic at eff.org (Mike Godwin) Date: Tue, 27 Apr 93 12:10:19 PDT Subject: Interesting quotation from Denning's book on cryptography Message-ID: <199304271910.AA17788@eff.org> >From Dorothy Denning, CRYPTOGRAPHY AND DATA SECURITY, Addison-Wesley 1982,1983, page 8: "Cryptosystems must satisfy three general requirements: "1. The enciphering and deciphering transformations must be efficient for all keys. "2. The system must be easy to use. "3. The security of the system should depend only on the secrecy of the keys and not on the secrecy of algorithms E [enciphering] or D [deciphering]." --Mike From ld231782 at longs.lance.colostate.edu Tue Apr 27 12:45:26 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Tue, 27 Apr 93 12:45:26 PDT Subject: Clipper key negotiation... Message-ID: <9304271945.AA10153@longs.lance.colostate.edu> is nonexistent. That is, as I understand it, the algorithm for creating/exchanging the session key that is negotiated at the beginning of each call is *not* built into the chip or the standard. Am I correct? Mrs. Denning has conspicuously evaded this issue only by saying that the keys can be exchanged via Diffie-Hellman or RSA. The point is, the phone hardware designer/integrator must use an additional circuit. Isn't this a serious potential defect of the chip? Isn't it amazing that the design neglects the issue completely? Wouldn't the ideal (or even `usable'?) chip have this built in? If RSA refused to grant support to people using the algorithm for this purpose, it could have tremendous effect in helping vanquish it... What will be their commitment in this area? Is Mr. Bidzos annoyed about the Clipper chip as a veiled revocation of American rights or as a lucrative opportunity, denied at first, but not later, to get a tasty piece of the wiretapping pie? It seems to me that Mr. Bidzos has a critically pivotal decision to make, and to make clear. Or has it been made already, by someone else? If somebody comes out with a neat chip that interfaces to the Clipper *really soon* that has been *totally approved* by RSA for clipper key negotiation, I'd be a bit suspicious.... Can anybody clear this up? Exactly what parts of session key exchange/ negotiation/ generation are handled by the chip, and which aren't? There is not even specific information in Denning's statements about when all this (including the All-American Privacy-Protecting Law Enforcement Block, ug!) is transmitted (at the beginning of the call, presumably). Why hasn't there been more inquiry into this? Is the key fed to the chip by other circuitry? That would seem to be the case. The chip appears to be just a low level encryption device, not something high-level that worries about key manipulation and trading. Hence, there may be widely varying approaches to implementing key exchange. Not much of a `standard' that leaves unspecified something so basic. Notice however that the wiretapper does not care, because this is not involved in the decryption; the crucial data for them is that the serial number and family codes be correct for the chip. So, these aspects are hardwired. From whitaker at eternity.demon.co.uk Tue Apr 27 13:24:32 1993 From: whitaker at eternity.demon.co.uk (Russell Earl Whitaker) Date: Tue, 27 Apr 93 13:24:32 PDT Subject: Forwarded article. Message-ID: <4612@eternity.demon.co.uk> This article was forwarded to you by whitaker at eternity.demon.co.uk (Russell Earl Whitaker): --------------------------------- cut here ----------------------------- Newsgroups: demon.security From: nikki at trmphrst.demon.co.uk (Nikki Locke) Path: eternity.demon.co.uk!demon!trmphrst.demon.co.uk!nikki Subject: Cppnews now has PGP support Reply-To: cppnews at trmphrst.demon.co.uk Distribution: world X-Mailer: cppnews $Revision: 1.35 $ Organization: Trumphurst Ltd. Lines: 13 Date: Sun, 25 Apr 1993 17:23:45 +0000 Message-ID: <735786863snx at trmphrst.demon.co.uk> Sender: usenet at demon.co.uk CPPNEWS $Revision: 1.35 $ Demon.security members may like to know that cppnews now has the ability to add user defined external commands to the Article menu. This latter enables automatic uudecoding, pgp decrypting etc. to be integrated with cppnews. The latest version of cppnews should be available for public ftp from ftp.demon.co.uk [158.152.1.65]:in directory /pub/trumphurst/cppnews. -- Nikki Locke,Trumphurst Ltd.(PC and Unix consultancy) nikki at trmphrst.demon.co.uk trmphrst.demon.co.uk is NOT affiliated with ANY other sites at demon.co.uk. --------------------------------- cut here ----------------------------- From mnemonic at eff.org Tue Apr 27 13:28:41 1993 From: mnemonic at eff.org (Mike Godwin) Date: Tue, 27 Apr 93 13:28:41 PDT Subject: MEETING SUMMARY: 4-24-93 Cypherpunks Meeting In-Reply-To: <9304261909.AA29562@netcom.netcom.com> Message-ID: <199304272028.AA19664@eff.org> Tim writes in the summary of Saturday's meeting: > Jim Bidzos, President of RSA Data Security, intended to just speak briefly > about the Clipper Chip, Capstone, and the view of RSA, but ended up staying > and participating for several hours. Mike Godwin, of EFF, was present at > the Boston (I think) site. Definitely at the Boston (Cambridge) site. > It appears the Clipper/Capstone program is initially intended to "buy > market share" as quickly as possible, with government offices requiring > Clipperphones (and probably for those they do business with). Perhaps the > intent is undercut competing models and make Clipper the de facto standard, > which can then be made the de jure standard. I am very sceptical that the "market share" strategy is the whole strategy here. I think that while some proponents of Clipper may believe this is the strategy, DOJ hopes that widespread adoption of Clipper will mute any opposition to subsequent limitations on other encryption methods. > John Gilmore has already posted to the list the results of our > brainstorming session to come up with questions to ask the FBI, NIST, NSA, > Congress, and the Administration. Mike Godwin argued that a lot of > embarrassing questions could quickly derail the plan. Let me clarify: I argued that asking tough questions could either force to the government to reveal its hand or pin the government down to a statement it would later have to admit was false. > That is, it's conceivable this plan could begin to unravel fairly soon. We can only hope. > Whit Diffie described how the failure could either so greatly > embarrass the Administration that they'd be loathe to try it again (the > Viet Nam Syndrome, applied to crypto) or that it could provoke them to > tighten restrictions even further, perhaps even to the point of an outright > ban on the use of unapproved encryption at *any* level. I believe this is precisely the reason we want to make powerful encryption ubiquitous as soon as possible. And doing this is one of the reasons I mentioned my hope for an eventual rapprochment between Jim Bidzos and Phil Zimmerman. Regardless of past disagreements, these two have a common cause now, and we should strive to find a way to quell further public disagreement and resolve as many differences as possible. > * Since Jim Bidzos was there, the topic of PGP naturally came up several > times. Eric Hughes let this run for a while, then moved the discussion back > to Clipper. Jim Bidzos clearly had some strong opinions, but also did not > want this to be the forum for debating patents and the legality and ethics > of PGP. Another clarification: in response to a comment I made at the meeting, Jim spoke at length about the validity of the RSA patent and about the validity of his company's procedures. I want Jim and others to understand that what I'm saying here should not be interpreted as an attack on Jim's business strategy. I know that Jim is so used to being criticized about the patent that he has standard responses to those criticisms, but I hope it's clear that I wasn't criticizing him. > Some of us continue to hope some accommodation can be reached between RSA > Data and the PGP community. The upcoming battle over strong crypto is a > bigger issue than this squabble. Yes, yes, yes. --Mike From ebrandt at jarthur.Claremont.EDU Tue Apr 27 13:58:22 1993 From: ebrandt at jarthur.Claremont.EDU (Eli Brandt) Date: Tue, 27 Apr 93 13:58:22 PDT Subject: A correction, and another motive for Clipper In-Reply-To: <199304271636.AA22886@well.sf.ca.us> Message-ID: <9304272058.AA12843@toad.com> > either: > a. The government taps itself, corruption is uncovered, > and the national debt decreases. Society agrees that public > officials don't deserve privacy, but citizens do. > or: > b. The government bureaucrats, seeing hard times coming, > reject Privacy Clipping for themselves, and so everybody -- > gov and citizens -- retains their privacy. (This is judo: use > their weight against them.) S.O.P. would be c. The government mandates that citizens use only Approved Privacy Techniques, while government employees, "for national security reasons", can use whatever they want. The government has a long and lurid history of placing less restrictions upon itself than upon the rest of us. I can imagine general restrictions on crypto, but I can't picture the CIA using a known-broken system. > -a2. Eli ebrandt at jarthur.claremont.edu From bbehlen at soda.berkeley.edu Tue Apr 27 14:39:14 1993 From: bbehlen at soda.berkeley.edu (Brian Behlendorf Vitamin B) Date: Tue, 27 Apr 93 14:39:14 PDT Subject: Rave on... Message-ID: <9304272135.AA19884@soda.berkeley.edu> Hmm... the problem is I don't think a majority of the people at raves are focused enough to concentrate on something as technical as that (I KNOW it isn't technical to you and me, but the average raver doesn't even know what the word encryption means). HOWEVER, raves ARE the ideal place to hand out info about what's going on, something the raver can cling onto to read and understand when he's not high on {vibes,music,drug,etc.}. Give pointers to where to get more info or where to obtain PGP, and perhaps most importantly, WHY THEY NEED IT. Within a certain amount of time, but most likely sooner than any of us anticipate, there will be more people with email access than without, so "taking the message to the streets" is becoming less and less of a fanciful idea.... Brian From uri at watson.ibm.com Tue Apr 27 14:56:04 1993 From: uri at watson.ibm.com (uri at watson.ibm.com) Date: Tue, 27 Apr 93 14:56:04 PDT Subject: Be afraid! (some Clipper details) Message-ID: <9304271854.AA20759@buoy.watson.ibm.com> As Ms. Dorothy Denning explained, this is the intended "interface" between the Clipper and Law Enforcement (taken from her posting to "comp.risks"): 1. Family Key. F is embedded in every Clipper Chip, but like other chip keys, unknown to the people who use them. Only law enforcement will have a decoder box that allows the law enforcement field to be decrypted. Initially, there will be just one box, and it will be operated by the FBI. Read - FBI will have the Family Key (and thus will be able to get all the chip serial numbers, do traffic analysis etc). And later she "corrected" herself, adding: For the same reason as above, it is imperative that law enforcement be able to decode the law enforcement field in order to obtain E[K; U] and then decrypt this to get K. It is completely impractical to go the escrow agents for each conversation. Read - Law Enforcement (local, "global" - whatever) will have that Family Key as well, not only that "one box at FBI"... But it was obvious, wasn't it? 2) Unit Key. It is imperative that law enforcement get U. If they are tapping a line, there may be dozens of calls on that line per day.It would be totally impractical to have to go to the escrow agents to get the session key for each call. It would be impossible to do real-time decryption under that constraint. Read - a) Law Enforcement indeed will have your Unit key (and thus be able to decrypt whetever was sent through your chip, from the day one, till you throw your chip away). b) It's indeed physically possible thus for some corrupted Law Enforcement officials to "collect" the Unit Keys and to do all the bad things with them. c) Nobody seems to be concerned about it. 3) Question about agencies capable of decrypting all the future traffic of once-suspected individual: After a tap has been completed, government attorneys are required to notify the subjects of the electronic surveillance. At that point, the subjects are certainly free to purchase a new device with a new chip, or perhaps the vendors could simply replace the chip. Read - if they won't forget to notify you, that your phone was tapped, feel free to shell another $XXX bucks for a new chip/phone... Keep doing that until either they, or you get tired... 4) Question about whether there's time component in the cipher. Reasons for it - since wiretaps are authorized ONLY for certain time periods with both start and end dates specified, it should not be possible to be able to decrypt the traffic outside of this frame. I am unaware of any time component. Current wiretap laws protect against this. Evidence collected after the warrant has expired can be thrown out in court. In addition, it is illegal for the service provider to implement an intercept after a warrant has expired.With the new technologies,law enforcers will be incapable of executing a tap without the assistance of the service provider. Read - just as we assumed, once your key is compromised (ouch! I mean - disclosed :-), whatever "they" bothered to record, is now open... Well, of course it won't be legal, but then there are many things beyond the law (:-)... 5) Question about potential weakness, which may be lurking behind the "classified" stamp of the algorithm, known thus only to those "cleared" to know. The NSA has a long record of success with crypto, far better than any individual or organization in the public community. In addition, there are plans to bring in expert cryptographers to assess the algorithm. Read - she's ignorant of academia/industry crypto successes? (:-) That's all folks! [For now :-] Regards, Uri. ------------ From a2 at well.sf.ca.us Tue Apr 27 14:58:59 1993 From: a2 at well.sf.ca.us (Arthur Abraham) Date: Tue, 27 Apr 93 14:58:59 PDT Subject: A correction, and another motive for Clipper Message-ID: <199304272158.AA11690@well.sf.ca.us> Eli, Of course the guys with the STU phones will keep them, this is Type II security, which is of a lower level. The people who really need these phones are the civil servants in these departments: Agriculture Commerce Education Energy EPA HHS HUD Interior Justice Labor State Transportation Treasury Veterans Affairs ...that is, people in positions to missapropriate funds, or create overly generous contracts with their future employers. There is no good argument that these functionaries shouldn't be Clippered, except that nobody should be. ""National Security"" doesn't apply here. You also seem to be thinking with two cliches: 1. You can't fight city hall. 2. This is the way things have always been, this is the way they always will be. The guys who put this in motion certainly aren't thinking with 2), but they sure are hoping you're thinking with 1). Please expunge both of them from your mind and replace then with an appreciation of forces and masses: Judo. -a2.] From elee9sf at Menudo.UH.EDU Tue Apr 27 16:08:45 1993 From: elee9sf at Menudo.UH.EDU (Karl Barrus) Date: Tue, 27 Apr 93 16:08:45 PDT Subject: REMAIL: email to usenet gateways Message-ID: <199304272308.AA28969@Menudo.UH.EDU> Hal recently posted instructions on how to post to usenet using the anonymous remailers. Here's a collection of email to usenet gateways I have, no doubt far from complete. group-name at ucbvax.berkeley.edu * group-name at cs.utexas.edu group-name at pws.bull.com group.name at news.demon.co.uk * I understand that the admin of ucbvax.berkeley.edu block posts from non berkeley sites, but I'm not positive about that! I seem to have lost (okay, I must have deleted it :-) a list of nntp servers; places you can telnet to port 119 and POST your message to usenet. Anybody have info about these? /-----------------------------------\ | Karl L. Barrus | | elee9sf at menudo.uh.edu | <- preferred address | barrus at tree.egr.uh.edu (NeXTMail) | \-----------------------------------/ From crunch at netcom.com Tue Apr 27 16:54:46 1993 From: crunch at netcom.com (John Draper) Date: Tue, 27 Apr 93 16:54:46 PDT Subject: Raving on... Message-ID: <9304272354.AA23189@netcom4.netcom.com> Hmmm, getting some mixed responses from the group on the raves idea, below are my comments.... > I don't mean to rain on the parade, but young people (myself >included) go to Raves to get away from the problems and injustice >the clipper represents. Bringing in your personal PC to generate keys >isn't going to draw a crowd. MOST ravers don't have, don't know, and >by and large don't care about computers - let alone mass >communication and encryption schemes. What can the government do if >they don't care? It's the "music" scene. That might be partially true, and depends on the rave. Most raves I go to have all sorts of computer related demonstrations, and exibits. I've been getting very positive interest on the part of rave organizers. Brian says: >Hmm... the problem is I don't think a majority of the people at raves are >focused enough to concentrate on something as technical as that (I KNOW it >isn't technical to you and me, but the average raver doesn't even >know what the word encryption means). HOWEVER, raves ARE the ideal place >to hand out info about what's going on, something the raver can cling onto >to read and understand when he's not high on {vibes,music,drug,etc.}. Give >pointers to where to get more info or where to obtain PGP, and perhaps >most importantly, WHY THEY NEED IT. Within a certain amount of time, but >most likely sooner than any of us anticipate, there will be more people with >email access than without, so "taking the message to the streets" is becoming >less and less of a fanciful idea.... I agree that we should keep it non-technical, thats why I proposed that raves have tables set up where PGP copies can be given out, literature can be displayed for ravers to take home later... Then, there are those hard core cyberpunks that will take in EVERYTHING including lots of drugs. For those UK folks, Craig Larson from the USA will be working with sponsors to a totally awsome rave of an estimated 40,000 folks. Now THATS a good place to get the word out, spark intererest in encryption, etc. And on and on.. JD From hughes at soda.berkeley.edu Tue Apr 27 17:47:37 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Tue, 27 Apr 93 17:47:37 PDT Subject: REMAIL: email to usenet gateways In-Reply-To: <199304272308.AA28969@Menudo.UH.EDU> Message-ID: <9304280008.AA02189@soda.berkeley.edu> >group-name at ucbvax.berkeley.edu * >* I understand that the admin of ucbvax.berkeley.edu block posts from >non berkeley sites, but I'm not positive about that! No problem. Just use a berkeley.edu remailer as the final hop before posting. Eric From svp at gtoal.com Tue Apr 27 18:01:40 1993 From: svp at gtoal.com (Sy Verpunc) Date: Tue, 27 Apr 93 18:01:40 PDT Subject: REMAIL: email to usenet gateways Message-ID: <9304270130.AA18056@pizzabox.demon.co.uk> group-name at ucbvax.berkeley.edu * * I understand that the admin of ucbvax.berkeley.edu block posts from non berkeley sites, but I'm not positive about that! It was open for a couple of years but is now blocked. I checked a week ago. G From svp at gtoal.com Tue Apr 27 19:29:17 1993 From: svp at gtoal.com (Sy Verpunc) Date: Tue, 27 Apr 93 19:29:17 PDT Subject: REMAIL: email to usenet gateways Message-ID: <9304270150.AA18265@pizzabox.demon.co.uk> Hal recently posted instructions on how to post to usenet using the anonymous remailers. Here's a collection of email to usenet gateways I have, no doubt far from complete. group-name at ucbvax.berkeley.edu * group-name at cs.utexas.edu group-name at pws.bull.com group.name at news.demon.co.uk Actually, the latter is group-name at demon.co.uk, and it's intended for demon customers. I believe they don't police this too heavily (ie they could chop connections from non-demon sites) but if it's heavily overused or abused there's a chance it might disappear. These sites are *not* anonymous remailers, in case anyone thought that. They post under the name presented in your mail to it, and if you forge mail the demon one at least attaches an 'Originator:' line with the real site, and sends a copy to the postmaster. Generally, a service not to be abused. The only open NNTP server I know of at the moment is sol.ctr.columbia.edu, and it has user limits and time restrictions. Still, it's better than none. G From ebrandt at jarthur.Claremont.EDU Tue Apr 27 19:39:59 1993 From: ebrandt at jarthur.Claremont.EDU (Eli Brandt) Date: Tue, 27 Apr 93 19:39:59 PDT Subject: A correction, and another motive for Clipper In-Reply-To: <199304272158.AA11690@well.sf.ca.us> Message-ID: <9304280202.AA24998@relay1.UU.NET> > From: Arthur Abraham Your point is that government employees in non-critical positions might end up using Clipper, and this would either reduce corruption or, alternatively, drive the government to repudiate the entire scheme. The latter will not happen (at least not for this reason). Labeling of cliches notwithstanding, there is no reason why government employees could not use a different standard if they found it necessary. This would be no more politically disagreeable than many steps taken in the past. The former I don't understand. The direct effect of Clipper would be to make eavesdropping by other than LE more difficult. There could be an impact on corruption only if it were known or believed that the level of surveillance had concomitantly increased -- if all calls were tapped and archived, perhaps. This would be bad. It would undoubtedly increase the likelihood of such a policy's being implemented w.r.t. the general population. > -a2.] Eli ebrandt at jarthur.claremont.edu From pleiku!kelly at netcom.com Tue Apr 27 20:04:54 1993 From: pleiku!kelly at netcom.com (/home/kelly/.sig) Date: Tue, 27 Apr 93 20:04:54 PDT Subject: ANON: Cryptographic MIX Message-ID: <9304280305.AA19293@netcomsv.netcom.com> # Key fingerprint = EF 7A 38 99 22 84 E3 3B 90 2A DB 80 DC 65 DA 31 STOP THE WIRETAP CHIP(Clipper Chip)!! -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK93QvfgXinP2G6VzAQHAzQP/aaSiiBlKIrZUP+xe4xuC6pzyeS/xM0Hd FdDOJ4ttsOiBPkSm+C6WxLZQvsdhSpe9e947YZmM2afQWgDFBynkcaUG3RS6eh7P Q35Fqaof6WEAqZO+IRg2KYarRA60CB1hUu082B3/9DSSCnr2CsPPMgtQGo8ULg/x WnHX6cN/9Xo= =AtWx -----END PGP SIGNATURE----- # From valerie at valis.biocad.com Tue Apr 27 20:30:38 1993 From: valerie at valis.biocad.com (Valerie Lambert) Date: Tue, 27 Apr 93 20:30:38 PDT Subject: By popular request: A non-techy Clipper blurb Message-ID: <9304280136.AA03855@valis.biocad.com> In article <9304260326.AA15408 at binkley.MIT.EDU>, Derek Atkins writes: >It's even worse than this. It's giving the government a sealed copy >of all your *PAST*, present, and future phone conversations and >messages... They can always record everything, and then use your key >at some later date to recover the messages... Point well taken. I only meant in regards to Clipped communications. Presumably they would have a harder time opening the "envelopes" of your past communications that used non-standard encryption. Sigh. Sound bites are SO shallow, I know. -- Valerie Lambert * valerie at biocad.com * 415/903-3923 * AT&T: phones with Big Brother Built Inside! Just say "NO" to the Clipper wiretap chip. From ral at telerama.pgh.pa.us Tue Apr 27 21:32:37 1993 From: ral at telerama.pgh.pa.us (Robert Luscombe) Date: Tue, 27 Apr 93 21:32:37 PDT Subject: Need help with remailer scripts Message-ID: Would someone be able to help me install the remailer scripts from the archives? I have no Unix experience and have *no* idea where to begin. I don't even know if root access is needed for these. Any help would be appreciated. --Robert Luscombe Internet: ral at telerama.pgh.pa.us Voice:412/488-0941 robert at well.sf.ca.us (Finger for PGP Pub Key) From MCMAHON at control.tgv.com Tue Apr 27 22:11:25 1993 From: MCMAHON at control.tgv.com (Looping Back on the Dulles Toll Road) Date: Tue, 27 Apr 93 22:11:25 PDT Subject: So what was the point ? Message-ID: <01GXIRO3ECDU08QNG8@CONTROL.TGV.COM> > At the first cypherpunks meeting I cam to, > A speaker was giving a presentation on cryptographic MIX protocols. > My memory fails me as to who that was... so thats the question and what is > the progress on an implementation??? (edited) > -----BEGIN PGP SIGNATURE----- > Version: 2.2 (edited) (resulted in) File has signature. Public key is required to check signature. . Good signature from user "snake at cadence.com". Signature made 1993/04/28 00:33 GMT WARNING: Because this public key is not certified with a trusted signature, it is not known with high confidence that this public key actually belongs to: "snake at cadence.com". John 'Fast-Eddie' McMahon () TGV, Incorporated () "Any networking problem can be solved by 603 Mission Street () the application of 33 miles of Unshielded Santa Cruz, California 95060 () Twisted Pair (UTP)" 408-427-4366 or 800-TGV-3440 () [InterOp Spring 1992] E-Mail: MCMAHON at TGV.COM () From a2 at well.sf.ca.us Tue Apr 27 22:36:15 1993 From: a2 at well.sf.ca.us (Arthur Abraham) Date: Tue, 27 Apr 93 22:36:15 PDT Subject: MYK-78 Message-ID: <199304280536.AA09155@well.sf.ca.us> I've been stalking Mykotronx with phone and smail since right after the announcement, and finally got through the guy who kept telling me that I'd undertand if I just knew a little more crypto, to the guy who really know what was going on and wanted to tell me. This is what I found out: Mykotronx MYK-78 has been identified as the Privacy "Clipper" chip. The "Clipper" name comes from Washington, and the guys at Mykotronx know about the Intergraph chip. The data sheets, as those of you who have read them know, are confusing, incomplete and internally inconsistent. This is evident even if you do not consider that they are to implement the social protocol described by Dorothy Denning (her 19-Apr-93 paper, as published in Cypherpunks). After some discussions with Mykotronx, I was able to convince them of the truth of the last paragraph and to have them explain just what the chip was designed to do. I would also like to emphasize that these discussions revealed that the poor quality of the documentation does not result from any attempt to obscure the operation of the chip, they were very forth coming and eager to discuss its operation. The deficiencies result more from the nature of a military contractor's relationship to its one customer: the customer understands how to use the chip so there's no pressure to get it described carefully. Going public was a bit of a surprise to them, in fact the announcement was made during their application engineer's vacation. I am sure there is an interesting story in this timing, but the people I was talking to didn't seem to know it. On to the chip: You don't just hook up a clear-text bit stream to one end and get a Denning-stream out the other. It needs a bit of care and feeding. At startup it requires a Random Seed (8 bytes/64-bits) and a crypto-variable CV (10 bytes/80-bits) for its DES-type algorithm. This is Denning's "skipjack" algorithm and, like DES, is a symmetric key block cypher, which performs in all the DES modes: 64-Bit Electronic Code Book (ECB) 64-Bit Cypher Block Chaining (CBC) 8/16/32/64 Bit Cypher Feedback 64-Bit Output Feedback (OFB) In the last three modes the encryption of each block is dependent on the previous blocks. (If you care to know more about DES modes, see FIPS-PUB 81 which is cited in the data sheets.) One other thing about Skipjack: Denning describes it as having "32 rounds of scrambling" and this is supported by the data sheet's timing charts, which note 64 clocks cycles to complete an encryption. Since this would operate on an 8-byte/64-bit block, with the 15MHz internal clock we appear to have roughly a 10M-bit/1.3MB transfer rate in encryption/decryption. This is fast enough for the average telephone, or several telephones, or maybe a stereo CD. It's probably just average performance for 1 micron technology and some units clock up to 30MHz (they expect 0.8 micron eventually, with improved performance). Back to the Crypto-Variable, CV. The CV is the session key, is selected off-chip, and must always be accompanied by a 3 byte/24-bit checkword. Where do you get the check word?... you ask the chip! If you load a CV with a bad checkword, the chip sets its ERROR line -- oh, sadness. But then you can read out a good checkword, and subsiquently reload the same CV with the good checkword (happy now?). The checkword is actually just the first three bytes from an application of Skipjack to the CV. Do all this and the chip is loaded and ready for plaintext. You could just give it an Encryption command, and start pulling cyphertext out the other side, but who would understand it? First you have to get the key information out of the chip and send it to the chip on the other side of the link. Skipjack is DES-like so to run a decryption mode on the other chip we're going to have to send it the session key, CV, and the Initial Vector, IV, which is the starting state of the stream for the non-ECB modes of operation. We selected CV ourselves, and learned its checkword during the startup experience, but where's IV? Well, we generate it using "a feature not found in current DES chips" (data sheet, 1-3). And quite a feature it is, too. We use this command, Generate IV, and it makes all 8 bytes/64-bits of the IV, based on the Random Seed... But That's Not ALL! You issue the Generate IV command three (3) times to get the full 24 byte/192-bit LEEF block. LEEF = Law Enforcement Exploitation Field. (I wrote this down very carefully to be sure I had it right.) ...Actually, you issue a Read Data command after each Generate IV command, but I won't bore you with details. The first 8 bytes/64-bits are called L1 or LEEF-1, the second 8 bytes/64-bits are L2 or LEEF-2, and then here is the IV we've all been waiting for, in its full 8 byte/64-bit glory. You probably noticed that LEEF is 24 bytes/192-bits long, and has the structure [L1,L2,IV]. Mykotronx is not supposed to tell us the structure of L1,L2. The interesting thing is that [CV,checkword,L1,L2,IV] is a self-checking unit. The receiving chip checks it as it is loaded. If something is wrong, the chip sets its ERROR line. If CV is fermished, you have to get all the way to IV before you're rasberried. In transmitting this we are advised to encrypt CV because it is, after all, the session key. OK, so we are encrypting and the other chip is decrypting. Suppose something happens and the other chip wants to talk to us, so that it encrypts and we decrypt. It has all it needs to encrypt and we have all we need to decrypt, but one more thing has to be done. We need to save the state of the chaining cypher so we can resume it at the same place in the chain when we return to encrypting. Use the Save State command, which pops out 8 bytes/64-bits of Saved State, SS, or the current contents of the Skipjack encryption register. To make this a bit clearer, if we pulled the Saved State right after Generate IV, we'd find SS = IV. The chip's serial number is 4-bytes/32-bits long, not the 3.75 bytes/30-bits Denning reported, but don't worry, _you'll_ never see it. It and the family key are written in over pins Vpp1 and Vpp2, which are then burned out. All chips are currently planned to have the same family key, but if you happen to meet a chip with a different family key and it sends you [CV,checkword,L1,L2,IV], you could understand it. That's the main part of what's missing from the data sheets. The rest works pretty much as described, and is at a level of detail too fine to interest anyone except a compulsive hardware wonk. Oh, one more thing, on page 1-4 where the Configuration Register is shown with two "Arm CV" bits, the one at position D5 should be "Arm IV". -a2. ps: I will be at a meeting the rest of the week, so please don't expect me to respond to requests for clarification until I return. Sorry. -a2. From whitaker at eternity.demon.co.uk Wed Apr 28 00:22:15 1993 From: whitaker at eternity.demon.co.uk (Russell E. Whitaker) Date: Wed, 28 Apr 93 00:22:15 PDT Subject: MEETING SUMMARY: 4-24-93 Cypherpunks Meeting Message-ID: <4696@eternity.demon.co.uk> In message <9304261909.AA29562 at netcom.netcom.com> Timothy May writes (text elided for brevity): > > > * The issue of the name of our group, the Cypherpunks name, was not > discussed. The U.K. group has apparently picked "U.K. Cryptoprivacy Group" > as their name. > Actually, *I* unilaterally changed it. The climate is different here in England. "UK Cryptoprivacy Association" works; "Cypherpunks" requires time-consuming explanation. Of course, I _like_ the latter term... ;-) In any event, it looks to be our largest meeting. I'll post a Tim May-style summary after the meeting. Russell Whitaker Russell Earl Whitaker whitaker at eternity.demon.co.uk Communications Editor AMiX: RWhitaker EXTROPY: The Journal of Transhumanist Thought Board member, Extropy Institute (ExI) ================ PGP 2.2 public key available ======================= From whitaker at eternity.demon.co.uk Wed Apr 28 00:26:28 1993 From: whitaker at eternity.demon.co.uk (Russell E. Whitaker) Date: Wed, 28 Apr 93 00:26:28 PDT Subject: From Crossbows to Cryptography Message-ID: <4706@eternity.demon.co.uk> -----BEGIN PGP SIGNED MESSAGE----- Please note that the following speech was made by Chuck Hammill in 1987. Address all letters to his address, given at the end of this document. -- Russell FROM CROSSBOWS TO CRYPTOGRAPHY: THWARTING THE STATE VIA TECHNOLOGY Given at the Future of Freedom Conference, November 1987 You know, technology--and particularly computer technology--has often gotten a bad rap in Libertarian cir- cles. We tend to think of Orwell's 1984, or Terry Gilliam's Brazil, or the proximity detectors keeping East Berlin's slave/citizens on their own side of the border, or the so- phisticated bugging devices Nixon used to harass those on his "enemies list." Or, we recognize that for the price of a ticket on the Concorde we can fly at twice the speed of sound, but only if we first walk thru a magnetometer run by a government policeman, and permit him to paw thru our be- longings if it beeps. But I think that mind-set is a mistake. Before there were cattle prods, governments tortured their prisoners with clubs and rubber hoses. Before there were lasers for eavesdropping, governments used binoculars and lip-readers. Though government certainly uses technology to oppress, the evil lies not in the tools but in the wielder of the tools. In fact, technology represents one of the most promis- ing avenues available for re-capturing our freedoms from those who have stolen them. By its very nature, it favors the bright (who can put it to use) over the dull (who can- not). It favors the adaptable (who are quick to see the merit of the new (over the sluggish (who cling to time- tested ways). And what two better words are there to de- scribe government bureaucracy than "dull" and "sluggish"? One of the clearest, classic triumphs of technology over tyranny I see is the invention of the man-portable crossbow. With it, an untrained peasant could now reliably and lethally engage a target out to fifty meters--even if that target were a mounted, chain-mailed knight. (Unlike the longbow, which, admittedly was more powerful, and could get off more shots per unit time, the crossbow required no formal training to utilize. Whereas the longbow required elaborate visual, tactile and kinesthetic coordination to achieve any degree of accuracy, the wielder of a crossbow could simply put the weapon to his shoulder, sight along the arrow itself, and be reasonably assured of hitting his tar- get.) Moreover, since just about the only mounted knights likely to visit your average peasant would be government soldiers and tax collectors, the utility of the device was plain: With it, the common rabble could defend themselves not only against one another, but against their governmental masters. It was the medieval equivalent of the armor- piercing bullet, and, consequently, kings and priests (the medieval equivalent of a Bureau of Alcohol, Tobacco and Crossbows) threatened death and excommunication, respec- tively, for its unlawful possession. Looking at later developments, we see how technology like the firearm--particularly the repeating rifle and the handgun, later followed by the Gatling gun and more advanced machine guns--radically altered the balance of interpersonal and inter-group power. Not without reason was the Colt .45 called "the equalizer." A frail dance-hall hostess with one in her possession was now fully able to protect herself against the brawniest roughneck in any saloon. Advertise- ments for the period also reflect the merchandising of the repeating cartridge rifle by declaring that "a man on horseback, armed with one of these rifles, simply cannot be captured." And, as long as his captors were relying upon flintlocks or single-shot rifles, the quote is doubtless a true one. Updating now to the present, the public-key cipher (with a personal computer to run it) represents an equiv- alent quantum leap--in a defensive weapon. Not only can such a technique be used to protect sensitive data in one's own possession, but it can also permit two strangers to ex- change information over an insecure communications channel--a wiretapped phone line, for example, or skywriting, for that matter)--without ever having previously met to exchange cipher keys. With a thousand-dollar com- puter, you can create a cipher that a multi-megabuck CRAY X-MP can't crack in a year. Within a few years, it should be economically feasible to similarly encrypt voice communi- cations; soon after that, full-color digitized video images. Technology will not only have made wiretapping obsolete, it will have totally demolished government's control over in- formation transfer. I'd like to take just a