From robichau at lambda.msfc.nasa.gov Thu Apr 1 08:18:16 1993 From: robichau at lambda.msfc.nasa.gov (Paul Robichaux) Date: Thu, 1 Apr 93 08:18:16 PST Subject: PHRACK: Article from PHRACK 42 on encryption Message-ID: <9304011902.AA26513@lambda.msfc.nasa.gov> Attached is an article from PHRACK 42 written by "The Racketeer." Exposing factual errors and flaws in reasoning is left as an exercise for the reader. -Paul ################################################### # The Paranoid Schizophrenics Guide to Encryption # # (or How to Avoid Getting Tapped and Raided) # ################################################### Written by The Racketeer of The /-/ellfire Club The purpose of this file is to explain the why and the how of Data Encryption, with a brief description of the future of computer security, TEMPEST. At the time of this issue's release, two of the more modern software packages use encryption methods covered in this article, so exercise some of your neurons and check into newer releases if they are available. Methods described in this file use PGP, covering an implementation of Phil Zimmermann's RSA variant, and the MDC and IDEA conventional encryption techniques by using PGP and HPACK. -------------------- WHY DATA ENCRYPTION? -------------------- This isn't exactly the typical topic discussed by me in Phrack. However, the importance of knowing encryption is necessary when dealing with any quasi-legal computer activity. I was planning on starting my series on hacking Novell Networks (so non-Internet users can have something to do), but recent events have caused me to change my mind and, instead of showing people how to get into more trouble (well, okay, there is plenty of that in this file too, since you're going to be working with contraband software), I've opted instead to show people how to protect themselves from the long arm of the Law. Why all this concern? Relatively recently, The Masters of Deception (MoD) were raided by various federal agencies and were accused of several crimes. The crimes they did commit will doubtlessly cause more mandates, making the already too-outrageous penalties even worse. "So?" you might ask. The MoD weren't exactly friends of mine. In fact, quite the contrary. But unlike many of the hackers whom I dealt with in the "final days" prior to their arrest, I bitterly protested any action against the MoD. Admittedly, I followed the episode from the beginning to the end, and the moral arguments were enough to rip the "Hacker World" to pieces. But these moral issues are done, the past behind most of us. It is now time to examine the aftermath of the bust. According to the officials in charge of the investigation against MoD members, telephone taps were used to gain evidence against members successfully. All data going in and out of their house was monitored and all voice communications were monitored, especially between members. So, how do you make a line secure? The party line answer is use of effective encryption methods. Federal investigative agencies are currently pushing for more technological research into the issue of computer security. All of the popular techniques which are being used by hackers today are being used by the government's R&D departments. Over the course of the last 5 years, I've watched as the U.S. Government went from a task force of nearly nil all the way to a powerful marauder. Their mission? Unclear. Regardless, the research being accomplished by federally-funded projects dealing with the issues of computer security are escalating. I've personally joined and examined many such conferences and have carefully examined the issues. Many of these issues will become future Phrack articles which I'll write. Others, such as limited-life semiconductors and deliberate telephone line noise sabotage caused by ACK packet detections in order to drive telecommunication costs higher, are sadly unpreventable problems of the future which won't be cured by simple awareness of the problem. They have different names -- Computer Emergency Response Team (CERT), Computer Assisted Security Investigative Analysis Tool (FBI's CASIAT), the Secret Service's Computer Fraud Division, or the National Computer Security Center (NSA's NCSC). Scores of other groups exist for every network, even every operating system. Their goal isn't necessarily to catch hackers; their goal is to acquire information about the act of hacking itself until it is no longer is a problem. Encryption stands in the way. Computer Security is literally so VAST a concept that, once a person awakens to low-level computer mechanics, it becomes nearly impossible to prevent that person from gaining unauthorized access to machines. This is somewhat contradictory to the "it's all social engineering" concept which we have been hearing about on Nightline and in the papers. If you can't snag them one way though, you can get them another -- the fact is that computers are still too damn vulnerable these days to traditional hacking techniques. Because of the ease of breaking through security, it becomes very difficult to actually create an effective way to protect yourself from any form of computer hacking. Look at piracy: they've tried every trick in the book to protect software and, so far, the only success they have had was writing software that sucked so much nobody wanted a copy. Furthermore, totally non-CPU related attacks are taking place. The passing of Anti-TEMPEST Protection Laws which prevent homes from owning computers that don't give off RF emissions has made it possible for any Joe with a few semesters of electrical engineering knowledge to rig together a device that can read what's on your computer monitor. Therefore: Q: How does a person protect their own computer from getting hacked? A: You pretty much can't. I've memorized so many ways to bypass computer security that I can rattle them off in pyramid levels. If a computer is not even connected to a network or phone line, people can watch every keystroke typed and everything displayed on the screen. Why aren't the Fedz using these techniques RIGHT NOW? I can't say they are not. However, a little research into TEMPEST technology resulted in a pretty blunt fact: There are too many computer components to scan accurately. Not the monitor, oh no! You're pretty much fucked there. But accessories for input and output, such as printers, sound cards, scanners, disk drives, and so forth...the possibility of parallel CPU TEMPEST technology exists, but there are more CPU types than any mobile unit could possibly use accurately. Keyboards are currently manufactured by IBM, Compaq, Dell, Northgate, Mitsuma (bleah), Fujitsu, Gateway, Focus, Chichony, Omni, Tandy, Apple, Sun, Packard-Bell (may they rot in hell), Next, Prime, Digital, Unisys, Sony, Hewlett-Packard, AT&T, and a scattering of hundreds of lesser companies. Each of these keyboards have custom models, programmable models, 100+ key and < 100 key models, different connectors, different interpreters, and different levels of cable shielding. For the IBM compatible alone, patents are owned on multiple keyboard pin connectors, such as those for OS/2 and Tandy, as well as the fact that the ISA chipsets are nearly as diverse as the hundreds of manufacturers of motherboards. Because of lowest-bid practices, there can be no certainty of any particular connection -- especially when you are trying to monitor a computer you've never actually seen! In short -- it costs too much for the TEMPEST device to be mobile and to be able to detect keystrokes from a "standard" keyboard, mostly because keyboards aren't "standard" enough! In fact, the only real standard which I can tell exists on regular computers is the fact that monitors still use good old CRT technology. Arguments against this include the fact that most of the available PC computers use standard DIN connectors which means that MOST of the keyboards could be examined. Furthermore, these keyboards are traditionally serial connections using highly vulnerable wire (see Appendix B). Once again, I raise the defense that keyboard cables are traditionally the most heavily shielded (mine is nearly 1/4 inch thick) and therefore falls back on the question of how accurate a TEMPEST device which is portable can be, and if it is cost effective enough to use against hackers. Further viewpoints and TEMPEST overview can be seen in Appendix B. As a result, we have opened up the possibility for protection from outside interference for our computer systems. Because any DECENT encryption program doesn't echo the password to your screen, a typical encryption program could provide reasonable security to your machine. How reasonable? If you have 9 pirated programs installed on your computer at a given time and you were raided by some law enforcement holes, you would not be labeled at a felon. Instead, it wouldn't even be worth their time to even raid you. If you have 9 pirated programs installed on your computer, had 200 pirated programs encrypted in a disk box, and you were raided, you would have to be charged with possession of 9 pirated programs (unless you did something stupid, like write "Pirated Ultima" or something on the label). We all suspected encryption was the right thing to do, but what about encryption itself? How secure IS encryption? If you think that the world of the Hackers is deeply shrouded with extreme prejudice, I bet you can't wait to talk with crypto-analysts. These people are traditionally the biggest bunch of holes I've ever laid eyes on. In their mind, people have been debating the concepts of encryption since the dawn of time, and if you come up with a totally new method of data encryption, -YOU ARE INSULTING EVERYONE WHO HAS EVER DONE ENCRYPTION-, mostly by saying "Oh, I just came up with this idea for an encryption which might be the best one yet" when people have dedicated all their lives to designing and breaking encryption techniques -- so what makes you think you're so fucking bright? Anyway, crypto-(anal)ysts tend to take most comments as veiled insults, and are easily terribly offended. Well, make no mistake, if I wanted to insult these people, I'd do it. I've already done it. I'll continue to do it. And I won't thinly veil it with good manners, either. The field of Crypto-analysis has traditionally had a mathematical emphasis. The Beal Cipher and the German Enigma Cipher are some of the more popular views of the field. Ever since World War 2, people have spent time researching how technology was going to affect the future of data encryption. If the United States went to war with some other country, they'd have a strong advantage if they knew the orders of the opposing side before they were carried out. Using spies and wire taps, they can gain encrypted data referred to as Ciphertext. They hand the information over to groups that deal with encryption such as the NSA and the CIA, and they attempt to decode the information before the encrypted information is too old to be of any use. The future of Computer Criminology rests in the same ways. The deadline on white collar crimes is defaulted to about 3-4 years, which is called the Statute of Limitations. Once a file is obtained which is encrypted, it becomes a task to decrypt it within the statute's time. As most crypto-analysts would agree, the cost in man-hours as well as supercomputer time would make it unfeasible to enforce brute force decryption techniques of random encryption methods. As a result of this, government regulation stepped in. The National Security Agency (referred to as "Spooks" by the relatively famous tormenter of KGB-paid-off hackers, Cliff Stoll, which is probably the only thing he's ever said which makes me think he could be a real human being) released the DES -- Data Encryption Standard. This encryption method was basically solid and took a long time to crack, which was also the Catch-22. DES wasn't uncrackable, it was just that it took "an unreasonable length of time to crack." The attack against the word "unreasonable" keeps getting stronger and stronger. While DES originated on Honeywell and DEC PDPs, it was rumored that they'd networked enough computers together to break a typical DES encrypted file. Now that we have better computers and the cost requirements for high-speed workstations are even less, I believe that even if they overestimated "unreasonable" a hundredfold, they'd be in the "reasonable" levels now. To explain how fast DES runs these days... I personally wrote a password cracker for DES which was arguably the very first true high-speed cracker. It used the German "Ultra-Fast Crypt" version of the DES algorithm, which happened to contain a static variable used to hold part of the previous attempt at encrypting the password, called the salt. By making sure the system wouldn't resalt on every password attempt, I was able to guess passwords out of a dictionary at the rate of 400+ words per second on a 386-25 (other methods at that time were going at about 30 per second). As I understand it now, levels at 500+ for the same CPU have been achieved. Now this means I can go through an entire dictionary in about five minutes on a DES-encrypted segment. The NSA has REAL cash and some of the finest mathematicians in the world, so if they wanted to gain some really decent speed on encryption, DES fits the ideal for parallel programming. Splitting a DES segment across a hundred CPUs, each relatively modern, they could crank out terraflops of speed. They'd probably be able to crack the code within a few days if they wanted to. Ten years from now, they could do it in a few seconds. Of course, the proper way to circumnavigate DES encryption is to locate and discover a more reliable, less popular method. Because the U.S. Government regulates it, it doesn't mean it's the best. In fact, it means it's the fucking lamest thing they could sweeten up and hope the public swallows it! The last attempt the NSA made at regulating a standard dealing with encryption, they got roasted. I'm somewhat convinced that the NSA is against personal security, and from all the press they give, they don't WANT anyone to have personal security. Neither does the Media for that matter. Because of lamers in the "Biblical Injustice Grievance Group of Opposing Terrible Sacrilege" (or BIGGOTS) who think that if you violate a LAW you're going to Hell (see APPENDIX C for my viewpoint of these people) and who will have convinced Congress to pass ease-of-use wire taps on telephone lines and networks so that they can monitor casual connections without search warrants, encryption will be mandatory if you want any privacy at all. And to quote Phil Zimmermann, "If privacy is outlawed, only the outlaws will have privacy." Therefore, encryption methods that we must use should be gathered into very solid categories which do NOT have endorsement of the NSA and also have usefulness in technique. HOW TO USE DECENT ENCRYPTION: (First, go to APPENDIX D, and get yourself a copy of PGP, latest version.) First of all, PGP is contraband software, presumably illegal to use in the United States because of a patent infringement it allegedly carries. The patent infringement is the usage of a variant of the RSA encryption algorithm. Can you patent an algorithm? By definition, you cannot patent an idea, just a product -- like source code. Yet, the patent exists to be true until proven false. More examples of how people in the crypto-analyst field can be assholes. Anyway, Phil's Pretty Good Software, creators of PGP, were sued and all rights to PGP were forfeited in the United States of America. Here comes the violation of the SECOND law, illegal exportation of a data encryption outside of the United States of America. Phil distributed his encryption techniques outside the USA, which is against the law as well. Even though Mr. Zimmermann doesn't do any work with PGP, because he freely gave his source code to others, people in countries besides the United States are constantly updating and improving the PGP package. PGP handles two very important methods of encryption -- conventional and public key. These are both very important to understand because they protect against completely different things. ----------------------- CONVENTIONAL ENCRYPTION ----------------------- Conventional encryption techniques are easiest to understand. You supply a password and the password you enter encrypts a file or some other sort of data. By re-entering the password, it allows you to recreate the original data. Simple enough concept, just don't give the password to someone you don't trust. If you give the password to the wrong person, your whole business is in jeopardy. Of course, that goes with just about anything you consider important. There are doubtlessly many "secure enough" ciphers which exist right now. Unfortunately, the availability of these methods are somewhat slim because of exportation laws. The "major" encryption programs which I believe are worth talking about here are maintained by people foreign to the USA. The two methods of "conventional" encryption are at least not DES, which qualifies them as okay in my book. This doesn't mean they are impossible to break, but they don't have certain DES limitations which I know exist, such as 8 character password maximum. The methods are: MDC, as available in the package HPACK; and IDEA, as available in Pretty Good Privacy. Once you've installed PGP, we can start by practicing encrypting some typical files on your PC. To conventionally encrypt your AUTOEXEC.BAT file (it won't delete the file after encryption), use the following command: C:\> pgp -c autoexec.bat Pretty Good Privacy 2.1 - Public-key encryption for the masses. (c) 1990-1992 Philip Zimmermann, Phil's Pretty Good Software. 6 Dec 92 Date: 1993/01/19 03:06 GMT You need a pass phrase to encrypt the file. Enter pass phrase: { Password not echoed } Enter same pass phrase again: Just a moment.... Ciphertext file: autoexec.pgp C:\> dir Volume in drive C is RACK'S Directory of c:\autoexec.pgp autoexec.pgp 330 1-18-93 21:05 330 bytes in 1 file(s) 8,192 bytes allocated 52,527,104 bytes free PGP will compress the file before encrypting it. I'd say this is a vulnerability to the encryption on the basis that the file contains a ZIP file signature which could conceivably make the overall encryption less secure. Although no reports have been made of someone breaking PGP this way, I'd feel more comfortable with the ZIP features turned off. This is somewhat contrary to the fact that redundancy checking is another way of breaking ciphertext. However, it isn't as reliable as checking a ZIP signature. Although PGP will doubtlessly become the more popular of the two programs, HPACK's encryption "strength" is that by being less popular, it will probably not be as heavily researched as PGP's methods will be. Of course, by following PGP, new methods of encryption will doubtlessly be added as the program is improved. Here is how you'd go about encrypting an entire file using the HPACK program using the MDC "conventional" encryption: C:\> hpack A -C secret.hpk secret.txt HPACK - The multi-system archiver Version 0.78a0 (shareware version) For Amiga, Archimedes, Macintosh, MSDOS, OS/2, and UNIX Copyright (c) Peter Gutmann 1989 - 1992. Release date: 1 Sept 1992 Archive is 'SECRET.HPK' Please enter password (8..80 characters): Reenter password to confirm: Adding SECRET .TXT Done Anyway, I don't personally think HPACK will ever become truly popular for any reason besides its encryption capabilities. ZIP has been ported to an amazing number of platforms, in which lies ZIP's encryption weakness. If you think ZIP is safe, remember that you need to prevent the possibility of four years of attempted password cracking in order to beat the Statutes of Limitations: Here is the introduction to ZIPCRACK, and what it had to say about how easy it is to break through this barrier: (Taken from ZIPCRACK.DOC) ----- ZIPCRACK is a program designed to demonstrate how easy it is to find passwords on files created with PKZIP. The approach used is a fast, brute-force attack, capable of scanning thousands of passwords per second (5-6000 on an 80386-33). While there is currently no known way to decrypt PKZIP's files without first locating the correct password, the probability that a particular ZIP's password can be found in a billion-word search (which takes about a day on a fast '486) is high enough that anyone using the encryption included in PKZIP 1.10 should be cautious (note: as of this writing, PKZIP version 2.00 has not been released, so it is not yet known whether future versions of PKZIP will use an improved encryption algorithm). The author's primary purpose in releasing this program is to encourage improvements in ZIP security. The intended goal is NOT to make it easy for every computer user to break into any ZIP, so no effort has been made to make the program user-friendly. ----- End Blurb Likewise, WordPerfect is even more vulnerable. I've caught a copy of WordPerfect Crack out on the Internet and here is what it has to say about WordPerfect's impossible-to-break methods: (Taken from WPCRACK.DOC:) ----- WordPerfect's manual claims that "You can protect or lock your documents with a password so that no one will be able to retrieve or print the file without knowing the password - not even you," and "If you forget the password, there is absolutely no way to retrieve the document." [1] Pretty impressive! Actually, you could crack the password of a Word Perfect 5.x file on a 8 1/2" x 11" sheet of paper, it's so simple. If you are counting on your files being safe, they are NOT. Bennet [2] originally discovered how the file was encrypted, and Bergen and Caelli [3] determined further information regarding version 5.x. I have taken these papers, extended them, and written some programs to extract the password from the file. ----- End Blurb --------------------- PUBLIC KEY ENCRYPTION --------------------- Back to the Masters of Deception analogy -- they were telephone tapped. Conventional encryption is good for home use, because only one person could possibly know the password. But what happens when you want to transmit the encrypted data by telephone? If the Secret Service is listening in on your phone calls, you can't tell the password to the person that you want to send the encrypted information to. The SS will grab the password every single time. Enter Public-Key encryption! The concepts behind Public-Key are very in-depth compared to conventional encryption. The idea here is that passwords are not exchanged; instead a "key" which tells HOW to encrypt the file for the other person is given to them. This is called the Public Key. You retain the PRIVATE key and the PASSWORD. They tell you how to decrypt the file that someone sent you. There is no "straight" path between the Public Key and the Private Key, so just because someone HAS the public key, it doesn't mean they can produce either your Secret Key or Password. All it means is that if they encrypt the file using the Public Key, you will be able to decrypt it. Furthermore, because of one-way encryption methods, the output your Public Key produces is original each time, and therefore, you can't decrypt the information you encrypted with the Public Key -- even if you encrypted it yourself! Therefore, you can freely give out your own Public Key to anyone you want, and any information you receive, tapped or not, won't make a difference. As a result, you can trade anything you want and not worry about telephone taps! This technique supposedly is being used to defend the United States' Nuclear Arsenal, if you disbelieve this is secure. I've actually talked with some of the makers of the RSA "Public-Key" algorithm, and, albeit they are quite brilliant individuals, I'm somewhat miffed at their lack of enthusiasm for aiding the public in getting a hold of tools to use Public Key. As a result, they are about to get railroaded by people choosing to use PGP in preference to squat. Okay, maybe they don't have "squat" available. In fact, they have a totally free package with source code available to the USA public (no exportation of code) which people can use called RSAREF. Appendix E explains more about why I'm not suggesting you use this package, and also how to obtain it so you can see for yourself. Now that we know the basic concepts of Public-Key, let's go ahead and create the basics for effective tap-proof communications. Generation of your own secret key (comments in {}s): C:\> pgp -kg { Command used to activate PGP for key generation } Pretty Good Privacy 2.1 - Public-key encryption for the masses. (c) 1990-1992 Philip Zimmermann, Phil's Pretty Good Software. 6 Dec 92 Date: 1993/01/18 19:53 GMT Pick your RSA key size: 1) 384 bits- Casual grade, fast but less secure 2) 512 bits- Commercial grade, medium speed, good security 3) 1024 bits- Military grade, very slow, highest security Choose 1, 2, or 3, or enter desired number of bits: 3 {DAMN STRAIGHT MILITARY} Generating an RSA key with a 1024-bit modulus... You need a user ID for your public key. The desired form for this user ID is your name, followed by your E-mail address enclosed in , if you have an E-mail address. For example: John Q. Smith <12345.6789 at compuserve.com> Enter a user ID for your public key: The Racketeer You need a pass phrase to protect your RSA secret key. Your pass phrase can be any sentence or phrase and may have many words, spaces, punctuation, or any other printable characters. Enter pass phrase: { Not echoed to screen } Enter same pass phrase again: { " " " " } Note that key generation is a VERY lengthy process. We need to generate 105 random bytes. This is done by measuring the time intervals between your keystrokes. Please enter some text on your keyboard, at least 210 nonrepeating keystrokes, until you hear the beep: 1 .* { decrements } -Enough, thank you. ..................................................++++ ........++++ Key generation completed. It took a 33-386DX a grand total of about 10 minutes to make the key. Now that it has been generated, it has been placed in your key ring. We can examine the key ring using the following command: C:\> pgp -kv Pretty Good Privacy 2.1 - Public-key encryption for the masses. (c) 1990-1992 Philip Zimmermann, Phil's Pretty Good Software. 6 Dec 92 Date: 1993/01/18 20:19 GMT Key ring: 'c:\pgp\pubring.pgp' Type bits/keyID Date User ID pub 1024/7C8C3D 1993/01/18 The Racketeer 1 key(s) examined. We've now got a viable keyring with your own keys. Now, you need to extract your Public Key so that you can have other people encrypt shit and have it sent to you. In order to do this, you need to be able to mail it to them. Therefore, you need to extract it in ASCII format. This is done by the following: C:\> pgp -kxa "The Racketeer " Pretty Good Privacy 2.1 - Public-key encryption for the masses (c) 1990-1992 Philip Zimmermann, Phil's Pretty Good Software. 6 Dec 92 Date: 1993/01/18 20:56 GMT Extracting from key ring: 'c:\pgp\pubring.pgp', userid "The Racketeer ". Key for user ID: The Racketeer 1024-bit key, Key ID 0C975F, created 1993/01/18 Extract the above key into which file? rackkey Transport armor file: rackkey.asc Key extracted to file 'rackkey.asc'. Done. The end result of the key is a file which contains: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.1 mQCNAisuyi4AAAEEAN+cY6nUU+VIhYOqBfcc12rEMph+A7iadUi8xQJ00ANvp/iF +ugZ+GP2ZnzA0fob9cG/MVbh+iiz3g+nbS+ZljD2uK4VyxZfu5alsbCBFbJ6Oa8K /c/e19lzaksSlTcqTMQEae60JUkrHWpnxQMM3IqSnh3D+SbsmLBs4pFrfIw9AAUR tCRUaGUgUmFja2V0ZWVyIDxyYWNrQGx5Y2FldW0uaGZjLmNvbT4= =6rFE -----END PGP PUBLIC KEY BLOCK----- This can be tagged to the bottom of whatever E-Mail message you want to send or whatever. This key can added to someone else's public key ring and thereby used to encrypt information so that it can be sent to you. Most people who use this on USENET add it onto their signature files so that it is automatically posted on their messages. Let's assume someone else wanted to communicate with you. As a result, they sent you their own Public Key: -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.1 mQA9AitgcOsAAAEBgMlGLWl8rub0Ulzv3wpxI5OFLRkx3UcGCGsi/y/Qg7nR8dwI owUy65l9XZsp0MUnFQAFEbQlT25lIER1bWIgUHVkIDwxRHVtUHVkQG1haWxydXMu Yml0bmV0Pg== =FZBm -----END PGP PUBLIC KEY BLOCK----- Notice this guy, Mr. One Dumb Pud, used a smaller key size than you did. This shouldn't make any difference because PGP detects this automatically. Let's now add the schlep onto your key ring. C:\> pgp -ka dumbpud.asc Pretty Good Privacy 2.1 - Public-key encryption for the masses. (c) 1990-1992 Philip Zimmermann, Phil's Pretty Good Software. 6 Dec 92 Date: 1993/01/22 22:17 GMT Key ring: 'c:\pgp\pubring.$01' Type bits/keyID Date User ID pub 384/C52715 1993/01/22 One Dumb Pud <1DumPud at mailrus.bitnet> New key ID: C52715 Keyfile contains: 1 new key(s) Adding key ID C52715 from file 'dumbpud.asc' to key ring 'c:\pgp\pubring.pgp'. Key for user ID: One Dumb Pud <1DumPud at mailrus.bitnet> 384-bit key, Key ID C52715, crated 1993/01/22 This key/userID associate is not certified. Do you want to certify this key yourself (y/N)? n {We'll deal with this later} Okay, now we have the guy on our key ring. Let's go ahead and encrypt a file for the guy. How about having the honor of an unedited copy of this file? C:\> pgp -e encrypt One {PGP has automatic name completion} Pretty Good Privacy 2.1 - Public-key encryption for the masses. (c) 1990-1992 Philip Zimmermann, Phil's Pretty Good Software. 6 Dec 92 Date: 1993/01/22 22:24 GMT Recipient's public key will be used to encrypt. Key for user ID: One Dumb Pud <1DumPud at mailrus.bitnet> 384-bit key, Key ID C52715, created 1993/01/22 WARNING: Because this public key is not certified with a trusted signature, it is not known with high confidence that this public key actually belongs to: "One Dumb Pud <1DumPud at mailrus.bitnet>". Are you sure you want to use this public key (y/N)? y -- Paul Robichaux, KD4JZG | May explode if disposed of improperly. NTI Mission Software Development Div. | RIPEM key on request. From pmetzger at shearson.com Thu Apr 1 10:20:53 1993 From: pmetzger at shearson.com (Perry E. Metzger) Date: Thu, 1 Apr 93 10:20:53 PST Subject: PHRACK: Article from PHRACK 42 on encryption In-Reply-To: <9304011902.AA26513@lambda.msfc.nasa.gov> Message-ID: <9304012043.AA04761@snark.shearson.com> Paul Robichaux says: > Attached is an article from PHRACK 42 written by "The Racketeer." > > Exposing factual errors and flaws in reasoning is left as an exercise > for the reader. > The flaws are big enough to drive a bakery truck through. Its trash. Perry From stig at transam.ece.cmu.edu Thu Apr 1 11:24:31 1993 From: stig at transam.ece.cmu.edu (Jonathan Stigelman) Date: Thu, 1 Apr 93 11:24:31 PST Subject: a blackmail opportunity Message-ID: <232@x15_remote.stigmobile.usa> In message <9303290017.AA05745 at toad.com> you write: >perfect prelude to blackmail. An unscrupulous person running a >remailer can obviously keep records of truenames, along with >messages that their senders do not want associated with them. That's why you use more than one remailer and you encrypt the messages. This guards against single-point failures... >Always encrypting helps with mail, but not with news. > Why? One layer of encription is stripped by each remailer. Use three layers of encription and three remailers: The first remailer will know that you sent something encripted; the third will see the message and the destination but not know that you were the author. stig From tcmay at netcom.com Thu Apr 1 12:27:00 1993 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 1 Apr 93 12:27:00 PST Subject: (fwd) Plan Nine from Cypherspace Message-ID: <9304012311.AA13318@netcom3.netcom.com> I noticed a new group formed, called alt.cabal, and decided to "christen" it with a suitably caballistic message. Don't bother trying to decrypt it, obviously. Perhaps we can simply co-opt alt.cabal for our own uses? -Tim Newsgroups: alt.cabal Path: netcom.com!tcmay From: tcmay at netcom.com (Timothy C. May) Subject: Plan Nine from Cypherspace Message-ID: Organization: Netcom - Online Communication Services (408 241-9760 guest) X-Newsreader: Tin 1.1 PL5 Date: Thu, 1 Apr 1993 22:55:37 GMT -----BEGIN PGP MESSAGE----- Version: 2.2 hIwCVmLN1FTnSD8BBACcHs6kxtMxO2flzZ64d2v9ahYsAPeHVPOujSbgrbCeGk4U xqSFJkcuPY2EulukPQZA9UaImSx/UB6to/puRPl2pQn1qrYwH/irnpTCrsjIVDDo w+tWUA5vbg0LZJP4b/7NZ5u/SUI6cLy4d9abSTJd5kbMkzfNfQVlv7D6NPguoqYA AAIzerOdgHncZ1jEn24ngv4UaqUhZjN0Hf5KjF8yNZt1snugGMMFGCNdfElflkLR fEHOFDDOIWCmpFYv0ACr03CRuXX+wb35iZdZp/lUlSmLvt3wKOyw3zoJ1nWiEwoV mV6wsjHDvg4QIckKzmZFpSX7uGlV6UQLAJW9txsFxRbFFzEY1GoCYDzEhWofW3su h5UPzH2TguBEbAZ/MU1qLtud7+o/Zmfnoj0GleaQvl1bs2GeRGjaklS7/m+WnMy+ k7Y0amFkqj6wf7ML0zN05TkBLS6T/jFX+Re8ffQJIilDVIYjo4nvKe4Q/J9C8Y4+ vViiPxBlJ+177neHTAa8QHO0BTRSsmhoj1b+OjoV7PG0CijKjcsYBDHmoz4gNAv4 UN7pThYSnt2WtkDBfbRmuKyB9CVzEl2kChMYOYnifQ3BK5LvYb2jBLpM4c/ThV04 jHdvMCIsPAAr/lFXdv5jaWHeff9XVhddyhcWP9MYkQ+/Gjle6eV8vfexVotse+Iu nel23SyuzTZjU5/CtGGxVm0aVoiU7X7Y9fg3Q3QOMJP5W0oamaFnJ5kLc7nsGHn7 +kuOmlZ6wb8hmAXb9/YScngWAbJmAEsThnmklxpdjRwV8/j+ScuAxUEJZ8dx/3xY W0w06Oll1Osm/fILU4NkRUxU02CB9hZUfa5k7BYi685gB4e3EEVceT7zbXo+72yh 42h9m3eNBUGGSZCL7X1Zy9JDciT/rOSsU2U31ywSflS7DnANJEo= =VFR9 -----END PGP MESSAGE----- Post response to alt.cabal in normal form. -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. From 74076.1041 at CompuServe.COM Thu Apr 1 13:20:30 1993 From: 74076.1041 at CompuServe.COM (Hal) Date: Thu, 1 Apr 93 13:20:30 PST Subject: REMAIL: Usage statistics Message-ID: <930401235941_74076.1041_FHD46-1@CompuServe.COM> About a month ago, I added a simple logging capability to my remailer, by adding these lines to my maildelivery file: Request-Remailing-To "" pipe R "date >> LOG.REMAIL" Anon-To "" pipe R "date >> LOG.REMAIL" Encrypted PGP pipe R "date >> LOG.ENCRYPTED" Here is a summary of the information from my LOG.REMAIL file. It shows the dates on which a remailed message went through my remailer, with a count of how many messages went through on that day: 1 Tue Mar 2 2 Wed Mar 3 1 Thu Mar 4 7 Fri Mar 5 1 Wed Mar 10 1 Sun Mar 14 1 Mon Mar 15 1 Tue Mar 16 1 Wed Mar 17 1 Thu Mar 18 1 Sun Mar 21 2 Mon Mar 22 10 Tue Mar 23 10 Wed Mar 24 6 Thu Mar 25 7 Fri Mar 26 6 Sat Mar 27 4 Sun Mar 28 1 Mon Mar 29 3 Wed Mar 31 4 Thu Apr 1 These statistics may be useful in considering such approaches as batching or rearranging messages to achieve greater anonymity. Hal 74076.1041 at compuserve.com From phiber at eff.org Thu Apr 1 22:54:28 1993 From: phiber at eff.org (Phiber Optik) Date: Thu, 1 Apr 93 22:54:28 PST Subject: PHRACK: Article from PHRACK 42 on encryption In-Reply-To: <9304012043.AA04761@snark.shearson.com> Message-ID: <199304020654.AA27442@eff.org> > > > Paul Robichaux says: > > Attached is an article from PHRACK 42 written by "The Racketeer." > > > > Exposing factual errors and flaws in reasoning is left as an exercise > > for the reader. > > > > The flaws are big enough to drive a bakery truck through. Its trash. > > > Perry > Welcome to the wonderful world of "Phrack". From trump at pluto.ee.cua.edu Fri Apr 2 07:34:19 1993 From: trump at pluto.ee.cua.edu (Louis Edward Trumpbour) Date: Fri, 2 Apr 93 07:34:19 PST Subject: could someone Message-ID: <9304021534.AA21746@pluto.ee.cua.edu> could someone please re mail me the letter that contains the Phrack 42 article and comentary... my mail was lost and i would like to see this one Clovis From robichau at lambda.msfc.nasa.gov Fri Apr 2 13:11:29 1993 From: robichau at lambda.msfc.nasa.gov (Paul Robichaux) Date: Fri, 2 Apr 93 13:11:29 PST Subject: list ping; ignore Message-ID: <9304022111.AA26160@lambda.msfc.nasa.gov> [ sorry to do this; listmail is only reaching us sporadically and I'm trying to find out why. ] -- Paul Robichaux, KD4JZG | May explode if disposed of improperly. NTI Mission Software Development Div. | RIPEM key on request. From gnu Fri Apr 2 16:11:04 1993 From: gnu (John Gilmore) Date: Fri, 2 Apr 93 16:11:04 PST Subject: Uunet is an "enhanced service provider", not a common carrier In-Reply-To: <9303262102.AA04094@SOS> Message-ID: <9304030010.AA04500@toad.com> I spoke with Mike O'Dell about this; he says uunet is an enhanced service provider. It is not a common carrier. (Let's not discuss this in cypherpunks anyway -- I just wanted to set the record straight.) John From kieran2101 at aol.com Sat Apr 3 09:23:54 1993 From: kieran2101 at aol.com (kieran2101 at aol.com) Date: Sat, 3 Apr 93 09:23:54 PST Subject: could someone Message-ID: <9304031222.tn14272@aol.com> I'd also like a copy of the Phrack article, since my account here clipped off a big chunk of the article at the end. If someone could forward a copy to my account at kieran at mindvox.phantom.com, I'd appreciate it. --Aaron From hughes at soda.berkeley.edu Sat Apr 3 12:06:43 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Sat, 3 Apr 93 12:06:43 PST Subject: WB: public kiosks Message-ID: <9304032003.AA11049@soda.berkeley.edu> One of the necessities of a truly effect whistleblowing system is the existence of public kiosks where anybody can post from--the equivalent of public telephones for the net. This is useful when the sending of any encrypted message at all will be grounds for reprisal. (It is, of course, useful for paranoids as well...) Last night I spoke with Wayne Gregori, who runs a system called sfnet (with some variant of capitalization) here in the Bay Area. sfnet is a coffeehouse network, with public terminals located in various locations in SF, Berkeley, Oakland, etc. There is the equivalent of IRC and private mail for the users, almost all of whom use handles. there is also dialup service available. sfnet just got their internet hookup. It's not integrated into the rest of the software yet; that is being worked on. Wayne is supportive of the idea of putting a whistleblowers interface into the sfnet public terminals. New slogan: Drop the dirty quarter! Eric From grady at netcom.com Sat Apr 3 12:57:04 1993 From: grady at netcom.com (1016/2EF221) Date: Sat, 3 Apr 93 12:57:04 PST Subject: PGP: suggestions from the trench Message-ID: <9304032057.AA06227@netcom.netcom.com> After carefully reading RSA.COM's FAQ (version 1.0 draft 1e [14 Sep 1992] by Paul Fahn; available via anonymous ftp from RSA.COM), I have some comments about the various PGP implementations. First of all: well done! These implementations and ports have taken a lot of unremunerated work from a lot of people. If you compare the number of people registering public keys on the PGP servers such as pgp-public-keys at toxicwaste.mit.edu to the number registering for the RIPEM versions licensed by RSA/PK partners, for example, found on rpub.cl.msu.edu, PGP enjoys an order of magnitude more popularity. So regardless of the outcome of legal, support, standards and interoperability issues, the PGP experiment has already been a tremendous success in letting us common folk learn about effective and convenient public key encryption. One of the great advantages of a popular application is the great number of fingers and eyes that can be used to detect and document problems to make PGP even a greater success. Here are the thoughts of one user: 1. PGP RSA bit lengths are too short. According to RSA's FAQ, the US Government (NSA) does not consider export licenses for RSA moduli used for privacy greater than 512 bits [section 2.23]. This may imply something about NSA's capability in attacking RSA systems with fewer than 512 bits of modulus; Ron Rivest, a co- inventor of RSA, estimates the cost of factoring a 512-bit modulus *today* at $8.2 million dollars (much less of course in the future) [section 2.8]. Although it is true that the time to generate a new RSA key goes as the order of 16 times the modulus length, this is only done once or a very few times. Encryption and signature verification time on the other hand goes only as the order of four time the modulus length [section 2.8]. And the faster computers of tomorrow will virtually eliminate this performance penalty compared to the vastly increased time required for a factoring attack on RSA moduli that increasing its size entails. Taking all these factors into consideration, I would suggest that the *minimum* size of the RSA modulus available for PGP is 1024 bits with a minimum ceiling of 2048 bits (or even more). If for performance reasons on certain platforms 1024 is deemed impossibly slow, then a lesser number of bits ought to be permitted *provided* that the security level for any key length under, say, 768 bits is clearly labeled "TOY GRADE". And because factoring security is a moving target with increases in computer speed and factoring methods, rather than the static (and rather melodramatic) labels of "commercial grade," military grade", and so on, the labels ought to be specific years that intelligent estimates (such as Ron Rivest's) that that size modulus will be factored by a determined opponent. For example, 512 bits should be labeled "1992", 768 bits labeled "2005", 1024 bits labeled "2020", and so on, using an estimate of about 15-20 bits a year of modulus degradation. This also supplies a clue as to selecting intelligent public key expirations given individual security goals. While this may seem too conservative, consider that many public moduli kept by a certifying authority may be attacked in parallel, similar to cracking a passwd file NOT using a salt. We must be *absolutely sure* that the theoretical basis of the encryption function is the paramount consideration in PGP. 2. The hash function generates too short a digest. In section 6.3 of the RSA FAQ, RSA recommends MD5 with its 128 bit digest when using 512 bit or shorter RSA keys. This is because they estimate the work factor of breaking a 128 bit digest is on the order of 2^64 operations or roughly equivalent today to factoring 512 bit numbers. If PGP increases the minimum recommended modulus size but does not simultaneously increase the hash digest size, then attacks such as "guessed plaintext," where guesses are made as to the IDEA key being encrypted under RSA are made compared to a trial RSA encryption, will become more and more attractive. The RSA FAQ recommends using the SHS (Secure Hash Standard) [available from csrc.nist.gov] which generates a 160 bit digest or a modified MD4 algorithm that produces a 256 bit digest. In any event, the 128 bit IDEA key to be encrypted under RSA ought to at the very least have a 64 or 128 bit random salt (that will later be discarded) appended before RSA encryption to thwart the "guessed plaintext" attack on RSA. According to the RSA FAQ, MD4 and MD5 are available for unrestricted use via RSA.COM or ftp.nisc.sri.com as rfc1320 (MD4) and rfc1321 (MD5). 3. Triply encrypted DES with CBC ought to be another "conventional encryption" option under PGP menus. RSA FAQ cites Campbell and Wiener's "Proof that DES is not a group" (Advances in Cryptology - Crypto '92 Springer-Verlag, New York 1993, To appear) that proves that DES with multiple encryption does indeed spread the encryption mapping over a broader space and thus presumably increases the work factor to direct cryptanalysis. IDEA, while attractive in speed, size and theory, has no such group-free proof and has not long withstood the public scrutiny that DES has endured. Three 56 bit keys could easily be derived from a single MD4 256 bit digest (with an additional 64 bits of Initializing Vector, to boot) to double the brute-force key guessing DES work factor to roughly 112 bits. A slightly non- standard version such as Outerbridge/Lau/Gillogly/Karn's newdes, which is provably at *least* as secure as plain DES, might be used in order to thwart dedicated DES hardware attacks. 4. Add a "enter random seed" option in addition to keystroke timing. It is suspected that the timing biases in keystroke timing is far more pronounced than rolls of an ordinary die, especially over the broad range of platforms that PGP has been ported to. A useful option to make user rest easier about the amount of bias in the random seeding for the search for the public-key RSA modulus and the generation of conventional (IDEA and triple-DES keys) would be to permit the direct data entry of fifty or sixty rolls of a die to further disperse the original seed. Given the difficulty of obtaining noisy diodes or sources counting radioactive decay, rolling dice is probably the easiest and comparatively least biased of ways of selecting random seeds [see Knuth v.2] *and* is under the direct personal control of the user. 5. Offer a "use strong primes" option in RSA key generation. While it is true that as it is said in the RSA FAQ [section 2.7] and the PGP documentation that "strong primes" may not now be necessary given the non-favoritism of ECM ("elliptic curve method") of factoring (Lenstra: Factoring integers with elliptic curves. Annals of Mathematics 126:649-673, 1987), there is only the one-time penalty of selecting "strong" primes in public key generation and, as the RSA FAQ suggests, future breakthroughs in factoring technique may very well once again favor the "strong" prime over the garden variety one. 6. Probably my most urgent recommendation: I use MacPGP 2.2 and it did not come with a) a source b) a digitally-signed archive or c) a pointer to send bug reports. Without these features it is very hard to make specific implementation bug reports or interface improvement suggestions. As the RSA FAQ says in section 2.6: "In practice, most successful attacks will likely be aimed at insecure implementations and at the key management stages of an RSA system." Please, please include the source to the Mac version (or upon request), or at least an object map so I can effectively disassemble and test portions of the code. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.2 mQCOAiumM0QAAAED+JPD8OULO2aXRvU2FDksMjJeGT96kGK5eJK1grkXuIHz+6pe jiedYOv72kBQoquycun191Ku4wsWVTz6ox/bpReBs5414OTPzQVJgWQzCW1N4BfV Wr4eEn3qnFsVLXXxk3oYGydIeJcmelSyuPSq/Oq7Q+eHkKgjqxDTjVMu8iEAEQEA AbABh7QuR3JhZHkgV2FyZCAgPGdyYWR5QG5ldGNvbS5jb20+ICAoNzA3KSA4MjYt NzcxNbABAw== =e3rN -----END PGP PUBLIC KEY BLOCK----- Comments appreciated. Grady Ward grady at netcom.com From karn at qualcomm.com Sat Apr 3 16:56:53 1993 From: karn at qualcomm.com (Phil Karn) Date: Sat, 3 Apr 93 16:56:53 PST Subject: TEMPEST in a teapot Message-ID: <9304040056.AA07411@servo> A few minor comments on a pretty comprehensive and well written article. Although TEMPEST is closely related to EMI shielding, remember that TEMPEST is concerned only with *information bearing* radiations, not interference. In particular, the switching power supply, a potentially prodigious source of EMI, is not a significant TEMPEST issue because power supply emissions carry little if any information. (Varying loads might cause minor modulations of switching frequencies, etc, but this is probably something that only the paranoid "covert channel" types worry about. Maybe you coull tell when the floppy drive motor starts and stops, but I doubt you could do much else.) Who knows, cutting down on power supply radiation might make it easier to extract information from the emissions that remain, because of the jamming effect of power supply noise. But don't let that stop you. It's your duty to your neighbors to emit as little RF noise as possible. When I lived in New Jersey, I learned to my chagrin that my two PC clones made my next door neighbor's AM radio useless. Only 25 miles from New York, he was unable to listen to WABC, a 50KW clear channel AM station! The problem disappeared completely when I installed some inline AC RFI filters in the power supplies. Since we shared a pole transformer, I theorize that the noise was conducted from my computer to his radio directly over the power lines. Which brings me to my next point. I have not seen *any* clone-grade PC power supplies with adequate power line filtering. They have a minimal LC lowpass network on the power supply board itself, but this is usually inadequate. Whenever I buy a new power supply, the first thing I do when I get it home is to replace the IEC power connector with an integrated, shielded power connector/RFI line filter. These devices are widely available for several dollars from electronics surplus houses and amateur radio "hamfests". I also use power cords with built-in ferrite "lumps" but these are probably harder to find (one particular hamfest vendor had a lot of them a few years ago, but I haven't seen them since.) Modern monitors are *much* better shielded than the early PC monitors, especially those no-name Korean or Taiwanese copies of the original IBM PC monochrome monitor. If you have the misfortune of owning one of those old monitors, as I do on one of my systems, chances are the lion's share of its emissions are coming from the +70V power lead that runs from the main circuit board to the video output stage on the base of the CRT. (Note! Do NOT confuse this with the high voltage lead going to the anode of the CRT!) The +70V power line to the video output driver acts as an antenna for radiated video signals that can be *quite* strong. I suspect that the reports we've seen of successfully picking up the image on a computer display were taking advantage of this. To fix the problem, just replace the plain wire with a piece of shielded coax, bypass the ends with .01 or .1 uF capacitors of sufficient working voltage, and ground the shields to circuit board ground on both ends. Phil From marc at Athena.MIT.EDU Sat Apr 3 18:07:59 1993 From: marc at Athena.MIT.EDU (Marc Horowitz) Date: Sat, 3 Apr 93 18:07:59 PST Subject: MEET: I'm going West! (Bay Area) Message-ID: <9304040207.AA00881@deathtongue> I'm going to be at a meeting at the Westin hotel in Milbrae, CA. I'm taking an early-morning (ugh) flight out on Tuesday, and I'm red-eye'ing back Friday night/Saturday morning (to be back for the Boston Area Cypherpunks meeting :-) I should be free in the evenings, namely, Tuesday, Wednesday, and Thursday nights. I'd be interested in getting together with people to exchange signatures, talk about stuff, eat dinner, or whatever. I can be reached by email at , which I should be reading remotely, or you can leave a message for me at the hotel at 415-692-3500. Marc From mdiehl at triton.unm.edu Sat Apr 3 21:58:14 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Sat, 3 Apr 93 21:58:14 PST Subject: PGP help and comments. Message-ID: <9304040558.AA17596@triton.unm.edu> I am really learning to love PGP, and I haven't even used it much yet! I'm insisting that all my friends get keys. But.... I would like to set up two secret keys for myself. One 512 bits long and another 1024 bits long. I'll distribute the short one. I'll give the long one to trusted and close friends. I'm having difficulty setting it up so that pgp defaults to using the short key to encrypt stuff. Note that I want the same user id for both, but perhapse with a "secure" flag in the user id of the large key. How can I do this? Can we get someone to compile and distribute pgp for the amoeba, er, I mean Amiga? ;^) My friend has one, but no C compiler. Some suggestions for future versions... Is there any chance of pgp cloaking it's ascii armoured output to look like uuencoded data? I would like to use pgp on the mainframes, but don't want to store my secret key on their disks. Would it be possible to have pgp accept it's secret key via stdin. I could do an ascii upload of my secret key and never expose my key to disk-storage. How about password protecting pgp itself. No one could use my copy of pgp unless they knew my password. And only my copy of pgp could decrypt my secret key. Just a thought. How about a -wn option that would wipe the original file 'n' times. Like pgp -wen10 very_secret_stuff cohort. That should keep even Big Brother from prying. Is it possible to have pgp develope a third key that looks just like a regular key except that when it is used in place of your secret key, it produces an alternate plaintext. This way, if Big Brother "requested" you'r key, and you needed to dissavow all of you'r messages, you could exchange the third key for you'r secret key. When someone used this key, they'd get some insulting message that may or may not have been the original message...and there'd be no way of knowing. I kinda doubt it on this one, but wouldn't it be nice! Geez, have I really gone on for 40 lines? Sorry about that, but any comments? Hope to hear from you. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.2 mQBNAiu21SIAAAECAMKkKKP4JIxSPR7rOUZ7mbi6yDPfFa7T6zOtOBX8iI939tIU 9JFTxdyvTejK3qmYDGozNaqySQ/0++nGqZgikcsABRG0LUouIE1pY2hhZWwgRGll aGwsIG1lLCA8bWRpZWhsQHRyaXRvbi51bW4uZWR1Pg== =YquS -----END PGP PUBLIC KEY BLOCK----- From i6t4 at jupiter.sun.csd.unb.ca Sat Apr 3 22:47:55 1993 From: i6t4 at jupiter.sun.csd.unb.ca (Nickey MacDonald) Date: Sat, 3 Apr 93 22:47:55 PST Subject: PGP help and comments. In-Reply-To: <9304040558.AA17596@triton.unm.edu> Message-ID: My comments below... --- Nick MacDonald | NMD on IRC i6t4 at jupiter.sun.csd.unb.ca | PGP 2.1 Public key available via finger On Sat, 3 Apr 1993, J. Michael Diehl wrote: > I am really learning to love PGP, and I haven't even used it much yet! I'm > insisting that all my friends get keys. But.... I have been 'introducing' my friends to PGP too... I figure that its no good if I have a key, but no one to use it with... :-) Its amazing how many people will take the time to play with an interesting new toy... > I would like to set up two secret keys for myself. One 512 bits long and > another 1024 bits long. I'll distribute the short one. I'll give the long > one to trusted and close friends. I'm having difficulty setting it up so that > pgp defaults to using the short key to encrypt stuff. Note that I want the > same user id for both, but perhapse with a "secure" flag in the user id of the > large key. How can I do this? I'm not too sure here... but PGP should default to using the newest (youngest) key on you private key ring... If you have two of them with the same name, I'm not sure how you could choose other than the first... The trick here might be to a a key size option to PGP, to say I want the key that is (or is at least) n bits in size. > Can we get someone to compile and distribute pgp for the amoeba, er, I mean > Amiga? ;^) My friend has one, but no C compiler. I'll not get into computer wars... I'll just say that I'll take an Amiga over an IBM clone any day! >;-) As far as I can tell.. there are folx out there that make sure the Amiga version goes public pretty soon after a new version is released... I've hade 2.2 since about 3 days after I knew it was released... There are a series on AmiNet "mirrors" all over the world, the one that most IBM'ers would recognize right off being wuarchive.wustle.edu (128.252.135.4) in /pub/aminet/util/crypt. > Some suggestions for future versions... I have some options on some of your ideas, but I'll save them for another post at another time.. :-) From mccoy at ccwf.cc.utexas.edu Sat Apr 3 23:58:38 1993 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Sat, 3 Apr 93 23:58:38 PST Subject: PGP help and comments. In-Reply-To: <9304040558.AA17596@triton.unm.edu> Message-ID: <9304040758.AA07164@tigger.cc.utexas.edu> J. Michael Diehl writes: > > I would like to use pgp on the mainframes, but don't want to store my secret > key on their disks. Would it be possible to have pgp accept it's secret key > via stdin. I could do an ascii upload of my secret key and never expose my > key to disk-storage. This is even more dangerous than storing it on the disks of a multi-user machine. Unless you are running in a kerberos environment it is trivial to snoop your upload off the network, and even without that weakness you are exposing yourself to the same problem that the docs mention (it is really pretty easy to scan someone's terminal input) only you are giving them the key outright instead of only giving them the passphrase to your key. Bad idea. jim From ebrandt at jarthur.Claremont.EDU Sun Apr 4 00:05:14 1993 From: ebrandt at jarthur.Claremont.EDU (Eli Brandt) Date: Sun, 4 Apr 93 00:05:14 PST Subject: jarthur remailer has PGP Message-ID: <9304040805.AA19784@toad.com> Snarfed PGP 2.2 and found it more successful on a Symmetry than 2.1, which I couldn't get to stop dumping core on keygen. So the remailer on jarthur now supports encryption, I think. Bang on it and see if you agree. The jarthur remailer's key: (512 bits only, it's on an insecure box) -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.2 mQBNAiu+hVUAAAECAMVjEfl2IMNgSOJ+/fx1V6EbH50ofa6K4r1PBKMmkcHQextP ghwC4lXIgaAWUlLJ9x61+qf4jB5fpNUZLrF9FUsABRG0NWphcnRodXIgcmVtYWls ZXIgIGMvbyA8ZWJyYW5kdEBqYXJ0aHVyLmNsYXJlbW9udC5lZHU+ =Zxy7 -----END PGP PUBLIC KEY BLOCK----- The makefile paragraph: symmetry_gcc: $(MAKE) all CC=gcc LD=gcc OBJS_EXT=_80386.o \ CFLAGS="-O -I. -DNOTERMIO -D_BSD -DUNIX -DUSE_NBIO $(BYTEORDER) -Di386" Logging is turned back on until the glitches are out. Enjoy. PGP 2 key by finger or e-mail Eli ebrandt at jarthur.claremont.edu From mdiehl at triton.unm.edu Sun Apr 4 00:18:19 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Sun, 4 Apr 93 00:18:19 PST Subject: PGP help and comments. In-Reply-To: <9304040758.AA07164@tigger.cc.utexas.edu> Message-ID: <9304040818.AA20036@triton.unm.edu> >J. Michael Diehl writes: >> I would like to use pgp on the mainframes, but don't want to store my secret >> key on their disks. Would it be possible to have pgp accept it's secret key >> via stdin. I could do an ascii upload of my secret key and never expose my >> key to disk-storage. > > This is even more dangerous than storing it on the disks of a multi-user > machine. Unless you are running in a kerberos environment it is trivial to > snoop your upload off the network, and even without that weakness you are > exposing yourself to the same problem that the docs mention (it is really > pretty easy to scan someone's terminal input) only you are giving them the > key outright instead of only giving them the passphrase to your key. Point taken. > > Bad idea. Sure is. Thanx. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.2 mQBNAiu21SIAAAECAMKkKKP4JIxSPR7rOUZ7mbi6yDPfFa7T6zOtOBX8iI939tIU 9JFTxdyvTejK3qmYDGozNaqySQ/0++nGqZgikcsABRG0LUouIE1pY2hhZWwgRGll aGwsIG1lLCA8bWRpZWhsQHRyaXRvbi51bW4uZWR1Pg== =YquS -----END PGP PUBLIC KEY BLOCK----- From warlord at Athena.MIT.EDU Sun Apr 4 00:52:45 1993 From: warlord at Athena.MIT.EDU (Derek Atkins) Date: Sun, 4 Apr 93 00:52:45 PST Subject: MEET: Boston area Cypherpunks Meeting In-Reply-To: <9303311907.AA22588@milquetoast.MIT.EDU> Message-ID: <9304040852.AA13135@hodge> -----BEGIN PGP SIGNED MESSAGE----- The FIRST Boston-area cypherpunks meeting: Date: Saturday, April 10, 1993 Time: 12 noon - ~5 pm Where: MIT Room 1-115 If you need better directions, please feel free to send me e-mail, or you can call me at 617 868-4469. Hope to see people there! - -derek PGP 2 key available upon request on the key-server: pgp-public-keys at toxicwaste.mit.edu - -- Derek Atkins, MIT '93, Electrical Engineering and Computer Science Secretary, MIT Student Information Processing Board (SIPB) MIT Media Laboratory, Speech Research Group warlord at MIT.EDU PP-ASEL N1NWH -----BEGIN PGP SIGNATURE----- Version: 2.2 iQBuAgUBK76hsTh0K1zBsGrxAQHD7ALFExaf+JQ3l21P1c5Tuxx2RdKy/AsLLZo1 D6Y0LsaPe7YEW9bofbQr0HKdW08KvZgDHowUomjCFgLRVJPtwyTJkqWuL4424/XU cuSe+LWeNJ+llrbosFgsk/o= =wZJR -----END PGP SIGNATURE----- From gg at well.sf.ca.us Sun Apr 4 03:31:52 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Sun, 4 Apr 93 03:31:52 PDT Subject: WB: public kiosks Message-ID: <199304041031.AA11760@well.sf.ca.us> Re public kiosks; recall that Community Memory started the idea of coin-operated kiosks years ago; and presumably still has terminals located around town. The technology is quite simple apparently. Could be genralised pretty easily. The terminals are connected to their servers via off-premise extension circuits, which allow keeping the lines open fulltime at no per-minute charge. Then you drop coins in order to respond to stuff. This of course requires a server in evrey local exchange area where you want terminals, but that should be no problem in most places. -gg From x62727g2 at usma8.USMA.EDU Sun Apr 4 10:07:07 1993 From: x62727g2 at usma8.USMA.EDU (Gatlin Anthony CDT) Date: Sun, 4 Apr 93 10:07:07 PDT Subject: Mailing LIst Message-ID: <9304041704.AA14583@usma8.usma.edu> I am very very interested in getting on your mailing list. PLease include me. Thank you. Anthony GAtlin ------------------------------------------------------------------------------ Notice: In accordance with Title 18 USC 2511 and 18 USC 2703, any monitoring of this communication without a Federal warrant or consent of sender or receiver is in violation of Federal Law. Consent for monitoring is not given. From treason at gnu.ai.mit.edu Sun Apr 4 13:14:32 1993 From: treason at gnu.ai.mit.edu (treason at gnu.ai.mit.edu) Date: Sun, 4 Apr 93 13:14:32 PDT Subject: Second posting (emucs) Message-ID: <9304042014.AA15614@spiff.gnu.ai.mit.edu> This is the second posting I have posted about emucs (encrypted multi-user chat system) on the list. I am hoping to get a little more involvement from stable coders to help develop this product. Most of you are knowledgable of irc and how flawed it is, the ease of logging, and the fascism of the operators therof. I want to alleviate this problem by producing a multi-user chat system involving 1 server and up to 50 clients which is counterproductive to promoting logging and such. My design is easy: All messages sent from a user will be encrypted(pgp) by the pc(msdos machine initially) before its sent over the phone line, to the server. The server will then determine if the message is public or private (very easy to do) and if private, will decrypt it using the servers public key. It will then pass the message to all users on the server in unencrypted format. If it is private the server will pass it directly to the recieving party, who's client will decrypt it (if its private the sender must have the receiver's public key) and display it to their view screen. I was considering encrypting and handling everything in a private manner, but have decided that this would be more than too much load on the recieving pc's so have decided to keep only private messages completely secure. When the person wanting to engage in the chat decides to run the client, he would supply his pass phrase as a command line parameter, and it would be stored in memory until the chat is terminated. Any time a private message comes to him the client would automatically decrypt it with his key and pass phrase. There will be key handling and exchanging utilities built into the server. The client will allow for vt100 emulation and will work as a terminal program until the chat is entered, at which time, the client wwill be prompted by the server to start its new function(ie. encryption). If anyone has any ideas or wishes to help me with this, please respond to treason at gnu.ai.mit.edu and explain what you can do, or what ideas you have. On the last posting of this sort, there was very little response, which frightens me because of the serious need for this kind of software. Treason at gnu.ai.mit.edu From zane at genesis.mcs.com Sun Apr 4 13:45:16 1993 From: zane at genesis.mcs.com (Sameer Parekh) Date: Sun, 4 Apr 93 13:45:16 PDT Subject: Looking for PGP porting help Message-ID: I'm busy (actually, I'm procrastinating doing my schoolwork ;-) porting PGP 2.2 to the Apple IIGS. I have two problems and one question-- The question: Who should I contact with the fact that I'm doing this port so that once a new version of PGP comes out all my porting work isn't lost? The problems: I'm not a very experienced C programmer/porter. I seem to be one of two people in the Apple IIGS community who's interested in porting PGP. (The other is even LESS experienced at C-- he just learned C recently.) Any ideas? Thanks, -- | Sameer Parekh-zane at genesis.MCS.COM-PFA related mail to pfa at genesis.MCS.COM | | Apprentice Philosopher, Writer, Physicist, Healer, Programmer, Lover, more | | "Be God" - Me __ "Specialization is for Insects" - Robert A. Heinlein ____/ \_____________/ \____________________________________________________/ From szabo at techbook.com Sun Apr 4 15:20:37 1993 From: szabo at techbook.com (Nick Szabo) Date: Sun, 4 Apr 93 15:20:37 PDT Subject: Keys on public machines Message-ID: [lost attributions, sorry] >> I could do an ascii upload of my secret key and never expose my >> key to disk-storage. >> > This is even more dangerous than storing it on the disks of a multi-user > machine. Unless you are running in a kerberos environment it is trivial to > snoop your upload off the network... I don't find the risk of a real-time snoop to be as bad as the risk of a future snoop finding my private key alongside encrypted files that have been stored forever (backups). To mitigate either problem, how about having two layers of encryption: a private key to decrypt files for reading on a public machine, and a second public/private pair to reencrypt the files for storage and transmission to the home machine. The public machine knows the first private key (if snooped) and the second public key; only the home machine knows the second private key. Snooping the first private key compromises only unread and future messages until the key is changed. Messages archived in the reencrypted state are secure, but messages archived in the unread state with the first private key are still compromised forever. Is backing up mail directories a common practice? Are there (probably system-dependent) ways to avoid backups, such as anticipating or detecting when backups are about to occur, hidden directories, file permissions, etc? Also, this system introduces some user hostility, in that reencrypted files cannot be read again until moved to the home machine. Another idea is to implement the relevant features of Kerberos in a high-level client/server package that can be used to secure personal network communications of this kind. The package could be distributed with PGP. Nick Szabo szabo at techbook.com From trump at pluto.ee.cua.edu Sun Apr 4 16:53:36 1993 From: trump at pluto.ee.cua.edu (Louis Edward Trumpbour) Date: Sun, 4 Apr 93 16:53:36 PDT Subject: PGP 2.2 for mac Message-ID: <9304042354.AA04977@pluto.ee.cua.edu> yes i am looking for pgp 2.2 for mac so if anyone knows where i can find it or if anyone can tell me if they can uuencode it and mail it to me (please contact me before mailing) i would be most greatful... i do not have a mac but i have a friend at the university of wisconsin that i feel sould have pgp... so as i plea for help into the black hole of the internet cypherpunk remailer i hope to hear some feed back.... also do the people in dc want to get a cypher punk meeting together??? i am wi willing to organize... Clovis From wixer!pacoid at cactus.org Sun Apr 4 17:31:28 1993 From: wixer!pacoid at cactus.org (Paco Xander Nathan) Date: Sun, 4 Apr 93 17:31:28 PDT Subject: CONF - "CopCon", organized by B Sterling Message-ID: <9304042359.AA22084@wixer> Electronic Frontier Foundation -- Austin in conjunction with The University Co-op and The University of Texas Computer Science Department Presents ..from the Federal Computer Investigations Committee, Federal Law Enforcement Training Center, and the International Association of Computer Investigation Specialists: GAIL THACKERAY Maricopa County prosecuting attorney, Phoenix, Arizona speaking on: computer crime in the 1990s, "Operation Sundevil," corporate PBX fraud, boiler-room consumer-fraud rackets, credit-card rip-offs, pirate bulletin-board systems, and outlaw hacking! Sunday, April 18, 1993, 1:30PM-3:30PM UT Campus, Taylor Hall, room 2.106 TO BE FOLLOWED BY: C O M P U T E R S E C U R I T Y S O I R E E ! UT Co-op, Second Floor, Computer Books Section From 3:30 PM -- (?) where Ms. Thackeray will greet the Austin public and answer questions from any and all interested parties! FREE!! ..another EFF-Austin service to the Texan computer community EFF-Austin, PO Box 18957, Austin, Texas 78760 eff-austin at tic.com From gnu at cygnus.com Sun Apr 4 17:56:05 1993 From: gnu at cygnus.com (gnu at cygnus.com) Date: Sun, 4 Apr 93 17:56:05 PDT Subject: Problems with "high quality" random number generators, FYI Message-ID: <9304050056.AA05690@cygnus.com> Good sources of randomness are key to good cryptography. Date: 03 Apr 1993 13:04:37 -0700 (MST) From: uunet!asgard.lpl.Arizona.EDU!schulze at uunet.UU.NET (Dean Schulze) Subject: Problems with "high quality" random number generators To: na.digest at surfer.EPM.ORNL.GOV Cc: numeric-interest at validgh.com Message-Id: <9304032004.AA06752 at asgard.lpl.Arizona.EDU.LPL-West> A recent Physical Review Letter [1] points out that serious problems can arise in Monte Carlo computations due to subtle correlations in "high quality" random number generators. The quality of these number generators was determined to be "good" because they passed a battery of tests for randomness. However, they produced erroneous results when used together with the Wolff algorithm for cluster-flipping in a simulation of a 2 dimensional Ising model for which the results are known. The author of this Letter, Alan M. Ferrenburg of the University of Georgia, says that an algorithm must be tested together with the random number generator being used regardless of which tests the random number generator has passed on its own. In another development, Shu Tezuka of IBM, Tokyo and Pierre L'Ecuyer of the University of Montreal have proven that the Marsaglia-Zaman random number generators are "essentially equivalent" to linear congruential methods [2]. (Linear congruential number generators produced better results in Ferrenburg's simulations than random number generation algorithms that are of higher quality, however.) [1] Alan M. Ferrenburg, D.P. Landau, and Y. Joanna Wong, "Monte Carlo simulations: Hidden errors from 'good' random number generators", Phys. Rev. Lett., 69, pp. 3382-4, 1992. [2] Science News, v142, pg. 422, 1992. ------- End of Forwarded Message From mdiehl at triton.unm.edu Sun Apr 4 19:06:26 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Sun, 4 Apr 93 19:06:26 PDT Subject: PGP help and comments. In-Reply-To: Message-ID: <9304050206.AA13467@triton.unm.edu> > [lost attributions, sorry] So did I! ;^) > >> I could do an ascii upload of my secret key and never expose my > >> key to disk-storage. > > This is even more dangerous than storing it on the disks of a multi-user > > machine. Unless you are running in a kerberos environment it is trivial to > > snoop your upload off the network... > I don't find the risk of a real-time snoop to be as bad as the risk > of a future snoop finding my private key alongside encrypted files that > have been stored forever (backups). I am the writer of the original post, and I quite agree with the responce that said that this was a bad idea. The whole point in being secure, is being as secure as possible. > To mitigate either problem, how about having two layers of encryption: a > private key to decrypt files for reading on a public machine, and a second > public/private pair to reencrypt the files for storage and > transmission to the home machine. The public machine knows > the first private key (if snooped) and the second public key; only the > home machine knows the second private key. Snooping the first private You still have to store a secret key somewhere. And to do that, you must trust your system administrater..... > key compromises only unread and future messages until the key is > changed. Messages archived in the reencrypted state are secure, but > messages archived in the unread state with the first private key are > still compromised forever. Is backing up mail directories a common > practice? Are there (probably system-dependent) ways to avoid backups, > such as anticipating or detecting when backups are about to occur, > hidden directories, file permissions, etc? > > Also, this system introduces some user hostility, in that > reencrypted files cannot be read again until moved to the > home machine. It was suggested that I keep my public keyring on the mainframe and use it to read mail. When I want to send mail, I encrypt it at home and upload it into my mailer. This is what I do now. I forgot who you were, but you gave me a good idea. Thanx. > Another idea is to implement the relevant features of Kerberos in > a high-level client/server package that can be used to secure personal > network communications of this kind. The package could be distributed > with PGP. What are these features? I don't know what kerberos is. +----------------------+----------------------------------------------------+ | J. Michael Diehl ;-) | I thought I was wrong once. But, I was mistaken. | | +----------------------------------------------------+ | mdiehl at triton.unm.edu| "I'm just looking for the opportunity to be | | Thunder at forum | Politically Incorrect! | | (505) 299-2282 | | +----------------------+----------------------------------------------------+ From mdiehl at triton.unm.edu Sun Apr 4 23:38:08 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Sun, 4 Apr 93 23:38:08 PDT Subject: PGP help Message-ID: <9304050638.AA25783@triton.unm.edu> Hi all. The manual for pgp ver. 2.2 says that it can encrypt a file for receipt by multiple users, pgp -e file user1 user2. I can't seem to get it to work. It creates one file, readable by user1. I'm using the msdos version. What am I doing wrong? Thanx in advance. +----------------------+----------------------------------------------------+ | J. Michael Diehl ;-) | I thought I was wrong once. But, I was mistaken. | | +----------------------------------------------------+ | mdiehl at triton.unm.edu| "I'm just looking for the opportunity to be | | Thunder at forum | Politically Incorrect! | | (505) 299-2282 | | +----------------------+----------------------------------------------------+ From warlord at MIT.EDU Mon Apr 5 00:08:07 1993 From: warlord at MIT.EDU (Derek Atkins) Date: Mon, 5 Apr 93 00:08:07 PDT Subject: PGP help In-Reply-To: <9304050638.AA25783@triton.unm.edu> Message-ID: <9304050708.AA01498@deathtongue> -----BEGIN PGP SIGNED MESSAGE----- > The manual for pgp ver. 2.2 says that it can encrypt a file for receipt by > multiple users, pgp -e file user1 user2. I can't seem to get it to work. > It creates one file, readable by user1. I'm using the msdos version. > > What am I doing wrong? This should create a single file which is readable by both users, user1 and user2. Did you try giving this file to user2 and have them decrypt it? Is user2 using PGP 2.2, or an earlier version? It doesn't look like you are doing anything wrong... - -derek PGP 2 key available upon request on the key-server: pgp-public-keys at toxicwaste.mit.edu - -- Derek Atkins, MIT '93, Electrical Engineering and Computer Science Secretary, MIT Student Information Processing Board (SIPB) MIT Media Laboratory, Speech Research Group warlord at MIT.EDU PP-ASEL N1NWH -----BEGIN PGP SIGNATURE----- Version: 2.2 iQBuAgUBK7/awTh0K1zBsGrxAQGwKwLDBE/AgE5YY84RDMIcXa/qW7qEkgAd+jZW Wl5wXZDGrgbWZuZOiR9HKnEs4HzJtGrhi5DmDwPTVXu/rASU6trS1suk5thK/Fu8 TuDKvGX/6S+tOGQlgdRDdDg= =a8mO -----END PGP SIGNATURE----- From hughes at soda.berkeley.edu Mon Apr 5 11:58:33 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Mon, 5 Apr 93 11:58:33 PDT Subject: wpcrack on archive site Message-ID: <9304051855.AA28910@soda.berkeley.edu> I just put up Ron Dippold's wpcrack code up on the ftp site, a program that breaks the (very bad) encryption of Word Perfect files. The distribution is four files wpcrack.c wpcrack.doc wpuncryp.c wpuncryp.doc in directory pub/cypherpunks/cryptanalysis. The anonymous ftp site is soda.berkeley.edu. Eric From hughes at soda.berkeley.edu Mon Apr 5 17:28:01 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Mon, 5 Apr 93 17:28:01 PDT Subject: WB: public kiosks In-Reply-To: <199304041031.AA11760@well.sf.ca.us> Message-ID: <9304060025.AA04499@soda.berkeley.edu> >Re public kiosks; recall that Community Memory started the idea of >coin-operated kiosks years ago; and presumably still has terminals located >around town. For those of you not familiar with Community Memory, it is a Berkeley only system intended to make community stronger in Berkeley. Steven Levy wrote about it in _Hackers_. SFNET is an expanding commercial service; I want to use SFNET as an example a springboard for much wider deployment of public access to whistleblowing. Eric From stig at transam.ece.cmu.edu Mon Apr 5 19:42:37 1993 From: stig at transam.ece.cmu.edu (Jonathan Stigelman) Date: Mon, 5 Apr 93 19:42:37 PDT Subject: PGP help and comments. Message-ID: <243@x15_remote.stigmobile.usa> In message <9304040758.AA07164 at tigger.cc.utexas.edu> you write: > >This is even more dangerous than storing it on the disks of a multi-user >machine. Unless you are running in a kerberos environment it is trivial to >snoop your upload off the network, and even without that weakness you are >exposing yourself to the same problem that the docs mention (it is really >pretty easy to scan someone's terminal input) only you are giving them the >key outright instead of only giving them the passphrase to your key. > Yeah.... So if your key can be snooped off the net, so can your cleartext. To decript online, then, is akin to using only weak encription...which indicates only the desire for limited privacy. But if even if you do decript online, you're still protected from file snooping. What's needed is PGP decription built into your terminal program. stig From mdiehl at triton.unm.edu Tue Apr 6 00:44:07 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Tue, 6 Apr 93 00:44:07 PDT Subject: PGP error. Message-ID: <9304060743.AA28329@triton.unm.edu> When I use the following command line in a batch file, I get a Compression/ decompression error. No files are created. The contents of the batch file is: pgp -es %1 %2 Diehl Where %1 is the name of the file to send, and %2 is the other person's name. What am I doing wrong, or is ther a problem with my pgp? Thanx in advance. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.2 mQA9Aiu/jVAAAAEBgM2F5mSlCA+KRd6TXIrqmPfiiAEytwSttZs7Yua939GMu2mP JL+5Qpi/ZKqF2nAJAwAFEbQsSi4gTWljaGFlbCBEaWVobCwgMSwgPG1kaWVobEB0 cml0b24udW5tLmVkdT4= =lyvx -----END PGP PUBLIC KEY BLOCK----- From Marc.Ringuette at GS80.SP.CS.CMU.EDU Tue Apr 6 11:25:46 1993 From: Marc.Ringuette at GS80.SP.CS.CMU.EDU (Marc.Ringuette at GS80.SP.CS.CMU.EDU) Date: Tue, 6 Apr 93 11:25:46 PDT Subject: WB: public kiosks Message-ID: <9304061825.AA28189@toad.com> Public kiosks are OK as a simple and moderately effective technique for assuring anonymity, and they're ideal for a security-naive person who is unable to verify the security of a more complex system. But for my own use, I am much more confident in the security guarantee given by encryption on a portable computer and anonymizing using Chaum-style remailers... -- Marc Ringuette (mnr at cs.cmu.edu) From skyhawk at first.cac.washington.edu Tue Apr 6 12:47:52 1993 From: skyhawk at first.cac.washington.edu (Scott Northrop) Date: Tue, 6 Apr 93 12:47:52 PDT Subject: PGP and problems therewith. Message-ID: <9304061947.AA01322@first.cac.washington.edu> I was under the impression that there was a newsgroup for discussion of how to use PGP. I most certainly don't mind talk about how to most effectively use PGP (PC-based decryption of files on your unsecure unix box, for example), and I don't have much room for criticism given the nil that I've contributed to this forum. But please, in the name of all that's holy, could the How To Use PGP Q&A go somewhere else? Please? Scott PS - Did the list get the message by sand at u.washington.edu about the correct place to put hidden data in a JPEG image? Our mail reflector burped, and we didn't get that week... :( (Mail, please, don't reply to the list.) From shipley at tfs.COM Tue Apr 6 14:12:42 1993 From: shipley at tfs.COM (Peter Shipley) Date: Tue, 6 Apr 93 14:12:42 PDT Subject: PHRACK: Article from PHRACK 42 on encryption Message-ID: <9304062112.AA23379@edev0.TFS> >> Exposing factual errors and flaws in reasoning is left as an exercise >> for the reader. >> > >The flaws are big enough to drive a bakery truck through. Its trash. maybe you should do a better writeup and publish it in PHRACK or 2600? From karn at qualcomm.com Tue Apr 6 16:39:24 1993 From: karn at qualcomm.com (Phil Karn) Date: Tue, 6 Apr 93 16:39:24 PDT Subject: PGP help and comments. Message-ID: <9304062339.AA22656@servo> At 01:58 AM 4/4/93, Jim McCoy wrote: >J. Michael Diehl writes: >> >> I would like to use pgp on the mainframes, but don't want to store my secret >> key on their disks. >This is even more dangerous than storing it on the disks of a multi-user >machine. I agree 100%. Security packages like PGP are meaningful only when you have your own personal machine to run it on. Indeed, it would be nice if PGP could somehow tell when it is being run over a network, and severely warn the user when he is about to type something secret (like a passphrase). I don't know of any clean way to do it, though. Phil From karn at qualcomm.com Tue Apr 6 18:00:45 1993 From: karn at qualcomm.com (Phil Karn) Date: Tue, 6 Apr 93 18:00:45 PDT Subject: WB: public kiosks Message-ID: <9304070100.AA23113@servo> >Public kiosks are OK as a simple and moderately effective technique for >assuring anonymity, and they're ideal for a security-naive person who >is unable to verify the security of a more complex system. But for >my own use, I am much more confident in the security guarantee given by >encryption on a portable computer and anonymizing using Chaum-style >remailers... Indeed. By definition, a public kiosk is in a public area, with open access to all including the Bad Guy's agents and investigators. And tracking people's physical movements in public places is an art that investigators have had many years to refine and perfect. Many more than, say, factoring large RSA public keys... Phil From approach!douglas at approach.com Tue Apr 6 18:08:23 1993 From: approach!douglas at approach.com (Douglas Mason) Date: Tue, 6 Apr 93 18:08:23 PDT Subject: PHRACK: Article from PHRACK 42 on encryption Message-ID: > >> Exposing factual errors and flaws in reasoning is left as an exercise > >> for the reader. > >The flaws are big enough to drive a bakery truck through. Its trash. > maybe you should do a better writeup and publish it in PHRACK or 2600? I agree. Anyone can sit and say "Oh, that article is a piece of crap", but these same people never put their "money where their mouth is" and write an article of their own. I've written for both Phrack and 2600 and it sure as hell isn't hard to get something submitted. If you think you can do better by all means write an article and send it in. If trash is being published, why not try to correct it? If you have any problems with where to send it, I'll gladly forward you the address. Otherwise, shut the hell up. If you don't like your goverment, vote. If you don't like something that is published, write something yourself. It's not some type of elite club of writers, both publications welcome people of all walks to submit. --Doug --- Douglas Mason douglas at approach.com Network Administration CompuServe: 76646,3367 Approach Software Corporation +01 415.306.7890 From bmullane at ultrix.ramapo.edu Tue Apr 6 18:27:26 1993 From: bmullane at ultrix.ramapo.edu (James Bond-007) Date: Tue, 6 Apr 93 18:27:26 PDT Subject: please remove me Message-ID: <9304070131.AA20100@ultrix> please remove me from the mailing list i wish that i had the time to try to keep up with the list, but i dont i may rejoin at some time in the future thanks, Brian From huntting at glarp.com Tue Apr 6 18:50:25 1993 From: huntting at glarp.com (Brad Huntting) Date: Tue, 6 Apr 93 18:50:25 PDT Subject: "hacker" publications Message-ID: <199304070150.AA00873@misc.glarp.com> > PHRACK or 2600? Does anyone have a phone number and/or address for these or any other "hackers" publications? I've pretty much had it with the "legit" computer security information sources (CERT et al). Between the censorship and the untimely notification they are next to worthless for keeping abreast of computer and network security issues. thanx in advance, brad huntting at glarp.com P.S. I cant read Dutch (yet). From eggo at student.umass.edu Tue Apr 6 19:09:51 1993 From: eggo at student.umass.edu (Round Waffle) Date: Tue, 6 Apr 93 19:09:51 PDT Subject: "hacker" publications In-Reply-To: <199304070150.AA00873@misc.glarp.com> Message-ID: <9304070208.AA11409@titan.ucs.umass.edu> Possessed by The Unholy, Brad Huntting scrawled the following in blood: > > > > PHRACK or 2600? > > Does anyone have a phone number and/or address for these or any > other "hackers" publications? > > I've pretty much had it with the "legit" computer security information > sources (CERT et al). Between the censorship and the untimely > notification they are next to worthless for keeping abreast of > computer and network security issues. > > > thanx in advance, > brad > huntting at glarp.com 2600 Magazine PO Box 752 (for subscriptions) OR PO Box 99 (for letters/submissions) Middle Island, NY 11953-0752 (516) 751-2600 2600 at well.sf.ca.us $21 for 4 issues back issues are $25/year Phrack Magazine 603 W. 13th #1A-278 Austin, TX 78701 phrack at well.sf.ca.us +- eggo at titan.ucs.umass.edu --><-- Eat Some Paste -+ +- Yorn desh born, der ritt de gitt der gue, -+ +- Orn desh, dee born desh, de umn bork! bork! bork! -+ +----------------- The Durex Blender Corporation -----------------+ From fergp at sytex.com Tue Apr 6 19:28:27 1993 From: fergp at sytex.com (Paul Ferguson) Date: Tue, 6 Apr 93 19:28:27 PDT Subject: Smaller is better. Message-ID: On Mon, 05 Apr 93 12:36:09 PST, Jonathan Stigelman writes - JS> Yeah.... So if your key can be snooped off the net, so can your JS> cleartext. To decript online, then, is akin to using only weak JS> encription...which indicates only the desire for limited privacy. JS> But if even if you do decript online, you're still protected from JS> file snooping. JS> What's needed is PGP decription built into your terminal program. I think that you guys are missing the point here. IMHO, if you wish maximum assurance of security, than I'd suggest not trying to run programs such as PGP on a multi-user system to begin with! What's wrong with using a PC for this? It offfers a maximum convenience, single-user secure system quite unlike the security problems associated with your university's mainframe. The PC offers the communications availability and the flexibilty to provide an extremely high level of privacy, if you know what you're doing. You should try it sometime .... Cheers. Paul Ferguson | "Sincerity is fine, but it's no Network Integration Consultant | excuse for stupidity." Centreville, Virginia USA | -- Anonymous fergp at sytex.com (Internet) | sytex.com!fergp (UUNet) | 1:109/229 (FidoNet) | PGP 2.2 public encryption key available upon request. From shipley at merde.dis.org Tue Apr 6 20:01:18 1993 From: shipley at merde.dis.org (Peter shipley) Date: Tue, 6 Apr 93 20:01:18 PDT Subject: "hacker" publications Message-ID: <9304070233.AA02535@merde.dis.org> > >> PHRACK or 2600? > >Does anyone have a phone number and/or address for these or any >other "hackers" publications? > 2600: 2600 at well.sf.ca.us phrack: phrack at stormking.com (also see included file) InfoHax: see nestey at csn.org there is also a list called zardoz but I suspect it is dead. the main problem with these lists is that people want info but do not want to give up any of their secret. Some security lists I have been on insist that all members contribute something or they are droped from the list. -Pete ---- Included file - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - HOW TO SUBSCRIBE TO PHRACK MAGAZINE The distribution of Phrack is now being performed by the software called Listserv. All individuals on the Phrack Mailing List prior to your receipt of this letter have been deleted from the list. If you would like to re-subscribe to Phrack Inc. please follow these instructions: 1. Send a piece of electronic mail to "LISTSERV at STORMKING.COM". The mail must be sent from the account where you wish Phrack to be delivered. 2. Leave the "Subject:" field of that letter empty. 3. The first line of your mail message should read: SUBSCRIBE PHRACK 4. DO NOT leave your address in the name field! (This field is for PHRACK STAFF use only, so please use a full name) Once you receive the confirmation message, you will then be added to the Phrack Mailing List. If you do not receive this message within 48 hours, send another message. If you STILL do not receive a message, please contact "SERVER at STORMKING.COM". You will receive future mailings from "PHRACK at STORMKING.COM". If there are any problems with this procedure, please contact "SERVER at STORMKING.COM" with a detailed message. You should get a conformation message sent back to you on your subscription. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ---- End of Included file From mdiehl at triton.unm.edu Tue Apr 6 20:28:44 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Tue, 6 Apr 93 20:28:44 PDT Subject: Smaller is better. In-Reply-To: Message-ID: <9304070327.AA23357@triton.unm.edu> Well, I guess I started this thread, so lets see if I can finish it... ;^) > On Mon, 05 Apr 93 12:36:09 PST, > Jonathan Stigelman writes - > JS> Yeah.... So if your key can be snooped off the net, so can your > JS> cleartext. To decript online, then, is akin to using only weak > JS> encription...which indicates only the desire for limited privacy. > JS> But if even if you do decript online, you're still protected from > JS> file snooping. This is akin to using an umbrella with a hole in it and saying, "Well, at least my face doesn't get wet. If you want to stay dry, you want to stay COMPLETELY dry. > JS> What's needed is PGP decription built into your terminal program. Someone posted a program, link, that would encrypt modem communcations. Would you post an address for it. I can't find where I put it. > I think that you guys are missing the point here. IMHO, if you wish > maximum assurance of security, than I'd suggest not trying to run > programs such as PGP on a multi-user system to begin with! What's > wrong with using a PC for this? It offfers a maximum convenience, > single-user secure system quite unlike the security problems > associated with your university's mainframe. This is, IMHO, the best solution. BTW, I have several telix scripts that make it actually convenient, even at 1200 baud! (gak!). I would post them, but they are trivial. Thanx, Phantom, for the suggestion. What we need here is a "security package" that we distribute in an effort to make it easier to use secure practices. > The PC offers the communications availability and the flexibilty to > provide an extremely high level of privacy, if you know what you're > doing. And many people don't... I've taken a minor flame or two for asking for help with using pgp on this list. The whole point of this list, IMHO, is to make strong security practices as easy and as wide-spread as possible. Correct me if I'm wrong. +----------------------+----------------------------------------------------+ | J. Michael Diehl ;-) | I thought I was wrong once. But, I was mistaken. | | +----------------------------------------------------+ | mdiehl at triton.unm.edu| "I'm just looking for the opportunity to be | | Thunder at forum | Politically Incorrect! | | (505) 299-2282 | | +----------------------+----------------------------------------------------+ From dlr at world.std.com Tue Apr 6 21:09:38 1993 From: dlr at world.std.com (David L Racette) Date: Tue, 6 Apr 93 21:09:38 PDT Subject: Mac PGP on The Well Message-ID: <199304070409.AA00146@world.std.com> I was just reading in the EFF conference on the Well that they have asked that the pgp version for the mac be removed ...at least temporarily because of the possible legal problems. I don't use a mac and already have a copy thankak you anyway From fnordbox!loydb at cs.utexas.edu Wed Apr 7 00:23:17 1993 From: fnordbox!loydb at cs.utexas.edu (Loyd Blankenship) Date: Wed, 7 Apr 93 00:23:17 PDT Subject: hello? Message-ID: <9304070532.AA00biv@fnordbox.UUCP> I hate messages like this one, but is this list sick? I haven't gotten anything for many days . . . Loyd *************************************************************************** * loydb at fnordbox.UUCP SJ Games: 1 * Loyd Blankenship * * GEnie: SJGAMES US Secret Service: 0 * PO Box 18957 * * Compu$erve: [73407,515] * Austin, TX 78760 * * cs.utexas.edu!dogface!fnordbox!loydb * 512/447-7866 * *************************************************************************** From Doug.Brightwell at Corp.Sun.COM Wed Apr 7 06:47:15 1993 From: Doug.Brightwell at Corp.Sun.COM (Doug Brightwell) Date: Wed, 7 Apr 93 06:47:15 PDT Subject: Mac PGP 2.2 Sites? Message-ID: <9304071346.AA12241@media.Corp.Sun.COM> Anyone know of any ftp sites where I could find the new 2.2 version? Thanks, Doug From warlord at MIT.EDU Wed Apr 7 07:08:28 1993 From: warlord at MIT.EDU (Derek Atkins) Date: Wed, 7 Apr 93 07:08:28 PDT Subject: Mac PGP 2.2 Sites? In-Reply-To: <9304071346.AA12241@media.Corp.Sun.COM> Message-ID: <9304071408.AA01175@toxicwaste.MEDIA.MIT.EDU> -----BEGIN PGP SIGNED MESSAGE----- The sites I know of that carry MacPGP 2.2 are: black.ox.ac.uk (129.67.1.165) /src/security/macpgp2.2.cpt.hqx (Macintosh version) ftp.demon.co.uk (158.152.1.65) /pub/ibmpc/pgp/MacPGP2.2 (Macintosh version) nic.funet.fi (128.214.6.100) /pub/crypt/MacPGP2.2 soda.berkeley.edu (128.32.149.19) /pub/cypherpunks/pgp/macpgp2.2.cpt.hqx night.nig.ac.jp (133.39.16.66) /pub/security/PGP/MacPGP2.2 Enjoy! - -derek PGP 2 key available upon request on the key-server: pgp-public-keys at toxicwaste.mit.edu - -- Derek Atkins, MIT '93, Electrical Engineering and Computer Science Secretary, MIT Student Information Processing Board (SIPB) MIT Media Laboratory, Speech Research Group warlord at MIT.EDU PP-ASEL N1NWH -----BEGIN PGP SIGNATURE----- Version: 2.2 iQBuAgUBK8LgNzh0K1zBsGrxAQFqLwLFFGWzH5+NH/oGZq5Bv/TwkZeW47CEQwCC is1ZoVB8djkqZk7kD6IMpL552zly4q0mYfo7y2QKH/BJNQ7CcABSVReEd9uT5t+X UfHBYXgC+5zXi7AphDvRqIE= =Dbf7 -----END PGP SIGNATURE----- From approach!douglas at approach.com Wed Apr 7 08:28:27 1993 From: approach!douglas at approach.com (Douglas Mason) Date: Wed, 7 Apr 93 08:28:27 PDT Subject: PHRACK: Article from PHRACK 42 on encryption Message-ID: > groups like sci.crypt already have some pretty good documents. > There is no need for spreading of misinfomation like phrack. The problem is that Phrack has a distribution that goes in other directions, where a simple Usenet newsgroup can not reach. I've seen files from past Phrack issues available on Public Domain archive sets for BBS's. Phrack has been around for quite a while now and unlike a lot of the other series on-line mags, it is probably going to be around for a while longer. CuD and the likes are great for news, but where else can you find somewhat lengthy papers on various topics? Even if most of it is elementary, there is always something interesting in each issue, even if it is just to see some of the personalities that are out there. Like it or not, piece of crap or otherwise, it does get around. It's going through ownership changes and probably would like to find some people that would be willing to help out with "cleaning" it up. Why not help? --Doug --- Douglas Mason douglas at approach.com Network Administration CompuServe: 76646,3367 Approach Software Corporation +01 415.306.7890 From cls6 at midway.uchicago.edu Wed Apr 7 08:37:46 1993 From: cls6 at midway.uchicago.edu (Cory Scott) Date: Wed, 7 Apr 93 08:37:46 PDT Subject: Mac PGP 2.2 Sites? Message-ID: <9304071537.AA09036@midway.uchicago.edu> >Anyone know of any ftp sites where I could find the new 2.2 version? Try soda.berkeley.edu /pub/cypherpunks/pgp. If that's, for some reason impossible, I will send it (Binhexed) to anyone who wants a copy. Cory Cory L. Scott ----------------------------------------------------------- Computing Assistant and Consultant Phoenix Project, Biological Sciences Division University of Chicago cls6 at midway.uchicago.edu ----------------------------------------------------------- Member, U of C Student Computing Issues Committee From robichau at lambda.msfc.nasa.gov Wed Apr 7 08:59:02 1993 From: robichau at lambda.msfc.nasa.gov (Paul Robichaux) Date: Wed, 7 Apr 93 08:59:02 PDT Subject: PHRACK: my draft reply to the crypt article Message-ID: <9304071558.AA12663@lambda.msfc.nasa.gov> Attached is a short rebuttal or reply to the PHRACK article I posted last week. I'd appreciate comments and suggestions on how to improve it- my knowledge is far behind Marc, Tim, Perry, and many of the others on this list. So, I got off my butt. Hopefully this will satisfy Doug :) -Paul My background: I've been into the scene for about 12 years. My day job is writing unix s/w for a NASA contractor. My night job... well, never mind that. I have a strong amateur interest in crypto, and I'd like to share some of what people in the usenet/internet community have been kind enough to teach me. Racketeer sez: > If you think that the world of the Hackers is deeply shrouded with >extreme prejudice, I bet you can't wait to talk with crypto-analysts. These >people are traditionally the biggest bunch of holes I've ever laid eyes on. In >their mind, people have been debating the concepts of encryption since the >dawn of time, and if you come up with a totally new method of data encryption, > -YOU ARE INSULTING EVERYONE WHO HAS EVER DONE ENCRYPTION-, mostly by saying >"Oh, I just came up with this idea for an encryption which might be the best >one yet" when people have dedicated all their lives to designing and breaking >encryption techniques -- so what makes you think you're so fucking bright? One real reason for this reaction is that people _have_ been studying encryption for 100 years or so. As a result, many simple cryptosystems are continuallly being reinvented by people who haven't ever made even a simple study of cryptosystems. Imagine if someone came up to you and said "Wow! I just found a totally K00L way to send fake mail! It's radical! No one's ever thought of it before!" You'd laugh, right? _Anyone_ can figure out how to forge mail. Well, _anyone_ can come up with the n-th variation of the Vigniere or substitution cipher. An even more important reason for their 'tude is that cypherpunks are suspicious by nature. A key principle of crypto is that you can only trust algorithms that have been made public and thoroughly picked over. Without that public scrutiny, how can you trust it? The feds' Digital Signature Standard (DSS) got raked in the crypto and industry press because the feds wouldn't disclose details of the algorithm. "How do we know it's secure?" the cypherpunks asked. "We won't use it if we don't know it's secure!" Point being: (for those of you who skipped over) cypherpunks trust NO ONE when the subject is encryption algorithms. Maybe J. Random Hacker has come up with a scheme faster and more secure than, say, RSA. If JRH won't share the details, no one will use it. Racketeer goes on to talk about DES. It's fairly clear that for a known-ciphertext attack (i.e. you have a block of encoded text, but neither the key nor the plaintext) will, at worst, require 2^56 decryption attempts. Various schemes for parallel machines and so forth have been posted in sci.crypt. Does the NSA have something that can crack DES? Probably. My claim would be that cracking passwords is (at minimum) order-of-magnitude faster than a known-ciphertext attack against a "typically secure" ciphertext. By typically secure, I mean one encrypted with DES in CBC mode (_not_ the more common and easier-to-implement ECB mode) using a strong key (not a password of "123", for example.) Remember that DES is mostly used for short-lived session keys. ATMs are a good example; they typically use a DES key for one communication session with the central bank. New session, new key. DES is _not_ very well suited for long-term encryption, since it can probably be attacked in "reasonable" time by a determined, well-equipped opponent. Now, on to PGP. Pretty Good Software was indeed threatened with a lawsuit by Public Key Partners (PKP). PKP holds the patent on the RSA public-key algorithm. (Many people, me included, don't think that the patent would stand up in court; so far, no one's tried.) The nice thing about PGP is that it offers IDEA and RSA in a single, well-integrated package. When you encrypt a file, PGP generates an IDEA session key, which is then encrypted with RSA. An opponent would have to either a) exhaustively search the entire IDEA key space or b) break RSA to decrypt the file without the password. Racketeer also mentions that PGP can optionally compress files before encryption. There's a solid crypto reason behind this, too. One well-known and successful way to attack an encrypted file is to look for patterns of repeated characters. Since the statistical frequencies of word and letter use in English (and many other languages; some folks have even compiled these statistics for Pascal & C!) are well-known, comparing the file contents with a statistical profile can give some insight into the file's contents. By compressing files before encrypting them, PGP is moving the redundancy out of the text and into the small dictionary of compression symbols. You'd still have to decrypt the file before you could do anything useful with that dictionary, or even to determine that it _had_ a signature! -- Paul Robichaux, KD4JZG | May explode if disposed of improperly. NTI Mission Software Development Div. | RIPEM key on request. From mccoy at ccwf.cc.utexas.edu Wed Apr 7 09:25:24 1993 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Wed, 7 Apr 93 09:25:24 PDT Subject: Smaller is better. In-Reply-To: Message-ID: <9304071625.AA25481@flubber.cc.utexas.edu> fergp at sytex.com (Paul Ferguson) writes: > > On Mon, 05 Apr 93 12:36:09 PST, > Jonathan Stigelman writes - > > JS> [pgp on multi-user systesm stuff] > > I think that you guys are missing the point here. IMHO, if you wish > maximum assurance of security, than I'd suggest not trying to run > programs such as PGP on a multi-user system to begin with! What's > wrong with using a PC for this? It offfers a maximum convenience, > single-user secure system quite unlike the security problems > associated with your university's mainframe. Some people either do not have the option, or need the convenience of a multi-user system. My PC is sitting at home with a toasted modem (waiting for a Paradyne to arrive... :) and even when it is running fine I spend 8-12 hours a day working on multi-user systems with connectivity that is light-years beyond what my PC has. If I want to send out am email message and do not want to spend an hour walking home, encrypting it, walking back, and then transferring the file and sending it I will use my copy of PGP on a multi-user machine. I have a different key that I use (my key on a server) for this type of communication and accept and understand the consequences of using PGP in this manner. As long as the user knows the weaknesses of the system they are using they should make thier own choices regarding how to use PGP. You may consider your PC at home to be completely safe and secure, but unless you recognize the weaknesses of that particular setup you are not reaching the "maximum assurance of security" that you claim. jim From sean at gomez.Jpl.Nasa.Gov Wed Apr 7 10:20:01 1993 From: sean at gomez.Jpl.Nasa.Gov (Sean Barrett) Date: Wed, 7 Apr 93 10:20:01 PDT Subject: Remailers Message-ID: <9304071720.AA00382@gomez.Jpl.Nasa.Gov> Would someone be so good as to mail me the list of anonymous remailers? My copy was lost in a backup-restore cycle. Thanks. From elee9sf at Menudo.UH.EDU Wed Apr 7 10:49:29 1993 From: elee9sf at Menudo.UH.EDU (Karl Barrus) Date: Wed, 7 Apr 93 10:49:29 PDT Subject: ANON: list of remailers Apr 7, 1993 Message-ID: <199304071749.AA04629@Menudo.UH.EDU> Sorry this is late, but I was delaying waiting for the uclink remailer's public key to be released, plus, I'm still not getting responses from remailer at dis.org (but at least I'm not getting bounced mail). Some users have informed me that they were able to use remailer at dis.org, so that's good! -----BEGIN PGP SIGNED MESSAGE----- Q1: What cypherpunk remailers exist? A1: 1: hh at pmantis.berkeley.edu 2: hh at cicada.berkeley.edu 3: hh at soda.berkeley.edu 4: nowhere at bsu-cs.bsu.edu 5: ebrandt at jarthur.claremont.edu 6: hal at alumni.caltech.edu 7: remailer at rebma.mn.org 8: elee7h5 at rosebud.ee.uh.edu 9: phantom at mead.u.washington.edu 10: hfinney at shell.portal.com 11: remailer at utter.dis.org 12: 00x at uclink.berkeley.edu 13: remail at extropia.wimsey.com NOTES: #1-#5 remail only, no encryption of headers #6-#12 support encrypted headers #13 special - header and message must be encrypted together #7,#13 introduce larger than average delay #11 CANNOT CONFIRM OPERATION YET! TEST BEFORE ATTEMPTING TO USE. * #12 public key not yet released ====================================================================== Q2: What help is available? A2: Check out the pub/cypherpunks directory at soda.berkeley.edu (128.32.149.19). Instructions on how to use the remailers are in the remailer directory, along with some unix scripts and dos batch files. Mail to me (elee9sf at menudo.uh.edu) for further help and/or questions. ====================================================================== * I've had others tell me that they have successfully used this remailer, but I still don't get any responses...will keep trying! -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK8MS/YOA7OpLWtYzAQGgvwQAll6hwIfabxKGdtCSNPUa3M3RCBaqzPT2 VM+k8O94IVxAqX+RUMzRGUVJigrj+5XcNicX1ZvE61rh5InLbzqvUS8mQNbss6wr b098F0uHyCQCKCF13lzkLU0Gu+HxE+LoBuhaTiwonvcbQYgH+2+lhoU9yAbfduIq 9Syr3gaf3fk= =W8vL -----END PGP SIGNATURE----- From 0005857625 at mcimail.com Wed Apr 7 10:55:41 1993 From: 0005857625 at mcimail.com (Michael McMahon) Date: Wed, 7 Apr 93 10:55:41 PDT Subject: Real-time BBS Encryption?? Message-ID: <01930407174710/0005857625DC2EM@mcimail.com> I thought of this the other day, but don't know enough about programming and cryptography to do it, or if it actually could be done. Anyways, I figured I'd share it with all of you and see if anyone has any ideas. Here's the situation: We all know that some advanced computer systems have real-time encryption built into all modem connections. When a bank branch dials into the main office the entire transmission may be encrypted. This occurs even between terminal connections and the host. I'm wondering if there is a way to do this with PCs? Say I'm setting up a computer bulletin board for my company that is going to run off of a DOS PC. Is there a way to encrypt a remote users entire connection with the BBS, so that they would have to have a special term program to access the system? It would be best if the user only had to load a device driver or something so that they wouldn't all have to use the same comm program. Could this be done by loading a special device driver on both the host and remote so that all data going through com port 2 (or whatever) is encrypted? Anybody know if something like this is available? * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * Mike McMahon * * Internet: 585-7625 at mcimail.com * * PGP Fingerprint: 95 F9 2A 1B 81 4F D8 31 56 ED BC A5 4F 64 A7 02 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *  From pmetzger at shearson.com Wed Apr 7 11:22:45 1993 From: pmetzger at shearson.com (Perry E. Metzger) Date: Wed, 7 Apr 93 11:22:45 PDT Subject: PHRACK: Article from PHRACK 42 on encryption Message-ID: <9304071652.AA02691@snark.shearson.com> Douglas Mason says: > > > > >> Exposing factual errors and flaws in reasoning is left as an exercise > > >> for the reader. > > > >The flaws are big enough to drive a bakery truck through. Its trash. > > > maybe you should do a better writeup and publish it in PHRACK or 2600? > > I agree. Anyone can sit and say "Oh, that article is a piece of crap", but > these same people never put their "money where their mouth is" and write an > article of their own. > > I've written for both Phrack and 2600 and it sure as hell isn't hard to get > something submitted. If you think you can do better by all means write an > article and send it in. If trash is being published, why not try to correct > it? Because I lack an interest in doing so? Anyway, there is no need, as the PGP manual is very good and actually explains things properly. Lots of fine articles have already been written on all sorts of cryptography subjects. > If you have any problems with where to send it, I'll gladly forward you the > address. > > Otherwise, shut the hell up. Why should I? The article WAS crap. > If you don't like your goverment, vote. I'm an anarchist. You might as well say to an atheist "if you don't like Catholicism, start a schism." Perry From mccoy at ccwf.cc.utexas.edu Wed Apr 7 11:36:18 1993 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Wed, 7 Apr 93 11:36:18 PDT Subject: Real-time BBS Encryption?? In-Reply-To: <01930407174710/0005857625DC2EM@mcimail.com> Message-ID: <9304071836.AA26678@flubber.cc.utexas.edu> Michael McMahon <0005857625 at mcimail.com> writes: [...] > I'm wondering if there is a way to do [end-to-end encryption] with PCs? > Is there a way to encrypt a remote users entire connection with the BBS, > so that they would have to have a special term program to access the > system? Sure, no problem, provided you are willing to do a lot of coding... The basic idea would be to use public-key encryption to do a short negotigiation of a one-time key to use for DES/IDEA encryption of the session. You could then use a public key for the system as a whole (with which the users can encrypt thier personal public keys for uploading during the initial connection) and the user's public key to send the key transmitted from the BBS for the session. All that would be necessary is for you to add a bit of code to the comm program so that it would recognize when it was talking to a system such as this and do the right thing when needed (the actual encryption code is readily available in systems like PGP and the various DES implementations out there.) The downside is that there are a lot of terminal programs out there for microcomputers and not many supply source code for such modifications. I had thought about using such a system when planning out a raid-proof 386BSD system and the hassles of trying to get at least one program to do this for every platform that might want to connect to such a BBS was more work that I wanted to do. Perhaps as an option (e.g. one line using end-to-end encryption and others normal) for connecting to a system, but if all the lines are done like this you will probably find making it difficult for people to connect like this keeps people away from the system. jim From fen at genmagic.genmagic.com Wed Apr 7 12:04:16 1993 From: fen at genmagic.genmagic.com (Fen Labalme) Date: Wed, 7 Apr 93 12:04:16 PDT Subject: FLAME: Perry M. vs. taking action (was: Re: PHRACK...) Message-ID: <9304071904.AA17502@> Perry - > > If you don't like your goverment, vote. > > I'm an anarchist. You might as well say to an atheist "if you don't > like Catholicism, start a schism." I, too, aspire towards anarchy, but I don't ignore the tools around me. Not voting in today's society is a cop out. It is most certainly not perfect, and the choices suck, but it remains one of the major voices you have today in the world. Anarchy works best when people are informed. Education is key. Simply bad-mouthing other's works is not giving people a choice to decide which of two views they feel are better. Rather, it just fuels the fires of apathy (that the governemnt have been fanning for so long). Cypherpunks are trying to change the world. Sounds like you're just going to whine about it. Positive action will always be more effective. And better received. Fen PS: I must say that with your lack of content in your posts, if I had a filter on my email, it would filter out yours. From hughes at soda.berkeley.edu Wed Apr 7 12:39:02 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Wed, 7 Apr 93 12:39:02 PDT Subject: Real-time BBS Encryption?? In-Reply-To: <01930407174710/0005857625DC2EM@mcimail.com> Message-ID: <9304071935.AA26846@soda.berkeley.edu> Re: encrypting modem links >I'm wondering if there is a way to do this with PCs? Yes, with difficulty, and not transparently. >Is there a way to encrypt a remote users entire connection with >the BBS, so that they would have to have a special term program to access >the system? For PC's, replacing the terminal software is really the best way. There is no effective abstraction of serial port hardware in the PC world. The int 0x14 driver in the BIOS was rampantly defective, and MSDOS does not provide a standard interface. As a result, almost all comm software on PC's talks to the serial port directly. Now in MS Windows, there is abstraction for ther serial ports, but I don't know how easy it is to insert a device layer. >It would be best if the user only had to load a device driver >or something so that they wouldn't all have to use the same comm program. It might be possible, using a 386, to make a driver that acted as if it were hardware but actually did encryption. Ick. Reliability and cross-program compatibility would be shit. And it would have to be made compatible with whatever else was taking over the 386. Remember: I hate DOS. Eric From hughes at soda.berkeley.edu Wed Apr 7 12:46:31 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Wed, 7 Apr 93 12:46:31 PDT Subject: WB: public kiosks In-Reply-To: <9304070100.AA23113@servo> Message-ID: <9304071943.AA27401@soda.berkeley.edu> I thank Marc Ringuette and Phil Karn for their comments on public kiosks. They remind me that public kiosks are not a panacea, and that we need to educate others to that awareness. Nevertheless, let us remember the econmonics of the situation. It is expensive to follow people around--more expensive, say, than an illegal tap on a home phone line. By increasing the cost of the suppression of information, one ensures that more information, in the aggregate, is released. We may not be able to provide for any particular individual's privacy, but we can take actions for which we know that we will increase the total amount of privacy (however hard that would be to strictly define). Eric From hughes at soda.berkeley.edu Wed Apr 7 13:08:41 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Wed, 7 Apr 93 13:08:41 PDT Subject: April 10 meeting Message-ID: <9304072002.AA28305@soda.berkeley.edu> Last month at Cypherpunks West, we decided that meetings would be held monthly on the second Saturday. So, for any of you planning to be in the area any time, keep this in mind. The April meeting for Cypherpunks West will be April 10, 1993. There was some delay getting this announcement out because our normal meeting sponsor, John Gilmore, will be out of town. Mike Werner, also of Cygnus, will be sponsoring our meeting at the same location, so there's no need to change plans. Thanks, Mike! ANNOUNCEMENT Cypherpunks West April Meeting Saturday, April 10, 1993 12:00 noon - 6:00 pm PDT Cygnus Support Offices, Mt. View (directions follow) Contact Mike Werner for physicalities: mtw at cygnus.com, 415-903-1421. AGENDA Arthur Abraham on hash functions Mail services (works in progress) Secure phones (updates) Other stuff as announced If you have anything you want to talk about, send me mail: hughes at soda.berkeley.edu DIRECTIONS Cygnus Support 1937 Landings Drive Mt. View, CA 94043 +1 415 903 1400 switchboard +1 415 903 1418 John Gilmore (out of town, see note above) Take US 101 toward Mt. View. From San Francisco, it's about a 40-minute drive. Get off at the Rengstorff Ave/Amphitheatre Parkway exit. If you were heading south on 101, you curve around to the right, cross over the freeway, and get to a stoplight. If you were heading north on 101, you just come right off the exit to the stoplight. The light is the intersection of Amphitheatre and Charleston Rd. Take a right on Charleston; there's a right-turn-only lane. Follow Charleston for a short distance. You'll pass the Metaphor/Kaleida buildings on the right. At a clump of palm trees and a "Landmark Deli" sign, take a right into Landings Drive. At the end of the road, turn left into the complex with the big concrete "Landmark" sign. Follow the road past the deli til you are in front of the clock tower that rises out of one of the buildings, facing you. Enter through the doors immediately under the clock tower. They'll be open between noon and 1PM at least. (See below if you're late.) Once inside, take the stairs up, immediately to your right. At the top of the stairs, turn right past the treetops, and we'll be in 1937 on your left. The door is marked "Cygnus". If you are late and the door under the clock tower is locked, you can walk to the deli (which will be around the building on your left, as you face the door). Go through the gate in the fence to the right of the deli, and into the back lawns between the complex and the farm behind it. Walk forward and right around the buildings until you see a satellite dish in the lawn. Go up the stairs next to the dish, which are the back stairs into the Cygnus office space. We'll prop the door (or you can bang on it if we forget). Or, you can find the guard who's wandering around the complex, who knows there's a meeting happening and will let you in. They can be beeped at 965 5250, though you'll have trouble finding a phone. Don't forget to eat first, or bring food at noon! I recommend hitting the burrito place on Rengstorff (La Costen~a) at about 11:45. To get there, when you get off 101, take Rengstorff (toward the hills) rather than Amphitheatre (toward the bay). Follow it about ten blocks until the major intersection at Middlefield Road. La Costen~a is the store on your left at the corner. You can turn left into the narrow lane behind the store, which leads to a parking lot, and enter by the front door, which faces the intersection. To get to the meeting from there, just retrace your route on Rengstorff, go straight over the freeway, and turn right at the stoplight onto Charleston; see above. See you there! John Gilmore From pmetzger at shearson.com Wed Apr 7 13:10:25 1993 From: pmetzger at shearson.com (Perry E. Metzger) Date: Wed, 7 Apr 93 13:10:25 PDT Subject: FLAME: Perry M. vs. taking action (was: Re: PHRACK...) In-Reply-To: <9304071904.AA17502@> Message-ID: <9304071953.AA02995@snark.shearson.com> Fen Labalme says: > Perry - > > > > If you don't like your goverment, vote. > > > > I'm an anarchist. You might as well say to an atheist "if you don't > > like Catholicism, start a schism." > > I, too, aspire towards anarchy, but I don't ignore the tools around me. [...] This isn't appropriate to this list -- I'm replying in private mail. .pm From pozar at kumr.lns.com Wed Apr 7 13:16:33 1993 From: pozar at kumr.lns.com (Tim Pozar) Date: Wed, 7 Apr 93 13:16:33 PDT Subject: Real-time BBS Encryption?? In-Reply-To: <9304071935.AA26846@soda.berkeley.edu> Message-ID: Eric Hughes wrote: > >Is there a way to encrypt a remote users entire connection with > >the BBS, so that they would have to have a special term program to access > >the system? > > For PC's, replacing the terminal software is really the best way. > There is no effective abstraction of serial port hardware in the PC > world. The int 0x14 driver in the BIOS was rampantly defective, and > MSDOS does not provide a standard interface. > > As a result, almost all comm software on PC's talks to the serial port > directly. Now in MS Windows, there is abstraction for ther serial > ports, but I don't know how easy it is to insert a device layer. > > >It would be best if the user only had to load a device driver > >or something so that they wouldn't all have to use the same comm program. > > It might be possible, using a 386, to make a driver that acted as if > it were hardware but actually did encryption. Ick. Reliability and > cross-program compatibility would be shit. And it would have to be > made compatible with whatever else was taking over the 386. Using something like a FOSSIL driver (a replacement serial port driver that many BBSes use) you could do this. I would imagine that it would only encode when carrier is up and the BBS software sends an INT14 AX=xx instruction to turn on encryption. Tim -- Internet: pozar at kumr.lns.com FidoNet: Tim Pozar @ 1:125/555 Snail: Tim Pozar / KKSF / 77 Maiden Lane / San Francisco CA 94108 / USA POTS: +1 415 788 2022 Radio: KC6GNJ / KAE6247 From jet at nas.nasa.gov Wed Apr 7 13:35:21 1993 From: jet at nas.nasa.gov (J. Eric Townsend) Date: Wed, 7 Apr 93 13:35:21 PDT Subject: Real-time BBS Encryption?? In-Reply-To: Message-ID: <9304072035.AA14210@boxer.nas.nasa.gov> What about a streams module that does encryption? Of course, it'd require people to run a real OS instead of dos/system... -- J. Eric Townsend jet at nas.nasa.gov 415.604.4311 NASA Ames Numerical Aerodynamic Simulation | play: jet at well.sf.ca.us Parallel Systems Support, CM-5 POC | '92 R100R / DoD# 0378 PGP2.1 public key available upon request or finger jet at simeon.nas.nasa.gov From sward+ at cmu.edu Wed Apr 7 13:38:27 1993 From: sward+ at cmu.edu (David Reeve Sward) Date: Wed, 7 Apr 93 13:38:27 PDT Subject: Real-time BBS Encryption?? In-Reply-To: <9304071935.AA26846@soda.berkeley.edu> Message-ID: Excerpts from internet.cypherpunks: 7-Apr-93 Real-time BBS Encryption?? by Eric Hughes at soda.berkele > For PC's, replacing the terminal software is really the best way. > There is no effective abstraction of serial port hardware in the PC > world. The int 0x14 driver in the BIOS was rampantly defective, and > MSDOS does not provide a standard interface. > > As a result, almost all comm software on PC's talks to the serial port > directly. Now in MS Windows, there is abstraction for ther serial > ports, but I don't know how easy it is to insert a device layer. Actually, there is a rather old (for the PC) abstraction called FOSSIL (Fido Opus Seadog Serial Interface Layer ... or so). It is essentially an extention/replacement for the BIOS int 0x14 driver. It is certainly possible to further extend this for encryption by adding some functions to the interface. The two FOSSILs I know of are X00 and BNU - They can be found in oak.oakland.edu:/pub/msdos/fossil -- David Sward sward+ at cmu.edu From trump at pluto.ee.cua.edu Wed Apr 7 13:52:27 1993 From: trump at pluto.ee.cua.edu (Louis Edward Trumpbour) Date: Wed, 7 Apr 93 13:52:27 PDT Subject: well Message-ID: <9304072053.AA17147@pluto.ee.cua.edu> if anyone comes up with a solution to the bbs encryption problem then get to me ... i plan on starting a Waffle based BBS that may have "sensitive" information on line in subs and in files... you all know the story... well if i could have this encryption feature i would be most happy... i have looked into this a bit but to my suprise it has comeup on the list... as for the problem of d distribution of the program the would encryp and decrypt via modem and bbs, i have that pretty much taken care of already... thanks Clovi /s ^ been bbsing for too long From mrnoise at econs.umass.edu Wed Apr 7 14:02:38 1993 From: mrnoise at econs.umass.edu (Mr. Noise) Date: Wed, 7 Apr 93 14:02:38 PDT Subject: PGP: suggestions from the trench In-Reply-To: <9304032057.AA06227@netcom.netcom.com> Message-ID: <9304072102.AA20984@titan.ucs.umass.edu> > Taking all these factors into consideration, I would suggest that > the *minimum* size of the RSA modulus available for PGP is 1024 > bits with a minimum ceiling of 2048 bits (or even more). If for > performance reasons on certain platforms 1024 is deemed > impossibly slow, then a lesser number of bits ought to be > permitted *provided* that the security level for any key length > under, say, 768 bits is clearly labeled "TOY GRADE". While I agree that keys of greater lengths out to be made available for those fortunate enough to possess platforms powerful enough to use them, your choice of words--'TOY GRADE'--is, perhaps, unfortunate. Every user of PGP has different reasons for needing/wanting encryption, & not all users need the sort of protection that can withstand a determined attack mustered by cryptographic experts. Some users, frankly, just don't like people snooping into their private mail, & therefore use PGP encryption as an 'envelope'. Sure, the 'envelope' can be 'steamed open', but it's not likely to be worth the trouble if you have no major secrets to conceal... From mark at coombs.anu.edu.au Wed Apr 7 14:15:29 1993 From: mark at coombs.anu.edu.au (Mark) Date: Wed, 7 Apr 93 14:15:29 PDT Subject: Real-time BBS Encryption?? Message-ID: <9304072115.AA22888@coombs.anu.edu.au> >What about a streams module that does encryption? Of course, it'd >require people to run a real OS instead of dos/system... You might want to look at the link.tar.Z program newsham at wiliki.eng.hawaii.edu wrote. THe server is currently unix based but it should be transportable. It uses pgp to swap des session key and happily talks away. There are still some bugs and when he has the time they will be taken care of. The client is written for an amiga at the moment, I havent had the opportunity to do the ibm port yet. Contact him at the above address. He is busy with studies but you might get some joy from emailing him. Hope this helps Mark mark at coombs.anu.edu.au From karn at qualcomm.com Wed Apr 7 14:23:13 1993 From: karn at qualcomm.com (Phil Karn) Date: Wed, 7 Apr 93 14:23:13 PDT Subject: Real-time BBS Encryption?? Message-ID: <9304072122.AA29477@servo> Actually, I think a much more powerful solution is to run TCP/IP over the serial link and to encrypt individual IP datagrams. This is the charter of the IETF "ip-security" working group, and there is already a prototype implementation of one approach working. Phil From mdiehl at triton.unm.edu Wed Apr 7 14:32:22 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Wed, 7 Apr 93 14:32:22 PDT Subject: Real-time BBS Encryption?? Message-ID: <9304072132.AA14268@triton.unm.edu> > Re: encrypting modem links > >I'm wondering if there is a way to do this with PCs? > Yes, with difficulty, and not transparently. > > >Is there a way to encrypt a remote users entire connection with > >the BBS, so that they would have to have a special term program to access > >the system? > > For PC's, replacing the terminal software is really the best way. > There is no effective abstraction of serial port hardware in the PC > world. The int 0x14 driver in the BIOS was rampantly defective, and > MSDOS does not provide a standard interface. Or, we could impliment an "external protocal" like zmodem. This would simply take keystrokes, buffer them, then encrypt/decrypt them. Make the source portable, and obtainable. From elee9sf at Menudo.UH.EDU Wed Apr 7 14:43:25 1993 From: elee9sf at Menudo.UH.EDU (Karl Barrus) Date: Wed, 7 Apr 93 14:43:25 PDT Subject: WB: public kiosks Message-ID: <199304072143.AA00959@Menudo.UH.EDU> On the importance of anonymity (in regards to the whistleblower project): Last week, the Houston Chronicle ran two or three articles on how ill run the Nuclear Regulatory Commission is. Specifically, the article described how one or two people had their careers absolutely ruined by raising safety concerns at nuclear plants. In each case, the employees involved were terminated shortly after citing safety hazards (such as spills left uncleaned on table tops, etc.) Someone quoted in the article stated this behavior undoubtedly scares off other potential informers. Plus, I read an article in the Chronicle about how a NASA employee was fired for his political beliefs. Well, it is more complicated: the employee actively participated in some usenet group (talk.politics.china?), and had a store of back articles on his computer at work, which his superiors discovered. Shortly thereafter, he lost his job. I've been busy of late and could kick myself for not saving these papers, because real world incidents such as these strengthen our arguments for privacy and anonymity. Some people have such an irritating tendency to assume irresponsibility and abuse when a freedom becomes available - just read news.admin.policy. /-----------------------------------\ | Karl L. Barrus | | elee9sf at menudo.uh.edu | <- preferred address | barrus at tree.egr.uh.edu (NeXTMail) | \-----------------------------------/ From warlord at Athena.MIT.EDU Wed Apr 7 14:51:30 1993 From: warlord at Athena.MIT.EDU (Derek Atkins) Date: Wed, 7 Apr 93 14:51:30 PDT Subject: Real-time BBS Encryption?? In-Reply-To: <9304072132.AA14268@triton.unm.edu> Message-ID: <9304072151.AA07442@steve-dallas.MIT.EDU> -----BEGIN PGP SIGNED MESSAGE----- > Or, we could impliment an "external protocal" like zmodem. This would simply > take keystrokes, buffer them, then encrypt/decrypt them. > > Make the source portable, and obtainable. I'm doing something like this for my Thesis (i.e., wait a couple of weeks.. ;-) It's based upon Kerberos, but it will securely get you a TGT on a server machine that is on the Internet from a client terminal that is dialled up to it... Moreover, you can extract the session key from the protocol, which would allow for DES encryption of the session. While I haven't yet implemented the encryption of the session, I have been able to obtain kerberos tickets securely.... More info on request, or you can wait to read my thesis when it's done... Enjoy! - -derek PGP 2 key available upon request on the key-server: pgp-public-keys at toxicwaste.mit.edu - -- Derek Atkins, MIT '93, Electrical Engineering and Computer Science Secretary, MIT Student Information Processing Board (SIPB) MIT Media Laboratory, Speech Research Group warlord at MIT.EDU PP-ASEL N1NWH -----BEGIN PGP SIGNATURE----- Version: 2.2 iQBuAgUBK8NMvzh0K1zBsGrxAQFQwwLECieud4DvqHhkxsjwmrHt4Unpq2eR9hlT DKuKF2CqCfYVabks11r7TaZvrsSQ9Vs5zZFbXhfihaiQywTpdj2Bp8aSo0B+7paR ukzbY3GT1RLcSRrK+6KjPGw= =lzg8 -----END PGP SIGNATURE----- From huntting at glarp.com Wed Apr 7 15:04:02 1993 From: huntting at glarp.com (Brad Huntting) Date: Wed, 7 Apr 93 15:04:02 PDT Subject: Security Dynamics Message-ID: <199304072203.AA02670@misc.glarp.com> The MIS department where I work has started using "Secure-ID" cards made by Security Dynamics Inc for access to their MVS systems. After listening to a presentation by marketing droids and technical support from Security Dynamics I had these impressions: The cards are programmed at the factory with a "random" seed. They have an internal clock, and a lithium battery. They use a proprietary encryption algorithm to encrypt the time of day using the internal seed and display it on an LCD display using about 6 or 7 digits. The display updates itself every 60 seconds (this frequency is adjustable when you order the cards) An authenticating host will have the cards seed, as well as the cards "clock offset" (the time the card was seeded, and the clock reset). The user has a 4 digit PIN (personal identification number) known only to the host (and of course written on the back of the card :-). PIN numbers must be unique since they are used to identify the user. At login time, the user is asked to type in her PIN, as well as the number currently displayed on the card. This is checked by the host, and if it's correct the user is authenticated. If used on a regular basis, the authenticating host can detect clock drift and will adjust it's database accordingly. Cards can be used across multiple "realms", but this nessesitates trusting the cards shared key with each host that wants to authenticate that card. The cards are timed to deactivate after some time interval (again, this is an option) the default lifespan is 3 years, they can go as high as 4 or 5, but after that, the battery isn't reliable. You can probably imagine some of the problems with such a system. First and foremost in my opinion, it uses an unknown proprietary algorithm which is a closely guarded company secret known only to them and anyone which a dissasembler. Obviously such an algorithm has never undergone any serious scrutiny. Most respectable researchers (outside of Ft Meade) do not need to disassemble code to find material to write papers on. Second, the cards are programmed at the factory, and the user has no way of reseeding them. The company actually touts the fact that they have all the card info for all customers on file, and will gladly send you encrypted tapes or floppys if you loose you database! Of course they will only talk with one designated contact at your site, and they will only ship materials to that person. In all fairness if your a big client, and you insist, they might be compelled to tell you how to seed the cards, and give you a batch of "raw" cards. When I mentioned how ludicrous it was for us to trust their internal security, they made some lame noises about employees being "bonded". In other words, they have established plausible denyability and are "out of the loop" should your security data be compromised. I was a little furious. Lastly, their expensive. Something on the order of $60/card in quantities of 250 to 500 for cards that last 3 years and change every 60 seconds. Programmable DES devices (used by DEC and others) which employ a challenge response system are about one third as much. I came away from the talk with a bitter taste in my mouth. As I understand it (and please correct me if I'm wrong) they are, at this point, one of the largest companies "crypto card" companies in the world. This is, to say the least, unsettling. If you want more info, they're Colorado office is at: Security Dynamics 5299 DTC Boulevard Suite 500 Englewood, CO 80111 Phone: +1 303 773-6519 brad From karn at qualcomm.com Wed Apr 7 15:22:56 1993 From: karn at qualcomm.com (Phil Karn) Date: Wed, 7 Apr 93 15:22:56 PDT Subject: EMI shielding Message-ID: <9304072222.AA29676@servo> Apropos the recent discussion about TEMPEST shielding, there's an interesting product that might prove quite useful: CAPCON EMI suppressant tubing. A colleague got a shipment of it today. It's ordinary black rubber tubing that has been loaded with iron oxide. It comes in 26 sizes from .04" ID to 1.25" ID, and is claimed to have much better attenuation than ferrite beads, especially at UHF and microwave frequencies. You can shield entire cable lengths with it, or you can apply it in short segments (1" to 1') just like ferrite beads and get plenty of attenuation for less cost and weight (this stuff is *heavy*, and the 1/2" stuff cost several dollars per foot.) It's also available as sheeting in various thicknesses for lining cabinets, etc. I got the bright idea to test the absorptivity claims for this stuff by putting an 8" piece into a microwave oven. After 10 seconds, it was too hot to handle. I'd say it's doing just what it's supposed to do. Contact info: Capcon, Inc 147 W 25th St New York, NY 10001 212-243-6275 212-645-0185 (fax) Phil From mrnoise at econs.umass.edu Wed Apr 7 15:25:38 1993 From: mrnoise at econs.umass.edu (Mr. Noise) Date: Wed, 7 Apr 93 15:25:38 PDT Subject: PHRACK: ...put up or... Message-ID: <9304072224.AA27727@titan.ucs.umass.edu> > > >The flaws are big enough to drive a bakery truck through. Its trash. > > > maybe you should do a better writeup and publish it in PHRACK or 2600? > [...] > If you don't like your goverment, vote. If you don't like something that is > published, write something yourself. It's not some type of elite club of > writers, both publications welcome people of all walks to submit. Hear, hear! For cryin' out loud, Fido 'Snooze' accepts *everything* they're sent! ...& if that isn't good enough, start your own: electrons are free! (Well, sort of...) From huntting at glarp.com Wed Apr 7 16:11:58 1993 From: huntting at glarp.com (Brad Huntting) Date: Wed, 7 Apr 93 16:11:58 PDT Subject: FLAME: Perry M. vs. taking action (was: Re: PHRACK...) In-Reply-To: <9304071904.AA17502@> Message-ID: <199304072311.AA02853@misc.glarp.com> > Not voting in today's society is a cop out. It is most certainly not > perfect, and the choices suck, but it remains one of the major voices you > have today in the world. Voting arguably endorses the system. If you are vocal about why you dont endorse the system, your refusal to vote can have alot more impact than going to the polls. After all, in any reasonably large election, your vote barely counts at all, but your voice can be heard a long way away if your saying something interesting and your saying it loud enough. brad From kieran2101 at aol.com Wed Apr 7 17:25:19 1993 From: kieran2101 at aol.com (kieran2101 at aol.com) Date: Wed, 7 Apr 93 17:25:19 PDT Subject: PGP and problems therewith. Message-ID: <9304072025.tn41388@aol.com> > I was under the impression that there was a newsgroup for discussion of how > to use PGP. There is: alt.security.pgp. Of course, like all alt.* groups, its propagation may vary. From marc at GZA.COM Wed Apr 7 17:41:58 1993 From: marc at GZA.COM (Marc Horowitz) Date: Wed, 7 Apr 93 17:41:58 PDT Subject: Real-time BBS Encryption?? In-Reply-To: <9304071836.AA26678@flubber.cc.utexas.edu> Message-ID: <9304080043.AA28900@pad-thai.aktis.com> >> Sure, no problem, provided you are willing to do a lot of coding... A lot of coding? You can come very close to doing it with off-the-shelf code. ka9q for SLIP. Telnet authentication is now an RFC, and encryption will be available probably within a few weeks. Plus, with IP, you can use existing mechanisms (like POP) to get your mail on your local PC and do your decryption there. This is beyond any PC code I know, and would require new development. Marc From Doug.Brightwell at Corp.Sun.COM Wed Apr 7 19:32:10 1993 From: Doug.Brightwell at Corp.Sun.COM (Doug Brightwell) Date: Wed, 7 Apr 93 19:32:10 PDT Subject: Thanks for Mac PGP 2.2 Pointers Message-ID: <9304080231.AA12843@media.Corp.Sun.COM> Thanks to all who responded to my query regarding ftp sites for Mac PGP 2.2. Doug Brightwell From tcmay at netcom.com Wed Apr 7 21:33:22 1993 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 7 Apr 93 21:33:22 PDT Subject: MATH: Zero Knowledge Proofs Message-ID: <9304080431.AA26255@netcom.netcom.com> [Since this should also be of interest to the Cypherpunks list, which Ray is/was subscribed to, I am posting this essay to that list.] Ray Cromwell writes: > Could someone explain zero knowledge proofs and give me an example. I >have taken number theory and abstract algebra so feel free to use equations. > >(I know that zero knowledge proofs are a way of certifying something without >revealing the information you are certifying, but I want to know how they >work mathematically) Zero knowledge interactive proof systems ("ZKIPS") are sometimes called "minimum disclosure proofs" (with some subtle differences) and are exciting and mysterious (at first) methods that lie at the heart of modern cryptology. Here's a simple explanation. Too bad we don't have a blackboard! ALICE AND BOB (some people call them Peggy the Prover and Vic the Verifier) Alice wishes to prove to Bob that she knows some item of knowledge without actually giving Bob any of that knowledge. Let us first imagine that Alice claims she knows a "Hamiltonian cycle" on a particular graph. (For a given set of nodes and arcs linking some of those nodes, a Hamiltonian cycle is one which passes through each node once and only once. You might want to draw some graphs on a sheet of paper and try to find a Hamiltonian cycle for the graphs, to get a feel for the problem.) The particular graph may be "registered" somewhere with Alice's claim that she--and only she, for reasons I'll discuss at the end--knows a Hamiltonian cycle for the graph. In a sense, this is her "proof of identity." To make this example concrete, Alice is using this piece of knowledge as her *password* to get into some system. She presents a map of 50 cities and some set of highways interconnecting them and says "I am who I say I am if and only if I know a Hamiltonian cycle for this graph." The conventional (non zero knowledge) way to convey this knowledge is for Alice to simply *show* the Hamiltonian cycle to Bob. This is how passwords are currently handled. Bob, and anybody else who is spying on the exchange, then knows the "secret," which isn't a secret anymore. (Anybody who saw the exchange, including Sysadmin Bob, could then impersonate her.) ENTER ZERO KNOWLEDGE Alice, instead of showing Bob the Hamiltonian cycle, takes the cities and covers them with something, say, coins. (On a computer, this is all done in software, using the cryptographic protocol called "bit commitment.") Alice scrambles the position of the cities (covered by coins) so as not to allow positional cues. (Most of the 50 cities should have about the same number, ideally exactly the same number, of links to other cities, to ensure that some cities are not "marked" by having some unique number of links. A detail.) Needless to say, she scrambles the cities out of sight of Bob, so he can't figure out which cities are which. However, once she's done with the scrambling, she displays the cities in such a way that she can't *later change*..i.e., she "commits" to the values, using well-known cryptographic methods for this. (If this sounds mysterious, read up on it. It's how "mental poker" and other crypto protocols are handled.) Bob sees 50 cities with links to other cities, but he doesn't have any way of knowing which of the covered cities are which. Nor, I should add, are the links labelled in any way--it wouldn't do to have some links permanently labelled "Route 66" or "Highway 101"! She says to Bob: "Pick one choice. Either you can see a Hamiltonian cycle for this set of covered cities and links, or you can see the cities uncovered." In other words, "Alice cuts, Bob chooses." Bob tosses a coin or chooses randomly somehow and says: "Show me the cities." Alice uncovers all the cities and Bob examines the graph. He sees that Akron is indeed connected to Boise, to Chicago, to Denver, not to Erie, and so on. In short, he confirms that Alice has shown him the original graph. No substitution of another graph was made. Bob, who is suspicious that this person is really who she claims to be, says to Alice: "Ok, big deal! So you anticipated I was going to ask you to show me the cities. Anybody could have gotten Alice's publicly registered graph and just shown it to me. You had a 50-50 chance of guessing which choice I'd make." Alice smugly says to him: "Fine, let's do it again." She scrambles the cities (which are covered) and displays the graph to Bob...50 covered cities and various links between them. She tells Bob to choose again. This time Bob says: "Show me the Hamiltonian cycle." Without uncovering the cities (which would give the secret away, of course), Alice connects the cities together in a legal Hamiltonian cycle. Bob says, "OK, so this time you figured I was going to ask you the opposite of what I did last time and you just substituted some other graph that you happened to know the Hamiltonian cycle of. I have no guarantee the graphs are really the same." Alice, who knows this is just the beginning, says: "Let's do the next round." ...and so it goes.... After 30 rounds, Alice has either produced a legal Hamiltonian cycle or a graph that is the same as (isomorphic to...same cities linked to same other cities) the registered graph in each and every one of the rounds. There are two possibilities: 1. She's an imposter and has guessed correctly *each time* which choice Bob will make, thus allowing her to substitute either another graph altogether (for when Bob wants to see the Hamiltonian cycle) or just the original graph (for when Bob asks to see the cities uncovered to confirm it's the real graph). Remember, if Alice guesses wrong even once, she's caught red-handed. 2. She really is who she claims to be and she really does know a Hamiltonian cycle of the specified graph. The odds of #1 being true drop rapidly as the number of rounds are increased, and after 30 rounds, are only 1 in 2^30, or 1 in a billion. Bob choose to believe that Alice knows the solution. Alice has conveyed to Bob proof that she is in possession of some knowledge without actually revealing any knowledge at all! The proof is "probabilistic." This is the essence of a zero knowledge proof. There's more to it than just this example, of course, but this is the basic idea. SOME DETAILS 1. Could someone else discover the Hamiltonian cycle of Alice's graph? Exhaustive search is the only way to guarantee a solution will be found--the Hamiltonian cycle problem is a famous "NP-complete" combinatorial problem. This is intractable for reasonable numbers of nodes. 50 nodes is intractable. 2. If finding a Hamiltonian cycle is intractable, how the hell did Alice ever find one? She didn't *have* to find one! She started with 50 cities, quickly connected them so that the path went through each city only once and then wrote this path down as her "secret" solution. Then she went back and added the other randomly chosen interconnects to make the complete graph. For this graph, she obviously knows a Hamiltonian cycle, *by construction*. 3. Can Bob reconstruct what the Hamilonian cycle must be by asking for enough rounds to be done? Not generally. Read the papers for details on this, which gets deeply into under what circumstance partial knowledge of the solution gives away the complete solution. 4. Are there other problems that can be used in this same way? Yes, there are many forms. I find the Hamiltonian cycle explanation quite easy to explain to people. (Though usually I can draw pictures, which helps a lot.) 5. How general is the "zero knowledge interactive proof" approach? Anything provable in formal logic is provable in zero knowledge, saith the mathematicians and crypto gurus. Check out the various "Crypto Conference" Proceedings. Hope this helps. -Tim May -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available. From rjc at gnu.ai.mit.edu Wed Apr 7 22:59:54 1993 From: rjc at gnu.ai.mit.edu (rjc at gnu.ai.mit.edu) Date: Wed, 7 Apr 93 22:59:54 PDT Subject: MATH: Zero Knowledge Proofs In-Reply-To: <9304080431.AA26255@netcom.netcom.com> Message-ID: <9304080559.AA63552@hal.gnu.ai.mit.edu> Excellent essay Tim (as usual). Is there a more practical method based on a simpler 'intractable' problem? [not that it's useless. I could probably code up an implementation based on your description, but it seems like a pain to generate graphs everytime you want to prove some trivial knowledge.] -Ray -- Ray Cromwell | Engineering is the implementation of science; -- -- EE/Math Student | politics is the implementation of faith. -- -- rjc at gnu.ai.mit.edu | - Zetetic Commentaries -- From crunch at netcom.com Wed Apr 7 23:47:02 1993 From: crunch at netcom.com (John Draper) Date: Wed, 7 Apr 93 23:47:02 PDT Subject: The WELL took off PGP from public downloads Message-ID: <9304080647.AA11935@netcom4.netcom.com> Just thought I should mention, that "gail" has removed PGP from the WELL's public downloads, and when I asked her why, she didn't comment (yet!). JD From gg at well.sf.ca.us Thu Apr 8 02:32:08 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Thu, 8 Apr 93 02:32:08 PDT Subject: Musical Cypher CD project Message-ID: <199304080931.AA02038@well.sf.ca.us> Excellent news...! Recall Matt's & my postings about putting cyphertext into a CD as part of the artistic presentation....? The idea being to establish it as part of the overall protected artistic speech as it were. Well, I've found a band in the area who have tried doing something VERY similar and currently have a very decent quantity of material READY TO GO. Includes hypercard stacks, quicktime movies, macromind movies, miscellaneous art & screen savers.... a lot of it is footage of the band playing live, with music tracks included (i.e. show videos), some of it is computer graphic art, and so on. The band is called NOW, and they sound like a cross between Rush, Crimson, and Yes; are incredibly talented, write new songs so prolifically (sp?) that they could put out 5-10 more albums with what's already ready... have a couple of albums out on an indie label... and are ready & willing & way interested in doing a project. What they wanted to do was put all the video and other stuff on the first track of a CD so it would be accessible on a CDROM player. They got that far and also some studio sessions with the songs for the album, and then ran into a wall as far as the tech angle on getting the stuff to work right. We have studios available to record the music, the band can go in any time, and they're hip to encrypting their video stuff & having people go hunting for the key (put it in the lyric sheets, have people write for it, etc). I recall someone from Contra Costa offering to fund this; well, we're ready. This will easily sell a few thousand copies which will pay back costs; and given the band's artistic strengths, will probably do better than that. And it will certainly be a first, and a decent stake in the ground for crypto as artistic freedom of expression. Email gg at well.sf.ca.us for more info. From anon0709 at nyx.cs.du.edu Thu Apr 8 03:31:44 1993 From: anon0709 at nyx.cs.du.edu (Name withheld by request) Date: Thu, 8 Apr 93 03:31:44 PDT Subject: subscribe Message-ID: <9304081033.AA24771@nyx.cs.du.edu> Please subscribe me to the cypherpunks list. Sean Carton /es From dasher at well.sf.ca.us Thu Apr 8 07:58:48 1993 From: dasher at well.sf.ca.us (D Anton Sherwood) Date: Thu, 8 Apr 93 07:58:48 PDT Subject: false analogy Message-ID: <199304081458.AA06134@well.sf.ca.us> > If you don't like your goverment, vote. If you don't like something that > is published, write something yourself. . . . That should be -- If you don't like your government, start your own. Or better yet --- If you don't like your government, govern yourself. *\\* Anton Ubi scriptum? ;) From greg at ideath.goldenbear.com Thu Apr 8 14:56:11 1993 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Thu, 8 Apr 93 14:56:11 PDT Subject: Real-time BBS Encryption?? In-Reply-To: <01930407174710/0005857625DC2EM@mcimail.com> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Michael McMahon writes: [Talks about real-time end-to-end encryption of user sessions on BBS's.] It's not quite as sexy and "James Bond" as real-time end-to-end encryption, but I think an easier approach to this would be to adopt the architecture of the offline mail-reading programs that are available. For the benefit of people unaccustomed to offline readers, these programs collect up all of the unread messages, E-mails, and file descriptions from a BBS, .ZIPs or otherwise packs/compresses the files, and then the user downloads that "packet", and hangs up. The user then uses a program on her local PC to read and reply to messages in that packet, dials the BBS again, and uploads her responses. I haven't fussed around with offline readers much, but I'll bet it'd be pretty simple to add a step to the collection/.ZIP process, which would encrypt the whole package with some prearranged key. This would allow folks to use standard BBS programs, standard terminal programs, and perhaps even standard offline readers. It should be pretty simple from a programming standpoint, as well; it's perhaps implementable with only batch commands. Yes, the "bad guys" will get to watch the user log on and log off, and can read the menus and choices - but so what? It's possible (easy, really) to encrypt all of the really interesting stuff. - -- Greg Broiles greg at goldenbear.com Golden Bear Consulting +1 503 465 0325 Box 12005 Eugene OR 97440 BBS: +1 503 687 7764 -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK8R3jH3YhjZY3fMNAQHDagP6AkE+8WrEtSOVNfBDiL6UYplI+TAihl66 IffYPilZ+b9Nxq2VHBF8aUYnX7duLRaivILQ7CPIRsNnKRq3DF5bljcvLY9B9VNn 3SSFSGJFQFYvakElcZPbCGhFbsLdmF8QNN97Z8Cdbx4fGYmj83brNidhHYNeXhpo 5Nk2+5W80mE= =Yxdd -----END PGP SIGNATURE----- From Pat_Barron at transarc.com Thu Apr 8 15:03:15 1993 From: Pat_Barron at transarc.com (Pat_Barron at transarc.com) Date: Thu, 8 Apr 93 15:03:15 PDT Subject: Security Dynamics In-Reply-To: <199304072203.AA02670@misc.glarp.com> Message-ID: At one point, I talked to Security Dynamics, and experienced the same reaction as the original poster. Additionally, I found it ludicrous that the cards were programmed to self-destruct after a period of time, that they keep their encryption scheme so secret (though they'll sell you source code if you fork over sufficient bucks), and that there was no way to reprogram/reset the cards in the field. I also couldn't stomach their "well, you just have to trust us" response to a lot of my objections about it being a closed proprietary system, having them know all of my key data, and not being able to reprogram the cards. I had much better luck with Digital Pathways, and their "SecureNet Key" product. This is a small (about as long and wide as the SecurID card, but about 2.5 times as thick) hand-held authenticator that's meant to go with Digital Pathways' "Data Defender" secure communications front-end, though they sell the SecureNet Keys separately, and they're not very expensive. They use DES, are individually field-programmable, and Digital Pathways is only too happy to give you as much info about them as you want - for free. With the info they gave me, it was no problem towrite code that knows how to use the SecureNet Key. --Pat. From pete at cirrus.com Thu Apr 8 15:06:37 1993 From: pete at cirrus.com (Pete Carpenter) Date: Thu, 8 Apr 93 15:06:37 PDT Subject: FLAME: taking action Message-ID: <9304082207.AA16844@ss2138.cirrus.com> >> Not voting in today's society is a cop out. It is most certainly not >> perfect, and the choices suck, but it remains one of the major voices you >> have today in the world. > > Voting arguably endorses the system. If you are vocal about why > you don't endorse the system, your refusal to vote can have a lot > more impact than going to the polls. If you don't vote, your opinion literally doesn't count, and means that you are perfectly happy with the status quo. Not voting guarantees that you will have no voice. Perot's name will be remembered a lot longer than some nuts whining how about the process doesn't work. The best way to protest the current system, is to vote for something else. I'm a Libertarian rather than a Perotian, but I give him a lot of credit for allowing so many people to see beyond the two party system. Vote with your feet, not with your butt. --- Pete Carpenter pete at cirrus.com Talk about your plenty, talk about your ills, One man gathers what another man spills. - Robert Hunter From vanam at shadow.ksu.ksu.edu Thu Apr 8 15:17:22 1993 From: vanam at shadow.ksu.ksu.edu (Stephen LeeSecond son of Caine) Date: Thu, 8 Apr 93 15:17:22 PDT Subject: Help, please. Message-ID: <9304082217.AA07305@shadow.ksu.ksu.edu> I am very new to the world of hacking... Could you all give me a hand understanding...