moment to sketch the mathemat- ics which makes this principle possible. This algorithm is called the RSA algorithm, after Rivest, Shamir, and Adleman who jointly created it. Its security derives from the fact that, if a very large number is the product of two very large primes, then it is extremely difficult to obtain the two prime factors from analysis of their product. "Ex- tremely" in the sense that if primes p and q have 100 digits apiece, then their 200-digit product cannot in gen- eral be factored in less than 100 years by the most powerful computer now in existence. The "public" part of the key consists of (1) the prod- uct pq of the two large primes p and q, and (2) one fac- tor, call it x , of the product xy where xy = {(p-1) * (q-1) + 1}. The "private" part of the key consists of the other factor y. Each block of the text to be encrypted is first turned into an integer--either by using ASCII, or even a simple A=01, B=02, C=03, ... , Z=26 representation. This integer is then raised to the power x (modulo pq) and the resulting integer is then sent as the encrypted message. The receiver decrypts by taking this integer to the (secret) power y (modulo pq). It can be shown that this process will always yield the original number started with. What makes this a groundbreaking development, and why it is called "public-key" cryptography," is that I can openly publish the product pq and the number x , while keeping secret the number y --so that anyone can send me an encrypted message, namely x a (mod pq) , but only I can recover the original message a , by taking what they send, raising it to the power y and taking the result (mod pq). The risky step (meeting to exchange cipher keys) has been eliminated. So people who may not even trust each other enough to want to meet, may still reliably ex- change encrypted messages--each party having selected and disseminated his own pq and his x , while maintaining the secrecy of his own y. Another benefit of this scheme is the notion of a "dig- ital signature," to enable one to authenticate the source of a given message. Normally, if I want to send you a message, I raise my plaintext a to your x and take the result (mod your pq) and send that. However, if in my message, I take the plaintext a and raise it to my (secret) power y , take the result (mod my pq), then raise that result to your x (mod your pq) and send this, then even after you have normally "decrypted" the message, it will still look like garbage. However, if you then raise it to my public power x , and take the result (mod my public pq ), so you will not only recover the ori- ginal plaintext message, but you will know that no one but I could have sent it to you (since no one else knows my secret y). And these are the very concerns by the way that are to- day tormenting the Soviet Union about the whole question of personal computers. On the one hand, they recognize that American schoolchildren are right now growing up with com- puters as commonplace as sliderules used to be--more so, in fact, because there are things computers can do which will interest (and instruct) 3- and 4-year-olds. And it is pre- cisely these students who one generation hence will be going head-to-head against their Soviet counterparts. For the Soviets to hold back might be a suicidal as continuing to teach swordsmanship while your adversaries are learning ballistics. On the other hand, whatever else a personal computer may be, it is also an exquisitely efficient copying machine--a floppy disk will hold upwards of 50,000 words of text, and can be copied in a couple of minutes. If this weren't threatening enough, the computer that performs the copy can also encrypt the data in a fashion that is all but unbreakable. Remember that in Soviet society publicly ac- cessible Xerox machines are unknown. (The relatively few copying machines in existence are controlled more inten- sively than machine guns are in the United States.) Now the "conservative" position is that we should not sell these computers to the Soviets, because they could use them in weapons systems. The "liberal" position is that we should sell them, in the interests of mutual trade and cooperation--and anyway, if we don't make the sale, there will certainly be some other nation willing to. For my part, I'm ready to suggest that the Libertarian position should be to give them to the Soviets for free, and if necessary, make them take them . . . and if that doesn't work load up an SR-71 Blackbird and air drop them over Moscow in the middle of the night. Paid for by private sub- scription, of course, not taxation . . . I confess that this is not a position that has gained much support among members of the conventional left-right political spectrum, but, af- ter all, in the words of one of Illuminatus's characters, we are political non-Euclideans: The shortest distance to a particular goal may not look anything like what most people would consider a "straight line." Taking a long enough world-view, it is arguable that breaking the Soviet govern- ment monopoly on information transfer could better lead to the enfeeblement and, indeed, to the ultimate dissolution of the Soviet empire than would the production of another dozen missiles aimed at Moscow. But there's the rub: A "long enough" world view does suggest that the evil, the oppressive, the coercive and the simply stupid will "get what they deserve," but what's not immediately clear is how the rest of us can escape being killed, enslaved, or pauperized in the process. When the liberals and other collectivists began to at- tack freedom, they possessed a reasonably stable, healthy, functioning economy, and almost unlimited time to proceed to hamstring and dismantle it. A policy of political gradualism was at least conceivable. But now, we have patchwork crazy-quilt economy held together by baling wire and spit. The state not only taxes us to "feed the poor" while also inducing farmers to slaughter milk cows and drive up food prices--it then simultaneously turns around and sub- sidizes research into agricultural chemicals designed to in- crease yields of milk from the cows left alive. Or witness the fact that a decline in the price of oil is considered as potentially frightening as a comparable increase a few years ago. When the price went up, we were told, the economy risked collapse for for want of energy. The price increase was called the "moral equivalent of war" and the Feds swung into action. For the first time in American history, the speed at which you drive your car to work in the morning be- came an issue of Federal concern. Now, when the price of oil drops, again we risk problems, this time because Ameri- can oil companies and Third World basket-case nations who sell oil may not be able to ever pay their debts to our grossly over-extended banks. The suggested panacea is that government should now re-raise the oil prices that OPEC has lowered, via a new oil tax. Since the government is seeking to raise oil prices to about the same extent as OPEC did, what can we call this except the "moral equivalent of civil war--the government against its own people?" And, classically, in international trade, can you imag- ine any entity in the world except a government going to court claiming that a vendor was selling it goods too cheaply and demanding not only that that naughty vendor be compelled by the court to raise its prices, but also that it be punished for the act of lowering them in the first place? So while the statists could afford to take a couple of hundred years to trash our economy and our liberties--we certainly cannot count on having an equivalent period of stability in which to reclaim them. I contend that there exists almost a "black hole" effect in the evolution of nation-states just as in the evolution of stars. Once free- dom contracts beyond a certain minimum extent, the state warps the fabric of the political continuum about itself to the degree that subsequent re-emergence of freedom becomes all but impossible. A good illustration of this can be seen in the area of so-called "welfare" payments. When those who sup at the public trough outnumber (and thus outvote) those whose taxes must replenish the trough, then what possible choice has a democracy but to perpetuate and expand the tak- ing from the few for the unearned benefit of the many? Go down to the nearest "welfare" office, find just two people on the dole . . . and recognize that between them they form a voting bloc that can forever outvote you on the question of who owns your life--and the fruits of your life's labor. So essentially those who love liberty need an "edge" of some sort if we're ultimately going to prevail. We obvi- ously can't use the altruists' "other-directedness" of "work, slave, suffer, sacrifice, so that next generation of a billion random strangers can live in a better world." Recognize that, however immoral such an appeal might be, it is nonetheless an extremely powerful one in today's culture. If you can convince people to work energetically for a "cause," caring only enough for their personal welfare so as to remain alive enough and healthy enough to continue working--then you have a truly massive reservoir of energy to draw from. Equally clearly, this is just the sort of ap- peal which tautologically cannot be utilized for egoistic or libertarian goals. If I were to stand up before you tonight and say something like, "Listen, follow me as I enunciate my noble "cause," contribute your money to support the "cause," give up your free time to work for the "cause," strive selflessly to bring it about, and then (after you and your children are dead) maybe your children's children will actu- ally live under egoism"--you'd all think I'd gone mad. And of course you'd be right. Because the point I'm trying to make is that libertarianism and/or egoism will be spread if, when, and as, individual libertarians and/or egoists find it profitable and/or enjoyable to do so. And probably only then. While I certainly do not disparage the concept of poli- tical action, I don't believe that it is the only, nor even necessarily the most cost-effective path toward increasing freedom in our time. Consider that, for a fraction of the investment in time, money and effort I might expend in try- ing to convince the state to abolish wiretapping and all forms of censorship--I can teach every libertarian who's in- terested how to use cryptography to abolish them unilaterally. There is a maxim--a proverb--generally attributed to the Eskimoes, which very likely most Libertarians have al- ready heard. And while you likely would not quarrel with the saying, you might well feel that you've heard it often enough already, and that it has nothing further to teach us, and moreover, that maybe you're even tired of hearing it. I shall therefore repeat it now: If you give a man a fish, the saying runs, you feed him for a day. But if you teach a man how to fish, you feed him for a lifetime. Your exposure to the quote was probably in some sort of a "workfare" vs. "welfare" context; namely, that if you genuinely wish to help someone in need, you should teach him how to earn his sustenance, not simply how to beg for it. And of course this is true, if only because the next time he is hungry, there might not be anybody around willing or even able to give him a fish, whereas with the information on how to fish, he is completely self sufficient. But I submit that this exhausts only the first order content of the quote, and if there were nothing further to glean from it, I would have wasted your time by citing it again. After all, it seems to have almost a crypto-altruist slant, as though to imply that we should structure our ac- tivities so as to maximize the benefits to such hungry beggars as we may encounter. But consider: Suppose this Eskimo doesn't know how to fish, but he does know how to hunt walruses. You, on the other hand, have often gone hungry while traveling thru walrus country because you had no idea how to catch the damn things, and they ate most of the fish you could catch. And now suppose the two of you decide to exchange information, bartering fishing knowledge for hunting knowledge. Well, the first thing to observe is that a transaction of this type categorically and unambiguously refutes the Marxist premise that every trade must have a "winner" and a "loser;" the idea that if one person gains, it must necessarily be at the "expense" of another person who loses. Clearly, under this scenario, such is not the case. Each party has gained some- thing he did not have before, and neither has been dimin- ished in any way. When it comes to exchange of information (rather than material objects) life is no longer a zero-sum game. This is an extremely powerful notion. The "law of diminishing returns," the "first and second laws of thermodynamics"--all those "laws" which constrain our possi- bilities in other contexts--no longer bind us! Now that's anarchy! Or consider another possibility: Suppose this hungry Eskimo never learned to fish because the ruler of his nation-state had decreed fishing illegal. Because fish contain dangerous tiny bones, and sometimes sharp spines, he tells us, the state has decreed that their consumption--and even their possession--are too hazardous to the people's health to be permitted . . . even by knowledgeable, willing adults. Perhaps it is because citizens' bodies are thought to be government property, and therefore it is the function of the state to punish those who improperly care for govern- ment property. Or perhaps it is because the state gener- ously extends to competent adults the "benefits" it provides to children and to the mentally ill: namely, a full-time, all-pervasive supervisory conservatorship--so that they need not trouble themselves with making choices about behavior thought physically risky or morally "naughty." But, in any case, you stare stupefied, while your Eskimo informant re- lates how this law is taken so seriously that a friend of his was recently imprisoned for years for the crime of "pos- session of nine ounces of trout with intent to distribute." Now you may conclude that a society so grotesquely oppressive as to enforce a law of this type is simply an affront to the dignity of all human beings. You may go far- ther and decide to commit some portion of your discretion- ary, recreational time specifically to the task of thwarting this tyrant's goal. (Your rationale may be "altruistic" in the sense of wanting to liberate the oppressed, or "egoistic" in the sense of proving you can outsmart the oppressor--or very likely some combination of these or per- haps even other motives.) But, since you have zero desire to become a martyr to your "cause," you're not about to mount a military campaign, or even try to run a boatload of fish through the blockade. However, it is here that technology--and in particular in- formation technology--can multiply your efficacy literally a hundredfold. I say "literally," because for a fraction of the effort (and virtually none of the risk) attendant to smuggling in a hundred fish, you can quite readily produce a hundred Xerox copies of fishing instructions. (If the tar- geted government, like present-day America, at least permits open discussion of topics whose implementation is re- stricted, then that should suffice. But, if the government attempts to suppress the flow of information as well, then you will have to take a little more effort and perhaps write your fishing manual on a floppy disk encrypted according to your mythical Eskimo's public-key parameters. But as far as increasing real-world access to fish you have made genuine nonzero headway--which may continue to snowball as others re-disseminate the information you have provided. And you have not had to waste any of your time trying to convert id- eological adversaries, or even trying to win over the unde- cided. Recall Harry Browne's dictum from "Freedom in an Unfree World" that the success of any endeavor is in general inversely proportional to the number of people whose persua- sion is necessary to its fulfilment. If you look at history, you cannot deny that it has been dramatically shaped by men with names like Washington, Lincoln, . . . Nixon . . . Marcos . . . Duvalier . . . Khadaffi . . . and their ilk. But it has also been shaped by people with names like Edison, Curie, Marconi, Tesla and Wozniak. And this latter shaping has been at least as per- vasive, and not nearly so bloody. And that's where I'm trying to take The LiberTech Project. Rather than beseeching the state to please not en- slave, plunder or constrain us, I propose a libertarian net- work spreading the technologies by which we may seize freedom for ourselves. But here we must be a bit careful. While it is not (at present) illegal to encrypt information when government wants to spy on you, there is no guarantee of what the fu- ture may hold. There have been bills introduced, for exam- ple, which would have made it a crime to wear body armor when government wants to shoot you. That is, if you were to commit certain crimes while wearing a Kevlar vest, then that fact would constitute a separate federal crime of its own. This law to my knowledge has not passed . . . yet . . . but it does indicate how government thinks. Other technological applications, however, do indeed pose legal risks. We recognize, for example, that anyone who helped a pre-Civil War slave escape on the "underground railroad" was making a clearly illegal use of technology--as the sovereign government of the United States of America at that time found the buying and selling of human beings quite as acceptable as the buying and selling of cattle. Simi- larly, during Prohibition, anyone who used his bathtub to ferment yeast and sugar into the illegal psychoactive drug, alcohol--the controlled substance, wine--was using technol- ogy in a way that could get him shot dead by federal agents for his "crime"--unfortunately not to be restored to life when Congress reversed itself and re-permitted use of this drug. So . . . to quote a former President, un-indicted co- conspirator and pardoned felon . . . "Let me make one thing perfectly clear:" The LiberTech Project does not advocate, participate in, or conspire in the violation of any law--no matter how oppressive, unconstitutional or simply stupid such law may be. It does engage in description (for educa- tional and informational purposes only) of technological processes, and some of these processes (like flying a plane or manufacturing a firearm) may well require appropriate li- censing to perform legally. Fortunately, no license is needed for the distribution or receipt of information it- self. So, the next time you look at the political scene and despair, thinking, "Well, if 51% of the nation and 51% of this State, and 51% of this city have to turn Libertarian before I'll be free, then somebody might as well cut my goddamn throat now, and put me out of my misery"--recognize that such is not the case. There exist ways to make your- self free. If you wish to explore such techniques via the Project, you are welcome to give me your name and address--or a fake name and mail drop, for that matter--and you'll go on the mailing list for my erratically-published newsletter. Any friends or acquaintances whom you think would be interested are welcome as well. I'm not even asking for stamped self- addressed envelopes, since my printer can handle mailing la- bels and actual postage costs are down in the noise compared with the other efforts in getting an issue out. If you should have an idea to share, or even a useful product to plug, I'll be glad to have you write it up for publication. Even if you want to be the proverbial "free rider" and just benefit from what others contribute--you're still welcome: Everything will be public domain; feel free to copy it or give it away (or sell it, for that matter, 'cause if you can get money for it while I'm taking full-page ads trying to give it away, you're certainly entitled to your capitalist profit . . .) Anyway, every application of these principles should make the world just a little freer, and I'm certainly willing to underwrite that, at least for the forseeable fu- ture. I will leave you with one final thought: If you don't learn how to beat your plowshares into swords before they outlaw swords, then you sure as HELL ought to learn before they outlaw plowshares too. --Chuck Hammill THE LIBERTECH PROJECT 3194 Queensbury Drive Los Angeles, California 90064 310-836-4157 hammill at netcom.com [The above LiberTech address was updated December 1992, with the permission of Chuck Hammill, by Russell Whitaker] Those interested in the issues raised in this piece should participate in at least these newsgroups: alt.privacy alt.security.pgp comp.org.eff.talk sci.crypt A copy of the RSA-based public key encryption program, PGP 2.1 (Pretty Good Privacy), can be obtained at various ftp sites around the world. One such site is gate.demon.co.uk, where an MS-DOS version can be had by anonymous ftp as pgp22.zip in /pub/pgp. Versions for other operating systems, including UNIX variants and Macintosh, are also available. Source code is also available. Here's the blurb for PGP, by the way: - ---------------------- Quote ---------------------------------------- PGP (Pretty Good Privacy) ver 2.2 - RSA public-key encryption freeware for MSDOS, protects E-mail. Lets you communicate securely with people you've never met, with no secure channels needed for prior exchange of keys. Well featured and fast! Excellent user documentation. PGP has sophisticated key management, an RSA/conventional hybrid encryption scheme, message digests for digital signatures, data compression before encryption, and good ergonomic design. Source code is free. Filenames: pgp22.zip (executable and manuals), pgp22src.zip (sources) Keywords: PGP, Pretty Good Privacy, RSA, public key, encryption, privacy, authentication, signatures, email - ---------------------- End Quote ------------------------------------- Russell Earl Whitaker whitaker at eternity.demon.co.uk Communications Editor AMiX: RWhitaker EXTROPY: The Journal of Transhumanist Thought Board member, Extropy Institute (ExI) -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK922PYTj7/vxxWtPAQEbkgQAsgOxCtZjdZMZuRfm05nwm2ObsoLH/cFh aHRnb6dmp1o+4+yxaR+BO4fpRAtNMMOhn6WUSOoUJz1qqqkghfolYRu/TeCdr9du irrb7tCwndKsQC+wcTI/Q4+cmq3HrRRTnaIWYjmfaqXPEYRODVFDXc409umVGRJb 5IgXfNgaz78= =T1vu -----END PGP SIGNATURE----- -----END PGP SIGNATURE----- From geoffw at nexsys.net Wed Apr 28 05:17:24 1993 From: geoffw at nexsys.net (Geoff White) Date: Wed, 28 Apr 93 05:17:24 PDT Subject: Raving on... Message-ID: <9304281204.AA05215@nexsys.nexsys.net> > Brian says: > > >Hmm... the problem is I don't think a majority of the people at raves are > >focused enough to concentrate on something as technical as that (I KNOW it > >isn't technical to you and me, but the average raver doesn't even > >know what the word encryption means). HOWEVER, raves ARE the ideal place > >to hand out info about what's going on, something the raver can cling onto > >to read and understand when he's not high on {vibes,music,drug,etc.}. Give > >pointers to where to get more info or where to obtain PGP, and perhaps > >most importantly, WHY THEY NEED IT. Within a certain amount of time, but > >most likely sooner than any of us anticipate, there will be more people with > >email access than without, so "taking the message to the streets" is becoming > >less and less of a fanciful idea.... Speaking as someone who has been a pretty hardcore raver for almost 2 years now my view on this is as follows: 1) Most ravers don't want to be preached to, they do want to be informed though, the best approach is an "access to tools" approach of invite and education. I think that as of right now, not many ravers even have e-mail, although there is a very organized group that does and is strongly networked already. Some of them know about PGP. We have already discussed whether our e-mail lists should be encryped and the idea was rejected by the group at large. Some of us do send encrypted messages back and forth sort of as a novelty, sort of for practice. I think the best thing to do for this organized group is to educate them and at least get them to generate keys for themselves IF THEY WANT TO. Education is important they have to realize that the key is like a bank card password , you don't tell everbody what it is. Many people are in altered states at raves, this is NOT the set or setting to have them generating keys with pass phrases that they have to remember. 2) I am on a drive to "wire-up" the rave community, in the next issue of CyberTribe-5, I have an article on PGP and why ravers should get hooked up to e-mail. The e-mail advantage is clear for many ravers... the ones who are wired always seem to know where the best parties are. Why we need encryption is not as clear. The scene is about openess, we are well aware that LE folks are most likely on our lists, we don't post the truely underground events anymore to public list. We set up phone trees and private e-mail trees for events like the Full Moon Rave. This has been sufficient to keep the authorities from having preknowledge of our events. I personally hope that most organizers learn about e-mail and at least generate keys in case there comes a time that the Scene really needs secure communication between people (I think this time is not too far off). 3) I have seen some activity by the libertarian party around the rave scene in SF. I've thought this to be curious but as I think about it, it makes sense, many ravers would most likely embrace large portions (but not all) of the libertarian ideals. Most ravers are not overtly political in the classic sense of the word. Although there is sort of a "Politics of Ecstasy" :) so to speak, we find that a lot of the problems that the left is still struggling with like, equality for women and people of color (within their own ranks!) are non-issues for us. We don't need affirmative action policies because as a social group, we are intensely homogenous, when you party with people across race,gender,sexual orientation, lines, it become easy to work with them, you naturally build a network of trust that is multi-cultural. As far as capitalism is concerned many young people in the Scene have developed their own companies from the selling of T-Shirts to "other things" that people buy at raves. They have no great love for "taxation" or interfearence by the "State" The scene is forging its own economic web and they are finding that economic co-operation is more productive then traditional competition, e-mail and encryption can help here. Raving IS a social political statement, sort of like the people in (pre) nazi germany who danced to swing,jazz,blues music which the nazis said was a "degenerate" type of music from the negro. You can go to a rave, dance to socialy unacceptable music, confront Authority with a statement but not land in prison (at least not in this country). Ultimately raving is not just another disco, it IS NOT a pick-up scene as most people going for that reason have discovered, it is not even a drug scene although there is drug use at raves (there are also some folks who have sex). The Scene IS about a persons right to CONSCIOUSNESS, knowledge and the right to think what ever thoughts s/he might want to think using whatever tools are at their disposal. The main goal of the raves that I go to are to reach that ecstatic state that some refer to as "The Vibe". This usually happens in the wee hours of the morning after 2 am when all the alcohol drinkers go home. This state is accessable via drugs but you need the beat as well, advanced ravers don't need the drugs any more to go into trance, this type of trance dancing is little understood in the west but is common throughout africa, india and parts of the middle east. 4) OK so the bottom line is I think that a SIMPLE flier informing these young people what is at stake as far as their present and future freedom of thought/speech/privacy sould be handed out. Low on rethoric, high on information. Have a lap-top available for the advanced ones who know/comprehend what PGP is and want to be able to use it. Don't blindly give out floopies, most will never be used. This message has been long but I wanted to INFORM the group who might have had preconceived ideas about the scene. I am willing to answer any questions that anybody might have, off-line. ------------------------------------------------------------------------------- NEXUS SYSTEMS/CYBERTRIBE-5 : Voice:(415)965-2384 Fax: (415)327-6416 Editor/Instigator/Catalyst : Geoff White Production Crew : Universal Movement Trinity "They might stop the party, but they can't stop the future" --PGP Public key available upon request-- AT&T:Phones with Big Brother Inside, Just say "NO" to the Clipper wiretap chip! ------------------------------------------------------------------------------- From cp at jido.b30.ingr.com Wed Apr 28 08:08:02 1993 From: cp at jido.b30.ingr.com (Serrzna Penvt Cerffba) Date: Wed, 28 Apr 93 08:08:02 PDT Subject: Is Rush Limbaugh giving Clinton sh*t about wiretap chip? In-Reply-To: <9304231457.AA22562@gmuvax2.gmu.edu> Message-ID: <199304281506.AA06491@jido.b30.ingr.com> In <9304231457.AA22562 at gmuvax2.gmu.edu>, 7025aj at gmuvax2.gmu.edu writes: |> |> I'm under the impression that Rush Limbaugh's address is: |> 70277.2502 at compuserve.com |> Would a few articulate defenders of (privacy and) AMERICAN COMPETITIVENESS |> send him some convincing words, please? |> |> G. Gordon Liddy would be another good target, but I don't know his address. G. Gordon Liddy, "Radio Free DC" can be reached at: Vox: 1-800-GGLIDDY Fax: 1-800-937GFAX I'm going to go wash my hands now. With lots of soap. My guess would be that Liddy and Limbaugh would both be very happy about the Tapper chip proposal, and would recognize us as natural enemies. Try 'em if you want, but be wary. ^ / ------/---- cp at jido.b30.ingr.com (Freeman Craig Presson) / / From edgar at spectrx.Saigon.COM Wed Apr 28 08:34:02 1993 From: edgar at spectrx.Saigon.COM (Edgar W. Swank) Date: Wed, 28 Apr 93 08:34:02 PDT Subject: PGP: USA-Legal PGP Project Message-ID: Derek Zahn recently posted: Subject: "Cypherpunks Write Code" Hmm, I write code -- but so far no cyphercode. Since I'd like to be part of the cypherdelic revolution, what code needs writing? I agree that the PC/modem scrambled telephone is a good idea, but others are already bashing that out; there must be other neat projects that want doing. Any thoughts? Thank you, Derek!! Yes, I have such an idea and I'm beginning work on it myself. Your and other Cypherpunks participation is certainly welcome and probably essential. At the Cypherpunks meeting on Saturday (4/24), which was called to discuss plans to counter the "Clipper chip" announcement, we agreed that one prong of our attack should be to get strong crypto as widely distributed as possible. Unfortunately, wide distribution in the USA of PGP, the most popular product, is inhibited because it violate's RSA's patents. PGP has already been chased off some USA FTP Sites. But this problem has a solution! I confirmed with Jim Bidzos, President of RSA, who was present at the meeting, that a USA Legal version of PGP could be constructed by just replacing certain sections of code with free code from RSAREF. Since source for both PGP and RSAREF are available, this sounds like an easy job. Since no-one's actually done it yet, perhaps it's not, but I will try. I hope I haven't bitten off more than I can chew. At best, I can compile and test only the MSDOS version of PGP. I will certainly need help if USA-Legal MAC, AMIGA, UNIX, etc. versions are to be available. Note that since RSAREF cannot be exported, the USA Legal version(s) of PGP will not replace the current version(s) for use outside the USA. But the two versions -will- be able to exchange keys and messages and so the combination of the two will offer the -only- legal method of strong crypto for communication crossing USA borders. This is a job for USA programmers. We can't expect the foreign programmers currently maintaining/improving PGP to do the job for us. First, they have no incentive to do so; the current version of PGP is perfectly legal to use outside the USA. Second, they can't (legally) obtain a copy of RSAREF to work with. I plan to delimit all changes for USA legality with conditional compile statements (#ifdef USALEGAL), so I'm hopeful that Branko, Jean-Loup, et.al. will consent to merge those changes back into the master source, to reduce the pain of generating USA Legal versions of future releases of PGP. I invite you, Derek, and anyone interested in participating, and -especially- anyone who has -already- started a similar project to contact me immediately via e-mail edgar at spectrx.saigon.com (Edgar W. Swank) or by phone at (408)227-3471. Here is an (illegal) PGP key if you want to communicate encrypted: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.2 mQCNAirfypkAAAEEAKe2jziPeFw6hY19clR2GtQ4gtGCSSVOTgPKEJzHfuC74Scf 9PEuu1kebLhHk43A9wo1vr52o4jpH/P/tnFmRtBQOMzLUzAt5rMucswtSVviMQS2 hBuc9yGJKWHVcyfA79EARKEYTdhx+2qKI+hFJcPE+rmD8wVoF94nNf3ah8DHAAUR tClFZGdhciBXLiBTd2FuayA8ZWRnYXJAc3BlY3RyeC5zYWlnb24uY29tPokAlAIF ECvWOdMYM6FlCLcHxQEBz6wD8wW3+pUMs8G1MHcWssyw6Idx8oJ7py6KIvss84hF UHIToErd7C3tiNdPAy8U4KftupSWEwGQfhoPBxsgfjc+tutw9F5VVF0Ivf+wkkcn fG4WBXrhT8Bcxz1mZciwwCLLmhHwbJqdgwS4H374VAqoolmJj/aGvqzgPuSB0vsT fLSJAFUCBRAruXWDs7y/yYd6pmEBAWAyAgCOSnWk4j69mNTrUQk4usTBuoZ0TWpb yvQuXf28ayp1GKrH0qSmsl/k7PabJqumunaDq19wALYHGbkwmFH0JHdtiQCVAgUQ K5cyE6HBOF9KrwDlAQGoXQP+K0aEladxviotML5HAL6Z8Le70hGKR10pMqAvC3QK rPW37eTQ0zspIMOR9ahRtQ6KpOqEdMsWNJPdXlaAVXJS1g2/eLDTtyYxySjv0HTg 4pOQ6ZlxJ0IQXy5bo7mJArSY6Ab9fkHSJp57/WjYnRriwJ3jb2flDTanxNyEUocz cNyJAJUCBRArY+YsNlaXxjLdmNkBAQxGA/9ojDJpeuXhWjVqzT+2m2IfEFt/jJ48 peQjaQIxpMXo5iJuJ2SqlBzeQ7hs6SQ57LUcG8+nWlyteV3KDNZvILobulMyMB7P foWyhOop0ws+AtJhOeT0prxf3o43sZxs7IhabhZ4zf7Ea0h3Oe35TiFFgQmQ/B4s 892mAcZr8CfOt4kAlQIFECsRFxzidd4O/2f3CwEBsmID/2qXL/VdjGxxYFNIZdA+ DC6howUXlHw66MUArILE2/9J69VvcpbQTKmD4A+04SwH9q8SDzWxsg+1VANuy08E E0up9pm7ZBzrxkFcOydhsEwOt9fRn9EJ3tDNYe1SVoxV9Fc47of55Om7cTNrky0h dp1LA13uf/TeV3nrBYa21zaz =kLEt -----END PGP PUBLIC KEY BLOCK----- -- edgar at spectrx.saigon.com (Edgar W. Swank) SPECTROX SYSTEMS +1.408.252.1005 Silicon Valley, Ca From fergp at sytex.com Wed Apr 28 08:41:13 1993 From: fergp at sytex.com (Paul Ferguson) Date: Wed, 28 Apr 93 08:41:13 PDT Subject: Wiretap Chip and Key Escrow Abuses Message-ID: I've been following the discussions on several newsgroups and mailing lists (RISKS, PRIVACY and Cypherpunks) concerning the Wiretap Chip (Clipper/Capstone) and the proposed key escrow system. Here's my $.02, as well. In RISK 14.55, Jim Bidzos wrote - JB> Since Clipper, as currently defined, cannot be implemented in JB> software, what options are available to those who can benefit JB> from cryptography in software? Was a study of the impact on JB> these vendors or of the potential cost to the software industry JB> conducted? (Much of the use of cryptography by software JB> companies, particularly those in the entertainment industry, is JB> for the protection of their intellectual property. Using hardware JB> is not economically feasible for most of them.) Jim raises a valid concern. Although a hardware based system is ideal for voice encryption, the idea of registered key systems, where government and/or LE agencies have involvement, is not a popular one. The key escrow scheme in this proposal reeks of Big Brother. (As in, "Trust me. I'm from the government and I'm your friend.") In some circles, it is not even a consideration. Software encryption systems employed to protect intellectual and commercial data and electronic mail are much more flexible and desirable, especially when they are not governmentally proposed, imposed, designed and sanctioned by spook organizations such as the NSA. The real sore spot with the Clipper proposal is that private industry and citizenry were blind-sided by this entire process. The possibility that Uncle Sam will try to make this a de-facto standard and subsequently place restrictions on other forms of crypto (eg. software based) is real. Also in RISKS 14.55, Bill Campbell wrotes - BC> There are dozens, perhaps hundreds, of commercial, criminal and BC> governmental entities with access to government resources who BC> would not hesitate for a moment to violate my rights if they BC> found it expedient to do so. These individuals and organizations BC> have demonstrated beyond question that they are not constrained BC> by legal or ethical considerations, and as has been suggested BC> in a number of other postings, the technology employed by Clipper BC> (including the dual escrow sham) will probably not even pose so BC> much as an inconvenience to a determined adversary. To suggest BC> otherwise is, at best, profoundly naive. I have a tendency to agree with Bill. In fact, California is currently embroiled in a scandal involving the release of confidential data (DMV addresses), by employees of the Anaheim Police Department, to third party interests. This is clearly in violation of their employer's policies, their own terms of employment, state criminal law, and civil law. What's to stop the same blatant, unethical breech of confidentiality with regards to the Clipper key escrow implementation? Nothing, that's what. In the future, information will be the most powerful possession and in the spirit of SNEAKERS, s/he who has control of and access to the information is the most powerful. Power corrupts, but absolute power corrupts absolutely. I think that Clipper offers maximum abuse in this scenario. Also in RISK 14.55, Robert Firth wrote - RF> You see, friends, if the Clipper becomes the normal, standard, or RF> accepted means of encryption, then *the use of any other encryption RF> scheme can of itself be considered "probable cause" for search and RF> seizure*. And thereby could be lost in the courts what was won at RF> such great cost. This is perhaps my greatest concern in all of the Clipper/Capstone hoopla. Personally, I don't have much faith in the law enforcment agencies to act responsibly. The Secret Service and FBI have, in the past, clearly demonstrated that do not grasp the scope of the problems technically challenging modern society. The Steve Jackson Games case is one instance that immediately springs to mind. Some parts of the country are demographically more at risk than others. For example, the criteria which may be deemed as "probable cause" for search and seizure in Jackson, Mississippi could very well be reason for the ACLU to file a suit against the LEA in New York City. Also in RISKS 14.55, A. PADGETT PETERSON writes - PP> Like I said, both the government and corporate America *need* PP> Clipper, the designers are some of the best in the world, and PP> the administration has more to lose than we do. Given that, PP> Clipper will work as advertised. The only way that I can imagine the government actually *needing* Clipper is where Clipper is forced upon the country as the de-facto standard and other forms of cryptography are restricted. Uncle Sam tends to forget that what is desirable for the government, is not always acceptable to the public at large. Cynically, Paul Ferguson | Uncle Sam wants to read Network Integrator | your e-mail... Centreville, Virginia USA | Just say "NO" to the Clipper fergp at sytex.com | Chip... -------------------------------+------------------------------ I love my country, but I fear it's government. From mnemonic at eff.org Wed Apr 28 09:58:52 1993 From: mnemonic at eff.org (Mike Godwin) Date: Wed, 28 Apr 93 09:58:52 PDT Subject: Wiretap Chip and Key Escrow Abuses In-Reply-To: Message-ID: <199304281658.AA10784@eff.org> Paul Ferguson writes: > The real sore spot with the Clipper proposal is that private > industry and citizenry were blind-sided by this entire process. I disagree. That's *a* sore spot, but not *the* sore spot. Even if industry and citizen groups had been consulted, I'd find the Clipper proposal, and the strategy it represents, to be unacceptable. --Mike From 72114.1712 at CompuServe.COM Wed Apr 28 10:02:19 1993 From: 72114.1712 at CompuServe.COM (Sandy) Date: Wed, 28 Apr 93 10:02:19 PDT Subject: CLIPPER SOUND BITES Message-ID: <930428164931_72114.1712_FHF34-1@CompuServe.COM> _________________________________________________________________ FROM THE VIRTUAL DESK OF SANDY SANDFORT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ No matter what you think of our current and former presidents, associating the Clipper chip with them might work in our favor. Asking the following question might cause their supporters to have second thoughts: "Why haven't Clinton and Gore had a "town meeting" about the Reagan-Bush Wiretap Chip? Didn't they run on a platform of change? This sounds like business-as-usual to me." Presumably, Reagan-Bush supporters will smell a rat--Clinton--and oppose Clipper to thwart the new administration. Clinton fans will oppose Clipper because it is a leftover symbol of the hated Reagan-Bush era. S a n d y _________________________________________________________________ PLEASE RESPOND TO: ssandfort at attmail.com (except from CompuServe) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From hughes at soda.berkeley.edu Wed Apr 28 10:09:14 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Wed, 28 Apr 93 10:09:14 PDT Subject: MYK-78 In-Reply-To: <199304280536.AA09155@well.sf.ca.us> Message-ID: <9304281705.AA23767@soda.berkeley.edu> Arthur sez: >I've been stalking Mykotronx with phone and smail And I've been peering over his shoulder for much of that time. I'd like to comment on some of the unapproved ways to use this chip. The way that the chip enforces the wiretap protocol is by not working as a pair unless the LEEF's are transferred from one chip to another. Since these LEEF's are presumed to go out in the clear, tapping is reasonably assured. >LEEF = Law Enforcement Exploitation Field. I really am astounded at the names these people use. It does give rise to a great new slogan, though: "Stop Government Exploitation Fields!" Now suppose that there was a law requiring use of this chip. One could still create an untappable system just by not sending the LEEF's in the clear. So, for example, you do a D-H key exchange with a 600 bit modulus. Then the originating chip transmits the CV, LEEF's, etc. (as I count 282 bits), XORing with the D-H key, i.e. using a one-time pad. Now the LEEF's have been transferred, but not revealed to any eavesdropper. With a 600 bit modulus in the key exchange you could transmit one set of keying material each way. There's a great hack here to be had. These AT&T secure phones with the wiretap chip inside have internal modems and run some coordination protocol to synchronize. Almost certainly such an initial protocol must have retry paths in its state machine; otherwise the reliability would suffer. So we could make a compatible phone that initially tried to determine if another such phone was on the other end; if so, proceed with the blinded LEEF transmission. If not, drop back and try the wiretap protocol. In fact, those of you who have seen Shimomura's and Lottor's work with hacked cellular phones know that it might be possible to put this hacked protocol right in the AT&T phone itself! If the phone has a ROM of some type which contains the microcontroller code, it could be reverse engineered and reprogrammed. If I were mandated to use the chip in a commercial product, I'd put three buttons on the phone: CLEAR (icon=open doors) SECURE (icon=closed doors) TELL THE GOVERNMENT (icon=benevolent face) Pressing the third button would use the AT&T protocol, pressing the second would encrypt the LEEF's. "AT&T: Helping the government to reach in and touch you." There might be another technique. There is a Write CV command that is accepted in normal operation. (Some CV must be put in during initialization after reset to reach the idle state, i.e. the normal operating state.) This command requires the check word, but that's easily generated in the normal manner. It is possible that changing the CV requires generating another set of LEEF's; that's not clear to me, but Arthur thinks you can. If, however, one can just change the CV at will, one could send the LEEF's in the clear and then immediately change the CV (session key). Now the LEEF has been sent but the conversation makes no sense. My money is that this is interlocked with IV generation, though. Eric From mnemonic at eff.org Wed Apr 28 10:13:47 1993 From: mnemonic at eff.org (Mike Godwin) Date: Wed, 28 Apr 93 10:13:47 PDT Subject: Navajo Hypothetical Message-ID: <199304281713.AA11070@eff.org> I recently heard an even better hypothetical that illustrates the issues raised by encryption: Suppose the only two navajo speakers left in the world were talking on the phone to plot the overthrow of the United States. If the FBI could not obtain a translator, would that mean the plotters could be compelled to hold their phone conversations in English? --Mike From gnu Wed Apr 28 10:34:18 1993 From: gnu (John Gilmore) Date: Wed, 28 Apr 93 10:34:18 PDT Subject: Markey Hearing Thursday 930AM Message-ID: <9304281734.AA29120@toad.com> ------- Forwarded Message Date: Wed, 28 Apr 1993 13:04:20 -0400 From: jberman at eff.org (Jerry Berman) Subject: Markey Hearing DATE AND TIME: Thursday, April 29, 1993 at 9:30am ROOM: 2123 Rayburn House Office Building SUBJECT: Oversight hearing on issues relating to the integrity of telecommunications networks and transmissions including consumer privacy, encryption, computer hacking, toll fraud and data security. WITNESS LIST Technical Presentation Mr. John B. Gage Director, Science Office Sun Microsystems, Inc. 2550 Garcia Avenue, MS PAL01-505 Mountain View, CA 94043-1100 [I think Tsutomu Shimomura and Ron Rivest will also appear as part of this presentation. --gnu] Panel Mr. Raymond Kammer Acting Director National Institute of Standards and Technology Building 101, Room A1111 Gaithersburg, MD 20899 Mr. John P. Lucich State Investigator Organized Crime and Racketeering Bureau New Jersey Division of Criminal Justice 25 Market Street Trenton, NJ 08625 Mr. Bruce Sterling 4525 Speedway Austin, TX 78751 Author: The Hacker Crackdown: Law and Disorder on the Electronic Frontier Mr. Joel Reidenberg Associate Professor of Law Fordham University School of Law 140 West 62nd Street New York, NY 10023-7485 ------- End of Forwarded Message From tcmay at netcom.com Wed Apr 28 10:49:17 1993 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 28 Apr 93 10:49:17 PDT Subject: (fwd) Capstone & Preliminary Message Security Protocol Message-ID: <9304281749.AA28920@netcom3.netcom.com> Cypherfolks, Some info on Capstone and another program called "Tessera." -Tim From: mrr at scss3.cl.msu.edu (Mark Riordan) Newsgroups: sci.crypt Subject: Capstone & Preliminary Message Security Protocol Date: 28 Apr 1993 01:35:50 GMT Organization: Michigan State University Summary: Defense Message System to use Capstone chip Keywords: Clipper, Capstone, PMSP, Mykotronx, NSA An article in the 26 April 93 issue of Network World mentions encryption technology to be used in a proposed Department of Defence email network: Next year, the DOD will issue an RFP for a one million-user Defense Message System (DMS). DMS will not be completely compatible with X.400 messaging. Therefore, to make it easier for vendors to bid on what will be a non-standard email system, the DOS plan to release prototype source code for its version of X.400. The article contains the interesting sentence: "Along with source code, it will release the nonclassified encryption algorithm application called Preliminary Message Security Protocol (PMSP)." DMS places security features in the Mail User Agent, rather than the Message Transfer Agent, as is done with stock X.400. Furthermore, PMSP will use the NSA's Capstone public key algorithm, rather than RSA, which is used in X.400. Therefore, gateways will be required to translate between encryption systems when DMS is exchanging messages with other networks. As its data encryption algorithm, Capstone uses the same unpublished private-key algorithm as the Clipper chip. [In a Usenet posting, Dorothy Denning says that Capstone uses the Skipjack algorithm, the Digital Signature Standard (DSS), and the Secure Hash Algorithm (SHA).] Capstone chips will be provided by Mykotronx, Inc., the Torrance, Calif firm that also designed Clipper. Military DMS users will be issued PCMCIA-compliant cryptocards containing the Capstone chip. (PCMCIA is an add-on interface card standard oriented toward subnotebook PC compatibles.) This interface card is dubbed "Tessera". Mykotronx claims to have already shipped 10,000 Capstone and 20,000 Clipper chipsets. Does anyone know anything else about PMSP? Mark R. mrr at ripem.msu.edu -- From fnerd at smds.com Wed Apr 28 11:29:14 1993 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Wed, 28 Apr 93 11:29:14 PDT Subject: Liddy; There's a Chip in the Middle of the Phone Message-ID: <9304281818.AA09111@smds.com> > In <9304231457.AA22562 at gmuvax2.gmu.edu>, 7025aj at gmuvax2.gmu.edu writes: > |> > |> send him [Limbaug] some convincing words, please? > |> > |> G. Gordon Liddy would be another good target, but I don't know his address. cp at jido.b30.ingr.com (Serrzna Penvt Cerffba) [!Is that real rot13!?] replies: > My guess would be that Liddy and Limbaugh would both be very > happy about the Tapper chip proposal... Isn't Liddy the guy who wanted to be able to get at someone's private information later, and so he... he... wait, I hear a melody... There's some Dems at the Watergate Hotel, There's some Dems at the Watergate Hotel, There's some Dems, There's some Dems, There's some Dems at the Watergate Hotel. There's a suite for the the Dems at the Watergate Hotel, ... There's a door on the suite of the Dems at the Watergate Hotel, ... There's a lock on the door on the suite of the Dems at the Watergate Hotel, ... There's a tape on the lock on the door of the suite of the Dems at the Watergate Hotel, ... There's a finger on the tape on the lock on the door of the suite of the Dems at the Watergate Hotel, ... There's a chip in the middle of the phone, There's a chip in the middle of the phone, There's a chip, There's a chip, There's a chip in the middle of the phone. There's a lock on the chip in the middle of the phone, ... There's a key in the lock on the chip in the middle of the phone, ... There's a crack in the key in the lock on the chip in the middle of the phone, ... There's a tap on the crack in the key in the lock on the chip in the middle of the phone, ... There's a speaker on the tap on the crack in the key in the lock on the chip in the middle of the phone, ... There's an ear at the speaker on the tap on the crack in the key in the lock on the chip in the middle of the phone, ... -fnerd keep your oxides dry --fnerd at smds.com (FutureNerd Steve Witham) quote me From cel at citi.umich.edu Wed Apr 28 11:52:05 1993 From: cel at citi.umich.edu (Chuck Lever) Date: Wed, 28 Apr 93 11:52:05 PDT Subject: PGP: pgp -ke Message-ID: <9304281852.AA00450@toad.com> so, like, what's to stop me from writing a program (based on pgp source code) which can delete user IDs from my own keys after other folks have signed them? in fact, how *can* i change the user ID on a key after it has been signed? the pgp docs are unclear on how this works. can someone help me to understand what it means exactly when a key is signed? what parts of the key are certified by the signature? From crunch at netcom.com Wed Apr 28 12:04:34 1993 From: crunch at netcom.com (John Draper) Date: Wed, 28 Apr 93 12:04:34 PDT Subject: CSPAN NOT covering the hearings tommorrow Message-ID: <9304281904.AA12916@netcom4.netcom.com> Called CSPAN, and they are NOT covering the hearings tommorrow. Hah! our tax dollars at work!! So, for those very luckey people going to attend, we plead with you to please write up a comprehensive report and send it to the group (or at least to me!!). JD From eric at synopsys.com Wed Apr 28 13:02:44 1993 From: eric at synopsys.com (eric at synopsys.com) Date: Wed, 28 Apr 93 13:02:44 PDT Subject: ANON: Cryptographic MIX In-Reply-To: <9304280305.AA19293@netcomsv.netcom.com> Message-ID: <199304282002.AA09358@gaea.synopsys.com> >> Hi All, >> At the first cypherpunks meeting I cam to, >> A speaker was giving a presentation on cryptographic MIX protocols. >> My memory fails me as to who that was... so thats the question and what is >> the progress on an implementation??? >> cheers >> kelly Sounds like you were referring to me. I've been doing some perl programming and have scripts to create an address block, encode a message for transmittal with an address block, and to process one hop of a message. These scripts don't actually do any encryption, but rather simulate it for testing purposes. They're not ready for use mailing actual messages, and I still have to finish the script for decoding the message when it's finally recieved. So, there's a bunch of work to go, but it looks good so far. I'll be sure to let everyone know when they're in a condition to be played with by all. -eric messick (eric at synopsys.com) From markh at wimsey.bc.ca Wed Apr 28 13:06:40 1993 From: markh at wimsey.bc.ca (Mark C. Henderson) Date: Wed, 28 Apr 93 13:06:40 PDT Subject: PGP: USA-Legal PGP Project Message-ID: > Unfortunately, wide distribution in the USA of PGP, the most popular > product, is inhibited because it violate's RSA's patents. PGP has > already been chased off some USA FTP Sites. But this problem has a > solution! I confirmed with Jim Bidzos, President of RSA, who was > present at the meeting, that a USA Legal version of PGP could be > constructed by just replacing certain sections of code with free code > from RSAREF. Since source for both PGP and RSAREF are available, this > sounds like an easy job. Since no-one's actually done it yet, perhaps > it's not, but I will try. I hope I haven't bitten off more than I can > chew. At best, I can compile and test only the MSDOS version of PGP. I > will certainly need help if USA-Legal MAC, AMIGA, UNIX, etc. versions > are to be available. You should be able to do it. But, you will first have to get permission from RSADSI to access RSAREF in ways other than by the published interface. I trust they'll grant it, given what you say above. Also, be sure to get the RSAREF version included with RIPEM (wait for version 1.07 if you can). It has several significant performance enhancements (generic and some platform specific asm versions of time critical code). You won't be able to export this 'legal' version of PGP. Tracking and updating to new PGP releases will be a pain as much of the development is done outside of North America. Mark -- Mark Henderson markh at wimsey.bc.ca RIPEM key available by key server/finger/E-mail MD5OfPublicKey: F1F5F0C3984CBEAF3889ADAFA2437433 From honey at citi.umich.edu Wed Apr 28 13:34:05 1993 From: honey at citi.umich.edu (Peter Honeyman) Date: Wed, 28 Apr 93 13:34:05 PDT Subject: othercrypt Message-ID: <9304282034.AA01784@toad.com> does anyone know how to get the a5 eurocrypt stuff? also there is rumored to be russian cryptosoftware on the street. clue? peter From tcmay at netcom.com Wed Apr 28 13:44:43 1993 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 28 Apr 93 13:44:43 PDT Subject: (fwd) Re: Clipper Chip Questions Message-ID: <9304282044.AA07510@netcom3.netcom.com> Cypherpatriots, Here's a fairly long posting I made to sci.crypt and comp.lsi about reverse engineering the Clipper chip. Especially on the technical issues about tamper-resistant modules and electron-beam probing. -Tim Newsgroups: sci.crypt,comp.lsi From: tcmay at netcom.com (Timothy C. May) Subject: Re: Clipper Chip Questions Date: Wed, 28 Apr 1993 20:26:51 GMT (followup to comp.lsi added, as they may have something to say on this) allyn (allyn at netcom.com) wrote: : My question is what is to prevent someone who has one of these chips : (from a cellphone or computer or whatever) from taking the chip to : a microelectronic facility with a decent scanning electron microscope and : other equipment that is used to testing and analysis of microcircuits : and taking the darn thing abart and reverse engineer it? : : There must be plenty of microelectronic facilities that are under : relatively minimal security (such as universities) for someone to : try to reverse engineer one of these classified chips that the government : plans to put into the public's hands. I ran an electron microscope/chip testing lab for Intel, circa 1981-84. (We built a kind of "time machine" for imaging the internal states of complex chips--the 286 in those days--and displaying them on an image processing system which "subtracted out" the states of bad chips from known good chips and thus allowed us to analyze the nucleation and propagation of logic faults through the chip. Very useful for finding subtle speed and voltage problems, as well as gross faults, of course.) Analyzing the Clipper chip, or any "tamper-resistant module," will not be trivial, but neither will it be impossible. Some issues, questions, problems: 1. Getting through the package to the chip surface itself is problematic. Proprietray molding compounds may be used to make this tough. (For example, carborundum and sapphire particles are often mixed in, so that mechanical grinding and lapping also destroys the chip. And plasma ashing won't work.) 2. Sometimes the package itself has "traps" which wipe the chip (the data) if breached (fiber optic lines mixed in the epoxy, for example). This seems unlikely for a relatively low-cost solution like the Clipper. Papers presented at the "Crypto Conference" have dealt with this. (The main uses: nuclear weapons "Permissive Action Links" and credit card "smart cards," which use less intensive measures, obviously.) 3. Once at the chip surface, via grinding, chemical etch, plasma ashing, etc., the chip can be analyzed. 4. Carefully photographing the chip as layers are etched away (or even carefully lapped away) can reveal much about the internal operation, though not the data stored in internal ROM, EPROM, EEPROM, Flash EPROM, etc. If the Clipper/Capstone algorithm is embedded in the microcode and not apparent from the visible circuitry, then it must be read by other means. 5. Voltage contrast electron microscopy allows internal chip voltages to be read with good reliability. Cf. any of the the many papers on this. Commercial e-beam probers are available. (How voltage contrast works is itself an interesting issue, and there are many good references on this.) 6. However, operating the chip is necessary to read the internal states and voltage levels, and opening the chip under "hostile conditions" (read: limited numbers of samples, no knowledge of the molding compound, no help from the manufacturer) often destroys the functionality. It can be done, but count on lots of trial and error. 7. Metal layers may be used to shield lower signal-carrying layers from scrutiny by electron beam probes. Intel, for example, builds the new Pentium on a 3-layer metal process in which the top layer almost completely covers the lower layers. (Extremely sophisticated measurements using lasers (Kerr effect) and magnetic field sensing may be possible. Count on a very expensive set-up to do this.) 8. Other "tricks" may route parts of the key circuitry through buried layers, polysilicon lines, several layers of metal, etc. 9. VLSI Technology, Inc., the company with the "tamper-resistant technology" used by Mykotronx (VTI will fab the chips), may also be storing bits in very small EEPROM cells, which are very hard to e-beam probe (especially without disrupting them!). Note also that Intel bought a partial stake in VLSI. (I'm not imputing anything and don't know if Intel is somehow involved in the Clipper/Capstone effort. In fact, I left Intel in 1986.) 10. The easiest way to get the Clipper/Skipjack/Capstone details is probably the old-fashioned way: offer money for it. With anonymous remailers and digital cash, this may be much easier. Just some thoughts on this extremely interesting issue of reverse-engineering the Clipper. -Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. From meyer at mcc.com Wed Apr 28 14:25:07 1993 From: meyer at mcc.com (Peter Meyer) Date: Wed, 28 Apr 93 14:25:07 PDT Subject: Program to measure entropy Message-ID: <19930428212444.5.MEYER@OGHMA.MCC.COM> Cypherpunks write code, so here's some (at the end, anyway). Someone asked awhile back (just before the deluge of postings on the Wiretap Chip swamped my announcement of the release of new versions of our Dolphin Encrypt encryption software) about (something like) how to tell whether a file consists of something like English text or just (apparent) garbage. Here's one way, a program to calculate the entropy (and the relative entropy) of the set of bytes in a file. First the documentation (extracted from Appendix III in the manual for the Dolphin Encryption Library): Information theorists have attempted to formalize and to quantify the notion of randomness, also called entropy. The usual definition of entropy in a string of letters from some alphabet is due to Claude Shannon (who formulated this concept in the 1950s). Let S be a string of letters from some alphabet A = { a(0), a(1), ..., a(k-1) } of k letters, and let p(i) be the probability (that is, the relative frequency) of occurrence of a(i) in the string S, then the entropy E of the string S may be defined as: k-1 E = - Sigma ( p(i) * ln ( p(i) ) ) i = 0 where ln is the natural logarithm. It can be shown that this value is maximized when all letters occur in S with equal frequency (in this case E = ln(k)), and is minimized when one letter occurs all the time (in this case E = 0). Since E ranges between 0 and ln(k), we may obtain a modified entropy value E', which we call relative entropy, which ranges between 0 and 1 by dividing E by ln(k) thus: E' = E / ln(k). The program ENTROPY1.EXE calculates the relative entropy of the bytes in a given file. For a DOS text file consisting of English text the relative entropy value is typically in the range 0.48 - .68. The relative entropy values for most non-random files, including .OBJ, .COM and .EXE files, usually fall in the range 0.50 through 0.95. Files consisting of bytes generated by pseudo-random-number generators typically have relative entropy values in the range 0.970 - 0.999. Thus a file with a relative entropy value of at least .98 looks (at least according to this test) very much like a file consisting of random bytes. ENTROPY.EXE can thus be used to test whether a file appears to consist of random bytes or something like natural language. The ENTROPY1.EXE program takes two parameters on the command line, a file specification (wildcard characters are not allowed in this version) and (optionally) a byte space size, e.g. ENTROPY1 FILE.TXT 150. The program produces results such as: File Size Entropy Rel. entropy Diff. bytes HAMLET.TXT 1459 3.037405 0.547756 42 PTRS.TXT 3683 3.415741 0.615984 108 CHAP04.TXT 51162 3.339292 0.602198 100 FILE1.RND 1762 5.473655 0.987102 255 FILE2.RND 3400 5.503647 0.992511 256 FILE3.RND 29225 5.541324 0.999305 256 HAMLET.ENC 1762 5.478605 0.987995 256 PTRS.ENC 3400 5.501231 0.992075 256 CHAP04.ENC 29225 5.540785 0.999208 256 NULLFILE 20000 0.000000 0.000000 1 The file called NULLFILE consists of 20,000 null (zero) bytes, and has a relative entropy value of zero (as do all files which contain only a single byte value). Note that the relative entropy values for the .ENC files (encrypted using Dolphin Encrypt) are about .99, as are those for the .RND files (created by using a pseudo-random-number generator similar to Microsoft's rand() function) of the same size. The last column gives the number of different bytes found in the file. This may be less than the size of the byte space for the file. If the size of the byte space is less than 256, as is the case with text files, then the space size parameter may be included in the command line, as in ENTROPY1 HAMLET.TXT 108. In this case the program produces results such as: File Size Entropy Rel. entropy Diff.bytes HAMLET.TXT 1459 3.037405 0.648723 42 PTRS.TXT 3683 3.415741 0.729527 108 CHAP04.TXT 51162 3.339292 0.713199 100 Thus decreasing the value for the byte space increases the entropy measure. Relative entropy tends to be larger for larger files. Now the C source code: /* ENTROPY1.C * Written by Peter Meyer, last revised 1993-04-27. * Calculates the relative entropy of the bytes in a file * defined as the negative of the sum for each byte of the product of * the relative probability of that byte times the natural log * of that byte, divided by the natural log of the number of * different bytes occurring in the file; values can range from 0 to 1. */ #include /* Microsoft header files */ #include #include #include unsigned long n[256]; double p[256]; unsigned char *usage = "\nUse: ENTROPY1 filespec [space_size]" "\nspace_size = number of possible bytes (default = 256)\n"; void measure_entropy(unsigned char *filename, unsigned long *total, double *entropy, double *relative_entropy, unsigned int*num_diff_bytes, unsigned int *space_size, int *err_flag); /*-----------------------------*/ void main(int argc, char *argv[]) { int err_flag; unsigned int num_diff_bytes, space_size; unsigned long total; double entropy, relative_entropy; if ( argc == 1 ) { printf(usage); exit(0); } if ( argc == 2 ) space_size = 256; else { space_size = (unsigned int)atoi(argv[2]); if ( space_size == 0 || space_size > 256 ) { printf("\nInvalid space size.\n"); exit(1); } } measure_entropy(argv[1],&total,&entropy,&relative_entropy,&num_diff_bytes, &space_size,&err_flag); switch ( err_flag ) { case 0: /* no error */ printf("Space size = %u\n",space_size); printf("\n%15s%15s%15s%15s%15s", "File","Size","Entropy","Rel. entropy","Diff. bytes"); printf("\n%15s%15lu",argv[1],total); printf("%15.6f%15.6f%15d\n",entropy,relative_entropy,num_diff_bytes); exit(0); case -1: printf("\nCannot open file %s.\n",argv[1]); exit(2); case -2: printf("\n%15s is inconsistent with space size %d.\n", argv[1],space_size); exit(3); } } /*-----------------------------------------*/ void measure_entropy(unsigned char *filename, unsigned long *total, double *entropy, double *relative_entropy, unsigned int *num_diff_bytes, unsigned int *space_size, int *err_flag) { int j; FILE *file; *err_flag = 0; file = fopen(filename,"rb"); if ( file == NULL ) { *err_flag = -1; return; } /* zero the frequency array */ memset(n,0,256*sizeof(unsigned long)); /* count the byte values */ while ( !feof(file) ) n[fgetc(file)]++; /* get the number of bytes and the number of different byte values */ *num_diff_bytes = 0; *total = 0L; for ( j=0; j<256; j++ ) { *num_diff_bytes += ( n[j] != 0 ); *total += n[j]; } if ( *num_diff_bytes > *space_size ) { *err_flag = -2; fclose(file); return; } /* calculate the probabilities */ for ( j=0; j<256; j++ ) p[j] = ((double)n[j])/(*total); /* calculate the entropy */ *entropy = 0.0; for ( j=0; j<256; j++ ) { if ( p[j] ) *entropy += p[j]*log(p[j]); } *entropy = -1.0*(*entropy); /* calculate the relative entropy */ *relative_entropy = *entropy/log(*space_size); fclose(file); } If anyone wants the MS-DOS executable version of this program then send me (meyer at mcc.com) a snailmail address and I'll send it to you on the Dolphin Encrypt demonstration disk. -- Peter Meyer From warlord at Athena.MIT.EDU Wed Apr 28 14:46:47 1993 From: warlord at Athena.MIT.EDU (Derek Atkins) Date: Wed, 28 Apr 93 14:46:47 PDT Subject: PGP: pgp -ke In-Reply-To: <9304281852.AA00450@toad.com> Message-ID: <9304282146.AA00918@stage8> Hi. A signature on a key is a cryptographic signature of the key and userid. Therefore, you cannot remove your userid from the key and hope to keep the signatures valid. The other problem is that once other people have your userid on your key, which is neccessary for them to sign it, then you need to have them remove it, too, etc. Basically, signatures and userids currently act like viruses... Once they escape, its nearly impossible to contain them again.... -derek Derek Atkins, MIT '93, Electrical Engineering and Computer Science Secretary, MIT Student Information Processing Board (SIPB) MIT Media Laboratory, Speech Research Group warlord at MIT.EDU PP-ASEL N1NWH From anton at hydra.unm.edu Wed Apr 28 16:04:17 1993 From: anton at hydra.unm.edu (Stanton McCandlish) Date: Wed, 28 Apr 93 16:04:17 PDT Subject: No FTP? You can still get PGP! Message-ID: <9304282303.AA07582@hydra.unm.edu> ************************************************************************* DEFEAT THE BIG BROTHER PROPOSAL! JUST SAY F!CK NO TO THE PRIVACY CLIPPER! ************************************************************************* ************************************************************ The security of PGP encryption for those without FTP access! ************************************************************ This is not an ad, but a public service announcement. NitV-BBS is FREE. This info (and my system!) has been updated to make it easier for you to obtain Pretty Good Privacy (PGP): Secure RSA pubkey encrytion for all! Due to the overwhelming response, I have sought out as many ports as possible. After a week of exhaustive FPT/Archie searches it appears to me that NitV-BBS is the world's singlemost comprehensive PGP site, with executables and/or source code for the following platforms: Platform exec source patch extras MS-DOS (PC-DOS, etc.) X X X Macintosh X X Archimedes X ? OS/2 X X Amiga X X Unix X X NeXT X In one case I do not have the means to open the archive to see if it comes with the source code, thus "?". WARNING: My DallasFax 14.4k v32bis modem does not always cooperate too well with USR/Miracom Dual Standards. BY MODEM TO BBS: Call NitV-BBS (see .sig at end of message for details) Here you will find: File area file name description LOGIN PGP22.ZIP DOS version of PGP LOGIN PGPSHEL1.ZIP menu/shell for PGP (DOS only) NONIBM PGP22B-A.LHA PGP for Amiga (w/source) NONIBM ARCPGP22 PGP for Archimedes (format unknown; w/src??) NONIBM MACPGP22.CPT PGP for Mac (.cpt archive) NONIBM PGP22.TAZ PGP for Unix (compressed .tar; w/source) WIN PGP22OS2.ZIP PGP for OS/2 (w/source patch) LOGIN PGP22SRC.ZIP PGP source code & utils for DOS NONIBM MPGP22SC.S_H PGP source code for Mac (BinHex .hqx encode of a .sea self-extracting archive) MONIBM MPGP22SC.SIG PGP signature for validation of Mac source NONIBM NXTPGP22.ASC PGP source code diff (patch) for NeXT. ASCII A quick ext search for "pgp" will yield the files for flagging quickly. Note: original name of Mac version is: MacPGP_2.2.cpt original name of Unix version is: pgp22.tar.Z original name of Mac source is: MacPGP2.2src.sea.hqx original name of Mac signature is: MacPGP2.2src.SIGNATURE NeXT patch is a concatenation of: PGP.random.c.diff and PGP.random.c.diff.README These names were changed because of the 12 char limit of MesSDOS filenames. All files are direct from these FTP sites: nic.funet.fi, sony.com, garbo.uwasa.fi, and ftp.uni-erlangen.de. They are NOT uploaded by BBS users, nor gotten from other BBSs. You can rest assured that they are "clean" (the superparanoid^H^H^H^H^H^H^H^Hcautious may wish to obtain additional copies and compare them for further validation.) You may login anonymously as ANONYMOUS, password GUEST. If you want the whole lot you won't have time, as that acct. is limited. In that case, login normally, but if you never intend to call again, please be courteous, and leave a omment to sysop to delete your account. Disk space is limited! All user accounts are free. There is no charge (other than your phone expenses of course) for obtaining PGP from NitV-BBS. BY FIDO-PROTOCOL FREQ Anyone in FidoNet or any other FTN/FTSC network (such as RBBSNet, etc.), or anyone with a working Fido-type mailer, can get PGP from the same source, via File REQuest, as long as they can send mail to Fido address 1:301/2 (you will need a Fido nodelist to pull that off). You do not have to be nodelisted to do this. You can even be a point system. Just send a DIRECT not routed netmail To: Sysop, NitV (1:301/2) From: Re: ,, St: Crash, Direct, FilReq, can be a full file name, or a "magic name". Status is not that important, as long as the message is set for at least these 2: Direct and FilReq. You can use the following magic names (which will still hold for future releases of PGP): Magic Name files description PGPDOS PGP22.ZIP, PGPSHEL1.ZIP DOS PGP and menu/shell PGPAMI PGP22B-A.LHA Amiga PGP & source PGPARC ARCPGP22 Archimedes PGP PGPMAC MACPGP22.C_H Mac PGP PGPNXT NXTPGP22.ASC NeXT PGP source code diff (requires a full src package) PGPOS2 PGP22O2.ZIP OS/2 PGP & patch PGPUNX PGP22TAR.Z Unix PGP & source PGPSDOS PGP22SRC.ZIP PGP source & utils (DOS fmt.) PGPSMAC MPGP22SC.S_H, MPGP22SC.SIG PGP source & sig (Mac fmt.) --------------------------------------------------------------------------- Please upload, file-attach via netmail, uuencode and email, or just tell me where to find, any interesting utils, FAQs, etc for PGP that you come across, so that I can make them available to the needy but FTPless hordes. Please do NOT further distribute this copy of PGP, especially to BBSs. Part of the Good Thing about getting it from NitV is that you know it came right from one of the original FTP sites for it, not from some cheezy BBS via the hands of 27 other people and systems, any of which might harbour a baddie. This is not to say that BBSs are bad (hell, I run one!) but rather that too much is left to chance (and ill-will!) in it's distribution methods. PGP is a security program, and needs to be guaranteed to be secure. Thank you. This offer, due to IDIOTIC export restrictions, must of course be limited to the USA. Authors are stongly encouraged to upload, mail, etc. their ports of PGP, their PGP utilities, etc. directly to me or the system listed below so that non-FTP-using PGP afficionados can be certain that they are getting a "pris- tine" copy. Thanks! ---------------------------------------------------------------------------- Distribute ENTIRE contents of this message freely. ---------------------------------------------------------------------------- -- Testes saxi solidi! ********************** Podex opacus gravedinosus est! Stanton McCandlish, SysOp: Noise in the Void Data Center BBS IndraNet: 369:1/1 FidoNet: 1:301/2 Internet: anton at hydra.unm.edu Snail: 8020 Central SE #405, Albuquerque, New Mexico 87108 USA Data phone: +1-505-246-8515 (24hr, 1200-14400 v32bis, N-8-1) Vox phone: +1-505-247-3402 (bps rate varies, depends on if you woke me up...:) From v20177 at vax1.cc.uakron.edu Wed Apr 28 17:06:33 1993 From: v20177 at vax1.cc.uakron.edu (Robert D Shofner ) Date: Wed, 28 Apr 93 17:06:33 PDT Subject: Need some Advice Message-ID: <9304290001.AA02691@vax1.cc.uakron.edu> Hello All My question is what is the diff. between a Software Eng. & Computer Sci. degree. Some of my profs say that they don't know of any schools offer a BS in Software Eng. If that is the case then why do people use that term? Or is it a Masters degree or something like that? I also would like to thank Eric Hughes for replying to my early question on Q&A a dos database problem. His basic steps solved the problem in less 30 min. By the way the algorithm used very lame. abs(ascii character - 255) I would like a little more info on the debugger method. Has anyone the address to MircoSystems Management magazine, I need the April 93 issue, but unable to find it local. Thanks in advance. Red :) typo above From 76114.2307 at CompuServe.COM Wed Apr 28 19:03:43 1993 From: 76114.2307 at CompuServe.COM (William Oldacre) Date: Wed, 28 Apr 93 19:03:43 PDT Subject: Help find this shareware! Message-ID: <930429015612_76114.2307_BHA12-1@CompuServe.COM> To: >Internet:cypherpunks at toad.com PLEASE HELP ME LOCATE THE FOLLOWING SHAREWARE AND IT'S AUTHORS. The following shareware was removed from Compuserve Information Service because a sysop feared it might be downloaded by someone outside of the United States and get him in trouble. 