(aka suggested reading and helpful tips for a newbie.) Thanx in advance Stephen From pmetzger at shearson.com Thu Apr 8 16:18:45 1993 From: pmetzger at shearson.com (Perry E. Metzger) Date: Thu, 8 Apr 93 16:18:45 PDT Subject: FLAME: taking action In-Reply-To: <9304082207.AA16844@ss2138.cirrus.com> Message-ID: <9304082228.AA10301@snark.shearson.com> This message isn't appropriate for cypherpunks, so I am replying in private mail. Pete Carpenter says: > If you don't vote, your opinion literally doesn't count, and means that [...] From internaut at aol.com Thu Apr 8 16:32:02 1993 From: internaut at aol.com (internaut at aol.com) Date: Thu, 8 Apr 93 16:32:02 PDT Subject: FWEE!: kiosks Message-ID: <9304081930.tn48662@aol.com> Yo Dewds, I guess it's time for me to throw in my two bits on the Public WB Kiosk idea... I guess I appreciate the intent of implementing such a system, but there are some BIG strikes against it: [1] Strike One: Installation and maintenance costs (economics again). Can you IMAGINE what it would cost to build and maintain a network (and it would have to be a big one!) of public kiosks? Better to piggyback on existing infrastructure for purely practical reasons. I have an account on the aforementioned SF Net (little tables in coffeehouses all over the San Francisco Bay Area) and I have come to the conclusion that it would be prohibitive to just maintain such a system. Wayne Gregori would back me up on this. If you think it's a pain to keep your baby-powdered PC at home in decent working order, imagine one with beer spilt on it daily, bozos who type like Paul Bunyan on Steroids and the occasional chairleg-yanking-the-plug-out-of-the-wall incident. Most of the time, I log in to SF Net from home anyway. [2] Strike Two: Lack of Privacy while using the kiosks. I think Eric Hughes' argument (with due respects to Eric) about the expensive economics of monitoring the kiosks falls down just a tad when you consider that these would not even be _moving targets_! (In both the literal and figurative senses.) Sure, it's expensive to "tail" someone and find out where they go and who they meet, but it's less than trivial to set up a discreet camera that just watches a stationary kiosk all day long or maybe photographically or electromagnetically (with a moderately sophisticated bug) monitor the keystrokes. Maybe you _could_ make them portable and move them around; maybe you _could_ come up with a clever physical design that would preclude keystroke photography (but bugs?), but any such defenses would pale in comparison with the Privacy inherent in the WB input from a single user's personal system. "Public Privacy:" now _there's_ an oxymoron for the 90's! All jocularity aside, it would be pretty difficult to convince anyone with serious information on Govt abuses to stroll into a Mall and spill their guts on a PC Junior in a plywood box - I sure as hell wouldn't, would you? Hell, you could put touchscreens on it and I STILL wouldn't take the chance. Anyone ever seen the "Human Jukebox" in SF? A guy dresses up in a huge cardboard refrigerator shipping box and when you drop a quarter in, he plays (on trumpet) some selection from a list on the outside. Very funny stuff: I suggest you ask for "Strangers in the Night." [3] Strike Three (yer OUT!): those ugly little plastic-encased keyboards get all that icky finger dirt on 'em. Sure you laugh NOW, but just IMAGINE where people put their fingers before typing on them little keyboards. Yuck! Think of the diseases! The nose pickings! The leftover popcorn-butter residue! The Jeri-Curl! Yeesh... makes me wanna HURL. But Serially, Folks: If a group COULD surmount these difficulties, it would then have to begin to focus on the TYPE of whistleblowing that would take place on such systems. I have the feeling that they would be a PRIMARY contributor to the overall bullshit noise that would clutter up a decent WB systems and exponentially increase the difficulty of filtering out the "good" stuff for proper use. Sure, you could rely on OTP's to provide relatively secure transmissions, but the big question is: do we really want a bunch of Valley Girls at the local Mall logging in and complaining that they "can't get the proper shade of eyeliner and, like, why doesn't the Federal Govurnmint toe-tully reform the Health In-fersure-ance System" so they could, like, get the bunyons burned off their right foot in time for the Prom. I think you get my point. We have a ot more to work on before I consider this to be a desirable, much less viable, idea. dave ------------------------------------------------ | | | no fancy-dan sig-stamps, just li'l ol' me. | | | ------------------------------------------------ From rubin at citi.umich.edu Fri Apr 9 09:03:17 1993 From: rubin at citi.umich.edu (Aviel David Rubin) Date: Fri, 9 Apr 93 09:03:17 PDT Subject: Speed of RSA Message-ID: <9304091603.AA23216@toad.com> Does anyone have anything on the speed of RSA encryption for various key lengths on various machines? In particular, I am interested in how long it takes to decrypt mail headers on an IBM rt or RS6000, for various key lengths. I'm sure this has been measured. Any help would be appreicated. Thanks. Avi Rubin From nowhere at bsu-cs.bsu.edu Fri Apr 9 11:01:37 1993 From: nowhere at bsu-cs.bsu.edu (Chael Hall) Date: Fri, 9 Apr 93 11:01:37 PDT Subject: Help, please. In-Reply-To: <9304082217.AA07305@shadow.ksu.ksu.edu> Message-ID: <9304091805.AA18414@bsu-cs.bsu.edu> > >I am very new to the world of hacking... Could you all give me a hand >understanding...(aka suggested reading and helpful tips for a newbie.) > >Thanx in advance > >Stephen Stephen, I would strongly suggest _Hackers_ by Steven Levy (ISBN: 0-440-13405-6). After you have read this book, you will have a very good understanding of what true hacking is (versus all of the new "meanings.") After that, perhaps the _Hacker Crackdown_ by Bruce Sterling (?). Then after that, you pretty much choose your own course... If you want to get into MSDOS programming, you will get lots of interrupt listings, disassemblers, etc. If you want to get into UNIX programming, you will get lots of UNIX books, recompile your kernel a few times, etc. :) Hacking is a very personal experience for me, and usually I'm hacking. The term is defined as "learning by trial and error." You can hack a car if you get the manual, sit down, and just start fiddling until you get it right. Incidentally, psychology backs up hacking as a good method for learning, because operant conditioning (where when you are on the right track, you start getting positive responses [rewards], so you go in that direction, and when you eventually get it right, you will remember how you got there) is known to be a strong teaching tool. For example, your program isn't working, but when you add a particular statement to the code, it starts to behave, but the results aren't right. So you follow in that vein of thinking and soon enough the whole thing is fixed (aside from new undocumented features.) I thought that psychology would come in handy sometime... Chael -- Chael Hall nowhere at bsu-cs.bsu.edu, 00CCHALL at BSUVC.BSU.EDU (317) 285-3648 after 5 pm EST From nowhere at bsu-cs.bsu.edu Fri Apr 9 11:19:08 1993 From: nowhere at bsu-cs.bsu.edu (Chael Hall) Date: Fri, 9 Apr 93 11:19:08 PDT Subject: Real-time BBS Encryption?? In-Reply-To: Message-ID: <9304091815.AA19210@bsu-cs.bsu.edu> [ Info on offline readers ] >I haven't fussed around with offline readers much, but I'll bet it'd be >pretty simple to add a step to the collection/.ZIP process, which would >encrypt the whole package with some prearranged key. Yes, that's a definite possibility. Most of the popular offline readers require that you first send them a packet (usually empty) so that they will put you in the database. The reader could just accept a certain file (pubkey.asc for example) that contains the key you want to be used. Then all sessions with you will be so encrypted. Your mail to the BBS could also be encrypted with the BBS's public key. Unfortunately, one problem still exists: I don't know of too many BBS's where the e-mail messages are actually encrypted on the disk. As a matter of fact, the SYSOP can usually read all mail. >This would allow folks to use standard BBS programs, standard terminal >programs, and perhaps even standard offline readers. It should be pretty >simple from a programming standpoint, as well; it's perhaps implementable >with only batch commands. Yes, the "bad guys" will get to watch the user log >on and log off, and can read the menus and choices - but so what? It's >possible (easy, really) to encrypt all of the really interesting stuff. Some of those programs (MegaMail, TomCat, etc) run PKUNZIP to unzip the file(s) then take care of the files themselves. There isn't an easy way to throw in encryption. I would be willing to add an encryption option to my offline mail software, though. I have written a UTI (Universal Text Interface) for ChaelBoard that lets it interface with RelayNet(tm) and offline mail readers that use UTI's. I also write a QWK/REP interface that allows ChaelBoard to be a node (the hub software isn't quite done yet) on WildNet and for offline mail reading/replying. I could implement encryption in the ZIP/UNZIP step (for the users who have PGP keys registered with the BBS). Do you think it's worth my time? Chael Hall -- Chael Hall nowhere at bsu-cs.bsu.edu, 00CCHALL at BSUVC.BSU.EDU (317) 285-3648 after 5 pm EST From rustman at netcom.com Sat Apr 10 22:43:25 1993 From: rustman at netcom.com (Rusty Hodge) Date: Sat, 10 Apr 93 22:43:25 PDT Subject: Real-time BBS Encryption?? In-Reply-To: <01930407174710/0005857625DC2EM@mcimail.com> Message-ID: <9304110543.AA26230@netcom.netcom.com> > Here's the situation: We all know that some advanced computer systems > have real-time encryption built into all modem connections. When a > bank branch dials into the main office the entire transmission may be > encrypted. This occurs even between terminal connections and the host. This is usually accomplished through an external "data encryption unit", which is interfaced between the terminal (host) and modem. It is NOT in software. > I'm wondering if there is a way to do this with PCs? Aside from those very expensive high-end boxes that banks use for their sensative information, there was a DES encryptor made by Practical Peripherals years ago. It still may be available. -- From norm at netcom.com Sun Apr 11 00:18:32 1993 From: norm at netcom.com (Norman Hardy) Date: Sun, 11 Apr 93 00:18:32 PDT Subject: REMAIL: cypherpunks strategy Message-ID: <9304110718.AA19161@netcom4.netcom.com> In-Reply-To: <26H11B1w164w at ideath.goldenbear.com> I just got around to Greg Broiles interesting note where he describes his practice of using several account names. He feels apologetic about it. Authors have used pen-names for a long time without opprobrium. The mathematician Eric Temple Bell wrote science fiction under the pen name "John Taine". Several authors have written different styles of works, one pen name per style. As I understand the law there is nothing illegal in using an alias as long as the purpose is not fraud, which is already illegal. One must protect the reputation of each alias. Where aliases are common negative reputations loose their bite but the benefits of positive reputations provide incentives for good behavior. From hughes at soda.berkeley.edu Mon Apr 12 09:53:09 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Mon, 12 Apr 93 09:53:09 PDT Subject: Security Dynamics In-Reply-To: Message-ID: <9304121649.AA26494@soda.berkeley.edu> Re: security dynamics One could perform an interesting test with one of these Security Dynamics card. Aim a video camera at the LCD display so that the display takes up the full width of the image. Hook the video signal up to a digitizer board, and recognize the numbers that appear on the face. Spit them out as often as they appear. For someone with all the equipment, this should be a one or two evening hack. Now, if the number changes every minute, that's a little over 10,000 samples in a week, certainly enough to determine if they are using weak random number generation. I'll put the data on the ftp site, should anyone actually do this. Eric From hughes at soda.berkeley.edu Mon Apr 12 10:17:28 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Mon, 12 Apr 93 10:17:28 PDT Subject: FWEE!: kiosks In-Reply-To: <9304081930.tn48662@aol.com> Message-ID: <9304121714.AA28356@soda.berkeley.edu> Dave writes on public kiosks: >[1] Strike One: Installation and maintenance costs (economics again). >[They are too high.] I'm not talking about building a network of machines just for the purpose of whistleblowing. I'm talking about making interfaces to existing systems. In particular, the public machines at sfnet would _also_ be interfaces to any whistleblowing system. The incremental cost is minimal; it's a small bit of software at the server. >[2] Strike Two: Lack of Privacy while using the kiosks. There is a different kind of privacy in a public space than in private space. In a private space, everyone may know where you live, but nobody knows what goes on inside. In a public space, everyone may see what happens, but no one knows who you are. Please consider these approximations to reality. In particular, since it is anonymity which is desired, a public place is sufficient. >I think Eric Hughes' argument (with due respects to Eric) about the >expensive economics of monitoring the kiosks falls down just a tad >when you consider that these would not even be _moving targets_! The cost of placing a video camera to monitor a computer inside a coffeehouse must also include the possibility of negative publicity and lawsuit when such an emplacement is discovered. Monitoring a public place in advance of any "crime" being committed is _very_ bad for job security and department funding. >[...] but any such defenses would pale in comparison with the Privacy >inherent in the WB input from a single user's personal system. I am also not talking about replacing the ability to post from home. I am talking about expanding the number of entry points into the distribution system. The largest benefit for public-space access is that you can use this if you don't have a computer at home. You can also use it if you don't have a computer at work. >have the feeling that they would be a PRIMARY contributor to the overall >bullshit noise that would clutter up a decent WB systems and exponentially >increase the difficulty of filtering out the "good" stuff for proper use. A whistleblower system, by default, must be free of judgements about what is "good" to be on it and what is "bad". If someone thinks that something ought to be brought to light, then I say let them speak, no matter how trivial or inappropriate it might be. It is easy to ignore messages you don't want to consider. It is much, much harder to read messages that the author hesistates to write for fear of reprisal. A whistleblower system can tolerate more noise than usenet, since the core content of it can be so extremely valuable. If there is only access to a whistleblowing system for those who own computers or are provided access to them, then any such system will remain only a tool of the wealthy. You do not hear of abuses in labor law from anybody but the employees; these employees do not have computers. Anybody who has NATIONAL SECRETS to tell is, I would guess, a fool to post twice from a particular location. Anybody who has anything lengthy or digitally copied to say cannot easily use this system. It's not conducive to digital signatures. Public kiosks are not a panacea. To argue that they should therefore not exist is nonsense. Eric From edgar at spectrx.Saigon.COM Mon Apr 12 10:29:20 1993 From: edgar at spectrx.Saigon.COM (Edgar W. Swank) Date: Mon, 12 Apr 93 10:29:20 PDT Subject: PGP: Re: PGP Error Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Michael Diehl wrote on April 6: When I use the following command line in a batch file, I get a Compression/ decompression error. No files are created. The contents of the batch file is: pgp -es %1 %2 Diehl Where %1 is the name of the file to send, and %2 is the other person's name. What am I doing wrong, or is ther a problem with my pgp? I think there's a problem with PGP. A net-friend of mine in Poland first brought this to my attention. He says he's already notified PGP author Branko Lankester. The problem's occurance seems to depend on the file being compressed/encrypted. Files which are already compressed, but are not ZIP files (e.g. ARJ files) seem to cause the problem. I was able to reproduce a similar problem by trying to compress ARJ.EXE (ARJ 2.30). In my case, the system crashed shortly - -after- PGP exited, and some of the armored files produced (I used - -eas) were obviously messed up. The obvious temporary bypass is to turn off compression for files which cause problems; not much of a penalty, since the file is already compressed. This can be done by a (temporary) change to the CONFIG.TXT file. I think there may also be an (undocumented) way to do this from the command line. Try: +compress=off -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK8YEFN4nNf3ah8DHAQH1IgP9E0gvLSF2DQ5dkVcyXGGLZa4+bCcZ0kOM TefqfqFZLjU4MvOPMzXzkB01aDpg1IUyfExJazNjADCrbJKqFoZymyhuB+X6KMmy faTyFGsCeNcpA5x897qwsD/M7zM3j7EVauctAjNBTM9t/34eTuaYuesPPBmEaUcS yp7J1VOvbWM= =8+bK -----END PGP SIGNATURE----- -- edgar at spectrx.saigon.com (Edgar W. Swank) SPECTROX SYSTEMS +1.408.252.1005 Silicon Valley, Ca From miron at extropia.wimsey.com Mon Apr 12 10:54:16 1993 From: miron at extropia.wimsey.com (Miron Cuperman) Date: Mon, 12 Apr 93 10:54:16 PDT Subject: Modem encryption proposal In-Reply-To: <01930407174710_0005857625DC2EM@mcimail.com> Message-ID: <1993Apr12.030810.5488@extropia.wimsey.bc.ca> -----BEGIN PGP SIGNED MESSAGE----- Let's talk less and do more. :) How about adding encryption to kermit and iScreen so that they may talk to each other in a secure manner? I am proposing these two programs because they are widely portable. kermit works on most Unix and MSDOS systems. iScreen works on most Unix systems. (Note that this would solve the network/modem eavesdropping problem, but not the untrusted remote system problem. The latter has no solution in my opinion. You just have to trust the sysadmin.) I propose writing a link encryption library which could be usable in other comm and BBS programs. Any takers? BTW, watch for an encrypted Unix talk program coming to a ftp site near you. - -- Miron Cuperman | NeXTmail/Mime ok | Public key avail AMIX: MCuperman | PSM 18Mar93 0/0 Laissez faire, laissez passer. Le monde va de lui meme. -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK8jc6pNxvvA36ONDAQEJlAP9HYJ94Ll7H0YHr5tNj3Kp3xQ8WRryyO2W BNLKYhBvoPapNMZ/4mPiPSgVZw8Tu/JXFdVtbhhA2Q7u8ef7+daf2g/fyi4M1Mb4 0a9+AKjDG6FvwMMo4AjlqTG1x0+Xl/YeizBqD1hVW/2pAu3I7IyvZavWY2HkVwwD tTDfiOSIxVk= =zhoD -----END PGP SIGNATURE----- From norm at netcom.com Mon Apr 12 10:54:32 1993 From: norm at netcom.com (Norman Hardy) Date: Mon, 12 Apr 93 10:54:32 PDT Subject: Trusting PGP Message-ID: <9304120442.AA28271@netcom2.netcom.com> At last I have read the operating instructions for PGP 2.2. I am impressed. I raised the issue of trusting PGP. John Draper correctly suggested that it was possible to trust PGP because the code was available for inspection. I agree that this places PGP far ahead of various competition regarding trust. I propose, however, that if there were a single specification that covered various file formats and perhaps program logic, that PGP would eventually gain substantially more trust. Here is why. As it is now, someone who reads the code to establish his trust in PGP must be familiar with C, in which PGP is written, number theory and various crypto threats and weaknesses. There are certainly such people. If, however, there were one operating specification then many more people would be attracted to the effort, ultimately yielding greater trust in PGP. Cryptographers without the skill or tenacity to read the code could contribute, as could programmers without the crypto theory. Each class would consult the specs, the programmers to verify that the code implemented the specs and the cryptographers to ponder whether programs with such specs were appropriate for their market. Such specifications are required for government rated secure software for just this reason. From david at staff.udc.upenn.edu Mon Apr 12 11:10:31 1993 From: david at staff.udc.upenn.edu (R. David Murray) Date: Mon, 12 Apr 93 11:10:31 PDT Subject: forward: cryptanalysis talk abstract Message-ID: <9304121808.AA14458@staff.udc.upenn.edu> Thought people might find this abstract of a talk being given here at Penn of some interest. Please let me know if I'm wrong . (And, no, I won't be attending; almost all of it would be over my head. What is in this abstract is probably as much of it as I could understand without considerable preparation ). ------------------------------------------------------------------------ In article <119753 at netnews.upenn.edu>, holland at central.cis.upenn.edu (Billie Holland) writes: > > Statistical Techniques for Language Recognition: > An Introduction and Empirical Study for Cryptanalysts > > Alan T. Sherman > Computer Science Department > University of Maryland Baltimore County > > In cryptanalysis, how can a computer program recognize when it has > discovered all or part of the secret message? For example, how can a > program recognize character strings such as ``Attack at dawn!'', > ``DES at RT ST\&RM'', or ``?tta????t d?wn'' as fragments of intelligible > messages? In the early days of cryptology a human would perform these > language-recognition tasks manually. In this talk I will explain how > to recognize language automatically with statistical techniques. > > Statistical techniques provide powerful tools for solving several > language-recognition problems that arise in cryptanalysis and other > domains. Language recognition is important in cryptanalysis because, > among other applications, an exhaustive key search of any cryptosystem > from ciphertext alone requires a test that recognizes valid plaintext. > Although I will focus on cryptanalysis, this talk should be relevant > to anyone interested in statistical inference on Markov chains or > applied language recognition. > > Modeling language as a finite stationary Markov process, I will adapt > a statistical model of pattern recognition to language recognition. > Within this framework I will consider four well-defined > language-recognition problems: 1) recognizing a known language, 2) > distinguishing a known language from uniform noise, 3) distinguishing > unknown 0th-order noise from unknown 1st-order language, and 4) > detecting non-uniform unknown language. For the second problem I will > give a most powerful test based on the Neyman-Pearson Lemma. For the > other problems, which typically have no uniformly most powerful tests, > I will give likelihood ratio tests. I will also discuss the > chi-squared test statistic $X^2$ and the Index of Coincidence $IC$. > > In addition, I will present the results of computer experiments that > characterize the distributions of five test statistics when applied to > strings of various lengths drawn from nine types of real and simulated > English. > > > This is joint work with Ravi Ganesan. Most of this work was carried > out while Sherman was a member of the Institute for Advanced Computer > Studies, University of Maryland College Park. > > Thursday, 15 April 93 > TOWNE BUILDING - 337 > 3:00 - 4:30 > -- david david at staff.udc.upenn.edu From mdiehl at triton.unm.edu Mon Apr 12 11:15:54 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Mon, 12 Apr 93 11:15:54 PDT Subject: how secure is secring.pgp? Message-ID: <9304120127.AA06741@triton.unm.edu> Yet another pgp question... We don't get any pgp news groups here. Since we need a passphrase to access our secret key, it is reasonable to think that our secring.pgp file is pretty secure, as long as our passphrase is notrivial. What am I missing here? Thanx in advance. +----------------------+----------------------------------------------------+ | J. Michael Diehl ;-) | I thought I was wrong once. But, I was mistaken. | | +----------------------------------------------------+ | mdiehl at triton.unm.edu| "I'm just looking for the opportunity to be | | Thunder at forum | Politically Incorrect! | | (505) 299-2282 | | +----------------------+----------------------------------------------------+ From sdw at sdwsys.lig.net Mon Apr 12 11:20:59 1993 From: sdw at sdwsys.lig.net (Stephen D. Williams) Date: Mon, 12 Apr 93 11:20:59 PDT Subject: Distributed anonymous posting (was Re: Many Important Items...) In-Reply-To: <9303260725.AA23290@soda.berkeley.edu> Message-ID: <9304120045.AA13308@sdwsys.lig.net> ... > > A soft node necessity: a directory lookup service, distributed, > sharing data. Merely specifying the first point of contact and > alternate paths doesn't cut it. You don't want to have to retry a > bounced message so many times. > > Who here knows enough about sendmail to consider the eventual > feasibility of integrating pseudonym lookup into mail transfer? > > Eric Hey, no problem! Just use the same escape call as the uucp pathalias. When integrating an Internet/DNS aware gateway with 1200 Unix workstations using /etc/hosts (no domain) and an X.400 connection to a VMS X.400 backbone, I hooked in a little C program that converted all the addressing to proper formats while also looking up userid's <-> fullnames in a B+tree database. I even did fuzzy matching on names on a best-unique or exact basis. Blew away X.500 functionality, which Dec and HP didn't even have integrated with X.400 at the time. Just need a program that takes an address on the command line and returns it possibly modified with a yey or ney return code. sdw From stig at netcom.com Mon Apr 12 11:50:17 1993 From: stig at netcom.com (Jonathan Stigelman) Date: Mon, 12 Apr 93 11:50:17 PDT Subject: Real-time BBS Encryption?? In-Reply-To: Message-ID: <9304120103.AA11884@netcom2.netcom.com> >I haven't fussed around with offline readers much, but I'll bet it'd be >pretty simple to add a step to the collection/.ZIP process, which would >encrypt the whole package with some prearranged key. that's vulnerable...it's the secret key problem. The ELEGANT way to do this with encription is to just make a normal ZIP file, but then build diffie-hellman into your file downloader (zmodem). This is also the least work solution. SO, since we're talking about offline mail readers... Whats the best one for the PC that works (or can easily be made to work) with rfc822 mail files? There's pcelm, which sucks...and there's mush, which is slooooow as hell because of all the overlays. I was writing my own, but I got side-tracked...somebody want to save me some programming? From hughes at soda.berkeley.edu Mon Apr 12 11:57:22 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Mon, 12 Apr 93 11:57:22 PDT Subject: a new usenet group Message-ID: <9304121854.AA06143@soda.berkeley.edu> There is a new Usenet group that some on this list might be interested in. It's called alt.privacy.anon-server This group seems to have been created as a spillover for the debate on anonymity in news.admin.policy. My nntp server has seen less than 100 articles to date. I would encourage those in this group who have strong opinions to participate in this new forum, as it seems the advocates of strong privacy are not so numerous as they are here. Eric From mike at EGFABT.ORG Mon Apr 12 12:14:20 1993 From: mike at EGFABT.ORG (Mike Sherwood) Date: Mon, 12 Apr 93 12:14:20 PDT Subject: REMAIL: cypherpunks strategy In-Reply-To: <9304110718.AA19161@netcom4.netcom.com> Message-ID: norm at netcom.com (Norman Hardy) writes: > I just got around to Greg Broiles interesting note where he describes > his practice of using several account names. He feels apologetic about it. > Authors have used pen-names for a long time without opprobrium. > The mathematician Eric Temple Bell wrote science fiction under the pen name > "John Taine". Several authors have written different styles of works, > one pen name per style. As I understand the law there is nothing illegal > in using an alias as long as the purpose is not fraud, which is already > illegal. One must protect the reputation of each alias. > Where aliases are common negative reputations loose their bite but the > benefits of positive reputations provide incentives for good behavior. How does everyone else feel about the idea of maintaining multiple accounts as a method of maintaining pseudo-anonymity? I commonly use two accounts on each of my systems, one by my real name, one by my alias, which is the same everywhere. The purpose of this is to allow me to send or recieve mail to/from people who I know from other bbs's and such and relay information in that way without giving them my real name. as greg pointed out, it's very easy to have multiple accounts; some of us run sites that give us the ability to create pseudo-users, and pseudo-sites for that matter, and others can make use of public bbs's with net access. I know of a few bbs's in my area (silicon valley) that offer net access and don't do any sort of validation, making it very simple to set up and maintain multiple accounts. How do people feel about doing something like this rather than using remailers since it seems that a lot of problems come up when people run remailers and start getting complaints? -Mike -- Mike Sherwood internet: mike at EGFABT.ORG uucp: ...!sgiblab!egfabt!mike From pmetzger at shearson.com Mon Apr 12 12:24:30 1993 From: pmetzger at shearson.com (Perry E. Metzger) Date: Mon, 12 Apr 93 12:24:30 PDT Subject: Modem encryption proposal In-Reply-To: <1993Apr12.030810.5488@extropia.wimsey.bc.ca> Message-ID: <9304121904.AA01126@snark.shearson.com> Miron Cuperman says: > Let's talk less and do more. :) > > How about adding encryption to kermit and iScreen so that they may > talk to each other in a secure manner? I am proposing these two > programs because they are widely portable. kermit works on most > Unix and MSDOS systems. iScreen works on most Unix systems. > > (Note that this would solve the network/modem eavesdropping problem, > but not the untrusted remote system problem. The latter has no > solution in my opinion. You just have to trust the sysadmin.) > > I propose writing a link encryption library which could be usable > in other comm and BBS programs. A good idea, but getting the protocol right is hard -- you don't want to put any real overhead on the line, but you also want to do error detection and resychronization so that your cypher will run properly. Discussing a proposal for a line protocol that has these features would, of course, be germane to the list. Perry From stig at netcom.com Mon Apr 12 12:27:09 1993 From: stig at netcom.com (Jonathan Stigelman) Date: Mon, 12 Apr 93 12:27:09 PDT Subject: Help, please. In-Reply-To: <9304082217.AA07305@shadow.ksu.ksu.edu> Message-ID: <9304120053.AA11205@netcom2.netcom.com> Not that I'm exactly of godlike hacking proportions, but these are obvious to me.... patience, persistance, obsessiveness, curiousity also, there's no such thing as a dumb question, but it's not terribly difficult to ask questions in the wrong place and,thereby, waste other people's time and piss them off. Your question isn't terribly appropriate to the cypherpunks list and it's so amazingly general that you won't get anything but a general answer. the most important thing about being a hacker is working with other hackers. Despite common misperceptions, hacking is a social thing. stig From vanam at interceptor.ksu.ksu.edu Mon Apr 12 15:35:48 1993 From: vanam at interceptor.ksu.ksu.edu (Stephen LeeSecond son of Caine) Date: Mon, 12 Apr 93 15:35:48 PDT Subject: Thanks a lot!!!!! Message-ID: <9304122235.AA01870@interceptor.ksu.ksu.edu> Thank for your answers and any other help for a beginer would be helpful... But to all that answered Thanks again... Stephen From warlord at Athena.MIT.EDU Mon Apr 12 19:36:55 1993 From: warlord at Athena.MIT.EDU (Derek Atkins) Date: Mon, 12 Apr 93 19:36:55 PDT Subject: how secure is secring.pgp? In-Reply-To: <9304120127.AA06741@triton.unm.edu> Message-ID: <9304130236.AA01768@hodge> -----BEGIN PGP SIGNED MESSAGE----- > Since we need a passphrase to access our secret key, it is > reasonable to think that our secring.pgp file is pretty secure, as > long as our passphrase is notrivial. What am I missing here? The secret key on the secring.pgp is IDEA-encrypted... So, it is only as strong as IDEA, and your passphrase. To break the security, someone needs to be able to: 1) Obtain your secret keyring.. This is either watching it go over the net, reading the file system, borrowing your floppy, or whatever, and 2) Obtain your secret passphrase... Only when both are accomplished can they get to your secret key, although once they have accomplished #1, they can try to break the IDEA algorithm... - -derek PGP 2 key available upon request on the key-server: pgp-public-keys at toxicwaste.mit.edu - -- Derek Atkins, MIT '93, Electrical Engineering and Computer Science Secretary, MIT Student Information Processing Board (SIPB) MIT Media Laboratory, Speech Research Group warlord at MIT.EDU PP-ASEL N1NWH -----BEGIN PGP SIGNATURE----- Version: 2.2 iQBuAgUBK8onIzh0K1zBsGrxAQHn0QLECpGbaKS3PpXdJTE0956AkeaYGuZGATJ3 Jgq7I/cEB5l2e3PPr31xdctywTi/+RBIKOJEVokPO9UMsu5KQvwngHta7NeYF8UB qS3wPDH85ro60H4fFsg/s6E= =4s7l -----END PGP SIGNATURE----- From marc at GZA.COM Mon Apr 12 20:01:11 1993 From: marc at GZA.COM (Marc Horowitz) Date: Mon, 12 Apr 93 20:01:11 PDT Subject: Security Dynamics In-Reply-To: <9304121649.AA26494@soda.berkeley.edu> Message-ID: <9304130302.AA02654@pad-thai.aktis.com> >> Now, if the number changes every minute, that's a little over 10,000 >> samples in a week, certainly enough to determine if they are using >> weak random number generation. 1) not true. I read an article about a pseudorandom number generator which appeared random to every test they used on it. Then they went and did a monte carlo simulation of something based on that prng. Guess what? It wasn't quite random enough. Lesson: it can be *very* hard to determine randomness. 2) The sequence is not random. It is cryptographically pseudorandom. This is very different. 3) A friend who has a significant math background in crypto stuff has seen the Security Dynamics algorithms (under non-disclosure), and says that they're credible. That vouches for their theory. That they insist on programming the cards and keeping the keys themselves, and that they do not allow you to program the cards yourself, is a major problem, no matter how good their math is. Marc From honey at citi.umich.edu Mon Apr 12 22:17:12 1993 From: honey at citi.umich.edu (Peter Honeyman) Date: Mon, 12 Apr 93 22:17:12 PDT Subject: Security Dynamics Message-ID: <9304130517.AA24164@toad.com> > I read an article about a pseudorandom number generator > which appeared random to every test they used on it. Then they went > and did a monte carlo simulation of something based on that prng. > Guess what? It wasn't quite random enough. Lesson: it can be *very* > hard to determine randomness. if this is the phys. rev. let. paper by ferenburg et al., there's a postscript copy up for ftp in csp2.csp.uga.edu:/pub/documents/amf1/. i can summarize. their simulations were based on five to ten runs, with 10^7 updates per run. they aren't precise about the exact number of random numbers needed, at least not in this paper, but i assume it's in the order of one per update, in which case 10,000 would not be enough. more info can be gleaned from the paper in /pub/documents/adler3/. they compared four basic rngs. a linear congruential algorithm (cong) x[n] = (16807 * x[n-1]) mod 2^31-1 two different shift register algorithms (sr250 and sr1279) x[n] = x[n-103] xor x[n-250] x[n] = x[n-103] xor x[n-1279] a subtract with carry generator algorithm (swc) x[n] = x[n-22] - x[n-43] - c if x[n] < 0 { x[n] += 2^32 - 5 c = 1 } else c = 0 a combined swc-Weyl generator (swcw) y[n] = (y[n-1] - 362436069) mod 2^32 x[n] = (swc[n] - y[n]) mod 2^32 the authors report that the tables were initialized with some care (i.e., with cong). the result reported in the phys rev let paper is that r250 gave results that were way off (the model being simulated has an exact solution), swc was better, but had error in the opposite direction, swcw was better but still showed signs of bias, and cong was within error limits. they also report that r1279 was much better than r250, but the tables are missing from the paper, so ... on the other hand, using every fifth value from r250 gave results within error limits. same with swc. odd ... maybe someone can comment on the particular rngs being tested here. they don't look particularly sophisticated to me, although the authors describe them as "ostensibly high quality rngs." hmmm ... looking over thir recent pubs, it doesn't look like this group (of statistical physicists) is following up on the rng testing angle. peter From i6t4 at jupiter.sun.csd.unb.ca Mon Apr 12 23:29:09 1993 From: i6t4 at jupiter.sun.csd.unb.ca (Nickey MacDonald) Date: Mon, 12 Apr 93 23:29:09 PDT Subject: Modem encryption proposal In-Reply-To: <9304121904.AA01126@snark.shearson.com> Message-ID: Perry: I may have missed something, but I don't see where synchronization is a concern. The whole of idea of Kermit is to provide a "binary" path between two computers. It is Kermit's responsibility to ensure the data is received in the same order as sent (sychronization is part of the Kermit protocol, no?). If we have a data stream coming from a keyboard or whatever, which we run through an invertable encryption algorithm, and then pipe it into Kermit which makes sure it gets to the other side, Kermit need not know where the data is coming from. The other side of course has to know the protocol and the key... I believe that Kermit allows variable sized packets per file transferred, but does it allow the packet size to vary during the transfer? I'd have to go find my Kermit protocol reference on that one. You would want this, as well as a relaxed timing on the protocol, if its to come from the keyboard, as a user does not (and/or cannot) normally type as a consistant rate... --- Nick MacDonald | NMD on IRC i6t4 at jupiter.sun.csd.unb.ca | PGP 2.1 Public key available via finger On Mon, 12 Apr 1993, Perry E. Metzger wrote: > A good idea, but getting the protocol right is hard -- you don't want > to put any real overhead on the line, but you also want to do error > detection and resychronization so that your cypher will run properly. > Discussing a proposal for a line protocol that has these features > would, of course, be germane to the list. From karn at qualcomm.com Mon Apr 12 23:36:15 1993 From: karn at qualcomm.com (Phil Karn) Date: Mon, 12 Apr 93 23:36:15 PDT Subject: FWEE!: kiosks Message-ID: <9304130636.AA27437@servo> Eric's comment about the complementary natures of a public kiosk and a person's home suggests a hybrid whistleblowing scheme that combines the best of both. The whistleblower creates his file in the privacy of his own home on a floppy disk, encrypts it in the public key of the whistleblowing system, and carries it to a public kiosk where he sends it. This gives the whistleblower plenty of time and quite a bit of privacy as he composes his message (unless the PTB have bugged his home computer, a possibility for a suspected repeat "offender"). The step of physically carrying his file to the kiosk eliminates anything that could be done to the whistleblower's phone (including traffic analysis), although it would not stop physical surveillance of the whistleblower. And if the whistleblower is accosted on his way to the kiosk, all they could seize would be the ciphertext of his message, encrypted in the public key of the whistleblowing service -- which the whistleblower himself would not be able to decrypt even if he wanted to. Think of the kiosk more as a public mailbox than a public phone. Phil From karn at qualcomm.com Tue Apr 13 00:21:26 1993 From: karn at qualcomm.com (Phil Karn) Date: Tue, 13 Apr 93 00:21:26 PDT Subject: Modem encryption proposal Message-ID: <9304130721.AA29941@servo> Crypto synchronization seems to be a problem mainly in real-time appliations like digital voice, where you don't have a reliable protocol underneath you. I advocate two approaches that don't seem to have been pursued much yet, at least in the Internet: per-packet encryption (and possibly) authentication) just above the IP layer, and stream encryption just above TCP. The former technique has the advantage of denying your adversary the maximum amount of information, because only the IP header is in the clear. The transport header and all user data is protected, so an eavesdropper can't tell which applications are communicating. And with IP-in-IP encapsulation, you can even deny him knowledge about which machines are actually communicating - a network-level service analogous to anonymous remailers. With authentication, network level security also provides good protection against replay attacks. The latter technique (encrypting above TCP) has the advantage of being more efficient (it doesn't break Van Jacobson TCP/IP header compression), which may make it desirable for some interactive sessions. This is essentially how encrypted Kerberos Telnet works now, although I would like to generalize the service to work with any TCP client. Phil From karn at qualcomm.com Tue Apr 13 01:15:15 1993 From: karn at qualcomm.com (Phil Karn) Date: Tue, 13 Apr 93 01:15:15 PDT Subject: Security Dynamics Message-ID: <9304130815.AA00379@servo> Several years ago, before leaving Bellcore, I got so annoyed at the SecurID cards and how they were being foisted on us by a paranoid security organization that I built an alternative one-time password system of my own. It's now called "S/KEY" (no, I didn't pick the name). Essentially, I reinvented a scheme of Leslie Lamport involving iterated one way functions. Each time you log in, you crunch your password N-1 times through a one-way function like MD4 or MD5, where N is the number of times you did it last time. The host crunches it once more (to make its password file somewhat less sensitive) and compares it to the stored password. If it matches, the file is updated and you get in. A passive eavesdropper cannot generate the next password in the sequence from the current one because that would require inverting the one-way function. The nice thing about this scheme is that it provides essentially the same service as SecurID (protection against passive eavesdropping of user passwords) without having to pay exhorbitant prices for cards and integrating some really clunky hardware into your host. You have the option of building the algorithm into your own comm programs, or even the ultra-low-tech option of printing out a list in advance and putting it in your wallet. (Use rice paper if you fear capture - you can eat it! :-)) The bad thing about this scheme is that it provides no more protection than SecurID -- it doesn't stop someone from hijacking your session after you've authenticated it, nor does it protect the session itself against eavesdropping. And frankly, at the time I was more concerned about the security droids reading my email off the Ethernet than I was about some outside cracker guessing my password. Phil From warlord at Athena.MIT.EDU Tue Apr 13 02:46:14 1993 From: warlord at Athena.MIT.EDU (Derek Atkins) Date: Tue, 13 Apr 93 02:46:14 PDT Subject: Modem encryption proposal In-Reply-To: <9304130721.AA29941@servo> Message-ID: <9304130945.AA02555@hodge> -----BEGIN PGP SIGNED MESSAGE----- > Crypto synchronization seems to be a problem mainly in real-time > appliations like digital voice, where you don't have a reliable > protocol underneath you. Phil, there is more to this than meets the eye. What happens if I, as an attacker, start feeding extra characters onto the modem line? Granted, I wont know what you are saying, since the link is encrypted, but if I can get an extra character on there, then the decryption will lose sync, and wont return the proper value... For example... Sender: more foo Encrypted data: HaoVwAog Received data: HaooVwAog Decrypted: morOmf&sm Now what? The sender and receiver are out of sync.... I believe this was what Nickey was talking about.. I was discussing this problem with a few people and haven't come up with a good, viable solution... yet. > This is essentially how encrypted Kerberos Telnet works now, > although I would like to generalize the service to work with any TCP > client. Uhh, there is a kstream package somewhere (or am I thinking of vapor-ware, it's late and I'm tried). This wouldn't be very hard to create. In fact, I was hoping to do something like this with my Thesis... Although it might get left for "future work". This depends upon having a clearly denoted stream, which neither telnet nor kermit provide a good interface. (Trust me on this -- it took me a while to try to create one for the little I've hacked them for my Thesis). - -derek PGP 2 key available upon request on the key-server: pgp-public-keys at toxicwaste.mit.edu - -- Derek Atkins, MIT '93, Electrical Engineering and Computer Science Secretary, MIT Student Information Processing Board (SIPB) MIT Media Laboratory, Speech Research Group warlord at MIT.EDU PP-ASEL N1NWH -----BEGIN PGP SIGNATURE----- Version: 2.2 iQBuAgUBK8qLvTh0K1zBsGrxAQG39QLFFn0/Nz1zVRi6kHp+j+R0KAQQlEL6588d RfSshGGFhuXIJE/S8BP8kqLrKeSeRgSbil3zBLQZNeconnExaq6VUeO5Yvn9U/0S cHggKYBTlcz1zqjp7BLxLz8= =TBaq -----END PGP SIGNATURE----- From pmetzger at lehman.com Tue Apr 13 07:40:28 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Tue, 13 Apr 93 07:40:28 PDT Subject: Modem encryption proposal In-Reply-To: Message-ID: <9304131439.AA06324@snark.shearson.com> Nickey MacDonald says: > I may have missed something, but I don't see where synchronization is a > concern. The whole of idea of Kermit is to provide a "binary" path > between two computers. It is Kermit's responsibility to ensure the data > is received in the same order as sent (sychronization is part of the > Kermit protocol, no?). I don't belive people were talking about Kermit the Protocol. They were talking about Kermit the PD terminal emulation software, which contains Kermit the Protocol. Obviously the protocol can handle error correction -- but that does nothing for you if you want to log in to a machine and do arbitrary things. Perry From hughes at soda.berkeley.edu Tue Apr 13 08:15:58 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Tue, 13 Apr 93 08:15:58 PDT Subject: FWEE!: kiosks In-Reply-To: <9304130636.AA27437@servo> Message-ID: <9304131512.AA13719@soda.berkeley.edu> >The whistleblower creates his file in the privacy >of his own home on a floppy disk, encrypts it in the public key of >the whistleblowing system, and carries it to a public kiosk where he >sends it. This is the ideal scenario. I suspect that kiosks for other purposes will eventually contain some form of user-available I/O. I'm guessing it will be infrared, maybe rs232 serial. Diskette drives are too vulnerable and expensive to be feasible in a pay phone environment; they're called armor phones, and for good reason. In particular, sfnet doesn't have diskette access. No bother, we're not going to create the best system on the first revision. A good enough system will drive later systems. Eric From hughes at soda.berkeley.edu Tue Apr 13 08:18:34 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Tue, 13 Apr 93 08:18:34 PDT Subject: Security Dynamics In-Reply-To: <9304130517.AA24164@toad.com> Message-ID: <9304131515.AA13826@soda.berkeley.edu> Re: checking distribution in 10^4 samples >their simulations were based on five to ten runs, with 10^7 updates >per run. they aren't precise about the exact number of random >numbers needed, at least not in this paper, but i assume it's in the >order of one per update, in which case 10,000 would not be enough. The method of randomness-checking done here is to run a physical simulation with the random numbers. Direct statistical methods are much more efficient. Eric From hughes at soda.berkeley.edu Tue Apr 13 08:29:10 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Tue, 13 Apr 93 08:29:10 PDT Subject: Security Dynamics In-Reply-To: <9304130302.AA02654@pad-thai.aktis.com> Message-ID: <9304131525.AA14338@soda.berkeley.edu> >>> Now, if the number changes every minute, that's a little over 10,000 >>> samples in a week, certainly enough to determine if they are using >>> weak random number generation. >1) not true. I read an article about a pseudorandom number generator >which appeared random to every test they used on it. [...] Lesson: >it can be *very* hard to determine randomness. The experiment I was proposing would possibly answer 'yes' to the question "Is the number generation weak?" It would not say how strong it was, or even if it was strong. it would, however, give some lower bound on its strength or else show that it was in fact not very strong at all. >2) The sequence is not random. It is cryptographically pseudorandom. >This is very different. Since we are talking about a device in which a sequence is duplicated on two ends, I did not feel the need to belabor the difference between pseudorandom and random. The context makes it clear that this can't be a random device based on a physically random process. >3) A friend who has a significant math background in crypto stuff has >seen the Security Dynamics algorithms (under non-disclosure), and says >that they're credible. That bit of information may mean that a 10^4 sample test is not worth doing. >That vouches for their theory. That changes our trust from no trust at all into trust in your friend's ability and your assessment of it. :-) >That they >insist on programming the cards and keeping the keys themselves, and >that they do not allow you to program the cards yourself, is a major >problem, no matter how good their math is. Granted. Their keeping the keys is worth, say, using a linear congruential generator (or worse) in terms of overall security. I was merely curious as to whether they were fools on all fronts, as opposed just to the secrecy front. Eric From hughes at soda.berkeley.edu Tue Apr 13 08:41:42 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Tue, 13 Apr 93 08:41:42 PDT Subject: how secure is secring.pgp? In-Reply-To: <9304130236.AA01768@hodge> Message-ID: <9304131538.AA14939@soda.berkeley.edu> I've-forgotten-who writes: >> Since we need a passphrase to access our secret key, it is >> reasonable to think that our secring.pgp file is pretty secure, as >> long as our passphrase is notrivial. What am I missing here? There are two security items here. The first is that the secret RSA key nott be revealed. The second is that the name attached to that key pair not be revealed. Derek writes: >The secret key on the secring.pgp is IDEA-encrypted... So, it is only >as strong as IDEA, and your passphrase. This protection applies to the first criterion--your secret key is not revealed. No one can steal your key and impersonate you. The second datum, name attached to a key, is protected only by one's sole possession of the secring.pgp file. If you are using a pseudonym, and using an RSA signature to enforce it, and doing thing with this pseudonym that you don't want identified with you, then you'd better make sure that secring.pgp file is not discovered on your machine. The format of the keyring file is such that the name attached to a key is in the clear. This is really a huge hole. Since secret keys are presumed to be in the possession of only those who actually use the keys, possession of a secret key on the secring.pgp is tantamount to proof that you are that pseudonym. In short: everything about a secret key ring should be encrypted. A parallel (not as consequential): everything about a public key ring should be encrypted. Eric From hughes at soda.berkeley.edu Tue Apr 13 09:02:00 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Tue, 13 Apr 93 09:02:00 PDT Subject: forward: cryptanalysis talk abstract In-Reply-To: <9304121808.AA14458@staff.udc.upenn.edu> Message-ID: <9304131558.AA16178@soda.berkeley.edu> >> Language recognition is important in cryptanalysis because, >> among other applications, an exhaustive key search of any cryptosystem >> from ciphertext alone requires a test that recognizes valid plaintext. For exhaustive key search on any reasonably good symmetric cipher (like DES), some simple entropy measure for n-bit-grams should suffice to distinguish random from non-random. These other approaches in this talk seem like overkill in this context. But then again, maybe we're trying to break Enigma. :-) >> Modeling language as a finite stationary Markov process, A finite stationary Markov process is large fancy math-speak for what a travesty generator does. "finite" means that the total number of states is finite, and that means you get to use matrices instead of kernel integrals, which means that your averagely educated scientist can follow this. "stationary" means that the transition matrix is not a function of time, that is, it's a constant matrix. This means that time appears only in an exponent. A "Markov process" is a transition from one state to another, probabilistically. (Approximately. All these definitions are meant to explain, not to define.) The talk looks interesting, to be sure, but it looks more significant for making a better /etc/magic for file(1) than it does for cryptanalysis. Eric From eichin at cygnus.com Tue Apr 13 11:25:32 1993 From: eichin at cygnus.com (Mark Eichin) Date: Tue, 13 Apr 93 11:25:32 PDT Subject: Modem encryption proposal In-Reply-To: <9304130945.AA02555@hodge> Message-ID: <9304131825.AA04147@cygnus.com> >> Uhh, there is a kstream package somewhere (or am I thinking of >> vapor-ware, it's late and I'm tried). This wouldn't be very hard to kstream was written by Ken Raeburn of Cygnus as part of our Cygnus Network Security work (support for Kerberos V4) and was included in the MIT Kerberos V4 patchlevel 10 "final" release. Our kerberized rlogin and rcp use it to handle encryption, it cleans up the code a bit and makes it easier to modify other programs. _Mark_ MIT Student Information Processing Board Cygnus Support From marc at GZA.COM Tue Apr 13 16:20:28 1993 From: marc at GZA.COM (Marc Horowitz) Date: Tue, 13 Apr 93 16:20:28 PDT Subject: how secure is secring.pgp? In-Reply-To: <9304131538.AA14939@soda.berkeley.edu> Message-ID: <9304132317.AA03404@dun-dun-noodles.aktis.com> >> There are two security items here. The first is that the secret RSA >> key nott be revealed. The second is that the name attached to that >> key pair not be revealed. I may be nitpicking here, but I have to argue. Although there is a relationship, security and privacy are not one and the same. You have named a security item, and a privacy item, not two security items. For privacy to exist, security may be necessary, but that doens't make it a security item. For instance, I trust my roommate to respect my privacy. There's no lock on my bedroom door. He knocks before coming in if I'm in there. This is a privacy system based on trust, not on security. I'm not proposing this model for the net, don't worry! (That's Dorothy Denning's job. :-) I'm just pointing out that privacy can exist without security, given appropriate constraints. Similarly, security can exist without privacy: You can clearsign a message w/o encrypting it. >> This is really a huge hole. Since secret keys are presumed to be in >> the possession of only those who actually use the keys, possession of >> a secret key on the secring.pgp is tantamount to proof that you are >> that pseudonym. I believe that the secring.pgp is secure, for most reasonable purposes. (You can debate this, but I'll just keep changing my definition of reasonable on you. So don't bother.) However, it is clearly not private. One could argue that the entire secring.pgp should be encrypted, and I might even agree with you. I'll have to think about it more. >> In short: everything about a secret key ring should be encrypted. >> >> A parallel (not as consequential): everything about a public key ring >> should be encrypted. The former point is probably true. However, the latter point is ludicrous, IMHO. If it's a public key, why should it be encrypted? The whole purpose of a public key is that it can be widely published. Encrypting it sort of kills the idea. If the name<->key mapping on the public key is protected, it's useless for me to know that key ID B4B951 signed some message. I want to know who that person is, or at least, who they claim to be. You could claim that the keyring identified the people with whom I talk, but that is easily overcome by just keeping a few thousand people on your keyring. Then the signal is buried in the noise. Even if you don't want someone's public key visible on your own keyring, it's still reasonable for their key to be published in some "global" directory, in the clear. Marc From sean at gomez.Jpl.Nasa.Gov Tue Apr 13 16:39:03 1993 From: sean at gomez.Jpl.Nasa.Gov (Sean Barrett) Date: Tue, 13 Apr 93 16:39:03 PDT Subject: Sign-off Message-ID: <9304132338.AA15246@gomez.Jpl.Nasa.Gov> Please remove me from this list. Thanks. -- Sean Barrett How many boards would the Mongols sean at pugsley.jpl.nasa.gov (fast) hoard, if the Mongol Hordes got bored? sbar at genie.geis.com (reliable) PGP key by finger or from key servers. From 72114.1712 at CompuServe.COM Tue Apr 13 17:27:44 1993 From: 72114.1712 at CompuServe.COM (Sandy) Date: Tue, 13 Apr 93 17:27:44 PDT Subject: Encrypted Cordless phones Message-ID: <930414002026_72114.1712_FHF79-1@CompuServe.COM> _________________________________________________________________ FROM THE VIRTUAL DESK OF SANDY SANDFORT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ At the Bay Area Cypherpunks meeting, I mentioned two cordless telephones that encrypt between the handset and the base unit. Here is some information about them. VTech Tropez 900DX Transmits signal digitally between handset and base unit on one of 20 channels in the 900 MHz band. Automatically selects one of over 65,000 digital security codes each time handset is returned to the base unit. Range is up to 800 meters; with up to 4.5 hours of continuous talk time. Suggested retail cost is $349.95. For more information: Steve Johnson, (503) 643-8981. PhoneMate 2910 Transmits signal digitally between handset and base unit on one of 10 channels in the 900 MHz band. Automatically selects one of over 1,000 digital security codes each time handset is returned to the base unit. Range is up to probably about the same as the VTech. No figures are given for talk time. Suggested retail price is $219.95. For more information: Suzanne Nastaskin, (310) 314-6649. Both phones have all the usual advanced features like auto-redial and such. Neither company's literature tells what encryption technology they uses. S a n d y _________________________________________________________________ PLEASE RESPOND TO: ssandfort at attmail.com (except from CompuServe) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From clark at metal.psu.edu Tue Apr 13 17:28:43 1993 From: clark at metal.psu.edu (Clark Reynard) Date: Tue, 13 Apr 93 17:28:43 PDT Subject: alt.whistleblowers Message-ID: <9304140125.AA16266@metal.psu.edu> I suggest that as a first step in the process of making alt.whistleblowers a reality, that we kick around the idea for a while, either here or on alt.config. If I receive a positive response, I will post the control message myself. Three possible choices of action: 1) Kick it around on alt.config. 2) Kick it around on news.groups, etc. 3) Kick it around here. 4) Don't even bother kicking it around; just create the group, and hell with anyone who doesn't like it. So, what's the general consensus on the best course of action? And, yes, I know that was four, and not three possible choices; it's probably really eight or ten. ---- Robert W. Clark rclark at nyx.cs.du.edu PGP signature available by mail or finger From hughes at soda.berkeley.edu Tue Apr 13 17:53:45 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Tue, 13 Apr 93 17:53:45 PDT Subject: how secure is secring.pgp? In-Reply-To: <9304132317.AA03404@dun-dun-noodles.aktis.com> Message-ID: <9304140050.AA03988@soda.berkeley.edu> I said: >>> There are two security items here. The first is that the secret RSA >>> key not be revealed. The second is that the name attached to that >>> key pair not be revealed. Marc said: >I may be nitpicking here, but I have to argue. Although there is a >relationship, security and privacy are not one and the same. You have >named a security item, and a privacy item, not two security items. As long as we're being precise, allow me to restate my claim. If you use a pseudonym with PGP, and you don't want it revealed, and for some reason it is revealed (through some other security breach), then the secret ring has a security failure (lack of encryption) which leads to a breach of privacy. The lack of encryption is a material cause of the privacy compromise. As far as I can tell, I was using security to refer to material causes and Marc was referring to end results. >I believe that the secring.pgp is secure, for most reasonable >purposes. So do I. On an encrypted file system, this is not nearly so large an issue. >>> A parallel (not as consequential): everything about a public key ring >>> should be encrypted. A point of clarification for below: that's one's own personal copy of a public key ring. >[... this] point is >ludicrous, IMHO. If it's a public key, why should it be encrypted? >The whole purpose of a public key is that it can be widely published. The point of a public key is that someone else can perform an operation that only you can undo (and vice-versa, properly stated). Public keys are for anybody that is not you. This does not mean that everyone will have them, or even that everyone should have them. The social form of fully published keys need not be the norm. >You could claim that the keyring >identified the people with whom I talk, but that is easily overcome by >just keeping a few thousand people on your keyring. If this is the only datum available, that would work. When another list is available to intersect your keyring with, the attempted diffusion may fail unexpectedly. Keeping your identities of your correspondents private (through a security mechanism on the keyring) is much the same as using some of the stronger forms of remailers that have been discussed. Eric From mark at coombs.anu.edu.au Tue Apr 13 18:17:29 1993 From: mark at coombs.anu.edu.au (Mark) Date: Tue, 13 Apr 93 18:17:29 PDT Subject: alt.whistleblowers In-Reply-To: <9304140125.AA16266@metal.psu.edu> Message-ID: <9304140117.AA19145@coombs.anu.edu.au> >4) Don't even bother kicking it around; just create the group, > and hell with anyone who doesn't like it. We're sposed to be anarchists right? :) 'sides alt.* groups come out daily with little or no discussion. Ours wont rock boats, at least in it's creation, the content is a different story. Personally I hope it doesnt degenrate into a narc fest for people who have grudges against people... that would be sad.. I vote to just make it. Not all will like it, but then they are maybe the ones who will feature in it (great way to shut them up :). Mark mark at coombs.anu.edu.au From jthomas at access.digex.com Tue Apr 13 19:18:30 1993 From: jthomas at access.digex.com (Joe Thomas) Date: Tue, 13 Apr 93 19:18:30 PDT Subject: alt.whistleblowers In-Reply-To: <9304140117.AA19145@coombs.anu.edu.au> Message-ID: On Wed, 14 Apr 1993, Mark wrote: > >4) Don't even bother kicking it around; just create the group, > > and hell with anyone who doesn't like it. > > We're sposed to be anarchists right? :) 'sides alt.