1 DES Documentation for DESJWW.ZIP IBMPRO/C and C++ [P] DESJWW.DOC 2 Data Encryption Standard (in MSC v5.0) IBMPRO/C and C++ [P] DESJWW.ZIP 3 Knapsack Public-Key Encryption System IBMPRO/C and C++ [P] KNAPSA.ZIP 4 Confide - encryption/decryption program (DES) IBMSYS/File Utilities [S] CONFID.ARC 5 The Private Line (tm) IBMSYS/File Utilities [S] TPL.ARC 6 The Private Line Documentation IBMSYS/File Utilities [S] TPLDOC.ARC I am trying to do a survey of ALL data encryption shareware, especially that based on the DES or RSA algorithm (I have PGP). Can you help? Please contact William Oldacre at: 76114.2307 at Compuserve.com or William H. Oldacre 6208 N.W. 132nd St. Gainesville, FL 32606 904-332-3010 From jim at RSA.COM Wed Apr 28 19:17:43 1993 From: jim at RSA.COM (Jim Bidzos) Date: Wed, 28 Apr 93 19:17:43 PDT Subject: pgp Message-ID: <9304290217.AA24716@RSA.COM> I don't think you're aware of our position on pgp. Unfortunately, you may leave us no choice but to take legal action, which we will unless you cease promotion adn distribution of pgp. The next message will state our position. End forwarded msg---------------------------------------------------------- -- Testes saxi solidi! ********************** Podex opacus gravedinosus est! Stanton McCandlish, SysOp: Noise in the Void Data Center BBS IndraNet: 369:1/1 FidoNet: 1:301/2 Internet: anton at hydra.unm.edu Snail: 8020 Central SE #405, Albuquerque, New Mexico 87108 USA Data phone: +1-505-246-8515 (24hr, 1200-14400 v32bis, N-8-1) Vox phone: +1-505-247-3402 (bps rate varies, depends on if you woke me up...:) From anton at hydra.unm.edu Wed Apr 28 20:31:52 1993 From: anton at hydra.unm.edu (Stanton McCandlish) Date: Wed, 28 Apr 93 20:31:52 PDT Subject: HELP! Some nut is threatening to sue! Message-ID: <9304290331.AA18264@hydra.unm.edu> Due to my posts to sci.crypt and elsewhere that I was distributing PGP, I recieved the following, and after that a very biased textfile on the dangers of having PGP and how terrible it is. Can anyone verify that this is a real threat? Last I heard PGP *MIGHT* violate a patent, but that this had not been decided yet. Please reply soon, and by direct email. If it is the Real Shit, I don't think they are going to give me long to ditch PGP... :( Begin forwarded msg ----------------------------------------------------- From mdiehl at triton.unm.edu Wed Apr 28 21:15:57 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Wed, 28 Apr 93 21:15:57 PDT Subject: Orig. Press Release. Message-ID: <9304290415.AA17021@triton.unm.edu> I'm looking for the press release for the wire-tap chip which says that communications manufactures will be "encouraged" to incorporate the "we're-tapped" chip in their products. Any hints would be appreciated. Thanx in advance. +-----------------------+-----------------------------+---------+ | J. Michael Diehl ;-) | I thought I was wrong once. | PGP KEY | | | But, I was mistaken. |available| | +-----------------------------+---------+ | mdiehl at triton.unm.edu | "I'm just looking for the opportunity | | mike.diehl at fido.org | to be Politically Incorrect! | | (505) 299-2282 | | +-----------------------+---------------------------------------+ From simonm at mindvox.phantom.com Wed Apr 28 21:34:02 1993 From: simonm at mindvox.phantom.com (Simon Moon) Date: Wed, 28 Apr 93 21:34:02 PDT Subject: Rave on... Message-ID: crunch at netcom.com (John Draper) writes: > My proposal is to set up a room with a bunch of donated PC's Macs or > whatever, and have a booth set up where people can purchase PGP diskettes While this sounds like a great idea, I'm not sure you'll find many ravers who eill actually use PGP. How many ravers exchange email, but haven't heard of PGP? It seems like only a couple, based on my talking to people about computers at raves. > [...] handout literature can be made available for anyone attending that > describes the "Clipper" proposals, and suggestions on what people can do > to resist further government control over private cryptography. This seems like a more practical tactic. Even just handing out a single or half-page flier about PGP, Clipper, and a couple of other topics would probably get a lot of people to read it. And people at raves are used to others going around handing out interesting things to read. The hard part is coming up with 300 well written words that cover everything that needs to be said, a task I leave in more capable hands. On the other hand, I wouldn't mind lugging my PowerBook 170 down to a rave... If anyone organizes such an event, drop me a line... -- Simon (simonm at mindvox.phantom.com) From wixer!wixer.bga.com!pacoid at cactus.org Wed Apr 28 23:38:54 1993 From: wixer!wixer.bga.com!pacoid at cactus.org (Paco Xander Nathan) Date: Wed, 28 Apr 93 23:38:54 PDT Subject: Raving on... In-Reply-To: <9304281204.AA05215@nexsys.nexsys.net> Message-ID: <9304290515.AA21342@wixer> "Sent from the cyberdeck of: Geoff White" > > >Hmm... the problem is I don't think a majority of the people at raves are > > >focused enough to concentrate on something as technical as that (I KNOW it > > >isn't technical to you and me, but the average raver doesn't even > > >know what the word encryption means). HOWEVER, raves ARE the ideal place > > >to hand out info about what's going on, something the raver can cling onto Our company, FringeWare, has been out doing brain machine demos at raves for a while.. I'm still trying to catch up on sleep from last weekend's rave construction & show :-) The raves started as socio/politial but in many places have become yet-another-club-hop-for-kids-with-time-to-kill. Even so, sentiments are in the right place, guaranteed. Especially among the *RAVE PROMOTERS* .. The promoters are already sensitive to issues in common with cypherpunks since they tend to be underground operations in the cash economy, etc. Plus, they're HEAVILY networked. As a techno/gonzo journalist, I've found it EASIER to get in with hacker cliques than with rave promoter cliques; granted the real stakes are higher so they take security more seriously :-) Also, I'm intrigued to see the overlap (at least in this area) between ravers and people at EFF-Austin mtgs.. Some of the main u/g promoters even showed up to EFF-A's CopCon a couple weeks back, so the overlap in our agendas is valid. I'd tend to go with the argument that actually signing keys or passing out pamphlets during a rave would be weird and blow the mood. Maybe you'd say "So what?" but to an entertainment promoter, mood means everything and only a few cypherphuckups would spread a terrible image for us. I'm generally the most hi-tech part of these raves, what with the sound/light brain gizmos and even that's too left-brained some ravers.. Most want to experience, not engage in discourse. With pheromones and alkaloids being some of the dominant attractions for people attending, I could agree more :-) Which is why I'd suggest we tag along with the VRrave project, based on IRC connex between concurrent raves. That'd present a hi-tech set & setting and allow for some demo/experience of secure comm. Do what you can to introduce/instruct the local promoters -- but generally they're busy people with better things to worry about, like liability and overhead not somebody else's political agenda. pxn. pacoid at wixer.bga.com From wixer!wixer.bga.com!pacoid at cactus.org Wed Apr 28 22:15:39 1993 From: wixer!wixer.bga.com!pacoid at cactus.org (Paco Xander Nathan) Date: Thu, 29 Apr 93 0:15:39 CDT Subject: Raving on... Message-ID: "Sent from the cyberdeck of: Geoff White" > > >Hmm... the problem is I don't think a majority of the people at raves are > > >focused enough to concentrate on something as technical as that (I KNOW it > > >isn't technical to you and me, but the average raver doesn't even > > >know what the word encryption means). HOWEVER, raves ARE the ideal place > > >to hand out info about what's going on, something the raver can cling onto Our company, FringeWare, has been out doing brain machine demos at raves for a while.. I'm still trying to catch up on sleep from last weekend's rave construction & show :-) The raves started as socio/politial but in many places have become yet-another-club-hop-for-kids-with-time-to-kill. Even so, sentiments are in the right place, guaranteed. Especially among the *RAVE PROMOTERS* .. The promoters are already sensitive to issues in common with cypherpunks since they tend to be underground operations in the cash economy, etc. Plus, they're HEAVILY networked. As a techno/gonzo journalist, I've found it EASIER to get in with hacker cliques than with rave promoter cliques; granted the real stakes are higher so they take security more seriously :-) Also, I'm intrigued to see the overlap (at least in this area) between ravers and people at EFF-Austin mtgs.. Some of the main u/g promoters even showed up to EFF-A's CopCon a couple weeks back, so the overlap in our agendas is valid. I'd tend to go with the argument that actually signing keys or passing out pamphlets during a rave would be weird and blow the mood. Maybe you'd say "So what?" but to an entertainment promoter, mood means everything and only a few cypherphuckups would spread a terrible image for us. I'm generally the most hi-tech part of these raves, what with the sound/light brain gizmos and even that's too left-brained some ravers.. Most want to experience, not engage in discourse. With pheromones and alkaloids being some of the dominant attractions for people attending, I could agree more :-) Which is why I'd suggest we tag along with the VRrave project, based on IRC connex between concurrent raves. That'd present a hi-tech set & setting and allow for some demo/experience of secure comm. Do what you can to introduce/instruct the local promoters -- but generally they're busy people with better things to worry about, like liability and overhead not somebody else's political agenda. pxn. pacoid at wixer.bga.com From crunch at netcom.com Thu Apr 29 00:33:14 1993 From: crunch at netcom.com (John Draper) Date: Thu, 29 Apr 93 00:33:14 PDT Subject: Some ideas, thats all... Message-ID: <9304290733.AA29290@netcom4.netcom.com> Who wants to collaborativly work on an information packet containing a collection of the previous reports on the wiretap chip, such as the initial white house statement, CPSR's and EFF's responses, list of questions that were hashed at the last Cypherpunks meeting, etc, etc. A smaller and easier to read infomation packet should be prepared to hand out at raves. These should be fairly simple, easy to read and comprehend while on LSD, and other drugs, and also easy to fold up and tuck in your jacket pockets for later reading. Included might be a diskette containing PGP and a "Bone head" starter "readme" file, with references to additional places where more robust information can be had. I volunteer to check out the rave scene, and do an analysis on how the ravers will respond. :-). I'll also try out various other ways to reach ravers and fill them in. It's most important to point out ways for them to become involved in both spreading the info to others, and if they have computers, how they can use PGP and other encryption software to protect their email and voice calls. In the not to distant future, I will be in various media interviews, and will have opportunity to mention these things, and tell people how they can get more information on what we are doing, and how they can be involved. Anyway, feel free to post this to any other system or network, where appropriate. John D. From tcmay at netcom.com Thu Apr 29 01:36:29 1993 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 29 Apr 93 01:36:29 PDT Subject: Tough Choices: PGP vs. RSA Data Security Message-ID: <9304290836.AA17180@netcom.netcom.com> Cypherpatriots, This is a tough posting to write. I may even be called a quisling, or even a sternlight! This may be the most important posting I make during this current Clipper-Big Brother Chip controversy. I suggest that we as a community seriously reconsider our basic support for PGP. Not because of any flaws in the program, but because of issues related to Clipper and the potential limits on crypto. Continuing use of PGP causes several problems: 1. If RSA fails to take actions against sites and users, it weakens their legal position with respect to their patents. The government does not need licenses in any case, but users of Clipperphones *do* (not the final end-users, but the suppliers of Clipperphones to non-government customers). (A case can be made that repudiation of the patents might be a good thing. I know I have argued this at times. It's hard to know.) 2. The "guerrilla crypto" aspect of the PGP community (and our group) is charming, but may be counterproductive. If we are viewed as outlaws, the target even of RSA, then we have almost no influence, save for underground subversion. (To put this another way, if we are seen as RSA Data's enemy, we lose a potential ally. I am suggesting that a coming war between strong crypto on one side and government snooping on the other will force all participants to choose up sides.) 3. Supporting a legal version of strong crypto, which RSA Data-approved programs are and PGP is *not*, is a much more solid foundation from which to fight possible restrictions on strong crypto. 4. Our time could better be spent by solidifying existing RSA programs, including RIPEM, RSAREF-derived programs, MailSafe, and so forth. This is the approach several major companies have taken (Apple, Lotus, Sun, etc.). I've urged Jim Bidzos to work toward some compromise with the PGP community (and I think everyone recognizes the positive aspects of this growing community). This might include creating translation programs so MailSafe or RIPEM can read PGP files, a reworking of PGP to conform to licensing requirements, etc. I'm hoping that Phil Zimmermann can see what the real battle is. The PGP community is not likely to win their battle in court, and the effect of such a court battle will be divisive and ultimately may help the government in its plans. Phil Z. is most unlikely to ever see any real revenues from PGP. I think the benefits of a strong, legal, supported crypto product are greater than the dubious benefits of having a "free" piece of software. At any reasonable hourly wage, the cost of MailSafe ($125, last time I checked) is dwarfed by the amount of time crypto activists like ourselves spend debating it, downloading it, awaiting patched versions, etc. (All is not rosy on the RSA Data side, either. RSA Data chose to concentrate on getting RSA built in to e-mail products from the major companies and chose not to devote much effort to PGP-like personal encryption products (such as MailSafe, which runs on DOS and UNIX only and which hasn't changed much since 1988). Support for RSA Data should mean more support for these kinds of products. We could essentially ask RSA for a commitment in this area.) I'm arguing that we should look carefully and see what the real issues are, who the real enemy is, and then make plans accordingly. Awaiting your feedback, -Tim May -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, smashing of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available. Waco Massacre + Big Brother Wiretap Chip = A Nazi Regime From gg at well.sf.ca.us Thu Apr 29 03:01:27 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Thu, 29 Apr 93 03:01:27 PDT Subject: Tough Choices: PGP vs. RSA Data Security Message-ID: <199304291001.AA23207@well.sf.ca.us> At risk of getting the goats of some friends of mine who read the list, I'm tending to agree with Tim's ideas here. Brief conversation with Jim Bidzos at the cypunx mtg indicated that he is very much up for something along the lines of a personal encryption product that would meet our needs. From a business perspective it's easy to see why RSA haven't gone for this yet; a copmany needs to concentrate at first on the most likely profitable lines of operation, and once that's solid, go for the wider market. Right now we have an incredible array of crypto talent which can be brought into a cooperative arrangement in developing additional RSA products. The result may turn out to be as good as the best potentials of PGP, and at the same time, support for RSA's position vis-a-vis any possible govt attempt to go after the patents. I don't see this as a matter of withdrawing support from the people and efforts which brought forth PGP. They're going to have their hands full doing *something* about Clipper right now, and that will deserve a lot of support. PGP has fulfilled its promise in many ways. It pre-empted the chance of an early govt ban on private crypto. It stimulated wide interest in crypto. It also provided a great market demonstration for the potential of an affordable strong personal encryption program. By this time, Jim Bidzos has a great case to make to his stockholders, for the business potential of personal cryptography. And PGP also brought together a wide community of cryptologists and programmers and end-users and so on. Consider a band who release a record on an underground label, which then makes it onto college radio in a big way, and the band gets a chance to get major distribution from that. They'd be dumb not to, as long as they can keep their artistic autonomy; and a smart record company executive knows that it's better not to try to tamper with a Good Thing. So here we are at the next step; public keys for the masses have the chance to come aboveground in a big way, and achieve even wider distribution and use. Now if those carrots aren't tasty enough; consider the stick: there is a long history of the govt doing in its adversaries by divide-&-conquer, along the lines of getting all kinds of infighting going among people who would be logical allies. Read the history of COINTELPRO for many examples. A major rift between PGP and RSA folks will only serve the interests of those who would rather both systems be banned. On the other hand, increased cooperation builds strength against possible governmental action in the future. -gg From rjc at gnu.ai.mit.edu Thu Apr 29 03:16:59 1993 From: rjc at gnu.ai.mit.edu (rjc at gnu.ai.mit.edu) Date: Thu, 29 Apr 93 03:16:59 PDT Subject: Tough Choices: PGP vs. RSA Data Security In-Reply-To: <9304290836.AA17180@netcom.netcom.com> Message-ID: <9304291016.AA36369@hal.gnu.ai.mit.edu> I partially agree with Tim, but RSA must be willing to make some compromises on this. Mathematical/Algorithmic patents already face lots of opposition in the user/programmer community, but charging high licensing fees on such patents will inevitably force programmers to develop freeware alternatives. I haven't seen Mailsafe, but from the reviews of it, it sounds like it is vastly inferior to PGP and not worth $125. It is also not "open" (e.g. you don't get source code?) which prevents the cypherpunk community from making modifications that they want. (I've also heard that RSA doesn't even support it well). A better course of action might be to remove the RSA engine from PGP and distribute the source code, and a binary for free, but require users to pay $30-50 to RSA to get the source code and binary for the RSA engine. This maintains our flexibility to modify PGP as we see fit, but preserves RSA's intellectual property. The downside is, platform portability will be impacted slightly. On the other hand, RSA could develop and maintain a PGP alternative which has all the bells and whistles we like, and market it at reasonable cost, say $50. (remember, Clipper chips will be cheaper than $40!) RSA's alternative is to have their patent become useless like most of the compression patents through wide spread unauthorized used of their algorithms. -- Ray Cromwell | Engineering is the implementation of science; -- -- EE/Math Student | politics is the implementation of faith. -- -- rjc at gnu.ai.mit.edu | - Zetetic Commentaries -- From i6t4 at jupiter.sun.csd.unb.ca Thu Apr 29 05:22:23 1993 From: i6t4 at jupiter.sun.csd.unb.ca (Nickey MacDonald) Date: Thu, 29 Apr 93 05:22:23 PDT Subject: A link encryption protocol to crytique ;-) Message-ID: Okay folx, tear this apart... I running on little sleep, but after thinking about this for a couple of hours (mostly while trying to document it...) I can't see any obvious holes... If no one points out any significant deterrants, I will code this up in C and release the code to the public domain (I'll get it put on soda...) I should comment, that this is not meant to be the best link encryption protocol available... the NSA (or others of their TLA friends) can monitor my sessions if they really want to... but this should at least provide a minor stumbling block... Also, I'm not a math major, so my version of a "technical" description of how to do this may upset the mathematicians among us... I did it the way it is cause it seem straight forward that way... I hope it actually makes sense to someone besides me... I hope it is general enuff (while writing this I had fixed values in mind, like 256 byte packets, so I may have let some of the constants creep in without noticing... I hope not, please point out these things)... Anyway, here it is, for whatever its worth... Oh, for irony's sake, I must admit that it was all the "clipper" discussion that got me thinking, and the use of I1 & I2 reflect this... hehehehe! --- Cut here --- Protocol proposal for a peer to peer encrypted link --------------------------------------------------- The goal of this algorithm was to be fast and not easily subject to a known plaintext attack, as the data bytes in B[] will be highly structured. x^y=the result of x exclusive ORed with y v[x..y]=a vector with positions indexed from x up to y (inclusive) v[i]=index into an an vector v for position i v[]=the list of all values in vector v CRC(v[])=caculate a CRC checksum on the data bytes in vector v N=number of user data bytes per packet D=N+sizeof(CRC(B[])) (for ease in generating I, should be a power of 2) S=D+sizeof(I)*2 B[0..N-1]=the N user data bytes C[0..D-1]=a work buffer filled from B[], CRC(B[]) P[0..S-1]=the outgoing packet K1 & K2=two random "session" keys of length P I=packet rearrange index (range of 0 up to D-1) I1 & I2=the two generators of I (range of 0 up to D-1) T[0..(2^sizeof(I))-1]=array of vectors of size D L=number of times to iterate the shuffle function total size of data D=N + sizeof(CRC(B[])) total size of each packet S=sizeof(I)*2 + N + sizeof(CRC(B[])) Exchanged in advance of any packets being sent (by a public key mechanism for example) are N, sizeof(I), sizeof(CRC(B[])), K1, K2, T. K1 and K2 are generated randomly, but checked to insure that K1[i] does not equal K2[i]. T[i] is generated by a pseudo random process, similar to shuffling a deck of cards. For each i, fill the vector with the values 0 to D-1. Then two random indexes (j & k) are chosen (to be different) and the two values at T[i,j] and T[i,k] are swapped. This can be iterated an arbitraty number of times (L) to ensure a good "shuffle" of the values. To encrypt each packet P: - Generate a random index (I) by generating two random values for I1 and I2 and exclusive OR'ing them together. I is not transmitted as part of the packet - Copy the values in B[i] to C[T[I,i]] for all values of i=0 up to N-1. - Copy the individual bytes from CRC(B[]) into C by indexing T[I,x] for x=N up to D-1. - Form the packet: P[0..D-1]=C[], P[D..D+sizeof(I)-1]=I1, P[D+sizeof(I)..S-1]=I2 - Replace each value of P[i] with P[i]^K1[i]^K2[i] for all values of i=0..S-1. - Transmit P[i] for all values i=S-1 down to 0. Explanatory comments: - Exclusive OR was chosen beacuse it executes so quickly on most machines. - The asumption was that just using a single key K1 would not be strong enough, so thus there are two. - Sending I as I1 and I2 gives more appranent choices of values, without requiring T to be extremely large. This is in hopes of further hindering any known plaintext attacks. - P is transmitted backwards merely so that I1 & I2 arrive first, to aide the decryption process. (Quite honestly this was done to make the above description of the assemblage of P a little easier to write, as putting I1 & I2 in first would have meant more calculation to yield the offsets of the sub parts of P eg. "P[0..D-1]=C[] would have become "P[sizeof(I)..sizeof(I)+D-1]=C[]" which is not as easily understood.) To decrypt each packet P: - As each byte comes in, it is stored into P[i] for values of i=S-1 down to 0. - Replace each value of P[i] with P[i]^K1[i]^K2[i] for all values of i=0..S-1. - I1=P[D..D+sizeof(I)-1]=I1, I2=P[D+sizeof(I)..S-1]. - I=I1^I2. - C[]=P[0..D-1]=C[]. - Copy the values in C[T[I,i]] to B[i] for all values of i=0 up to N-1. - Verify that CRC(B[]) equals C indexed T[I,x] for x=N up to D-1. - If the CRC verifies, the the data values have been transmitted and reside in B[] to be used. --- Cut here --- { God I hope I don't look like too much of a fool... ;-) } --- Nick MacDonald | NMD on IRC i6t4 at jupiter.sun.csd.unb.ca | PGP 2.1 Public key available via finger From fig at eff.org Thu Apr 29 05:56:54 1993 From: fig at eff.org (fig at eff.org) Date: Thu, 29 Apr 93 05:56:54 PDT Subject: HELP! Some nut is threatening to sue! Message-ID: <199304291256.AA27345@eff.org> At 9:31 PM 4/28/93 -0600, Stanton McCandlish wrote: If it is the Real Shit, It looks like the Real Shit to me, Stanton. I don't know anyone who has stonewalled Bidzos, so I don't know if he has actually taken legal action against a PGP distributor. But that's the guy (assuming it's not forged mail). <<*>><<*>><<*>><<*>><<*>><<*>><<*>><<*>> Cliff Figallo fig at eff.org EFF Online (617)576-4506 (voice) From nmh at thumper.bellcore.com Thu Apr 29 06:05:41 1993 From: nmh at thumper.bellcore.com (Neil Haller) Date: Thu, 29 Apr 93 06:05:41 PDT Subject: Tough Choices: PGP vs. RSA Data Security Message-ID: <9304291305.AA14642@latour.bellcore.com> Let me add one vote of support to your proposal ... and another reason you may not have considered. I use PGP for personal communications. I'm not a big enough target for anyone to sue. On the other hand I do *not* use PGP for anything related to my employment. My company (Bellcore) is large enough to get sued, and everyone loves to hate the telephone industry. As a result, I would happily pay a resonable license fee. Neil Haller nmh at thumper.bellcore.com From pfarrell at cs.gmu.edu Thu Apr 29 06:25:12 1993 From: pfarrell at cs.gmu.edu (Pat Farrell) Date: Thu, 29 Apr 93 06:25:12 PDT Subject: Tough Choices: PGP vs. RSA Data Security Message-ID: <33938.pfarrell@cs.gmu.edu> Tim may is starting to sound like a Suit. :-) I agree strongly that we need RSA on our side, not against us. I don't know the history of the animosity between Jim B and Phil Z, but I think it is time to say that water is over the dam. Several folks have suggested here, and in the usual feeds, that it wouldn't appear to be all that hard to take RSAREF and use it as the key exchange engine for a US-legal PGP. Or even to take the PGP source and use it as an enhanced RSAREF. I haven't looked at either source, but I have to believe that someone on the list has. Is there a technical reason why this can't be done? Is there some hidden political reason that it can't be done? The readers of this list are hardcore and facile with techninology. To get the widespread support we need kill the wiretap chip, we need to get "easy to use" strong cryptography into the mass market. I'm writing a Windows-based POP client designed for folks that can't spell SLIP. It should have strong encryption invisibly and automatically. It won't until there is a legal encryption engine with at least the key management of PGP. Pat Pat Farrell Grad Student pfarrell at cs.gmu.edu Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include From svp at gtoal.com Thu Apr 29 07:23:36 1993 From: svp at gtoal.com (Sy Verpunc) Date: Thu, 29 Apr 93 07:23:36 PDT Subject: A link encryption protocol to crytique ;-) Message-ID: <9304281442.AA05753@pizzabox.demon.co.uk> : T[i] is generated by a pseudo random process, similar to shuffling a deck of : cards. For each i, fill the vector with the values 0 to D-1. Then two random : indexes (j & k) are chosen (to be different) and the two values at : T[i,j] and T[i,k] are swapped. This can be iterated an arbitraty number of : times (L) to ensure a good "shuffle" of the values. I saw this particularly clueless statement and stopped even trying to follow the rest of it. Still, I made an even more stupid blunder on sci.crypt a few weeks ago myself, so I can't criticise. All I can say is I learned from my mistake and will leave thinking up new crypto schemes to the experts. G From svp at gtoal.com Thu Apr 29 07:24:09 1993 From: svp at gtoal.com (Sy Verpunc) Date: Thu, 29 Apr 93 07:24:09 PDT Subject: Tough Choices: PGP vs. RSA Data Security Message-ID: <9304281433.AA05674@pizzabox.demon.co.uk> : At risk of getting the goats of some friends of mine who read the list, I'm : tending to agree with Tim's ideas here. Brief conversation with Jim Bidzos : at the cypunx mtg indicated that he is very much up for something along the : lines of a personal encryption product that would meet our needs. From a All he has to do is let us pay a licence fee for pgp. What's the advantage to him in asking for a different piece of code that uses RSAREF and DES instead of Phil's code and IDEA? I can't see it, except that using DES blows away the security of the program... No, I think this suggestion should be put down now, or we'll splinter and give them exactly the divide-and-conquer opening they're looking for. G From svp at gtoal.com Thu Apr 29 07:26:51 1993 From: svp at gtoal.com (Sy Verpunc) Date: Thu, 29 Apr 93 07:26:51 PDT Subject: Tough Choices: PGP vs. RSA Data Security Message-ID: <9304281436.AA05701@pizzabox.demon.co.uk> A better course of action might be to remove the RSA engine from PGP and distribute the source code, and a binary for free, but require users to pay $30-50 to RSA to get the source code and binary for the RSA engine. Thats what people have *always wanted* to do. RSA won't let them. That's why any talk of a newer friendlier Bizdos is bullshit. G From geoffw at nexsys.net Thu Apr 29 08:06:42 1993 From: geoffw at nexsys.net (Geoff White) Date: Thu, 29 Apr 93 08:06:42 PDT Subject: Raving on... Message-ID: <9304291447.AA06514@nexsys.nexsys.net> I tend to agree with this guy, tread very carefully, we want to inform NOT proslitize. Ravers will get turned off real quick if you come on as something they MUST do. Offer information, answer questions and most of all be considerate of the fact that many people DONT know about the net or e-mail and that there may be some initial distrust from young ravers who don't know who you are because of your age, (and older guy wantin me to type some stuff into a computer? Humf, smells like DEA to me!) So go easy on folks at these things. You might want to find someone who is heavy into the Scene to go with you the first couple of times, to smooth the acceptance factor. Currently I'm way to busy with other aspects of the Scene to do this, you might want to contact some people on: sfraves at soda.berkeley.edu who regularly deploy VRAVE (an IRC like program for the international rave community) at raves in the Bay Area. To subscribe send a message to sfraves-request at soda.berkeley.edu, I've cross posted some of your mail so they are well aware of what you want to do. sfraves has been around for about a year, they are an integral and trusted part of the House Family, you might want to co-ordinate with them before you start a major campaign. I know they are working on getting the average raver signed onto e-mail. Hope this helps. ----- Begin Included Message ----- From ncselxsi!drzaphod at ncselxsi.netcom.com Thu Apr 29 08:11:46 1993 From: ncselxsi!drzaphod at ncselxsi.netcom.com (DrZaphod) Date: Thu, 29 Apr 93 08:11:46 PDT Subject: HELP! Some nut is threatening to sue! Message-ID: <2475.drzaphod@ncselxsi> In Message Wed, 28 Apr 93 21:31:10 MDT, Stanton McCandlish writes: >Due to my posts to sci.crypt and elsewhere that I was distributing PGP, >I recieved the following >From: jim at RSA.COM (Jim Bidzos) >To: anton at hydra.unm.edu >Subject: pgp > >I don't think you're aware of our position on pgp. Unfortunately, you >may leave us no choice but to take legal action, which we will unless >you cease promotion adn distribution of pgp. The next message will >state our position. For a guy who claims to want to help us Cypherpunks in the way of personal encryption, scare tactics seem a little out of place. I'm sure we'd all like to use legal encryption methods [maybe]... but we ARE Cypherpunks.. giving us the responsibility to use what's best and defend our rights for privacy. Using a package that hasn't been updated in 5 years [MailSafe], we have diminished to politically correct yippies. I;m not sure quite what to do.. but I saw Jim Bidzos on a magazine once.. and he looks like a fed. By playing the game we are becoming part of it. TTFN. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - DrZaphod #Don't Come Any Closer Or I'll Encrypt! - - [AC/DC] / [DnA][HP] #Xcitement thru Technology and Creativity - - [drzaphod at ncselxsi.uucp]# [MindPolice Censored This Bit] - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From tytso at ATHENA.MIT.EDU Thu Apr 29 08:33:35 1993 From: tytso at ATHENA.MIT.EDU (Theodore Ts'o) Date: Thu, 29 Apr 93 08:33:35 PDT Subject: Tough Choices: PGP vs. RSA Data Security In-Reply-To: <9304281436.AA05701@pizzabox.demon.co.uk> Message-ID: <9304291533.AA11541@tsx-11.MIT.EDU> Date: Wed, 28 Apr 93 14:36:04 GMT From: Sy Verpunc Reply-To: cypherpunks at toad.com Thats what people have *always wanted* to do. RSA won't let them. That's why any talk of a newer friendlier Bizdos is bullshit. Have you actually tried? Several people from RSA, including Bidzos at the last Cypherpunks meeting at Mountain View (I wasn't there, but take a look at the meeting "minutes"), have stated repeatedly that if someone were to ask for permission to use the internal interfaces of RSAREF in order to write a PGP-compatible program, they would grant permission. However, as of two weeks ago, *NOT* *A* *SINGLE* *PERSON* *HAS* *ASKED*. To those of you who have repeatedly said "Cypherpunks write code" (and I applaud that attitude), consider this a challenge. :-) - Ted From dionf at ERE.UMontreal.CA Thu Apr 29 08:49:59 1993 From: dionf at ERE.UMontreal.CA (Francois Dion) Date: Thu, 29 Apr 93 08:49:59 PDT Subject: Raving on... In-Reply-To: <9304291447.AA06514@nexsys.nexsys.net> Message-ID: <9304291548.AA08102@brise.ERE.UMontreal.CA> Beyond the ultraworld of Geoff White: > > > I tend to agree with this guy, tread very carefully, > we want to inform NOT proslitize. Ravers will get turned off real > quick if you come on as something they MUST do. It must be homogenous with the rave. For example, in the chillout room, you put a mind machine, a vrave connection, an electronic LED race (it's way cool to either create or modify handheld games into huge "techno" games), and finally several PCs, modified as "rave machines(tm)" :) with some people to explain how to get the keys, how to exchange them, what you can do with it, and emphasize the cool side... > information, answer questions and most of all be considerate > of the fact that many people DONT know about the net or e-mail The majority or ravers in Montreal know about raves thru my radio show, Raving Up North (emaill list) or my interactive phone line. I regularly talk about the net, internet issues, etc... (been doing that for 2 years) so most people know what the net is really about and they send lots of mail when the written press around here screw up). Another point, i'll be doing a rave on may 8th and the ravers have dubbed it the cyberpunk rave, even if it's called Rave en couleur... > You might > want to find someone who is heavy into the Scene to go with you > the first couple of times, to smooth the acceptance factor. Definitely. The scene needs some dominant figures. > Currently I'm way to busy with other aspects of the Scene to > do this, you might want to contact some people on: > > sfraves at soda.berkeley.edu > > who regularly deploy VRAVE (an IRC like program for the international > rave community) at raves in the Bay Area. Vrave is used in the east coast too. Twould be really cool if some rave from the west coast be connected may 8th... i'll probably have 2 lines here. > know they are working > on getting the average raver signed onto e-mail. As most people who are heavily "connected". There is an article in the may/june issue of wired about a guy called cursor cowboy who wants to connect everybody he meets. Speaking of wired, i've read the article on crypto rebels aka cypherpunks. What do you think? Please respond to me since i am not on cypherpunks anymore because the traffic was too heavy and religious when i was on. Ciao, -- Francois Dion ' _ _ _ CISM (_) (_) _) FM Montreal , Canada Email: CISM at ERE.UMontreal.CA (_) / . _) 10000 Watts Telephone no: (514) 343-7511 _______________________________________________________________________________ Audio-C-DJ-Fractals-Future-Label-Multimedia-Music-Radio-Rave-Video-VR-Volvo-... From uri at watson.ibm.com Thu Apr 29 09:24:41 1993 From: uri at watson.ibm.com (uri at watson.ibm.com) Date: Thu, 29 Apr 93 09:24:41 PDT Subject: Tough Choices: PGP vs. RSA Data Security In-Reply-To: <9304281433.AA05674@pizzabox.demon.co.uk> Message-ID: <9304291612.AA17566@buoy.watson.ibm.com> Sy Verpunc writes: > : .........Brief conversation with Jim Bidzos > : at the cypunx mtg indicated that he is very much up for something along the > : lines of a personal encryption product that would meet our needs. Well, this is yet to be seen. > All he has to do is let us pay a licence fee for pgp. What's the advantage > to him in asking for a different piece of code that uses RSAREF and DES > instead of Phil's code and IDEA? Practically none, especially since RIPEM is already running, and is as free as PGP. Of course, single DES is somewhat less resistant to brute force, thus triple DES would be more appropriate... > I can't see it, except that using DES blows away the security > of the program... Oh, come on now. It looks like every fool in the world believes now he can crack DES... Let me enlighten you: even IF one gets a DES engine fast enough and can put lots of those in parallel - that one still needs lots of ahrdware/software. Which isn't very feasible today. > No, I think this suggestion should be put down now, or we'll splinter and > give them exactly the divide-and-conquer opening they're looking for. Agreed. Regards, Uri. ------------ From uri at watson.ibm.com Thu Apr 29 09:24:59 1993 From: uri at watson.ibm.com (uri at watson.ibm.com) Date: Thu, 29 Apr 93 09:24:59 PDT Subject: Tough Choices: PGP vs. RSA Data Security In-Reply-To: <9304281436.AA05701@pizzabox.demon.co.uk> Message-ID: <9304291618.AA21186@buoy.watson.ibm.com> Theodore Ts'o writes: > Several people from RSA, including Bidzos at the last Cypherpunks > meeting at Mountain View (I wasn't there, but take a look at the meeting > "minutes"), have stated repeatedly that if someone were to ask for > permission to use the internal interfaces of RSAREF in order to write a > PGP-compatible program, they would grant permission. Now - there's a slight distinction between: a) write [from scratch] PGP-compatible program; b) write RSA engine for [existing] PGP program. I suspect it's the second, that most people would prefer. > However, as of two weeks ago, *NOT* *A* *SINGLE* *PERSON* *HAS* *ASKED*. Incorrect. I asked for, and recieved, a permission to use RSAREF internals for modified RIPEM program. Actually, nobody but time and efforts preclude me from adding PGP capabilities to it... Of course, whether b) will be granted too, is an open question. > To those of you who have repeatedly said "Cypherpunks write code" > (and I applaud that attitude), consider this a challenge. :-) Naw... EeRegards, Uri. ------------ From 74076.1041 at CompuServe.COM Thu Apr 29 09:28:55 1993 From: 74076.1041 at CompuServe.COM (Hal) Date: Thu, 29 Apr 93 09:28:55 PDT Subject: Tough Choices: PGP vs. RSA Data Security Message-ID: <930429161807_74076.1041_FHD83-1@CompuServe.COM> -----BEGIN PGP SIGNED MESSAGE----- Tim May writes: > I suggest that we as a community seriously reconsider our basic support for > PGP. Not because of any flaws in the program, but because of issues related > to Clipper and the potential limits on crypto. I see several problems with this proposal. 1. It's not clear what it means to "reconsider our basic support for PGP." What exactly is Tim proposing? That people stop using PGP? That they phase out their use of it as legal products become available? I'd like to see some clarification. 2. More generally, what about the issue of our advocating and supporting other possibly infringing actions? Which ones do we stop? Just those that upset Jim Bidzos? He claims to have patents that cover many more activities than RSA, including patents which cover the very idea of public key encryption, and patents on Diffie-Hellman key exchange and virtually any conceivable variation. Should we respect all of these now? 3. David Chaum apparently has U.S. patents on many key features of digital cash. It looks like we would have to stop working on that, too, by this reasoning. 4. What reasonable alternatives to PGP exist? Is RSAREF really usable on a PC? I tried an early version and it was terribly, terribly slow. PGP is just barely fast enough. A "legal" version of PGP which uses RSAREF will presumably be considerably slower. 5. I am not as convinced as Tim that RSADSI is truly, positively, certainly on our side. Why is it that RSAREF has such a weak conventional encryption algorithm (DES, with 56-bit keys)? RIPEM has been out for many months, and people have been asking for IDEA or triple DES all that time. Bidzos has supposedly said he'll give permission for improvements. Yet as far as I know RIPEM still only has this small key size, a key size which persistent rumors say can be broken by government computers. When Bidzos permits RSAREF to run a conventional encryption algorithm with a secure key size I will give more credence to the view that he wants people to have strong encryption. 6. How is it that one company has collected virtually all of the patents on cryptographic technology in this country? Jim Bidzos controls patents on public-key encryption in general, RSA, Diffie-Hellman key exchange, ElGamal signatures and encryption, and several others. I can't help noticing that it would be an extraordinarily convenient arrangement for the government if such a company existed and were secretly working against public use of cryptography while publically pretending to be doing all they can to bring this technology to a reluctant market. I still have not seen any specific public action by Bidzos which would invalidate this possibility. Yes, he has engaged in this widely publicized tiff with NIST over the Digital Signature Standard, and he's made some statements against Clipper. But where are the lawsuits? Is AT&T receiving the same threatening letters that Stanton McCandlish received when he said he was distributing PGP from his BBS? 7. Extrapolating from the widespread acceptance of PGP, which is free, to conclude that there is a market for a commercial encryption product which costs money is pointless. Granted, some of us may spend a lot of time talking about PGP and thinking about these issues, but most PGP users just downloaded it from a BBS or the net. There are a lot of things they'd spend $100 on before they would buy an encryption program. One of the things that attracted me to Cypherpunks is that they take steps to make these tools available without worrying about upsetting the power structure. David Chaum may object to our implementing digital cash. Jim Bidzos may object to our using RSA, or Diffie-Hellman, or almost anything else having to do with cryptography. If we're going to start looking over our shoulder and not doing anything which powerful people object to then we might as well pack up and go home. Almost everything we have talked about over the last six months infringes somebody's patents in this country. I really don't see what role a group like ours has if we have to tiptoe through the minefield of intellectual property protection which permeates the field of cryptography. Are we to become a bunch of unpaid consultants for RSADSI, writing code which they will then make profits on? Phil Zimmermann has done more to put strong cryptography into the hands of people all over the world in two years than Bidzos has managed in ten. He has faced lawsuits by Bidzos and has undergone considerable personal sacrifice in getting this software out. People talk about this "feud" as though the two are equally guilty, and ask (like Rodney King) "can't we all just get along?" But this is a cop-out. To me there is clear asymmetry in their dispute in terms of who asserts their power and who is trying to empower individuals. Look at what Tim is suggesting. We abandon PGP, not because it is a bad program; not because its author has behaved unethically; not because it has failed in its goals; but because Jim Bidzos is throwing his weight around and we don't want Jim to be unhappy. If Jim were to accept that PGP was no more threatening to his patents than RSAREF then the problem would be solved. I presume that Tim has decided that this won't happen, so now he suggests Plan B, that we abandon PGP. I have to suggest that the real obstacle to the wide deployment of strong cryptography remains Jim Bidzos. He has the power, by a single stroke of a pen, to do more to encourage the spread of cryptography in this country than any other single person (including Bill Clinton). All he has to do is to issue a policy statement that since PGP is freeware it falls under the PKP policy allowing use of the patents for noncommercial use. Presto - PGP is legal, and one of the main obstacles to its spread is eliminated. I agree with Tim that we need to look closely to see who our real enemies are. Perhaps Bidzos is a charming person. I've never met him. Certainly the bay area Cypherpunks seem to be falling under his influence. From my perspective I find this cozying up to the PKP/RSADSI power structure to be rather alarming. I don't think it is a good direction for the group. Hal Finney 74076.1041 at compuserve.com hal at alumni.caltech.edu -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK9/UvKgTA69YIUw3AQGCrgQAi2980bgg4eHAoIbRUtEtT05V7+50UH16 erkzERI8ot+uk0soXPsM53YlVVAvSYVmLY5Ine862RWG0TUldq1O99CbnCet6Da9 /NWVUQCAoKrUuwj7Cetyf84wE4Fof6tbugOtXhke26WXZXhEIIsSdgKBzaDdc/LD y0zU/abZ9Es= =IKKf -----END PGP SIGNATURE----- From pmetzger at lehman.com Thu Apr 29 09:34:53 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Thu, 29 Apr 93 09:34:53 PDT Subject: Tough Choices: PGP vs. RSA Data Security In-Reply-To: <9304290836.AA17180@netcom.netcom.com> Message-ID: <9304291634.AA24470@snark.shearson.com> [I am CCing this to Jim Bidzos at RSA.] Timothy C. May says: > Cypherpatriots, > > This is a tough posting to write. I may even be called a quisling, or even > a sternlight! Actually, I do not disagree with your fundamental points. Jim Bidzos is not, fundamentally, an enemy of privacy. He's just in a difficult position because his livelyhood comes from selling patent licenses. If a program existed that was legal and freely distributed like RIPEM but ran as fast as PGP and offered the "web of trust" model of PGP, I'd use it immediately. Perry From XIAOZHOU at pucc.Princeton.EDU Thu Apr 29 09:41:01 1993 From: XIAOZHOU at pucc.Princeton.EDU (Xiao Zhou) Date: Thu, 29 Apr 93 09:41:01 PDT Subject: Limbaugh & Liddy Message-ID: <9304291640.AA15355@toad.com> >> In <9304231457.AA22562 at gmuvax2.gmu.edu>, 7025aj at gmuvax2.gmu.edu writes: >> |> >> |> send him [Limbaug] some convincing words, please? >> |> >> |> G. Gordon Liddy would be another good target, but I don't know his address > >cp at jido.b30.ingr.com (Serrzna Penvt Cerffba) [!Is that real rot13!?] replies: >> My guess would be that Liddy and Limbaugh would both be very >> happy about the Tapper chip proposal... 1) Any publicity is good for us. These guys need controversy, and we've got it. 2) There's the 'international competitiveness' issue. 3) These guys hate Clinton to Schiminton. 4) Even if they pick the other side, we look good. 5) Larry King would of course be better, but is he returning your calls? From anton at hydra.unm.edu Thu Apr 29 09:52:06 1993 From: anton at hydra.unm.edu (Stanton McCandlish) Date: Thu, 29 Apr 93 09:52:06 PDT Subject: PGP is NOT availble from NITV anymore! Message-ID: <9304291650.AA13711@hydra.unm.edu> Due to threats of legal action from RSA, I have had to remove PGP from my system. Some time when I get the mess sorted out, non-patent-infringing PGP/RSA/[your-fave-crypto-here] utilities, such as mail scripts, will still be available, and I will post a message with the detail. I repeat, PGP *IS NOT* available from NitV-BBS any longer. Do not call for it you will be wasting your money and time. Sorry, but the law is the law. - S. McC. -- Testes saxi solidi! ********************** Podex opacus gravedinosus est! Stanton McCandlish, SysOp: Noise in the Void Data Center BBS IndraNet: 369:1/1 FidoNet: 1:301/2 Internet: anton at hydra.unm.edu Snail: 8020 Central SE #405, Albuquerque, New Mexico 87108 USA Data phone: +1-505-246-8515 (24hr, 1200-14400 v32bis, N-8-1) Vox phone: +1-505-247-3402 (bps rate varies, depends on if you woke me up...:) From pmetzger at lehman.com Thu Apr 29 10:26:38 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Thu, 29 Apr 93 10:26:38 PDT Subject: Tough Choices: PGP vs. RSA Data Security In-Reply-To: <9304291305.AA14642@latour.bellcore.com> Message-ID: <9304291725.AA24557@snark.shearson.com> Neil Haller says: > Let me add one vote of support to your proposal ... and another > reason you may not have considered. > > I use PGP for personal communications. I'm not a big enough > target for anyone to sue. On the other hand I do *not* use > PGP for anything related to my employment. My company (Bellcore) > is large enough to get sued, and everyone loves to hate the > telephone industry. As a result, I would happily pay a resonable > license fee. So would I. Many have said this before. Sigh. Perry From spam+ at cmu.edu Thu Apr 29 10:32:24 1993 From: spam+ at cmu.edu (Stephen P. Marting) Date: Thu, 29 Apr 93 10:32:24 PDT Subject: Need some Advice In-Reply-To: <9304290001.AA02691@vax1.cc.uakron.edu> Message-ID: Excerpts from cypherpunks: 28-Apr-93 Need some Advice by "Robert D Shofner"@vax1.cc.uakron.edu > My question is what is the diff. between a Software Eng. & Computer Sci. > degree. Some of my profs say that they don't know of any schools offer > a BS in Software Eng. If that is the case then why do people use that > term? Or is it a Masters degree or something like that? Well, I'm not too sure what this has to do with cypherpunking, but here goes: The difference between Software Engineering and Computer Science is sort of like the difference between Differential Equations and Mathematics. SoftEng is a subset of CompSci. I don't believe there are any schools that offer SoftEng as a BS degree - very few schools even offer an undergrad-level SoftEng course, Carnegie Mellon University (we're ranked second in CompSci overall) being a notable exception. We offer a Masters degree in SoftEng, and even have a program set up that allows a student to achieve a BS in CompSci and a MS in SoftEng in five years. [However, squeezing both those degree programs into a 5-year period would probably kill most ordinary mortals. I don't recommend this program, as lots of people have a hard time fitting the BS into four-and-a-half :) years. We're a tough school...] Not a University Spokescritter, but I play one on the net, -Spam -- spam+ at cmu.edu |~|___________ Spam is: Please sm6h+ at andrew.cmu.edu | \ Steve Marting Email me anonymous mail: | . / Carnegie Mellon U. For my PGP ap.2879 at cupid.sai.com |_____________> Pittsburgh, PA Public key! From pmetzger at lehman.com Thu Apr 29 10:40:11 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Thu, 29 Apr 93 10:40:11 PDT Subject: Tough Choices: PGP vs. RSA Data Security In-Reply-To: <9304281433.AA05674@pizzabox.demon.co.uk> Message-ID: <9304291739.AA24576@snark.shearson.com> Sy Verpunc says: > : At risk of getting the goats of some friends of mine who read the list, I'm > : tending to agree with Tim's ideas here. Brief conversation with Jim Bidzos > : at the cypunx mtg indicated that he is very much up for something along the > : lines of a personal encryption product that would meet our needs. From a > > All he has to do is let us pay a licence fee for pgp. What's the advantage > to him in asking for a different piece of code that uses RSAREF and DES > instead of Phil's code and IDEA? Why don't you ask him? He's jim at rsa.com. I'd be polite. .pm From mnemonic at eff.org Thu Apr 29 11:00:57 1993 From: mnemonic at eff.org (Mike Godwin) Date: Thu, 29 Apr 93 11:00:57 PDT Subject: Tough Choices: PGP vs. RSA Data Security In-Reply-To: <199304291001.AA23207@well.sf.ca.us> Message-ID: <199304291800.AA02672@eff.org> George Gleason writes: > A major > rift between PGP and RSA folks will only serve the interests of those who > would rather both systems be banned. I cannot overstate how strongly I agree with George's statement here. --Mike From pmetzger at lehman.com Thu Apr 29 11:01:59 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Thu, 29 Apr 93 11:01:59 PDT Subject: HELP! Some nut is threatening to sue! In-Reply-To: <2475.drzaphod@ncselxsi> Message-ID: <9304291801.AA24615@snark.shearson.com> "DrZaphod" says: > but I saw Jim Bidzos on a magazine once.. and he looks like a fed. Gawd. For people who claim "no one judges by appearances" you are really being silly. So he looks like a Fed. I suspect that to you, *I* likely look like a Fed, too. (I wear suits, and have a very very short haircut. I have to -- I work on Wall Street.) Geesh. Whether Bidzos is a nice guy or the devil incarnate has nothing to do with his clothes. You have, of course, demonstrated quite nicely what I was getting at in my earlier messages -- appearances count. Even hackers judge by appearance. Perry From cp at jido.b30.ingr.com Thu Apr 29 11:09:03 1993 From: cp at jido.b30.ingr.com (Serrzna Penvt Cerffba) Date: Thu, 29 Apr 93 11:09:03 PDT Subject: CSPAN NOT covering the hearings tommorrow In-Reply-To: <9304281904.AA12916@netcom4.netcom.com> Message-ID: <199304291808.AA10547@jido.b30.ingr.com> In <9304281904.AA12916 at netcom4.netcom.com>, John Draper writes: |> Called CSPAN, and they are NOT covering the hearings tommorrow. Hah! |> our tax dollars at work!! C-SPAN is not tax supported, if that's what you meant. Presumably transcripts will be available from the GPO as part of the Congressional Record, or someone in Ma who is a Markey constituent could get them for free and post a summary. ^ / ------/---- cp at jido.b30.ingr.com (Freeman Craig Presson) / / From markh at wimsey.bc.ca Thu Apr 29 11:13:13 1993 From: markh at wimsey.bc.ca (Mark C. Henderson) Date: Thu, 29 Apr 93 11:13:13 PDT Subject: Tough Choices: PGP vs. RSA Data Security Message-ID: > All he has to do is let us pay a licence fee for pgp. What's the advantage > to him in asking for a different piece of code that uses RSAREF and DES > instead of Phil's code and IDEA? I can't see it, except that using DES > blows away the security of the program... With respect to this, putting another symmetric cipher into RSAREF is a simple matter. I've done it for triple DES (3 key EEE version). Once (and if) we get permission from RSADSI to distribute it, it will go into the RIPEM distribution. I don't see any reason why we couldn't plug in IDEA. If you look at the RSAREF code you'll see that it would be technically very easy. > > No, I think this suggestion should be put down now, or we'll splinter and > give them exactly the divide-and-conquer opening they're looking for. Problems with RSAREF/RIPEM: 1. Use of RSAREF/RIPEM in support of a commercial enterprise is prohibited without paying a licence fee. Note that they can get you on copyright violations rather than patent infringement if you break the RSAREF licence agreement. My bet is that it makes enforcement a much simpler matter (you might say, especially in Canada). Note that personal use on a commercial system is OK. 2. One needs to get permission every time one wants to modify RSAREF in any substantial way. 3. The pseudo random number generation is suspect, especially if we're considering using symmetric cipher keys of > 64 bits. Essentially at most 2^128 distinct sequences of pseudo random numbers can be generated. 2^128 is a big number, but on the other hand it does make one wonder whether it is worth adding a scheme which uses 192-24 bits of key material. It isn't that I know how to break it, but on the other hand, it wouldn't surprise me if someone could compute, in less time than it would take to try 2^128 possibilities by brute force, some smaller number of possibilities for the encryption key given the IV which is output in plaintext in a RIPEM message. Call me paranoid. 4. We need something better than 56 bit key DES (said it before). 5. export problems. 6. RIPEM currently has no way to handle certificates or sign other people's public keys. This is, of course, serious. Good things: 1. One can use it for non-commercial purposes in North America. 2. Performance of RIPEM is considerably better than the original RSAREF code. The DES routines have been replaced. Furthermore a lot of platform specific improvements have been made to the large integer operations. The point being, that performance is similar to PGP. 3. The promise of PEM compatibility. (People are working on getting some support for certifificates into RIPEM.) The real point is that if we put our considerable resources behind something like RIPEM or 'legal' PGP and we had RSADSI's cooperation in terms of permission to modify, improve and update RSAREF then we could almost certainly have a high quality legal personal public key encryption program with the features we want, in a few months. It is a compromise. PGP is already done and is a very impressive software package. It certainly has a better feature set than RIPEM. It has been exported, so the export control issue is not a serious one. I do think the optimal solution (for both RSADSI and us) is to get some sort of scheme into place where PGP could be used legally for a licence fee (either per key or per person). Perhaps the folks at RSADSI could sign keys as PAID (but not necessarily authenticated) for US$50. They would certainly make some money in the process. Mark -- Mark Henderson markh at wimsey.bc.ca RIPEM key available by key server/finger/E-mail MD5OfPublicKey: F1F5F0C3984CBEAF3889ADAFA2437433 From dmandl at lehman.com Thu Apr 29 11:21:29 1993 From: dmandl at lehman.com (David Mandl) Date: Thu, 29 Apr 93 11:21:29 PDT Subject: Tough Choices: PGP vs. RSA Data Security Message-ID: <9304291821.AA13207@tardis.shearson.com> A new PGP with an RSA-approved engine and a reasonable license fee sounds fine to me. --Dave. From crunch at netcom.com Thu Apr 29 11:27:56 1993 From: crunch at netcom.com (John Draper) Date: Thu, 29 Apr 93 11:27:56 PDT Subject: Raving on.. Message-ID: <9304291828.AA03535@netcom4.netcom.com> >> Who wants to collaborativly work on an information packet containing >> a collection of the previous reports on the wiretap chip, such as >> the initial white house statement, CPSR's and EFF's responses, >> list of questions that were hashed at the last Cypherpunks meeting, >> etc, etc. >I already have such an archive (missing the cypherpunk questions [I had >a mail blowout, and that was one of the casualties, along with a couple >other saved items, mostly criticisms of the the privacy clipper.]) >Lemme know if you need it. I have it in .ZIP format, so you'll need >some way to deal with that. Great!! What we need is for someone who can read ZIP files and get it into hard copy for reproduction to be handed out at raves. Who wants to take on this responsibility? Geoff, now that one of my mailing lists has just dissolved (TCL_TALK) I can now join the sfRaves group and work with them directly, but first I want to write up a short introduction. JD From ld231782 at longs.lance.colostate.edu Thu Apr 29 11:39:00 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Thu, 29 Apr 93 11:39:00 PDT Subject: The May Proposal In-Reply-To: <9304290836.AA17180@netcom.netcom.com> Message-ID: <9304291838.AA11371@longs.lance.colostate.edu> Just when I think I'll lie low awhile, tcmay at netcom.com (Timothy C. May) drops a bombshell: >I suggest that we as a community seriously reconsider our basic support for >PGP. Not because of any flaws in the program, but because of issues related >to Clipper and the potential limits on crypto. I'm quite aghast at this little gem of a proposal, which might be deemed `treasonous' by some (however, I'll limit my flames). In many ways it is more unpalatable than the Clipper announcement. PGP is *solid* software for cryptography that is available *now*. What other software is available? Sure, there are plenty of vague promises and vaporware, or bits and pieces for little nooks and crannies of platforms. PGP is the closest thing to *widespread* strong cryptography available *across* platforms. Look, support whatever you want. Cypherpunks don't have an official policy sheet. But to recommend they stop promoting something that has formed one of the most stable core commitments of the group is divisive in itself. (Sheesh, this group couldn't reach a consensus if only one person was subscribing!) >1. If RSA fails to take actions against sites and users, it weakens their >legal position with respect to their patents. The government does not need >licenses in any case, but users of Clipperphones *do* (not the final >end-users, but the suppliers of Clipperphones to non-government customers). are you saying that RSA needs to support Clipperphones? or that they need the legal torque to suppress granting the patent to implementations of it? If RSA sells out, which I see every sign of this happening (lacking explicit reassurances from Bidzos, and in light of his apparent devotion to the company `stockholders'), then the point is mute. What makes you so sure they won't (or haven't)? Also, your reasoning is bizarre. If RSA wants to protect their patents, then they should attempt prosecution or pursue agreement, one or the other. It is the failure to prosecute that weakens their case, not the existence of infringers per se. Actually, that is the only way they have to strengthen their case, to attempt prosecution of perceived infringers. If they fail to do this then they are implicitly acknowledging their own weakness. >2. The "guerrilla crypto" aspect of the PGP community (and our group) is >charming, but may be counterproductive. If we are viewed as outlaws, the >target even of RSA, then we have almost no influence, save for underground >subversion. I just don't get this strange and insatiable drive to `respectability' by outspoken members of this list. This is the critical period when cryptography itself is in jeopardy, precisely at the point that we must, to a large extent, work outside the ``system'' that has unequivocally demonstrated its hostility to the basic premise of widespread unbreakable cryptography. Currently, we cannot have our unbreakable cryptography and respectability too. You all remind me of Denning, who wants to underhandedly promote Clipper and retain her scientific respectability at the same time. Or the NSA, who wants to regulate commercial cryptography but completely suppress any innovative commercial ideas that threaten their (increasingly threatened and seriously weakened) domination. >(To put this another way, if we are seen as RSA Data's enemy, we lose a >potential ally. I am suggesting that a coming war between strong crypto on >one side and government snooping on the other will force all participants >to choose up sides.) I'm on the side that commits to widespread availability of strong cryptography at any cost and any sacrifice. As Mr. Hughes has written, ``no compromises''. I think RSA had better make it clear right away whether they will support the Clipper and Capstone projects or not. That is the crucial decision at stake. Every minute that a strong statement is lacking I am further skeptical and suspicious of their true intent. >3. Supporting a legal version of strong crypto, which RSA Data-approved >programs are and PGP is *not*, is a much more solid foundation from which >to fight possible restrictions on strong crypto. All this vague legal mumbo jumbo and wonderful rhetoric like `solid foundation' may have some value in the future, and may even be a decisive pivot. But the pace of litigation is glacial, and we need powerful tools *now*. PGP is such a tool. The strongest approach to fighting restrictions on strong cryptography is to USE IT RIGHT NOW. RSA in a MINUTE could guarantee the legality of PGP by offering licenses to users. Many have expressed the sincere desire to become `legitimate'. I consider it a wholly reasonable approach. Their continued silence on this point is deafening. They have not addressed the possibility whatsoever publicly except to hint that they regret their inability or inaction in the area. Why do they refuse to assent? There are overtures & negotiations to get the RSADSI libraries into the code, but this is just (so far) a decoy, distraction, and diversion in my opinion. I think the bottom line is that RSA wants more control over the public key algorithm than P. Zimmerman (a true cypherpatriot) is willing to grant, and he is willing to take a calculated but considerable risk, which so far has payed vast, global, valuable dividends reaped by tens of thousands. >4. Our time could better be spent by solidifying existing RSA programs, >including RIPEM, RSAREF-derived programs, MailSafe, and so forth. This is >the approach several major companies have taken (Apple, Lotus, Sun, etc.). again, not enough platform-independent availability or fanatical commitment on the part of the companies. Is there a *universal*, *freely available* package in there? How many of those vendors would take out the strong cryptography if a law were passed to do it? How many have already demonstrated their spinelessness by weakly assenting to disembowel their embedded strong cryptographic techniques? How many are subject to the whims of RSA or the NSA? >I've urged Jim Bidzos to work toward some compromise with the PGP community >(and I think everyone recognizes the positive aspects of this growing >community). This might include creating translation programs so MailSafe or >RIPEM can read PGP files, a reworking of PGP to conform to licensing >requirements, etc. Oh, so we abandon PGP until Mr. Bidzos works out a compromise on his own terms and own time schedule, is that the idea? He has had *years* to demonstrate his willingness to `compromise'. Some parts of the PGP community would gladly submit to even a one-sided `compromise' of expensive individual licensing. So far, in my view, he has done nothing but string along the PGP team, when he (or somebody) has the power to end the bickering and tension *immediately*. Many PGP users don't object to RSA getting rich off the algorithm licenses. It is not an issue of money, apparently, though, it is an issue of *control* (something that any true cypherpatriot should recognize as critical and not to be given away). Do you want your strong cryptographic techniques to be controlled by yourself or someone else? >I'm hoping that Phil Zimmermann can see what the real battle is. The PGP >community is not likely to win their battle in court, and the effect of >such a court battle will be divisive and ultimately may help the government >in its plans. Phil Z. is most unlikely to ever see any real revenues from >PGP. Mr. Zimmerman has never seen `any real revenues' from his work and to attribute his basic past motive to that purpose is mercenary and tasteless. He has a true and passionate commitment to strong cryptography, enough that he risked his personal comfort and sacrificed years of his life to promoting it, and the documentation accurately represents that drive. Yes, a court battle would be divisive. It would probably bankrupt Mr. Zimmerman and distract RSA if pursued vigorously. But RSA can wholly avoid it. On the other hand, a court battle could bring public favor to the cryptographic cause. It could set a clear precedent for the dubious legality of software patents. There are many wildcards. Would many people send Zimmerman money if he was prosecuted? Would EFF get involved? Would he be perceived as the David vs. the Goliath? Does RSA have a strong, legal, legitimate case? Only a Sternlight would think the issue is clear cut. >I think the benefits of a strong, legal, supported crypto product are >greater than the dubious benefits of having a "free" piece of software. At >any reasonable hourly wage, the cost of MailSafe ($125, last time I >checked) is dwarfed by the amount of time crypto activists like ourselves >spend debating it, downloading it, awaiting patched versions, etc. PGP is essential now because it is supported on many platforms, has a common format, is not limited to mail, has attained a sophisticated degree of reliability, is continuing to be supported extremely responsively, is not limited by wishywashy and halfhearted commitment by its developers, was born of the true motive that *everyone* deserves and requires strong cryptography *today* and that there's something just a little upsetting about big conglomerates getting rich off of selling algorithms for a freedom like privacy. Do you want to trade something solid for something vapid? >(All is not rosy on the RSA Data side, either. RSA Data chose to >concentrate on getting RSA built in to e-mail products from the major >companies and chose not to devote much effort to PGP-like personal >encryption products (such as MailSafe, which runs on DOS and UNIX only and >which hasn't changed much since 1988). Support for RSA Data should mean >more support for these kinds of products. We could essentially ask RSA for >a commitment in this area.) I will support RSA when they show an unequivocal commitment to the proliferation of strong cryptography by allowing individual users to obtain licenses. So far, they have only worked with companies. They stand to make *more* if they had the unorthodox whim to allow users to receive licenses. People have been asking for ``a commitment from RSA in this area'' for *many months* if not *years*. There are ulterior motives present that are not apparent in talking exclusively to Bidzos, I'm sure. Here is my position on PGP: yes, it has dubious legal ground. But so did many other revolutionary technologies at the time of their inception. RSA has had plenty of opportunities to send a clear signal by either prosecuting or promoting PGP (the former in potentially devastating ways, the latter in potentially lucrative ways). That they have not done either suggests to me that they don't understand the fundamental importance of the issue in some way. It seems to me somebody directing RSA (Bidzos perhaps) wants to straddle the fence, and is continuing to do so, and that PGP and Clipper (so far) are just two aspects of a pattern. But I think somebody at RSA had better pick a side soon or they will be speared by both sides of the fence. I think it would be overly optimistic and idealistic to think that PGP will be here, say, 10 years from now. It is a stepping stone to grander things, but a *crucial* one at this point, and not to be abandoned but remembered, revered, and *used*. Do you know how many man-hours have gone, and continue to go, into its development and maintenance? Many new wrinkles will be occuring in time, but right now PGP is the well-deserving cyphersoftware of choice. Until RSA makes some clear statements of their intent on critical issues like Clipper/Capstone/PGP, I don't consider them an ally. At this point their silence can be taken as an affront to *all* sides. Right now I think the clock is ticking on a blatant sellout, but I'd just love to be pleasantly surprised. So far the only thing surprising about RSA is their conspicuous inconspicuousness. And there are ominous rumors that they will be or are starting to target prominent PGP users in a mailwriting campaign. The issue is not ``will RSA be our ally if we sacrifice PGP?'' but ``why has RSA not responded despite reasonable overtures?'' In my opinion, J. Bidzos needs to answer the following explicitly and satisfactorily before cypherpunks consider RSA their Salvation: 1. Will RSA sell licenses to companies seeking to use the public key algorithm in Capstone and Clipper implementations? What was the exact RSA involvement in those areas prior to the announcement? 2. Why has RSA refused to sell individual licenses to PGP users despite the continued expressions of willingness and desire to cooperate on the part of many of those users? 