* groups come out daily > with little or no discussion. Ours wont rock boats, at least in it's creation, > the content is a different story. Personally I hope it doesnt degenrate into a > narc fest for people who have grudges against people... that would be sad.. > > I vote to just make it. Not all will like it, but then they are maybe the ones > who will feature in it (great way to shut them up :). Couldn't hurt to mention it in alt.config. It would probably get a good response, and get propagated more widely (some newsadmins are a bit skeptical about newgroups from out of the blue...) Joe -- Joe Thomas PGP key available by request or by finger. PGP key fingerprint: 1E E1 B8 6E 49 67 C4 19 8B F1 E4 9D F0 6D 68 4B From marc at GZA.COM Tue Apr 13 20:11:29 1993 From: marc at GZA.COM (Marc Horowitz) Date: Tue, 13 Apr 93 20:11:29 PDT Subject: ["Vinton G. Cerf": Letter to Congress/RSA + DES] Message-ID: <9304140312.AA23170@pad-thai.aktis.com> Vint Cerf is a very well-known and respected person in the Internet community. I don't know if his testimony will mean anything, but it's interesting to read. Marc ------- Forwarded Message To: internauts:;@IETF.CNRI.Reston.VA.US Subject: Letter to Congress/RSA + DES Date: Tue, 13 Apr 93 20:26:01 -0400 Sender: cclark at IETF.CNRI.Reston.VA.US From: "Vinton G. Cerf" Dr. Vinton G. Cerf 3614 Camelot Drive Annandale, VA 22003-1302 11 April 1993 The Honorable Timothy Valentine Committee on Science, Space and Technology Subcommittee on Technology, Environment and Aviation House of Representatives Rayburn House Office Building Dear Chairman Valentine: I recently had the honor of testifying before the Subcommittee on Technology, Environment and Aviation during which time Representative Rohrabacher (R, California) made the request that I prepare correspondence to the committee concerning the present US policy on the export of hardware and software implementing the Data Encryption Standard (DES) and the RSA Public Key encryption algorithm (RSA). As you know, the DES was developed by the National Institute for Standards and Technology (NIST) in the mid-1970s, based on technology developed by Internatonal Business Machines (IBM). The details of the algorithm were made widely available to the public and considerable opportunity for public comment on the technology was offered. In the same general time period, two researchers at Stanford University (Martin Hellman and Whitfield Diffie) published a paper describing the possible existence of mathematical functions which, unlike the symmetric DES algorithm, could act in a special, pairwise fashion to support encryption and decryption. These so-called "public key algorithms" had the unusual property that one function would encrypt and the other decrypt -- differing from the symmetric DES in which a single function performs both operations. The public key system uses a pair of keys, one held private and the other made public. DES uses one key which is kept secret by all parties using it. Three researchers at MIT (Rivest, Shamir and Adelman) discovered an algorithm which met Hellman and Diffie's criteria. This algorithm is now called "RSA" in reference to its inventors. The RSA technology was patented by Stanford and MIT and a company, Public Key Partners (PKP), created to manage licensing of the RSA technology. A company called RSA Data Security, Inc., was also formed, which licensed the technology from PKP and markets products to the public based on the technology. The current policy of the United States places DES and RSA technology under export control. Because cryptography falls into the category of munitions, it is controlled not only by the Commerce Department but also by the State Department under the terms of the International Traffic in Arms regulations. Despite the public development of both of these technologies and their documented availability outside the United States over the last 15 years, US policy has been uniformly restrictive concerning export licensing. As the United States and the rest of the world enter more fully into the Information Age in which digital communications plays a critical role in the global infrastructure, the "digital signature" capability of public key cryptography is a critical necessity for validating business transactions and for identifying ownership of intellectual property expressed in digital electronic forms. Registration and transfer of intellectual property rights in works which can be represented in digital form will be cenral factors in the national and global information infrastructure. A number of parties are exploring technical means for carrying out rights registration and transfer, making use of public key cryptography as a basic tool. In addition, there is a great deal of current work on electronic mail systems which support privacy by means of encryption and support authenticity by means of digital signatures. One of these systems, developed in the Internet environment I mentioned in my testimony, is called Privacy-enhanced Mail (PEM) and makes use of DES, RSA and some other special "hash" functions which are integral to the production of digital signatures. For these various systems to be compatible on an international basis, it would be very helpful for the cryptographic components to be exportable on a world-wide basis. A number of vendors make produces relying on these technologies within the United States but often find it very difficult to engage in international commerce owing to the export licensing required for these technologies. Ironically, the technology appears to be widely available outside the US and also outside the COCOM countries, so US firms face both competition outside the US and export inhibitions in their attempts to develop worldwide markets. There are many valid national security reasons for limiting the export of cryptographic capabilities, since these technologies may aid an opponent in time of war or other conflict. Perhaps just as important, US intelligence gathering capability can be eroded by the availability of high grade cryptography on a worldwide basis. Recently, it has also been alleged that the world-wide availability of cryptography would also seriously impede US drug enforcement and anti-crime efforts. While these reasons seem sufficient, many have pointed out that the widespread accessibility to the detailed specifications of DES and RSA and availability and existence of software and hardware outside the US have long since done whatever damage is going to be done in respect of warfighting, crime or drug potential. This line of reasoning leads to the conclusion that our policies only inhibit legitimate commerce, but have little impact on the other concerns expressed. As in all such controversy, there is often some truth on both sides. The National Institutes of Standards and Technology (NIST), has offered alternative digital signature capability. Technical assessments of the alternative have turned up weaknesses, in the opinions of some experts. There is not yet an alternative to DES, unless it is to be found in NSA's Commercial Crypto Evaluation Program (CCEP) in which NSA proposes to provide algorithms which are implemented in hardware by industry and made available for civilian use. As I understand this program, NSA does not intend to release any details of the algorithms, leaving open questions about the nature and strength of the technology. Some experts will persist in the belief that such offerings have weaknesses which are deliberately built in and hidden (so-called "Trojan Horses") which will allow the agency to "break" any messages protected by this means. The critics complained loudly that the reasoning behind the design of certain parts of the DES algorithm (specifically the "S-boxes") was never made public and therefore that the algorithm was suspect. In fact, the DES has proven to be very strong - indeed, it may be that very fact which makes it so unpalatable in some quarters to permit its unrestricted export. It may be that the CCEP technology offered is satisfactory, but this is hard to tell without knowing more about its provenance. Presuming the wide availability of both DES and RSA technology, it seems to me appropriate and timely to re-examine US export control policy regarding these two algorithms. In all probability, any such review will require some classified testimony which will have to be heard in confidence by cleared members of your committee. I sincerely hope that the outcome will be favorable to use by US industry in international commerce, but even if the outcome results in continuation of present policy, it is timely to make such a review, in my opinion. Sincerely, Vinton G. Cerf ------- End of Forwarded Message From ebrandt at jarthur.Claremont.EDU Tue Apr 13 20:31:51 1993 From: ebrandt at jarthur.Claremont.EDU (Eli Brandt) Date: Tue, 13 Apr 93 20:31:51 PDT Subject: Encrypted Cordless phones In-Reply-To: <930414002026_72114.1712_FHF79-1@CompuServe.COM> Message-ID: <9304140331.AA27969@toad.com> > Both phones have all the usual advanced features like auto-redial > and such. Neither company's literature tells what encryption > technology they uses. It doesn't much matter; they're using ten- and sixteen-bit keys. Assuming it takes some 50 ms to tell voice from the white noise that a failed attempt will generate, a brute-force attack on these systems should take under a minute and an hour respectively, worst-case. This is hardly rock-solid security; it looks like it rests mostly on nobody reverse-engineering their algorithm. > S a n d y Eli ebrandt at jarthur.claremont.edu From 74076.1041 at CompuServe.COM Tue Apr 13 23:38:45 1993 From: 74076.1041 at CompuServe.COM (Hal) Date: Tue, 13 Apr 93 23:38:45 PDT Subject: REMAIL: Positive Reputations Now! Message-ID: <930414063404_74076.1041_FHD59-1@CompuServe.COM> -----BEGIN PGP SIGNED MESSAGE----- There's been a lot of talk on news.admin.policy about ways of handling abusive or illegal anonymous posts. One proposal is to restrict posts from certain people, but this will fail if multiple remailers allowing chaining become available. I had an idea for another way of filtering anonymous posts which might be achievable with current news software. It would require some work by the remailer operators, though. We have talked here about positive reputations as a filtering method. A positive reputation would basically be a recommendation by some respected person that a particular poster is worth listening to. If posts could be marked with such recommendations, people could set up their news software to filter out non-recommended anonymous posts. This would be a way of distinguishing between those who want to post anonymously just for privacy, and those who want to harrass or abuse others. Current news software doesn't provide for such reputations. But there were suggestions being made at one time for a standard way of marking anonymous posts. One idea was to give them a unique identifier in the "Distribution" field of "anon". I gather that this would require a little modification of major news distribution sites to honor this distribution but from what I understand the changes needed are not major. My idea is to implement positive reputations at the source which is in the best position to provide them: the remailer operator. Applying the distribution idea, posts which were from people on a "good guys list" would be posted from the remailer with a specific distribution that identifies them as such. Anonymous posts from people not on the list would get a different identification. In order to verify that posts were really from who they claimed, they would have to be PGP (or RIPEM or PEM) signed. The list would actually be a list of keys rather than a list of user ID's. People would get on the list by asking the remailer operator, perhaps by pointing to some of their posts which were responsible. People would be removed from the list at the remailer operator's discretion, presumably when they posted objectionable messages. The advantage of this system is that it introduces, in a limited way, the idea of positive reputations. It fits into the current killfile system so that people easily offended can avoid seeing most offensive anonymous posts. It encourages the use of encryption software on the part of people who want to post anonymously and get a good reputation. And the only difficult software requirements are in the remailing/posting software; everybody else just runs the current SW. Now, since I don't run a remailing/posting service, I am in the rather embarrassing position of offering a "solution" which requires somebody else to do the work. I would be very willing to help with the software requirements for recognizing incoming PGP signed messages and looking up keys in a database. The actual maintenance of the good posters list would take some time and energy on the part of the operator. But perhaps this would not be that much more than the other activities involved. And it would have the advantage that it would point out a new direction for the net, towards a system where privacy and responsibility can coexist. Hal Finney 74076.1041 at compuserve.com -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK8uFMqgTA69YIUw3AQFqswQAhx/GN/qg4Jx6Ggqh8Rmt6Lta1iN82dOQ gAAkEwcgJsMuvEjtcgRFkHxxW6uCF/8m2kLU3HUA8lnT94BR5TJc/0K5xH05gKhH NvU+74sCxIV68ef+0pz1X9TzC1E7tUxAhJKPQ80li1QFsBw5yATzuh1UHeDIk/5O 7yyVS8AGQFc= =RyI6 -----END PGP SIGNATURE----- From gg at well.sf.ca.us Wed Apr 14 03:20:16 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Wed, 14 Apr 93 03:20:16 PDT Subject: Encrypted Cordless phones Message-ID: <199304141019.AA21841@well.sf.ca.us> And also.... Radio Shack just entered the market with a cordless which uses frequency inversion. That's analog... Probably can be broken in less than a minute, even by amateurs who know how to solder. About 1986 or so, a certain state agency ordered some expensive walkie-talkies which were supposed to be secure against protesters with scanners. Guess what? Analog frequency inversion. And in fact, with a little practice, you can listen to inverted speech directly and make sense of it. From huntting at advtech.uswest.com Wed Apr 14 08:42:16 1993 From: huntting at advtech.uswest.com (Brad Huntting) Date: Wed, 14 Apr 93 08:42:16 PDT Subject: alt.whistleblowers In-Reply-To: <9304140125.AA16266@metal.psu.edu> Message-ID: <9304141542.AA19694@futureworld.advtech.uswest.com.advtech.uswest.com> > 1) Kick it around on alt.config. I think this is the best option. news.groups is (mostly) for standard "usenet" hierarchies (e.g. misc.whisleblowers). If you mention "discussed in alt.config" in your newgroup I think you will get much better reception. brad From wcs at anchor.ho.att.com Wed Apr 14 10:46:44 1993 From: wcs at anchor.ho.att.com (wcs at anchor.ho.att.com) Date: Wed, 14 Apr 93 10:46:44 PDT Subject: FWEE! Re: alt.whistleblowers Message-ID: <9304141746.AA27675@anchor.ho.att.com> > Kick it around on alt.config >> Just do it .... The problem is that alt.whistleblowers is technically more complex than just creating an alt.group and having one anon.poster site - we need to resolve issues of secure mail standards (e.g. should the system use RIPEM or just PGP, are there any non-US sites with RIPEM so that non-US anon.poster sites can use it, should there be multiple anon.sites and should they do remailing between them, etc.) Otherwise we may end up with a single point of failure, and if it's any good, it will at least get its mail watched, if it doesn't get raided - traffic analysis is important here. Are we only going to use anon.posting sites, or are forged postings also going to be an acceptable technique? Do we at least need to publish a guide to forging mail headers so your mail to the anon.poster can appear to come from kremvax or whitehouse.com? Let's try to get a good idea of what we want to do before dropping it into alt.config. Bill Stewart -- This isn't the 8th Dimension, we're somewhere over New Jersey From rclark at nyx.cs.du.edu Wed Apr 14 14:02:36 1993 From: rclark at nyx.cs.du.edu (Robert W. F. Clark) Date: Wed, 14 Apr 93 14:02:36 PDT Subject: WARNING: Forward of unposted alt.config message Message-ID: <9304142104.AA19705@nyx.cs.du.edu> I am sending this here _prior_ to posting it to give advance warning; responses received have varied on the methods of creation of the group, but have largely tended toward a consensus that it is wise to have some sort of discussion period; in addition, I have chosen a cross-post to those groups most likely to have an interest in creating the group, and if this results in a flamewar in alt.config, so be it. After I tally the votes and they vastly outnumber the NOs I will create the newsgroup without further delay. I just wish for people to clarify; sorry if you missed it, but this is going out in four hours exactly to the aforementioned newsgroups. I will implement all important suggestions mailed to me by that time, including alteration of procedural points, wording changes, alteration of Newsgroups: line, etc. I will also delay posting if valid and immediate concerns are brought to light; however, since I leave the major axes: Moderated or unmoderated, length of discussion period, length of voting period, open for discussion, it should not be a disaster if it goes out in its current form. Join the discussion, and if you like the idea, PLEASE send a YES vote only WHEN the Call for Votes is posted. Additionally, suggestions for additions/deletions of Newsgroups from the crosspost, or a more appropriate place to redirect replies, or any suggestions whatever will be adopted if suitable. If you have no interest in the privacy issue, please type 'd' now. ---- Newsgroups: alt.config, alt.privacy, alt.privacy.anon-server, soc.motss, alt.sex, alt.sex.bestiality, alt.drugs, comp.protocols.tcp-ip.eniac Followup-to: alt.config Subject: Call for discussion: alt.whistleblower In light of the current debate concerning whether anonymous posting can serve a useful purpose, I propose the immediate experiment of creating a group which shall provide a genuinely useful service to the public. This newsgroup is to be called alt.whistleblower, and is for the purpose of allowing those who might otherwise be unwilling to come forward to provide information about the illegal activities of government agencies, large corporations and similar malefactors without fear of illegal reprisals against them. The need for this group is evident in light of the extreme usefulness of information concerning the behavior of the governing bodies of the United States, and the large number of government employees and corporate employees with access to the Internet and anonymous posting services. This group could also include reports of illegal discrimination by those who fear reprisal if they reveal their names, information concerning safety issues by those who know that their company is releasing an unsafe or dangerous product, or defrauding customers by dishonest and illegal means. Considering the immediate need for this newsgroup in light of those who, in many cases, provide services for a fee and then provide an inadequate service by cutting their downstream sites from reading anything that the service-provider deems is inappropriate, I request a waiver of procedure in this matter and that, if significant interest is present and seems to form a general consensus, it shall be accepted that I revise and present a prospectus for this newsgroup and a call for votes on a date no sooner than seven days from this initial posting and no later than ten days after the call for discussion. Procedural points concerning the length of the voting period are to be addressed in the public discussion, and anyone wishing to send anonymous mail should forward it to me. This newsgroup is necessary and of great potential use, as those of you with a legitimate need for privacy know well. If you value your privacy, let us discuss this wisely and equitably in order to reach a consensus. Whether this newsgroup is to be moderated or unmoderated, whether the name is appropriate or another hierarchy would be preferable, and all procedural points are to be decided based on the general consensus. I realize there will be those who will oppose the creation of this newsgroup on the oft-cited grounds that "Anyone who needs privacy must be hiding something." This is true; however, in our society there are many things which need to be revealed as well as many things which need to be concealed. I believe that a corollary truism could be applied to those who oppose the notion of public privacy. "Anyone who fears privacy must be hiding something." Let the discussion begin. Final note: Do NOT, repeat, NOT send votes until I post a "Call for Votes" at the end of the discussion period. The length of the discussion period may be increased if some drastic occurrence requires it, but I'm planning to post it in one week. Vote then. I thank you for your consideration in this matter. ---- "Occasionally an honest man is sent to the legislature." Mark Twain rclark at nyx.cs.du.edu PGP key available by mail or finger rclark at metal.psu.edu From clark at metal.psu.edu Wed Apr 14 15:10:20 1993 From: clark at metal.psu.edu (Clark Reynard) Date: Wed, 14 Apr 93 15:10:20 PDT Subject: FWEE! Re: alt.whistleblowers Message-ID: <9304142306.AA01506@metal.psu.edu> This would come into play as something necessary only after the creation of the group, and at least the anonymous posting part of it is already being studied by others, for entirely different reasons. And, in addition, the method of posting will be determined by the nature of the group itself, which is only determinable after a period of discussion. For which alt.config is as suitable a place for discussion as this mailing list. In fact, the newsgroup is better, since we'll be getting feedback from the Enemy as well. A fogware (not quite vaporware) FAQ could be provided at a moment's notice, simply containing an explanation of the newsgroup and its purpose (which would be a slightly modified carbon copy of the Call for Votes; more vaporware), the list of anonymous remailers at soda.berkeley.edu, and perhaps some cullings from more cogent postings regarding the anonymity issue. Then, as FAQs actually appear, it can be expanded. I am capable of doing this at least for the next few months, and probably longer. Once the newsgroup, which I think would be unmoderated by its very nature, or moderated in something of the same way as alt.hackers, except that the accepted moderator-list would consist of any anonymous remailer on the list in the FAQ (this, I couldn't do, since I don't maintain the anonymous remailer list and couldn't be guaranteed of getting it right). In any case, I think that having it unmoderated and not doing anything but posting a FAQ every week should take care of it. It's an unusual newsgroup idea, but in execution it should be similar to existing newsgroups. In any case, I think that beginning the discussion is appropriate; if the specs for the newsgroup are to be changed, they can always be changed before the posting of the Call for Votes, when everything becomes Locked in Stone. ---- Robert W. Clark rclark at nyx.cs.du.edu PGP signature available by mail or finger From ebrandt at jarthur.Claremont.EDU Wed Apr 14 15:10:46 1993 From: ebrandt at jarthur.Claremont.EDU (Eli Brandt) Date: Wed, 14 Apr 93 15:10:46 PDT Subject: WARNING: Forward of unposted alt.config message In-Reply-To: <9304142104.AA19705@nyx.cs.du.edu> Message-ID: <9304142210.AA23480@toad.com> > From: rclark at nyx.cs.du.edu (Robert W. F. Clark) > Join the discussion, and if you like the idea, PLEASE send a YES > vote only WHEN the Call for Votes is posted. Is there some reason to run a CFV and all that on this proposed alt group? Looks to me as if the usual creation procedure should work fine for this group. > Newsgroups: [...] alt.sex.bestiality, alt.drugs, comp.protocols.tcp-ip.eniac Chuckle. Eli ebrandt at jarthur.claremont.edu From trump at pluto.ee.cua.edu Wed Apr 14 15:27:16 1993 From: trump at pluto.ee.cua.edu (Louis Edward Trumpbour) Date: Wed, 14 Apr 93 15:27:16 PDT Subject: ..... Message-ID: <9304142228.AA08551@pluto.ee.cua.edu> ok well i am sure that there are a lot of people out there that want to learn how to do basic cypher/decyphering... so i think it would be nice if people gave their knowledge on how to do decryption... even if its very very basic and perhaps a faq could be made out of this info... Clovis From kinney at spot.Colorado.EDU Wed Apr 14 17:58:52 1993 From: kinney at spot.Colorado.EDU (KINNEY WILLIAM H) Date: Wed, 14 Apr 93 17:58:52 PDT Subject: alt.whistleblowers Message-ID: <199304150058.AA21866@spot.Colorado.EDU> Some comments on alt.whistleblowers from an (up to now) lurker. In brief, this strikes me as being a very foolish idea. In detail: -- Does anyone really think this is going to have much of an effect on anything? My suspicion is that a forum providing unlimited ability for people to anonymously post undocumented accusations against powerful people will be summarily ignored, not just by the targets of the accusations, but by everybody else with an actual life. There seems to be no discussion of the biggest weakness of this idea: the expected signal to noise ratio. This accomplishes nothing if it is overrun by, say, Kennedy asassination loons. It doesn't seem wise to me for the Cypherpunks' first major public act to be something this pointless and ill-conceived. Ok. Suppose I'm wrong about the above, and this thing works like people seem to think it will. -- The tools available to accomplish this task (PGP, remailers, anon servers) are certainly impressive, but I really don't think they're well developed enough yet to give cause for much confidence in taking on the government and the entire U.S. corporate sector in a frontal assault. -- Is this really in line with the purpose of the Cypherpunks? To quote from the charter "Cypherpunks write code. They know that someone has to write code to defend privacy, and since it's their privacy, they're going to write it. Cypherpunks publish their code so that their fellow cypherpunks may practice and play with it. Cypherpunks realize that security is not built in a day and are patient with incremental progress." I like this paragraph, and what it says to me is that (a) people are, in the end, responsible for their OWN security and need to be made to realize this, and (b) PATIENCE is the most important prerequisite for success. Both of these principles are being violated by the hasty creation of alt.whistleblowers. This has nothing to do with enabling people to independently achieve data security, and it shows no patience whatsoever. Wouldn't everybody be better served by quiet, patient development and distribution of tools, instead of a huge juvenile "FUCK YOU!" to people who could really care less? Let's not piss away a solid foundation with cheap theatrics. -- Will "Getting people to fight by letting the force of momentum work is like rolling logs and rocks. Logs and rocks are still when in a secure place, but roll on an incline; they remain stationary if square, they roll if round. Therefore, when people are skillfully led into battle, the momentum is like that of round rocks rolling down a high mountain -- this is force." -- Sun Tzu *** PGP PUBLIC KEY AVAILABLE BY FINGER From mdiehl at triton.unm.edu Wed Apr 14 18:10:50 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Wed, 14 Apr 93 18:10:50 PDT Subject: decryption request. In-Reply-To: <9304142228.AA08551@pluto.ee.cua.edu> Message-ID: <9304150110.AA14652@triton.unm.edu> > ok well i am sure that there are a lot of people out there that want to learn > how to do basic cypher/decyphering... so i think it would be nice if people > gave their knowledge on how to do decryption... even if its very very basic > and perhaps a faq could be made out of this info... Well, you took the words right out of my fingers! ;^) I was going to post the same request myself. So....any offers? Thanx in advance. +-----------------------+-----------------------------+---------+ | J. Michael Diehl ;-) | I thought I was wrong once. | PGP KEY | | | But, I was mistaken. |available| | +-----------------------------+---------+ | mdiehl at triton.unm.edu | "I'm just looking for the opportunity | | mike.diehl at fido.org | to be Politically Incorrect! | | (505) 299-2282 | | +-----------------------+---------------------------------------+ From rclark at nyx.cs.du.edu Wed Apr 14 19:02:53 1993 From: rclark at nyx.cs.du.edu (Robert W. F. Clark) Date: Wed, 14 Apr 93 19:02:53 PDT Subject: alt.whistleblowers In-Reply-To: <199304150058.AA21866@spot.Colorado.EDU> Message-ID: <9304150204.AA03482@nyx.cs.du.edu> > Some comments on alt.whistleblowers from an (up to now) lurker. In brief, > this strikes me as being a very foolish idea. Perhaps it is; this is why I'm sending it out for discussion instead of just newgrouping it. > -- Does anyone really think this is going to have much of an effect on > anything? My suspicion is that a forum providing unlimited ability > for people to anonymously post undocumented accusations against > powerful people will be summarily ignored, not just by the targets > of the accusations, but by everybody else with an actual life. There > seems to be no discussion of the biggest weakness of this idea: the > expected signal to noise ratio. This accomplishes nothing if it is > overrun by, say, Kennedy asassination loons. It doesn't seem wise to me > for the Cypherpunks' first major public act to be something this > pointless and ill-conceived. Actually, it is more my act, which I decided upon based on memes I received partially from this list; the cypherpunks, if they do choose to support the idea, will do it individually; and, as yet, I have not had the arrogance to make a public announcement to the effect that the cypherpunks made this action. My name only is attached to this; no praise, no blame. > Ok. Suppose I'm wrong about the above, and this thing works like people > seem to think it will. Well, it might not; there are a number of potential hurdles, like the possibility that it will turn into a mindless narc fest; my personal opinion as to this is that I would prefer to leave the group unmoderated, but with an _option_ to moderate if the worst occurs. Of _course_ this will be abused, but I believe that it will also be used. This will provide an empirical basis for our principles. Success or failure will determine whether hypotheses need to be revised, or if they do, in fact, have predictive capability. > -- The tools available to accomplish this task (PGP, remailers, anon servers) > are certainly impressive, but I really don't think they're well developed > enough yet to give cause for much confidence in taking on the government > and the entire U.S. corporate sector in a frontal assault. Well, if people are careful, and don't log in to an anonymous server _from_ an account with their name, but from an anonymous dataswitch, all Bell or the Department of Housing and Urban Development would know is that someone who works for them posted this anonymous message; which they knew already. Of course, anything beyond the first posting would be tracable if someone really wanted to do it, but what would it prove, unless they traced it to that person? Another possibility is to go primitive and use snailmail, digitize images and data or type in by hand. Without very specific reasons, opening U S Mail is not condoned. > -- Is this really in line with the purpose of the Cypherpunks? To quote from > the charter >["Cypherpunks write code" paragraph from FAQ] > I like this paragraph, and what it says to me is that (a) people > are, in the end, responsible for their OWN security and need to be made > to realize this, and (b) PATIENCE is the most important prerequisite > for success. Both of these principles are being violated by the > hasty creation of alt.whistleblowers. This has nothing to do with > enabling people to independently achieve data security, and it shows > no patience whatsoever. You may be right. I may not be orthodox cypherpunk. However, with the proliferation of retroactive posting cancellation of anonymous posts, I believe it is possible to be patient to so great an extent that one calmly and rationally discusses a situation until the moment when action would have been useful has passed; in other words, you've discussed battle strategy until the enemy's won. > Wouldn't everybody be better served by quiet, patient development and > distribution of tools, instead of a huge juvenile "FUCK YOU!" to people > who could really care less? Let's not piss away a solid foundation with > cheap theatrics. Again, I believe that you _can_ be quiet and develop tools. It is good that this is being done by _somebody_. However, I take issue with your assertion that a formal Request for Discussion, worded in a non-inflammatory manner, is a juvenile "FUCK YOU!" If you doubt this, check out the RFD when it appears in news.announce.newgroups. What little temperature was in it was deleted; I spent about three hours implementing the suggestions of others and cut the verbiage by a half. I do not see how this can damage what foundation we have; essentially a few software packages and an ideology. However, to protect from just this occurence, I did not present my viewpoints as cypherpunk viewpoints in the announcement, merely as my own. The word 'cypherpunk' does not occur anywhere in the article. If cypherpunks wish to discuss this group, why it would be a good or bad idea, or if it would be better-named, it may be discussed. If it is decided that the idea should be shelved, then so be it. I, and we, shall bide our time, and create it as an alt.group in the meantime. Very likely, at least in the beginning, privacy will be provided by the person who wishes to have it, and that person will take responsibility for the consequence of his or her actions. Check out the discussion. Let the net decide. ---- Robert W. Clark rclark at nyx.cs.du.edu PGP signature available by mail or finger From ld231782 at longs.lance.colostate.edu Wed Apr 14 22:27:19 1993 From: ld231782 at longs.lance.colostate.edu (ld231782 at longs.lance.colostate.edu) Date: Wed, 14 Apr 93 22:27:19 PDT Subject: alt.whistleblowers In-Reply-To: <199304150058.AA21866@spot.Colorado.EDU> Message-ID: <9304150527.AA21340@longs.lance.colostate.edu> >Some comments on alt.whistleblowers from an (up to now) lurker. In brief, >this strikes me as being a very foolish idea. > My suspicion is that a forum providing unlimited ability > for people to anonymously post undocumented accusations against > powerful people will be summarily ignored, not just by the targets > of the accusations, but by everybody else with an actual life. Mr. Kinney's comments annoy me tremendously. They bespeak a lukewarm, lackadaisical, and wishwashy view of something of extreme importance. Frankly, it bothers me that it has taken this long just to get the whistleblower group going. I don't think anything is being accomplished by delaying newsgroup creation. It just gives people who are enemies more time to mount a concerted attack against this new blip in the status quo. Where is your trademark cypherpunk fanaticism, Mr. Kinney? Do you wear a suit and tie and go to endless meetings debating the relative merits of implementing a given policy? Where is your passion? Where is your *impatience*? Where is your frustration that nothing seems to be happening? The point is that these things will start out unpolished and become refined. But they don't become refined by people debating their theoretical implications in a vacuum. They get refined when problems *arise* from *use*. That is the place where unforeseen merits and demerits are discovered (the unanticipated ones discovered in practice, I assure you, are always the most significant). Julf's server is a beautiful example of the evolution of an unrefined idea into a practical and increasingly sophisticated reality. It alarms me tremendously that word leaked out about the whistleblower group at the Freedom and Privacy conference (attended by such luminaries as e.g. D. Denning, and don't ask what the D. stands for); and that a former C.I.A. official has ideas on how to filter out the "noise". I find this quite nauseating. The greatest inventions are not the result of people who sought to reduce risks. It is precisely this risktaking (and yes, somewhat cavalier attitude) that produces the breakthrough! > The tools available to accomplish this task (PGP, remailers, anon servers) > are certainly impressive, but I really don't think they're well developed > enough yet to give cause for much confidence in taking on the government > and the entire U.S. corporate sector in a frontal assault. We are all playing with toys right now in the hope that they become entrenched and refined. Which they will, inevitably! Because they are good ideas! (Time is the universe's mechanism for rewarding good ideas!) Yesterday's Apple II is today's Quadra. Paved roads started out as rocky dirt paths, and in retrospect they look quaint, but they progressed because they were well-trodden. People just used them. If you think that new technology starts out any other way, then I'm impressed with your naivete... >-- Is this really in line with the purpose of the Cypherpunks? To quote from > the charter well, let me put it this way--if it isn't virtually the essence of Cypherpunkhood (challenging entrenched, ineffective, mediocre, bloated, or even corrupt and sinister authority through revolutionary new technology) then what is? What is your vision? Or do you prefer not to have one because they are so inconvenient and uncomfortable to pledge allegiance to, to nourish and sustain? Because they force you to rethink some of your most beloved and rooted prejudices? Because they require such devotion and sacrifice? > PATIENCE is the most important prerequisite > for success. patience has its place *after* all possible means for advancement have been employed. This `patience' thing of yours seems to me like a euphemism for `chill out'. Patience is for saints. Impatience is for humans. Agitation is for cypherpunks. >Wouldn't everybody be better served by quiet, patient development and >distribution of tools, instead of a huge juvenile "FUCK YOU!" to people >who could really care less? Let's not piss away a solid foundation with >cheap theatrics. Is that your perception of this project? Do you think that the creation of the newsgroup is equivalent to advocating that statement? Where do you find such animosity? How is it that something so intrinsically neutral such as creating a newsgroup be twisted into an act of evil rebellion and subversion? Is it possible that you should be embarrassed by reading a bit more into cypherpunks than is there? Is it possible that you have some agenda we don't know about? The whistleblower newsgroup will be quite like any other newsgroup. There will be plenty of noise and unverifiable froth and fizz. We will work toward trying to improve that content, but it is always a case of `caveat emptor'. It is a ridiculously impossible ideal to attain of having a group with only the `truth' posted. We are not setting out to replace the entire world government today (although, as for *tomorrow*...) I think the freedom in posting is the very essence of the whistleblower group. I think it might be interesting to promote the idea of different groups, each with different levels of verifiability. The lowest level would have completely unverified claims and *totally* free posting (esp. anonymity). Higher groups would have more important mechanisms to ensure the quality of the information (moderation, prerequisites to posting, digital signatures, etc.) I imagine that the verifiable and meritorious claims would tend to "rise" to higher groups where people with much higher reputations toss around the data. (Actually, I can imagine all of Usenet of the future working like this, with various `tiers' that people can pick at will. People into totally rabid free speech can subscribe to the raw unfiltered stuff, and at the other end of the spectrum, all the PC academics into diversity but no offensiveness to sensitive sensibilities can subscribe to the groups where a few happy-sunny-whee messages slip through a day...) p.s. I hate to jab a self-admitted lurker so bluntly, but this reminds me of Lincoln's advice that ``it is better to be silent and thought a fool than to speak up and remove all doubt''... Mr. Kinney, maybe we should call you back in a few years when everything is commercialized, corporate, conservative, and soulless enough for your tastes. From internaut at aol.com Thu Apr 15 03:31:51 1993 From: internaut at aol.com (internaut at aol.com) Date: Thu, 15 Apr 93 03:31:51 PDT Subject: FWEE!: alt.prematurity Message-ID: <9304150631.tn01219@aol.com> */ Ladies & Germs, /* Certain cpunks have called for the immediate establishment of alt.whistleblowerson Usenet. I have noted a certain respect for engineering matters in these notes, but a lack of acknowledgement for the "other" business involved in setting up a serious whistleblower service. I beg your attention for a moment whilst I toss in my two cents: As I am the person doing some of the legwork to establish the body of Users/Subscribers for the alt.wb service (in my spare time), I would like to request that this action NOT be taken at this time. I am as anxious as anyone to see this become a reality, but I have learned over the years that both information services and sex can be ruined by prematurity. You're welcome to screw up your sex lives by cumming in your pants too soon, but PLEASE don't give saddle this potentially IMPORTANT information service a huge birth defect by putting it out before I am ready. There, I've admitted it, I am not ready yet (nor are the Users). If it flies before I can set up the org's that will take advantage of it, it would not be a good thing, IMHO. I have mentioned prematurity before this and have been roundly ignored, to my chagrin. Alas... I am not suggesting that we can't begin exPERimenting in SOME way to get the technology right, but I AM saying that we have a LOT of work to do if we want this service to mean anything. On the other hand, if we're just a bunch of engineers jacking off over our ideas, and not true crusaders trying to invent a new method for busting sniveling government weasel-embezzelers, then who am I to stop y'all? Gee, Dave, just _why_ is it a bad idea right now? - Not enough people are educated enough to use it. I have spoken with Congressional staffers, media people and several activist orgs. They all need either email accounts, PGP software and some readme files (or all three) before they can take advantage of any WB info. They're not even sure how to approach the issue of verification and we'll have to help them with this concept. Imagine Picasso pitching the wonders of Assymetry to an audience of People Who've Never Heard of Painting. - We haven't figured out who'll be polled to send in msgs and exactly HOW we'll offer them some sort of anonymity and what they need to do afterward. It should be a select group at first, but we have not established the guidelines for this service. Putting it out without any kind of guidelines could be disastrous. This is the Trusted Reputation Issue. Please do not underestimate this. - Not a single cpunk has yet submitted any suggestions to me for the Guidelines as I have asked twice. Not one person. Do that first, O Verbose Ones! After we build such a document and have prominent people (such as Nicholas Johnson, former FCC head under L.B.Johnson - "eh... no relation") sign statements of support based on it (as discussed before, with I think, nearly unanimous approval), then we can more _safely_ proceed. Have you heard of the Declaration of Independence? They prepared that document well, got all their Ducks in a Row and it's lasted for over 200 years. How many decades do you think a good WB system could last/evolve for? I ask only that you engage your long-range vision for a moment. - Except for good ol' John Gilmore, no one has sent me their pubkey for the list of volunteers after I publicly requested same some weeks back. Belly up to the Bar, Dewds. - ? There are other excellent reasons to keep it in our collective pants for a while, but if THESE don't convince you, then perhaps I am asking the wrong group of folks to help get this started properly. I suggest that we set up a dummy area and begin to conduct some experiments ala Tim May's F117A bogus post. Hopefully, this will allow our more impatient members to spew to their heart's delight while the rest of us continue with the legwork and phonework to give it social armor. Anybody can put a box out on the street and say "everybody put your complaints in here," but it takes some real thinkers to put out a serious whistleblower system. Lastly, I ask your forgiveness for all my sins... dave PS: Only kiddin', I never sin. Well, hardly ever these days. Well, pretty often then, but I keep it to a few times a day. OK, well, maybe hourly, but I'm really acting in the best interest of everyone. OK, I lied, I sin and sin and sin every second of my existence. ...So sue me! From meyer at mcc.com Thu Apr 15 11:47:50 1993 From: meyer at mcc.com (Peter Meyer) Date: Thu, 15 Apr 93 11:47:50 PDT Subject: Decryption In-Reply-To: <9304142228.AA08551@pluto.ee.cua.edu> Message-ID: <19930415184700.2.MEYER@OGHMA.MCC.COM> Date: Wed, 14 Apr 1993 17:28 CDT From: trump at pluto.ee.cua.edu (Louis Edward Trumpbour) ok well i am sure that there are a lot of people out there that want to learn how to do basic cypher/decyphering... so i think it would be nice if people gave their knowledge on how to do decryption... even if its very very basic and perhaps a faq could be made out of this info... Clovis sci.crypt has recently put out a FAQ (at last). I forget where it's ftp-able from but there's always someone on sci.crypt asking where the FAQ is, and it gets reposted from time to time. There are lots of ways to encrypt/decrypt/cryptanalyze. The sci.crypt FAQ lists some books on the subject. Would-be cryptanalysts could take a look at Abraham Sinkov's "Elementary Cryptanalysis, A Mathematical Approach", published by The Mathematical Association of America, 1966. -- Peter Meyer From hal at alumni.cco.caltech.edu Thu Apr 15 14:08:16 1993 From: hal at alumni.cco.caltech.edu (Hal Finney) Date: Thu, 15 Apr 93 14:08:16 PDT Subject: Chaining to Julf's remailer Message-ID: <9304152107.AA16806@alumni.cco.caltech.edu> On news.admin.policy, a 'nym' called Nowhere, Man called somebody an asshole and told them to fuck off. Someone objected, and Nowhere responded: > You're right, and I'm really sorry if my insults got somebody bent out > of shape. I just think some people deserve to get flamed once in a while. > Also, the mail return address doesn't work becuase this message goes therough > a chain of other remailers before it gets to JUlf's base. So netnews is > the only way to get messages to me. Hey, maybe there should be a board > just for messages to nyms. Crypted, even. How about it, news.admin.policy > phreaks, should we put it to a vote? Nowhere, Man . Apparently it is in fact possible to chain remailers now. I assume that he is chaining through cypherpunks remailers into penet. I'm curious to know which remailer is being used for this purpose? Perhaps we could add a description of how to do this to the documentation. My guess is that "Nowhere" reads this list. Hal From ORNTS188 at ksuvxb.kent.edu Thu Apr 15 15:12:28 1993 From: ORNTS188 at ksuvxb.kent.edu (ORNTS188 at ksuvxb.kent.edu) Date: Thu, 15 Apr 93 15:12:28 PDT Subject: Q&A DataBase Message-ID: <01GX1S55DSEA0005UJ@ksuvxb.kent.edu> Hello All, does anyone know much about the this program? I would like to be able to pick the passwords out of the database file. In this program (Q&A) the database can be set up so that users have limeted access to different areas of the files. I just got the code and doc files for WP hack, and they were great. I am still going thur the code. Well thanks Red :) From pmetzger at lehman.com Thu Apr 15 15:30:38 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Thu, 15 Apr 93 15:30:38 PDT Subject: Q&A DataBase In-Reply-To: <01GX1S55DSEA0005UJ@ksuvxb.kent.edu> Message-ID: <9304152230.AA22243@snark.shearson.com> ORNTS188 at ksuvxb.kent.edu says: > Hello All, does anyone know much about the this program? > I would like to be able to pick the passwords out of the database file. > In this program (Q&A) the database can be set up so that users have lim eted access to different areas of the files. I just got the code and doc files > for WP hack, and they were great. I am still going thur the code. Pardon, but what does this have to do with Cypherpunks? Perry From grady at netcom.com Thu Apr 15 16:46:44 1993 From: grady at netcom.com (1016/2EF221) Date: Thu, 15 Apr 93 16:46:44 PDT Subject: SOURCE to Macintosh PGP 2.2 released Message-ID: <9304152346.AA07957@netcom.netcom.com> Complete Symantec THINK C 5.0.4 source code including projects and user documentation is available via anonymous FTP from: netcom.com [192.100.81.100] in directory pub/grady file is type ASCII, Compact Pro .sea processed with BinHex 4.0. MGET MacPGP2.2src.sea.hqx MGET MacPGP2.2srcSIGNATURE HQX file is digitally signed by me; verification of signature via public key servers or by phone. Please distribute this code widely -- read the READ ME file included with the package. From rclark at nyx.cs.du.edu Thu Apr 15 20:22:07 1993 From: rclark at nyx.cs.du.edu (Robert W. F. Clark) Date: Thu, 15 Apr 93 20:22:07 PDT Subject: WARNING: Pointer article to soc.whistleblowers debate Message-ID: <9304160323.AA06370@nyx.cs.du.edu> The news software has been activated. David Tale has accepted the article, sans a paragraph specifying a procedural point (which I didn't think would fly, anyway) and bagging alt.sex and alt.drugs from the discussion, but keeping many others; I think if I hadn't put those two in, he might have knocked out a few I was serious about. So, in any case, the article, in a modified form, partially by me and partially by Tale, is now posted to news.announce.newgroups, and the debate shall begin shortly. Those of you who consider this newsgroup a beneficial and good thing, and who wish to discuss its implementation and name and other germane issues, should immediately go to news.groups and begin posting like lunatics. Those of you who consider this newsgroup a menace to society should go to news.groups and post scathing articles about my sexual preferences. (Humor, of course.) In any case, I have not identified myself as a cypherpunk or, for that matter, as an Extropian, not having the boundless arrogance to presume that cypherpunks all share my opinion of the methods of implementing this; so those of you who do agree with me, or disagree only on procedural points, should post your opinion; people have a larger tendency to vote YES when they think others agree with them. Also try to avoid excessively inflammatory postings (on the order of "You fucking moron, how DARE you disagree with me."), as these will tend to garner a bunch of NOs. I don't mean be a total schmuck and bend over backwards for a flaming, but flame back in a constructive spirit and without senseless _ad hominem_ attacks. I hope that this group can be created with as little sturm and drang as possible, but if it _does_ require sturm OR drang OR both, heat may need to be applied. Again, post whether or not you agree. And don't send votes yet, of course. I'll just junk them, according to net.law. If the cypherpunks wish to present this as a cypherpunk issue, or if individuals wish to support it as individuals, feel free. I'm not going to attach the name 'cypherpunk' to it myself because, not to be rude, it would further politicize an already highly-politicized issue. However, if we'd be more effective as THE DREADED Extropians/Cypherpunks bloc, which I don't think is necessarily the case, feel free. It's not my net. Apologies are extended for the lengthy crosspost, but it shall be the last crosspost; further discussion ought to occur in news.groups. And battle plans in cypherpunks, if we even need battle plans. With any luck, there won't be a battle. If we sneak this in by acclamation without a flamewar or controversy, we're ENTRENCHED. NOBODY can stop us, or any other people who could utilize this most valuable resource. But I'm not holding my breath on that one. Although I cross-posted mainly to groups with a large population of potential YES voters, and ignored, say, news admin hangouts, those who would oppose this are sure to find out about it; but I think we can muster sufficient political clout to pass this. Me? I'm currently going to enlist some old friends from talk.bizarre. . . Don't worry, they're not the current crop but the same crowd that passed comp.protocols.tcp-ip.eniac. I'll ask for as little inflammatory material as possible, like I did here, but I don't want this to become any more of a flamewar than necessary, and, again and for the last time, would prefer it didn't end up that way at all. End of crosspost. We now return you to your regular round of discussing radix sorts and monozygotic recessives. Thank you. ---- Robert W. Clark rclark at nyx.cs.du.edu PGP signature available by mail or finger From 74076.1041 at CompuServe.COM Thu Apr 15 22:13:49 1993 From: 74076.1041 at CompuServe.COM (Hal) Date: Thu, 15 Apr 93 22:13:49 PDT Subject: ANON: Chaining to Penet remailer Message-ID: <930416050708_74076.1041_FHD24-1@CompuServe.COM> Well, after a fair amount of experimentation I have learned who the mysterious an10757 at anon.penet.fi is. It's me. Or, more specifically, it is my remailer operating at hal at alumni.caltech.edu. If you send mail from this remailer to anon.penet.fi for posting or remailing it is identified as comin from an10757, the same address used in the post by "Nowhere, Man". This address is different from the address I get if I just send to ping at anon.penet.fi from that account. I think the reason is that the mail sent from the remailer is identified as comin from "nobody" instead of "hal" in the From: field. This causes Julf's remailing software to assign a different anonymous ID. I don't see any problems with this (not right away, anyway) and in fact it seems to me to be a desirable feature. I think we should document this for people who want to use the Penet remailer for posting, in a more untraceable way. Send mail to either: hal at alumni.caltech.edu (posts as an10757 at anon.penet.fi) hfinney at shell.portal.com (posts as an19579 at anon.penet.fi) Have as the first lines of your message: :: Request-Remailing-To: anon at anon.penet.fi X-Anon-To: news.admin.policy Follow this with a blank line, then your message. Put whatever newsgroups you like (separated by commas) after X-Anon-To. This method of posting does not allow you to receive replies. I have set "nicknames" for these two accounts as "Untraceable account" which will appear in the "From" line on the postings. Hopefully that will offer a clue that the normal reply mechanism doesn't work. Maybe the nickname should say so more explicitly? I believe this approach would work with most of the other Cypherpunks remailers. The one thing for remailer operators to watch out for is what is put in the From: line when the remailer sends it. You want it to be different from your regular account name or else your anonymous ID will be used for all messages through that remailer. Naturally, this is vulnerable to abuse. If "Nowhere" or someone else continues to post obscenities and flames then Julf may have to block off all of our cypherpunks remailers, which would be unfortunate. Until there are more remailers I think anonymous posters need to continue to exercise some self- restraint. Hal From ebrandt at jarthur.Claremont.EDU Fri Apr 16 02:00:58 1993 From: ebrandt at jarthur.Claremont.EDU (Eli Brandt) Date: Fri, 16 Apr 93 02:00:58 PDT Subject: ANON: Chaining to Penet remailer In-Reply-To: <930416050708_74076.1041_FHD24-1@CompuServe.COM> Message-ID: <9304160900.AA04650@toad.com> > From: Hal <74076.1041 at CompuServe.COM> > This method of posting does not allow you to receive replies. I have set > "nicknames" for these two accounts as "Untraceable account" which will appear > in the "From" line on the postings. Hopefully that will offer a clue that > the normal reply mechanism doesn't work. Maybe the nickname should say so > more explicitly? You'd better make it quite clear that replies will not work. The consequences of misunderstanding here is that somebody's missive to an apparent penet user ends up in your remailer machine's postmaster's mailbox. This is not good; it's an unexpected breach of privacy, and it will tick off the sysadmin if it continues to happen. It's happened at least once -- I did it. Fortunately, my message to "NOWHERE, MAN" was about netiquette, not 'shrooms. Nothing to cause your postmaster's jaw to drop, but it could have been. The security provided by this technique could be provided without the IMHO serious disadvantage of having no return address. Eric's hybrid approach, where a pseudonym server hands mail to an remailer chain, is secure (barring sophisticated traffic analysis) if you trust the last remailer in the chain. Julf, have you thought about whether you want to do something like this? > Hal Eli ebrandt at jarthur.claremont.edu From kinney at spot.Colorado.EDU Fri Apr 16 07:13:24 1993 From: kinney at spot.Colorado.EDU (KINNEY WILLIAM H) Date: Fri, 16 Apr 93 07:13:24 PDT Subject: Proposal for anon chaining Message-ID: <199304161412.AA09006@spot.Colorado.EDU> Recent traffic on anonymous remailers/servers: >From: Eli >> From: Hal <74076.1041 at CompuServe.COM> >> This method of posting does not allow you to receive replies. I have set >> "nicknames" for these two accounts as "Untraceable account" which will appear > >in the "From" line on the postings. Hopefully that will offer a clue that > >the normal reply mechanism doesn't work. Maybe the nickname should say so >> more explicitly? > > >The security provided by this technique could be provided without >the IMHO serious disadvantage of having no return address. Eric's >hybrid approach, where a pseudonym server hands mail to an remailer >chain, is secure (barring sophisticated traffic analysis) if you >trust the last remailer in the chain. Julf, have you thought about >whether you want to do something like this? > Hal Here's an idea I haven't seen suggested before, which would remove the need for a pseudonym server: The way things stand now, chaining Cypherpunk remailers works by nesting PGP encryptions of the form *********** message text *********** If you want to chain remailers, you encrypt the above, make IT the new message text, and then add another header, and so on until you get bored. My proposal is for a modification of this protocol to allow for pseudonymous return mail addresses, like this: The trick would be to separate the message text from the remailer routing information, in a message of the form *********** ROUTING INFORMATION *********** *********** MESSAGE TEXT *********** where both blocks are encrypted with PGP. The message text would be encrypted with the PGP public key of the intended final recipient of the message, and would not be modified by the intermediate anon remailers. The routing information would be for the benefit of the remailers only. It would be created by the RECIPIENT and made publicly available as a pseudonymous mail address. It would work like this: Suppose user foo at bar.com wishes to establish a pseudonymous identity, and wants to route it through anon remailers "anon1" and "anon2". What he does is take a message of the form :: Request-Remailing-To: foo at bar.com and encrypts it with server anon1's PGP public key, to create . Then he adds another header to make :: Request-Remailing-To: anon1 and encrypts THIS with anon2's public key to make , and adds a header to make :: Request-Remailing-To: anon2 Obviously, this procedure can be nested to arbitrary depth, chaining through as many anon servers as you like. The trick is that this address block can be made PUBLIC, since the only way to unwind the routing is to have access to the secret keys of all the intermediate anon servers, and the identity of the recipient is protected. foo at bar.com then anonymously posts a PGP public key and a routing block to some public forum, and people can communicate with him without having any idea as to his actual identity. When I want to send a message to him, I encrypt the message with his provided public key, and then add the encrypted routing header, which he has also provided. I give him my own pseudonymous mail routing header to allow him to reply. This seems to me to be a very robust pseudonymous mail system which could be implemented by relatively minor changes to the existing Cypherpunk remailer structure. It has the additional advantage of being decentralized and maintenance-free. It could be used for pseudonyms on net news, e-mail, wherever, and could presumably be integrated in some way into Julf's anon server. Comments? -- Will From pmetzger at lehman.com Fri Apr 16 09:03:13 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Fri, 16 Apr 93 09:03:13 PDT Subject: Dorothy Denning's friends strike Message-ID: <9304161602.AA27246@snark.shearson.com> To: cypherpunks at toad.com, libernet at dartmouth.edu, extropians at gnu.ai.mit.edu [Libernet readers -- please do not follow up on libernet, as it is only for announcements. All readers -- please do not CC lists you are not on with replies.] According to a front page article in today's New York Times, the Clinton Administration is going to be releasing a standard encryption technology that commercial users will be encouraged to adopt that involves having the government keep copies of "back door" keys associated with every device deployed. The article is entitled, with unintentional irony, "Communications Plan to Balance Government Access with Privacy". The article indicates that the move is "inteded to resolve a long standing dilema[...] how to preserve the legitimate right for businesses and citizens to use codes [...] without letting criminals and terrorists conspire beyond the reach of the law". The implications are obvious. Perry Metzger From jthomas at coconut.mitre.org Fri Apr 16 09:27:24 1993 From: jthomas at coconut.mitre.org (Joe Thomas) Date: Fri, 16 Apr 93 09:27:24 PDT Subject: Proposal for anon chaining Message-ID: <9304161626.AA02630@coconut> KINNEY WILLIAM H writes: > Recent traffic on anonymous remailers/servers: > > >From: Eli > >> From: Hal <74076.1041 at CompuServe.COM> > >> This method of posting does not allow you to receive replies. I have set > >> "nicknames" for these two accounts as "Untraceable account" which will appear > > >in the "From" line on the postings. Hopefully that will offer a clue that > > >the normal reply mechanism doesn't work. Maybe the nickname should say so > >> more explicitly? > > > > > >The security provided by this technique could be provided without > >the IMHO serious disadvantage of having no return address. Eric's > >hybrid approach, where a pseudonym server hands mail to an remailer > >chain, is secure (barring sophisticated traffic analysis) if you > >trust the last remailer in the chain. Julf, have you thought about > >whether you want to do something like this? > > > Hal > > Here's an idea I haven't seen suggested before, which would remove the need > for a pseudonym server: > > [Description of chain-encrypted header info, separated from message text] > > This seems to me to be a very robust pseudonymous mail system which > could be implemented by relatively minor changes to the existing Cypherpunk > remailer structure. It has the additional advantage of being decentralized > and maintenance-free. It could be used for pseudonyms on net news, e-mail, > wherever, and could presumably be integrated in some way into Julf's > anon server. > Yes, this would seem to be the way to do this, and this type of nested-encrypted routing information is what I was referring to as an "SASE" in my front-end/back-end anonymous posting design. There are some drawbacks, however. Traffic analysis by watching a remailer's feed, and seeing messages come in and go back out is much easier, since the message _text_ is unchanged from one remailer to the next. In fact, however, such traffic analysis is not difficult with the present system, since message lengths can be used to correlate messages going in and out, and the remailers aren't getting enough traffic to do much internal "mixing" to avoid obvious FIFO behavior. The obvious solutions are a remailing protocol that supports padding out messages to a few "standard" lengths, and increasing the remailer traffic, perhaps with dummy messages. But this doesn't help in the above case, when routing information is separate from message text, and not known to the sender (except for the first hop). One possible solution relies on the fact that each remailer must know the next hop a message will take. When the remailer is forwarding mail with separately encrypted header information, it will append some random bits to the message, then encrypt it with the next remailer's public key. (Note that if the appending of random bits is skipped, the system provides no security against traffic analysis, since the adversary can simply try encrypting incoming messages with various remailers' public keys, then watch to see if that message comes back out). I've got some more ambitious ideas for this (encrypted return addresses as a MIME content-type?), but I think the version outlined above could be implemented pretty easily, although I admit I haven't really read through the remailer scripts. I'll take a crack at it as soon as I get my Linux box (a couple weeks) if people think it's a good idea. Joe From tcmay at netcom.com Fri Apr 16 09:38:00 1993 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 16 Apr 93 09:38:00 PDT Subject: White House announcement on encryption--FORWARDED Message-ID: <9304161638.AA19495@netcom3.netcom.com> Cypherpunks, Here's a message from sci.crypt that's of relevance to us in several ways. I assume from its length, seriousness, and wording that it's not a spoof...I can't check the White House's signature! Some messages: 1. It tells us what Denning and Rivest were probably actually working on when they floated their "trial balloons" last summer and fall. 2. A goverment-sanctioned phone encryption technique has implications for the phone encryption topics we've discussed at the Cypherpunks meetings (notably with Paul Rubin and Whit Diffie). 3. As always, end-to-end encryption, bypassing such schemes as this, is looking better and better. 4. It is not clear if the government scheme will legally preclude other encryption schemes. 5. I expect a lively debate will soon take place in sci.crypt. Newsgroups: sci.crypt Path: netcom.com!netcomsv!decwrl!uunet!dove!csrc.ncsl.nist.gov!clipper From: clipper at csrc.ncsl.nist.gov (Clipper Chip Announcement) Subject: text of White House announcement and Q&As on clipper chip encryption Message-ID: Sender: news at dove.nist.gov Organization: National Institute of Standards & Technology Distribution: na Date: Fri, 16 Apr 1993 15:19:06 GMT Lines: 282 Note: This file will also be available via anonymous file transfer from csrc.ncsl.nist.gov in directory /pub/nistnews and via the NIST Computer Security BBS at 301-948-5717. --------------------------------------------------- THE WHITE HOUSE Office of the Press Secretary _________________________________________________________________ For Immediate Release April 16, 1993 STATEMENT BY THE PRESS SECRETARY The President today announced a new initiative that will bring the Federal Government together with industry in a voluntary program to improve the security and privacy of telephone communications while meeting the legitimate needs of law enforcement. The initiative will involve the creation of new products to accelerate the development and use of advanced and secure telecommunications networks and wireless communications links. For too long there has been little or no dialogue between our private sector and the law enforcement community to resolve the tension between economic vitality and the real challenges of protecting Americans. Rather than use technology to accommodate the sometimes competing interests of economic growth, privacy and law enforcement, previous policies have pitted government against industry and the rights of privacy against law enforcement. Sophisticated encryption technology has been used for years to protect electronic funds transfer. It is now being used to protect electronic mail and computer files. While encryption technology can help Americans protect business secrets and the unauthorized release of personal information, it also can be used by terrorists, drug dealers, and other criminals. A state-of-the-art microcircuit called the "Clipper Chip" has been developed by government engineers. The chip represents a new approach to encryption technology. It can be used in new, relatively inexpensive encryption devices that can be attached to an ordinary telephone. It scrambles telephone communications using an encryption algorithm that is more powerful than many in commercial use today. This new technology will help companies protect proprietary information, protect the privacy of personal phone conversations and prevent unauthorized release of data transmitted electronically. At the same time this technology preserves the ability of federal, state and local law enforcement agencies to intercept lawfully the phone conversations of criminals. A "key-escrow" system will be established to ensure that the "Clipper Chip" is used to protect the privacy of law-abiding Americans. Each device containing the chip will have two unique 2 "keys," numbers that will be needed by authorized government agencies to decode messages encoded by the device. When the device is manufactured, the two keys will be deposited separately in two "key-escrow" data bases that will be established by the Attorney General. Access to these keys will be limited to government officials with legal authorization to conduct a wiretap. The "Clipper Chip" technology provides law enforcement with no new authorities to access the content of the private conversations of Americans. To demonstrate the effectiveness of this new technology, the Attorney General will soon purchase several thousand of the new devices. In addition, respected experts from outside the government will be offered access to the confidential details of the algorithm to assess its capabilities and publicly report their findings. The chip is an important step in addressing the problem of encryption's dual-edge sword: encryption helps to protect the privacy of individuals and industry, but it also can shield criminals and terrorists. We need the "Clipper Chip" and other approaches that can both provide law-abiding citizens with access to the encryption they need and prevent criminals from using it to hide their illegal activities. In order to assess technology trends and explore new approaches (like the key-escrow system), the President has directed government agencies to develop a comprehensive policy on encryption that accommodates: -- the privacy of our citizens, including the need to employ voice or data encryption for business purposes; -- the ability of authorized officials to access telephone calls and data, under proper court or other legal order, when necessary to protect our citizens; -- the effective and timely use of the most modern technology to build the National Information Infrastructure needed to promote economic growth and the competitiveness of American industry in the global marketplace; and -- the need of U.S. companies to manufacture and export high technology products. The President has directed early and frequent consultations with affected industries, the Congress and groups that advocate the privacy rights of individuals as policy options are developed. 