3. What is the real RSA position/plan/policy on patent infringers, if there is one? 4. Who is fundamentally in control of RSA, anyway? Bidzos? R. S. & A.? Shareholders? the NSA? Accountants and lawyers? What is the underlying agenda? >I'm arguing that we should look carefully and see what the real issues are, >who the real enemy is, and then make plans accordingly. ``Friends come and go, but enemies accumulate.'' From strat at intercon.com Thu Apr 29 11:50:53 1993 From: strat at intercon.com (Bob Stratton) Date: Thu, 29 Apr 93 11:50:53 PDT Subject: Tough Choices: PGP vs. RSA Data Security Message-ID: <9304291350.AA43154@horton.intercon.com> > From: markh at wimsey.bc.ca (Mark C. Henderson) > Date: Thu, 29 Apr 1993 11:11:20 PDT > Subject: Re: Tough Choices: PGP vs. RSA Data Security > > > 6. RIPEM currently has no way to handle certificates or sign other > people's public keys. This is, of course, serious. The Macintosh RIPEM client does/will have certificate creation functionality RSN. In fact, RSA's even running a low-security persona certification authority that interoperates with them, as we speak. --Strat From karn at qualcomm.com Thu Apr 29 12:09:02 1993 From: karn at qualcomm.com (Phil Karn) Date: Thu, 29 Apr 93 12:09:02 PDT Subject: Tough Choices: PGP vs. RSA Data Security Message-ID: <9304291908.AA14792@servo> I think the ball's already in Bidzos's court. Consider the following Bidzos quote a few days ago on the "billcryp" list: You have it correct, but let me expand a bit. It would be a bad business decision for us to try to keep *anyone* out of the market with patents because we disagree with their approach. Remember, personal choice crypto isn't outlawed yet. Now the context of this quote was whether RSA could use its patents to try to squash the more objectionable aspects of Clipper (particularly key registration), but his wording is (perhaps unintentionally) much more revealing. It implies to me that licensing PGP would be in RSADSI's best business interests. And so it would, if not for the personal animosity between Bidzos and Zimmerman. I sent a note to Bidzos asking him this exact question, but I have not yet received a reply. I am yet another person who would be glad to pay RSADSI a reasonable fee to use RSA in the form of PGP. Cost is really not the main issue here; PGP is the product I want to use, plain and simple. Nothing else matches its features, especially the "web of trust" model for certificates and the widespread availability of source code for inspection. Mailsafe isn't even in the running. I use PGP only occasionally, in a personal and educational mode. I would very much like to be able to recommend it to my company for business use, but I can't do that under the present circumstances. And that's too bad. Phil From tcmay at netcom.com Thu Apr 29 13:12:27 1993 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 29 Apr 93 13:12:27 PDT Subject: HELP! Some nut is threatening to sue! Message-ID: <9304292012.AA12334@netcom.netcom.com> Dr. Zaphod writes, commenting on Jim Bidzos' e-mail to Stanton M., > For a guy who claims to want to help us Cypherpunks in the way of >personal encryption, scare tactics seem a little out of place. I'm sure >we'd all like to use legal encryption methods [maybe]... but we ARE >Cypherpunks.. giving us the responsibility to use what's best and defend our >rights for privacy. Using a package that hasn't been updated in 5 years >[MailSafe], we have diminished to politically correct yippies. I;m not sure >quite what to do.. but I saw Jim Bidzos on a magazine once.. and he looks >like a fed. >By playing the game we are becoming part of it. TTFN. * The scare tactics may have been somewhat too harsh, or at least phrased in typical "cease and desist" lawyer terms, but Stanton _did_ post his announcement very prominently and widely in sci.crypt, where everyone could see it. RSADSI was pretty much forced to react, lest they later find their patents/copyrights/whatever ruled invalid by their failure to protect them. Most PGP sites are less well-advertised :-}. * I agree that PGP has a feature set (especially its distributed trust model) that is more interesting than the creaky old MailSafe program. There may be several solutions brewing here, as several postings in this thread have noted. * As George Gleason has also noted, dividing our community may play into the government's hands. (Some may think I'm trying to fragment the PGP community with these comments. Not at all. PGP has done a valuable service in educating hackers, users, etc., and in energizing the community. But keeping crypto "underground," as by nature PGP must be, is not what we want, is it?) * I once thought RSA Data Security Inc. was NSA-controlled. This was in 1988 or so, when I tried to buy a crypto package from them and got the run-around ("Don't call us, we'll call you."). It seemed natural, to me at that time, that the Agency would control such a crucial technology. This opinion didn't last too long, as I got more familiar with the crypto community. Now I'm convinced otherwise, and that Clipper/Capstone is in fact the government's way of gaining control of a technology they failed to classify and control the first time around. (To be sure, the export controls and other legal restrictions are a way the Agency and others control the spread of strong crypto, but so far there has been no basic challenge to the "right to encrypt." Many of us see Clipper as a probable move in this direction. Time will tell.) After meeting many of the principals, including some early investors (like Alan Alcorn, of Atari fame, at the Hackers Conference), I came to a different conclusion: RSA Data Security was just concentrating on the "big deals" which are only now coming to fruition--the zillion-copy deals with large companies like Apple, Microsoft, Lotus, etc.. This market is vastly larger than the PGP community, which may be as "small" as several thousand copies (does anybody have any better guesses?). And it turns out anyone _can_ buy a personal encryption package from RSADSI...it's called MailSafe. In 1991, I stopped off at the offices of RSA in Redwood City, while on my way to Lake Tahoe to the Hackers Conference, to pick up my copy of MailSafe and ran into Jim Bidzos. We talked about PGP (1.0 in those days) and about the upcoming Hackers Conference. Jim made an interesting offer: Anyone at the Hackers Conference could buy MailSafe for $50, just by saying they were there. This fee barely covered the manufacturing/packaging costs, as I'm sure you all know. So far as I know, a handful of people followed up. (And I agree there's a perceived problem that no one, especially in our community, uses it. That's why I have both a MailSafe and a PGP key...I figure I'm pretty safe against any legal charges, as I can always wave my MailSafe license in the air!) Several other conversations have convinced me that Bidzos is not a Fed. Also, his company has sponsored two excellent (and *free*, by the way!) conferences on crypto, featuring speakers from outside his company (such as Mark Riordan of RIPEM fame) and talks highly critical of the "Digital Signature Standard" (DSS), which the real Feds were pushing as a weak alternative to RSA digital signatures. (By the way, DSS is part of the new Capstone system, unsurprisingly.) * I'm not a lawyer (which is why I'll cc Mike Godwin and Lee Tien on this response), but my understanding is that the RSA patents cannot just be licensed on a "per person" basis...that's just not the way patents work. That is, we can't just pay RSA a quite reasonable $50 apiece for a perpetual license to the patents and be done with it. Instead, each product that uses the patents must be separately licensed, as per patent laws. (This doesn't mean the fee is anywhere _near_ the $125 for MailSafe, the $50 fee I suggested here, etc. I suspect the deals with Apple, Lotus, etc., resulted in _much_ lower fees, perhaps just a couple of bucks per user. Just a guess.) * A "personal encryption" product, for users who don't use commercial e-mail products such as Lotus Notes (which contains RSA), is sorely needed. The PGP distributed trust model and other features, combined with a fully legal "crypto core," could be a real success. (Personally, I'd like to see a commercial version of "Eudora," the Macintosh off-line mail reader I now use, with easier (push-button, automatic) support for PGP, RIPEM, etc.). * The upcoming battle for strong crypto is as important a battle for civil liberties as our generation will ever face, in my opinion. The precendents set in the next several years will shape this country (and other countries, by extension) for many years to come. -Tim May -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, smashing of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available. Waco Massacre + Big Brother Wiretap Chip = A Nazi Regime From hughes at soda.berkeley.edu Thu Apr 29 14:05:29 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Thu, 29 Apr 93 14:05:29 PDT Subject: Tough Choices: PGP vs. RSA Data Security In-Reply-To: <9304290836.AA17180@netcom.netcom.com> Message-ID: <9304292102.AA17707@soda.berkeley.edu> Copyright (c) 1993 Eric Hughes. Unlike most everything else I write, I do not grant right to use this without my express permission. If you want it sent somewhere else, ask me. I'll probably just send it there myself. I'm going to try to give an overview of the RSADSI and PGP situation. This is long. I've put it in the form of premises, assertions, facts, lemmas, theorems. I know that below I am mostly trying to justify RSADSI's actions. I offer the following so that you may understand how they view themselves. I also wish to offer my personal view on RSADSI. I do not consider them the enemy; I consider the enemy to be NSA/COMINT and those who would destroy privacy to create Big Brother. The RSA patent expires in seven years; the NSA will be around long after that. I have a clear priority here. This long term battle is worth winning to the exclusion of some other desiderata. "Patents don't kill people. Tyrants kill people." I do not think we should pick fights with our allies. The patent battle will not be won by mere defiance, but by careful planning. PGP is not the right vehicle for this fight. Every argument below is predicated on the first premise. I know lots of people are stronly opposed to the patents; I myself am of two minds on the subject. I do wish to point out that the validity of the patents is not what I argue from, but their pragmatic effect in the legal world. Premise: The RSADSI patents are _de facto_ effective. This is a completely separate issue from whether the ought to exist, whether the public really should have them, etc. The fact is, the PTO granted them, the courts will find them valid unless a lot of money is spent in a legal challenge whose outcome is by no means guaranteed. A large organization with lots of money to spend (not the LPF) might have a chance of a successful overturning, but that course of action is not in sight. Premise: Jim Bidzos is not in a unconstrained position; he has repsonsibilities and restrictions and can't do whatever he might want. The effectiveness of the patents gave rise to a commercial opportunity. That commercial opportunity is embodied in PKP and RSADSI. That opportunity was successful by any reasonable measure. The success directly created a fiscal responsibility for the agents of the patent owners to make money for the owners. Bidzos can't take actions which can reasonably be seen as threatening to his business; the point of view here is that of the owners, no one else's. Premise: PGP threatens the business of PKP and RSADSI. This is fairly explicit in the documentation; PGP intends to threaten their business. The patent claims are denounced, variously, as unethical, immoral, and stolen. The docs says "Hey! we tried to get a license, and they wouldn't give it to us, but here's the software anyway." The point is that the truth or falsity of these claims is not the issue. These statements on their face can be taken as harmful; that is sufficient. Premise: RSADSI and PKP will defend themselves. Seems obvious, eh? The way to counter rhetoric is with more rhetoric, and the rhetoric of business is the law and threats of legal action. To my knowledge, no actual legal actions have been made by RSADSI, but lots of threats have been. I also believe that RSADSI is ready to take legal action, however. Premise: RSADSI's main business is licensing, and licensing individuals is not very profitable. RSADSI has had enormous commercial success in getting large corporations to sign up. The only reason to license individuals is to allow them to use non-commerical software of one form or another. The brute fact of the matter is that most people just don't use non-commercial software, as a percentage of market. (If you disagree, consider the size of the PC deployed base vis a vis Unix, and then consider that most of those PC's are owned by companies, who purchase their software.) Lemma: Licensing patents is different than licensing software. With software, most of your revenue stream in the long run is upgrades, not initial purchases. The incremental cost to produce an upgrade over its sale price is far less than for the initial version. With a patent license, you get one sale and that's it. Premise: RSADSI created RSAREF in order to license individuals. The purpose of RSADSI is not to suppress cryptography--it is to promote it. They lose very little by making a free version and they gain a lot in terms of goodwill and preparing and educating people to use commercial versions. Since they don't make any money from it, there's no reason for them to spend much money paying lawyers to draft license agreements for products which bring in no income. Therefore they want all non-income uses of the patents to be filtered through a single license. Fact: Commercial licenses to RSAREF are available. They have not been advertised widely as yet, though. Assertion: The reason that RSADSI requires that individual licenses be mediated through RSAREF is that non-commercial software is inevitably used in commercial contexts. Remember, their main business is licensing. All software used in a commercial context must be licensed, otherwise their main business is imperiled. Were they to make separate licenses for every low end product, they would be in the same situation as if they licensed individuals--high overhead, small return. Therefore, they license RSAREF to companies; this allows RSADSI to economically offer licensed use for all such low end software packages. Theorem: PGP does not need to threaten RSADSI's business. By using RSAREF, PGP can satisfy RSADSI's business requirement to control licensing and satisfy PGP's requirement to have a free license. Fact: RSAREF has a restricted interface which does not allow for direct RSA cryptosystem operations. Assertion: RSADSI is protecting their good name by restricting the default RSAREF interface. Jim Bidzos has told me that the reason they use a restricted interface is to prevent people from making stupid cryptographic mistakes and then claiming that the lack of security was the fault of RSADSI. Given the number of cryptographic numbskulls out there, this concern is not unrealistic. Fact: PGP cannot use the default RSAREF interface. For one, DES is embedded into that interface. Fact: RSADSI has allowed products to go behind the RSAREF interface before. Their concern is that your not doing anything stupid. PGP isn't, so that concern is satisfied. Fact: RSAREF requires a written request to go around the standard interface. Licensing is a legal issue; written words are pretty much required in order to be responsible. Fact: No one has ever made such a written request for PGP. Part of the reason has been that moving to RSAREF entails some architectural changes, and these are still being debated. The recent clipper announcement delayed things as well. Fact: RSAREF is slow. It's only C code. The 386 assembly code in PGP runs about 15 times faster than the C code in RSAREF. RSAREF explicitly allows modifications for improved performance. The plan is to make the PGP assembly speedup modules available as RSAREF speed improvements; this is another delay in getting a port done. Fact: RSAREF can't be legally exported from the US because of the ITAR. Bidzos is seeking a Commerce Jurisdiction ruling for RSAREF, which would mean that it would be permitted for export. But until then, PGP would have to support two versions: an RSAREF one for US use, and a non-RSAREF one for non-US use. This requires more wrappers, and thus more work. Fact: PGP development is already moving in the direction of RSAREF. As I've stated, however, there are a number of practical problems that have to be straightened out before software ships. Eric From greg at ideath.goldenbear.com Thu Apr 29 14:13:29 1993 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Thu, 29 Apr 93 14:13:29 PDT Subject: Tough Choices Message-ID: <338R3B1w164w@ideath.goldenbear.com> Timothy May writes: > I suggest that we as a community seriously reconsider our basic support for > PGP. Not because of any flaws in the program, but because of issues related > to Clipper and the potential limits on crypto. > > [Cites several reasons why it's inconvenient that PGP users don't have > legal licenses to use RSA's stuff] With all due respect, fuck that. I agree that it would be much much better if PGP users could be licensed; but your letter convinced me that it's even more crucial that we get Bizdos, et al., to give or sell us a license for PGP. Yes, it is important that we have a legal and above-board product available to us. Walking away from a well-written and well-distributed (and FREE, with source) piece of software to assuage the egos and wallets of a few folks in California is bullshit. If I need to choose between "legitimacy" and privacy, privacy wins. Every time. This is the carrot for Bizdos: our money, and more market share. This is the stick for Bizdos: some of use are gonna use it anyway. He can have our money to use it - or not. RSA's choice. This entire issue pisses me off - the work that created the "patentable" stuff in the first place was supported by with public money. I think that makes it ours. I'd be willing to play along with this game if it was possible for me to do so in a reasonable fashion; but it is not. My money went to fund the development of an algorithm that now I'm not allowed to use? NOT! > I'm arguing that we should look carefully and see what the real issues are, > who the real enemy is, and then make plans accordingly. The real enemy is people who tell us that some folks can own an algorithm or a process; and other people who tell us that we can't use properties of mathematics to ensure our own privacy. It may be that within months or years the US Government will tell us that certain mathematical processes cannot be applied to streams of data, without criminal penalties; we are all able to see that's clearly unacceptable. Why is it so difficult to see that it's also unacceptable for PKP to tell us that we cannot apply those same processes without risking civil penalties? The legal minutiae behind those two statements may differ; but the end result is the same. Other folks want to tell us what we can and can't do with our data and our computers. Fuck that. -- Greg Broiles greg at goldenbear.com Golden Bear Computer Consulting +1 503 465 0325 Box 12005 Eugene OR 97440 BBS: +1 503 687 7764 From hughes at soda.berkeley.edu Thu Apr 29 14:19:51 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Thu, 29 Apr 93 14:19:51 PDT Subject: Tough Choices: PGP vs. RSA Data Security In-Reply-To: Message-ID: <9304292116.AA18449@soda.berkeley.edu> >Problems with RSAREF/RIPEM: >1. Use of RSAREF/RIPEM in support of a commercial enterprise is >prohibited without paying a licence fee. Note that they can get >you on copyright violations rather than patent infringement >if you break the RSAREF licence agreement. For those of you looking around for a good cypherpunk-style project, a rewrite of RSAREF with an identical interface (external and some of the internal) would be a good idea. Such a body of code would prevent RSADSI from using copyright as leverage against a non-US company or person. Eric From tribble at memex.com Thu Apr 29 15:07:35 1993 From: tribble at memex.com (E. Dean Tribble) Date: Thu, 29 Apr 93 15:07:35 PDT Subject: HELP! Some nut is threatening to sue! In-Reply-To: <9304290331.AA18264@hydra.unm.edu> Message-ID: <9304292001.AA20252@memexis.memex.com> From: Stanton McCandlish Date: Wed, 28 Apr 93 21:31:10 MDT this is a real threat? Last I heard PGP *MIGHT* violate a patent, but PGP does violate patents. Several people, particularly in the cypherpunks community, are trying to alleviate the RSA vs. PGP problem. The controversy is counterproductive (and all sides seem to be mostly good guys), so let's not stir the pot further. Two of the solutions are 1) PGP could be reimplemented to use RSAREF, and 2) RSAREF (or something like it) could be extended to include all the functionality of PGP, but without the patent problems. (RSAREF is a copyleft implementation of RSA stuff). From: jim at RSA.COM (Jim Bidzos) I don't think you're aware of our position on pgp. Unfortunately, you may leave us no choice but to take legal action, which we will unless you cease promotion adn distribution of pgp. The next message will state our position. I encourage you to cease public promotion (because the RSA claim is legit), and send a message to Jim asking him what you can do to encourage a freely (and easily) useable and legal general encryption tool. dean From MJMISKI at macc.wisc.edu Thu Apr 29 16:19:00 1993 From: MJMISKI at macc.wisc.edu (Matthew J Miszewski) Date: Thu, 29 Apr 93 16:19:00 PDT Subject: No Compromise in Defense of Our Privacy Rights. PGP FIRST! Message-ID: <23042918181047@vms2.macc.wisc.edu> To all, Tim's statements bother me a great deal. Granted I have not been around as long as some (in this particular environment), but long enough to gain respect for certain net personalities. I wish to hold on to that respect... Ive heard a lot of people talk a lot of sh** about the privacy issues concerning us requiring private acts of heroism. Is that what is involved with giving up on an ideal that has helped define the term cypherpunk. Not long ago Tim (and others) posted a rabid defense to the changing of the name of the list. Were those merely words? I have never questioned the dedication of freedom lovers like Tim before this series of postings. Something has clearly taken place. I hope we find out what. My problems with Tim's suggestions: 1. While those of us lucky enough (or skilled enough) to be independently wealthy may think that the price of RSA software is nominal considering what is at risk (I personally agree), do we forget about those that *need* this data security and cannot pay for it? (All of these people of course would use PGP as an academic resource in order to make its distribution OK). 2. From a legal point of view, what RSA is probably doing is asserting its *presumed* patent rights. Left unchallenged they will remain presumed. So, to those whom have repeatedly sounded the call for "individual acts of heroism", is now the time to run and hide? The *ultimate* question of the legitimacy of algorithmic patents funded with public money *will* default if left unchallenged. So I challenge, with all of my honest respect, those with the means to take up the gauntlet thrown down by RSA. 3. There are more ways than one to legitimize strong crypto and allow RSA to gain its almighty buck. Suggestions have already been made. Allow the rights to the RSA patents to be purchased. RSA does have a choice between that and no money at all. 4. What about those that went before. Is the heroism of Phil Zimmerman to go for nought? The chances that several people, including Tim, have taken deserve compensation NOT compromise. RSA wants us to fold now. Why is a respected leader of the community asking a compromise of the Cypherpunk Manifesto? 5. Finally, there have been other ways suggested to deal with the problems. A USA-Legal PGP is one. I know that many of the philosophers, code writers, hackers, thinkers, etc. among us can overcome this too. Why give up when it appears to be the night before the big game? I am merely a law student with a deep interest in liberty and privacy. I *am* willing to offer my time to the preparation of any eventual *challenge* of the RSA patents. NONE of the above post was meant as a personal afront to anyone, but rather a critical look at Tims suggestions (Mainly because I would not have expected it from *Tim*). If there are extenuating circumstances involved, let us know. I have been reading posts from Tim since the days of p/hun and before. I in NO WAY question Tims committment, but rather the motivation for the out of character post. Any individual heroes left? Matt mjmiski at macc.wisc.edu From 76630.3577 at CompuServe.COM Thu Apr 29 16:28:18 1993 From: 76630.3577 at CompuServe.COM (Duncan Frissell) Date: Thu, 29 Apr 93 16:28:18 PDT Subject: NPR Clipper Report Transcript Message-ID: <930429232303_76630.3577_EHK20-1@CompuServe.COM> Here is the NPR report on Clipper broadcast on the Tuesday following Der Tag. It was heroically transcribed by my wife Lois and myself. There are no errors (except for name spellings we had to guess at) so we won't apologize for them. Duncan Frissell National Public Radio Morning Edition -- Tuesday 20 April 1993 -- C+4 (Clipper + 4) Approx 6:50 am EDT repeated 8:50 am EDT (a few words missing from the front end) ...telephone communications from illegal eavesdropping. But the new system is the focus of controversy because the federal government has built in a way for law enforcement agencies to listen to private conversations. NPR's Dan Charles reports: You don't usually go to the White House to learn about computer technology. But last Friday, officials there unveiled a new silicon chip. The Clipper Chip, as it's called, is programmed to turn electronic transmissions like telephone conversations into gibberish that no one unauthorized listening in can understand. And it turns that gibberish back into normal speech or data at the other end. Whitfield Diffey, a senior engineer at Sun Microsystems in Silicon Valley, says this Clipper Chip is an example of the technology of secret codes or cryptography. "This is in some sense a relatively ordinary cryptographic chip, of which there lots." Banks, companies, and government officials can use these chips to make sure no one eavesdrops on financial transfers or confidential discussions. And the government says this new chip will offer more powerful protection than anything people could buy up to now. But there's another reason why the government wants people to use the Clipper Chip, and it's why a lot of people are up in arms about it. Every one of these chips will have in its circuitry a unique key --- a very long number --- that only the government knows. And if an agency of the government, like the FBI, wants to listen in, that number will be like a master key that allows them to decode the conversation. "The mechanism is very much like what the real estate agents do with houses. Right, they take you to show you a house and they don't have a key to that house in their pockets. But they get to the house, and there's a lock box hanging on the front door. And they have a master key in their pockets, and they open the lock box, and take out the key to the door, and open the front door, and go in and show you the house." The special key that the government holds is like the key to the lock box. Even though someone using the Clipper Chip can choose their own key to keep other people from listening in, the chip is programmed to always keep that changing key inside the lock box, where the government can get at it. The reason for that lock box is that the government occasionally likes to listen in to the phone calls of suspected criminals at home and hostile governments abroad. For the last two years, law enforcement officials have been worrying publicly that the Mafia or terrorists will start buying powerful scrambler phones to keep the FBI from understanding their conversations. The government doesn't want to ban this technology because, increasingly, legitimate businesses depend on it. So the government developed its own version --- the Clipper Chip. Raymond Kammer, Acting Director of the National Institute of Standards and Technology, says it's a good compromise. "On the one hand you've got a need for personal privacy. And I think most of us intuitively understand that and desire it. I know I do. And on the other hand, you've got the right of society to try and assure itself that it's safe from crime. But computer scientist Whitfield Diffey, who's one of the pioneers of modern cryptography, thinks the lock box is a terrible idea. He says that trying to deny even criminals the right to a private conversation is dangerous. It is something absolutely essential to the functioning of society. "We are taking a long step towards saying, 'No, you can never be sure that you're going to have a private conversation on the phone.' And therefore, a real right of privacy only belongs to people rich enough to travel and meet face to face." Government officials say they have policies in place to prevent abuse. Law enforcement agencies will have to request the key for any lock box from two separate independent agencies, each of which will have only a piece of the key. This should also make it harder for anyone to steal the keys. Diffey says the Clipper Chip will encourage more government eavesdropping, simply because it's there. "Technology makes policy," he says, "if the government invests hundreds of millions of dollars creating a computer chip designed for wire taps, it will try to take advantage of that investment whenever possible by carrying out more of them. The success of the government strategy will depend on people buying the chip. AT&T will soon be selling a small flat box, half a foot long and about four inches wide, with the Clipper Chip at its heart. It costs just over $1000, plugs right into the cord that connects the telephone handset to the phone itself. People who have it can talk to each other in complete privacy --- unless the government wants to listen in. This is Dan Charles in Washington. From jsday at THUNDER.LakeheadU.CA Thu Apr 29 17:21:27 1993 From: jsday at THUNDER.LakeheadU.CA (Jer!) Date: Thu, 29 Apr 93 17:21:27 PDT Subject: Tough Choices: PGP vs. RSA Data Security Message-ID: <9304300020.AA28297@thunder.LakeheadU.Ca> > All he has to do is let us pay a licence fee for pgp. > What's the advantage to him in asking for a different piece of code that > uses RSAREF and DES instead of Phil's code and IDEA? I can't see it, > except that using DES blows away the security of the program... > > No, I think this suggestion should be put down now, or we'll splinter > and give them exactly the divide-and-conquer opening they're looking for. Agreed. PGP is too much of a good thing for me to withraw my support for it without a much more compelling reason than this. As Tim May stated, we should be careful to see who there real enemies are here. PGP is certainly not one of them. I certainly do not want to be RSA Data's "enemy", but from the indications on here that they are actively working against PGP, and are not likely to support any similar, freely-distributable product (and that would require a substantial length of time to develop!) PGP is currently the best, and only, possibility. Now, if there were some program without the legal problems that PGP has which was at least very affordable and could reasonably be expected to gather the same widespread use that PGP already has, ideally through complete compatibility with PGP keys, I think we would all agree on using it. Tim May: > If RSA fails to take actions against sites and users, it weakens > their legal position with respect to their patents. The government > does not need licenses in any case, but users of Clipperphones *do* ... Indeed. It would be nice if PGP were universally supported, and legal. That, as far as I can see, is its only problem. I do not see how we are going to come up with a solution to that problem without sacrificing much of PGP's availability and utility. If not PGP, then what? Until there is a concrete and acceptable alternative to work towards, which seems unlikely if RSA will not support it, we must work with what we have. --- From ian at bvsd.Co.EDU Thu Apr 29 18:23:11 1993 From: ian at bvsd.Co.EDU (Ian S. Nelson) Date: Thu, 29 Apr 93 18:23:11 PDT Subject: Tough Choices: PGP vs. RSA Data Security In-Reply-To: <9304291533.AA11541@tsx-11.MIT.EDU> Message-ID: <199304300123.AA27903@bvsd.Co.EDU> > Several people from RSA, including Bidzos at the last Cypherpunks > meeting at Mountain View (I wasn't there, but take a look at the meeting > "minutes"), have stated repeatedly that if someone were to ask for > permission to use the internal interfaces of RSAREF in order to write a > PGP-compatible program, they would grant permission. > > However, as of two weeks ago, *NOT* *A* *SINGLE* *PERSON* *HAS* *ASKED*. > > To those of you who have repeatedly said "Cypherpunks write code" (and I > applaud that attitude), consider this a challenge. :-) If they are so willing to let us do this, then will they tell us why we have to use their code? If they are willing to do it, it shouldn't matter what code we use. -- Ian S. Nelson I speak for only myself. Finger for my PGP key. If you are a beautiful woman, it is mandatory that you reply to this message. From wcs at anchor.ho.att.com Thu Apr 29 18:29:14 1993 From: wcs at anchor.ho.att.com (wcs at anchor.ho.att.com) Date: Thu, 29 Apr 93 18:29:14 PDT Subject: Tough Choices: PGP vs. RSA Data Security Message-ID: <9304300129.AA25758@anchor.ho.att.com> Pat Farrell writes: > I'm writing a Windows-based POP client designed for folks that can't spell SLIP. > It should have strong encryption invisibly and automatically. > It won't until there is a legal encryption engine with at least the key > management of PGP. (I'm replying to cypherpunks, since other people may run into similar problems, and there *are* good ways to solve them.) Let's assume for the moment that you don't care about being exportable, so "legal" only means "Ok with RSA". RSAREF is ok with RSA for non-commercial, non-exportable use, and if you want to use it commercially they'll give you a price. It's got most of the subroutines you need, and if some non-Yankee writes a version with a compatible interface (to avoid copyright problems; patents aren't an issue outside the US) they can probably use the non-RSA parts of your code. I'm not sure exactly which routines in RSAREF the license lets us use, (so I've written to RSA to ask them), but the ones that ARE clearly usable let you do Sign/Verify on a block, and DES-with-random-session-key-and- signature-with-RSA-session-key-encoding (aka R_SealPEMBlock/R_OpenPEMBlock.) This gives you all you need to build standalone systems (compatibility is another story), though sometimes it's a big and clunky approach when a simple RSAEncrypt/Decrypt would have done. For example, your POP client needs to solve three main problems 1) Login authentication 2) Message encryption during transmission 3) preventing bogus deletes or other problems if your session gets hijacked. 3) probably isn't possible without changing the protocols or running over an encrypted telnet-equivalent session, but that's not RSA's problem. The POP3 RFC1225 explicitly recommends against including extra data in the DELE messages, though I suppose you could use an RSAREF signature as extra baggage anyway, including some kind of timestamp or counter to prevent replay. 1) The current POP protocols have the user send a USER message, to which the system either sends a rejection or a positive +OK response with arbitrary text to follow, and the user sends a PASS message, with password in clear-text, which is not real swift. This obviously needs to be replaced with some sort of challenge- response method to prevent eavesdropping and replay. A simple method using the block stuff is for the system's +OK response to the user to contain a challenge-string, and the user's PASS variable to be the challenge-string (or that+1) with an RSA signature from R_SignPEMBlock(). If Diffie-Hellman were included with RSAREF, the response could include a DH half-key. Alternatively, the PASS variable could be an encrypted R_SealPEMBlock() message containing the challenge and a session key, encrypted using the server's public key and signed by the client. 2) can either be accomplished by encrypting each message as with a new session key and RSA to encrypt the session key (a bit slow, but each message is now self-contained, which has some degree of elegance) or else by negotiating a session key at the beginning (as discussed in the above) and using it for each message. The latter approach is obviously faster. The main feature from PGP that this doesn't provide is authentication of public keys, but that's not really a problem in a POP environment - you have to deal with the administrator to set up your mailbox, so you can exchange keys at that time. If you wanted to build a mechanism like PGP's web of trust for keys, it's not too hard, though the obvious approaches will probably have the painful slowness of PGP2.0 instead of the blazing speed of PGP2.2 :-) You've got a block signature routine, so you use messages saying "Keysig User KeyLen Key SignerUser SignerKeysig [SignerKey?]" with appropriate amounts of ASCII armoring and delimiters, and sign them. This would be a very practical addition to RIPEM, if anybody's in the mood; RIPEM's key server isn't integral to the package. Bill Stewart wcs at anchor.att.com From hughes at soda.berkeley.edu Thu Apr 29 19:24:16 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Thu, 29 Apr 93 19:24:16 PDT Subject: Tough Choices: PGP vs. RSA Data Security Message-ID: <9304300220.AA18492@soda.berkeley.edu> I have a few more words on this topic at this juncture. Tim was calling for an examination of the issue; he was not, to my reading, recommending one course of action or another. Possibly Tim's pancritically rationalist sensibilities have offended some. To them I say "Cypherpunk is not a religion." If you cannot question your own beliefs, you are acting in a predominantly ideological mode. We need no zealots here. Please, everyone, have a bit of calm purpose and broad-mindedness. Reference is not advocacy. One of the great and lasting advantages of language over the visual is the ability to say "no," "might," "ought," "can," "may": the plethora of negations and conditions. This mailing list is not a TV channel; do not treat it as one. I specifically request those of you who engaged the keyboard without understanding this basic point please to reread Tim's article and to alter and/or to retract you hasty words as appropriate. I leave this entirely as an exercise to the reader. Eric From tcmay at netcom.com Thu Apr 29 19:48:03 1993 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 29 Apr 93 19:48:03 PDT Subject: No Compromise in Defense of Our Privacy Rights. PGP FIRST! Message-ID: <9304300247.AA09058@netcom.netcom.com> Matthew J Miszewski has asked some questions about my posting this morning, and about my motivations (Wow! It's kind of fun to be the target of such speculations!). I'll answer his questions and points with nothing but the truth. >To all, > > Tim's statements bother me a great deal. Granted I have not been around as >long as some (in this particular environment), but long enough to gain respect >for certain net personalities. I wish to hold on to that respect... > > Ive heard a lot of people talk a lot of sh** about the privacy issues >concerning us requiring private acts of heroism. Is that what is involved with >giving up on an ideal that has helped define the term cypherpunk. Not long >ago Tim (and others) posted a rabid defense to the changing of the name of the >list. Were those merely words? I have never questioned the dedication of >freedom lovers like Tim before this series of postings. Something has clearly >taken place. I hope we find out what. First of all, no "external event" has happened to cause me to change from being a freedom-loving "crypto anarchist" to being some kind of "crypto narc" (if you'll pardon the pun). No phone calls from Dorothy, or from Jim, or from Bobby Inman (wherever he may be these days). No threats, no letters, no knocks on the door in the middle of the night. My posting this morning on "tough choices" was based on my best assessment of the current situation and my best judgement on what we need to think about. > > My problems with Tim's suggestions: > >1. While those of us lucky enough (or skilled enough) to be independently >wealthy may think that the price of RSA software is nominal considering what is >at risk (I personally agree), do we forget about those that *need* this data >security and cannot pay for it? (All of these people of course would use PGP >as an academic resource in order to make its distribution OK). There are several points here. Is the purpose we're using PGP the saving of a few bucks? I doubt it. Most of the hobbyist/hacker types now using PGP are doing so because a kind of "community" has grown up around it, a kind of "stone soup" collective effort. I'm not trivializing the value of money. (Ironically, I chose not to go to the recent CFP Conference because I felt $400 was a bit much for a conference. A single seat at this conference would buy 3 copies of a commercial RSA encryption package.) I just don't see much evidence that the reason PGP is needed is because people can't afford the fee for a legal version. (BTW, I've acknowledged several times the limitations of MailSafe and the advantages in several areas of PGP 2.1.) I've yet to see many people who "need" PGP who cannot pay for it. Perhaps I'm wrong, but that's how I see it. In any case, while we may have certain doubts about the patentability of mathematical algorithms, that's the way the world works. Certain property rights are reasonable. Arguing that RSADSI has no rights to a patent on public key methods is a different matter than arguing that someone's need and inability to pay is grounds for taking software. (I apologize profusely to my Cypherpunk colleagues if I sound a bit like David Sternlight here. While I think he comes off as a pompous fool most of the time, he raises some important points. I like to think I'm raising them here in a different way, suggesting a compromise in the greater interests of ultimate privacy rights.) >2. From a legal point of view, what RSA is probably doing is asserting its >*presumed* patent rights. Left unchallenged they will remain presumed. So, >to those whom have repeatedly sounded the call for "individual acts of >heroism", >is now the time to run and hide? The *ultimate* question of the legitimacy of >algorithmic patents funded with public money *will* default if left >unchallenged. So I challenge, with all of my honest respect, those with the >means to take up the gauntlet thrown down by RSA. A legal battle with RSADSI at this moment would cost quite a bit and almost certainly be won by RSADSI. (The courts have upheld "process" and "algorithm" patents...Caveat: I am not a lawyer.) I happen to agree that some software patents are prima facie stupid--like the "XOR cursor" patent--and deserve to be thrown out. And perhaps the several key patents held by Public Key Partners (MIT, Stanford, RSA Data Security, and Cylink are the partners, as I recall) should be thrown out. But this will not happen anytime soon, and will cost an enormous amount to successfully litigate (the lawyers can correct me if I'm wrong). I see no chance of this happening before the patents begin to naturally expire around 1998 or so (and on to 2002 or so). Meanwhile, others are free to openly distribute PGP and face the court system. (RSADSI must of course defend itself against all "obvious" infringements or attempts to infringe, or it risks losing its patent status. While some of us might like this outcome, it's of course not very reasonable.) Stanton McLandish, in his admirable zeal, publicly announced the availability of PGP at his site. When RSADSI sent him a "cease and desist" letter (isn't e-mail great?...Stanton posts it, and Jim Bidzos, the Pres. of RSA responds...no lawyers were needed, no lengthy delays.). Stanton did the wise thing. I haven't seen others step forward to put PGP in a highly visible position on their systems (and I'm definitely not recommending it, either). >3. There are more ways than one to legitimize strong crypto and allow RSA >to gain its almighty buck. Suggestions have already been made. Allow the >rights to the RSA patents to be purchased. RSA does have a choice between that >and no money at all. > >4. What about those that went before. Is the heroism of Phil Zimmerman to go >for nought? The chances that several people, including Tim, have taken deserve >compensation NOT compromise. RSA wants us to fold now. Why is a respected >leader of the community asking a compromise of the Cypherpunk Manifesto? Because I think the larger issue is the preservation of the rigth to strong crypto, the right to put locks on your doors without depositing a copy with the cops, the right to speak in tongues if that's what you want. Fighting the RSA patents NOW will not help this battle be won. We're on a stronger foundation, legally and constitutionally, if we're using "non-illegal" products. (If it came down to defending my freedom with "illegal guns," for example, I'd certainly choose the guns. This is because I don't believe the government is right in outlawing guns. If the government ever outlaws strong crypto, you can be sure I'll be using outlaw crypto. The difference with the current situation is that crypto per se has not yet come under regulation.) >5. Finally, there have been other ways suggested to deal with the problems. >A USA-Legal PGP is one. I know that many of the philosophers, code writers, >hackers, thinkers, etc. among us can overcome this too. Why give up when it >appears to be the night before the big game? I'm definitely not proposing we "give up." And joining in a crusade against RSA precisely when we need them as an ally is truly tilting at windmills. (I've made this point before: the Clipper/Skipjack/Capstone scheme appears to be an attempted end-run around public key strong crypto. You may not like one minor aspect of this situation, i.e., that the work of Diffie, Hellman, Merkle, Rivest, Shamir, and Adleman is now licensed from RSA Data Security, but that's the way it is. Fortunately, it's a relatively minor issue.) > I am merely a law student with a deep interest in liberty and privacy. I >*am* willing to offer my time to the preparation of any eventual *challenge* >of the RSA patents. NONE of the above post was meant as a personal afront to >anyone, but rather a critical look at Tims suggestions (Mainly because I would >not have expected it from *Tim*). If there are extenuating circumstances >involved, let us know. I have been reading posts from Tim since the days of >p/hun and before. I in NO WAY question Tims committment, but rather the >motivation for the out of character post. I hope I've addressed the main points raised by Matt in his thoughtful post. Like I said, it was a tough post to write! I expected some controversy. But the points needed to be said. We should all thank Phil Zimmermann for what he did...he energized the community, made a lot of people aware of strong crypto, and started a community programming effort rarely seen before. But let's face it--bootleg crypto (which is what PGP will remain in this country unless and until the courts overturn the patents or RSA suddenly decides to cave in) is *not* going to spread the way we want strong crypto to. Already, companies that want to use PGP (probably because some employees do) are facing the realization that it's not legal and that they are exposing themselves to serious liabilities if they use it. This alone will begin to strangle PGP in its crib, so to speak. Furthermore, neither Phil nor any other members of the development team are likely to ever make any money with this (something Phil would understandably like to do someday). Better that Phil do what other companies have done: arrange a license with RSADSI. RSAREF source code is readily available for inspection, lest people fear that trapdoors or whatnot have been inserted into the code. (There are a lot of issues about the various versions of the RSA code, including RSAREF, MailSafe, RIPEM, TIPEM, OCE, etc., which I won't go into here. Others are better qualified anyway.) All I'm suggesting is that we not quixotically (speaking of tilting at windmills) pin our hopes and expectations on a climactic battle between Phil Zimmermann and the lawyers at RSA. Our freedom to encrypt is more important than that kind of ego battle. (Asking RSADSI to cave in and give away their crown jewels is unrealistic. Asking them to incorporate some of the features of PGP we like into some current or future offering is much more reasonable. Who knows, perhaps even a full-scale licensing of PGP is possible.) I'm hopeful that some kind of accommodation will come about so we can focus on the real fight, the fight for our right to keep some things secret. -Tim May -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, smashing of governments. Higher Power: 2^756839 | Public Key: in a state of flux! Waco Massacre + Big Brother Wiretap Chip = A Nazi Regime From honey at citi.umich.edu Thu Apr 29 21:41:05 1993 From: honey at citi.umich.edu (peter honeyman) Date: Thu, 29 Apr 93 21:41:05 PDT Subject: Tough Choices In-Reply-To: <338R3B1w164w@ideath.goldenbear.com> Message-ID: <9304300441.AA23617@toad.com> in a classic tirade, greg broiles' rants with fever and pitch, comparing the government's threat to make cryptoprivacy tools contraband and pkp's very real attempts to do exactly that. you know what? i agree completely. i don't plan to stop using pgp. if pkp wants to be reasonable, we can make a deal. in the meantime, my interest in pgp is research with no commercial significance. patent courts have long recognized the validity of experimental use of patented inventions by such researchers. don't believe me? see rebecca s. eisenberg, "patents and the progress of science: exclusive rights and experimental use," university of chicago law review, Vol. 56(3), pp. 1017-1086 (summer 1989). i suggest cypherpunks should make accommodation with pkp and the patent office by renouncing commercial exploitation of pgp, and embracing pgp as a foundation for building and understanding cryptoprivacy tools. that is to say, we blow them off. peter From 74076.1041 at CompuServe.COM Thu Apr 29 23:12:13 1993 From: 74076.1041 at CompuServe.COM (Hal) Date: Thu, 29 Apr 93 23:12:13 PDT Subject: Cypherpunks + PKP = Love Message-ID: <930430060451_74076.1041_FHD57-1@CompuServe.COM> (Warning: I am EXTREMELY frustrated having waited over TWELVE HOURS for my messages on this topic to appear; after some presumed glitch caused my Compuserve message to get lost I re-sent it THREE HOURS ago from a DIRECT INTERNET CONNECTED system and I still haven't seen it.) To the suggestion that Jim Bidzos was just doing what he had to do in sending that threatening letter to Stanton McCandlish who was giving away PGP: It's too bad that McCandlish isn't in the Bay area. Then he could have been at the Cypherpunks meeting last weekend and Bidzos could have served papers on him right then and there. That would have saved Bidzos the cost of a postage stamp. Perhaps such legal actions can be a feature of future meetings. Shocking? What Bidzos did was the electronic equivalent of what I've just described. If you're willing to countenance his actions then you should be just as willing to accept and abet crackdowns on unapproved, unauthorized cryptography. Just make sure you go into this with your eyes open. Hal From hughes at soda.berkeley.edu Thu Apr 29 23:32:20 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Thu, 29 Apr 93 23:32:20 PDT Subject: validity of the RSA patent Message-ID: <9304300628.AA17668@soda.berkeley.edu> Plenty of people gripe about PKP patents. Assume for the sake of argument that the patents will be upheld, that they are valid. What, exactly, is claimed? The RSA patent claims the RSA cryptosystem. So we don't use that. The Diffie-Hellman-Merkle patent claims all of public key cryptography; in particular it claims knapsack algorithms. So we don't use knapsacks. But does this patent really prevent us from using public key cryptosystems? I think not. Mind you, I'm only an amateur legal hacker, but this seems like a straightforward situtation. Consider use of another public key encryption scheme, say LUC encryption. Does use of this infringe the "public key" patent? Not directly, since we're not using knapsacks (presumably). We then look the equivalents doctine. From Blacks: Equivalents doctrine. In patent infringement law, doctrine of "equivalents" means that if two devices do the same work in substantially the same way and accomplish substantially the same result, they are the same, even though they differ in name, form, or shape. [...] A doctrine which declares that a device infringes a patented invention if it does the same work as the invention in substantially the same way, even if it is outside the literal terms of the claims of the patent. The doctrine prevents parties from infringing patents with impunity by making merely trivial changes in an invention. The more significant the patented invetion the greater the scope of this doctrine. So we have three criteria. "Same work" refers to function, "same way" refers to internal structure, "same result" refers to end product. Now public key cryptosystems all have the same function, to provide encryption and decryption with different keys. The result is the same at the end of each public key communication: a message has been passed securely from one end of the channel to the other. The structure, however, is completely different for the different systems. All three criteria must be satisfied in order for the equivalents doctrine to hold. The requirement of same structure is not satisfied. (Matt Miszewski has today offered to do legal research in anticipation of a patent fight. I'd like to ask him here to check out this theory with some references to case law.) RIPEM, as I understand it, came out originally with a different public key algorithm and later changed it. Perhaps Mark Henderson (who seems to have done some work on it) could comment. The equivalents doctrine seems to my mind to be a dual of the criteria required for patentability. There are four such criteria: statutory class (is it the right kind of thing), utility (is is good for anything), novelty (does it have new features), and unobviousness (does it have new results). The equivalence of function means that the utility of the two objects is the same. The equivalence of structure meanse that the new invention does not exhibit novelty. The equivalence of end result means that someone already thought of that before, i.e. it's obvious. Statutory class is the same for both, since if they're that close, they both are the kind of thing which might be patented. It is interesting as well to examine which can be patented: processes, machines, manufactures, compositions (of matter), and new uses of any of the above. Note that a bundle of properties and purposes, e.g. public key cryptography, is not patentable; it fails to specify structure, so any structure would be novel. The new use clause, though, is exceedingly scary. Under this class, existing equations could be used for different purposes and be separately patentable. For example, if you were to use the RSA equations for some purpose other that public key crypto and digital signature, that would be separately patentable. It behooves us all to think widely of possible applications and talk about them in order to make them part of the prior art. I'd like to see a document containing a good argument against the claim that all public key crypto is covered. It should have the full scholarly apparatus with it and an appendix explaining the apparatus to non-lawyers. This document could then be circulated widely, starting on sci.crypt. After that, developing a test case is easy. We would need for someone to write some public key crypto code (it need not be very complicated) and market it, claiming explicitly that the "public key" patent does not apply. We'd want them to be extremely loud in their claims, for example, writing the legal departments of all of the big RSADSI licensees and offering their wares for sale. If you could collect money, so much the better. This would almost invariably draw a lawsuit, since it so directly threatens RSADSI's business. Witness the speed with which the recent PGP board was asked to shut down. Assuming that we've already arranged for the up-front cost of legal defense, we'd be ready to go. Comments? Eric From tribble at memex.com Fri Apr 30 00:35:20 1993 From: tribble at memex.com (E. Dean Tribble) Date: Fri, 30 Apr 93 00:35:20 PDT Subject: Tough Choices: PGP vs. RSA Data Security In-Reply-To: <9304292116.AA18449@soda.berkeley.edu> Message-ID: <9304292309.AA21508@memexis.memex.com> >Problems with RSAREF/RIPEM: >1. Use of RSAREF/RIPEM in support of a commercial enterprise is >prohibited without paying a licence fee. Note that they can get >you on copyright violations rather than patent infringement >if you break the RSAREF licence agreement. For those of you looking around for a good cypherpunk-style project, a rewrite of RSAREF with an identical interface (external and some of the internal) would be a good idea. Such a body of code would prevent RSADSI from using copyright as leverage against a non-US company or person. It would be even nicer if this was done by someone outside the US. This avoids the export problem. dean From gg at well.sf.ca.us Fri Apr 30 02:38:22 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Fri, 30 Apr 93 02:38:22 PDT Subject: Tough Choices: PGP vs. RSA Data Security Message-ID: <199304300938.AA05792@well.sf.ca.us> Quoting, "Thats what people have *always wanted* to do. RSA won't let them. That's why any talk of a newer friendlier Bizdos is bullshit. Well, maybe or maybe not... the main thing is to judge by concrete actions. I know there have been problems in the past, and reason for serious scepticism. But the main thing here is to keep the channels open and work toward some kind of concrete action on RSA's part. -gg From pfarrell at cs.gmu.edu Fri Apr 30 06:21:29 1993 From: pfarrell at cs.gmu.edu (Pat Farrell) Date: Fri, 30 Apr 93 06:21:29 PDT Subject: Fw: RSA approval for freeware, PGP compatible user program. Message-ID: <33701.pfarrell@cs.gmu.edu> I'm a cypherpunk. I write code. I have already told the list my feelings on TC "the suit" May's suggestion. I read the post that no one asked PKP for permission to include RSA in a freely distributed strong cryptography package that was PGP compatible. So I asked. I found that PKP has two simple philosophies: (1) they have a valid patent, and you must agree to this fact and (2) if you make money, they make money. I don't have the interest, energy, time, or money to argue with (1), so fine, I'll say I agree. I sure haven't made any money off PGP, and probably won't off of this. I found that Jeff Schiller of MIT suggested an effort to develop something on RSAREF from scratch that would bring the pgp, RIPEM, TIS/PEM, etc. communities together. The PKP folks are strongly supportive. They (PKP, MIT, pfarrell. et al) need to do programming and reverse engineering. If other cypherpunks can code, volunteer. While the source for PGP is available, it is copyrighted. Unless we can get the copyright owner's permission, we'll have to reimplement it from scratch. Not an attractive idea. If you have a religious belief that software patents are immoral, that PKP is really a front for the NSA, etc. and don't want to help, that is fine with me. Simply don't volunteer. I'd like to believe that this really isn't a splintering of the cypherpunks. My guess as to why PKP is willing to talk to me and others now, and was not willing to agree to license PGP was that Phil never got permission to use RSA, and so agreeing to license users use of PGP is admission that using RSA without PKP permission is OK. There is no way that PKP can allow that to be infered. Pat From svp at gtoal.com Fri Apr 30 06:37:45 1993 From: svp at gtoal.com (Sy Verpunc) Date: Fri, 30 Apr 93 06:37:45 PDT Subject: Tough Choices: PGP vs. RSA Data Security Message-ID: <9304291357.AA09412@pizzabox.demon.co.uk> From: Theodore Ts'o From: Sy Verpunc (Graham Toal) Thats what people have *always wanted* to do. RSA won't let them. That's why any talk of a newer friendlier Bizdos is bullshit. Have you actually tried? *I* don't need to. PKP don't have a patent in Britain. Several people from RSA, including Bidzos at the last Cypherpunks meeting at Mountain View (I wasn't there, but take a look at the meeting "minutes"), have stated repeatedly that if someone were to ask for permission to use the internal interfaces of RSAREF in order to write a PGP-compatible program, they would grant permission. That's *NOT* what we want to do. We have perfectly good code that we trust already, called pgp. We're offering to pay a patent licence for pgp, not some RSADEF-derived code with DES that we don't trust. Hell, *I* would even pay a license fee for pgp and I'm not even legally obliged to... However, as of two weeks ago, *NOT* *A* *SINGLE* *PERSON* *HAS* *ASKED*. Because that's the wrong question. G From geoffw at nexsys.net Fri Apr 30 08:14:05 1993 From: geoffw at nexsys.net (Geoff White) Date: Fri, 30 Apr 93 08:14:05 PDT Subject: Tough Choices: PGP vs. RSA Data Security Message-ID: <9304301505.AA07803@nexsys.nexsys.net> Maybe this is a solution... A core group of us coders take on the task of merging PGP functionality into MailSafe, we do the work for nominal cost or for free, this new version of MailSafe can become REALLY slick and worth paying the $125 or what-ever he is charging for it, AND it will be PGP compatable. We them retrofit PGP to use RSA's RSAREF or whatever else it takes to bring PGP into complience and PGP stays FREE, and unsupported, we suspend further development and make it sort of like a demo program or freeware, but if you want the really seemless UI you buy the product, Bidzos gets money, we get to deploy a program that educates the masses about the use of strong crypto, and since they are compatible, the use of the freeware can't help but encourage the use of the "product". The bottom line is that strong crypto is made available to the public, This solution might require that a few egos deflate a bit but I'm sure a varient of this could work. From bcox at gmu.edu Fri Apr 30 09:19:24 1993 From: bcox at gmu.edu (Brad Cox) Date: Fri, 30 Apr 93 09:19:24 PDT Subject: Need some Advice Message-ID: <9304301620.AA00518@gmuvax2.gmu.edu> "Stephen P. Marting" wrote >The difference between Software Engineering and Computer Science is sort >of like the difference between Differential Equations and Mathematics. >SoftEng is a subset of CompSci. Isn't it more like the difference between epicyclic computation and Ptolemaic Astronomy? In other words, don't these labels really denote software pre-engineering and computer pre-science? -- Brad Cox; bcox at gmu.edu; 703 968 8229 Voice 703 968 8798 Fax George Mason Program on Social and Organizational Learning From 74076.1041 at CompuServe.COM Fri Apr 30 09:23:11 1993 From: 74076.1041 at CompuServe.COM (Hal) Date: Fri, 30 Apr 93 09:23:11 PDT Subject: PGP on soda.berkeley.edu Message-ID: <930430161518_74076.1041_FHD32-1@CompuServe.COM> The fact that PGP is available on the Cypherpunks FTP site, soda.berkely.edu, was publicized in sci.crypt last week (among other places and times). Eric said that the Cypherpunks FTP site has become among the top FTP access points in the world. When Stanton McCandlish posted on sci.crypt that he had PGP available on his system, he quickly received threats from Jim Bidzos demanding that he remove it. It follows, doesn't it, that Jim Bidzos would be forced to apply similar legal pressure to the Cypherpunks leadership to get them to remove PGP from their site, a site which may be one of the leaders worldwide in distributing PGP. Now we see Tim suggesting (in the spirit of "pancritical rationalism"? I'm not so sure...) that we move away from PGP, and Eric offering arguments showing why Bidzos has to do what he is doing. Is there a connection? Are Tim and Eric under pressure from Bidzos to get PGP off their site? I don't know, but they would certainly be likely targets for Bidzos' efforts, and so it is understandable that they may be feeling personal discomfort. But I'd like to hear more about the relationship with Bidzos. Hal From elee9sf at Menudo.UH.EDU Fri Apr 30 09:58:45 1993 From: elee9sf at Menudo.UH.EDU (Karl Barrus) Date: Fri, 30 Apr 93 09:58:45 PDT Subject: List of remailers 4/30/93 Message-ID: <199304301658.AA25687@Menudo.UH.EDU> -----BEGIN PGP SIGNED MESSAGE----- Q1: What cypherpunk remailers exist? A1: 1: hh at pmantis.berkeley.edu 2: hh at cicada.berkeley.edu 3: hh at soda.berkeley.edu 4: nowhere at bsu-cs.bsu.edu 5: ebrandt at jarthur.claremont.edu 6: hal at alumni.caltech.edu 7: remailer at rebma.mn.org 8: elee7h5 at rosebud.ee.uh.edu 9: phantom at mead.u.washington.edu 10: hfinney at shell.portal.com 11: remailer at utter.dis.org 12: 00x at uclink.berkeley.edu 13: remail at extropia.wimsey.com NOTES: #1-#4 remail only, no encryption of headers #5-#12 support encrypted headers #13 special - header and message must be encrypted together #7,#11,#13 introduce larger than average delay (not direct connect) #12 public key not yet released ====================================================================== Q2: What help is available? A2: Check out the pub/cypherpunks directory at soda.berkeley.edu (128.32.149.19). Instructions on how to use the remailers are in the remailer directory, along with some unix scripts and dos batch files. Mail to me (elee9sf at menudo.uh.edu) for further help and/or questions. ====================================================================== -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK+FaUYOA7OpLWtYzAQHAkwP/XeYgJtC+oSWPkg84wMrkWUjuim7vMPgm XVpf90hvHyMy7dJbmCliQachBMV2/5ddgTipISdYzD3xeExIVNYOPruuQLSCDhrC 1zXpsqHlTUw9gppem58NoUPuQl2OP2vSUyWf12yxFpfTQ7Qg3gQ7GBiROa8xuaoC 31IzbfsvqE0= =iMsm -----END PGP SIGNATURE----- /-----------------------------------\ | Karl L. Barrus | | elee9sf at menudo.uh.edu | <- preferred address | barrus at tree.egr.uh.edu (NeXTMail) | \-----------------------------------/ From 74076.1041 at CompuServe.COM Fri Apr 30 10:12:18 1993 From: 74076.1041 at CompuServe.COM (Hal) Date: Fri, 30 Apr 93 10:12:18 PDT Subject: Tough Choices: PGP vs. RSA Data Security Message-ID: <930430170523_74076.1041_FHD74-1@CompuServe.COM> -----BEGIN PGP SIGNED MESSAGE----- I thought Eric's analysis of RSADSI/PKP's position was interesting, but I have to take issue with a couple of points: > Premise: RSADSI created RSAREF in order to license individuals. This seems to assume that RSADSI needs to "license" individuals in order to allow them to use the patent. But I don't think this is the case. RSADSI can simply say that individual, non-commercial use of the patents is permitted by them. In fact, they do say that, apparently. As Pat Farrell reported today: > I found that PKP has two simple philosophies: (1) they have a valid patent, > and you must agree to this fact and (2) if you make money, they make > money. I understand that the FAQ from RSA confirms this, that non-commercial, personal use of the patent is OK. (Actually, I don't think this first point, that "you have to agree that their patent is valid" is in the FAQ. I think this was added specifically because the PGP documentation criticizes the patent.) So, it does not seem to me that they had to take _any_ specific action in order to "license" individuals to use their patent non-commercially. They simply had to say, as they already said, that such use is not considered infringing. > Since they don't make any money from it, there's > no reason for them to spend much money paying lawyers to draft license > agreements for products which bring in no income. Therefore they want > all non-income uses of the patents to be filtered through a single > license. Again, there is no need for them to pay lawyers to set up a host of different "non-income" licenses. There is no need to "filter" all such uses through a single package. Rather, a general blessing of non-commercial use should be adequate. > Assertion: The reason that RSADSI requires that individual licenses be > mediated through RSAREF is that non-commercial software is inevitably > used in commercial contexts. Allow personal, non-commercial use does not mean they lose any rights to sue companies which make money off the patent. If a non-commercial product (like PGP) is used in a commercial context then both Phil and Jim may be expected to go after them. This therefore is not at all a reason for RSADSI to require individual licenses to be mediated through RSAREF. Doing that gives them no rights that they didn't already have. > Remember, their main business is > licensing. All software used in a commercial context must be > licensed, otherwise their main business is imperiled. Were they to > make separate licenses for every low end product, they would be in the > same situation as if they licensed individuals--high overhead, small > return. Therefore, they license RSAREF to companies; this allows > RSADSI to economically offer licensed use for all such low end > software packages. Here Eric is apparently talking about commercial use. I think our discussions are in the context of personal, non-commercial use. We should clearly separate these two issues. Where a putatively non-commercial product, whether RIPEM or PGP, is used in a commercial situation then PKP and/or PRZ may choose to take legal action. But the non-commercial situation can be dealt with without restricting users to use RSAREF. In short, Eric has not persuaded me (at least) that RSADSI was in any way forced to restrict non-commercial users to use the RSAREF package. Their general policy of permitting personal, non-commercial use, and demanding that "if you make money, we make money" are more than adequate without RSAREF entering the picture at all. Hal Finney 74076.1041 at compuserve.com -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK+ExaKgTA69YIUw3AQErDQP/ZMqrgzTm/j2T5xkbLCruCdVfd+a/U9tk aNNE8687LMZsC9RSxh6me60zWEQag1DnLqOA5zhn+9kbQ3HbYsc58oc/5vNgJwEe lAfcRImykqdIq3PLWgGyvhqqBsOib/k9uL8+OijcdYmsnLciDN8z4IdREDDKn7zu w83hCzV7BDc= =zAQ6 -----END PGP SIGNATURE----- From eaeu362 at orion.oac.uci.edu Fri Apr 30 10:17:21 1993 From: eaeu362 at orion.oac.uci.edu (Satan) Date: Fri, 30 Apr 93 10:17:21 PDT Subject: HELP! Some nut is threatening to sue! In-Reply-To: <9304290331.AA18264@hydra.unm.edu> Message-ID: <199304301717.AA10153@orion.oac.uci.edu> > I don't think you're aware of our position on pgp. Unfortunately, you > may leave us no choice but to take legal action, which we will unless > you cease promotion adn distribution of pgp. The next message will > state our position. well... jim bidzos is not SOME nut and this isnt a threat.. justa warning the only problem i see with writing an apology note would be if he didnt send you a letter in the first place in my youth or if i were basically bored i would have sent a letter looking like taht from that account i would assume its real cuz if someone were to fake it they would act real mad adn say they are already suing but i think the fact that you dont know if he really sent you the letter (well i dont know if he really sent you the letter) is proof of why we need pgp out in public because that way we could verify who it was From pfarrell at cs.gmu.edu Fri Apr 30 10:56:47 1993 From: pfarrell at cs.gmu.edu (Pat Farrell) Date: Fri, 30 Apr 93 10:56:47 PDT Subject: PGP on soda.berkeley.edu Message-ID: <9304301751.AA06931@cs.gmu.edu> Hal, I think you are being overly paranoid. Jim Bidzos must protest the use of PGP. If he doesn't, he will lose the ability to claim that companies have to pay for RSA. He has publicaly, and repeatedly, stated that the ITAR is a crock. Don't wave a flag infront of the bull. He has personally told me that he is very interested in a RSA approved program that is PGP compatible. He simply can NEVER say that PGP is OK. If we are to say to the politicians that normal folks need strong encryption, then we have to start without being labled criminals for violating the US laws. If I remember, you are not in the US, so it is fine to ignore Bidzos. I can not write my congressman and saw Clipper is bad, PGP is good when use (and development) of PGP is against the law. We could argue that the law is bad. I can agree. But changing the law will take so long that RSA will be illegal. Then when I use it, it will be grounds for a search warrent. Pat Pat Farrell, Grad Student pfarrell at cs.gmu.edu Department of Computer Science, George Mason University, Fairfax, VA From svp at gtoal.com Fri Apr 30 11:52:10 1993 From: svp at gtoal.com (Sy Verpunc) Date: Fri, 30 Apr 93 11:52:10 PDT Subject: Introduction... Message-ID: <9304291919.AA12900@pizzabox.demon.co.uk> To whoever it was at Ohio who just fingered this account... (whether it's one of us or the obligatory NSA mole :-) [oops, no, the NSA mole works out of uunet.ca, right?]) - I'll save you the bother - it's not a cunning alias, it's just a spare account I created so I don't get all this stuff in my real mailbox; I have an account for every mailing list I'm on. If you want to mail me under my normal account, it's the rather obvious gtoal at gtoal.com Graham From MJMISKI at macc.wisc.edu Fri Apr 30 11:59:48 1993 From: MJMISKI at macc.wisc.edu (Matthew J Miszewski) Date: Fri, 30 Apr 93 11:59:48 PDT Subject: CLIPPER: Remember Big Brother! Message-ID: <23043013580787@vms2.macc.wisc.edu> Cypherpunks, I have taken contention with Tim's suggestions and was glad to see the comprehensive response. And the following critiques. But I fear that AT&T and the NSA may be lovin' our discontent with each other. I still disagree with Tim on a few contentions and will post them later. But I now understand more clearly his position and far sightedness. While I did my part to start this dissent, I now hope that we can reconcentrate on the current emergency. CLIPPER! Im not saying we should quash dissent, but just cool the flames and remember our current situation. There are many facets of patent law which we may not be able to solve right now. [Eric, I am working on your research request, thanx!]