3 The Administration is committed to working with the private sector to spur the development of a National Information Infrastructure which will use new telecommunications and computer technologies to give Americans unprecedented access to information. This infrastructure of high-speed networks ("information superhighways") will transmit video, images, HDTV programming, and huge data files as easily as today's telephone system transmits voice. Since encryption technology will play an increasingly important role in that infrastructure, the Federal Government must act quickly to develop consistent, comprehensive policies regarding its use. The Administration is committed to policies that protect all Americans' right to privacy while also protecting them from those who break the law. Further information is provided in an accompanying fact sheet. The provisions of the President's directive to acquire the new encryption technology are also available. For additional details, call Mat Heyman, National Institute of Standards and Technology, (301) 975-2758. --------------------------------- QUESTIONS AND ANSWERS ABOUT THE CLINTON ADMINISTRATION'S TELECOMMUNICATIONS INITIATIVE Q: Does this approach expand the authority of government agencies to listen in on phone conversations? A: No. "Clipper Chip" technology provides law enforcement with no new authorities to access the content of the private conversations of Americans. Q: Suppose a law enforcement agency is conducting a wiretap on a drug smuggling ring and intercepts a conversation encrypted using the device. What would they have to do to decipher the message? A: They would have to obtain legal authorization, normally a court order, to do the wiretap in the first place. They would then present documentation of this authorization to the two entities responsible for safeguarding the keys and obtain the keys for the device being used by the drug smugglers. The key is split into two parts, which are stored separately in order to ensure the security of the key escrow system. Q: Who will run the key-escrow data banks? A: The two key-escrow data banks will be run by two independent entities. At this point, the Department of Justice and the Administration have yet to determine which agencies will oversee the key-escrow data banks. Q: How strong is the security in the device? How can I be sure how strong the security is? A: This system is more secure than many other voice encryption systems readily available today. While the algorithm will remain classified to protect the security of the key escrow system, we are willing to invite an independent panel of cryptography experts to evaluate the algorithm to assure all potential users that there are no unrecognized vulnerabilities. Q: Whose decision was it to propose this product? A: The National Security Council, the Justice Department, the Commerce Department, and other key agencies were involved in this decision. This approach has been endorsed by the President, the Vice President, and appropriate Cabinet officials. Q: Who was consulted? The Congress? Industry? A: We have on-going discussions with Congress and industry on encryption issues, and expect those discussions to intensify as we carry out our review of encryption policy. We have briefed members of Congress and industry leaders on the decisions related to this initiative. Q: Will the government provide the hardware to manufacturers? A: The government designed and developed the key access encryption microcircuits, but it is not providing the microcircuits to product manufacturers. Product manufacturers can acquire the microcircuits from the chip manufacturer that produces them. Q: Who provides the "Clipper Chip"? A: Mykotronx programs it at their facility in Torrance, California, and will sell the chip to encryption device manufacturers. The programming function could be licensed to other vendors in the future. Q: How do I buy one of these encryption devices? A: We expect several manufacturers to consider incorporating the "Clipper Chip" into their devices. Q: If the Administration were unable to find a technological solution like the one proposed, would the Administration be willing to use legal remedies to restrict access to more powerful encryption devices? A: This is a fundamental policy question which will be considered during the broad policy review. The key escrow mechanism will provide Americans with an encryption product that is more secure, more convenient, and less expensive than others readily available today, but it is just one piece of what must be the comprehensive approach to encryption technology, which the Administration is developing. The Administration is not saying, "since encryption threatens the public safety and effective law enforcement, we will prohibit it outright" (as some countries have effectively done); nor is the U.S. saying that "every American, as a matter of right, is entitled to an unbreakable commercial encryption product." There is a false "tension" created in the assessment that this issue is an "either-or" proposition. Rather, both concerns can be, and in fact are, harmoniously balanced through a reasoned, balanced approach such as is proposed with the "Clipper Chip" and similar encryption techniques. Q: What does this decision indicate about how the Clinton Administration's policy toward encryption will differ from that of the Bush Administration? A: It indicates that we understand the importance of encryption technology in telecommunications and computing and are committed to working with industry and public-interest groups to find innovative ways to protect Americans' privacy, help businesses to compete, and ensure that law enforcement agencies have the tools they need to fight crime and terrorism. Q: Will the devices be exportable? Will other devices that use the government hardware? A: Voice encryption devices are subject to export control requirements. Case-by-case review for each export is required to ensure appropriate use of these devices. The same is true for other encryption devices. One of the attractions of this technology is the protection it can give to U.S. companies operating at home and abroad. With this in mind, we expect export licenses will be granted on a case-by-case basis for U.S. companies seeking to use these devices to secure their own communications abroad. We plan to review the possibility of permitting wider exportability of these products. -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. From 74076.1041 at CompuServe.COM Fri Apr 16 09:56:19 1993 From: 74076.1041 at CompuServe.COM (Hal) Date: Fri, 16 Apr 93 09:56:19 PDT Subject: ANON: Chaining suggestions Message-ID: <930416165143_74076.1041_FHD34-1@CompuServe.COM> Will Kinney suggests a form of anonymous return address in which "Request-Remailing-To" headers are nested and encrypted, then used for addressing. This is a fine idea, Will, but we're way ahead of you on this. This approach has been used ever since we added encryption to the remailers. Karl Barrus even wrote a script specifically for constructing anonymous addresses like this. It's available from the Cypherpunks ftp site. (soda.berkeley.edu, /pub/cypherpunks. I think the file is something like "scripts.tar".) The problem with this in practice is, first, that the return address block is rather large, especially if more than one level of nesting is used (often 10, 20 lines or more); and second, that it does not lend itself to automatic use of the "reply" function. Instead, the replier has to cut and paste this block of text from the message he's replying to and put it in the right place in his own message. And he has to be instructed in how to do this. (Karl's script adds the instructions when it creates the return address.) This is pretty complicated. This is why Eli suggested (based on suggestions from Eric Hughes) that at least Julf's remailer be enhanced so instead of just mapping, say, an12345 to joe at foo.com, it would map to a Cypherpunks return address of the type Will is describing - a block of encrypted text. People could then have the convenience of automatic replies to an12345 along with the security of a chained address. I don't think the idea quite works in this form, since I don't see how messages to Julf get translated to an12345. Presumably only messages from one specific user should get posted under this ID (the user whose address is buried in the encrypted return address to which Julf's remailer will forward replies). Perhaps another set of commands is needed to tell the remailer what ID to use to post under. By the time you do this much I don't think that what you have bears much resemblence to Julf's current software. I am stymied in doing experimentation in this area by one fundamental problem. I do not have the power to create user ID's on any systems which I use, so I can't create pseudonym accounts. I have tried various tricks. For example, I sent mail with a "Reply-To:" of "hal at alumni.caltech.edu (Pseudonym 12345)". I hoped that if someone did a reply to this mail, it might come to me with that whole field in the "To" line, and I could then parse it for the pseudonym number. That didn't work on the particular reply mailer that I used; it stripped the comment field in parentheses. The one other idea I've had is to put something at the beginning of the Subject: line, so if the user remailed a message with a Subject: of "How's it going, Jack?" it would actually go out as "Subject: (P12345) How's it going, Jack?". Then when they reply it will probably come back as "Subject: Re: (P12345) How's it going, Jack?" or something similar, and I can parse for the (Pxxxxx). This might work pretty often but munging the Subject line is bad for news posting since a lot of news readers sort by subject line. I could put the (Pxxxxx) at the end but it might get truncated? Maybe not. I wonder if anyone knowledgable in mail systems could suggest a relatively robust way of setting up outgoing headers so that return mail will (A) come back to me (hal at alumni.caltech.edu in this case) and (B) be marked in some unique way that would let me do a pseudonym mapping. Any ideas would be appreciated. Hal Finney 74076.1041 at compuserve.com From ebrandt at jarthur.Claremont.EDU Fri Apr 16 10:17:12 1993 From: ebrandt at jarthur.Claremont.EDU (Eli Brandt) Date: Fri, 16 Apr 93 10:17:12 PDT Subject: Proposal for anon chaining In-Reply-To: <199304161412.AA09006@spot.Colorado.EDU> Message-ID: <9304161717.AA15797@toad.com> > From: KINNEY WILLIAM H > The routing information would be for the benefit of the remailers only. > It would be created by the RECIPIENT and made publicly available as a > pseudonymous mail address. It would work like this: ... > This seems to me to be a very robust pseudonymous mail system which > could be implemented by relatively minor changes to the existing Cypherpunk > remailer structure. This appears to be the ARA system that was previously suggested, which I was speaking of using with penet. Your comment that changes would be needed implies that it is different; if so, could you clarify the difference? The reason Eric suggested hanging this off the side of a pseudonym server is that it is rather inconvenient in its pure form, particularly for unsophisticated users. It involves a thirty-line block of cruft, cutting and pasting... ideally your MUA would handle everything, but this isn't going to happen soon. Grafting this onto a nymserver as a return address gives you the ease of use of something like penet, without having to maintain a central nym<--->name mapping. > -- Will Eli ebrandt at jarthur.claremont.edu From ld231782 at longs.lance.colostate.edu Fri Apr 16 11:02:29 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Fri, 16 Apr 93 11:02:29 PDT Subject: FWEE!: The Counterrevolutionaries Strike Back In-Reply-To: <9304150631.tn01219@aol.com> Message-ID: <9304161802.AA25932@longs.lance.colostate.edu> [internaut] >As I am the person doing some of the legwork to establish the body of >Users/Subscribers for the alt.wb service (in my spare time), I would like to >request that this action NOT be taken at this time. I am as anxious as anyone >to see this become a reality, but I have learned over the years that both >information services and sex can be ruined by prematurity. > >There, I've admitted it, I am not >ready yet (nor are the Users). If you think that you are the whistleblower moderator, fine. Be one. But we need a completely unmoderated group. If you think you have any right to hold up an unmoderated group to squeeze through your own bottleneck, please go elsewhere. I admire and appreciate your work to gain mainstream acceptance of this group. But we have a great deal to lose through `premature' publicizing this project. Anonymous servers, if they hadn't been `sneaked on' to the net, would probably be specifically banned if news and network administrators were forewarned of their presence. Now I see an awful lot of backpeddling and fence-hopping by these hypocrites on e.g. news.admin.policy who say ``Oh gee, we think anonymity is *great*, we just want to control where you can use it.'' If it weren't for pioneering and underground cypherpunk work in this area, I believe the statement would be ``that issue was brought up, and they have been specifically banned from the network because anonymity is worthless and only for cowards and criminals.'' You are talking to many people (i.e. bureacrats and legislators) who may be totally displaced and bypassed (i.e. lose illegitimate power) by this service. There are a great many people you are talking to, I think, whose every interest is to totally castrate the project of any `offensiveness'. I think you are trying to operate on a much more respectable level than is possible currently. That level can only be attained by a gradual evolution of the medium, starting with something rather crude, kludgy, and unsophisticated. >Not enough people are educated enough to use it. we are not trying to get everyone in the U.S. to understand how this works immediately. This is an impossible goal. Your efforts amount to singlehandedly educating the public about the Internet. To most, the idea of a worldwide bulletin board is mindboggling enough. If you wait until everybody and his grandma know what you are talking about, I'll be dead by then. If you wait until every legislator and bureacrat understands it, the earth will have crumbled before you finish. There are plenty of sophisticated people who can benefit from this *immediately*. We are starting something with training wheels. If we were IBM we would be doing it like you have in mind, an incredible backroom strategizing effort before a massive and highly publicized public rollout with great hype and fanfare. But we are not IBM. We are cypherpunks. We are the silent underground who slips radical new conquests past people before they even realize it. Anything less is too formal, fragile, and lifeless. We are not waiting for you to come out with your Press Kit before this thing starts. >- We haven't figured out who'll be polled to send in msgs and exactly HOW >we'll offer them some sort of anonymity and what they need to do afterward. polled? sounds like an election, like something democratic, like something that can be twisted by a misguided majority. Again, you sound like you are looking for a group with high quality control. Unfortunately, I think this goal is largely antithetical the essential spirit of the whistleblower idea. The whistleblower is alone and isolated, almost by definition. Your ideas on filtering incoming messages, gained from those you've talked to, sound rather naive and dangerous to me. You're welcome to set up all these mechanisms outside of a *totally*free* group and `ride' on the traffic therein. But don't ever propose tampering with that traffic in a centralized fashion. You will be badly burned. >Not a single cpunk has yet submitted any suggestions to me for the >Guidelines as I have asked twice. Not one person. Do that first, O Verbose >Ones! I think a FAQ posted to the group is an excellent idea. In fact I am considering putting one up here. But if the group hasn't even been created yet, we have nowhere to post. The FAQ should come as soon as possible, but *after* the creation of the group. And if there are a lot of conflicting demands on a single group, than a FAQ that everyone agrees to would be impossible to come up with amidst all the objections. I just don't get it. This is a group like any other. Why do you think the whole international public has to be prepared for its creation by you personally? People have to judge for themselves what to post, and how reliable the mechanisms are. Sure, we will give the facts on the security of the medium in the FAQ. But if they don't trust it (and there will be plenty of reasons not to) then they shouldn't risk it. If anywhere else there should be less content restrictions and our overseeing `recommendations' (i.e. dictations) on postings. >Have you heard >of the Declaration of Independence? They prepared that document well, got all >their Ducks in a Row and it's lasted for over 200 years. How many decades do >you think a good WB system could last/evolve for? I ask only that you engage >your long-range vision for a moment. There was an interim government prior to the passage of this document. And there was enormous haggling over the content of it, with many compromises. The document is not perfect. There are flaws and cracks that have poked through after 200 years. Do you think our judicial system is as effective as possible? Do you think our legislative system is the most representative of people's expectations of and directives to their subservient government? Do you think our government today truly represents, in all ways, the intentions of its founders? Do you think they considered all possible scenarios? Do you think they would not want to make some minor adjustments or major changes after seeing 200 years pass from their noble experiment? Do you think that anything that is dynamic can be static? Our democratic system, at the time of its inception, was almost radically experimental. The broad commitment to state and human rights, to the exclusion of federal ones, was quite flabbergasting to the slaves of the European model... >Anybody can put a box out on the street and say "everybody put your >complaints in here," but it takes some real thinkers to put out a serious >whistleblower system. Look at everything that is efficient in the world, and you will see that it is so because of *independently operating* components, with minimized centralized control. When you want to get on your car and go somewhere, you don't submit any proposals to a government agency for a Transportation Plan. The capitalist system works (and certain others, which shall remain nameless, have failed) precisely because everybody pursues and uses money *independently*. If they have an idea how to run a business, they just start one (with great hassle from government regulations). Usenet works because every server keeps abreast of all articles *independently*. Message transmission on the internet is so reliable because virtually an infinite number of routing pathways exist that a message can take, avoiding any obstacles, each component performing its job *independently*. Now, let me hear again how you want us to submit all our public keys to you, submit the group guidelines for your personal perusal (and presumably veto), and wait for all your congressional friends to understand the concept? And how this will ultimately lead to an ideal and robust system? You simply don't understand. This idea is bigger than you, it is bigger than me. Anyone who tries to wrap themselves completely around it will explode from the pressure. This system will *grow* *itself* to become extremely sophisticated and respected. Let us not smother the sapling with misguided preconceptions for nourishment. >There are other excellent reasons to keep it in our collective pants for a >while, but if THESE don't convince you, then perhaps I am asking the wrong >group of folks to help get this started properly. `Let's' start a mailing group for `nambypambypunks'. `We'll' get George ``Wouldn't be Prudent at this Juncture'' Bush to join. In fact, `we' better even start it until `we're' sure he likes the idea. p.s. cypherpunks, I certainly don't claim to speak for the group as a whole (such a task would be impossible no matter *what* is said) but I am becoming a bit disenchanted and disillusioned with some of the opinions expressed herein. Is it just that the weasels are more vocal? From dmandl at shearson.com Fri Apr 16 12:03:03 1993 From: dmandl at shearson.com (David Mandl) Date: Fri, 16 Apr 93 12:03:03 PDT Subject: Phil Zimmerman on the Radio Message-ID: <9304161840.AA17929@tardis.shearson.com> FYI, for those of you in the NYC area, I'm going to be conducting a brief interview with Phil Zimmerman (author of PGP) on my radio show tomorrow to discuss the recent NSA/Big Brother crypto developments (see the front page of today's New York Times). WFMU, East Orange, NJ, 91.1 FM. My show airs from noon-3:00 local time, and the interview will start at around 1:00. N.B.: I will NOT be taping the show, so I can't make tapes for anyone. Anyone else listening is free to make copies and do whatever they want with them, of course. --Dave. From gnu Fri Apr 16 12:24:26 1993 From: gnu (John Gilmore) Date: Fri, 16 Apr 93 12:24:26 PDT Subject: White House press release on encryption policy Message-ID: <9304161924.AA18313@toad.com> Note: This file will also be available via anonymous file transfer from csrc.ncsl.nist.gov in directory /pub/nistnews and via the NIST Computer Security BBS at 301-948-5717. --------------------------------------------------- THE WHITE HOUSE Office of the Press Secretary _________________________________________________________________ For Immediate Release April 16, 1993 STATEMENT BY THE PRESS SECRETARY The President today announced a new initiative that will bring the Federal Government together with industry in a voluntary program to improve the security and privacy of telephone communications while meeting the legitimate needs of law enforcement. The initiative will involve the creation of new products to accelerate the development and use of advanced and secure telecommunications networks and wireless communications links. For too long there has been little or no dialogue between our private sector and the law enforcement community to resolve the tension between economic vitality and the real challenges of protecting Americans. Rather than use technology to accommodate the sometimes competing interests of economic growth, privacy and law enforcement, previous policies have pitted government against industry and the rights of privacy against law enforcement. Sophisticated encryption technology has been used for years to protect electronic funds transfer. It is now being used to protect electronic mail and computer files. While encryption technology can help Americans protect business secrets and the unauthorized release of personal information, it also can be used by terrorists, drug dealers, and other criminals. A state-of-the-art microcircuit called the "Clipper Chip" has been developed by government engineers. The chip represents a new approach to encryption technology. It can be used in new, relatively inexpensive encryption devices that can be attached to an ordinary telephone. It scrambles telephone communications using an encryption algorithm that is more powerful than many in commercial use today. This new technology will help companies protect proprietary information, protect the privacy of personal phone conversations and prevent unauthorized release of data transmitted electronically. At the same time this technology preserves the ability of federal, state and local law enforcement agencies to intercept lawfully the phone conversations of criminals. A "key-escrow" system will be established to ensure that the "Clipper Chip" is used to protect the privacy of law-abiding Americans. Each device containing the chip will have two unique 2 "keys," numbers that will be needed by authorized government agencies to decode messages encoded by the device. When the device is manufactured, the two keys will be deposited separately in two "key-escrow" data bases that will be established by the Attorney General. Access to these keys will be limited to government officials with legal authorization to conduct a wiretap. The "Clipper Chip" technology provides law enforcement with no new authorities to access the content of the private conversations of Americans. To demonstrate the effectiveness of this new technology, the Attorney General will soon purchase several thousand of the new devices. In addition, respected experts from outside the government will be offered access to the confidential details of the algorithm to assess its capabilities and publicly report their findings. The chip is an important step in addressing the problem of encryption's dual-edge sword: encryption helps to protect the privacy of individuals and industry, but it also can shield criminals and terrorists. We need the "Clipper Chip" and other approaches that can both provide law-abiding citizens with access to the encryption they need and prevent criminals from using it to hide their illegal activities. In order to assess technology trends and explore new approaches (like the key-escrow system), the President has directed government agencies to develop a comprehensive policy on encryption that accommodates: -- the privacy of our citizens, including the need to employ voice or data encryption for business purposes; -- the ability of authorized officials to access telephone calls and data, under proper court or other legal order, when necessary to protect our citizens; -- the effective and timely use of the most modern technology to build the National Information Infrastructure needed to promote economic growth and the competitiveness of American industry in the global marketplace; and -- the need of U.S. companies to manufacture and export high technology products. The President has directed early and frequent consultations with affected industries, the Congress and groups that advocate the privacy rights of individuals as policy options are developed. 3 The Administration is committed to working with the private sector to spur the development of a National Information Infrastructure which will use new telecommunications and computer technologies to give Americans unprecedented access to information. This infrastructure of high-speed networks ("information superhighways") will transmit video, images, HDTV programming, and huge data files as easily as today's telephone system transmits voice. Since encryption technology will play an increasingly important role in that infrastructure, the Federal Government must act quickly to develop consistent, comprehensive policies regarding its use. The Administration is committed to policies that protect all Americans' right to privacy while also protecting them from those who break the law. Further information is provided in an accompanying fact sheet. The provisions of the President's directive to acquire the new encryption technology are also available. For additional details, call Mat Heyman, National Institute of Standards and Technology, (301) 975-2758. - - --------------------------------- QUESTIONS AND ANSWERS ABOUT THE CLINTON ADMINISTRATION'S TELECOMMUNICATIONS INITIATIVE Q: Does this approach expand the authority of government agencies to listen in on phone conversations? A: No. "Clipper Chip" technology provides law enforcement with no new authorities to access the content of the private conversations of Americans. Q: Suppose a law enforcement agency is conducting a wiretap on a drug smuggling ring and intercepts a conversation encrypted using the device. What would they have to do to decipher the message? A: They would have to obtain legal authorization, normally a court order, to do the wiretap in the first place. They would then present documentation of this authorization to the two entities responsible for safeguarding the keys and obtain the keys for the device being used by the drug smugglers. The key is split into two parts, which are stored separately in order to ensure the security of the key escrow system. Q: Who will run the key-escrow data banks? A: The two key-escrow data banks will be run by two independent entities. At this point, the Department of Justice and the Administration have yet to determine which agencies will oversee the key-escrow data banks. Q: How strong is the security in the device? How can I be sure how strong the security is? A: This system is more secure than many other voice encryption systems readily available today. While the algorithm will remain classified to protect the security of the key escrow system, we are willing to invite an independent panel of cryptography experts to evaluate the algorithm to assure all potential users that there are no unrecognized vulnerabilities. Q: Whose decision was it to propose this product? A: The National Security Council, the Justice Department, the Commerce Department, and other key agencies were involved in this decision. This approach has been endorsed by the President, the Vice President, and appropriate Cabinet officials. Q: Who was consulted? The Congress? Industry? A: We have on-going discussions with Congress and industry on encryption issues, and expect those discussions to intensify as we carry out our review of encryption policy. We have briefed members of Congress and industry leaders on the decisions related to this initiative. Q: Will the government provide the hardware to manufacturers? A: The government designed and developed the key access encryption microcircuits, but it is not providing the microcircuits to product manufacturers. Product manufacturers can acquire the microcircuits from the chip manufacturer that produces them. Q: Who provides the "Clipper Chip"? A: Mykotronx programs it at their facility in Torrance, California, and will sell the chip to encryption device manufacturers. The programming function could be licensed to other vendors in the future. Q: How do I buy one of these encryption devices? A: We expect several manufacturers to consider incorporating the "Clipper Chip" into their devices. Q: If the Administration were unable to find a technological solution like the one proposed, would the Administration be willing to use legal remedies to restrict access to more powerful encryption devices? A: This is a fundamental policy question which will be considered during the broad policy review. The key escrow mechanism will provide Americans with an encryption product that is more secure, more convenient, and less expensive than others readily available today, but it is just one piece of what must be the comprehensive approach to encryption technology, which the Administration is developing. The Administration is not saying, "since encryption threatens the public safety and effective law enforcement, we will prohibit it outright" (as some countries have effectively done); nor is the U.S. saying that "every American, as a matter of right, is entitled to an unbreakable commercial encryption product." There is a false "tension" created in the assessment that this issue is an "either-or" proposition. Rather, both concerns can be, and in fact are, harmoniously balanced through a reasoned, balanced approach such as is proposed with the "Clipper Chip" and similar encryption techniques. Q: What does this decision indicate about how the Clinton Administration's policy toward encryption will differ from that of the Bush Administration? A: It indicates that we understand the importance of encryption technology in telecommunications and computing and are committed to working with industry and public-interest groups to find innovative ways to protect Americans' privacy, help businesses to compete, and ensure that law enforcement agencies have the tools they need to fight crime and terrorism. Q: Will the devices be exportable? Will other devices that use the government hardware? A: Voice encryption devices are subject to export control requirements. Case-by-case review for each export is required to ensure appropriate use of these devices. The same is true for other encryption devices. One of the attractions of this technology is the protection it can give to U.S. companies operating at home and abroad. With this in mind, we expect export licenses will be granted on a case-by-case basis for U.S. companies seeking to use these devices to secure their own communications abroad. We plan to review the possibility of permitting wider exportability of these products. From pmetzger at lehman.com Fri Apr 16 12:46:29 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Fri, 16 Apr 93 12:46:29 PDT Subject: Mailing list name Message-ID: <9304161946.AA27724@snark.shearson.com> In the light of recent developments concerning government cryptography initiatives, we might soon find ourselves innundated by working press. Given this, I think that the name "cypherpunks" produces the wrong connotations -- it makes us sound like criminals when we are in fact people who are interested in expanding personal privacy with technology. Often, little things like this end up being of tremendous importance in the long haul. I would propose changing the name of the mailing list to "cryptoprivacy" or something similar. It denotes what we are about in a way that mundane people understand better, and it portrays us in the proper light -- as people struggling to improve the prospects for personal freedom, not a bunch of "punks". Perry From derek at cs.wisc.edu Fri Apr 16 13:00:08 1993 From: derek at cs.wisc.edu (Derek Zahn) Date: Fri, 16 Apr 93 13:00:08 PDT Subject: circling the wagons Message-ID: <9304162000.AA29054@lynx.cs.wisc.edu> Assuming that the "Clipper chip" initiative isn't a teapot tempest, I suppose we'd better start sharpening our rhetorical knives. Privacy arguments and sheer outrage will be useful, but it seems to me that the "modern steganography" discussion from a few weeks back offers an irrefutable argument: By performing rather simple camouflaging, it is possible to make an encrypted message undetectable by encoding it in (images, voice, any other signal that could plausibly contain noise). This is rather easy to do, so those who REALLY want to hide what they're doing (terrorists, criminals, republican campaign staff) will still be able to do so. In fact, by encrypting the wrapper with your "Clipper" system, they look like they're hiding noting. All that you are buying is a false sense of security. derek From nobody at alumni.cco.caltech.edu Fri Apr 16 13:00:25 1993 From: nobody at alumni.cco.caltech.edu (nobody at alumni.cco.caltech.edu) Date: Fri, 16 Apr 93 13:00:25 PDT Subject: ANON: Chaining to Penet remailer Message-ID: <9304162000.AA00123@alumni.cco.caltech.edu> I am not very inclined to defend myself or my news.admin.policy postings, since saying someones an asshole seems to be what the group is for, but I am listening to the discussion and take seriously peoples crticisms and listening hard. FOr what it's worth, I said I was sorry but It pisses me off that when a nym tells some jerk to fuck off, everyone jumps all over me. EVen so, I'll listen to what people have to say since I don't want to lose access ... without the remailers I am Nowhere, Man. Isn't that ironic??? From treason at gnu.ai.mit.edu Fri Apr 16 13:14:50 1993 From: treason at gnu.ai.mit.edu (treason at gnu.ai.mit.edu) Date: Fri, 16 Apr 93 13:14:50 PDT Subject: White House Encryption idea Message-ID: <9304162014.AA05785@spiff.gnu.ai.mit.edu> Well, this all sounds fine and dandy, but... 1) They are not passing out the algorithym, and I dont trust ANYONE to tell me its secure. I am not a cryptographer, so it wouldn't help any if they gave the code to me, but it just being out there for public perusal helps me to think it IS secure. I trust no payola. 2) It is very possible that the 'criminal' effort may be able to modify these devices so that there is no possiblility for the agencies to decrypt their trasmissions (If it IS truly secure with no backdoors or decyphering possibilities) in which case, it can only harm the law abiding. 3) It allows the government the ability to determine WHAT encryption method industry uses, and they should be able to have a choice. Those who understand this very misleading comment will understand, those who do not, will prolly never be able to. 4) No explanation of what the 'key' contents are composed of (numbers, letters, alphanum, characters, some odd cyphercode???) is even implied. 5) No explanation of how the key is propegated or if it will even be needed for the remote site is mentioned. How are the remote sites going to decypher your cyphersounds(text)? There was no mention of further releases in information...is this all we get? treason at gnu From treason at gnu.ai.mit.edu Fri Apr 16 13:31:36 1993 From: treason at gnu.ai.mit.edu (treason at gnu.ai.mit.edu) Date: Fri, 16 Apr 93 13:31:36 PDT Subject: Mailing list name In-Reply-To: <9304161946.AA27724@snark.shearson.com> Message-ID: <9304162031.AA05882@spiff.gnu.ai.mit.edu> > > > In the light of recent developments concerning government cryptography > initiatives, we might soon find ourselves innundated by working press. > > Given this, I think that the name "cypherpunks" produces the wrong > connotations -- it makes us sound like criminals when we are in fact > people who are interested in expanding personal privacy with > technology. Often, little things like this end up being of tremendous > importance in the long haul. > > I would propose changing the name of the mailing list to > "cryptoprivacy" or something similar. It denotes what we are about in > a way that mundane people understand better, and it portrays us in the > proper light -- as people struggling to improve the prospects for > personal freedom, not a bunch of "punks". > > Perry > > I agree wholeheartedly, and I think I have the experience to say so. You wouldn't believe how much importance people and groups put on names. Even though I have not, nor ever intend to commit the act described by my name, people still look at me with a leery eye. Becase I am treason at gnu From gnu Fri Apr 16 13:54:23 1993 From: gnu (John Gilmore) Date: Fri, 16 Apr 93 13:54:23 PDT Subject: EFF crypto statement and press release Message-ID: <9304162054.AA19449@toad.com> April 16, 1993 INITIAL EFF ANALYSIS OF CLINTON PRIVACY AND SECURITY PROPOSAL The Clinton Administration today made a major announcement on cryptography policy which will effect the privacy and security of millions of Americans. The first part of the plan is to begin a comprehensive inquiry into major communications privacy issues such as export controls which have effectively denied most people easy access to robust encryption, and law enforcement issues posed by new technology. However, EFF is very concerned that the Administration has already reached a conclusion on one critical part of the inquiry, before any public comment or discussion has been allowed. Apparently, the Administration is going to use its leverage to get all telephone equipment vendors to adopt a voice encryption standard developed by the National Security Agency. The so-called "Clipper Chip" is an 80-bit, split key escrowed encryption scheme which will be built into chips manufactured by a military contractor. Two separate escrow agents would store users' keys, and be required to turn them over law enforcement upon presentation of a valid warrant. The encryption scheme used is to be classified, but the chips will be available to any manufacturer for incorporation into its communications products. This proposal raises a number of serious concerns . First, the Administration has adopted a solution before conducting an inquiry. The NSA-developed Clipper Chip may not be the most secure product. Other vendors or developers may have better schemes. Furthermore, we should not rely on the government as the sole source for the Clipper or any other chips. Rather, independent chip manufacturers should be able to produce chipsets based on open standards. Second, an algorithm cannot be trusted unless it can be tested. Yet, the Administration proposes to keep the chip algorithm classified. EFF believes that any standard adopted ought to be public and open. The public will only have confidence in the security of a standard that is open to independent, expert scrutiny. Third, while the use of the use of a split-key, dual escrowed system may prove to be a reasonable balance between privacy and law enforcement needs, the details of this scheme must be explored publicly before it is adopted. What will give people confidence in the safety of their keys? Does disclosure of keys to a third party waive an individual's Fifth Amendment rights in subsequent criminal inquiries? These are but a few of the many questions the Administrations proposal raised but fails to answer. In sum, the Administration has shown great sensitivity to the importance of these issues by planning a comprehensive inquiry into digital privacy and security. However, the "Clipper Chip" solution ought to be considered as part of the inquiry, and not be adopted before the discussion even begins. DETAILS OF THE PROPOSAL: ESCROW The 80-bit key will be divided between two escrow agents, each of whom hold 40-bits of each key. The manufacturer of the communications device would be required to register all keys with the two independent escrow agents. A key is tied to the device, however, not the person using it. Upon presentation of a valid court order, the two escrow agents would have to turn the key parts over to law enforcement agents. According to the Presidential Directive just issued, the Attorney General will be asked to identify appropriate escrow agents. Some in the Administration have suggested that one non-law enforcement federal agency (perhaps the Federal Reserve), and one non-governmental organization could be chosen, but there is no agreement on the identity of the agents yet. CLASSIFIED ALGORITHM AND THE POSSIBILITY OF BACK DOORS The Administration claims that there are no back doors -- means by which the government or others could break the code without securing keys from the escrow agents -- and that the President will be told there are no back doors to this classified algorithm. In order to prove this, Administration sources are interested in arranging for an all-star crypto cracker team to come in, under a security arrangement, and examine the algorithm for trap doors. The results of the investigation would then be made public. The Clipper Chipset was designed and is being produced and a sole-source, secret contract between the National Security Agency and two private firms: VLSI and Mycotronx. NSA work on this plan has been underway for about four years. The manufacturing contract was let 14 months ago. GOVERNMENT AS MARKET DRIVER In order to get a market moving, and to show that the government believes in the security of this system, the feds will be the first big customers for this product. Users will include the FBI, Secret Service, VP Al Gore, and maybe even the President. At today's Commerce Department press briefing, a number of people asked this question, though: why would any private organization or individual adopt a classified standard that had no independent guaranty of security or freedom from trap doors? COMPREHENSIVE POLICY INQUIRY The Administration has also announced that it is about to commence an inquiry into all policy issues related to privacy protection, encryption, and law enforcement. The items to be considered include: export controls on encryption technology and the FBI's Digital Telephony Proposal. It appears that the this inquiry will be conducted by the National Security Council. Unfortunately, however, the Presidential Directive describing the inquiry is classified. Some public involvement in the process has been promised, but they terms have yet to be specified. FROM MORE INFORMATION CONTACT: Jerry Berman, Executive Director (jberman at eff.org) Daniel J. Weitzner, Senior Staff Counsel (djw at eff.org) Full text of the Press releases and Fact Sheets issued by the Administration will be available on EFF's ftp site. =================== PRESS RELEASE FOR IMMEDIATE RELEASE: April 16, 1993 Electronic Frontier Foundation responds to Clinton Administration Digital Privacy and Security proposals. EFF Chairman Mitchell Kapor praises process but questions need for secret standard. The Clinton Administration today made a major announcement on privacy and security for electronic communications including regular and cellular phones. Mitchell Kapor, EFF Chairman of the Board, praised Administration efforts to study comprehensive solutions to privacy problems, but questioned the specific solution which the government is seeking to impose. "The Administration is to be commended for launching a broad inquiry into these critical problems," said Kapor, "but they should not attempt to impose a solution before the process has begun." "A system based on classified, secret technology will not and should not gain the confidence of the American public," continued Kapor, commenting on the proposed use of the NSA-developed "Clipper Chip." The Clipper chip is to be sold to private corporations for incorporation in communications products, but will be based on a classified coding system. Kapor explained that "in the past, government-designed standards have suffered under the suspicion that a hidden 'trap door' would allow unauthorized governmental or private intrusion. The only way to avoid this mistake is to publish open standards and subject them to expert, independent scrutiny." The Clipper proposal would also require users to deposit their code "keys" with "trusted" escrow agents in order to allow law enforcement to conduct court-authorized wiretaps. Jerry Berman, EFF's Executive Director, said that "the escrow system is an intriguing proposal, but the details of this scheme must be explored publicly before it is adopted. What will give people confidence in the safety of their keys? Does disclosure of keys to a third party waive an individual's Fifth Amendment rights against self-incrimination? The administration will need to answer questions such as these before it proceeds with this, or any other, proposal." Contact: Jerry Berman, Executive Director Daniel J. Weitzner, Senior Staff Counsel tel: 202-544-3077 or 202-544-9237 eff at eff.org From tcmay at netcom.com Fri Apr 16 14:18:18 1993 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 16 Apr 93 14:18:18 PDT Subject: Key Registration and Big Brother--Time to Fight! Message-ID: <9304162117.AA29302@netcom.netcom.com> (Perry Metzger forwarded my message this morning to the Cypherpunks list on the latest White House proposal....I should've also sent it to the Extropians list myself, my vacation from the list notwithstanding. Some things are just too important!) The latest White House proposal to authorize a certain form of encryption, called "Clipper Chip," (a bizarre name, which also conflicts with the "Clipper" processor made by Intergraph), represents the reification of all the "key registration" themes discussed for many months on sci.crypt and elsewhere. I urge those on the Extropians list who are interested in preserving their dwindling freedoms in these Beknighted States of America to: 1. Follow the debate on sci.crypt and elsewhere. Hal Finney just mentioned the various places the White House announcement was posted. 2. Subscribe to the Cypherpunks list by sending a message to "cypherpunks-request at toad.com". The latest "Wired," which I have not yet seen myself, apparently has some good stuff on our group. (I reviewed Levy's article for him, but haven't seen the mag on the newsstands yet.) 3. Get your PGP and MacPGP before "the other shoe drops." The "other shoe" may be legal moves by RSA Data Security and others (Commerce? Justice?) to crack down on PGP...rumblings of this have been heard for months now, and were discussed at the last physical Cypherpunks meeting. (And the steganographic aspects--the hiding of the mere _existence_ of an encrypted message--will probably assume a greater importance than before.) 4. The Boston area just had its first physical Cypherpunks meeting, with Julf intending to attend (J. Helsingius, operator of the Finnish anonymous remailer)....I haven't heard the outcome. The U.K has had one for several months, and of course the Bay Area has had one since before there was even a mailing list. The Southern California area has several leading Cypherpunks (Hal Finney, Phil Karn, Eli Brandt, others) and wants to host a meeting of "the Cypherpunks." Instead, and in light of the serious danger that encryption will soon have limits placed on it, I would urge them to *just begin their own meeting* ASAP! (Sorry to sound so urgent, but they need to start meeting long before we can arrange a meeting in San Diego or LA.) (One thing we talked about at the 4-10-93 meeting in Mountain View, CA, was a conference call linking up some of the "satellite Cypherpunks." Not secure, of course, but then neither is this list nor our physical meetings...anybody can attend, can get added to the list, etc.) 5. Prof. Denning has more to say about key escrow and registration in the latest (or very recent) "Communications of the ACM," which should be available in large university libraries. Now that the proposal has become real, it takes on more meaning. 6. It is clear that the "trial balloon" I cited in my message many months back to sci.crypt is nauseatingly real. Under the guise of stopping "drug dealers, terrorists, and child pornographers," we will see limits placed on our ability to communicate privately. I have few hopes that this proposal will be overturned by the courts, including the Supreme Court. A "garrison state" like the U.S. is turning itself into, what with the War on (Some) Drugs, the no-knock raids on suspects, the civil forfeiture laws, and the attacks on "whacko Waco religious cults," has need of Nazi-like police powers. It seems ironic, and appropriate, that this White House announcement came on the 50th anniversary of the discovery of LSD...April 16th, 1943. As I said six months ago, "Be afraid, be very afraid." As Phil Karn put it, the battle is joined. -Tim May -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available. From pcw at access.digex.com Fri Apr 16 14:56:30 1993 From: pcw at access.digex.com (Peter Wayner) Date: Fri, 16 Apr 93 14:56:30 PDT Subject: The New Mykotronix phones... Message-ID: <199304161954.AA20309@access.digex.com> Okay, let's suppose that the NSA/NIST/Mykotronix Registered Key system becomes standard and I'm able to buy such a system from my local radio shack. Every phone comes with a built in chip and the government has the key to every phone call. I go and buy a phone and dutifully register the key. What's to prevent me from swapping phones with a friend or buying a used phone at a garage sale? Whooa. The secret registered keys just became unsynchronized. When the government comes to listen in, they only receive gobbledly-gook because the secret key registered under my name isn't the right one. That leads me to conjecture that: 1) The system isn't that secure. There are just two master keys that work for all the phones in the country. The part about registering your keys is just bogus. or 2) The system is vulnerable to simple phone swapping attacks like this. Criminals will quickly figure this out and go to town. In either case, I think we need to look at this a bit deeper. -Peter Wayner From pmetzger at lehman.com Fri Apr 16 15:40:24 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Fri, 16 Apr 93 15:40:24 PDT Subject: The Big Brother Proposal In-Reply-To: <199304161954.AA20309@access.digex.com> Message-ID: <9304162238.AA28087@snark.shearson.com> Peter Wayner says: > What's to prevent me from swapping phones with a friend or > buying a used phone at a garage sale? Whooa. The secret registered > keys just became unsynchronized. When the government comes > to listen in, they only receive gobbledly-gook because the > secret key registered under my name isn't the right one. Perhaps you can deduce which chip is doing the encryption by identification data transmitted by the chip down the line -- they might identify themselves, making it impossible for you to avoid having them figure out which pair of keys registered with the Ministry of Truth and the Ministry of Love are to be used to listen in on your conversation. After all, they keys are registered by the manufacturer... Perry PS We all remember the Ministry of Love and the Ministry of Truth, don't we? This proposal was, of course, created by a group spun off from the Ministry of Peace, a.k.a. No Such Agency. From tcmay at netcom.com Fri Apr 16 16:51:11 1993 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 16 Apr 93 16:51:11 PDT Subject: (fwd) White House Public Encryption Management Fact Sheet Message-ID: <9304162351.AA00841@netcom.netcom.com> Message from Tim: The following forwarded message (below, after these introductory comments) explains in more detail the NIST/NSA proposal and adds a few disturbing wrinkles: 1. Quote: "INSTALLATION OF GOVERNMENT-DEVELOPED MICROCIRCUITS The Attorney General of the United States, or her representative, shall request manufacturers of communications hardware which incorporates encryption to install the U.S. government-developed key-escrow microcircuits in their products." This suggests more than just voice communications will be affected by the policy. "Communications hardware" suggests a broad scope. Modem makers may be told to (somehow) incorporate this system into their products...not clear what this means for old equipment, incompatible equipment, etc. 2. The "shall request manufacturers..." bit does not sound voluntary. (The whole line about "Clipper" being so attractive that manufacturers will gladly design it in....total B.S.) 3. At the end of this document is mention of using the civil forfeiture laws to enforce the new system. Not state, but implicit (I believe) is that the threat of civil forfeiture will be used to scare users into compliance. Very disturbing. Read it and weep! Then start planning. -Tim May, who hopes the Cypherpunks will adopt my suggestion that we use the Bulletin of Atomic Scientists-style "clock"...I call it 10 minutes before midnight ***Begin forwarded message from sci.crypt and other groups*** From: clipper at csrc.ncsl.nist.gov (Clipper Chip Announcement) Subject: White House Public Encryption Management Fact Sheet Organization: National Institute of Standards & Technology Date: Fri, 16 Apr 1993 20:44:58 GMT Note: The following was released by the White House today in conjunction with the announcement of the Clipper Chip encryption technology. FACT SHEET PUBLIC ENCRYPTION MANAGEMENT The President has approved a directive on "Public Encryption Management." The directive provides for the following: Advanced telecommunications and commercially available encryption are part of a wave of new computer and communications technology. Encryption products scramble information to protect the privacy of communications and data by preventing unauthorized access. Advanced telecommunications systems use digital technology to rapidly and precisely handle a high volume of communications. These advanced telecommunications systems are integral to the infrastructure needed to ensure economic competitiveness in the information age. Despite its benefits, new communications technology can also frustrate lawful government electronic surveillance. Sophisticated encryption can have this effect in the United States. When exported abroad, it can be used to thwart foreign intelligence activities critical to our national interests. In the past, it has been possible to preserve a government capability to conduct electronic surveillance in furtherance of legitimate law enforcement and national security interests, while at the same time protecting the privacy and civil liberties of all citizens. As encryption technology improves, doing so will require new, innovative approaches. In the area of communications encryption, the U. S. Government has developed a microcircuit that not only provides privacy through encryption that is substantially more robust than the current government standard, but also permits escrowing of the keys needed to unlock the encryption. The system for the escrowing of keys will allow the government to gain access to encrypted information only with appropriate legal authorization. To assist law enforcement and other government agencies to collect and decrypt, under legal authority, electronically transmitted information, I hereby direct the following action to be taken: INSTALLATION OF GOVERNMENT-DEVELOPED MICROCIRCUITS The Attorney General of the United States, or her representative, shall request manufacturers of communications hardware which incorporates encryption to install the U.S. government-developed key-escrow microcircuits in their products. The fact of law enforcement access to the escrowed keys will not be concealed from the American public. All appropriate steps shall be taken to ensure that any existing or future versions of the key-escrow microcircuit are made widely available to U.S. communications hardware manufacturers, consistent with the need to ensure the security of the key-escrow system. In making this decision, I do not intend to prevent the private sector from developing, or the government from approving, other microcircuits or algorithms that are equally effective in assuring both privacy and a secure key- escrow system. KEY-ESCROW The Attorney General shall make all arrangements with appropriate entities to hold the keys for the key-escrow microcircuits installed in communications equipment. In each case, the key holder must agree to strict security procedures to prevent unauthorized release of the keys. The keys shall be released only to government agencies that have established their authority to acquire the content of those communications that have been encrypted by devices containing the microcircuits. The Attorney General shall review for legal sufficiency the procedures by which an agency establishes its authority to acquire the content of such communications. PROCUREMENT AND USE OF ENCRYPTION DEVICES The Secretary of Commerce, in consultation with other appropriate U.S. agencies, shall initiate a process to write standards to facilitate the procurement and use of encryption devices fitted with key-escrow microcircuits in federal communications systems that process sensitive but unclassified information. I expect this process to proceed on a schedule that will permit promulgation of a final standard within six months of this directive. The Attorney General will procure and utilize encryption devices to the extent needed to preserve the government's ability to conduct lawful electronic surveillance and to fulfill the need for secure law enforcement communications. Further, the Attorney General shall utilize funds from the Department of Justice Asset Forfeiture Super Surplus Fund to effect this purchase. -- From pmetzger at lehman.com Fri Apr 16 16:58:08 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Fri, 16 Apr 93 16:58:08 PDT Subject: "Big Brother" Proposal Message-ID: <9304162357.AA28273@snark.shearson.com> It has been suggested that we start refering to the latest Encryption Initiative by the feds as the "Big Brother" proposal. I think this is an excellent idea. If we can get the media to adopt the term, it means that every time someone refers to the proposal they have already given our propaganda slant to it. Perry From rclark at nyx.cs.du.edu Fri Apr 16 18:25:07 1993 From: rclark at nyx.cs.du.edu (Robert W. F. Clark) Date: Fri, 16 Apr 93 18:25:07 PDT Subject: ietf-telnet-encryption.01.txt Message-ID: <9304170126.AA08500@nyx.cs.du.edu> Does anyone know why this Internet draft was deleted? I've sent a quick message to Internet-drafts at nri.reston.va.us to determine the reason. Will report. It sounds a little suspicious to me, though. Snag those copies of PGP while you can. Expect trouble in coming months. ---- Robert W. Clark rclark at nyx.cs.du.edu PGP signature available by mail or finger From joseph at valis.biocad.com Fri Apr 16 18:30:50 1993 From: joseph at valis.biocad.com (Joseph Truitt) Date: Fri, 16 Apr 93 18:30:50 PDT Subject: [fwd] Initial EFF analysis of Clinton Privacy and Security Proposal Message-ID: <9304170040.AA21888@valis.biocad.com> I don't recall having posted to this list before, but I am a truly supportive lurker as it were, doing my bit to sow seeds of crypto-anarchy at the layperson level to many friends. Anyway, in light of today's foreboding announcement from the White House, I thought you might be interested in this blurb from the EFF. ------- Forwarded Message Date: Fri, 16 Apr 1993 15:17:02 -0400 From: Cliff Figallo Subject: EFFector Online 5.06 To: eff-news at eff.org (eff-news mailing list) ****************************************************************** ////////////// ////////////// ////////////// /// /// /// /////// /////// /////// /// /// /// ////////////// /// /// ****************************************************************** EFFector Online Volume 5 No. 6 4/16/1993 editors at eff.org A Publication of the Electronic Frontier Foundation ISSN 1062-9424 ... April 16, 1993 INITIAL EFF ANALYSIS OF CLINTON PRIVACY AND SECURITY PROPOSAL The Clinton Administration today made a major announcement on cryptography policy which will effect the privacy and security of millions of Americans. The first part of the plan is to begin a comprehensive inquiry into major communications privacy issues such as export controls which have effectively denied most people easy access to robust encryption as well as law enforcement issues posed by new technology. However, EFF is very concerned that the Administration has already reached a conclusion on one critical part of the inquiry, before any public comment or discussion has been allowed. Apparently, the Administration is going to use its leverage to get all telephone equipment vendors to adopt a voice encryption standard developed by the National Security Agency. The so-called "Clipper Chip" is an 80-bit, split key escrowed encryption scheme which will be built into chips manufactured by a military contractor. Two separate escrow agents would store users' keys, and be required to turn them over law enforcement upon presentation of a valid warrant. The encryption scheme used is to be classified, but they chips will be available to any manufacturer for incorporation into their communications products. This proposal raises a number of serious concerns . First, the Administration appears to be adopting a solution before conducting an inquiry. The NSA-developed Clipper chip may not be the most secure product. Other vendors or developers may have better schemes. Furthermore, we should not rely on the government as the sole source for Clipper or any other chips. Rather, independent chip manufacturers should be able to produce chipsets based on open standards. Second, an algorithm can not be trusted unless it can be tested. Yet the Administration proposes to keep the chip algorithm classified. EFF believes that any standard adopted ought to be public and open. The public will only have confidence in the security of a standard that is open to independent, expert scrutiny. Third, while the use of the split-key, dual-escrowed system may prove to be a reasonable balance between privacy and law enforcement needs, the details of this scheme must be explored publicly before it is adopted. What will give people confidence in the safety of their keys? Does disclosure of keys to a third party waive individual's fifth amendment rights in subsequent criminal inquiries? In sum, the Administration has shown great sensitivity to the importance of these issues by planning a comprehensive inquiry into digital privacy and security. However, the "Clipper chip" solution ought to be considered as part of the inquiry, not be adopted before the discussion even begins. DETAILS OF THE PROPOSAL: ESCROW The 80-bit key will be divided between two escrow agents, each of whom hold 40 bits of each key. Upon presentation of a valid warrant, the two escrow agents would have to turn the key parts over to law enforcement agents. Most likely the Attorney General will be asked to identify appropriate escrow agents. Some in the Administration have suggested one non-law enforcement federal agency, perhaps the Federal Reserve, and one non-governmental organization. But, there is no agreement on the identity of the agents yet. Key registration would be done by the manufacturer of the communications device. A key is tied to the device, not to the person using it. CLASSIFIED ALGORITHM AND THE POSSIBILITY OF BACK DOORS The Administration claims that there are no back door means by which the government or others could break the code without securing keys from the escrow agents and that the President will be told there are no back doors to this classified algorithm. In order to prove this, Administration sources are interested in arranging for an all-star crypto cracker team to come in, under a security arrangement, and examine the algorithm for trap doors. The results of the investigation would then be made public. GOVERNMENT AS MARKET DRIVER In order to get a market moving, and to show that the government believes in the security of this system, the feds will be the first big customers for this product. Users will include the FBI, Secret Service, VP Al Gore, and maybe even the President. FROM MORE INFORMATION CONTACT: Jerry Berman, Executive Director Daniel J. Weitzner, Senior Staff Counsel ... ============================================================= EFFector Online is published by The Electronic Frontier Foundation 666 Pennsylvania Ave., Washington, DC 20003 Phone: +1 202 544-9237 FAX: +1 202 547 5481 Internet Address: eff at eff.org Coordination, production and shipping by Cliff Figallo, EFF Online Communications Coordinator (fig at eff.org) Reproduction of this publication in electronic media is encouraged. Signed articles do not necessarily represent the view of the EFF. To reproduce signed articles individually, please contact the authors for their express permission. *This newsletter is printed on 100% recycled electrons* ------- End of Forwarded Message -- Joseph Truitt * BioCAD Corporation * joseph at biocad.com * voice 415/903-3923 fax 415/961-0584 * "The hardest thing in the world to understand is the income tax." --Albert Einstein From jet at nas.nasa.gov Fri Apr 16 18:51:43 1993 From: jet at nas.nasa.gov (J. Eric Townsend) Date: Fri, 16 Apr 93 18:51:43 PDT Subject: ietf-telnet-encryption.01.txt In-Reply-To: <9304170126.AA08500@nyx.cs.du.edu> Message-ID: <9304170151.AA00130@boxer.nas.nasa.gov> Robert W. F. Clark writes: > It sounds a little suspicious to me, though. Snag those copies > of PGP while you can. Expect trouble in coming months. While we're on the subject of "things that might go away", the Icom IC-R1 is getting hard to find locally. I bought the last one at Quantel electronics for $450 or so. (The R1 is a handheld scanner/receiver that has continuous coverage from 100Khz-1.3Ghz.) From gg at well.sf.ca.us Fri Apr 16 19:11:44 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Fri, 16 Apr 93 19:11:44 PDT Subject: (fwd) White House Public Encryption Management Fact Sheet Message-ID: <199304170211.AA01739@well.sf.ca.us> Re Big Brother proposal. The "asset forfeiture" mention isn't quite so ominous as suggested: what it seems to say is that the Atty General will procure (i.e. buy) encryption devices for use by law enforcement in their own secure communications (i.e. police radio and computer links), and "the funding to effect this purchase" will come from the "superfund" of money derived from existing asset forfeitures. In other words, smoke a joint, lose your house, and Uncle Sam sells the house to get money to buy more crypto gear for cops. I don't see an implication that crypto gear makers will be facing forfeiture for failing to comply with the "request" to incorporate key escrow. It appears that this is directed at first to establish the use of key escrow in government-related communications: "federal communications systems that process sensitive but unclassified information." So for instance, Ollie North's memos would be recoverable, and so on. But the real risk is that it will spread out to encompass any facility receiving government funding or contracts, i.e. the universities; and from there, widen so as to restrict other types of crypto from being used at those sites. So far it doesn't seem to restrict crypto on private microcomputers, though a widely accepted standard could eventually be written into law. The proposal specifically says it will allow other manufacturers to develop other approaches to key escrow systems. I think what the long-term plan might be, is to win acceptance for the idea of key escrow, and then require it. This isn't exactly a backdoor into your hardware; what it would allow would be for instance NSA to get your key and then read your communications as they occur. So your local hardware isn't storing anything in a different way or being remotely accessed or triggered, but your key is available elsewhere, at some approved facility. Now I'm guessing here, but what I think the way the crypto part of this has to work, is with a "device-specific" key and a "session"-type of key; where the first is what is escrowed, and the second is user-variable. Both are required to decrypt messages, and recovery of the second key would be relatively straightforward. Now you buy a modem or whatever, and it has a crypto chip in it, with a device-specific key that is registered along with the serial number of the device. So your purchase record has that serial number on it, and that's used to track the device key, which of course has been escrowed by the manufacturer before shipping the modem out. This would suggest that device keys would be relatively hard to crack, and therefore that some improvement in privacy would be possible by simply swapping the key chip in the device; and this would be easy enough with a black market in key escrow chips. In the mean time, from our end of it, someone oughta start working on steganography FAST. Spread spectrum designs are feasible. Slow is okay; the goal being to do anything that will render key escrow obsolete by making it impossible to tell when ciphertext (or for that matter any kind of data) is being sent. -gg From meyer at mcc.com Fri Apr 16 19:16:21 1993 From: meyer at mcc.com (Peter Meyer) Date: Fri, 16 Apr 93 19:16:21 PDT Subject: The New Mykotronix phones... In-Reply-To: <199304161954.AA20309@access.digex.com> Message-ID: <19930417021528.5.MEYER@OGHMA.MCC.COM> Date: Fri, 16 Apr 1993 14:54 CDT From: Peter Wayner Okay, let's suppose that the NSA/NIST/Mykotronix Registered Key system becomes standard and I'm able to buy such a system from my local radio shack. Every phone comes with a built in chip and the government has the key to every phone call. I go and buy a phone and dutifully register the key. What's to prevent me from swapping phones with a friend or buying a used phone at a garage sale? Whooa. The secret registered keys just became unsynchronized. When the government comes to listen in, they only receive gobbledly-gook because the secret key registered under my name isn't the right one. Knowing nothing except what I've read on the net today, I suppose that while scrambling the phone conversation the chip inserts in the data stream some ID (perhaps once per second) to tell the govt. which chip is doing the scrambling. This would allow multiple trapdoor keys (as claimed) and also there would be no need for phone users to register. The chip might also insert the number of the phone originating and/or receiving the call, though presumably the wiretappers would already know this. -- Peter Meyer From peb at PROCASE.COM Fri Apr 16 19:21:54 1993 From: peb at PROCASE.COM (peb at PROCASE.COM) Date: Fri, 16 Apr 93 19:21:54 PDT Subject: (fwd) White House Public Encryption Management Fact Sheet Message-ID: <9304170220.AA02462@banff> >From: Peter Wayner >2) The system is vulnerable to simple phone swapping attacks Yes, that's when the it becomes necessary to register your phone and phone license with the government every year. Remember, "using a telephone is a privilage, not a right!" 8^) Nice way to charge license fees too! >From: gnu at toad.com (John Gilmore) >Subject: EFF crypto statement and press release > Does disclosure of keys to a third party waive an individual's Fifth Amendment > rights in subsequent criminal inquiries? This is a very important question and it gets to the heart of the matter. Paul E. Baclace peb at procase.com From gg at well.sf.ca.us Fri Apr 16 19:30:03 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Fri, 16 Apr 93 19:30:03 PDT Subject: Key Registration and Big Brother--Time to Fight! Message-ID: <199304170224.AA04394@well.sf.ca.us> Instead of a conference call in clear voice, how about doing it online from the various meetings, and encrypted? What would it take to set up a broadcast encryption system that will work in chat mode...? A conference call in clear voice is almost certain to be monitored, and I would bet that it would yield a whole lot more high-grade intelligence than we would usually expect: first of all, voices of all participants (for later use in voiceprint recognition surveillance), second, all the background discussions, and third, a lot of the kind of deliberation and working-through-things that ordinarily gets filtered out by the process of posting things to this list. Yes, they can theoretically send visitors to our meetings. But realistically this is more labor intensive and potentially risky than recording a conference call which has all the meetings on line. Let's not go leaving any huge holes, please...! -gg From meyer at mcc.com Fri Apr 16 19:42:56 1993 From: meyer at mcc.com (Peter Meyer) Date: Fri, 16 Apr 93 19:42:56 PDT Subject: White House Encryption idea In-Reply-To: <9304162014.AA05785@spiff.gnu.ai.mit.edu> Message-ID: <19930417024202.6.MEYER@OGHMA.MCC.COM> Date: Fri, 16 Apr 1993 15:13 CDT From: treason at gnu.ai.mit.edu Well, this all sounds fine and dandy, but... 1) They are not passing out the algorithym, and I dont trust ANYONE to tell me its secure. ... 4) No explanation of what the 'key' contents are composed of (numbers, letters, alphanum, characters, some odd cyphercode???) is even implied. 5) No explanation of how the key is propegated or if it will even be needed for the remote site is mentioned. How are the remote sites going to decypher your cyphersounds(text)? There was no mention of further releases in information...is this all we get? treason at gnu Question (5) is particularly acute. Offhand I can think of two ways the remote site might decrypt the message: 1. If the two phones can talk to each other then the originator phone might ask the receiver phone for its public key (as in public key cryptography) and then use this to encrypt the message. (The receiver phone then decrypts with its private key.) But since the encryption is occurring in real time, this is probably not feasible unless short keys are used. 2. The originator phone might simply send the encryption key down the line, perhaps itself encrypted or disguised in some way. If so then it might not be too hard to discover the key. In this case all security lies in ignorance of the encryption algorithm used (violating crypto- logical principles). It probably wouldn't be too long (at most a year or so) before someone figures out what the algorithm is, in which case all security is compromised. However, security in particular cases is relative to the expertise of the attacker, so it might still be the case that one's neighbors and business competitors could not decrypt the message, even if XYZ Security Consultants could. -- Peter Meyer From newsham at wiliki.eng.hawaii.edu Fri Apr 16 19:44:48 1993 From: newsham at wiliki.eng.hawaii.edu (Timothy Newsham) Date: Fri, 16 Apr 93 19:44:48 PDT Subject: white house blunder Message-ID: <9304170244.AA25203@toad.com> Even though the white house proposal may seem bad it could be used to your advantage in some ways: swap keys with someone else... if serial number isnt sent in transmission this takes gives a big headache when they try to decrypt your stream. use another encryption before sending to clipper chip... this way everything looks normal, and if they are playing according to the rules (cross fingers) they dont know anything is fishy until they try to get a warrant and decrypt. First keys wont match. When they do find the correct key they'll decrypt and get a file encrypted in another system. This might be great for averting suspicion of using another crypto- system. Everyone will be using clipper, and your message will look like its from the clipper chip. It wont look like an RSA file or DES'ed voice or whatever. The chip gives you a opaque (hopefully) envelope to put things into. From hughes at soda.berkeley.edu Fri Apr 16 20:05:41 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Fri, 16 Apr 93 20:05:41 PDT Subject: a cypherpunk's clipper reaction Message-ID: <9304170302.AA10041@soda.berkeley.edu> Fellows: I will, in the coming weeks have much more to say on the matter of this Clipper chip proposal. For now, however, I have only one thing to say. No compromises. Eric From nobody at pmantis.berkeley.edu Fri Apr 16 20:09:56 1993 From: nobody at pmantis.berkeley.edu (nobody at pmantis.berkeley.edu) Date: Fri, 16 Apr 93 20:09:56 PDT Subject: No Subject Message-ID: <9304170312.AA19797@pmantis.berkeley.edu> With regard to the White House's attempt to force the "Clipper" on you: I guess the time has come for the Cypherpunks to break their 'political teeth'. This issue is squarely on point with the purpose of the cpunks and needs to be addressed. The best thinkers on these topics are on this list (as are many libertarian thinkers). The Cypherpunks have gotten a fair amount of media play as of late and I think those interested in privacy and security are frothing at the mouth. I know in general cpunks dont believe in the necessity for leaders, but leader'ship' is a different matter. I believe that there are people here with the knowledge to fight against this proposal. So, Cypherpunks, step to the political plate. > In the past, it has >been possible to preserve a government capability to conduct >electronic surveillance in furtherance of legitimate law >enforcement and national security interests, while at the same time >protecting the privacy and civil liberties of all citizens. Just some levity to start off with :-) >The Attorney General of the United States, or her representative, >shall request manufacturers ... I read this differently than does Tim. "shall" coupled with "request" actually equals ambiguity and seems not to compel anyone. Im sure that the language was meant to confuse though. >In making this decision, I do >not intend to prevent the private sector from developing, or the >government from approving, other microcircuits or algorithms that >are equally effective in assuring both privacy and a secure key- >escrow system. Well, the door does still appear to be open for private circuit development and a better escrow system (better?). This does lend credence to the opinion that this may just be a very forceful suggestion and not an order per se. >The Attorney General shall make all arrangements with appropriate >entities to hold the keys for the key-escrow microcircuits >installed in communications equipment. Gotta agree with Tim that this appears to be an incredibly obvious backdoor to all telecommunications equipment. This should be made clear in any public statements about this document. > The Attorney >General shall review for legal sufficiency the procedures by which >an agency establishes its authority to acquire the content of such >communications. OK. This might be the key to the downfall of this proposal. The Govt appears to be showing its weak hand here. They have either not thouroughly addressed the legal concerns or they are standing on shaky legal ground. I believe there could be a number of problems (legally speaking) with the proposal. Seperation of Powers, Commerce concerns, penumbra Right to Privacy, etc just to name a few. Well, I guess Im off to the library to research another interesting, yet inapplicable directly to my legal studies, topic. (As if I dont spend enough time in the library) I guess if she's gonna review the legal sufficiency there should be no problem with me 'parallel processing' that same information. > Further, the Attorney General >shall utilize funds from the Department of Justice Asset Forfeiture >Super Surplus Fund to effect this purchase. Surplus...what happened to the defecit? :^) In general I believe that this event calls for a public expression of intellectual disagreement. An assertion of the power of the ideas expressed on this list will put the Cypherpunks in the discourse of public policy. Obviously, it should be well thought out and expressed in the most positive way. Calm, cool, calculated response will gain the cpunks respect, a knee jerk, emotional response will only get our ideas ignored. If politics doesn't work there also appears to be an economic out. Creating REAL encryptive circuits whose keys are not held by the government but rather by the owner. Private enterprise and a result to our concerns for liberty appear amenable. So any hardware cypherpunk hacks, get out your tools. Finally, a simple analogy. The current state of the law does not require me to register the key to my home with a government agency so that they can gain access to my home in a more efficient way if they feel the need. I keep the key and the control (until they break down my door). In that case, the value is placed on my freedom, not the efficiency with which the police could access my private communications. There are reasons that search warrents were 'initially' difficult to acquire and reasons why it should be difficult to access my home (i.e. they must break down my door.) Those reasons dealt with the severity of encroachment upon my privacy and rights thereto. In fact, that is the reason given for the remaining formalistic requirements of the necessity of prior judicial consent for warrents. No, the judge does not ponder long and hard about whether to give the warrent. Rather, the purpose is to give the officers pause. The ritual is designed to make the parties involved at least ponder the severity of their actions. This proposal would only make invasions of our privacy easier to achieve and eliminate obstacles in the way of officers, giving them even less time to ponder the severity of their encroachment. //////////////////////////////////////////////////////////////////////////////// VOLTAIRE Studying the law, Finding the flaws, Creating a light, Out of the night! //////////////////////////////////////////////////////////////////////////////// Tim- Aren't we closer than 10 mins. to midnight??????? From 72114.1712 at CompuServe.COM Fri Apr 16 20:12:35 1993 From: 72114.1712 at CompuServe.COM (Sandy) Date: Fri, 16 Apr 93 20:12:35 PDT Subject: IMPORTANT--WE WON Message-ID: <930417030350_72114.1712_FHF52-1@CompuServe.COM> _________________________________________________________________ FROM THE VIRTUAL DESK OF SANDY SANDFORT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FIRST, THE BAD NEWS--The government wants to control encryption. Though they are playing coy about it, it's clear that eventually they will try to ban "the good stuff." It's clear Zimmermann, and others, have gotten their attention. NOW, THE GOOD NEWS--I t d o e s n o t m a t t e r. The game is over. We won. The government may engage in holding actions, but it still doesn't matter. What we have here, is the State's pitiful attempt to make the best of a bad situation. This amazing "policy" announcement is a tacit admission of defeat. HOW CAN I BE SO SURE?--The cat is out of the bag. Free, mil spec data encryption is readily available to all. Within a year, equivalent voice encryption freeware will join it. There is no way the government can stuff the encryption cat back in the bag. They can pass their laws. We will do as we please--and they will help us. THEY WILL *HELP* US?--The Administration's plan will have one, unintended, result. It will give legitimacy to privacy through encryption. Legitimacy will beget usage. And usage will mean TRAFFIC. Our securely encrypted messages will be hidden in plain sight. Whispers in a wind tunnel. One digitally encrypted phone call sound just like another--no matter what algorithm is used. A PLOY FOR THE PARANOID--Still think the Secret Service is going to get you? No problem. Just *PRE-encrypt* your phone or data communications with your home-made encryption unit, before you re-encrypt it using the government approved model. ("Hey, I don't know why you couldn't use your back door key to eavesdrop on my secure phone. Sounds like a personal problem to me.") THE ELECTRONIC FRONTIER FOUNDATION IS RIGHT, TOO--Yes, we can rejoice because we won. But it is still important to continue the fight against the State's last gasps. Even when the government is in random-walk mode, it's still possible to get stepped on. They have lost, but they can still do us plenty of damage. We should continue to press them on all fronts to secure our victory. But never doubt it, W E H A V E W O N. S a n d y _________________________________________________________________ PLEASE RESPOND TO: ssandfort at attmail.com (except from CompuServe) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From meyer at mcc.com Fri Apr 16 20:20:59 1993 From: meyer at mcc.com (Peter Meyer) Date: Fri, 16 Apr 93 20:20:59 PDT Subject: New versions of encryption software released Message-ID: <19930417032006.8.MEYER@OGHMA.MCC.COM> I suppose I could use a fig leaf to cover the price of this software so that this posting might seem less "commercial", but - what the hell - this isn't sci.crypt and we're not concerned with maintaining academic purity. This encryption software is available *now*. You might consider shelling out a few bucks (which allows you to make use of the result of a few years' work) before the govt. makes it illegal to buy, sell or use encryption software. New Version Release Announcement Dolphin Software releases three new versions of MS-DOS encryption software Dolphin Software's data encryption software has been released in two new versions, Dolphin Encrypt (V. 2.11) and Dolphin Encrypt Advanced Version (V. 2.10). The encryption routines are also available as a C function library. Both Dolphin Encrypt and the Advanced Version use a symmetric key encryption process to encrypt data on MS-DOS computers, and can encrypt multiple files with a single command. File pathnames are supported and there is extensive error checking. If you wish to transmit encrypted data as email then Dolphin Encrypt can be told to output the encrypted data as text. There is no limit on the size, the type or the number of files. Files are normally compressed during encryption. Screen output can be sent to a file or to a printer for a record of operations. The encryption process, described in detail in the documentation, relies partly on the RSA Data Security, Inc., MD5 Message Digest Algorithm. The Advanced Version has all of the features described above, and also encrypts whole floppy disks. All common disk sizes are supported and are automatically recognized. Additional command line options are supported, including the options of echoing or not echoing the encryption key during entry. There is a decrypt-and-display-only option (with no plaintext written to disk). The Advanced Version can be run silently from another application program to encrypt or decrypt files. It has a script language (with if-else-endif) which allows automation of frequently-performed, complex or conditional operations. The Advanced Version comes with utility programs to read multiple text files, compare files, purge files and wipe a disk clean of data; these can be called from scripts. The Dolphin Encryption Library is a C function library containing functions for encrypting and decrypting blocks of data in memory (from 1 byte to about 10K in size). Complete source code is included. Dolphin Encrypt is priced at $64.00 and the Advanced Version at $128.00. The function library is available for licensing to developers. For more information contact Dolphin Software at 4815 W. Braker Ln. #502, Austin, TX 78759 (phone 512-479-9208). From a2 at well.sf.ca.us Fri Apr 16 20:21:03 1993 From: a2 at well.sf.ca.us (Arthur Abraham) Date: Fri, 16 Apr 93 20:21:03 PDT Subject: 1984 deja vu Message-ID: <199304170320.AA14330@well.sf.ca.us> If you haven't heard about John Markoff's article yet, it' cause you've been spending all your time reading Cypherpunks instead of the front page of the Friday NY Times... read it now. There's an awful lot to be said about this article, mostly we know what it is, and mostly we agree about it. This a major social issue that must be corrected, so here's my proposal: ==> DON'T POST ANYTHING ABOUT THE MARFKOFF ARTICLE. <== We shouldn't waste time writing each other letters that we'll learn nothing by reading. We should spend that same time writing to newspapers, congress people, phone companies, Clinton, Gore, and anybody else who thinks they can get away with this because they feel the citizenry either doesn't care about or doesn't understand the issues. What I want to see in re this issue on this list is something I don't already know, like the name and address of AT&T's president's secretary -- s/he'll complain to the prez if enough privacy mail arrives. Be imaginative, be active, rattle cages, but telling me how pissed you are won't change a thing, except to decrease the time we're both spending on doing something effective. Be effective. Please. -a2. From ebrandt at jarthur.Claremont.EDU Fri Apr 16 20:26:05 1993 From: ebrandt at jarthur.Claremont.EDU (Eli Brandt) Date: Fri, 16 Apr 93 20:26:05 PDT Subject: ANON: Chaining suggestions In-Reply-To: <930416165143_74076.1041_FHD34-1@CompuServe.COM> Message-ID: <9304170325.AA25696@toad.com> > From: Hal <74076.1041 at CompuServe.COM> > I don't think the idea quite works in this form, since I don't see how > messages to Julf get translated to an12345. Presumably only messages > from one specific user should get posted under this ID (the user whose > address is buried in the encrypted return address to which Julf's > remailer will forward replies). Perhaps another set of commands is > needed to tell the remailer what ID to use to post under. I don't know what Eric was thinking, but I was thinking as follows: * I send a message to the nymserver, telling it to create a nym entry. The body of the message is a public key. All further commands to the server must be signed by this key. * I then send a message to the nymserver, telling it to add a return block to the nym's list of return addresses. (signed) * Another (signed) command sets up a human-readable name, if I wish. Now we're in business. * Joe User sends a message to eli-alias at nymserver. The server looks up eli-alias, picks the preferred return path, and richochets the message out. * or, I tell the nymserver to post vitriol to alt.fan.clinton under the name "eli-alias". Again, the command must be correctly signed. (Can PGP let me rename my eli-alias private key to something innocuous -- like "test3"? This would provide some deniability if they seize my secring.pgp -- they need no passphrase to see the names of the keys on it. Denied this information, can `they' associate private and public keys in some way?) Hopefully, all commands to the nymserver would be encrypted with its public key. They might well be bounced to it through anonymous remailers, or sent with whatever other anonymity tech -- such as DC-nets -- is available. Yanek, were you setting up an experimental DC-net? How's it look? Any holes here? The requirement of a signature on all commands is parallel to the present use of a password, but far more secure. It provides continuity of identity, rather than the present use of return address. Attack this protocol, folks. Now, this does look like a lot of hair to add to penet. Maybe I should learn perl and write a remailer. Heh. (Aside: anybody here running linux? Do you know of a non-destructive repartitioner?) > Hal Finney Eli ebrandt at jarthur.claremont.edu (with a big disk and a small flaky tape drive) From tcmay at netcom.com Fri Apr 16 21:19:43 1993 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 16 Apr 93 21:19:43 PDT Subject: IMPORTANT--WE WON......NOT! Message-ID: <9304170419.AA26923@netcom.netcom.com> Sandy Sandfort looks on the bright side. Unfortunately, I can't agree with him. He writes: >FIRST, THE BAD NEWS--The government wants to control encryption. >Though they are playing coy about it, it's clear that eventually >they will try to ban "the good stuff." It's clear Zimmermann, >and others, have gotten their attention. > >NOW, THE GOOD NEWS--I t d o e s n o t m a t t e r. The game >is over. We won. The government may engage in holding actions, >but it still doesn't matter. What we have here, is the State's >pitiful attempt to make the best of a bad situation. This >amazing "policy" announcement is a tacit admission of defeat. > >HOW CAN I BE SO SURE?--The cat is out of the bag. Free, mil spec >data encryption is readily available to all. Within a year, >equivalent voice encryption freeware will join it. There is no >way the government can stuff the encryption cat back in the bag. >They can pass their laws. We will do as we please--and they will >help us. ...rest of post elided.... Drugs are freely available on nearly every inner city street corner. The "cat is out of the bag," as you say. And yet.... - the War on (Some) Drugs.... - mandatory hard time for first offenses (ask the Santa Cruz kid doing 10 years without parole for possession of some amount of acid...the weight of the blotter paper kicked it up to the 10-year level) - civil forfeiture... "We find a roach, we get your yacht." - midnight raids, often killing innocent citizens (ask the Malibu retired guy who got zapped by the Feds...turns out they'd already greedily started to divvy up his land to various parks...and of course he was totally innocent--and now dead) - "D.A.R.E."-type brainwashing of children, encouraging them to turn in their parents ...and so on. You should all know about these things, on this of all days (16 April 1943, 50 years ago, was the discovery of LSD). Restricting crypto means the government has a big club they use to threaten, intimidate, force cooperation, etc. Just like with taxes, drugs, and everything else they control. Under the civil forfeiture laws, my assets (which I depend on to live out the rest of my life on!!) could be seized if the government suspects I'm using "illegal crypto." Not under current laws, but certainly under the laws that follow from the "Clinton Clipper." Anyone with assets to seize--a house, a business, a stock account--becomes a fair target. > > But never doubt it, W E H A V E W O N. > No, but we haven't lost yet. -Tim -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available. From hughes at soda.berkeley.edu Fri Apr 16 22:26:39 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Fri, 16 Apr 93 22:26:39 PDT Subject: Q&A DataBase In-Reply-To: <01GX1S55DSEA0005UJ@ksuvxb.kent.edu> Message-ID: <9304170523.AA17229@soda.berkeley.edu> Re: Q&A (a DOS database program) > Hello All, does anyone know much about the this program? >I would like to be able to pick the passwords out of the database file. One of the purposes of cypherpunks is to figure out stuff like this and to help others learn how to do it. In short, you figure it out, and tell us. To begin with, make a database with some permissions. Make a complete copy of that database in another directory. Now change exactly one password by exactly one letter. Use a differencing tool to find the differences. Save this copy as well. Change the same password again. Check to see if the differences are in the same place. Do the same with different passwords. Correlate this information with the database structures. Write some software to generate plaintext/ciphertext pairs. Get at least a thousand, preferably lots more. You'll use these later to verify that your reconstruction of the algorithm is correct. If the encryption isn't obvious by now (yes, some of this stuff is extremely weak) hook up a debugger to the executable and start looking for the routine which does password encryption. When you find it, reverse engineer it and write a C routine that matches the functionality. Now you'll be considered having done your homework. If you still don't know how to crack passwords after knowing the algorithm, post the algorithm here and we'll look at it. Eric From wcs at anchor.ho.att.com Fri Apr 16 22:52:28 1993 From: wcs at anchor.ho.att.com (wcs at anchor.ho.att.com) Date: Fri, 16 Apr 93 22:52:28 PDT Subject: Big Bubba's Wiretapping Directive Message-ID: <9304170552.AA16461@anchor.ho.att.com> While I don't share Sandy Sandfort's wild optimism, at least steganography becomes a bit easier - the default assumption is about encrypted material becomes "Oh, it's just encrypted with the Tapper Chip, we can break it later" rather than "Oh, boy, it's encrypted, we can confiscate his computer!", and if it gets taken to court, and the wiretap approved by the Rubber Stamp Agency and then isn't able to be decrypted, the average person can say "I don't understand how the Secret Government Wiretapping Chip works, so I can't tell you what's wrong here!" On the more technical side, what precisely does the Mykotoxin chip *do*? Does it generate random keys for DES/etc., saving a copy for later? Or does it actually *do* the encryption with some classified algorithm? If it's the former, the user could presumably replace it with a pin-compatible non-wiretapping random number generator, unless there's some requirement that export-approved systems have soldered-in chips, and a foreign-made version might be compatible with US phones while not being tappable. On the other hand, if the MicroToker chip actually *does* encryption, whether secret-key or RSA or other public-key, or some other essential part of the encryption process, then you *have* to use it to be compatible. Assuming the US approves it for widespread use in phones, etc., it provides an incentive for everybody in the world to use it, especially if the Feds agree to share keys with their fellow governments who can wiretap their own citizens, and gives a boost to the balance of trade by being one product that you've got to buy from the US. Some questions that Clinton's Q&A blatantly stepped around are "When the Two Agencies approve the wiretap, *what* conversations become tappable? Everything they've recorded? The last N conversations? Future conversations only?" "Once one government group has YOUR phone wiretap key from the Two Agencies, can they pass it around to the IRS, FBI, local cops, and everyone else? "What if they make a mistake on a tap - do you have to buy a new phone now that they've spread YOUR phone wiretap key around?" We *do* have to try to control the language here - the Clintonistas are referring to the subjects of a hypothetical wiretap as "the drug smugglers" but we ought to redirect it to "YOUR phone's wiretap key" so people remember we're talking about them and their privacy. It might also be good for us to give examples like "The IRS suspects you're cheating on your income tax so they want to wiretap your phone calls to your accountant, so they do XXXXX." because it feels like something that might happen to THEM. Sigh. Bill Stewart From tcmay at netcom.com Fri Apr 16 23:10:57 1993 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 16 Apr 93 23:10:57 PDT Subject: (fwd) Re: Once tapped, your code is no good any more. Message-ID: <9304170611.AA29961@netcom3.netcom.com> Cypherpunks, I agree with Arthur Abraham that we ought to first make our arguments in public and not preach to the converted here on this list. Unless the ideas presented are Cypherpunks-related. In this spirit, here's something I wrote about the consequences of key escrow. Newsgroups: sci.crypt,alt.security,comp.org.eff.talk,comp.security.misc,comp.org.acm,comp.org.ieee From: tcmay at netcom.com (Timothy C. May) Subject: Re: Once tapped, your code is no good any more. Date: Sat, 17 Apr 1993 04:53:55 GMT Brad Templeton (brad at clarinet.com) wrote: : It occurs to me that if they get a wiretap order on you, and the escrow : houses release your code to the cops, your code is now no longer secure. : : It's in the hands of cops, and while I am sure most of the time they are : good, their security will not be as good as the escrow houses. : : : What this effectively means is that if they perform a wiretap on you, : at the end of the wiretap, they should be obligated to inform you that : a tap was performed, and replace (for free) the clipper chip in your : cellular phone so that it is once again a code known only to the : escrow houses. Getting the court order to reveal the key *also* makes decipherable all *past* conversations (which may be on tape, or disk, or whatver), as I understand the proposal. I could be wrong, but I've seen no mention of "session keys" being the escrowed entities. As the EFF noted, this raises further issues about the fruits of one bust leading to incrimination in other areas. But is it any worse than the current unsecure system? It becomes much worse, of course, if the government then uses this "Clinton Clipper" to argue for restrictions on unapproved encryption. (This is the main concern of most of us, I think. The camel's nose in the tent, etc.) And it may also become much worse if the ostensible security is increased, thus allowing greater access to "central office" records by the government (the conversations being encrypted, who will object to letting the government have access to them, perhaps even automatically archiving large fractions...). This was one of the main objections to the S.266 proposal, that it would force telecom suppliers to provide easy access for the government. One the government has had access to months or years of your encrypted conversations, now all it takes is one misstep, one violation that gets them the paperwork needed to decrypt *all* of them! Do we want anyone to have this kind of power? -Tim May, whose sig block may get him busted in the New Regime -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. From x62727g2 at usma8.USMA.EDU Fri Apr 16 23:33:04 1993 From: x62727g2 at usma8.USMA.EDU (Gatlin Anthony CDT) Date: Fri, 16 Apr 93 23:33:04 PDT Subject: Data Encryption Algorithm Message-ID: <9304170633.AA27514@toad.com> Fellow Cypherpunks, I am a cadet at West Point and have been involved in developing a new encryption algorithm which I believe is stronger than DES. I realize that many of you enjoy the challenge of breaking encryption schemes and I wondered if you might be interested in trying to break mine. I would be very interested in any analysis that you could give of my system. Please contact me if you are interested. Anthony J. Gatlin |-------------------------------------| CDT PVT, G-2 |PGP Public Key available on request. | |-------------------------------------| From greg at ideath.goldenbear.com Sat Apr 17 01:30:08 1993 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Sat, 17 Apr 93 01:30:08 PDT Subject: Clinton Administration crypto proposal/policy Message-ID: The Clinton Administration's recent proposal, and responses to same from the net community, have left several questions in my mind: o Are these devices intended to be used as isolated pairs - such that two phones/modems/whatever will only speak with each other .. or will any such device speak with any other such device? If any device can communicate with any other device, how is the key(s) for en/decryption for any particular session determined? .. and what prevents an eavesdropper who is present from the beginning of the session from using that data to decrypt the conversation? o According to the EFF response to the proposal, there aren't really two keys, but two 40-bit halves of one 80-bit key. Doesn't this imply that were a "bad guy" able to get just one of those halves, the computing power required to do a brute-force attack is considerably lessened? (I'm asking a question here, not making a statement. I read about this because I think it's interesting but it's not really my field.) o Presumably, these devices will insert into the data stream some sort of "sender ID" which will allow eavesdroppers to know which key(s) they need a warrant for - doesn't this seem to make it pretty easy to keep track of data along the lines of "Station 12345 sent 500 packets to station 31415, who sent 7734 packets in return" .. which would seem to present privacy questions separate from (but dwarfed by :) the security of the encryption itself? Also, cypherpunks readers may find these two snippets from two articles re the proposal interesting (and chilling): --- _NY Times_, 4/16/93, p. A1 (National edition) "The Clinton Administration plans a new system of encoding electronic communications that is intended to preserve the Government's ability ^^^^^^^ to eavesdrop for law enforcement and national security reasons .." --- Eugene, Oregon's _Register-Guard_, 4/16/93, p. 3A "The Clinton Administration is about to announce a plan to preserve privacy in electronic communications, including telephone calls and electronic mail, while also insuring [sic] the government's right ^^^^^ to eavesdrop for law enforcement and national security reasons." --- Emphasis, of course, added by me. The Register-Guard article is taken from the NY Times' article (presumably from a wire service) and consists of paragraphs 2,3,4,5,6,8, and 9 of the NY Times article, with changes to the first paragraph noted above. Grr. -- Greg Broiles greg at goldenbear.com Golden Bear Consulting +1 503 465 0325 Box 12005 Eugene OR 97440 BBS: +1 503 687 7764 From habs at Panix.Com Sat Apr 17 06:27:41 1993 From: habs at Panix.Com (Harry Shapiro) Date: Sat, 17 Apr 93 06:27:41 PDT Subject: History of Gov. Telecom Interception Message-ID: <199304171327.AA03871@sun.Panix.Com> Last year Oxford press published a book called The Invisible Weapon - it details, from 1851 - 1945, how governments, esp. the British have used "backdoors" into coded messages to watch/listen/read messages. At one time the British has a strangle hold on world wide telegram service. They made very strong claims that they would never read their clients (often other governments) mail, but instead went to detailed and expensive measures to insure that in fact they could/did. The IBSN # is :0-19-506273-6 We should read this book (I have) so in the up coming debate on the Clipper, we can frame the Clipper in the rich historical context it deserves to be placed in. -- Harry Shapiro habs at panix.com List Administrator of the Extropy Institute Mailing List Private Communication for the Extropian Community since 1991 From habs at Panix.Com Sat Apr 17 06:32:53 1993 From: habs at Panix.Com (Harry Shapiro) Date: Sat, 17 Apr 93 06:32:53 PDT Subject: Big Brother: Post Filtering the Clipper Message-ID: <199304171332.AA03999@sun.Panix.Com> Some posters have speculated that it might be possible to get a phone, swap it with someone else, and then the feds would not be able to get the correct key-pair. An other poster assumed that each clipper chip would send out some sort of Clipper-ID in plain-text before and/or during and/or after a session. Which causes me to further speculate that it may be possible to filter out these plain text messages. (They are probally built in to the exchange of keys ritual and so can't be filtered out without preventing the Clipper to do it thing...). If they can be filter, filtering them may either be an out right criminal act or be considered probally cause for a warrent to determine why you are filtering them out, etc. -- Harry Shapiro habs at panix.com List Administrator of the Extropy Institute Mailing List Private Communication for the Extropian Community since 1991 From habs at Panix.Com Sat Apr 17 06:40:08 1993 From: habs at Panix.Com (Harry Shapiro) Date: Sat, 17 Apr 93 06:40:08 PDT Subject: Big Brother: Easy to Break Message-ID: <199304171339.AA04237@sun.Panix.Com> I recall having a conversation at the Boston ExI meeting, talking about super computers and how fast they could break small keys (like 80 bits). I think it was carlf, and I don't recall the exact estimate given, it I think it was on the order of several hours to several days for a fast connection machine class super computer to break such a key by brute force. The NSA certainly has plenty of fast machines, and I assume they will be able to break any clipper based encryption routinely. Certainly as 64-bit, high speed multiprocessors come on line in the next few years it will be easier and easier for even us plain folks to break such keys (although I sure not a simple task). With NSA having the algorithim and access to perhaps at least half the key or perhaps some little bit of "known text" that clippper puts into each message to make it easier to do a known text attack on someone's clipper encoded message, we can assume that the escrowed keys are at best a ruse... -- Harry Shapiro habs at panix.com List Administrator of the Extropy Institute Mailing List Private Communication for the Extropian Community since 1991 From habs at Panix.Com Sat Apr 17 06:47:32 1993 From: habs at Panix.Com (Harry Shapiro) Date: Sat, 17 Apr 93 06:47:32 PDT Subject: Big Brother: Public Escrow is Needed Message-ID: <199304171347.AA04366@sun.Panix.Com> All the talk about Escrowing of keys by sepeerate agencies is all well and good. However, to be really secure, the computer system they reside on, and all access to it, must be in some way very public and very very limited. The public needs to know that at least one of the key-pairs, can in no we be retrieved except through some very public process. That law enforcement or some cracker doesn't have some back order into teh Escrowed Key Server... As as somebody else pointed out, once my key is know ALL my communication is now "OPEN." Not just what they got a warrent for. Thus, the actual opening of my "mail/voice/etc" should be done in more, again very public place, so they my key-pair (and the cost of replacing it if the warrent is unfounded) is kept secure and never in the hands of any person or agency. In other words, I don't want my key-pair sitting in a non-secured database, to re-used latter (with or without a warrent.) If the key-pair is turned over to someone/agency and I am not found quilty or indicted, etc. I need to be told so I can change my keys, or even have the government pay me for this cost as they have un lawfully taken the value of my Clipper based device away from me. /harry -- Harry Shapiro habs at panix.com List Administrator of the Extropy Institute Mailing List Private Communication for the Extropian Community since 1991 From habs at Panix.Com Sat Apr 17 06:49:42 1993 From: habs at Panix.Com (Harry Shapiro) Date: Sat, 17 Apr 93 06:49:42 PDT Subject: Big Brother: Unlawful Taking Message-ID: <199304171349.AA04451@sun.Panix.Com> I think the gov. involvement in the Clipper is an unlawful taking against anyone else who has made an investment in selling encryption. RSA, for example. These people should sue the government to talking this multi-billion dollar business away from them. /harry -- Harry Shapiro habs at panix.com List Administrator of the Extropy Institute Mailing List Private Communication for the Extropian Community since 1991 From banisar at washofc.cpsr.org Sat Apr 17 06:52:52 1993 From: banisar at washofc.cpsr.org (Dave Banisar) Date: Sat, 17 Apr 93 06:52:52 PDT Subject: CPSR Statement on White House Plan Message-ID: <9304170958.AA39915@hacker2.eff.org> CPSR Crypto Statement ----------------------------------------------- April 16, 1993 Washington, DC COMPUTER PROFESSIONALS CALL FOR PUBLIC DEBATE ON NEW GOVERNMENT ENCRYPTION INITIATIVE Computer Professionals for Social Responsibility (CPSR) today called for the public disclosure of technical data underlying the government's newly-announced "Public Encryption Management" initiative. The new cryptography scheme was announced today by the White House and the National Institute for Standards and Technology (NIST), which will implement the technical specifications of the plan. A NIST spokesman acknowledged that the National Security Agency (NSA), the super- secret military intelligence agency, had actually developed the encryption technology around which the new initiative is built. According to NIST, the technical specifications and the Presidential directive establishing the plan are classified. To open the initiative to public review and debate, CPSR today filed a series of Freedom of Information Act (FOIA) requests with key agencies, including NSA, NIST, the National Security Council and the FBI for information relating to the encryption plan. The CPSR requests are in keeping with the spirit of the Computer Security Act, which Congress passed in 1987 in order to open the development of non-military computer security standards to public scrutiny and to limit NSA's role in the creation of such standards. CPSR previously has questioned the role of NSA in developing the so-called "digital signature standard" (DSS), a communications authentication technology that NIST proposed for government-wide use in 1991. After CPSR sued NIST in a FOIA lawsuit last year, the civilian agency disclosed for the first time that NSA had, in fact, developed that security standard. NSA is due to file papers in federal court next week justifying the classification of records concerning its creation of the DSS. David Sobel, CPSR Legal Counsel, called the administration's apparent commitment to the privacy of electronic communications, as reflected in today's official statement, "a step in the right direction." But he questioned the propriety of NSA's role in the process and the apparent secrecy that has thus far shielded the development process from public scrutiny. "At a time when we are moving towards the development of a new information infrastructure, it is vital that standards designed to protect personal privacy be established openly and with full public participation. It is not appropriate for NSA -- an agency with a long tradition of secrecy and opposition to effective civilian cryptography -- to play a leading role in the development process." CPSR is a national public-interest alliance of computer industry professionals dedicated to examining the impact of technology on society. CPSR has 21 chapters in the U.S. and maintains offices in Palo Alto, California, Cambridge, Massachusetts and Washington, DC. For additional information on CPSR, call (415) 322-3778 or e-mail . ====================================== From banisar at washofc.cpsr.org Sat Apr 17 07:09:13 1993 From: banisar at washofc.cpsr.org (Dave Banisar) Date: Sat, 17 Apr 93 07:09:13 PDT Subject: More info on Clipper Chip Message-ID: <9304171015.AA20088@hacker2.eff.org> Comments on White House Clipper Plan I attended the "interesting" NIST press conference yesterday on the "Clipper Chip" and may be able to clear up a few quaestions. According to NIST: The Chip has 4 functions, including Key Encryption Serial Number Escrow functionality Thus, it sounds like a key management system may have to be built into the devices that will be sold with the chip. However this means that they will also be able to determine which key to get becuase they will know the serial number. It also seems likely that once your key is compromised, its gone forever. This is a serious problem The Attorney General will determine next week who will be the escrow agents for this. I am willing to bet $ that NIST/Commerce will be one of them (not a lot, after all, I do work for a non-profit). Everything about this proposal is classified. The chip is classified but even more disturbing, the president directing ordering a review into crypto policy is also classified. CPSR has already filed 11 FOIA requests for all information, including the directive. You can expect that we will be filing suit shortly to get those documents and force this out into the open. When I questioned them about why the review was happening after the proposal, they did not answer me. This is not 1984 all over again-its '86. The NSA tried this exact same "black box" proposal (minus the escrow) in 1986. Industry laughed them out of the park. NIST also stated that the proposal has been implimented for 14 months and they (NSA actually) have been working on it for at least 4 years. AT&T announced yesterday that will will begin selling devices with these Clippers in them immediatly. We've been sold down the river by ma bell again. Dave Banisar CPSR Washington Office From grady at netcom.com Sat Apr 17 08:18:53 1993 From: grady at netcom.com (1016/2EF221) Date: Sat, 17 Apr 93 08:18:53 PDT Subject: fuzzy grep available Message-ID: <9304171519.AA27926@netcom.netcom.com> "agrep" version 2.0.4 available via anonymous FTP from sunsite.unc.edu (including source) has a feature of cryptographic interest: fuzzy searches. For example, agrep -2 cypherpunks newsgroupspooldirectory would find all occurrence of"cypherpunks" or any such pattern with up to two errors of substitution, addition or deletion. cpyherpunks, cyphernks cipherapunks would all be found, fer instance. And the thing is Boyer-Moore sublinear FAST. Also has egrep features looking for up to 30,000 (yes, thirty thousand) patterns simultaneously with Boyer-Moore speed. For the NSA the applications are obvious: look for a bounch of keys words like revolution Timothy May NSA quickly. For us a good initial use might be to screen out "bad" passwords that are to simply a variant of a normal word. For example, if agrep -3 usr/dict/words or the lyric library, or the star trek location list or whatever, if anything were found then that password FAILS. This is a lot easier to use than other available tools. Like, MacPGP2.2 source, I will mail this on request IF you cannot do anonymous FTP from where you are. Grady Ward From hughes at soda.berkeley.edu Sat Apr 17 08:36:36 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Sat, 17 Apr 93 08:36:36 PDT Subject: History of Gov. Telecom Interception In-Reply-To: <199304171327.AA03871@sun.Panix.Com> Message-ID: <9304171533.AA04312@soda.berkeley.edu> Harry Shapiro mentions what sounds like an excellent little book, titled "The Invisible Weapon" I've made a directory called clipper/ in the ftp site. I'm looking for information to fill it up with. Harry, I'd like to publicly ask you to write an annotated bibliography entry for this book so that I could put it up. Full reference details, of course, two or three sentences describing the contents of each chapter, and a small summary. Thanks in advance. If anyone has an electronic copy of the New York Times article, please send it in. Please send all your submissions via email, as I don't have the necessary permissions to use the incoming directory on soda. Send submissions to hughes at soda.berkeley.edu. Download stuff from soda.berkeley.edu:pub/cypherpunks via anon ftp. Eric From grady at netcom.com Sat Apr 17 08:57:57 1993 From: grady at netcom.com (1016/2EF221) Date: Sat, 17 Apr 93 08:57:57 PDT Subject: REAL ftp address of agrep tool Message-ID: <9304171558.AA29574@netcom.netcom.com> The real address is: cs.arizona.edu in the directory "agrep". The incorrect ftp site I mentioned before, sunsite.unc.edu, has some interesting poly sci papers, but not much code. Too many archives. Too little time. Grady Ward From kinney at spot.Colorado.EDU Sat Apr 17 09:55:59 1993 From: kinney at spot.Colorado.EDU (KINNEY WILLIAM H) Date: Sat, 17 Apr 93 09:55:59 PDT Subject: Proposal for anon chaining In-Reply-To: <9304161717.AA15797@toad.com> Message-ID: <199304171655.AA24267@spot.Colorado.EDU> I write: > > This seems to me to be a very robust pseudonymous mail system which > > could be implemented by relatively minor changes to the existing Cypherpunk > > remailer structure. Eli writes: > This appears to be the ARA system that was previously suggested, > which I was speaking of using with penet. Your comment that changes > would be needed implies that it is different; if so, could you > clarify the difference? No, evidently I wasn't reading carefully enough. These do appear to be the same. > The reason Eric suggested hanging this off the side of a pseudonym > server is that it is rather inconvenient in its pure form, Although I would suggest making the raw data available to those who wish to bypass the nym server for some reason. Say, a "Request-Routing-Header ", command. Although I imagine you guys have your hands full getting even a basically functional version up. -- Will From sommerfeld at orchard.medford.ma.us Sat Apr 17 10:36:45 1993 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Sat, 17 Apr 93 10:36:45 PDT Subject: Boston Globe article 4/17/93 Message-ID: <9304171657.AA00125@orchard.medford.ma.us> [I've called the Globe to complain about their swallowing the government's story, hook, line, and sinker; I suggest others do likewise...] US reveals computer chip for scrambling telephones By John Mintz Washington Post WASHINGTON -- The White House yesterday announced its new plan to prevent criminals, terrorists, and industrial spies from decoding communications over telephones, fax machines, and computers while ensuring the government's ability to eavesdrop. The plan features a $1200 government-developed computer chip embedded in a scrambling device the size of a small notebook, which the government hopes will be adopted as the universal means of encryption. The Clinton administration said the technology will balance the interests of civil libertarians, corporations, and individuals on the one hand against law enforcement and intelligence agencies on the other. The official White House announcement yesterday was the endorsement of the Clipper Chip, developed by NSA, as the government standard for encryption devices. Industry and US officials said that means the Clipper Chip also will become widely accepted in corporate America, because companies and individuals desiring to do business with federal agencies that encode their information would have to use the government's standard. The success of the government's initiative depends on the willingness of companies to accept encryption that the government can crack. AT&T announced yesterday it would use the new chip in all its secure nongovernment telephones. The NSA has licensed two California firms to manufacture and market the Clipper Chip, officials said. The price is expected to drop to about $25 each, they said. From mdiehl at triton.unm.edu Sat Apr 17 11:31:11 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Sat, 17 Apr 93 11:31:11 PDT Subject: Phil Zimmerman on the Radio In-Reply-To: <9304161840.AA17929@tardis.shearson.com> Message-ID: <9304171830.AA25558@triton.unm.edu> > FYI, for those of you in the NYC area, I'm going to be conducting a > brief interview with Phil Zimmerman (author of PGP) on my radio show > tomorrow to discuss the recent NSA/Big Brother crypto developments > (see the front page of today's New York Times). Anyone get a tape, or transcript of this. I'd really like to hear it. +-----------------------+-----------------------------+---------+ | J. Michael Diehl ;-) | I thought I was wrong once. | PGP KEY | | | But, I was mistaken. |available| | +-----------------------------+---------+ | mdiehl at triton.unm.edu | "I'm just looking for the opportunity | | mike.diehl at fido.org | to be Politically Incorrect! | | (505) 299-2282 | | +-----------------------+---------------------------------------+ From habs at Panix.Com Sat Apr 17 12:41:41 1993 From: habs at Panix.Com (Harry Shapiro) Date: Sat, 17 Apr 93 12:41:41 PDT Subject: Brief review of "The Invisible Weapon." In-Reply-To: <9304171533.AA04312@soda.berkeley.edu> Message-ID: <199304171941.AA23905@sun.Panix.Com> a conscious being, Eric Hughes wrote: > > Harry Shapiro mentions what sounds like an excellent little book, > titled "The Invisible Weapon" > > I've made a directory called clipper/ in the ftp site. I'm looking > for information to fill it up with. > > Harry, I'd like to publicly ask you to write an annotated bibliography > entry for this book so that I could put it up. Full reference > details, of course, two or three sentences describing the contents of > each chapter, and a small summary. Thanks in advance. Hope this is close enough: The Invisible Weapon. Telecommunications and International Politics (1851-1945) By Daniel R. Headrick, Prof. of History and Social Sciences at Roosevelt University, author of "The Tools of the Empire" and "The Tentacles of Progress." Copyright 1991 Oxford University Press, Inc. ISBN: 0-19-506273-6 1. Telecommunications - History 2. Telecommunications - Political aspects - History 3. Telecommunications - Military aspects - History 4. World Politics -- 1900 - 1945 5. World Politics -- 19th century >From the book jacket - "A vital instrument of power, telecommunications is and always has been a profoundly political technology. In "The Invisible Weapon," Headrick examines the political history of telecommunications from the mid-nineteenth century to the end of world war II, and illustrates how this technology gave nations a new instrument for international relations. Headrick's discusses the political aspects of information technology in modern history. He shows how telegraphy created conflicts in far-flung empires which hastened the deterioration of diplomacy on the brink of the first world war; increased the political interest in controlling news; and how the security of telecommunications made communications strategy, communications intelligence, and cryptography decisive tools during the two world wars." This book is of interest to be because it details all of the positive accepts of why a government "needs" to know everything that is telecommunicated everywhere it can. Even more importantly is shows how the British government routinely intercepted communications sent through British owned telecommunications infrastructure despite publicly claiming they would never do such a thing. It also shows how interception "hastened the deterioration of diplomacy." The Chapters: 1. Telecommunications and International relations 2. The New Technology 3. The Expansion of the World Cable Network, 1866-1895 4. Telegraphy and Imperialism in the Late Nineteenth Century 5. Crisis at the Turn of the Century, 1895-1901 6. The Great Powers and the Cable Crisis, 1900-1913 7. The Beginnings of Radio, 1895 - 1914 8. Cables and Radio in World war I 9. Communications Intelligence in World War I 10. Conflicts and Settlements, 1919 - 1923 11. Technological Upheavals and Commercial Rivalries, 1924 - 1939 12. Communications Intelligence in World War II 13. The War at Sea 14. The Changing of the Guard 15. Telecommunications, Information, and Security /harry From mdiehl at triton.unm.edu Sat Apr 17 14:00:59 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Sat, 17 Apr 93 14:00:59 PDT Subject: Automation package. Message-ID: <9304172100.AA00859@triton.unm.edu> Since I've been using encrypted mail for about a month, now, I've developed a few usefull batch files and telix script files. Would anyone be interested in having them. For the most part, they're pretty simple, but I use them, and they work. ;^) I don't use the perl scripts that came with pgp since I don't trust the phone connection. I xfer encrypted messages and read them at home. BTW, I use 4dos version 4.02 as opposed to command.com as my command interpreter; some of my batch files require features that 4dos has that msdos does not. Anyway, 4dos is a much better package than straight pms-dos. I think we need to develope methods to make encryption as simple to use as possible. Is this something that you all are interested in or am I just blowing smoke? ;^) +-----------------------+-----------------------------+---------+ | J. Michael Diehl ;-) | I thought I was wrong once. | PGP KEY | | | But, I was mistaken. |available| | +-----------------------------+---------+ | mdiehl at triton.unm.edu | "I'm just looking for the opportunity | | mike.diehl at fido.org | to be Politically Incorrect! | | (505) 299-2282 | | +-----------------------+---------------------------------------+ From tcmay at netcom.com Sat Apr 17 14:25:46 1993 From: tcmay at netcom.com (Timothy C. May) Date: Sat, 17 Apr 93 14:25:46 PDT Subject: An Alliance with RSA? Message-ID: <9304172125.AA28195@netcom3.netcom.com> Fellow Cypherpunks, In this message I am urging we all consider an alliance with RSA Data Security, the only company or group able to actually provide an alternative to the "weak crypto" of the Clinton Clipper. I have no idea if RSA is interested, or if in fact they're already in league with the NSA and other privacy clippers. I chose a public forum because I'm in no position to negotiate for anybody in private. I also mailed a copy to Jim Bidzos, in case he's not reading sci.cryt right now. -Tim Newsgroups: sci.crypt,alt.security,comp.org.eff.talk,comp.security.misc,comp.org.acm,comp.org.ieee From: tcmay at netcom.com (Timothy C. May) Subject: Re: Don't fight Clipper Chip, subvert or replace it ! Date: Sat, 17 Apr 1993 21:09:13 GMT Robert Lewis Glendenning (rlglende at netcom.com) wrote: : Clipper Chip is a response to the fact that there is no business : or professional body in a position to establish a standard and : provide chipsets to implement it for analog or digial transmission : systems. : : RSA might be in position to do it, if they had active cooperation of : a couple of manufacturers of cellular phones or desktop phones. ....... : Is RSA independt of the gov enough to spearhead this? I, for one, : would *gladly* pay royalties via purchasing secure phones. Hear hear! I completely agree that we need to work quickly to establish alternatives to the government's Clinton Clipper. As Brad Templeton and others have noted, once the Clipper becomes ensconced in enough phones there will be enormous pressure to make it the *legal* standard, and it will become the "market* standard as well. (There is a lot of confusion in the proposal about whether the use of Clipper is mandated, about whether non-escrow alternatives will be allowed, etc.) (There are also unclear issues about how hard, or how illegal, it will be to make "workalikes" which meet the standard but which generate phony or untappable keys...I'm sure the next several weeks will see these issues thrashed out in this and other groups.) Meanwhile, I'd be interested to hear RSA Data Security's reaction. Often criticized in this group for their licensing policies (the usual complaints about MailSafe costing too much, at $125 or so, and the general issue of software patents...), we may find that *allying* ourselves with RSA is the best thing we can do. What's a mere licensing fee when our liberty may be at stake? (If everyone who wanted true security paid, say, $100 for a lifetime use of all of RSA's patents--which expire in the period 1998-2002, or so--then RSA would make tons of money and be happy, I'm sure. A small price to pay. For those to whom $100 sounds like too much, I'm sure the actual terms could be different, spread out over several years, whatever. To me, it's a small price to pay.) Strong crypto means strong privacy. Escrowing keys, sending copies of keys to large databases, and splitting keys into two 40-bit pieces, all done with secret and non-analyzable protocols and algorithms, is *NOT* strong crypto! Whatever some of us may think about the abstract principles of patenting number theory applications, this minor issue pales in comparison with the potential dangers of the Clipper proposal (note that I said "potential"...we'll presumably learn more in the coming months). The RSA algorithms are at least public, have been analyzed and attacked for years, and source code is available (to better ensure no deliberate weakenesses or trapdoors). I know of a number of groups putting together voice encryption systems using off-the-shelf hardware (like Soundblaster boards for the PC) and CELP-type software. The new generations of PCs, using fast 486s and Pentiums are fast enough to do real-time voice encryption. Combined with Diffie-Hellman key exchange, this should provide an alternative to the Clipper system. Of course, we don't really know if the Administration proposes to outlaw competing systems. (It seems to me that their goal of tapping terrorists, child pornographers, and Hilary bashers would be thwarted if low-cost alternatives to Clipper proliferated. Not to defend child pornographers or terrorists, but limiting basic freedoms to catch a few criminals is not the American way of doing things. End of soapbox mode.) I suggest we in these groups set aside any differences we may have had with RSA (and don't look at me....I have both MacPGP *and* a fully legal copy of "MailSafe"!) and instead work with them as quickly as we can. RSA?, Jim?, are you listening? -Tim May P.S. I reserve the right to retract these opinions if it should turn out that RSA Data Security was involved in the Clipper proposal. -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. From clark at metal.psu.edu Sat Apr 17 17:59:31 1993 From: clark at metal.psu.edu (Clark Reynard) Date: Sat, 17 Apr 93 17:59:31 PDT Subject: How to Block the Big Brother Proposal--Petition, fax, mail? Message-ID: <9304180148.AA00469@metal.psu.edu> I've looked into the issue a little more. I think it's probably the most important cypherpunk issue. Perhaps it _is_ time to write the White House. But I think individual emailed letters to the White House ought to be combined with some sort of petition, carefully drafted, and sent by (telegram/fax/snailmail) and signed by everyone we can get, copied as one of those mailer files like shareware uses for registration, so that anyone can print it out, sign it and stamp it. Though individually-written letters would have a greater impact, the sheer volume of mail achievable by a large crosspost (I don't like massive crossposts, but one is necessary.) of the mailer, even if only .1% of the readership considers it worth doing. In addition, individual letters to government officials of note, in particular Representative Rohrbacker (anyone have an email/ snailmail address?), Lloyd Bentsen and anyone else who potentially could have an interest. Does anyone have any specific input about what ONE person could do to fulfill his part of the obligation to block this lame Nazi bullshit? Again, I think a petition would be a good idea, but getting it signed by everyone would be difficult, and signing it electronically via PGP might be considered just a _mite_ provocative, like making a peace offering to William Bennett by offering him a toke off a J. Any input? ---- Robert W. Clark rclark at nyx.cs.du.edu PGP signature available by mail or finger From marc at Athena.MIT.EDU Sat Apr 17 18:52:23 1993 From: marc at Athena.MIT.EDU (Marc Horowitz) Date: Sat, 17 Apr 93 18:52:23 PDT Subject: repost from sci.crypt Message-ID: <9304180152.AA34123@oliver.MIT.EDU> I just posted this to sci.crypt. You conspiracy theorists out there are probably going to start getting ulcers soon. Marc From: marc at mit.edu (Marc Horowitz N1NZU) Newsgroups: sci.crypt Subject: The source of that announcement Date: 18 Apr 1993 01:19:38 GMT Organization: Massachusetts Institute of Technology Lines: 38 Distribution: world Message-ID: NNTP-Posting-Host: oliver.mit.edu The message from the NIST about the clipper chip comes from the following address: clipper at csrc.ncsl.nist.gov (Clipper Chip Announcement) Just who is that, I asked myself, or rather, I asked the computer. % telnet csrc.ncsl.nist.gov 25 Trying... Connected to csrc.ncsl.nist.gov. Escape character is '^]'. 220 first.org sendmail 4.1/NIST ready at Sat, 17 Apr 93 20:42:56 EDT expn clipper 250- 250- 250- 250- 250- 250- 250- 250- 250- 250- 250- 250 quit 221 first.org closing connection Connection closed. Well, isn't that interesting. Dorothy Denning, Mitch Kapor, Marc Rotenberg, Ron Rivest, Jim Bidzos, and others. The Government, RSA, TIS, CPSR, and the EFF are all represented. I don't suppose anybody within any of these organizations would care to comment? Or is this just the White House's idea of a cruel joke on these peoples' inboxes? Marc -- Marc Horowitz N1NZU 617-253-7788 From clark at metal.psu.edu Sat Apr 17 19:08:56 1993 From: clark at metal.psu.edu (Clark Reynard) Date: Sat, 17 Apr 93 19:08:56 PDT Subject: PGP & RSA -> Legal Message-ID: <9304180257.AA00395@metal.psu.edu> If RSA wished to make it extremely difficult to get its patent revoked, it could raise its regular price to something on the order of $50,000. Then, it could offer a $49,900.00 discount to those who would be willing to perform for them the 'service' of writing to the government to complain about any possible outlawing of cryptographic technology. Then, if the government wished to illegalize this software, since the software was legal at the time of purchase, it could not be confiscated without due payment of value. If thousands of people were to say, "Hey, this software's worth fifty thousand dollars, you have to pay that." It would throw at least something of a legal obstacle in the path of this obscene government menace. Does anyone know of any legal precedent which might be binding to a case of this nature? I know that eminent domain laws are usually _very_ generous in compensation for property seized for public works, if there is even the slightest _trace_ of impropriety in their actions. ---- Robert W. Clark rclark at nyx.cs.du.edu PGP signature available by mail or finger From ld231782 at longs.lance.colostate.edu Sat Apr 17 19:55:51 1993 From: ld231782 at longs.lance.colostate.edu (ld231782 at longs.lance.colostate.edu) Date: Sat, 17 Apr 93 19:55:51 PDT Subject: BIGBROTHER: a public attack plan in 14 points Message-ID: <9304180255.AA22660@longs.lance.colostate.edu> Someone please wake me from this nightmare. OK, I'll try to be pragmatic and cut the fiery rhetoric here and avoid choir-preaching. This thing is out. Let's man the battlestations. Here's a nice little summary sheet of things that we should emphasize in public on the proposal, for the tip-of-the-tongue comments to friends, coworkers, and your grandmother. The public stance should be as straightforward and nontechnical as possible. We should attempt to derail the plan on as many nontechnical points as possible, because to attack technical points lends an aura of legitimacy to it, making it sound like `they had good intentions, but it's not going to work.' The truth (of course) is that this proposal is an illegitimate child, this time borne of grotesque bedfellows (e.g. Denning, Clinton and the NSA) but a monster no matter WHO the parents... Without further ado, the 14 Points... 1. Look how the proposal was `handed down' like a unilateral decree. It smacks of a government making decisions for us and excluding us from the process. The whole proposal sounds kind of sinister when viewed in the light of its tone of ``we know what's best for you'' and ``if you don't cooperate, we may have to roll out more nasty things.'' This unilateral handing-down is really obnoxious, because the administration has wholly bypassed the congress and the public at large! It has all the noxious smell of something a dictator (or a naive president prodded by the sheer force of a massively funded secret federal agency) would do. 2. Clearly there has been a huge amount of secret development on this and taxpayer money funding it. Why is it that this process has been wholly shielded from public view until now? Why is so much money being spent on depriving Americans of their rights? Why are we spending so much money to eavesdrop on our neighbors (esp. when they seem like such *nice* people)? It's all so horrifyingly undemocratic and authoritarian and impolite. Does our government have something to hide? Do they think we are too stupid to understand the details? Or are they afraid we would become more disgusted the more we hear? 3. AT&T has already committed, say the rumors, to building phones with the chip. There must be some sleazy backroom collusion between executives of this company and the government. Why were others excluded? Is this part Clinton's vision of free enterprise? Does the government play favorites among companies? Isn't there something blatantly illegal about this? 4. The announcement is outright obfuscatory. It specifically excludes any mention of the NSA when its noninvolvement is a total fantasy. In fact, the sheet in stating that other agencies are behind it is something of a lie in this regard. We should attack the proposal as being absurdly vague on extremely important, *central* points (such as which two agencies carry the keys), but that even if the swiss-cheese-quality holes were diminished, the proposal would *still* be unacceptable; it is fundamentally flawed, a wrong idea that has no merit whatsoever. 5. Here is a neat analogy. Notice how Joe Policeman has to buy his cars at any regular car dealer. We don't get excited when we hear that hoodlums and terrorists and drug dealers can buy cars at the same place. In other words, law enforcement agencies are not entitled to special perks or privileges from private industry. And we don't tolerate extreme obstructions in our ability to buy cars when we have the money, the car is there, and we like it. And the government doesn't restrict us from having cars that can drive faster than policecars. We don't let the government install special boxes in our cars that can cripple them by remote control when a cop is chasing us! (note that analogies have to be perfect or they turn into minutae bogs) 6. More on the free enterprise issue. Why was this single company that created the Clipper Chip favored by the government? What gives them the right to have a monopoly? Why is the government deliberately *creating* a monopoly? It is thumbing its nose at all those other poor hardworking cryptography companies who worked so hard, coming up with better schemes, and were rejected (a little melodrama for grandma there) 7. The chip was developed by `government engineers'. Who? Why is the government in the realm of something that is the role of private industry? What is our government doing creating `state of the art' stuff *at*all*? And why, of all the things they could be improving, are they coming up with a device to invade people's privacy? 8. We have to attack the ``state-of-the-art'' thing ad infinitum. Has the government *ever* come up with something state of the art? Do we Americans want to be state-of-the-art in the field of privacy deprivation? How do we know it is `state-of-the-art' when we can't *look* at it for ourselves, and only hear it from people who are involved in the project saying `trust us, it's way cool'? Even if it was as sophisticated as a Cray Supercomputer, are there just some machines that shouldn't be built? Are there some devices, that, while technically feasible, shouldn't be built? 9. One of the most important claims is that ``this chip provides no new authority to wiretap''. We've got to focus on this one. We can say the constitution specifically prohibits illegal search and seizure, and that we don't really remember who it was that decided that the government had free reign on wiretapping. We can say that it has always been the right of the government to obtain warrents, but it has always been the right of people to speak in codes, and now new technology is *helping* people to exercise a right that has always existed but lay undiscovered because of complexity. 10. In fact, we have to make it sound like new technology like encryption and cyberspace is going to help us rediscover our rights, and that vast government agencies that have been built up because we simply were ignorant of these dormant rights, and are based on our lack of exercising them, are going to gradually dissolve away, like the way those associated with the Cold War have, because they are superfluous. Sure, people will get displaced, and be noisy in their complaints, but their jobs are no longer necessary or even *possible* in the 21st century (allusions to breakup of NSA). In fact, maybe we should get a Privacy Dividend like the much-heralded Peace Dividend when our government agencies no longer have the capability to intercept private communication. How about that--tell the public that we all get a Privacy Dividend if they embrace unbreakable encryption! 11. Notice that the problem with surveillance and wiretapping is that it has always been a catch-22---the government needs the data to prove you are a criminal, but shouldn't have access to that data unless it can prove you are a criminal. Notice that the proposal talks about The solution lay in not wiretapping, of course! And now we have technology to *enforce* this choice. And the proposal talks about `criminals and terrorists' as if we know exactly who they are---but (as I understand it, and last I checked!) that is the point of a court to decide. 12. The plan makes it sound like we can somehow boost technological competitiveness (a real button-pushing hot topic among the public) by protecting the private communications of companies etc. We have to attack this and say that these companies only benefit if they have control over the scheme and it is not `imposed from above' and that when it is `imposed from above' it actually has the effect of *weakening* their technological competiveness, because it restricts their choices into buying something that may not be right for their needs. We should point out that privacy is complex and the ability for the government to foresee all needs is ridiculous, and furthermore even if it had such a capability it would not be its proper role. We have to really drive this one home: privacy choices (i.e. encryption) is an issue that has to be decided by the individual. That's the American Way (tm) -- insert at this point the National Anthem, flag waving, smiling kid eating apple pie. 13. ``The government must develop consistent, comprehensive policies'' regarding the use of the new infrastructure of data highways. Well, yes and no. We should talk about data highways as not like real ones in that people can't have accidents, they are virtually impossible to damage with mere data, they can withstand tremendous strains in traffic, regulating mechanisms are *built in* to the software and hardware, hence the need for government `regulations' is a bit misguided and inapplicable. Also, the government has no business telling you that you can only drive one kind of car, or that your car has to be crippled so it can't go faster than 55 MPH, or that you have to tell them where you're going every time you get in it, etc. 14. The proposal makes it sound like if the government is just shrewd enough, they will always be able to intercept and decrypt traffic. We have to drive home the point that no amount of ingenuity whatsoever can plug the dike of advancing technology, and that it is not the case that we warp or befuddle the technology to support our government--increasingly we will be adapting our government to harness new and powerful technology! I.e. we require a fundamental change in our governing systems, to `access' our newfound rights that have lain dormant for too long via novel technology, and this proposal can be viewed as a `last gasp' of a dying system... Finally, the bright side (really?). We can point out that this proposal, while intrinsically flawed and nauseatingly abhorrent, is bringing into public view important issues of cryptography, that much more sophisticated cryptography will be discovered and widely utilized, that it reveals the true aims of and weaknesses in our government process that we can alter, fix, or remove, that people are starting to realize how much wiretapping is going on and that the sensible and patriotic goal is to not encourage but limit or abolish it (by making it impossible), that it reveals the need for trully strong encryption easily accessable by all the unwashed masses, that it is just a tiny thread starting the weaving of an entirely new colorful tapestry in our nation and our government's history (oops, here comes the blaring music and the flapping flag and the bright-eyed kid again...) I insert my patriotic and emotional salute to us Cypherpunks here... p.s. we should point out that Thomas Jefferson actually came up with a highly sophisticated cryptographic rotor code that was so secure it was used even for a long time at the beginning of this century, and that clearly a Founding Father has a strong commitment to strong cryptography! (see The Codebreakers by Kahn for more info on Jefferson's code) ``If it were necessary to choose between the Government and Privacy, I should not hesitate to prefer the latter...'' ``Give me Privacy, or give me Death...'' p.s. we should point out that Thomas Jefferson actually came up with a highly sophisticated cryptographic rotor code that was so secure it was used even for a long time at the beginning of this century, and that clearly a Founding Father has a strong commitment to strong cryptography! From habs at Panix.Com Sat Apr 17 20:06:37 1993 From: habs at Panix.Com (Harry Shapiro) Date: Sat, 17 Apr 93 20:06:37 PDT Subject: Even more Message-ID: <199304180306.AA14149@sun.Panix.Com> csspab is the first name on the clipper list it expands as follows: Trying 129.6.48.199 ... Connected to mail-gw.ncsl.nist.gov. Escape character is '^]'. 220 mail-gw.ncsl.nist.gov sendmail 4.1/rbj/jck-3 ready at Sat, 17 Apr 93 23:04:29 EDT 250- 250-Bill Colvin 250- 250-John Kuyers 250- 250- 250- 250- 250- 250- 250-Eddie Zeitler 250-Cris Castro 250 -- Harry Shapiro habs at panix.com List Administrator of the Extropy Institute Mailing List Private Communication for the Extropian Community since 1991 From MAILER-DAEMON at Panix.Com Sat Apr 17 20:29:11 1993 From: MAILER-DAEMON at Panix.Com (Mail Delivery Subsystem) Date: Sat, 17 Apr 93 20:29:11 PDT Subject: Returned mail: User unknown Message-ID: <199304172211.AA00916@sun.Panix.Com> ----- Transcript of session follows ----- While talking to toad.com: >>> RCPT To: <<< 550 ... User unknown 550 cyhperpunks at toad.com... User unknown ----- Unsent message follows ----- Received: by sun.Panix.Com id AA00914 (5.65c/IDA-1.4.4 for cyhperpunks at toad.com); Sat, 17 Apr 1993 18:11:23 -0400 Received: by sun.Panix.Com id AA29602 (5.65c/IDA-1.4.4 for habs); Sat, 17 Apr 1993 17:42:12 -0400 Date: Sat, 17 Apr 1993 17:42:12 -0400 From: Mail Delivery Subsystem Message-Id: <199304172142.AA29602 at sun.Panix.Com> To: habs Subject: Returned mail: User unknown Sender: habs ----- Transcript of session follows ----- While talking to toad.com: >>> RCPT To: <<< 550 ... User unknown 550 cypherpunk at toad.com... User unknown ----- Unsent message follows ----- Received: by sun.Panix.Com id AA29600 (5.65c/IDA-1.4.4 for extropians at gnu.ai.mit.edu); Sat, 17 Apr 1993 17:42:12 -0400 From: Harry Shapiro Message-Id: <199304172142.AA29600 at sun.Panix.Com> Subject: PGP & RSA -> Legal To: cypherpunk at toad.com, extropians at gnu.ai.mit.edu (Harry Shapiro) Date: Sat, 17 Apr 1993 17:42:11 -0400 (EDT) Reply-To: habs Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 698 I recall at some point that RSA put something out on the net which allowed anyone to use the "patents or source code" for non-commercial use. Do I remember correctly? (I replied to the announcement) If I am remembering correctly, would that give me a defacto licensing of PGP for con-commercial use? The reason I bring this up is that if the feds crack down, they many decide to "help" RSA by legally fighting PGP users. Which why it would be in our interest to legally (patent-wise, despite how you feel about RSA, etc.) use PGP. -- Harry Shapiro habs at panix.com List Administrator of the Extropy Institute Mailing List Private Communication for the Extropian Community since 1991 From habs at Panix.Com Sat Apr 17 20:52:37 1993 From: habs at Panix.Com (Harry Shapiro) Date: Sat, 17 Apr 93 20:52:37 PDT Subject: Big Brother: True Names Message-ID: <199304180352.AA16131@sun.Panix.Com> Here are some background I was able to gather about those people on the csspab at mail-gw.ncsl.nist.gov, who had accounts directly on that machine. Eddie Zeitler is vice president of information security for Fidelity Investment Corp. He used to work for Pacific National Bank, Glendale, Calif., Cris Castro is director of information security programs at SRI International. Bill Colvin is NASA Inspector General John Kuyers is Ernst & Young's Dallas-based regional director of information systems auditing -- Harry Shapiro habs at panix.com List Administrator of the Extropy Institute Mailing List Private Communication for the Extropian Community since 1991 From 76630.3577 at CompuServe.COM Sat Apr 17 20:55:09 1993 From: 76630.3577 at CompuServe.COM (Duncan Frissell) Date: Sat, 17 Apr 93 20:55:09 PDT Subject: 1st Amendment Clipped? Message-ID: <930418035104_76630.3577_EHK38-1@CompuServe.COM> Potential First Amendment problems with an encryption ban -- Let's assume that the Clinton administration bans non-Clipper encryption technology. I then transmit the following and am arrested -- -----BEGIN PGP MESSAGE----- Version: 2.2 hIwChU7iviyBI+EBA/sFwcGJ3KIanoLN5d+oFYCeyhIL9m+8GAF/xTQMIoQGX16i zfsnJ8IdgquMDlPBce5fmt/Pz+IzL+Y9H7k+mSchAVv/HiTHUaCusmc5qzFJtis0 z4AiKyOnZT+BuIhs04B2nbUJnyZOTCLVmGiMTi04ZEcftdYz3FxMzUG2SyG++6YA AAGxsWH/fc9TOe4v4RmKtOl713URBrhsBImhcMVwsfWkLcUAHuXiV28K/e0dBX4e UqY73zGWxX8wC3Xd6ccc2cE9oUQHimHLerM5tX70CyyIF8mwOrY9gl+MmUXlrmQu p0KTmphFTltBuw5yRzQ0m8jjU1KR2t4lr8GbpQ+bvFyyLZNKRgfDATPTDNNB5g1F OiFI/Nxjl0ZjkP98rKjOqKpx3iPCSQnZ/LZ9eRKOAHlicrZmIgKHJuqk0XdYB+kr g2X0UVjBWW+xaBNpMbdUtT0HnKDCcOcjFPVP3sKqDCUQaK90PCd9cy18RHnpWiVo /Ri68Kx/s1UKBCK+wO3qQrKmz5vdgu8Mmh5mUXuO9Wzr7VLGqmsOTNdih7flQRvx QNGlSiXnxES2tyTxmSFxcDLXl5aXEbOVbY7BoenxhN0vn/dsHyK3dylcH7ybB1Fh UrroXxB8mLOEyuG84OZm3/zCjL5cuwdDPRBM+UIeFzfla2TXHa+nm7sCzOFA3zF2 Yry5VbmKFV8OrmbX5W0cl0uSNHKBzV+JhVrkccoeZAJfF4tkVb/sS9iv2b+f5Fxz B5u2jQ== =i5Mq -----END PGP MESSAGE----- Won't the prosecution be embarrassed when I decrypt it in court and present the plaintext: 1st Amendment Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the government for a redress of grievances. I don't see how the mere fact of encryption itself fits a message into one of the 1st amendment exceptions -- pornography, national security, libel, etc. Since it is easy to establish in information theory that a cyphertext is a form of *information* itself and not just a *means* of transmitting the information contained in the plaintext, outlawing the encryption of plaintext because the algorithm is unapproved is classic censorship of a writing *because* of its content. Additionally, there are several types of communications that cannot legally be wiretapped. These would include lawyer-client and husband-wife as well as certain others. Since the privacy of these communications requires that you make an effort to keep them private, you could argue that in these cases the use of secure encryption is legally required. The crypto-fascists have used these sorts bluffs ever since the late 1920s when someone was discouraged from publishing a history of the State Department's code office. The NSA also threatened to lock up the developers of the RSA encryption system if they published "A Proposal for a Public Key Encyption System" in the Proceedings of the IEEE in 1977. They published anyway and are still walking around. Don't let them bluff anyone again. It is neither legally nor technically possible to ban secure cryptography. Duncan Frissell From habs at Panix.Com Sat Apr 17 21:25:38 1993 From: habs at Panix.Com (Harry Shapiro) Date: Sat, 17 Apr 93 21:25:38 PDT Subject: More True Names: The NIST Security Board Message-ID: <199304180425.AA17780@sun.Panix.Com> The csspub mailing list: csspab at mail-gw.ncsl.nist.gov, and address on the clipper mailing list, seems to contain basically the members of the NIST security board. In addition to the names already posted, their true names are as follows: burrows at ecf = James Burrows a director of NIST's National Computer Systems Laboratory mcnulty at ecf = F. Lynn McNulty an associate director for computer security at the National Institute of Standards and Technology's Computer Systems Laboratory Gangemi at dockmaster.ncsc.mil = Gaetano Gangemi is director of the secure systems program at Wang Laboratories Inc. He wrote: Computer Security Basics by Deborah Russell and G. T. Gangemi, Sr. -1991, O'Reilly and Associates slambert at cgin.cto.citicorp.com = Sandra Lambert is vice-president of information security at Citibank, N.A. lipner at mitre.org = Lipner is Mitre Corp.'s director of information systems. gallagher at dockmaster.ncsc.mil = Patrick Gallagher, director of the National Security Agency's National Computer Security Center and a security board member walker at tis.com = Stephen Walker a computer security expert and president of Trusted Information Systems, Inc. in Glenwood, Md willis at rand.org = Willis H. Ware a the Rand Corp. executive who chairs the security board. whitehurst at vnet.ibm.com = William Whitehurst is a security board member and director of IBM Corp.'s data security programs. -- Harry Shapiro habs at panix.com List Administrator of the Extropy Institute Mailing List Private Communication for the Extropian Community since 1991 From uni at acs.bu.edu Sat Apr 17 21:36:28 1993 From: uni at acs.bu.edu (Shaen Bernhardt) Date: Sat, 17 Apr 93 21:36:28 PDT Subject: Reaction time and Crypto Message-ID: <9304180436.AA49530@acs.bu.edu> I must complement the group on the speed and vigor with which they have pursued the Clinton proposal. It is my hope that we can somehow make it apparent to the public that they are losing, not winning here. It seems to me that the following technologies are going to be of increasing import despite the outcome of the Clinton proposal. 1. Raw headerless output from packages like PGP. It seems obvious that if crypto is regulated, it must be easier to disguise the type of crypto one is using, or indeed if one is using crypto. 2. Methodology for the disguising of cyphertext in more innocous data. 3. The proliferation and consistant use of Crypto for even everyday communications. 1> The harder it is to find, the less potential there is for regulation. 2> The harder it is to look for, the less potential there is for regulation. 