. Please don't let a provacative post by a forward looking thinking derail *both* of our ultimate goals. There is a time and a place for this debate. However, I feel now we must attack the _real_ enemy. So, please, step back and remember that if we fall divided, NO ONE will voice opposition to the WIRETAP CHIP, and we can all set our calandars back to 1984. Respectfully Dissenting, Matt mjmiski at macc.wisc.edu From geoffw at nexsys.net Fri Apr 30 12:04:06 1993 From: geoffw at nexsys.net (Geoff White) Date: Fri, 30 Apr 93 12:04:06 PDT Subject: PGP on soda.berkeley.edu Message-ID: <9304301724.AA07951@nexsys.nexsys.net> > > It follows, doesn't it, that Jim Bidzos would be forced to apply similar > legal pressure to the Cypherpunks leadership to get them to remove PGP from > their site, a site which may be one of the leaders worldwide in distributing > PGP. > > Now we see Tim suggesting (in the spirit of "pancritical rationalism"? I'm > not so sure...) that we move away from PGP, and Eric offering arguments > showing why Bidzos has to do what he is doing. > > Is there a connection? Are Tim and Eric under pressure from Bidzos to get > PGP off their site? I don't know, but they would certainly be likely > targets for Bidzos' efforts, and so it is understandable that they may be > feeling personal discomfort. But I'd like to hear more about the > relationship with Bidzos. > > Hal > I think you are being a little paranoid. I clearly see the points that Eric and Tim are making. RSA is not going to "roll over" for us. If they did, it could mean the end of their company. Jim out of detante, might not be sending us (the Regents of UC to be exact) a letter because of the potential ramafications (both legal, and publicity wise) It would not be a good move for RSA or for cypherpunks, but if this issue heats up, he may be forced into this stance, which is one I'm convinced by meeting the man, that he personally would not like to take, but WOULD take if it came down to us or the companies patents being made null and void from failure to enforce them. I think he is passing over us for the time being, unless media attention causes him to do otherwise, remember he would sent "the letter" to the regents of UC Berkeley they are the one's who own soda, not the cypherpunks. I think we have to decide whether we are promoting PGP or an individuals right "to affordable secure cryptography" I for one will continue to use PGP until something better comes along. I'd be willing to give RSA $50 - $100 for the right to use the software, in this case BECAUSE THE ISSUE OF PRIVACY IS MORE IMPORTANT TO TO ME THAN THE ISSUES OF WHETHER SOFTWARE IS PATENTABLE. Now this does not mean that I don't believe in free software but if we don't stop the stuff that the feds are doing right now, the other issues won't make any difference. What founding father said "If we all don't hang together we will surely hang seperately" ------------------------------------------------------------------------------- NEXUS SYSTEMS/CYBERTRIBE-5 : Voice:(415)965-2384 Fax: (415)327-6416 Editor/Instigator/Catalyst : Geoff White Production Crew : Universal Movement Trinity "They might stop the party, but they can't stop the future" --PGP Public key available upon request-- AT&T:Phones with Big Brother Inside, Just say "NO" to the Clipper wiretap chip! ------------------------------------------------------------------------------- From fnerd at smds.com Fri Apr 30 12:44:40 1993 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Fri, 30 Apr 93 12:44:40 PDT Subject: PGP vs. RSADSI--what conflict? Message-ID: <9304301927.AA22360@smds.com> Cypherpholks-- Neither abandoning PGP nor antagonizing RSADSI seem necessary to me. This letter makes a 3/4 page summary of that belief after which I mention some interesting side issues. Eric Hughes' understanding of the situation confirms my intuitions-- RSADSI pretty much has to either act the way it's acting or else just roll over. and They seem agreeable to a technically good PGP/RSAREF connection. but That's work. On the middle point, in particular I don't think they'll insist we use DES or a slow engine. For people who don't get why those restriction seem to be there but aren't, I suggest rereading Eric's article. Although I have strong feelings about the patent issue, and although it affects the privacy issue, I definitely put the privacy issue first. Given that it seems we can separate the two issues, I don't see why we shouldn't. Although I agree with Tim that being non-confrontative with RSADSI is smart, I don't see PGP and RSADSI as quite so hard to reconcile as he seems to: > If the government ever outlaws strong crypto, you can be sure I'll be > using outlaw crypto. The difference with the current situation is > that crypto per se has not yet come under regulation.) And PGP per se is not outlaw. Only the current version and lack of license. Let's conceptually separate PGP, Phil's RSA/MD5 engine (PGRE?), and using/ distributing PGRE in the USA. Only the third is a problem with RSADSI. > ...bootleg > crypto (which is what PGP will remain in this country unless and until the > courts overturn the patents or RSA suddenly decides to cave in)... Pshaw. Until it's worked out. No "sudden caving in" is needed. Tim, you were the one who reported that Jim Bidzos was sounding agreeable. > Furthermore, neither Phil nor any other members of the development team are > likely to ever make any money with this ^^^^ PGRE Phil could finally solicit shareware fees. Now the side issues: There could conceivably be an issue in the future for people working with RSAREF--who have SEEN THE CODE--and then wanting to develop other crypto stuff later. People have attempted to avoid this legal hassle in the past by setting up a "clean room" where only specs and interfaces are known... RSAREF is copyrighted stuff, right?, which puts you in a slightly different legal position when you have it/distribute it. Assuming PGP gets a license to be shareware, I see this being less of a problem than the current situation. But even if PGP gets some kind of license, would individuals still have to sign agreements with RSADSI? I feel more serious about personal agreements than copyrights or patents. Will it be the standard RSAREF individual license? Does it require you to *act as if* they had rights some of us care about them not having? (Rights to the specific code don't bother me too much.) > (isn't e-mail great?...Stanton posts it, and Jim Bidzos, the > Pres. of RSA responds...no lawyers were needed, no lengthy delays.). At the CFP conference that Tim missed ~{;o), Cliff Stoll was remarking that eventually all sorts of nasty things happen related to the net--except lawsuits. We guessed that the availability of the quick, public response might have a lot to do with that. Here we have a threat; can anyone think of an example of an email-related suit that was carried through? -phnerd, er, fnerd quote me --fnerd at smds.com (FutureNerd Steve Witham) From jet at nas.nasa.gov Fri Apr 30 12:48:42 1993 From: jet at nas.nasa.gov (J. Eric Townsend) Date: Fri, 30 Apr 93 12:48:42 PDT Subject: PGP legalities In-Reply-To: <930430161518_74076.1041_FHD32-1@CompuServe.COM> Message-ID: <9304301948.AA00372@boxer.nas.nasa.gov> A short reminder: If you are the government, or you work for the government, you can use PGP. The conditions under which you can use it might be fuzzy (ie: can I use it to encrypt mail to send to this list, which is not work related), but you can definately use it for your work. -- J. Eric Townsend jet at nas.nasa.gov 415.604.4311 NASA Ames Numerical Aerodynamic Simulation | play: jet at well.sf.ca.us Parallel Systems Support, CM-5 POC | '92 R100R / DoD# 0378 PGP2.1 public key available upon request or finger jet at simeon.nas.nasa.gov From jet at nas.nasa.gov Fri Apr 30 12:49:16 1993 From: jet at nas.nasa.gov (J. Eric Townsend) Date: Fri, 30 Apr 93 12:49:16 PDT Subject: npr report Message-ID: <9304301949.AA00378@boxer.nas.nasa.gov> from the NPR report: > "The mechanism is very much like what the real estate agents do with > houses. Right, they take you to show you a house and they don't have a > key to that house in their pockets. But they get to the house, and > there's a lock box hanging on the front door. And they have a master key > in their pockets, and they open the lock box, and take out the key to the > door, and open the front door, and go in and show you the house." This is a *wonderful* analogy. Imagine if one could not buy a set of locks for their house w/o buying the government lock-box to go beside the front door. From tcmay at netcom.com Fri Apr 30 13:00:32 1993 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 30 Apr 93 13:00:32 PDT Subject: I don't take it personally... Message-ID: <9304302000.AA03138@netcom.netcom.com> Just to let you folks know, I don't take some of the comments I've been seeing here (and in e-mail) personally. That is, I fully understand that emotions run high around these topics, especially about PGP, the Clipper Chip, and patents on software. This list is for discussion, even heated discussion. We're not here to just complain about things we all despise, like the Clipper chip...for that you can read sci.crypt. I've posted my thoughts and suggestions in this spirit. I'm not in a policy-making position (how many of us are?), so some of the stronger comments about how I'm reorienting the Cypherpunks list seem, well, inappropriate. That others have said much the same thing says this is a legitimate issue to discuss on this list. By the way, I responded at length to Matthew J Miszewski's posting because that's the one I saw first. The equally well-written critiques of my points by Lance Dettweiler and Hal Finney did not arrive at my site until sometime after 2 a.m. this morning, when I last checked...though they were written and posted half a day earlier than Matt's posting. Odd delays we're having. I won't answer their point-by-point critiques, as I think my follow-up to Matt and the various other posts by Eric, Pat Farrell, Stanton M., and others have gotten the issues aired. Just to repeat, I'm not in the thrall of RSA or anyone else. I just think the issues are much larger. I'm not saying we shouldn't use PGP, nor am I suggesting Jim Bidzos should serve arrest warrants at our Cypherpunks meetings (I got a kick out of that really "over the top" charge...I took no offense1). I don't set policy for you folks. Nobody does. I'm just one more voice. Discussion won't hurt this list--if it can, then we're really in trouble. -Tim May -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, smashing of governments. Higher Power: 2^756839 | Public Key: in a state of flux! Waco Massacre + Big Brother Wiretap Chip = A Nazi Regime From lefty at apple.com Fri Apr 30 13:05:50 1993 From: lefty at apple.com (Lefty) Date: Fri, 30 Apr 93 13:05:50 PDT Subject: PGP on soda.berkeley.edu Message-ID: <9304301953.AA29637@internal.apple.com> >What founding father said "If we all don't hang together we will surely hang >seperately" Benjamin Franklin. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From karn at qualcomm.com Fri Apr 30 13:44:08 1993 From: karn at qualcomm.com (Phil Karn) Date: Fri, 30 Apr 93 13:44:08 PDT Subject: npr report Message-ID: <9304302043.AA21502@servo> > This is a *wonderful* analogy. Imagine if one could not buy a set of > locks for their house w/o buying the government lock-box to go beside > the front door. It's an even better analogy (for me) because of the experience I had a year ago with a house I was renting. The owner had put it up for sale, so a lockbox was installed on the garage door. One day I came home and noticed that the box was open, and the key inside was missing. Gave me a real warm and fuzzy feeling. One of the really nice things about now owning a house (vs renting) is that I can change the locks whenever I please and I don't have to give a copy to *anybody*... Phil From MCMAHON at Eisner.DECUS.Org Fri Apr 30 13:49:56 1993 From: MCMAHON at Eisner.DECUS.Org (John (FuzzFace/Fast-Eddie) McMahon) Date: Fri, 30 Apr 93 13:49:56 PDT Subject: PGP on soda.berkeley.edu Message-ID: <01GXMNWP2FA6000426@Eisner.DECUS.Org> > What founding father said "If we all don't hang together we will surely hang > seperately" Ben Franklin, I believe. John McMahon From wcs at anchor.ho.att.com Fri Apr 30 14:34:13 1993 From: wcs at anchor.ho.att.com (wcs at anchor.ho.att.com) Date: Fri, 30 Apr 93 14:34:13 PDT Subject: clip.txt on NIST ftp Message-ID: <9304302134.AA10093@anchor.ho.att.com> csrc.ncsl.nist.gov has some new uploads in /pub/nistnews, including Krammer(NIST)'s testimony to Markey, and clip.txt, a more recent Clipper description. It's short enough I'm attaching it below; the interesting part in Section 5 is that it says the wiretap block has 80-bit session key crypted with unit key, 25-bit serial number!, and 23-bit "authentication pattern" making a total of 128 narc bits. It also gets transmitted "at least once" to the receiver. Also, chip prices include "programmed and unprogrammed" - I wonder if real people will be able to buy them unprogrammed? Bill Stewart ------ clip here ----- CLIPPER CHIP TECHNOLOGY CLIPPER is an NSA developed, hardware oriented, cryptographic device that implements a symmetric encryption/decryption algorithm and a law enforcement satisfying key escrow system. While the escrow management system design is not completely designed, the cryptographic algorithm (SKIPJACK) is completely specified (and classified SECRET). The cryptographic algorithm (called CA in this paper) has the following characteristics: 1. Symmetric, 80-bit key encryption/decryption algorithm; 2. Similar in function to DES (i.e., basically a 64-bit code book transformation that can be used in the same four modes of operation as specified for DES in FIPS 81); 3. 32 rounds of processing per single encrypt/decrypt operation; 4. Design started by NSA in 1985; evaluation completed in 1990. The CLIPPER CHIP is just one implementation of the CA. The CLIPPER CHIP designed for the AT&T commercial secure voice products has the following characteristics: 1. Functions specified by NSA; logic designed by MYKOTRONX; chip fabricated by VLSI, Inc.: manufactured chip programmed (made unique) by MYKOTRONX to security equipment manufacturers willing to follow proper security procedures for handling and storage of the programmed chip; equipment sold to customers; 2. Resistant to reverse engineering against a very sophisticated, well funded adversary; 3. 15-20 MB/S encryption/decryption constant throughout once cryptographic synchronization is established with distant CLIPPER Chip; 4. The chip programming equipment writes (one time) the following information into a special memory (called VROM or VIA-Link) on the chip: a. (unique) serial number b. (unique) unit key c. family key d. specialized control software 5. Upon generation (or entry) of a session key in the chip, the chip performs the following actions: a. Encrypts the 80-bit session key under the unit key producing an 80-bit intermediate result; b. Concatenates the 80-bit result with the 25-bit serial number and a 23-bit authentication pattern (total of 128 bits); c. Enciphers this 128 bits with family key to produce a 128-bit cipher block chain called the Law Enforcement Field (LEF); d. Transmits the LEF at least once to the intended receiving CLIPPER chip; e. The two communicating CLIPPER chips use this field together with a random IV to establish Cryptographic Synchronization. 6. Once synchronized, the CLIPPER chips use the session key to encrypt/decrypt data in both directions; 7. The chips can be programmed to not enter secure mode if the LEF field has been tampered with (e.g., modified, superencrypted, replaced); 8. CLIPPER chips will be available from a second source in the future; 9. CLIPPER chips will be modified and upgraded in the future; 10. CLIPPER chips presently cost $16.00 (unprogrammed) and $26.00 (programmed). 4/30/93 From mnemonic at eff.org Fri Apr 30 14:35:56 1993 From: mnemonic at eff.org (Mike Godwin) Date: Fri, 30 Apr 93 14:35:56 PDT Subject: 800 number -- Clipper poll Message-ID: <199304302135.AA01210@eff.org> Article 17194 (12 more + 1 Marked to return) in comp.org.eff.talk: From: JHIUOT&)@p918.f70.n109.z1.fidonet.org (JHIUOT&)) Subject: Clipper poll Date: Wed, 28 Apr 93 12:00:09 PDT Organization: FidoNet node 1:109/70.918 - No Montgomery Co Ba, Rockville MD Lines: 14 Communications Week magazine has a weekly telephone response poll. This week's question is: Do you agree with the Clinton administration's Public Encryption Management dire ctive for communications equipment? Yes: 800-242-CWKY No: 800-242-CWKN -- uucp: uunet!m2xenix!puddle!109!70.918!JHIUOT&) Internet: JHIUOT&)@p918.f70.n109.z1.fidonet.org From i6t4 at jupiter.sun.csd.unb.ca Fri Apr 30 16:08:56 1993 From: i6t4 at jupiter.sun.csd.unb.ca (Nickey MacDonald) Date: Fri, 30 Apr 93 16:08:56 PDT Subject: 800 numbers In-Reply-To: <199304302135.AA01210@eff.org> Message-ID: Of course, only Americans can dial those numbers.. which is a shame... (A few Canadians could have skewed the voting... :-) On a note similar to remailers, has anyone ever given consideration to creating an "outdial" service? If I could dial long distance into the States, and then be able to dial a 1-800 number that I cannot dial direct from Canada (which is most) this would extremely useful... Could be taken a step further, and with automated billing a person could dial *any* number and charge it back to their calling card (though this would not be fully anonymous, is there a use for this?? I donno... as Caller ID becomes more prevalent... maybe...) I know law enforcement agents use something like this for undercover operations, though I doubt they figure in a long distance factor very often... Anyway, something to think about... --- Nick MacDonald | NMD on IRC i6t4 at jupiter.sun.csd.unb.ca | PGP 2.1 Public key available via finger On Fri, 30 Apr 1993, Mike Godwin wrote: > Communications Week magazine has a weekly telephone response poll. > > This week's question is: > > Do you agree with the Clinton administration's Public Encryption > Management directive for communications equipment? > > Yes: 800-242-CWKY > No: 800-242-CWKN From phr at america.Telebit.COM Fri Apr 30 16:49:27 1993 From: phr at america.Telebit.COM (Paul Rubin) Date: Fri, 30 Apr 93 16:49:27 PDT Subject: eurocrypt '93 Message-ID: <9304302348.AB12222@america.TELEBIT.COM> Is anyone thinking of going? It's in Norway, in late May. Pining for the fjords... Paul From hughes at soda.berkeley.edu Fri Apr 30 17:14:39 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Fri, 30 Apr 93 17:14:39 PDT Subject: 800 numbers In-Reply-To: Message-ID: <9305010011.AA05935@soda.berkeley.edu> >On a note similar to remailers, has anyone ever given consideration to >creating an "outdial" service? [a redialer operation for telephones] I've been wanting to do this for years. As soon as we get a digital coin system running, I'm going to work on getting one up in Berkeley. There are some interesting issues here similar to remailers. Fancy schemes tend not to be all that secure because the in-band audio signalling is not conducive to crypto. Just having the redirection service is enough now to disrupt Caller-ID. When ISDN is standard, you can you the money transaction on the D channel, out of band, and digital. Eric From tien Fri Apr 30 17:27:13 1993 From: tien (Lee Tien) Date: Fri, 30 Apr 93 17:27:13 PDT Subject: I don't take it personally... Message-ID: <9305010027.AA08692@toad.com> Tim, I'm responding to your question about patents. I don't know of any reason why individual licenses to use the public-key patents in connection with specified authorized programs couldn't be granted under U.S. patent law. In general, a patent holder has the right to exclude unauthorized persons from making, using, or selling the patented invention. A patent holder can grant non- exclusive licenses to make, use, or sell. Legally speaking, a non-exclusive license can be thought of as a promise by the paent holder not to sue the licensee for acts within the scope of the license which would otherwise constitute patent infringement, in return for some kind of consideration. The major limits on a valid patent are "patent misuse" (where the patent holder overreaches) and antitrust (where the patent holder uses the patent to restrain trade). Patent licensing is a pretty flexible mechanism. I'm no expert, though, and I've never quite understood exactly what this patent protects, nor have I seen the actual claims of the issued patent. Lee From hughes at soda.berkeley.edu Fri Apr 30 17:36:28 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Fri, 30 Apr 93 17:36:28 PDT Subject: PGP on soda.berkeley.edu In-Reply-To: <930430161518_74076.1041_FHD32-1@CompuServe.COM> Message-ID: <9305010033.AA07393@soda.berkeley.edu> >soda.berkely.edu, was publicized in sci.crypt last week (among other places >and times). I have tried to make sure that it's not widely publicized, for reasons stated below. >Eric said that the Cypherpunks FTP site has become among the top FTP access >points in the world. No. I said that the cypherpunks site on soda is the most active one on soda. Quite a difference. >When Stanton McCandlish posted on sci.crypt that he had PGP available on his >system, he quickly received threats from Jim Bidzos demanding that he remove >it. Look. Bidzos is under fiduciary responsibility to exercise due diligence in making sure unlicensed software is not distributed. If Bidzos were to get fired for not doing it, someone else would come in and do exactly the same thing. >It follows, doesn't it, that Jim Bidzos would be forced to apply similar >legal pressure to the Cypherpunks leadership to get them to remove PGP from >their site, a site which may be one of the leaders worldwide in distributing >PGP. I've know Bidzos for a little over a year. I've been distributing PGP ever since the ftp site went up. Not once have I ever told Bidzos I'm doing this. If I did, he'd have no choice but to stop it, having been personally informed that infringement was occurring at a particular place under a known agent. I've asked Hugh Miller not to advertise the site publicly, not because I don't want it used, but because I don't want it to go away. The site is registered with archie; if you want it, you can find it. Sometimes you have to be loud to get things done; sometimes you have to be silent. Domestic distribution of PGP right now is something best done in silence. >Are Tim and Eric under pressure from Bidzos to get >PGP off their site? Tim doesn't have anything at all to do with the ftp site. I do it on a guest account on the machine, which for tactical reasons of software distribution I'd like to keep. I have never heard anyword from Bidzos that he even knows about the soda site, let alone that I maintain it, let alone any pressure to remove PGP from it. Eric From cplai at csie.nctu.edu.tw Fri Apr 30 17:55:24 1993 From: cplai at csie.nctu.edu.tw (cplai at csie.nctu.edu.tw) Date: Fri, 30 Apr 93 17:55:24 PDT Subject: unsubsribe Message-ID: <9305010057.AA06347@csie.nctu.edu.tw> Please, unsubsribe me now. Please, unsubsribe me now. From svp at gtoal.com Fri Apr 30 18:37:00 1993 From: svp at gtoal.com (Sy Verpunc) Date: Fri, 30 Apr 93 18:37:00 PDT Subject: 800 numbers Message-ID: <9304300205.AA18556@pizzabox.demon.co.uk> From: Nickey MacDonald Of course, only Americans can dial those numbers.. which is a shame... (A few Canadians could have skewed the voting... :-) On a note similar to remailers, has anyone ever given consideration to creating an "outdial" service? If I could dial long distance into the States, and then be able to dial a 1-800 number that I cannot dial direct from Canada (which is most) this would extremely useful... Could be taken mail me your pgp key... G From HARUP16 at delphi.com Fri Apr 30 18:43:36 1993 From: HARUP16 at delphi.com (HARUP16 at delphi.com) Date: Fri, 30 Apr 93 18:43:36 PDT Subject: PGP Message-ID: <01GXMXWJVE4Y95NBR5@delphi.com> > I've yet to see many people who "need" PGP who cannot pay for > I'm wrong, but that's how I see it. In any case, while we may > doubts about the patentability of mathematical algorithms, tha > the world works. Certain property rights are reasonable. Argui > RSADSI has no rights to a patent on public key methods is a di > matter than arguing that someone's need and inability to pay i > taking software. I think what Matt was trying to get at is that privacy should be free The day that I feel the need to have to pay $100 to ensure that my business is nobody's business but my own is the day I leave this country for a nice outlet free desert island. I know that it was wrong to steal the RSA code for a shareware alternative, but you gotta understand the stakes here: Breaking a patend, or keeping the government from snooping on each and everyone of us. Sure, RSA is great, and they should get payed for their time programming, yap, yap, yap. But when Salk found a vacine for Polio, did he have a little fit and say "no! you are all going to die because I am a greedy little bastard", no, he made the vacine a sort of share-ware. I know there is a great deal of difference between death and software, but just tell that to to the people involved with Inslaw(hope you are all familiar with Promis software). From svp at gtoal.com Fri Apr 30 18:47:12 1993 From: svp at gtoal.com (Sy Verpunc) Date: Fri, 30 Apr 93 18:47:12 PDT Subject: Introduction... Message-ID: <9304300211.AA18605@pizzabox.demon.co.uk> I wrote: : To whoever it was at Ohio who just fingered this account... (whether it's : one of us or the obligatory NSA mole :-) [oops, no, the NSA mole works out : of uunet.ca, right?]) - I'll save you the bother - it's not a cunning alias, What a nosey bunch... I've had this machine on the net for almost a year and not been fingered by as many strangers as over the last three days. Anyway, here's a little experiment in paranoia... which of these people *aren't* cypherpunks...? I've always wondered if joining a list like this would bring unwelcome attention... I've marked the people who I know are on the cypherpunks list with a *. If any of the rest of them are 'one of us', let me know. By elimination we'll work out where the gummint spies hide out :) ... (The machines that reject finger requests and telnet VRFYs are pretty suspicious...) And I'm also particularly suspicious of the finger from ohio-state - it *was* someone who reads this list (the svp ID was created especially for it) but there are *no* ohio-state sites in the mailing list at all. If this is considered a waste of the list's bandwidth, flame me privately... In fact, reply privately whatever you have to say... (gtoal at gtoal.com) Apr 27 20:03:05 finger from serdlc21.essex.ac.uk [155.245.11.40] Apr 27 20:03:18 guest Guest p3 Wed 20:00 Apr 27 20:03:18 millph P H Mills p5 Wed 19:44 Apr 27 20:03:18 guest Guest p6 Wed 20:25 Apr 27 20:03:18 guest Guest p7 Wed 20:31 Apr 27 23:10:19 finger from PANAM1.PANAM.EDU [129.113.1.2] Apr 27 23:10:44 GMJ2393B Jimenez, George M 20401FE1 FINGER LTA6549DSCC08/PORT4 Apr 27 23:13:08 finger gtoal from uunet.ca [142.77.1.1] Apr 28 19:48:53 finger from harrip at serdlc23.essex.ac.uk [155.245.11.42] Apr 28 19:49:13 harrip P Harrington p2 Thu 19:47 Apr 29 18:58:05 finger svp from mathserv.mps.ohio-state.edu [128.146.110.31] Apr 29 19:32:17 finger from mathserv.mps.ohio-state.edu [128.146.110.31] [! denotes no idle time during both fingers] akos alden aparson baker bkm bloch bogdan cao carlson chohan cthomas! davis dijen edgar falkner fcarroll fiedorow! forest ggelder! goedde goss haar hamilton! haradako harmon henri holbrook hpallen huneke jocha kappeler lguo ling! lingshu march morlet! neumann! nevai ogle overman patmac! ponomar rld robertso! root siegel singhi! sinha! sinnott stanton tanveer terman wang Apr 29 19:38:15 *finger gtoal from ee92jks at monge.brunel.ac.uk [134.83.72.1] Apr 29 19:38:20 ee92jks Jonathan K Saville *p1 Fri 20:03 cc-02.brunel.ac. Apr 29 19:44:11 finger svp from seneca.SED.Provo.Novell.COM [137.65.96.1] Apr 29 19:45:11 finger gtoal from seneca.SED.Provo.Novell.COM [137.65.96.1] ?* Apr 29 23:23:21 finger gtoal from sck at naucse.cse.nau.edu [134.114.64.1] Apr 29 23:23:27 sck Sean Koontz *p1 Fri 13:41 =* Apr 30 00:01:39 finger gtoal from dent.uchicago.edu [128.135.72.13] PS Someone mailed me to ask how I knew if I'd been fingered - it's a combination of a home-hacked fingerd and the log_tcp wrapper package. From ebrandt at jarthur.Claremont.EDU Fri Apr 30 20:46:40 1993 From: ebrandt at jarthur.Claremont.EDU (Eli Brandt) Date: Fri, 30 Apr 93 20:46:40 PDT Subject: PGP In-Reply-To: <01GXMXWJVE4Y95NBR5@delphi.com> Message-ID: <9305010346.AA10948@toad.com> > From: HARUP16 at delphi.com > I know that it was wrong to steal the RSA code for > a shareware alternative, but [...] Nobody stole code. PGP infringes on (at least) U.S. Patent 4,405,829, which covers the RSA algorithm. Personally, I have no qualms about exponentiating in any algebra I please. As to the question of "whether RSADSI are good guys": they certainly could be. However, I don't see RSA doing a hell of a lot to promote crypto use -- the opposite, in fact. Their software output is hardly impressive for a corporation of a decade's standing. They won't sell me a license -- they'll sell it to Lotus, but I can't see their source code. The government hasn't banned public-key encryption, but it's banned patent-infringing public-key encryption. And for practical purposes, that's the only kind there is. The combined effect of present patent law and RSA's "sue first, write code later" approach has been to stifle the development of cryptography in this country and in the world. Perhaps if encryption algorithms were not encumbered, they would already be in common use, rendering Clipper untenable. If RSA Inc. wishes to sell me a license I shouldn't have to buy, that would be nice. If they wish to show their change of heart in some other way, that would be nice too, as long as it doesn't come with a licensing agreement like RSAREF's. But if they're going to continue to sit on their patents, I'll do without their blessing. Incidentally, I don't think the issue of algorithm patents is as minor as some have portrayed it. It has blocked the use of RSA, after all, giving Clipper a window. Furthermore, there are patents on approximately every other cryptographic technique: PK in general, exponential key exchange, LUC, IDEA, DigiCash, .... Patents may gut cryptology the way they have data compression, to pick one example. This would be a shame. Eli ebrandt at jarthur.claremont.edu From 74076.1041 at CompuServe.COM Fri Apr 30 21:47:14 1993 From: 74076.1041 at CompuServe.COM (Hal) Date: Fri, 30 Apr 93 21:47:14 PDT Subject: PGP on soda.berkely.edu Message-ID: <930501044129_74076.1041_FHD20-1@CompuServe.COM> -----BEGIN ??? SIGNED MESSAGE----- I want to apologize to Eric and Tim for intimating that their motives in exploring the possibility of closer ties to RSADSI were due to pressure from that company and its officers. I had apparently misinterpreted Eric's statements about the popularity of the Cypherpunks FTP directories to conclude that it was a major distribution site for PGP. I am glad to hear that Eric and Tim are not facing any immediate legal problems due to their support for this software. Turning to the issue under discussion, I do have a couple of other thoughts. First, I don't see that the interests of RSADSI are fully aligned with ours regarding Clipper. Despite PKP's success in accumulating patents, Clipper per se does not appear to infringe, being based on a new symmetric cryptosystem. So they don't have any direct leverage over the use of Clipper. Now, Clipper-based phones presumably need some way to exchange keys, and here PKP's patents are likely to be relevant. But I was under the impression that AT&T, at least, was already producing secure telephones. I don't see why whatever arrangements they made for key exchange under their previous technology would have to be changed with Clipper. In fact, Clipper in some ways represents a major market opportunity for PKP. To the extent that the publicity leads to increased sales of encrypting phones, PKP may benefit from the success of the Clipper. (The follow-on Capstone project does appear to pose a greater threat to PKP, since it will use DSS (for key exchange???).) Furthermore, in any future government prohibition on non-Clipper cryptography, our greatest nightmare, it is plausible that the government would "take care" of PKP by making sure that they get a nice piece of the pie. I could easily imagine a situation in which non-Clipper crypto is banned, Clipper is widely distributed, and PKP is doing very well financially with a slice of the profits from every sale. Even if Jim Bidzos were personally committed to widespread, strong, public cryptography, and opposed Clipper for fundamental philosophical reasons (just like us), he would be faced with a conflict of interest. As several people have pointed out here, Bidzos has a fiduciary responsibility to his shareholders to maximize profits for his twin companies. If it comes down to a choice between opposing Clipper on principle and accepting it along with guaranteed profits, he may be forced (in the same sense in which he is forced to send threats to Stanton McCandlish) to back Clipper. So, even if Bidzos is personally a nice guy I think we need to remember that his company may not be a natural ally of ours. One final point, for now. I like Tim's .sig and all it represents. But frankly, it is hard for me to square a commitment to radical change with the proposed alliance with PKP. Part of the trouble is that I still don't understand exactly what our relationship with RSADSI is proposed to become. But at a minimum it sounds like we would avoid supporting activities which would infringe on their patents. That means that when we want to start working on some of those things in Tim's .sig, we are in many cases going to have to get Jim Bidzos's permission. Can you imagine asking something like this: "Dear Jim: We request permission to use the RSA algorithm for an implementation of digital cash which we will distribute in an underground way among BBS's all over the world, with the goal being the support of "information markets, black markets, [and] smashing of governments" (to quote Tim's excellent .sig). "Please sign on the dotted line below. Yours truly, an anonymous Cypherpunk." Obviously there is no way Bidzos could give such approval. Even if he personally were a card-carrying member of the Anarchist Party he could not bear the legal liability that someone in his position would take if he granted this request. How, exactly, are we supposed to progress towards Crypto Anarchy if we have to be sure not to step on PKP's toes? Do we just not ask him for permission (in which case we are in PGP's boat)? Do we ask for permission without revealing the full scope of the project (in which case it may be rescinded later)? I am not being facetious here. I honestly don't see how you can carry out Cypherpunk activities with a corporate sponsor. I guess that's enough for now... Hal 74076.1041 at compuserve.com -----BEGIN ??? SIGNATURE----- Version: 2.2 iQCVAgUBK+HUu6gTA69YIUw3AQF9hAP+K6HXxXxjpK2qmjtFmj6LnWFW10KG09P+ o09BpbCJsiXTulv85XEtDfTyqus+T9o2dp01xaJaj0T/En3nKPs7NjKlgNciLmhV 3gzAAuv3VedheUR4cLuZOKxk6MkcwywRB4T/PHPomJ411FeYHI1DgBxZEbpM25e0 Y5mk4vQP+oo= =zKde -----END ??? SIGNATURE----- From 72114.1712 at CompuServe.COM Fri Apr 30 22:02:24 1993 From: 72114.1712 at CompuServe.COM (Sandy) Date: Fri, 30 Apr 93 22:02:24 PDT Subject: OUTDIAL SERVICE Message-ID: <930501045637_72114.1712_FHF42-1@CompuServe.COM> _________________________________________________________________ SANDY SANDFORT ssandfort at attmail.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Nickey MacDonald wrote: ". . . has anyone ever given consideration to creating an "outdial" service? If I could dial long distance into the States, and then be able to dial a 1-800 number that I cannot dial direct from Canada (which is most) this would extremely useful." At least one service, similar to what you describe, already exists. It was created primarily to take advantage of the low long distance/international rates available only from the US. Incoming calls to the US typically cost 2-3 times as much as outgoing calls to the same countries. Once you have an account, you can call a special number in the US, key in your private code, and hang up. You will immediately be called back by the service. When you answer, you will here an American dial tone. You may then dial any number in the world. The service charges you a fee that is substantially less than the international rates charges in your home country. Of course, it also allows you to call US 800 numbers, as well. The company, ITS, offers other services including programs for Americans (or anybody) travelling abroad. For more information, contact: International Telephone Services, Inc. 1750 K Street, N.W., Suite 380 Washington, DC 20006 Tel: 202 223 1307 Fax: 202 296 1643 S a n d y Please respond ONLY to: ssandfort at attmail.com _________________________________________________________________ From ld231782 at longs.lance.colostate.edu Fri Apr 30 22:37:44 1993 From: ld231782 at longs.lance.colostate.edu (ld231782 at longs.lance.colostate.edu) Date: Fri, 30 Apr 93 22:37:44 PDT Subject: electronic democracy: approaching at megabit speed! Message-ID: <9305010500.AA22840@longs.lance.colostate.edu> This came from the `privacy digest' mailing list. Of particular interest is the opening & `onlining' of government databases. Also note that the noted Sen. Leahy has expressed serious concern over the Clipper and is chairing hearings on it. `mood of declassification'? `require more openess throughout the bureacracy'? `electronic mail to improve citizen participation'? WOW! Some words that have been coined to describe this kind of thing for future sound-bite reference: `modemocracy' (saw this in a Compuserve magazine) or `netocracy' (my own coining) ===cut=here=== [ Original posting source: nigel.allen at canrem.com in igc:alt.news-media -- MODERATOR ] White House Official Outlines Freedom of Information Strategy at 'Information Summit' To: National Desk, Media Writer Contact: Ellen Nelson of The Freedom Forum First Amendment Center, 615-321-9588 NASHVILLE, Tenn., April 13 -- A White House official today outlined a broad open government strategy for the Clinton administration, throwing support behind legislation to apply the Freedom of Information Act to electronic records. "At the Clinton White House, most of the debate over the E-mail system is about how we can interconnect it to public services rather than how we can destroy the records or tear out the hard drives before the subpoenas come to reach us," said John Podesta, assistant to the president and staff secretary. Podesta made his comments in front of 70 participants in the nation's first Freedom of Information Summit, sponsored by The Freedom Forum First Amendment Center at Vanderbilt University. Though the economy dominates the headlines, Podesta said the new administration was quietly working across a broad front to open government. His "predictions for the first year," included: -- Working with Sen. Patrick Leahy (D-Vermont) to win approval this session for a bill allowing access to dozens of electronic databases in the federal government. -- Developing an electronic mail system within the federal government to improve citizen participation in government. -- Making the government's archives available on the nation's "information highway," and appointing a national archivist "who cares more about preserving history than about preserving his job." --Creating a "mood of declassification" with new executive orders from the president outlining what government may keep secret. -- "Reinventing government" under initiatives developed by the fall by Vice President Gore to require more openness on the part of civil servants throughout the bureaucracy. Podesta also pledged lobbying reform and political reform to "get rid of the soft money in campaigns." The Freedom of Information Act may need strengthening in addition to electronic access, he said. Pinched by a dozen years of tight information policy, news organizations have sent President Clinton a freedom of information policy paper calling for wholesale personnel changes in FOIA-related jobs, junking the secrecy classifications of President Reagan's Executive Order 12356, overhauling the Freedom of Information Act and ending military censorship of war reporting. "People working on behalf of the public on more openness in government at all levels are heartened by the prospect of the White House taking the lead in this area," said Paul McMasters, executive director of The Freedom Forum First Amendment Center at Vanderbilt University. The conference, sponsored by The Freedom Forum First Amendment Center at Vanderbilt University, is focusing on issues ranging from the Clinton administration's policies on open government to restrictions on public access to crime, accident and disaster scenes. The conference, open to the public, is at the Stouffer Hotel in downtown Nashville. Speakers on the Clinton FOI Agenda included Richard Schmidt Jr., general counsel to the American Society of Newspaper Editors and partner in the law firm of Cohn & Marks in Washington, D.C.; Theresa Amato, the director of the FOI Clearinghouse in Washington, D.C. and staff counsel for Public Citizens Litigation Group in Washington, D.C.; and Quinlan Shea, former Carter administration official who discussed problems of access to government. Former American hostage Terry Anderson will give the keynote address at the dinner tonight. The Freedom Forum First Amendment Center at Vanderbilt University is an independent operating program of The Freedom Forum. The Center's mission is to foster a better public understanding of and appreciation for First Amendment rights and values, including freedom of religion, free speech and press, the right to petition government and peaceful assembly. The Freedom Forum is a nonpartisan, international organization dedicated to free press, free speech and free spirit for all people. It is supported entirely by an endowment established by Frank E. Gannett in 1935 that has grown to more than $700 million in diversified managed assets. Its headquarters is The Freedom Forum World Center in Arlington, Va. -30- -- Canada Remote Systems - Toronto, Ontario 416-629-7000/629-7044