3> The harder it is to abolish, the less potential there is for regulation. More than the specific plan here, I am stunned by the emerging MOVEMENT that seems to be at work here. I can only ask, what's next? I don't think any proposal to regulate crypto will focus on the users, but rather the development and distrubution of said crypto. This is what frightens me the most. The precedent for regulation of private software and hardware applications is painfully visable on the horizion. Someone said before: Be afraid, be very afraid. uni (Dark) From TO1SITTLER at APSICC.APS.EDU Sat Apr 17 21:53:11 1993 From: TO1SITTLER at APSICC.APS.EDU (TO1SITTLER at APSICC.APS.EDU) Date: Sat, 17 Apr 93 21:53:11 PDT Subject: Fear Message-ID: <930417225056.12c3@APSICC.APS.EDU> I just thought I should add that I agree with the last poster. Cryptography will be increasingly hard to learn in the future, if this kind of thing goes on. But it will be ten or fifteen years before anyone has computers which can crack an 128-bit version of DES. I am cryptologically naive, but I think that people can always find privacy when they want it. An underground cypherpunk movement may be the only way to bring up new cryptographers. More important is the issue of equipment. Is a computer communications equipment? If so, we might have clipper chips on our motherboards. Reading input from the keyboard. This is a crisis for privacy. Can someone, preferably the people who run the cypherpunk list, set up a Privacy Advertising Fund? I would be willing to donate money, and hopefully many other cypherpunks would too. We might win that way. Urge people to protest with full-page ads in newspapers. With 30- second TV spots. With demonstrations. I will donate, if it is formed, but I can not form it except under the most extreme conditions. I have no experience in advertising or management. Be afraid. Be very afraid. Kragen Sittler From MJMISKI at macc.wisc.edu Sat Apr 17 22:27:53 1993 From: MJMISKI at macc.wisc.edu (Matthew J Miszewski) Date: Sat, 17 Apr 93 22:27:53 PDT Subject: CLIP: Legal Aspects Message-ID: <23041800272877@vms2.macc.wisc.edu> Clinton Clipper Legal Stuff: With regard to the fear that the issuance of your 'Klinton Key' will allow your favorite TLA to decrypt all conversations taped previous to the issuance of the warrant granting the key, there is precedence that disallows it. In US v. Plamondon 407 US 297, the Supreme Ct. held that *prior* judicial approval is a must for any evidence sought to be admitted. Therefore, while the precedence does not prevent them from actually decyphering your previous conversations, there is support that states it can not be used against you. In US v. Donovan (sorry lost the cite), the court held that the actual application must Identify *all* parties to be surveilled. Thus, the CIA cannot simply run a tape on you and expect to use it in court. It is important that everyone understand that none of these cases *prevent* any agency from *doing* the surveillance, and that probable cause is still an easy standard to meet in order to get the warrant. These cases merely tell you what would be admissable against anyone in court (i.e. this does not affect TLA (three letter acronyms) from blackmailing you or scaring the hell out of you. There is an enormous body of law out there on this topic and could use some guidance from the Cypherpunk elders for search topics. What's needed out there. Email me privately. TOTALLY aside from the Clipper topic: Just got the new WIRED. Excellent article. Groovy pix. Which one is Murdering Thug? 8^) mjmiski at macc.wisc.edu CyberLaw, etc. Matt From MJMISKI at macc.wisc.edu Sat Apr 17 22:37:03 1993 From: MJMISKI at macc.wisc.edu (Matthew J Miszewski) Date: Sat, 17 Apr 93 22:37:03 PDT Subject: CLIP: Media Blitz Message-ID: <23041800363830@vms2.macc.wisc.edu> Cypherpunks, I know Ive got a huge list of fax/phone numbers and addresses of all of the MAJOR media sources in this country. Im going to find it now. The idea is a major blitz on the media's editorial boards from plain old outraged readers (OK cypherpunks aren't plain or old), the media shows like Larry King, et al would love a point counterpoint on this topic and this could create a cypher phenomenon from the roots up. If this sounds like a good idea to others out there let me know. I believe that a groundswell (or apparent one) will catch the eye of those in Congress and in WAShington much more than will petitions or letters from an ambiguous and generally anonymous email list (although everyones thoughts are in the right place). People in Washington react to what appears to be public sentiment. So lets create it :-) Ill post the media list unless many people would rather me not do so. Matt From karn at qualcomm.com Sat Apr 17 23:23:43 1993 From: karn at qualcomm.com (Phil Karn) Date: Sat, 17 Apr 93 23:23:43 PDT Subject: 1st Amendment Clipped? Message-ID: <9304180623.AA28101@servo> >I then transmit the following and am arrested -- >-----BEGIN PGP MESSAGE----- [cipher text deleted] >Won't the prosecution be embarrassed when I decrypt it in court and present >the plaintext: > 1st Amendment > Congress shall make no law respecting an establishment of [remaining text deleted] No, they won't. Possession of such an OBVIOUSLY subversive document will prove conclusively that you're a dangerous enemy of the state, and must be severely dealt with. You'll be lucky to have a swift and painless execution. Thought for the day: "All I want is peace on earth, good will toward men." "We're the United States Government. We don't do that sort of thing!" --Sneakers (great flick, just saw it. Seemed appropriate.) Phil From zane at genesis.mcs.com Sat Apr 17 23:30:31 1993 From: zane at genesis.mcs.com (Sameer) Date: Sat, 17 Apr 93 23:30:31 PDT Subject: PGP & RSA -> Legal In-Reply-To: <9304180257.AA00395@metal.psu.edu> Message-ID: In message <9304180257.AA00395 at metal.psu.edu>, Clark Reynard writes: > since the software was legal at the time of purchase, it could > not be confiscated without due payment of value. If thousands Ha. (Sorry, but I'm feeling cynical.) -- | Sameer Parekh-zane at genesis.MCS.COM-PFA related mail to pfa at genesis.MCS.COM | | Apprentice Philosopher, Writer, Physicist, Healer, Programmer, Lover, more | | "Be God" - Me __ "Specialization is for Insects" - Robert A. Heinlein ____/ \_____________/ \____________________________________________________/ From TO1SITTLER at APSICC.APS.EDU Sat Apr 17 23:32:34 1993 From: TO1SITTLER at APSICC.APS.EDU (TO1SITTLER at APSICC.APS.EDU) Date: Sat, 17 Apr 93 23:32:34 PDT Subject: CLIP: Media Blitz Message-ID: <930418003021.13c0@APSICC.APS.EDU> Sorry I can't quote, but Giant media blitz sounds like a great idea to me. Post the media list and put it on the FTP site too. Roots-up sounds much more cypherpunk than funds- and TV- and newspaper-down. Thank you, Matt. Kragen From karn at unix.ka9q.ampr.org Sun Apr 18 00:20:07 1993 From: karn at unix.ka9q.ampr.org (Phil Karn) Date: Sun, 18 Apr 93 00:20:07 PDT Subject: Thoughts on the proposal Message-ID: <9304180722.AA01178@unix.ka9q.ampr.org> Some points to add, some of which I don't think have been made yet. It is entirely possible that Clinton, if he understands anything at all about this proposal, sincerely thinks that he's helping the cause of personal privacy. Consider that his entire education on the subject of cryptography probably consisted of a 5 minute briefing that probably went something like this: The US government is making available, for widespread public use, encryption technology developed by the greatest cryptographers in the world - NSA's. Civilian cryptographers are simply not capable of producing anything as good, so what does it matter if the keys are registered with the government? Users will still be better off than they are now, so what do they have to lose? And I bet that this would sound perfectly reasonable to the average man on the street, too. Well...I'd say we know better. And we have a big educational job to do. We need to let the public know that civilian cryptography is already quite good. Good enough that the communications industry doesn't need any "help" in the form of new chips from the government to secure its communications, thank you very much. And simple and cheap enough that it would have already have been made widely available in products such as digital cellular telephones if the government hadn't considered it "too good" and done everything they could behind the scenes to stop it. Clinton needs to learn that if he *really* wants to help the cause of civilian cryptography, he only needs to call off the goons over in NSA. We don't need their "help". We just want them to get the hell out of our private conversations and our private lives. Phil From tcmay at netcom.com Sun Apr 18 00:59:23 1993 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 18 Apr 93 00:59:23 PDT Subject: Comments from Jim Bidzos, Pres. of RSA Data Security Message-ID: <9304180759.AA05469@netcom.netcom.com> Jim Bidzos, Pres. of RSA Data Security, sent me a nice note this evening in response to my posting on sci.crypt. In that post, I suggested that only RSA has the algorithms and protocols ready to go for an alternative to Clipper, and that perhaps we should set aside our differences with RSA (over patents on software, etc.) and instead seek an alliance. Basically, Jim said he knew *nothing* of Clipper until he read about it in the Friday morning papers!! If true, this is astounding. (And having met Jim several times, I believe him.) He's also preparing a FAQ entitled "RSA/PKP/Clipper Flap FAQ" to deal with the many questions raised. Jim has some interesting theories about the motivations for Clipper, and why AT&T was so quick to jump on the bandwagon. Please don't quote my comments in public discussions of this issue (Jim asked me not to, which is why I'm being vaguely elliptic here.) This is all I can say for now, but I remain convinced that RSA was not involved (I suspect the presence of "jim at rsa.com" on the NIST mailing list, as reported in this group by a couple of folks, is not necessarily the cabal that put Clipper together). Interesting times indeed! -Tim May -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available. From gg at well.sf.ca.us Sun Apr 18 01:20:05 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Sun, 18 Apr 93 01:20:05 PDT Subject: Thoughts on the proposal Message-ID: <199304180819.AA14555@well.sf.ca.us> Agreed with Phil here. Clipper can't have been developed since Inauguration Day; it has to be a hand-me-down from the Bush administration, and I'm willing to bet that Clinton has been sold a bill of goods to get his support. Now a lot of folks on this list are ideologically committed to positions which are opposite to those of the Clinton amdministration, but please let's not let that blur our perception here. Clinton has shown a decent commitment to civil liberties (particularly concerning sexual freedom and reproductive rights, a very hard place to take a stand because there's such strong rightwing opposition); he's also shown an interest in telecom issues; I suspect what we're facing here isn't malice but lack of information on his part. Crypto is an elite area in math and computer science; for most people outside of this circle it's something they assume that they could never possibly understand and so they tend to accept the word of experts at hand. And the experts who are closest to the White House are at Fort Meade. The task we face is to bring the expertise of the best minds on our side, to the attention of the White House. -gg From szabo at techbook.com Sun Apr 18 02:07:06 1993 From: szabo at techbook.com (Nick Szabo) Date: Sun, 18 Apr 93 02:07:06 PDT Subject: Wiretapping chip Message-ID: I agree we should write letters, but not (or not just) to government officials. Consider targetting the big phone makers -- both domestic and overseas. Let them know our privacy needs as customers -- that we want secure encryption, that means encryption with _published algorithms_ and without having the key available to _any_ third party, be it the U.S. or any other government, or any nontrustworthy private organization. I almost agree with Sandy that "we've won", but an important part of the market process that brings such victory is giving good customer feedback to communications suppliers. Also for consideration: boycott AT&T and all other companies making phones with the wiretap chip, and let the phone makers know about the boycott early and often. Also I am curious specifically how (a) encrypted international phone calls and (b) foreign-made phones will fair under this proposal (or possible follow-on proposals when they see the weak points in this one). Can the U.S. government dictate key registration to the world? I agree with Perry that "cypherpunks" is a bad label when these kinds of issues get raised in public, and would also add "crypto-anarchy" to that. Our main "talking point" is privacy, and other less popular stuff is best kept -- private. Nick Szabo szabo at techbook.com From tcmay at netcom.com Sun Apr 18 02:11:07 1993 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 18 Apr 93 02:11:07 PDT Subject: A Long History for Clipper... Message-ID: <9304180909.AA07839@netcom.netcom.com> George Gleason writes: >Agreed with Phil here. Clipper can't have been developed since Inauguration >Day; it has to be a hand-me-down from the Bush administration, and I'm >willing to bet that Clinton has been sold a bill of goods to get his >support. Now a lot of folks on this list are ideologically committed to It's clearly stated that the program is at least 4 years old and that, for example, the contracts with VLSI Tech and Mxxxxtronix (I keep forgetting the name of the previously obscure So. Cal. defense contractor) were let 14 months ago, that production of the chips has begun, blah blah. No argument that the program started under Bush, and perhaps under Reagan (recall his various NSDDs and the Computer Security Act...). This doesn't mean the proposal will be casually tossed aside by Clinton as some objections are raised. Most policies of this sort percolate up through the entrenched bureacracies in Justice, State, Defense, NSA, etc. In this case, the AG, Janet Reno, was a well-known drug warrior in the Miami/Dade area....undoubtedly she made use of wiretaps, seizures, etc. She also probably understands the issues of law enforcement pretty well and fully understands what the proposal means. So, I don't think Clinton will easily change this policy. A firestorm of proposed civil disobedience, scoffing at the Clipper, etc., *might* have some effect. But I don't favor concentrating on legislative fixes. Give me technology any day. -Tim P.S. However, I'm trying to find the net address to send ersatz "protest" letters to Intergraph Corp about "Clipper." Clipper is the name of their 32-bit RISC chip--my thought is that enough indignant letters to Intergraph, deliberately confusing the Clinton Clipper with their product, will get Intergraph's lawyers to file a protest with the Administration! Perhaps even a name change will be ordered....a minor embarrassment, to be sure, but a stick in their eye nonetheless. -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available. From szabo at techbook.com Sun Apr 18 02:42:38 1993 From: szabo at techbook.com (Nick Szabo) Date: Sun, 18 Apr 93 02:42:38 PDT Subject: Wiretapping chip: vid clips & sound bites Message-ID: I was on a Portland-area TV forum this evening and was able to raise the wiretap chip issue to a lay audience (in addition to being in some ways a lay person myself on this issue, but quite concerned). Here are some talking points and phrases I found helpful: * Compared and contrasted a "wiretap chip", which gives government agencies the keys to your private conversations, and a "privacy chip" where you keep the keys (come to think of it, I'm not sure that second point is technically correct -- how would a truly private phone handle the keys?) * Compared giving government agencies crypto keys to giving the IRS the keys to your house and filing cabinet. * As examples I used lawyer/client, psychiatrist/patient, priest/confessor and political campaign work done over the phone. * Showed New York Times front page story (Fri. 4/16) to the camera, to demonstrate that this is important, not a fringe issue and that the wiretap chip is real. Quoted Stephen Bryen of Secured Communications Technologies Inc., "I think the government is creating a monster." * Emphasized importance of learning about telephone and e-mail technology, and how they can be made private with open cryptography. (As opposed to top-secret chip designs which I called "closed cryptography"). * Stated that I was switching from AT&T to another provider in protest of their selling phones containing wiretap chips. I wanted to use a see-thru telephone as a prop to point at computer chips inside the phone, but wasn't able to locate one in time. Some of this may sound corny and less accurate than a technical presentation, but I needed to make the lay audience at least mildly informed, sympathetic and perhaps even motivated to write their phone company or their Congresscritters within about the three minutes of air time. Further suggestions for sound bites, vid clips etc. to use in a media campaign greatly appreciated. Nick Szabo szabo at techbook.com From rjc at gnu.ai.mit.edu Sun Apr 18 03:58:15 1993 From: rjc at gnu.ai.mit.edu (rjc at gnu.ai.mit.edu) Date: Sun, 18 Apr 93 03:58:15 PDT Subject: Wiretapping chip: vid clips & sound bites In-Reply-To: <9304180942.AA03151@churchy.gnu.ai.mit.edu> Message-ID: <9304181058.AA75057@hal.gnu.ai.mit.edu> The best innovation you came up with is calling it the "wiretap chip." I propose that we stop referring to this chip as the "clipper chip" and always refer to it as "the wiretap chip." Also, when using analogies, don't bring up drug smugglers or terrorists. One key to winning this battle is to wage an information war. We have to manipulate the image of this proposal so it looks more like a menace instead of a "protection." -- Ray Cromwell | Engineering is the implementation of science; -- -- EE/Math Student | politics is the implementation of faith. -- -- rjc at gnu.ai.mit.edu | - Zetetic Commentaries -- From habs at Panix.Com Sun Apr 18 05:29:13 1993 From: habs at Panix.Com (Harry Shapiro) Date: Sun, 18 Apr 93 05:29:13 PDT Subject: Media Blitz: May ourselves available Message-ID: <199304181229.AA27858@sun.Panix.Com> If there is going to me some kind of media blitz then we have to put some of ourselves forward as "experts" for the media to interview. Tim May, John Gilmore, come to mind. Any of us that are clean shaven and wear suits, etc. would also make good spoke-folks /harry -- Harry Shapiro habs at panix.com List Administrator of the Extropy Institute Mailing List Private Communication for the Extropian Community since 1991 From habs at Panix.Com Sun Apr 18 05:50:09 1993 From: habs at Panix.Com (Harry Shapiro) Date: Sun, 18 Apr 93 05:50:09 PDT Subject: The mysterious mailing list (fwd) Message-ID: <199304181248.AA28813@sun.Panix.Com> There have been reports about a mailing list set-up at NIST that had a number of people on it including Mitch Kapor. The list is named "clipper" and it was through that list that part of the Wire Tap Chip announcement came. I asked Mitch directly, what is involvement with that list was; I asked him if he was involved with the development of the Wire Tap Chip. Below is is reply. I believe him. /harry a conscious being, Mitchell Kapor wrote: > From mkapor at eff.org Wed Apr 17 23:11:38 1993 > Message-Id: <199304181111.AA05559 at eff.org> > Date: Sun, 18 Apr 1993 07:11:38 -0800 > To: habs at Panix.Com > From: Mitchell Kapor > Subject: The mysterious mailing list > > I believe the list in the question is an informational list set up at NIST. > My name was placed on it. I did not ask to be put on such a list. We > were (obviously) not involved in the development of Clipper. > I was sent the Clipper announcement fact sheet, for instance. > There has been a small amount of traffic on it, none of it consequential. > I would appreciate it if you would make these facts known. I have told Mitch I will put this info out and have asked that he make clipper list mail public at some FTP site. I have also asked him when he started getting traffic from this list. /harry -- Harry Shapiro habs at panix.com List Administrator of the Extropy Institute Mailing List Private Communication for the Extropian Community since 1991 From baumbach at atmel.com Sun Apr 18 06:14:20 1993 From: baumbach at atmel.com (Peter Baumbach) Date: Sun, 18 Apr 93 06:14:20 PDT Subject: The gov't makes sense ;-) Message-ID: <9304180514.AA25169@sole.chp.atmel.com> My eyes have been opened, after reading the White House press release. Privacy can only be allowed if the users don't break any laws. If through accident or other means we find that someone who is using privacy has broken the law, we need to be able to discover what has been hidden by privacy in the past to see if other laws were broken. It is for the greater good! Let's have the gov't set a good example for us too follow. I want all government employees and anyone they have spoken to, to be recorded always. The tapes will be encrypted and stored safely in the hands of all losing presidential candidates. If a citizen has probable cause to believe that a person in gov't has broken the law, then, with proper safeguards, he will be given copies of the appropriate tapes and the keys, to get to the bottom of this. If through accident or other means we find that someone who is using privacy has broken the law, we need to be able to discover what has been hidden by privacy in the past to see if other laws were broken. It is for the greater good. Peter Baumbach baumbach at atmel.com From habs at Panix.Com Sun Apr 18 06:22:00 1993 From: habs at Panix.Com (Harry Shapiro) Date: Sun, 18 Apr 93 06:22:00 PDT Subject: Mitch on the Clipper Mailing list Message-ID: <199304181319.AA29552@sun.Panix.Com> I had asked Mitch to repost any communications that have gone over this list. He has. I appreciate his willing to clear up this issue. As I have stated before, I believe him, that NIST simply created this list of people they wanted to be in direct contact with. /harry a conscious being, Mitchell Kapor wrote: > From mkapor at eff.org Sun Apr 18 00:58:00 1993 > Message-Id: <199304181257.AA06031 at eff.org> > Date: Sun, 18 Apr 1993 08:58:00 -0800 > To: habs at Panix.Com > From: Mitchell Kapor > Subject: Re: The mysterious mailing list > > I received the statement of the Press Secretary and the public fact sheet > from Ed Roback. I have not repoduced the full text as it is readily > available elsewhere. > > Following this is a thread between Gerano Cannoni and Martin Hellman. I > have deleted the text of Marty's longest response, as it is being > circulated elsewhere. > Last, there is a single message from A. Pagett Patterson. > And that's it (assuming I haven't missed something in reviewing my mail stream). > Feel free to re-post this, put in on an FTP, whatever. I don't have any > more time to deal with this issue. > > Date: Fri, 16 Apr 93 11:02:59 EDT > From: Ed Roback > Organization: FIRST, The Forum of Incident Response & Security Teams > Posted-Date: Fri, 16 Apr 93 11:02:59 EDT > To: clipper at csrc.ncsl.nist.gov > Subject: text of White House announcement and Q&As on clipper chip encryption > > Note: This file will also be available via anonymous file > transfer from csrc.ncsl.nist.gov in directory /pub/nistnews and > via the NIST Computer Security BBS at 301-948-5717. > --------------------------------------------------- > > THE WHITE HOUSE > > Office of the Press Secretary > > _________________________________________________________________ > > For Immediate Release April 16, 1993 > > > STATEMENT BY THE PRESS SECRETARY > > > The President today announced a new initiative that will bring > the Federal Government together with industry in a voluntary > program to improve the security and privacy of telephone > communications while meeting the legitimate needs of law > enforcement. > ... > > Date: Fri, 16 Apr 93 16:44:10 EDT > From: Ed Roback > Organization: FIRST, The Forum of Incident Response & Security Teams > Posted-Date: Fri, 16 Apr 93 16:44:10 EDT > To: clipper at csrc.ncsl.nist.gov > Subject: White House Public Encryption Management Fact Sheet > > > > Note: The following was released by the White House today in > conjunction with the announcement of the Clipper Chip > encryption technology. > > FACT SHEET > > PUBLIC ENCRYPTION MANAGEMENT > > The President has approved a directive on "Public Encryption > Management." The directive provides for the following: > ... > > Posted-Date: Sat, 17 Apr 93 01:26:06 +0200 > From: caronni at nessie.cs.id.ethz.ch (Germano Caronni) > Date: Sat, 17 Apr 93 01:26:06 +0200 > To: clipper at csrc.ncsl.nist.gov > Subject: Clipper-Chip Escrow-System Flaws > Newsgroups: > alt.privacy,sci.crypt,alt.security,comp.security.misc,comp.org.eff.talk > Organization: Swiss Federal Institute of Technology (ETH), Zurich, CH > Cc: > > > Good day, > as a non-citizien of USA I have read your announcment of the > 'Clipper-Chip' with great interest, and am happy to see a increase > in lawful privacy in the USA. I hope this policy will extend to > other countries too. > In the meantime I suspect two flaws in the 'Clipper-Chip' as it was > announced today via NIST/electronic media. > > 1) Keeping secret the algorithm which performs encryption is in my > humble opinion a bad idea. It hinders 'Clipper' to get publicly > accepted, and hinders the minute examination of the Clipper- > Algorithm by other then a few experts. > But I am sure this was well considered. > > Now the important suggestion :=) > > 2) By splitting the 80-Bit-Key of clipper in two parts, and give > them to different organizations, you add an uneeded WEAKNESS > to the escrow-system. This way, corruption of one escrow will > allow an easier attack on the Key than might be possible. > (e.g. if I obtain 40 bits of possible 80 bits keys, exhaustive > keysearch is definitively no problem.) > You might instead generate 2 (or even more, if this ist not > politically indesired) 80-Bit-Sequences which, when XOR-ed > together will provide the original, needed key, but alone they > are worthless. I am sure persons with knowledge in this area, which > surely can be found at NIST (or wherever) will agree. > > I hope that this remark is of interest for you. > > Friendly greetings, > > Germano Caronni > > > P.S. > I am sure you have remarked, that the current policy is interpretable > to tend toward an abolition of 'unbreakable' secure communication > via electronic Media, and hope that this will _not_ come true. > > Disclaimer: This mail is in now way whatsoever connected to the Swiss > Federal Inst. of Technology, but expresses my personal thoughts. > > > > > Organization: FIRST, The Forum of Incident Response & Security Teams > Posted-Date: Fri, 16 Apr 93 22:32:14 PDT > Date: Fri, 16 Apr 93 22:32:14 PDT > From: "Martin Hellman" > To: caronni at nessie.cs.id.ethz.ch, clipper at csrc.ncsl.nist.gov > Subject: Re: Clipper-Chip Escrow-System Flaws > > I received your message suggesting: > > 2) By splitting the 80-Bit-Key of clipper in two parts, and give > them to different organizations, you add an uneeded WEAKNESS > to the escrow-system. This way, corruption of one escrow will > allow an easier attack on the Key than might be possible. > (e.g. if I obtain 40 bits of possible 80 bits keys, exhaustive > keysearch is definitively no problem.) > You might instead generate 2 (or even more, if this ist not > politically indesired) 80-Bit-Sequences which, when XOR-ed > together will provide the original, needed key, but alone they > are worthless. > > In a conversation with NSA today, I was told > that two random 80-bit numbers will be XORed to produce > the 80-bit key and the two individual numbers kept by > two separate escrow authorities -- who they are is > to be decided. So your suggestion is, in fact, how it > will be handled. > > martin hellman > > Disclaimer: this in no way should be interpreted to mean > that I approve of the Clipper Chip. While I am still in the > process of learning more about it, my immediate reaction > was not positive. More later. > > Organization: FIRST, The Forum of Incident Response & Security Teams > Posted-Date: Sat, 17 Apr 93 23:05:23 PDT > Date: Sat, 17 Apr 93 23:05:23 PDT > From: "Martin Hellman" > To: ...clipper at csrc.ncsl.nist.gov... > Subject: Clipper Chip > > > Most of you have seen the announcement in Friday's NY Times, > etc. about NIST (National Institute of Standards & Technology) > announcing the "Clipper Chip" crypto device. Several messges > on the net have asked for more technical details, and some have > been laboring under understandable misunderstandings given > the lack of details in the news articles. So here to help out > is your friendly NSA link: me. I was somewhat surprised Friday > to get a call from the Agency which supplied many of the missing > details. I was told the info was public, so here it is (the cc of this > to Dennis Branstad at NIST is mostly as a double check on my > facts since I assume he is aware of all this; please let me know > if I have anything wrong): > > ... > > > Organization: FIRST, The Forum of Incident Response & Security Teams > Posted-Date: Sat, 17 Apr 93 08:55:31 -0400 > Date: Sat, 17 Apr 93 08:55:31 -0400 > From: padgett at tccslr.dnet.mmc.com (A. Padgett Peterson) > To: "clipper at csrc.ncsl.nist.gov"@uvs1.dnet.mmc.com > Subject: Panel > > I would like to be considered for the "outside panel" assessing the > Clipper Technology. > A. Padgett Peterson, P.E. > > > -- Harry Shapiro habs at panix.com List Administrator of the Extropy Institute Mailing List Private Communication for the Extropian Community since 1991 From habs at Panix.Com Sun Apr 18 06:24:16 1993 From: habs at Panix.Com (Harry Shapiro) Date: Sun, 18 Apr 93 06:24:16 PDT Subject: It is two 80-bit "halfs" Message-ID: <199304181322.AA29623@sun.Panix.Com> >From Mail sent via the Clipper Mailing list, forwarded to me: > In a conversation with NSA today, I was told that two random 80-bit > numbers will be XORed to produce the 80-bit key and the two individual > numbers kept by two separate escrow authorities -- who they are is to > be decided. So your suggestion is, in fact, how it will be handled. > martin hellman /HARRY -- Harry Shapiro habs at panix.com List Administrator of the Extropy Institute Mailing List Private Communication for the Extropian Community since 1991 From MAILER-DAEMON at Panix.Com Sun Apr 18 06:30:37 1993 From: MAILER-DAEMON at Panix.Com (Mail Delivery Subsystem) Date: Sun, 18 Apr 93 06:30:37 PDT Subject: Returned mail: Deferred: Connection reset by peer during greeting wait with churchy.gnu.ai.mit.edu Message-ID: <199304181241.AA28611@sun.Panix.Com> ----- Transcript of session follows ----- While talking to toad.com: >>> RCPT To: <<< 550 ... User unknown 550 cyhperpunks at toad.com... User unknown 451 extropians at gnu.ai.mit.edu... timeout waiting for input 421 churchy.gnu.ai.mit.edu (TCP)... Deferred: Connection reset by peer during greeting wait with churchy.gnu.ai.mit.edu ----- Unsent message follows ----- Received: by sun.Panix.Com id AA28608 (5.65c/IDA-1.4.4 for extropians at gnu.ai.mit.edu); Sun, 18 Apr 1993 08:41:03 -0400 From: Harry Shapiro Message-Id: <199304181241.AA28608 at sun.Panix.Com> Subject: Re: More True Names: The NIST Security Board (fwd) To: cyhperpunks at toad.com, extropians at gnu.ai.mit.edu (Harry Shapiro) Date: Sun, 18 Apr 1993 08:41:03 -0400 (EDT) Reply-To: habs Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 1199 a conscious being, David Farber wrote: From banisar at washofc.cpsr.org Sun Apr 18 06:43:31 1993 From: banisar at washofc.cpsr.org (Dave Banisar) Date: Sun, 18 Apr 93 06:43:31 PDT Subject: AT&T Press Release on Clipper Message-ID: <9304180949.AA35839@hacker2.eff.org> Here's AT&T's announcement on the Clipper. AT&T TO INCORPORATE NEW 'CLIPPER' CHIP INTO SECURE COMMUNICATIONS PRODUCT LINE GREENSBORO, N.C., April 16 AT&T (NYSE: T) said today it is moving to improve the security and privacy of telephone communications by incorporating a just-announced new U.S. government technology for voice encryption into its secure communications product line. AT&T will use the Clipper chip, announced today by President Clinton as a new technology for voice encryption, in all of its secure telephone products except those specially designed for government classified customers. The Commerce Department has announced a six-month timetable for the final certification of Clipper. "AT&T is pleased to be the first company to publicly commit to adoption of the Clipper chip," said Ed Hickey, AT&T vice president, Secure Communications Systems. "We believe it will give our customers far greater protection in defeating hackers or eavesdroppers attempting to intercept a call. "And now all commercially available AT&T voice encryption products will be compatible with each other, a major step forward in bringing secure communications capabilities to the business community." In standardizing AT&T voice encryption products on the Clipper chip, AT&T will include the algorithm in the Telephone Security Device as well as in the Secure Voice/Data Terminal. The AT&T Telephone Security Device is a compact, lightweight unit that brings advance encryption technology to conventional land-line and cellular telephones. It provides a powerful, convenient and reliable way to protect the most sensitive telephone conversations. The device works with a conventional land-line or transportable/mobile cellular phone. It turns the phone's signal into a digital stream of encrypted information that is decrypted by a Telephone Security Device attached to the phone at the receiving end of the call. The AT&T Telephone Security Device connects easily to desk telephones or tranportable or mobile phones. It weighs 1.5 pounds and is 7 inches long, 4.5 inches wide and 1.5 inches high. And it's as easy to use as it is portable. The AT&T Secure Voice/Data Terminals are desktop telephones that provide encryption for both telephone calls and data transmissions. These AT&T secure communications products use an enhanced voice encryption technique that provides very high voice quality. This technology allows calls placed with these products to approach the voice quality of normal calls. To further enhance interoperability, AT&T will consider licensing to other manufacturers its enabling technologies for interoperability. Interoperability of encryption devices requires common technology beyond the use of a common encryption algorithm, specifically common methods of digital voice encoding and signaling. AT&T has already performed integration tests with Clipper chips manufactured by the government's supplier, Mykotronx Inc., of Torrence, Calif., and is preparing to integrate the chip into the manufacturing of its secure products. AT&T's Clipper-equipped telephone security devices will be available to customers by the end of the second quarter. The federal government intends to adopt the Clipper chip as the standard for voice encryption to help protect proprietary information, protect the privacy of personal phone conversations and prevent unauthorized release of data transmitted electonically. At the same time, use of the Clipper chip will preserve the ability of federal, state and local law enforcement agencies to intercept lawfully the phone conversations of criminals. "Adoption of Clipper will support both the government's efforts to protect the public and the public's right to privacy," Hickey said. AT&T Secure Communication Systems provides products to protect voice, data, fax, cellular and video communications. It also engineers and integrates secure communications applications. Its customers include the governments of the United States and other nations as well as major corporations around the world. AT&T Secure Communications Systems is headquartered in Greensboro. For more information about the AT&T Telephone Security Device 3600 and other AT&T Secure Communications Products, call David Arneke at 919-279-7680. CONTACT: David Arneke of AT&T Secure Communications Systems, 919-279- 7680,or after hours, 919-273-5687, or Herb Linnen of AT&T Media Relations, 202-457-3933, or after hours, 202-333-9162 From banisar at washofc.cpsr.org Sun Apr 18 07:10:18 1993 From: banisar at washofc.cpsr.org (Dave Banisar) Date: Sun, 18 Apr 93 07:10:18 PDT Subject: Media Sugestions, History of Clipper and Conspiracy theories Message-ID: <9304181016.AA32068@hacker2.eff.org> RE: Press Blitz I have found from experience, with some success, that the best way to handle press if you to contact local press and present yourself as a local expert on the subject. This gives them a local connection for their stories. You should have apack ready to send them, including copies of the White House documents, and a 1 page fact sheet of your own pointing out the problems with the proposal. Present yourself as a local computer scientist who sees the deeper issues behind this proposal and wants to air them. The major national newspapers are already covering this but its the smaller local papers that most people read. Only a few million people total read the NY Times, Washinging Post etc. Thinks of the millions that read their local papers and get to them. If they respond, this will be killed. History of Clipper: As I mentioned before, Iwas at the NIST press Conference on Fri. They responded to a question by saying that they had been working on this for 4 years and had been implimenting it for 14 months. Suggestion for campaign name: Clip the Clipper! Mailing List: No CPSR, etc. were not involved as a cabal supporting this dingbat proposal. If you beliueve that then go back to reading your endless JFK/CIA/Mafia/aliens conspiracy theory books and let the rest of us go on living in the real world. They have put together a very slick electronic media blitz here, sending the proposal to every applicable newsgroup etc. Dave Banisar CPSR Washington Office From habs at Panix.Com Sun Apr 18 07:35:37 1993 From: habs at Panix.Com (Harry Shapiro) Date: Sun, 18 Apr 93 07:35:37 PDT Subject: Test, please ignore Message-ID: <199304181435.AA10152@sun.Panix.Com> Just a alias test - please ignore /harry -- Harry Shapiro habs at panix.com List Administrator of the Extropy Institute Mailing List Private Communication for the Extropian Community since 1991 From R.Tait at bnr.co.uk Sun Apr 18 07:46:56 1993 From: R.Tait at bnr.co.uk (R.Tait at bnr.co.uk) Date: Sun, 18 Apr 93 07:46:56 PDT Subject: What Clinton's proposal will mean to the Rest of the World Message-ID: <199304181446.7907@bnsgs200.bnr.co.uk> Cypherpunkers, Having just digested the press release, and the subsequent followups on sci.crypt and on here, I am beginning to wonder what ramifications this might have in other countries, specifically the "Superpowers". Surely setting such a precedent in his own country will spark off a flurry of activity in places such as the UK, Germany, France et al, so that they are not "left behind", so-to-speak? To be quite honest, I can't see the English government taking such radical steps about secure telecommunications, quite simply, because BT have such a lacsidasical [sp?] approach to new and emerging technologies. Take for instance, IDSN. Their philosophy of marketing and "selling" ISDN is laughable - I once read a newspaper article which related a tale of a Corporation who wanted to learn if ISDN could be useful to it's business practices, and it seems that BT just kept jostling them between department (Dept X: "Phone Dept Y", Dept Y: "Phone Dept X" etc). Can anyone really see that the US government (or whoever) will completely outlaw all strong data encryption? This violates the basic human right of free communications/privacy. What a world we live in, huh? -- Rick M. Tait Bell Northern Research Europe Tel: +44-81-945-3352, Fax: +44-81-945-3352 Network Management Systems New Southgate, London. UK email: ricktait at bnr.co.uk || rt at cix.compulink.co.uk || ricktait at bnr.ca From pfarrell at cs.gmu.edu Sun Apr 18 08:14:28 1993 From: pfarrell at cs.gmu.edu (Pat Farrell) Date: Sun, 18 Apr 93 08:14:28 PDT Subject: Media Blitz: Make ourselves available Message-ID: <40480.pfarrell@cs.gmu.edu> Harry Shapiro writes: >Any of us that are clean shaven and wear suits, etc. would >also make good spoke-folks I can't claim expert status, but I do live "inside the Beltway" wear suits, have gray hair, have appeared on CNN during the Morse worm discussions, presented a paper on security at the National Computer Security Conference last Fall, work for a high-tech software firm, think the big brother chip is a crock, and am willing. How do I make myself more available? My 24-hour voicemail number is (703) 267-2986. Pat From pfarrell at cs.gmu.edu Sun Apr 18 08:14:40 1993 From: pfarrell at cs.gmu.edu (Pat Farrell) Date: Sun, 18 Apr 93 08:14:40 PDT Subject: Knowledge of cryptography, Was: RE: More True Names: The NIST Security Board Message-ID: <40485.pfarrell@cs.gmu.edu> Harry identified several names on the CLIPPER list, including: >mcnulty at ecf = F. Lynn McNulty an associate director for computer >security at the National Institute of Standards and Technology's >Computer Systems Laboratory At this Fall's National Computer Security Conference, Mr. McNulty was a speaker on the NIST's digital signature session. They talked about both the non-RSA DSS, and use of Certifying Authorities with a RSA-based scheme. At that same conference, I gave a paper on security that described a fishnet of trust between systems. This was written in February 92, well before I read Phil's "web of trust" from the PGP docs, which I read sometime over the summer. During the Q&A, I asked Mr NcNulty to compare the advantages and disadvantages of a heirarchical CA approach to an interlocking fishnet/web of trust. I hoped he would at least recognize that any heirarchy has problems from the top down if an upper level is compromised. Instead, he could not address any differences. I believe that working in the government has made the hierarchy seem to be the only implementation that he envisioned. He fobbed the question off to one of his technical underlings, but he, too, was unable to answer it (or even coherently address it). I believed then (and still do) that the closed loop process used by NIST and the TLAs has caused them to overlook a number of promissing alternatives. This means that we crypto-provacy advocates must start an education effort. Pat From pfarrell at cs.gmu.edu Sun Apr 18 08:15:32 1993 From: pfarrell at cs.gmu.edu (Pat Farrell) Date: Sun, 18 Apr 93 08:15:32 PDT Subject: A Long History for Clipper... Message-ID: <40466.pfarrell@cs.gmu.edu> Timothy C. May) writes: >George Gleason writes: >> Clipper can't have been developed since Inauguration >>Day; ... >It's clearly stated that the program is at least 4 years old and that, >[supporting stuff deleted] >This doesn't mean the proposal will be casually tossed aside by Clinton as >some objections are raised. Most policies of this sort percolate up through >the entrenched bureacracies in Justice, State, Defense, NSA, etc. I was listening to a lecture by Dr. Denning (Peter J) about a week ago. He was referencing NREN, not his wife's key registration idea, but in light of Clipper, the comments are germane. He said that some of his left-coast collegues were all concerned about NREN providing equal access so it won't be a "yuppie-only" communication medium. Prof. Denning said that these well meaning folks are too late. Gore's data superhighways were announced as a big deal for political reasons by the Clinton Administration, but it was actually the result of nearly 10 years of work. He said these things take years to create, and that the consensus is in place before it announced so acceptance is assured. Clearly CLIPPER has been percolating thru the TLAs for quite some time. I think the self selection process (see The New Republic's Clincest article) has allowed those who have been sending up trial balloons to think they've reached an acceptable position. It was clear at last Fall's National Computer Security Conference (sponsored by NSA) that the TLAs were going to keep pushing to get this thru. BTW, I live "inside the Beltway" and have been trying to figure out a way to use my ability to easily popover the DC for face to face meetings to help stop this madness. I tried working with EFF last Fall, but they couldn't figure out how to use volunteer help. If any crypo-privacy list readers have ideas, please let me know. Pat (My pgp key is on the utmb and mit servers.) From 0005037030 at mcimail.com Sun Apr 18 09:36:17 1993 From: 0005037030 at mcimail.com (AJ Janschewitz) Date: Sun, 18 Apr 93 09:36:17 PDT Subject: Another one-way street Message-ID: <51930418163515/0005037030ND3EM@mcimail.com> -----BEGIN PGP SIGNED MESSAGE----- Well, the Clintoon Administration has opened up yet another electronic channel besides the one on CI$. The White House can also be reached at 5895485 at mcimail.com. Their usual rules apply: Give a snail return address if you want a response. Looks like the "data highway" is, for the time being, a one-way street ... ==a.j.== -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK9F98xk4MFKFFwHhAQH42AP/ZRh7WRDqdP2LpkDiO2/IGzEbaVr9UR7y AeqRQAAjSCmC5o1ApJ5oAd22GIqyeaRfnpXy0WuRsJRkxdEpDLbzYnGLSCaT4DOh o4Hj4EHTFIy7exN9vRkAFaXA1E7E9dl7D1xajbv7F4L6Y26TivvhMP5WRtKuHIxW re2YpapLOuY= =amKI -----END PGP SIGNATURE----- From MJMISKI at macc.wisc.edu Sun Apr 18 10:09:08 1993 From: MJMISKI at macc.wisc.edu (Matthew J Miszewski) Date: Sun, 18 Apr 93 10:09:08 PDT Subject: MEDIA: Partial List Message-ID: <23041812084521@vms2.macc.wisc.edu> Cypherpunks, OK a couple of things. First, this is a partial list as should be obvious by the truncation of the first entry. If and when I can find the whole and complete list I will post it. Second, I post this grudgingly realizing that some might abuse it. I do feel however that the tone of discussion on the list has been positive and intellectual enough to positively affect the cause. I realize this list is not exhaustive but it is a start. Ill work on expansion. I suggest, as have others, that we utilize one simple technology extensively - fax/fax-modems. Also remember that Washington responds to perceived PUBLIC opinion. Most people dont understand crypto much less know our names. It should appear that these comments are coming from a good cross section of the country. Finally, I agree with the poster that suggested that we put forth some spokespeople of sorts. Media types love point people rather than the horizontal structure of cypherpunks. I know we will never get total agreement on whom they should be, but I think that Tim May, John Gilmore, Eric Hughes, etc. are pretty much acceptable (They represented us eloquently in WIRED) Use the list with good intent. -------------------8<---------------8<----------------- Lane Vernardos Fax: 212 7652724 Associated Press 50 Rockefeller Plaza New York NY 10020 Phone: 212 6211600 This Week With David Brinkley 1717 De Sales St., NW Washington DC 20036 David Glodt Phone: 202 8877777 Fax: 202 8877977 CBS Evening News 524 W. 57th St. New York NY 10019 Tom Bettag Phone: 212 9753693 Fax: 212 9751519 CBS This Morning 524 W. 57th St. New York NY 10019 Eric Sorenson Phone: 212 9752824 Fax: 212 9752115 CSM Publishing Society One Norway St. Boston MA 02115 Phone: 800 2257090 One CNN Center Box 105366 Atlanta GA 30348 Phone: 404 8271500 CNN, Washington Bureau 111 Massachusetts Ave., NW Washington DC 20001 Phone: 202 8987900 Face the Nation, CBS News 2020 M St., NW Washington DC 20036 Marianne Brooks Phone: 202 4574321 Fax: 202 4666237 Good Morning America, ABC News 1965 Broadway New York NY 10023 Jack Riley Phone: 212 4961800 Fax: 212 8874724 Larry King Show, Mutual Radio 1755 S. Jefferson Davis Hwy. Arlington VA 22202 Pat Piper Phone: 703 6852175 Fax: 703 6852142 Larry King Live TV, CNN 111 Massachusetts Ave., NW Washington DC 20001 Thomas Haddad Phone: 202 8987900 Fax: 202 8987617 Los Angeles Times Times-Mirror Square Los Angeles CA 90053 Phone: 800 5281637 Fax: 213 2377679 MacNeil/Lehrer News Hour P.O. Box 2626 Washington DC 20013 Phone: 703 9982870 MacNeill/Lehrer News Hour WNET 356 W. 58th St. New York NY 10019 Les Crystal Phone: 212 5603113 Fax: 212 5817353 Meet the Press, NBC News 4001 Nebraska Ave., NW Washington DC 20016 Christie Basham Phone: 202 8854200 Fax: 202 3622009 Morning Edition, NPR 2025 M St., NW Washington DC 20036 Phone: 202 8222000 N B C Nightly News 30 Rockefeller Plaza New York NY 10112 Steven Freidman Phone: 212 6644971 Fax: 212 6646045 New York Times, DC Bureau 1627 Eye St., NW, 7th Floor Washington DC 20006 Phone: 202 8620300 New York Times 229 W. 43rd St. New York NY 10036 Phone: 212 5561234 Newsweek 444 Madison Ave. New York NY 10022 Phone: 212 3504000 Nightline, ABC News 47 W. 66th St. New York NY 10023 Dorrance Smith Phone: 212 8874995 Fax: 212 4563335 ABC News 1717 DeSales, NW Washington DC 20036 Ted Koppel Phone: 202 8877364 Public Broadcasting Service 1320 Braddock Pl. Alexandria VA 22314 Phone: 704 7395000 Time Magazine, DC Bureau Washington DC 20001 Mr. Cloud, Bureau Chief Phone: 202 8614000 Time Warner, Inc. Time Life Bldg. Rockefeller Center New York NY 10020 Phone: 212 5221212 The Today Show 30 Rockefeller Plaza New York NY 10112 Tom Capra Phone: 212 6644249 USA Today 1000 Wilson Blvd. Arlington VA 22229 Phone: 703 2763400 U S News & World Report 2400 N St., NW Washington DC 20037 Phone: 202 9552000 United Press International 1400 Eye St., NW Washington DC 20006 Phone: 202 8988000 WETA-TV P.O. Box 2626 Washington DC 20013 Phone: 703 9982626 Wall Street Journal 200 Liberty St. New York NY 10281 Phone: 212 4162000 Washington Post 1150 15th St., NW Washington DC 20071 Phone: 202 3346000 From uni at acs.bu.edu Sun Apr 18 10:43:58 1993 From: uni at acs.bu.edu (Shaen Bernhardt) Date: Sun, 18 Apr 93 10:43:58 PDT Subject: Media Blitz Message-ID: <9304181743.AA38488@acs.bu.edu> Having sent faxes to all the targets on my media list, I'm looking for the following: 1> A Fax number for AT&T public relations so I can explain to them that they can count my business out if they don't wise up. 2> A Fax number for Intergraph Corp 3> Internet addresses for same. I sent the following text to several media contacts: April 18, 1993 Sir or Madam, I am sending this text to call your attention to what I and others believe to be a grievous attack on privacy for the private sector and the public at large. On April 16, 1993 the White House Office of the Press Secretary issued a statement regarding the administration's emerging policy on encryption hardware and technology. In short this policy is a ruse. With the increasing reliance on data links and E-Mail to communicate, cryptography has evolved to protect the otherwise vulnerable data traffic in this country. E-Mail and data transfers are not as secure from tampering and compromise as is the postal service. Messages sent through mail nets have no "envelopes" and are unprotected from the prying eyes of system administrators on any of the many nodes a message may pass through. Indeed those using electronic mediums for mail services are entitled to some reasonable assurance of privacy. As a result, cryptography and encryption have become fruitful industries in this country. The Clinton administration seems well on the way to destroying this industry and stomping on the rights of citizens to secure their communications from surveillance. The "Clipper Chip Proposal," which is becoming known in the academic community as the "Big Brother Proposal," bills itself as a solution to the conflict between law enforcement and "crypto industry." It is not. By enforcing the Clipper technology as a standard, the Clinton administration has taken the first step in regulating all encryption technology and selling short the American people. The Clipper technology, by the administration's own admission, is compromised from the beginning. Cipher keys for Clipper hardware are to be segmented and stored in depositories maintained by two agencies, (which remain yet unnamed) and released with "the proper authorization." No one educated in the nuances of encryption would take such a system seriously. Willingness to accept a system that comes already compromised is simply unimaginable, at least while other systems are still around. The administration insists that the algorithm for the Clipper technology is secret, and will not be released to the academic sector or the public at large. A vital part of the development process of any new algorithm is its' ability to withstand the scrutiny of the academic and private sectors. The current encryption standard (DES) is a prime example. The algorithm for DES was made available to the academic and private sectors at no loss of security to those using DES based systems. Indeed the weaknesses of DES were eventually revealed by the academic sector as a direct result of this scrutiny. Part of the mark of a well designed system is in the ability to remain secure despite disclosure of the algorithm. No entity can be expected to trust such a system without being able to review it for additional "backdoors" written into the system. I cannot fathom that the administration has not realized these points. They must know that such a system as the Clipper Chip is unmarketable and doomed to failure in its' current state. As long as other technology remains available, who would buy the Clipper Chip? And how does the introduction of the Clipper Chip aid law enforcement in protecting American citizens? Alone it does not. Any organization, criminal or otherwise, would be quite content to patronize other vendors not employing the Clipper Chip, many of which currently exist. I can only assume then that the administration's next step is to place heavy regulations on other hardware and software products not utilizing Clipper Chip technology, using the availability of Clipper systems to justify their move. The increasingly authoritarian methods the administration continues to adopt deserve careful scrutiny. The precedents established by this move, namely the regulation of the software industry, denial of reasonable freedom from government intrusion in personal affairs, and government created technology monopolies, are more than alarming, but dangerous. When confronted with the possibility of facing fines or criminal penalties for which computer program we use, the phrase I hear more and more often is, "I can't believe it's happening here." Most Concerned, [Signature] Shaen Logan Bernhardt I (uni at acs.bu.edu) Are my letters annyoing anyone yet? uni (Dark) From sward+ at cmu.edu Sun Apr 18 11:02:18 1993 From: sward+ at cmu.edu (David Reeve Sward) Date: Sun, 18 Apr 93 11:02:18 PDT Subject: MEDIA: Adam Smith Message-ID: <4foNRYG00Uh_E2XtYF@andrew.cmu.edu> One person I didn't see listed is Adam Smith. Sometime during the last week of March he aired a piece about privacy - use of SSN, the information you can get via computer & modem and others. He may be receptive to wiretap chip debate. -- David Sward sward+ at cmu.edu Finger or email for PGP public key 3D567F fingerprint = E5 16 82 B0 3C 96 DB 6F B2 FB DC 8F 82 CB E9 45 From tcmay at netcom.com Sun Apr 18 12:11:02 1993 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 18 Apr 93 12:11:02 PDT Subject: Fighting the Wiretap Chip Plan Message-ID: <9304181911.AA04196@netcom.netcom.com> (I'm using the "Wiretap Chip" name instead of "Clipper," as someone has suggested. It _does_ carry a better message.) This essay is bit rambling, as I'm in my lousy editor and don't have time to rearrange things into a more formal essay. Instead, I'll just make a number of points. I've seen a lot of discussion here about who to talk to, how to phrase the issues, and so forth. Fax numbers (good!), phone numbers, etc. But let me point out that the public discussion is not likely to do very much, for several reasons. 1. A very tiny universe of listeners. Crypto is too abstract for most people. I doubt anything we say can change this. And "privacy" is a complicated theme....the anti- and pro-abortion sides have been bandying it about for over a decade, to little avail. The key is to reach the relatively small fraction of policy shapers, both outside government and inside. 2. Journalists want the pithy quote, the sound bite, the attention grabber. They don't really care if 37 faxes have been received in support of some position--that just isn't news. I often shake my head in despair at the demands for "good quotes," but I still try to spew them out. Ironically, my .sig block, with all the comments about "crypto anarchy," "information markets," "zero knowledge," etc., often were the triggers that got me in touch with journalists. For example, Julian Dibell of the "Village Voice" saw my stuff in sci.crypt last fall and called me...only then did he learn of the existence of the Cypherpunks group. Likewise, Kevin Kelly, of "Whole Earth Review" fame, and now editor of "Wired," contacted me to ask about the terms in my cryptically cryptic sig. (Some people have already put good stuff about "Stop the Big Brother Chip" and "Say No to the Wiretap Chip" in their sigs...this is great advertising!) 3. I've been interviewed on crypto matters by several journalists, all of whom I respect. (They were, for the record: Steven Levy, for the "Wired" piece, Kevin Kelly, as editor of "Wired" and for a possible story in "Whole Earth Review," Julian Dibell, for "The Village Voice" (forthcoming, he tells me), Dave Mandl, for a radio station in New Jersey, and a couple of minor quotes here and there. (I can't begin to compete of course with John Gilmore or Eric Hughes, in terms of numbers of interviews.) 4. My conclusion is that the very term "Cypherpunks" was useful--even though I had little to do with choosing the name and sometimes find it distasteful (I prefer Miles Davis to Nine Inch Nails, for example). Consider that there are already several well-publicized groups devoted to various aspects of computer privacy: the EFF, the CPSR, the ACLU, etc. (these groups should be well-known to all of you). Before we came along, complete with our semi-outlaw, trendy name, the standard process when a crypto or privacy issue came up would be to get obligatory interviews with John Perry Barlow (I like him, but if I read one more account of his experiences as a lyricist for the Grateful Dead I'm going to puke...this is overexposure with a capital "O"), Mitch Kapor, and various folks from the ACLU and CPSR. The Cypherpunks provide a useful contrast, in my opinion. 5. And the Cypherpunks turn out to have a lot of very bright and interesting people, including many from the phone phreaker community, the PGP development community, and various other subcultures (like FidoNet, modem makers, wireless communications, and so on). This automatically makes us more diverse than groups like the CPSR and ACLU. 6. In a sense, we occupy an ecological niche that meets certain journalistic needs. 7. In summary, I wouldn't place a lot of emphasis on standard political actions...it just doesn't go very far. Talking to our friends and family will have a miniscule effect, both in raw numbers and because the next election is a long way off. Need I say more? Subversive actions that generate media attention, that trigger other people to begin to do things (such as homebrew voice encryption with SoundBlaster boards and CELP compression, as just one example), and that create new communities (Cypherpunks, Extropians, etc.), are much more effective. By the way, in a more standard way of doing things, I've been in touch with Jim Bidzos, President of RSA Data Security. I sent out a note on this recently. And I'll be meeting this evening with Eric Hughes, who's visiting the Monterey Bay area. We may be calling an emergency meeting of the Cypherpunks soon. Stay tuned. Don't get me wrong, folks. These are crucial times. A "War on Crypto" that mimics the "War on Drugs" is a distinct possibility. Any actions we take, from writing letters to calling t.v. stations to boycotting vendors of the "Wiretap Chip," will be useful. -Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. From karn at qualcomm.com Sun Apr 18 12:14:32 1993 From: karn at qualcomm.com (Phil Karn) Date: Sun, 18 Apr 93 12:14:32 PDT Subject: Clipper details via Hellman Message-ID: <9304181914.AA03014@servo> From jwarren at autodesk.com Sun Apr 18 12:23:27 1993 From: jwarren at autodesk.com (Jim Warren) Date: Sun, 18 Apr 93 12:23:27 PDT Subject: illustrating govt's preoccupation with terrorism Message-ID: <9304181915.AA01239@megalon.YP.acad> This is an excerpt from a LONG msg echoed to me by Dave Farber. Though it's from USIA -- not a police/enforcement agency -- it is nonetheless heavily concerned with "terrorism", the theme repeatedly referenced in the White House's Clipper Chip announcement. I've included the first part down through the first article as an example, and gave only the headlines of the remaining articles -- but you get the idea. Just FYI. [And, no, I don't know where/how Dave got it electronically in the first place. :-) ] --jim =============== Posted-Date: Sat, 17 Apr 1993 11:15:04 -0500 From: David Farber X-Sender: farber at linc.cis.upenn.edu Subject: I hope this continues to be distributed To: interesting-people at eff.org (interesting-people mailing list) >UNITED STATES INFORMATION AGENCY >FOREIGN MEDIA REACTION--DAILY DIGEST > >For further information: Anne Chermak, Chief >Media Reaction Staff (P/M), Tele. No. (202) 619-6511 > >Monday, April 12, 1993 > > TERRORISM AND WORLD INSECURITY > >In recent editorials, Iran was universally recognized as the source >of the double threat of state-sponsored terrorism and Islamic >extremism. But beyond this fear and condemnation, journalists found >little common ground that would compel both North and South, and Arab >and non-Arab nations to work together to combat the global threat of >terrorism. For example, Egyptian and Algerian papers were in the >forefront in charging U.S. complicity in the current instability in >the Middle East. Those commentators asserted that the United States >had promoted Islamic fundamentalism during the Afghanistan War and >had further added to regional instability by alternately encouraging >Iraq and Iran. > >India's papers weighed the pros and cons of helping the West to >identify Pakistan's role in promoting terrorism, noting on the one >hand that doing so could "bring ruination to Islamabad's Kashmir >cause" but, on the other, could also bring India's security apparatus >uncomfortably close to the CIA and the Mossad. Arab papers continued >to portray Iraq and Libya as being unfairly treated by the UN while >Israel remains unpunished for resolutions which it has violated. > >Concerning Northern Ireland, President Clinton's message of >consolation to the victims of the Warrington bombing was seen in >British tabloids as signalling a tougher stance by the American >government against violence by the IRA. > > > >This survey is based on 32 reports from 10 countries, April 1-12. > >EDITOR: Gail H. Burke > > ===== This goes on for many pages with a range of article summaries including: > MIDDLE EAST >ALGERIA: "Middle East Equation Has Changed" >"Injustice Will Not Defeat Dignity" >"After the Neglect...Wake Up, Washington!" >"U.S. Did Not Make the Best Choice" >"Change of Tone" >EGYPT: "West Will Not Let Go Of Libya" >"Can Anybody Explain U.S. Contradictory Posture Regarding Iran?" >"Who Will Anti-Terrorism Front Target?" >"Puzzling Approach To Abdel Rahman's Stay In U.S." >"An Insult To Egyptian People, Leadership" >"Islamic Extremism Threat Has Links To Afghanistan War" >JORDAN: "Call For Arab Unity" >"Clinton Administration Should Start A New Page with Iraq" >"Arabs Should Not Support The U.S. Against Iran" >MOROCCO: "Something New In Lockerbie Issue?" >"The West Has To Understand Libya's Flexibility" >TUNISIA: "Why The War On Muslims?" > SOUTH ASIA >INDIA: "Time To Be Worldly-Wise" >"War By Other Means" >"Perils Of Intelligence Links With The CIA And Mossad" >"Embittering Ties With Pakistan" >PAKISTAN: "Another Step Closer" >"Terrorism In Kashmir" > EUROPE >BRITAIN: "Northern Ireland--Significant Gesture By Clinton" >"Clinton's Blown To IRA Killers" >ITALY: "Enter Iran" >"The Ayatollah's Latest Threat" >"Silence Over Israel" >"Warning to Iran, Islamic Fundamentalism" > > LATIN AMERICA >CHILE: "Iran's Objectives" From newsham at wiliki.eng.hawaii.edu Sun Apr 18 12:47:23 1993 From: newsham at wiliki.eng.hawaii.edu (Timothy Newsham) Date: Sun, 18 Apr 93 12:47:23 PDT Subject: clipper Message-ID: <9304181947.AA03035@toad.com> smb at att.com has created a newsgroup for clipper conversation. alt.privacy.clipper I believe. I think it would be best (in keeping traffic here down and in getting everybody interested in clipper together) if everyone uses that newsgroup for clipper topics if possible. From hal at alumni.cco.caltech.edu Sun Apr 18 12:55:09 1993 From: hal at alumni.cco.caltech.edu (Hal Finney) Date: Sun, 18 Apr 93 12:55:09 PDT Subject: IMPORTANT! Message-ID: <9304181952.AA16918@alumni.cco.caltech.edu> Based on some of the suggestions I've seen here and on the net, I am inclined more to believe that there is no threat to make non Clipper cryptography illegal. The plan instead is to make it a de facto standard for all encrypted voice communications. You will notice in the AT&T press release posted here that AT&T is offering to release its technical information in order to allow this standardization to proceed. (As the release said, you need more than just a common encryption standard, you also need standardization on the voice encoding.) AT&T is obviously in bed with the government on this, and it doesn't really matter at this point why. It's a big company and the government can do a lot for it. AT&T is apparently determined to take whatever steps are necessary for this standardization to come about. As far as non-clipper encryption, I imagine the government will initially exert as much influence as it can to prevent any competing standard from getting a toehold. They have apparently waited until the chips were ready to deliver in quantity. AT&T is promising to release clipper phones later this year. It's doubtful that anyone else could even come up with a standard that soon, let alone get it into hardware (or firmware). If the standard does become established, it could be tough to defeat it. How easy is it going to be to sell a phone which is incompatible with everybody else's for secure communication? You'd have to buy one for everybody in your company or group who wanted to communicate. Then if they wanted to make a secure call to someone outside (say, a supplier or distributor) they wouldn't be able to do it. It would be a similar problem to the video phones. Why buy one when almost no one else has one and so you can hardly ever use it? Who will buy a Beta VCR today? An RCA non-laser video disk? Non-clipper encrypted phones may experience similar lack of success. I think this is their main strategy. If it doesn't work, they have a fallback before they would have to forbid encryption in the way we have feared. That is to forbid the sale of commercial devices with non-clipper encryption. You don't stop private individuals from making their own devices, you just make it illegal to sell them. There is precedent for this, I think, in the scanner business. You can't sell scanners capable of eavesdropping on cellular calls. But nothing stops you from building your own if you are an electronics whiz. (I am not expert on the legalities of scanner law. Someone please correct me if I am wrong here.) Notice that in their document they said that U.S. citizens do not have the right to unlimited-strength commercial encryption. I didn't pay much attention to the word "commercial" before, but now I think it is important. This would imply that their next step would be to ban only commercial implementations of cryptography. This way they can counter our civil-liberties arguments by saying that nothing stops anyone from encrypting his messages if he really wants to; he's doing it in the privacy of his own home, after all. But when he gets out in the commercial arena the government has many precedents for limiting what is bought and sold, the scanner laws being just one of many. I'm not sure how ominous such a world would be - clipper chips dominating the (small) encrypted phone market, no commercial competition, and only a few hobbyists with PC's and modems able to set up clumsy untappable conversations via modem-to-modem links. I might be able to talk to Tim May securely, but not to Mom and Dad. In a way, I can still have privacy, if I really want it. But it won't be available to most people. I wouldn't be surprised if something similar to this vision were the goal of those behind the clipper. Hal From ncselxsi!drzaphod at ncselxsi.netcom.com Sun Apr 18 13:06:37 1993 From: ncselxsi!drzaphod at ncselxsi.netcom.com (Doctor Zaphod) Date: Sun, 18 Apr 93 13:06:37 PDT Subject: CLIP: Chip -- Modification? Message-ID: <46995.drzaphod@ncselxsi> I havn't waded thru the entire stream of CypherPunks mail yet... but I thought I'd make a suggestion. If the clipper chip DOES in fact become widespread, in telephones, modems, whatever.. why don't we make an alternative chip [say.. based off the IDEA cypher and PGP keys] that uses the same pinouts as the Clipper chip. We, on the list, have been waiting for devices with the capability for encryption.. and it sounds as if ATT will be making it easier for us! Of course there might be some legal conflict with modifiying the devices.. and I think that's where our battle begins. --------------------------------------------------------------------- | DrZaphod | Stop, or I'll Encrypt! | | [AC/DC] / [DnA][HP] | Xcitement is Technology and Creativity | | [drzaphod at ncselxsi.uucp] | [Mind Police Censored] | --------------------------------------------------------------------- DrZaphod [AC/DC] / [DnA][HP] [drzaphod at ncselxsi.uucp] Technicolorized From jwarren at autodesk.com Sun Apr 18 13:39:06 1993 From: jwarren at autodesk.com (Jim Warren) Date: Sun, 18 Apr 93 13:39:06 PDT Subject: Hellman cogitates on the Clipper Chip Message-ID: <9304182028.AA01470@megalon.YP.acad> Received this on Saturday and got Marty's permission to repost it to 'punks. --jim ====== From karn at qualcomm.com Sun Apr 18 13:47:37 1993 From: karn at qualcomm.com (Phil Karn) Date: Sun, 18 Apr 93 13:47:37 PDT Subject: Followup message from Hellman Message-ID: <9304182047.AA03182@servo> From zane at genesis.mcs.com Sun Apr 18 15:03:02 1993 From: zane at genesis.mcs.com (Sameer) Date: Sun, 18 Apr 93 15:03:02 PDT Subject: Media Sugestions, History of Clipper and Conspiracy theories In-Reply-To: <9304181016.AA32068@hacker2.eff.org> Message-ID: In message <9304181016.AA32068 at hacker2.eff.org>, Dave Banisar writes: > > RE: Press Blitz > > I have found from experience, with some success, that the best way to > handle press if you to contact local press and present yourself > as a local expert on the subject. This gives them a local connection This seems to be an EXCELLENT idea. I wholeheartedly think that every cypherpunk with a strong knowledge of crypto (I haven't a strong knowledge yet-- still a newbie) contact the local press and offer your services as a local crypto-expert. I think that I probably know 10-15 times more than the general public about crypto, and it also seems that most of the people on this list know about 10-15 times more about crypto than myself. Thus there's a HUGE gulf of knowledge which must be remedied. -- | Sameer Parekh-zane at genesis.MCS.COM-PFA related mail to pfa at genesis.MCS.COM | | Apprentice Philosopher, Writer, Physicist, Healer, Programmer, Lover, more | | "Be God" - Me __ "Specialization is for Insects" - Robert A. Heinlein ____/ \_____________/ \____________________________________________________/ From zane at genesis.mcs.com Sun Apr 18 15:04:12 1993 From: zane at genesis.mcs.com (Sameer) Date: Sun, 18 Apr 93 15:04:12 PDT Subject: Putting out a paper-magazine Message-ID: I HIGHLY suggest that publishing-inclined cypherpunks start publishing cypherpunk-oriented PAPER newsletters to: A) Get out the word about how Clipper sucks B) Educate people about strong crypto, in layman's terms (tough one) C) Raise public support for strong crypto. There are probably other reasons why we want to do this as well. (When the discussion here was about technical details, I was greatly interested, but I had nothing to say-- now that the time has come for activism.. I feel that I can help..) The idea for full-page ads is nice. I'd advertise for raising funds for such a venture in my libertarian-leaning newsletter. -- | Sameer Parekh-zane at genesis.MCS.COM-PFA related mail to pfa at genesis.MCS.COM | | Apprentice Philosopher, Writer, Physicist, Healer, Programmer, Lover, more | | "Be God" - Me __ "Specialization is for Insects" - Robert A. Heinlein ____/ \_____________/ \____________________________________________________/ From clark at metal.psu.edu Sun Apr 18 15:04:20 1993 From: clark at metal.psu.edu (Clark Reynard) Date: Sun, 18 Apr 93 15:04:20 PDT Subject: Cypherpunks--Mission Statement Needed Message-ID: <9304182253.AA01388@metal.psu.edu> CP is for Crypto Privacy, because we feel that privacy and cryptography are now more inextricably linked than ever. We shall likely have to use crypto to hide our crypto. CP is for Changing Policy, both CP policy and existing government policy. CP is for Conscious Paranoia. We know and understand the issues involved, both the political and the scientific. We _are_ paranoid, but we know _why_ we're paranoid, and justify it as a _rational_ response. [The use of 'paranoia' is loose, of course, since the strict meaning and popular meaning differ widely.] CP is for Cypher Punks. Cypher because not only do we use cyphers, but in a certain sense we _are_ cyphers. Punks? A contemptuous term created by those contemptuous of those who fail to pay allegiance to the Almighty Government. Should it be a badge of pride, or a shameful term used for a shameful purpose? I believe that if we are to be effective, we ought to decide on a number of tenets which just aren't in the FAQ now. Tim May's .signature seems as good a place to start as any. Methods of implentation, boat-rocking and some form of plan will likely be necessary. Send mail to me or to the list, preferably to my mail address at nyx.cs.du.edu; and I will summarize and post, stripping headers if requested and eliminating redundant entries. The FAQ needs to be revised, I believe, to reflect the current crisis, and I am more than willing to help re-write it if anyone finds it agreeable. Thank you. [Aside: I appear to be getting two copies of many letters-- if anyone makes a snide comment about multiple postings of articles, I'll, I'll, I'll, uh, grin and look sheepish-- and I wonder if others have this problem; it's not a double sub, per se, as some letters _aren't_ doubled. Ah, well, it's probably nothing, just the side effects of the surveillance software.] ---- Robert W. Clark rclark at nyx.cs.du.edu PGP signature available by mail or finger From zane at genesis.mcs.com Sun Apr 18 15:06:34 1993 From: zane at genesis.mcs.com (Sameer) Date: Sun, 18 Apr 93 15:06:34 PDT Subject: Address of major telecom decision makers (AT&T, etc.) In-Reply-To: <9304170414.AA23048@churchy.gnu.ai.mit.edu> Message-ID: If someone has the addresses of these people it would be a very good idea to post these addresses (addresses of the NIST, Denning, etc. folk would be good as well.. I don't know those but those are probably more well-known than head-AT&T folk) here so that we can inundate them with mail and use these addresses in the full-page ads we buy in the newspapers. -- | Sameer Parekh-zane at genesis.MCS.COM-PFA related mail to pfa at genesis.MCS.COM | | Apprentice Philosopher, Writer, Physicist, Healer, Programmer, Lover, more | | "Be God" - Me __ "Specialization is for Insects" - Robert A. Heinlein ____/ \_____________/ \____________________________________________________/ From uni at acs.bu.edu Sun Apr 18 15:17:31 1993 From: uni at acs.bu.edu (Shaen Bernhardt) Date: Sun, 18 Apr 93 15:17:31 PDT Subject: Status of Voice Encryption with PC/Mac? Message-ID: <9304182217.AA114200@acs.bu.edu> I keep hearing about voice scrambling technology in conjunction with high speed modems and soundblaster cards.... Anyone care to comment on the availability of said devices? The Supra people mentioned something, I'll check into it. how about the potential for RAW cyphertext from PGP? Hiding cyphertext in other mediums...? Is any of this available today? uni (Dark) From karn at unix.ka9q.ampr.org Sun Apr 18 15:31:38 1993 From: karn at unix.ka9q.ampr.org (Phil Karn) Date: Sun, 18 Apr 93 15:31:38 PDT Subject: voice privacy for the masses Message-ID: <9304182233.AA01522@unix.ka9q.ampr.org> I think Hal Finney's analysis is not far from the mark. Saner elements in the government probably do realize the utter impossibility of a complete ban on uncrackable crypto given the existence of talented, knowledgeable and highly motivated (especially now!) "cypherpunks". But the government has also found that with very little effort, they can still have an enormous practical effect on the non-cypherpunk masses. Heck, look at what the NSA did to the digital cellular standards by standing in the shadows and quietly threatening to withhold export approval to phones with meaningful technology. The NSA barely had to whisper its objections, because the industry simply doesn't care very much about customer privacy. Certainly not enough to risk not only their non-US markets, but also the ability to have phones manufactured overseas for the US market. And then NSA rubs salt in the wound by brazenly claiming that they're only concerned about encryption getting into the hands of unfriendly foreign governments. As far as they're concerned, they say with a perfectly straight face, Americans are free to use any encryption scheme they want. I wonder how people like that can sleep at night. Well, the implications are obvious. If the public is ever to benefit on a large scale from strong encryption technology, it cannot depend on a normal market to sell it to them in turnkey packages. As soon as you go into business overtly selling such packages, the government pressure will begin. They will make sure that you do not become too successful, either by banning exports or by flooding the market with inferior technology that they can break (like Clipper). So we need to create a rather nonconventional "market". More specifically, we need to find a way to bring the efforts of the cypherpunks to the public with minimal cost and in a way that the government cannot control. By far the best way to do this is to write and distribute free crypto software that requires only readily available general purpose hardware to run. As we know, duplicating and distributing software is so trivial that controlling it is virtually impossible. And while it's theoretically somewhat easier for the government to ban or regulate, say, modems faster than 2400 bps or CPUs faster than 10 MHz 286s, general purpose computer hardware like this has so many other "legitimate" uses that in practice a ban would again be impossible. I've contributed a little to this effort myself with my public domain DES code, but it's the PGP effort that has really made this a reality. PGP is now unstoppable, and it's well on the way toward providing large scale privacy for email and other textual information. But voice is still a problem. What we really need now is "PGVP" ("Pretty Good Voice Privacy"), i.e., a package of public domain software that, when again combined with readily available general purpose computer hardware, produces a highly secure telephone. We already have two of the three hardware components of a digital secure telephone well in hand: CPUs capable of encrypting digital voice in real time, and reasonably fast telephone modems. The one remaining piece to the puzzle is the vocoder, as conventional waveform sampling of speech produces a data rate too high for telephone modems. (Faster modems might alleviate the need for a low bit rate vocoder, but current generation modems are already running very close to theoretical limits, and there won't be too many more improvements.) Ready-made vocoders are available. In fact, my company (Qualcomm) just announced one (the Q4400) as a spinoff of our CDMA digital cellular system. It's a mask-programmed AT&T DSP-16A DSP chip. Unfortunately, like many leading-edge products, it's not cheap: $69/ea in quantity 1000, and reportedly nearly $200 in small quantities. A second alternative is to run your own vocoder software. But vocoders are notoriously compute-intensive, and they're traditionally run on DSPs. And DSPs do not yet qualify as "widely available general purpose computer hardware". That leaves a third possibility: tuning vocoder software to run in real time on a fast general purpose processor like a 486. John Gilmore has already obtained and distributed public domain code that implements the Federal standard CELP vocoder algorithm (used in government secure telephones, a nice twist) but my understanding is that it's too slow to run in real time on popular computers. Van Jacobson at LBL has reportedly tuned it to run in better than real time on a Sparc 1+, but he hasn't released it yet and he's a notoriously hard guy to get ahold of. So the request of the day is this: who's willing to take that CELP code, bum enough instructions out of it so it will run in real time on a 486, and place his or her work back out into the public domain? Phil From uni at acs.bu.edu Sun Apr 18 15:43:22 1993 From: uni at acs.bu.edu (Shaen Bernhardt) Date: Sun, 18 Apr 93 15:43:22 PDT Subject: FAQ's Message-ID: <9304182243.AA107262@acs.bu.edu> Perhaps someone should cook up a frequently asked questions sheet with regard to our position on the Wiretap chip proposal? Something bent a little more in the direction of consequences and not promises? Q: What will the Clipper Chip really mean for Privacy? A: The Clipper chip bills itself as the answer to a nations right for privacy, when indeed it is less secure than many of the algorithms in circulation today. Buying a Clipper Chip device is the same as handing the government your login password and accepting the promise, "We'll only use it with proper authorization..." Admittedly my example is less than eloquent, perhaps someone can come up with better? Given this format, and if the questions and answers are kept in layman's terms, it could reasonably be distrubuted to some of the less technical news groups and things like comp.mac.comm and such.... uni (Dark) From psionic at wam.umd.edu Sun Apr 18 16:18:11 1993 From: psionic at wam.umd.edu (Haywood J. Blowme) Date: Sun, 18 Apr 93 16:18:11 PDT Subject: Amiga programmers. Message-ID: <199304182317.AA18599@rac3.wam.umd.edu> A curious thought occurred to me several months ago, and it was recently brought up again when someone mentioned doing it on IBM's with soundblasters. This idea has been sitting basically on the back burner for a while now. But now with the current climate (Wiretap chip proposed) I think it is relevant. This idea basically applies to Commodore Amiga computers. So if you are a programmer and would like to help me with this please E-Mail me about it. The basic idea I think would need the following: - A sound digitizer - High speed modem - 68020 or above processor (for speed purposes) - Good encryption algorithm (IDEA for example) Implementing the system would involve using the digitizer to digitize the voice. Then processing the sample (in real time) through the encryption algorithm and sending the output to the modem for transmission. The process would be repeated on the other end. The problems I see occurring are the following - Speed of the computer affecting real time encryption - Synchronizing the data packets for accurate decryption on the other side. - simultaneous I/O on the serial and parallel ports(for modem and digitizer) - outputing to speakers on receiving end. - having the whole process operate in a full duplex mode (ie. both people can talk at the same time). I think the majority of functions can be handled by the system libraries and outside sources (such as xpkidea.library for encryption). Does this sound feasible?? ============================================================================= /// | psionic at wam.umd.edu | Q: How did the govt. decide to use an 80 __ /// C= | Craig H. Rowland | bit key for the new clipper chip? \\\/// Amiga| PGP Key Available | A: They combined Bill and Hillary \/// 1200 | by finger. | Clintons' IQ's. ============================================================================= From zane at genesis.mcs.com Sun Apr 18 16:23:16 1993 From: zane at genesis.mcs.com (Sameer) Date: Sun, 18 Apr 93 16:23:16 PDT Subject: CLIP: Sample/Draft letter to the editor Message-ID: I wrote up a letter to the editor on the issue, which I will send to the local newspapers and the major newspapers. I'd like comments, and criticisms so that I may make the letter more effective. I also plan on writing an article in my newsletter _The Free Journal_ on this big brother plan. (I plan on including excerpts from _From Crossbows to Cryptography_ in this "Crypto" issue as well.) Editor: The Clinton administration on Friday unveiled their plan for establishing a standard data encryption system for voice communications. This plan is abhorrent and reeks of Big Brother. President Clinton says that he wants to bring the United States into the twenty-first century. This proposal is bringing us to 1984. First I will mention technical reasons why the system is inadequate. The encryption algorithim is classified. Only a select group of people will be allowed to examine the algorithim for flaws. The members of the cryptographic community emphasize that the only way to make sure that a cryptographic system is secure is to have as many people as possible analyze and try to break it for as long as possible. A system which has been examined by a small segment of the population will not be trusted to be secure. The key used in this algorithim is very small-- it is easily attacked by brute-force. The encryption key is only eighty bits long. Such a small key lends itself to easy decryption by an unauthorized party. It would lend a false sense of security to laypersons in the field who do not realize that a key of such simplicity could be cracked easily by any talented criminal. Apart from the technical flaws in the system, there are many political problems with the recent big brother proposal. First, there is the assumption that the government has a right to spy on its own citizens. The proposal for this wiretap chip includes the registration of keys with two escrow agencies. This is purported to allow law enforcement to keep track of "terrorists" and "drug-dealers." The first flaw in this key-escrow system is that no self-respecting criminal will use a cryptography system which can be easily tapped by law enforcement officials-- they will use strong cryptography. Thus the only people who may end up using the wiretap encryption system will be law-abiding laypeople who don't fully understand cryptography. (Law-abiding citizens who do understand cryptography will use strong cryptography to preserve their privacy from a talented criminal.) The proposal says that in order to obtain the key of a wiretap chip user a law enforcement agency must first establish that they have a valid interest in the key. Translated out of legalese, that means that all a government agency will have to do to get access to all of the private communications between, for example, a lawyer and her client will be to fill out the necessary forms. Registering cryptographic keys with the government is similar to giving the IRS the keys to your house and filing cabinet. The chip is being manufactured exclusively by one company. The release stated that the Attorney shall request (i.e. coerce) telecommunication product manufacturers to use this product. This aspect of the system is a government-mandated monopoly. Such monopolies result in high prices and the elimination of market forces which drive the improvement of technology. (One needs only look at the state of the Soviet Union to see how the lack of market forces affects consumer technology.) What is feared the most from the proposal is that if the wiretap chip becomes the standard, strong cryptography will be declared illegal. If such is the case, then only criminals will have access to strong cryptography. As I have stated above-- the wiretap chip will not be used by criminals because of the obvious flaws in the crypto-system-- criminals will use strong crypto, while law-abiding citizens will have to use a system which can be easily defeated by any criminal. Strong cryptography already exists for data communications, for -free-. Strong cryptography for voice communications for -free- is only a few months away for people who own a personal computer. There is no way that making strong cryptography illegal will stop it-- it will only turn otherwise law-abiding citizens into criminals. Sincerely, Sameer Parekh -- | Sameer Parekh-zane at genesis.MCS.COM-PFA related mail to pfa at genesis.MCS.COM | | Apprentice Philosopher, Writer, Physicist, Healer, Programmer, Lover, more | | "Be God" - Me __ "Specialization is for Insects" - Robert A. Heinlein ____/ \_____________/ \____________________________________________________/ From newsham at wiliki.eng.hawaii.edu Sun Apr 18 17:03:28 1993 From: newsham at wiliki.eng.hawaii.edu (Timothy Newsham) Date: Sun, 18 Apr 93 17:03:28 PDT Subject: Amiga programmers. In-Reply-To: <199304182317.AA18599@rac3.wam.umd.edu> Message-ID: <9304190003.AA06605@toad.com> > The basic idea I think would need the following: > > - A sound digitizer > - High speed modem > - 68020 or above processor (for speed purposes) > - Good encryption algorithm (IDEA for example) > > Implementing the system would involve using the digitizer to digitize the > voice. Then processing the sample (in real time) through the encryption > algorithm and sending the output to the modem for transmission. The process > would be repeated on the other end. > > The problems I see occurring are the following > > - Speed of the computer affecting real time encryption > - Synchronizing the data packets for accurate decryption on the other side. > - simultaneous I/O on the serial and parallel ports(for modem and digitizer) > - outputing to speakers on receiving end. > - having the whole process operate in a full duplex mode (ie. both people > can talk at the same time). > > > I think the majority of functions can be handled by the system libraries and > outside sources (such as xpkidea.library for encryption). > > Does this sound feasible?? >From what I gather CELP takes about 10 to 15 MIPS and LPC takes somewhere under 5 MIPS on DSP chips. Instructions including fixed point multiplies and accumulations (not counting divisions). Thats quite a load for a 68020 to bear and still do encryption and communications isnt it? I have been working on an encrypted link protocol, I have written a unix end (w/ sockets for debugging) as well as some prototype amiga ends (nothing nice yet). It is basically a term program with an encrypted mode built in. I have released the unfinished but operational unix end so far (link.tar.Z) but have been too pressed for time to work on it lately. I am also working with a DSP chip and plan to implement LPC at bandwidths of about 2000 bps. This will be low quality (less than toll quality, but "good enough" for.. well for me :) I hope the end product will be reproduceable for under $50. (I am using the ADSP 2105 DSP microcontroller which offers 10 MIPS for about $12) Someone has mentioned that there is a ZYXEL chip that has CELP built in to it, this might be a faster way to go, does anyone have more details? I plan to incorporate the two when I am finished to allow encrypted voice between two endpoints, and hopefully also over some networks (were delay time doesnt cause too much problems, long distances over packet switching might not work so nicely). progress: I have developed and implemented the protocol engine of the link protocol and written a unix end. I have started assembling (but not programming) the DSP board, I plan later to add on-board d/a and a/d but for the time being I will be importing samples from the amiga, and retrieving LPC coded data. I am encouraging other people to use my protocol engine and incorporate it into terminal programs. From sommerfeld at orchard.medford.ma.us Sun Apr 18 17:37:05 1993 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Sun, 18 Apr 93 17:37:05 PDT Subject: Followup message from Hellman In-Reply-To: <9304182047.AA03182@servo> Message-ID: <9304190011.AA00158@orchard.medford.ma.us> Quoting Martin Helmann as forwarded by Steve Belloving and Phil Karn: she [Denning -sommerfeld] says the message is not double encrypted. The system key (or family key as she was told it is called) only encrypts the serial number or the serial number and the encrypted unit key. This is not a major difference, but I thought it should be mentioned and thank her for bringing it to my attention. This sounds pretty unlikely to me -- if the message isn't double-encrypted, the "tags" could be separated from the ciphertext without too much effort. Of course, it's not clear whether the receiving system checks the serial number, or whether the serial number is factored into E[M;K]; conceivably, those things could be reconstituted on the other end if the receiving wiretap chip needed them.. - Bill From vanam at phazer.ksu.ksu.edu Sun Apr 18 18:04:43 1993 From: vanam at phazer.ksu.ksu.edu (Stephen LeeSecond son of Caine) Date: Sun, 18 Apr 93 18:04:43 PDT Subject: unsub Message-ID: <9304190104.AA16243@phazer.ksu.ksu.edu> unsubscribe me please thanx.... Stephen From MJMISKI at macc.wisc.edu Sun Apr 18 18:14:20 1993 From: MJMISKI at macc.wisc.edu (Matthew J Miszewski) Date: Sun, 18 Apr 93 18:14:20 PDT Subject: MEDIA: Calm Message-ID: <23041820135802@vms2.macc.wisc.edu> Everyone, Im glad to see so many insightful letters being sent/broadcast to media types. I think that our cause would be better served with a toning down of the rhetoric and techno-talk. I understand what your saying but Joe Byline may not. Keep it simple. On that note, I think one more effective strategy is for some cypherpunks to write thoughtful letters which appear (or do) come from strict lay people scared at the thought of the "Wiretap Chip". If it appears that only techno- types care about this issue, then no one else will. I know non-crypto experts read this list, so this is a call to you to express your opinions publically as john/jane doe on the street. You dont have to speak to the technical side of things at all. Simply let the world know your afraid and so should everyone else. Leave the cryptoanalysis to the experts (Tim, Eric, et al) Keep up the good work everyone. Matt From hkhenson at cup.portal.com Sun Apr 18 19:21:06 1993 From: hkhenson at cup.portal.com (hkhenson at cup.portal.com) Date: Sun, 18 Apr 93 19:21:06 PDT Subject: AT&T Press Release on Clipper Message-ID: <9304181828.2.10206@cup.portal.com> On Sun, 18 Apr 1993 09:49:35 -0500 Dave Banisar posted: >Subject: AT&T Press Release on Clipper > >Here's AT&T's announcement on the Clipper. > > > AT&T TO INCORPORATE NEW 'CLIPPER' CHIP INTO SECURE COMMUNICATIONS >PRODUCT LINE > >GREENSBORO, N.C., April 16 > > AT&T (NYSE: T) said today it is moving to improve the security and privacy >of telephone communications by incorporating a just-announced new U.S. >government technology for voice encryption into its secure communications >product line. > > AT&T will use the Clipper chip, announced today by President Clinton as a [mucho deleted] > AT&T Secure Communications Systems is headquartered in Greensboro. > For more information about the AT&T Telephone Security Device 3600 >and other AT&T Secure Communications Products, call David Arneke at >919-279-7680. > CONTACT: David Arneke of AT&T Secure Communications Systems, 919-279- >7680,or after hours, 919-273-5687, or Herb Linnen of AT&T Media Relations, >202-457-3933, or after hours, 202-333-9162 Expecting to get a recording or something of the like, I called the last of these numbers, and got a considerably agitated Herb Lennen--at home--who had already been the recipient of a call or two. He was not happy, to put it mildly! I kindly informed him that his home phone number had been posted all over the computer nets by someone posting an official ATT press release, and that the government's universal wiretap chip, er Clipper chip, was fast becoming a controversial topic. He accused me of being with an "organized hacker group," and stated that he only talks to people from news organizations of the NYT and Wall Street Journal size. I offered to send him a sample of the comments, but he declined to give me his email address. (Though I suspect that Herb_Lennen at att.com might work.) Most interesting though, he told me that John Markoff had written the definitive (and he implied positive) story on the chip. Yo John! If you are not reading the cypherpunks list for the "other side" of this story, you might want to. Keith Henson From psionic at wam.umd.edu Sun Apr 18 19:50:39 1993 From: psionic at wam.umd.edu (Haywood J. Blowme) Date: Sun, 18 Apr 93 19:50:39 PDT Subject: Amiga Crypto Message-ID: <199304190250.AA12313@rac3.wam.umd.edu> Return-Path: >> The basic idea I think would need the following: >> >> - A sound digitizer >> - High speed modem >> - 68020 or above processor (for speed purposes) >> - Good encryption algorithm (IDEA for example) >> >> Implementing the system would involve using the digitizer to digitize the >> voice. Then processing the sample (in real time) through the encryption >> algorithm and sending the output to the modem for transmission. The process >> would be repeated on the other end. >> >> The problems I see occurring are the following >> >> - Speed of the computer affecting real time encryption >> - Synchronizing the data packets for accurate decryption on the other side. >> - simultaneous I/O on the serial and parallel ports(for modem and digitizer) >> - outputing to speakers on receiving end. >> - having the whole process operate in a full duplex mode (ie. both people >> can talk at the same time). >> >> >> I think the majority of functions can be handled by the system libraries and >> outside sources (such as xpkidea.library for encryption). >> >> Does this sound feasible?? newsham at wiliki.eng.hawaii.edu Writes: >From what I gather CELP takes about 10 to 15 MIPS and LPC takes >somewhere under 5 MIPS on DSP chips. Instructions including >fixed point multiplies and accumulations (not counting divisions). >Thats quite a load for a 68020 to bear and still do encryption >and communications isnt it? [Stuff deleted] This is true. But if a sampling rate of about 9000-10,000 samples per second are used this will allow for good voice quality and the encryption algorithm should be able to handle it. The IDEA implementations I have seen for the Amiga run about 30-50K per second on my Amiga 1200 with 68020. This should be fast enough. If you then can send that data directly to the serial port with a fast modem 14.4K it should work. But it might sound choppy (haven't done the figures yet on how much data would be going to the modem while the person speaks, but it may be substantial enough to make the use of a high speed modem not feasible. Also I have to consider that data compression in the form of LAP/M or MNP will be ineffective against the encrypted data as it will appear as white noise and will be largely uncompressable.. ============================================================================= /// | psionic at wam.umd.edu | Q: How did the govt. decide to use an 80 __ /// C= | Craig H. Rowland | bit key for the new clipper chip? \\\/// Amiga| PGP Key Available | A: They combined Bill and Hillary \/// 1200 | by finger. | Clintons' IQ's. ============================================================================= From ld231782 at longs.lance.colostate.edu Sun Apr 18 22:06:28 1993 From: ld231782 at longs.lance.colostate.edu (ld231782 at longs.lance.colostate.edu) Date: Sun, 18 Apr 93 22:06:28 PDT Subject: musings from a madman Message-ID: <9304190506.AA09069@longs.lance.colostate.edu> Hellman's Hints --------------- [Hellman] >When a message is to be sent it will first be >encrypted under K, then K will be encrypted under the unit key UK, >and the serial number of the unit added to produce a three part >message which will then be encrypted under the system key SK >producing > > E{ E[M; K], E[K; UK], serial number; SK} > >When a court order obtains K1 and K2, and thence K Just a quibble, Mr. Hellman says earlier that K1 and K2 lead to unit key UK, not family code K. And given the above, how do they ever decrypt the message if they don't have K, unless the scheme is insecure under the `family code'? (>barf<, leave it for the Ministry of Truth to come up with some user-friendly term for something inherently nauseating like `friendly fire', I wonder if Dingaling is behind this one too...) Do you get it? -------------- This little formula is not obvious to me. It seems to me two basic questions have to be answered, could someone spell these out given what's known? 1. How the phones interact prior/during a call 2. How the sinister TLAs wiretap 3. How casual eavesdropping by other than billion-dollary agencies is prevented (if at all) The Flimsy Code --------------- The family code is clearly a propaganda wrench in the works. `They' now have some pretty powerful ammunition--it must be secure if you get to change your code whenever you want, right? It's so simple anyone can use it! I'm a bit surprised it wasn't mentioned in the announcement. I guess all the hoopla and slick and vapid AT&T ads about `wow, you get to *choose* your combination!' will come a bit later, it'll fit in quite nicely with their `I' plan, as in Illegal... (I hope Sprint and MCI sue the pants off AT&T and the government for this outrageous collusion, unless of course they are in the collusion too...) Conspiracy Theories ------------------- how is it that CPSR and EFF came out with responses to the initial announcement virtually instantaneously after its release? Are they just really swift? I want to know what >every< single person on those mailing lists has to say about how their name got there and how long they knew about this abomination (and before they have a chance to agree on stories!). I don't appreciate Mr. Banisar's little slash suggesting that the issue is already closed and that anyone who thinks something just a tad unusual is going on is a deranged conspiracy monger... I think its kind of cute how he says that `nothing significant' appeared in the traffic... Who Has the Keys? ----------------- The evasion of `who stores the keys' makes me wonder. It suggests that the proposal was poorly crafted (which is true in any case), but, more likely, IMHO, the scheme is weak enough for the NSA (but maybe not cops) to break regardless, and hence their casual disregard for this seemingly monumentally crucial point. Also, they can make it sound like they are `compromising' by giving the appearance of public debate on the agencies, because it won't really matter, while diverting attention from the *real* issues (look here! see your rights? now you see 'em, now you don't... pick a key, any key---was it this one? >wow< how'd you *do* that?). What IS Acceptable ------------------ We should be prepared to say what >is< acceptable for the government to do; don't get caught off guard with a question like ``well, what are you people proposing as an alternative?'' Here are a few ideas... 1) Get the hell out of the cryptography and hardware development business, and leave private industry alone to do what it does best when not harrassed by extortionists and terrorists who shall remain nameless but have the initials N.S.A. ... 2) Let the NIST pick a phone encryption scheme after totally open debates and total noninvolvement by the NSA, who is obviously biased. We can note that this has been attempted to be followed for other encryption schemes (e.g. digital signature, DES, etc.) why not here? what's so special? 3) Let communications companies loose on it, stay out of the way or get trampled by the stampede, and we'll all be happy. Ministry of Truth (1993-?) -------------------------- Finally, drive home the point: the government may have always had the `precedent' (don't ever use `right' here) to *listen*, there has never been any assurance that they must *understand* what is being said, and we are assured by our Noble Constitution that we can say what we please, and if by exercising this fundamental and inalienable right we upset the fragile status quo, then so be it, because the monument of freedom of speech will always overshadow the weak and tenuous `precedent to listen'. Cryptography simply alters their *understanding* of what is on a line from the meaningful to the meaningless, and only the Ministry of Truth is allowed to regulate *meaning* (hm, maybe that will be the next government agency created under the New Regime...) Mea Culpa --------- sorry for the rough editing on the last message, that's what happens in the heat of the moment from one of those impatient and extremely agitated cypherpunks... For those of you keeping score at home, the ``Notice how the proposal talks about'' non sequitur should read ``Notice how the proposal talks about criminals and terrorists without any qualifications such as `alleged' and `suspected' ''. as my penance you have this little beauty in front of you... How Does Cypherpunk Sound? -------------------------- `cypherpunk' actually has some pretty endearing qualities as a name, and I'd be a bit horrified to give it up, just when I was waiting for the T shirt ``Cypherpunks do it stealthily'' (secretly? sneakily?). The public seems to have a bit of fascination for `cyberpunk' right now and we are just riding on it (stealthily? secretly? sneakily?). OK, so we don't publicize that term, but it could actually increase the glamor and mystery of the cause; we shouldn't pretend that we're not seriously pissed off... Quote Corner ------------ ``the TURNCOATS ARE COMING!'' ``REMEMBER THE LIBERTY!'' ``They're HEEEERE...'' ``Keys? I thought YOU had the keys! Do you have a crypt hanger? We better call the cryptsmith...'' From dasher at well.sf.ca.us Sun Apr 18 22:48:08 1993 From: dasher at well.sf.ca.us (D Anton Sherwood) Date: Sun, 18 Apr 93 22:48:08 PDT Subject: gentlemen Message-ID: <199304190547.AA19600@well.sf.ca.us> Who was the statesman who said, two generations ago, "Gentlemen do not read each other's mail"? By the way, the San Francisco Chronicle's business section's Saturday headline was Secret Phone Plan Under Fire or maybe it was Secure Phone Scheme Draws Fire *\\* Anton Ubi scriptum? From jamesdon at infoserv.com Sun Apr 18 23:27:00 1993 From: jamesdon at infoserv.com (James A. Donald) Date: Sun, 18 Apr 93 23:27:00 PDT Subject: subscribe In-Reply-To: Message-ID: <2bd1c9a7.jamesdon@infoserv.com> subscribe James A. Donald In case a human is reading this, I wish to subscribe to the cypherpunks mailing list. --------------------------------------------------------------------- | James A. Donald | Joseph Stalin said: "Ideas are more powerful | than guns. We would not let our enemies have jamesdon at infoserv.com | guns, why should we let them have ideas." From wbe at bbn.com Sun Apr 18 23:29:17 1993 From: wbe at bbn.com (Winston Edmond) Date: 18 Apr 93 23:29:17 Subject: Figuring out ZyXEL's CELP specs In-Reply-To: <116416f1@ofa123.fidonet.org> Message-ID: After various people expressed interest in the ZyXEL modem CELP specs... Tyrone.Horton at p101.f701.n202.z1.fidonet.org replied: > As far as CELP, ZyXEL will not be releasing the specs. OK. In that case, it's up to us to figure it out. :-) I saw the following post about 4800 CELP on another newsgroup and thought it might help someone here get closer to figuring out how ZyXEL's 9600 CELP works. PLEASE: the following message mentions a source of CELP source code that's free. Rather than everyone calling all at once, I suggest: (1) If you live in the D.C. area, maybe go ahead and call anyway and then post the results in this newsgroup. Otherwise (2) If you have a high interest and it's likely you'll actually do something with the information, POST A NOTE TO THIS NEWSGROUP saying so and wait a couple of days so we can all see who else is interested. (3) When the dust settles, the most interested, and/or those nearest Washington, D.C., call to get the source code and then post it to the newsgroup (if permitted). (Unfortunately, you may have to consider U.S. export restrictions, but since the author says the code "is available for worldwide distribution", I don't expect this to be a problem.) -WBE --------------------------------------------------------------------------- From: jpcampb at afterlife.ncsc.mil (Joe Campbell) Newsgroups: comp.compression.research Subject: Re: CELP vocoder refs Date: 17 Jan 93 21:38:07 GMT Organization: The Great Beyond Hi, I hope that the following information answers your questions. Joe The U.S. DoD's Federal-Standard-1016 based 4800 bps code excited linear prediction voice coder version 3.2 (CELP 3.2) Fortran and C simulation source codes are available for worldwide distribution at no charge (on DOS diskettes, but configured to compile on Sun SPARC stations) from: Bob Fenichel National Communications System Washington, D.C. 20305 1-703-692-2124 1-703-746-4960 (fax) Example input and processed speech files, a technical information bulletin, and the official standard "Federal Standard 1016, Telecommunications: Analog to Digital Conversion of Radio Voice by 4,800 bit/second Code Excited Linear Prediction (CELP)" are included at no charge. The following articles describe the Federal-Standard-1016 4.8-kbps CELP coder (it's unnecessary to read more than one): Campbell, Joseph P. Jr., Thomas E. Tremain and Vanoy C. Welch, "The Federal Standard 1016 4800 bps CELP Voice Coder," Digital Signal Processing, Academic Press, 1991, Vol. 1, No. 3, p. 145-155. Campbell, Joseph P. Jr., Thomas E. Tremain and Vanoy C. Welch, "The DoD 4.8 kbps Standard (Proposed Federal Standard 1016)," in Advances in Speech Coding, ed. Atal, Cuperman and Gersho, Kluwer Academic Publishers, 1991, Chapter 12, p. 121-133. Campbell, Joseph P. Jr., Thomas E. Tremain and Vanoy C. Welch, "The Proposed Federal Standard 1016 4800 bps Voice Coder: CELP," Speech Technology Magazine, April/May 1990, p. 58-64. The U.S. DoD's Federal-Standard-1015/NATO-STANAG-4198 based 2400 bps linear prediction coder version 53 (LPC-10e v53) Fortran or C simulation source codes are available on a limited basis upon written request to: Tom Tremain Department of Defense Ft. Meade, MD 20755-6000 USA The U.S. Federal Standard 1015 (NATO STANAG 4198) is described in: Thomas E. Tremain, "The Government Standard Linear Predictive Coding Algorithm: LPC-10," Speech Technology Magazine, April 1982, p. 40-49. There is also a section about FS-1015 in the book: Panos E. Papamichalis, Practical Approaches to Speech Coding, Prentice-Hall, 1987. The voicing classifier used in the enhanced LPC-10 (LPC-10e) is described in: Campbell, Joseph P., Jr. and T. E. Tremain, "Voiced/Unvoiced Classification of Speech with Applications to the U.S. Government LPC-10E Algorithm," Proceedings of the IEEE International Conference on Acoustics, Speech, and Signal Processing, 1986, p. 473-6. Copies of the official standards "Federal Standard 1015, ...", and "Federal Standard 1016, Telecommunications: Analog to Digital Conversion of Radio Voice by 4,800 bit/second Code Excited Linear Prediction (CELP)" are available for US$ 2.50 each from: GSA Rm 6654 7th & D St SW Washington, D.C. 20407 1-202-708-9205 Realtime DSP code for FS-1015 and FS-1016 is sold by: John DellaMorte DSP Software Engineering 165 Middlesex Tpk, Suite 206 Bedford, MA 01730 1-617-275-3733 1-617-275-4323 (fax) dspse.bedford at channel1.com DSP Software Engineering's FS-1016 code can run on a DSP Research's Tiger 30 (a PC board with a TMS320C3x and analog interface suited to development work) or on Intellibit's AE2000 TMS320C31 based 3" by 2.5" card. DSP Research Intellibit 1095 E. Duane Ave. P.O. Box 9785 Sunnyvale, CA 94086 McLean, VA 22102-0785 (408)773-1042 (703)442-4781 (408)736-3451 (fax) (703)442-4784 (fax) -- ............................................................................. ; Dr. Campbell N3JBC jpcampb at afterlife.ncsc.mil 74040.305 at compuserve.com ; ; My opinions are mine! Happiness = Reality - Expectations, Click & Clack ; ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From crunch at netcom.com Mon Apr 19 00:11:33 1993 From: crunch at netcom.com (John Draper) Date: Mon, 19 Apr 93 00:11:33 PDT Subject: My comments on the Clipper or Tapper chip, Message-ID: <9304190711.AA12484@netcom4.netcom.com> I don't know wheter or not I should post this in alt.security.pgp, or other newsgroups, but here's my official comments on what I think of the Clinton Adm "Clipper" or "Tapper" chip. Any press people are welcome to use it, and feel free to send it out wherever it will help. My official statement and comments on the "Tapper chip" ======================================================= I believe that the Clintom Admin is trying to push this idea through without giving much thought on the ramifications of this rather intreguing idea of "registering" your keys with some government agency. This overwhelming urge to "tap into" our private conversations is just going to promote private encryption and voice scrambling. It is not going to make law enforcement's job any easier to catch criminals, because they will also encrypt their voice and data. It reminds me of that popular bumper sticker "If guns are outlawed, then only outlaws will have guns". It is clear that the government considers encryption as a "weapon", used by the enemy to keep nosey people away. Look at the current export laws to convince yourself of that. I guess I can think of it as a weapon to preserve my privacy. This is not only going to get a bad reception in the industry, but it will cost the government more money by adding huge administration costs. Talk about government "FAT"? I thought our goals are to cut government spending, not add to it. Lets see!! You need two agencys (Hopefully ones that people can trust). Gee!! I cannot even think of just ONE agency that I can trust!! can you? Then, these agencys have to keep track of one half of an 80 bit key. I guess there is one key for each "clipper" chip, so there has to be the capability of millions of keys, each one has to perfectly match the other half. Then there will be people needed to "register" these "tapper" phones. Lets not even think about what happens when one decides to sell it!! MORE government FAT!!. I guess thats why they're called FAT CATS. Now, if I were a criminal, do you think I would be dumb enough to "register" my phone with the government. Of course not. I would probably get mine on the black market, or though some other illicit means!! If I were a law abiding citizen, would I trust some government agency with my encryption key? Would you?? Then, there is this classified algorithm used in the clipper chip itself. I'm sure its pretty good, and it is probably hard to attack and crack. But can you really be absolutely sure that there isn't some sort of "back door" in it?? It is clear that the industry hasn't been consulted, or ideas were not put forth in some public forum. So, where is this democratic process?? We ARE still a democracy, aren't we? How was this company that sells the "Clipper chip" selected?? Was RSA data security people contacted?? It is clear that a lot of questions have to be answered before something like this can be accepted. I just hope the right people make the right decision, and that PRIVATE encryption be the responsibility of the user, and NOT the carriers. It is important that more and more private encryption programs, equipment, etc, can be made available on the market. If RSA is two tight with their licensing fees and policys, then there should be more math whiz types making better algorithms than RSA's. The field is wide open, so lets exploit them!! John D. From hkhenson at cup.portal.com Mon Apr 19 00:21:09 1993 From: hkhenson at cup.portal.com (hkhenson at cup.portal.com) Date: Mon, 19 Apr 93 00:21:09 PDT Subject: Fighting the Wiretap Chip Plan Message-ID: <9304190012.2.12250@cup.portal.com> When this "Clipper chip" story broke, I was off on an extropian (if not cypherpunk) activity--helping freeze Alcor's 27 patient (another HIV+ case.) I doubt I am the strongest hardware person on these groups, but nobody else has commented on this aspect. You just *can't* make chips entirely resistant to reverse engineering. I know, I have spent close to 10% of my engineering career reverse engineering things. Given time and a few samples, *any* chip can be reverse engineered. This is especially true with tools such as SEM stimulator/state readers and Focused Ion Beam chip slicers and dicers widely available. *Somebody* will dig out every gate in their spare time. Thus the following statement looks very odd: >Q: How strong is the security in the device? How can I be sure > how strong the security is? > >A: This system is more secure than many other voice encryption > systems readily available today. While the algorithm will > remain classified to protect the security of the key escrow > system, Say what? Does this mean that if somebody slices up a chip and publishes the algorithm the "security of the key escrow system" is broken? Can a representative of the government say why, or if, this is the case? If it is not the case, why not publish the algorithm and be done with it? Because, soon as the chip can be bought over the counter or stolen, the algorithm will be deduced. > we are willing to invite an independent panel of > cryptography experts to evaluate the algorithm to assure all > potential users that there are no unrecognized > vulnerabilities. Well, unless the "independent panel" includes people who can follow the algorithm all the way through to silicon, I would not trust their report even if I trusted the experts, and that goes double for the next set of masks. Keith Henson From norm at netcom.com Mon Apr 19 01:31:45 1993 From: norm at netcom.com (Norman Hardy) Date: Mon, 19 Apr 93 01:31:45 PDT Subject: Hellman's Hints Message-ID: <9304190831.AA17466@netcom4.netcom.com> I presume that Hellman meant to say "K1 and K2, and thence UK" in place of "K1 and K2, and thence K" at least it makes sense that way. A later posting from Hellman (I think) emmended the description of the transmitted message from E{ E[M; K], E[K; UK], serial number; SK} to E[M; K], E{ E[K; UK], serial number; SK} If you know SK then you can compute (E[K; UK], serial number) Then knowing UK (= K1+K2) you can compute K from which you get M via E[M; K]. From arms!72 at bikini.cis.ufl.edu Mon Apr 19 05:47:20 1993 From: arms!72 at bikini.cis.ufl.edu (Lestat) Date: Mon, 19 Apr 93 05:47:20 PDT Subject: Request Message-ID: <2bd298b2.arms@arms.uucp> Please add me to your mailing list; as a passionate support of freedom of speech and expression of all kinds in all mediums, I'm concerned about the ClipperChip and interested in what you have to offer. Thanks, Lestat, aka Howard S. Jones 72 at arms.uucp From david at staff.udc.upenn.edu Mon Apr 19 05:58:09 1993 From: david at staff.udc.upenn.edu (R. David Murray) Date: Mon, 19 Apr 93 05:58:09 PDT Subject: Hellman's Hints In-Reply-To: <9304190831.AA17466@netcom4.netcom.com> Message-ID: <9304191256.AA17713@staff.udc.upenn.edu> Please excuse some questions from a somewhat crypto-naive person, but I'd like to try to understand this thing a little better so I don't make any stupid goofs if I talk about it. I presume that we can simply consider this 'universal' key as if it didn't exist? Well, actually, I suppose it prevents 'joe average' from getting the serial number, but certainly not foreign agents or any criminal who has motivation to get it(*). After all, a secret known by more than one person will not remain a secret long, and this one is going to be known by thousands. Why even bother with it? It seems like it just adds compute overhead that could be better used for other things. (* I assume the TLAs get it legally) The fact that the serial number is effectively in the clear then means that traffic analysis attacks can glean information for anyone who can get at the phone lines, yes? Even if the states were to outlaw caller id, these tapper phones would reintroduce that level of traceability. Even worse, in some ways, since your tapper 'identity' goes with you if you change phone numbers as long as you keep your old phone. Finally, can anyone explain to me how this thing /works/, at the simple 'this is what you do with this key' level of description of how RSA works? I can't figure out how two phones can communicate with each other without compromising one key or another, since RSA does /not/ seem to be involved in this (there is no public key registry, right?) Sorry if this is a dumb question . . . -- david david at staff.udc.upenn.edu From trystro!kaya at Think.COM Mon Apr 19 06:00:58 1993 From: trystro!kaya at Think.COM (Kaya Bekiroglu) Date: Mon, 19 Apr 93 06:00:58 PDT Subject: subscribe Message-ID: <9304191300.AA05048@Early-Bird.Think.COM> subscribe me. From sommerfeld at orchard.medford.ma.us Mon Apr 19 06:37:00 1993 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Mon, 19 Apr 93 06:37:00 PDT Subject: Amiga Crypto In-Reply-To: <199304190250.AA12313@rac3.wam.umd.edu> Message-ID: <9304191229.AA00116@orchard.medford.ma.us> I think you're off by a factor of 8.. 8K samples/sec is 8K bytes/second, not 8Kbits/sec If we had universal ISDN at 56kb/s or 64kb/s, encrypted voice using PC-class machines would be trivial. Instead, we have to compress down to a data rate comparable to ~1800 8-bit samples/second (V.32bis speed; modem compression won't do very much -- unless nobody's talking -- as voice samples do *not* compress effectively using compression algorithms optimized for ASCII text). While fiddling with my SoundBlaster and some dialogue sampled from a T.V. program last night, it became clear to me that cutting back to ~4K 4-bit samples/second isn't quite good enough, and the compression in either UNIX compress or PGP isn't really tuned for audio samples. It's not the crypto that's the limiting factor, it's the compression. That's why the CELP technology that Phil Karn and John Gilmore are talking about is so important.. - Bill From sommerfeld at orchard.medford.ma.us Mon Apr 19 06:37:27 1993 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Mon, 19 Apr 93 06:37:27 PDT Subject: Hellman's Hints In-Reply-To: <9304190831.AA17466@netcom4.netcom.com> Message-ID: <9304191241.AA00129@orchard.medford.ma.us> It occurred to me that the "clipper chip" makes it easier for the government to tap voice telephone trunks & do traffic analysis. Current long-haul phone technology uses out-of-band signalling on different, reportedly encrypted, trunks, so to make any sense out of the data trunks you also have to listen in on the signalling trunks and correllate what you record there with what you record off the data trunks. With the wiretap chip in place, all they need to do is to "surf" the data trunks looking for the encrypted serial number of the devices they're interested in. Depending on what the encryption tag blocks *really* look like, you might not even need SK in order to do traffic analysis. Even if the tag blocks are built with confounders and similar randomness included to discourage ciphertext matching, the SK can be found in *every single chip* and it's only a matter of time before someone gets it, either by electron microscope or by bribing some of the hundreds of people likely to have access to the key. - Bill From dmandl at shearson.com Mon Apr 19 07:12:24 1993 From: dmandl at shearson.com (David Mandl) Date: Mon, 19 Apr 93 07:12:24 PDT Subject: Mailing list name Message-ID: <9304191232.AA17766@tardis.shearson.com> > In the light of recent developments concerning government cryptography > initiatives, we might soon find ourselves innundated by working press. > > Given this, I think that the name "cypherpunks" produces the wrong > connotations -- it makes us sound like criminals when we are in fact > people who are interested in expanding personal privacy with > technology. Often, little things like this end up being of tremendous > importance in the long haul. > > I would propose changing the name of the mailing list to > "cryptoprivacy" or something similar. It denotes what we are about in > a way that mundane people understand better, and it portrays us in the > proper light -- as people struggling to improve the prospects for > personal freedom, not a bunch of "punks". > > Perry Perry, I'm absolutely stunned. What next: should we all make sure we shave every day (women: don't forget those legs and armpits!)? Or make tcmay remove the word "anarchy" and other ungood words from his .sig? Anyone who feels like talking to the press or lobbying her representatives (and I'm not claiming that those tactics are either good or bad) can wear a suit, makeup, a respectable haircut, or whatever--that's their decision. I can understand the need to confront this issue as a large and united group, and I suspect that other groups like the EFF, CPSR, etc., are better for that purpose anyway. You don't need to mention that you're a "cypherpunk" when dealing with media or government officials if you think that'll diminish your credibility or legitimacy. It's easy to be idealistic when things are good. At the _very first hint_ of trouble, we shouldn't immediately cower and go straight (this may seem like an exaggeration, but the name-change proposal strikes me as a dangerous first step). Shit, we're not even doing anything _illegal_. Relax. Love and Kisses, --Dave. From grady at netcom.com Mon Apr 19 07:38:12 1993 From: grady at netcom.com (1016/2EF221) Date: Mon, 19 Apr 93 07:38:12 PDT Subject: more specific address for 'agrep' Message-ID: <9304191438.AA13031@netcom.netcom.com> I've been asked to supply more specific directions for automated fetching of the source and documentation for "agrep," the powerful similarity pattern matching tool. It is at cs.arizona.edu 192.12.69.5 in directory /agrep/README /agrep/agrep-2.04.tar.Z /agrep/agrep.ps.1.Z /agrep/agrep.ps.2.Z (The .ps suffixed files are the optional postscript docs; a reasonably good research report with benchmarks is included.) Note for Macintosh MPW users: after a few hours of drudgery, I ported the tool to MPW 3.2.3 running under System 7.1. If you would like me to e-mail a binhexed copy of the tool suitable for dropping in to your MPW/tools folder, please write... I've been having lots of fun picking up the "lost" references to things I'm interested in. For example, starting a search like: agrep -1 -i 'Burning Chrome' cyberpunkspool immediately finds references like 'burning crome' that I have always missed before. See how many times John Gilmore's name is mentioned in the CUD archives (and how often misspelled). How about _your_ name? As usual, I will e-mail the uuencoded tar.Z upon request if you cannot do anonymous FTP. From grady at netcom.com Mon Apr 19 07:56:43 1993 From: grady at netcom.com (1016/2EF221) Date: Mon, 19 Apr 93 07:56:43 PDT Subject: Do it yourself voice encryption CELP Message-ID: <9304191456.AA14568@netcom.netcom.com> For those interested in off-the-shelf vocoders that implement the high-compression CELP algorithms, you might be interested in the ZyXEL model U1496E+ modem (about $400) that offers 19.8(and maybe v.fast when specified)/14.4 kbps fax/ CELP (subscribe to comp.dcom.modems for more info). For those interested in the CELP algorithm directly here is some specific directions on getting your own copy: From ESPAULDING at CENTER.COLGATE.EDU Mon Apr 19 07:57:31 1993 From: ESPAULDING at CENTER.COLGATE.EDU (ERIC "Thin 'n Crispy" SPAULDING) Date: Mon, 19 Apr 93 07:57:31 PDT Subject: Subscription request Message-ID: <01GX6YAQC7EQ90NU0W@CENTER.COLGATE.EDU> I wish to subscribe to the mailing list. Thank you. From dstalder at gmuvax2.gmu.edu Mon Apr 19 09:01:51 1993 From: dstalder at gmuvax2.gmu.edu (Darren/Torin/Who ever...) Date: Mon, 19 Apr 93 09:01:51 PDT Subject: AT & T Contact Point Message-ID: <9304191602.AA20825@gmuvax2.gmu.edu> I talked to Herb Linnen at AT & T. He talked to me some but kept harping on the point of how ATT is devoted to customer privacy and that the ATT Vice-President of Information Systems (I forget his name) is an expert on cryptography and he obviously can't be wrong when he says that the wiretap chip is robust. He asked that I call David Arneke or Bill Jones at 919-279-7680 to discuss this since his department wasn't involved in the wiretap chip. The ATT operators dealing with calling cards and residential phone service have had other people cancelling their accounts because of this... Think free, -- Defeat the Torin/Darren Stalder/Wolf __ Big Brother Internet: dstalder at gmuvax2.gmu.edu \/ PGP2.x key available. Proposal! Bitnet: dstalder at gmuvax Finger me. Write me for Sprintnet: 1-703-845-1000 details. Snail: 10310 Main St., Suite 110/Fairfax, VA/22030/USA DISCLAIMER: A society where such disclaimers are needed is saddening. From matt at oc.com Mon Apr 19 09:02:56 1993 From: matt at oc.com (Matthew Lyle) Date: Mon, 19 Apr 93 09:02:56 PDT Subject: Article from Knight/Ridder Wire Message-ID: <199304191602.AA04097@ra.oc.com> I hadn't seen this article fly by yet, so... ----- New Scrambler Designed to Protect Privacy, But Allow Police Monitoring By Christopher Drew, Chicago Tribune Knight-Ridder/Tribune Business News WASHINGTON--Apr. 19--As a step toward the development of vast new data "superhighways," the federal government has designed a powerful device that would protect the privacy of electronic communications by encoding them but still allow police to eavesdrop. Critics say the project, announced Friday by the Clinton administration, raises serious questions about the protection of civil liberties as more people use cellular and cordless phones and computer-based communications. They also warned that the device is not likely to help law-enforcement agents foil high-tech criminals unless it becomes the most widely used commercial encryption system - and drives private competitors out of the business. "'A.k.a. Big Brother,' that's what I call it," said Stephen Bryen, a former Pentagon official who runs a company developing a rival encryption system. Bryen said it was "very disturbing" that the government has gone so far with the previously classified project "without consulting with experts in the industry" whose investments could be wiped out. One high-ranking federal official, Raymond Kammer, acknowledged that such concerns are part of an "appropriate debate" that needs to be held over the project. "Maybe it turns out that society, as it debates this, finds it unacceptable," said Kammer, acting director of the National Institute for Standards and Technology. "I'm not sure. This is the start of that debate." Millions of people who exchange information via computers and make calls from cordless and cellular phones, which are especially vulnerable to interception, could be affected. Experts say an era is dawning in which traveling executives exchange electronic memos and negotiate sensitive deals via hand-held communicators using vulnerable wireless transmitters. In endorsing the plan, the White House described it Friday as an outgrowth of federal efforts to capitalize on advances in telephone and computer technology while preventing drug dealers and terrorists from finding new ways to mask their misdeeds. In last year's campaign, President Clinton pledged to invest billions of dollars in faster and more secure data links to enhance the standing of U.S. firms in the global economy. But as the computer industry has developed systems to enable businesses to scramble data transfers and telephone conversations as a safeguard against industrial espionage, a growing number of criminals also have begun using them to foil court-authorized wiretaps. Under the new plan, engineers at the National Security Agency invented a new coding device, called the "Clipper Chip," which is said to be much harder to crack than encoding systems now on the market. The government licensed two California companies - Mykotronx and VLSI Technology - to make the computer chips. The chips will form the "brains" inside small scrambling devices that can be attached to individual telephones. To spur the venture, the Justice Department will soon purchase several thousand of the devices. Military and spy agencies also are expected to use them. Private businesses would not be required to use the technology. But federal officials hope their sponsorship will establish the Clipper chips as the new industry standard and crowd out competing systems. Indeed, AT&T announced Friday that it will use the new chips in a desktop device for encrypting telephone conversations that it expects to sell for $1,195. But in return for gaining the extra encoding power built into the new system, users would have to accept the fact that government code-breakers would always hold the keys to tap into the information. In an effort to prevent abuses of civil liberties, federal officials said, they will set up a system in which they would have to match two coding keys held by different officials to unscramble any communications. National-security and law-enforcement officials could bring the keys together only under court- authorized operations. But Bryen said it is hard to see how the Clipper chips project will provide much help to the FBI. Even if the new coding devices drove others off the U.S. market, Bryen said, sophisticated criminals would simply buy encoding devices overseas, as many already do. Multinational and foreign-based companies also could prove leery of a system that has a built-in point of entry for U.S. authorities. The FBI separately is seeking legislation that would force telephone companies to modify their equipment to keep other advances in technology from hampering its ability to perform wiretaps. AT&T and other phone companies have opposed this idea. END!B&?TB-SCRAMBLER Transmitted: 93-04-18 23:12:00 EDT From matt at oc.com Mon Apr 19 09:02:59 1993 From: matt at oc.com (Matthew Lyle) Date: Mon, 19 Apr 93 09:02:59 PDT Subject: Article 2 from Knight/Ridder Message-ID: <199304191602.AA04101@ra.oc.com> -- Matthew Lyle (214) 888-0474 OpenConnect Systems matt at oc.com Dallas, TX "...and once you have tasted flight, you will walk the earth with your eyes turned skyward, for there you have been, and there you long to return..." Computer Group, Libertarians Question Clinton Phone Privacy Stance By Rory J. O'Connor, San Jose Mercury News, Calif. Knight-Ridder/Tribune Business News SAN JOSE, Calif.--Apr. 17--Civil libertarians and a major computer industry group raised concerns Friday about how much protection a Clinton administration plan would afford private electronic communications, from cellular telephone calls to computer data. The administration Friday said it would begin using technology developed by the government's National Institute of Standards and Technology to balance two competing interests: the desire of citizens to keep their conversations private and the need for law enforcement agencies to monitor those conversations after getting a court order. The technology that enables this is a computer chip called the Clipper Chip that scrambles a telephone call or computer message using a secret algorithm, or formula. But each chip also comes with a pair of electronic "keys" that could be used by law enforcement agencies to decipher the secret messages generated by the chip. The Clinton proposal calls for one key to be held by each of two separate "trusted" third parties, who would release them to law enforcement agencies that obtained legal authority to intercept the communications. Both keys would be needed to decipher a message. The Electronic Frontier Foundation, a not-for-profit civil liberties group, praised the administration for considering the issue. But it criticized the lack of public input into the plan. "They've announced a big inquiry with public input, but they've reached a conclusion before they started," said Daniel J. Weitzner, staff counsel for the Washington-based foundation. Although the administration's plan calls only for equipping government telephones with the security devices, some groups are concerned the plan might become a standard for all manner of electronic communication before the public has a chance to debate its merits. "I don't want to sound too stridently opposed to this," said Ken Wasch, executive director of the Software Publishers Association (SPA) in Washington. "But...we feel blindsided." The SPA was discussing data security issues with Clinton administration officials but had not expected any White House action until August, said Ilene Rosenthal, general counsel. Besides the lack of initial hearings, both groups said they had two major concerns about the Clinton plan: - Because the algorithm itself is secret, the groups say it is impossible for the public to discern if it is truly secure. Users can't be certain government spy agencies have not hidden a "back door" in the software that will allow them to read anything they want. "So far there hasn't been a credible explanation about why the algorithm has to be secret," Weitzner said. - The administration hasn't decided who will be the escrow agents, and it seems unlikely any government agency, corporate entity or other organization would be deemed trustworthy by every user. Even assuming all concerned can agree on who will hold them, civil libertarians are concerned that the keys, by giving law enforcement agencies access to individuals' private communications, might pose a threat to constitutional protections against self-incrimination. Washington sources who requested anonymity suggested the White House might have drafted its plan quickly because of concern over sales of an AT&T device that encrypts phone calls using an older standard, Data Encryption Standard. The sources said law enforcement officials feared the device would create an explosion in secured telephone traffic that would severely hamper their efforts to wiretap calls. American Telephone & Telegraph Co. announced Friday it would adapt the $1,200 product, called the Telephone Security Device, to use the Clipper Chip by the end of this fiscal quarter. AT&T makes a related device, which encrypts voice and computer data transmissions, that could be converted to the Clipper technology, said spokesman Bill Jones. Jones said he wasn't aware of any concern by the government over the current model of the Telephone Security Device, which has been sold to government and business customers. At least one company was quite pleased with the plan: San Jose chip maker VLSI Technology, which will manufacture the Clipper chips for a Torrance company that is selling them to the government and to AT&T. VLSI, which invented a manufacturing method the company said makes it difficult to "reverse engineer" the chip or discern the encryption scheme, expects to make $50 million in the next three years selling the device, said Jeff Hendy, director of new product marketing for the company. END!A?SJ-SECURITY Transmitted: 93-04-18 21:06:00 EDT From wixer!wixer.bga.com!gumby at cactus.org Mon Apr 19 09:44:57 1993 From: wixer!wixer.bga.com!gumby at cactus.org (Douglas Barnes) Date: Mon, 19 Apr 93 09:44:57 PDT Subject: Wiretap Chip Questions Message-ID: <9304191559.AA19235@wixer> I am working on articles and article proposals for some local media outlets. I need to get some specific information regarding the Clipper Chip (aka Wiretap Chip) proposal: Questions: 1) What is a rough estimate of how long it would take a brute-force attack on an 80-bit key using a parallel architecture system costing less than, say, $25,000 two to three years from now. 2) How, in your opinion, would this affect the creation of international standards for encryption? Would this help or hinder development of the global economy? 3) I understand that the scheme relies on the secrecy of the encryption algorithm to protect the transmission of keys at the beginning of a session. (It uses a system key to encyrpt the keys for the two devices). If the algorithm is successfully reverse-engineered, does this compromise the entire system? 4) I am assuming that this system would be just as vulnerable to a "known plaintext attack" as other schemes. Is this correct? Please identify yourself and your credentials, and indicate whether or not you wish to be quoted in any articles on this subject. Thanks, Douglas Barnes gumby at wixer.bga.com From jthomas at coconut.MITRE.ORG Mon Apr 19 10:07:52 1993 From: jthomas at coconut.MITRE.ORG (Joe Thomas) Date: Mon, 19 Apr 93 10:07:52 PDT Subject: CLIPPER: Network World article Message-ID: <9304191612.AA04115@coconut> >From Network World, April 19, 1993, quoted without permission: --- Clinton security plan hints of Big Brother Clipper Chip would let governemnt eavesdrop on encrypted voice and data communications. By Ellen Messmer Senior Correspondent WASHINGTON, D.C. -- President Clinton last week announced a policy review of encryption while endorsing a new encryption technology called Clipper Chip that would give law enforcement agencies a key to unlock users' encrypted communications. [rehash of various press releases deleted] But government officials had a difficult time last week rebutting the question why any criminal would use a Clipper Chip-based product when the person knows the government could listen in, particularly since there are a host of other encryption products available on the market that are, in theory, unbreakable codes. "A criminal probably wouldn't use it," said Mike Agee, marketing manager for secure products at AT&T, adding that the Clipper Chip is for the rest of the world. [familiar Kapor quote deleted] --- Nice quote, that. I like the headline, too. Joe From jthomas at coconut.mitre.org Mon Apr 19 10:09:58 1993 From: jthomas at coconut.mitre.org (Joe Thomas) Date: Mon, 19 Apr 93 10:09:58 PDT Subject: Article from Knight/Ridder Wire Message-ID: <9304191709.AA04224@coconut> matt at oc.com (Matthew Lyle) writes: > New Scrambler Designed to Protect Privacy, But Allow Police Monitoring By > Christopher Drew, Chicago Tribune Oh, well, if only Chris can do it, I guess it's okay. I trust him with my keys... ;^) Joe From pmetzger at lehman.com Mon Apr 19 10:25:07 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Mon, 19 Apr 93 10:25:07 PDT Subject: Mailing list name In-Reply-To: <9304191232.AA17766@tardis.shearson.com> Message-ID: <9304191724.AA16244@snark.shearson.com> David Mandl says: > > In the light of recent developments concerning government cryptography > > initiatives, we might soon find ourselves innundated by working press. > > > > Given this, I think that the name "cypherpunks" produces the wrong > > connotations -- it makes us sound like criminals when we are in fact > > people who are interested in expanding personal privacy with > > technology. Often, little things like this end up being of tremendous > > importance in the long haul. > > > > I would propose changing the name of the mailing list to > > "cryptoprivacy" or something similar. It denotes what we are about in > > a way that mundane people understand better, and it portrays us in the > > proper light -- as people struggling to improve the prospects for > > personal freedom, not a bunch of "punks". > > > > Perry > > Perry, I'm absolutely stunned. What next: should we all make sure we shave > every day (women: don't forget those legs and armpits!)? Or make tcmay remove > the word "anarchy" and other ungood words from his .sig? I notice, David, that you wear a tie when you come in to work in the morning. (I happen to work with Dave.) Why do you do this, in spite of your general dislike for imposed standards? Because you want something out of your employer and feel its better to put up with the minor inconvenience of wearing a tie. Look, we can give people cryptography, or we can change their notions of what "punk" means. Its not necessarily possible to do both at the same time. I vote for keeping the world free, and putting up with minor inconveniences in the meantime. I never liked "cypherpunks" in the first place. I'm not a punk. I'm a reasonable person. Reasonable people want the world to be free -- its not just a "punk" viewpoint. We want people to have privacy via cryptography. Something like "cryptoprivacy" seems like a better reflection of who we are. Perry From deltorto at aol.com Mon Apr 19 10:31:30 1993 From: deltorto at aol.com (deltorto at aol.com) Date: Mon, 19 Apr 93 10:31:30 PDT Subject: FWEE!: Silence is Golden, already Message-ID: <9304191332.tn35237@aol.com> Gang, Lance Detweiler wrote a rather stinging (and somewhat rude, IMHO) rebuttal of Will Kinney's posting: >>Mr. Kinney's comments annoy me tremendously. They bespeak a lukewarm, >>lackadaisical, and wishwashy view of something of extreme importance. >>Frankly, it bothers me that it has taken this long just to get the >>whistleblower group going. I don't think anything is being accomplished >>by delaying newsgroup creation. It just gives people who are enemies >>more time to mount a concerted attack against this new blip in the status >>quo. Mr. Detweiler's (who is otherwise pretty sensible and intelligent on this list) comments annoy me tremendously. To imagine that Mr. Kinney is without passion just because he doesn't run across the ice without listening for cracks first is to vastly underestimate his intelligence. That sort of thinking gets your tail wet every time, Lance. Better to proceed cautiously and stay dry. Who says a measured, patient build doesn't result in solid software (to be metaphorical)? Using Lance's logic, we'd all throw together code "real fast" and not worry about it crashing on everyone's systems. I like my 1.0's more stable than that, and I just don't understand this need that some folks have to rush the WB into the public light. In fact, I can't imagine why it should be public at all! I think Lance and others have no clue about how Whistleblowing works! However, I think I might have an idea why Lance et. al. are so confused: There are TWO DIFFERENT WB systems being discussed here! That's right! TWO! DIFFERENT! [1] Lance is talking about a USENET newsgroup. [2] I'm talking about a service that uses the Internet, but NOT a NEWSGROUP! Why does WB info need to be placed in public view? Since when does someone with sensitive information blow it all over the front pages? Never. They call a reporter first and let him do the legwork with proof they provide: THEN the reporter blows it all over the front page. I believe that Lance and the USENET folks want to get their jollies and read all about it in public on their own personal USENET front page newsgroup (doomed to be a "narc fest" as someone sagely termed it), whereas MY idea is to have the Cypherpunks pool technology and assistance to set up something that is used by others outside the inbred USENET community for the common good and taking advantage of the inherent advantages of anon/encrypted email technology. My original concept was not intended to glorify anyone, least of all the Cypherpunks. In fact it shoould be as QUIET AS POSSIBLE to be of any good at all. Why is it necessary to get all this glory if the WB system provides REAL WORLD BENEFITS to the people? Hmmm? Think about it: whose good are we in it for: our own or everybody's? Let me be a bit more specific about my vision, lest Lance or anyone jump all over Will Kinney or anyone else with sound ideas (and decent Sun Tzu quotes) any further: [1] The WB System is a stand-alone email system using anonymous mixes and encryption to provide secure, safe communications between two primary groups: - Whistleblowers: People in Government and Industry who have first-hand information about abuse of human rights, public funds and/or the Constitution, etc. by members of Corporate and Government entities. - Users: Members of the Press, members of Congress and representatives of public-interest activist groups (eg. Ralph Nader, James Love, Greenpeace, Amnesty Int'l, Worldwatch, Consumer Reports, NORML, etc.) who can INVESTIGATE the reports and TAKE ACTION on them against the abusers in the public eye and in the Courts. Many of these people are clueless about email, much less the Internet, anonymous remailers or encryption - but they know what they need and they know we've got it. [2] The system consists of a network of anonymous mixes laid over the Internet and reaching in and out of the borders of the US wherever applicable. It is not a USENET newsgroup for public digest, although occasional digests would be posted to USENET by interested Cypherpunks. Anyone who insists on discussing these sensitive plans in public is IMHO working against the interests of the WB Team and should be considered one of the Enemy. Anyone who wants to test the technology should be encouraged to do so on the Cypherpunks list and NOT on USENET, thus maintaining a certain amount of "radio silence." Broadcasting the D-Day invasion was considered Treason: broadcasting the WB launch is the same kind of betrayal of the Cypherpunk Ethos, IMHO. THose who would betray us should be asked to go away in the interest of all those people who would be hurt by a crippled WB system. What we need is cunning and stealth, not big-mouthed dweebs (present readership excluded, natch) who can't keep something quiet. >>If you think that you are the whistleblower moderator, fine. Be one. >>But we need a completely unmoderated group. If you think you have any >>right to hold up an unmoderated group to squeeze through your own >>bottleneck, please go elsewhere. I don't think any such thing. If nominated, I will not run, if elected, I will not serve. However, I think your idea that WB should be a group, moderated or otherwise, is completely off-kilter. All I'm asking is that you let go of the glory and let it do its work quietly and effectively, without me, even. >>I just don't get it. This is a group like any other. >>Why do you think the whole international public has >>to be prepared for its creation by you personally? I'm not even sure if I should bother to answer such a completely misguided question, but I will: I do not think this, and have never even implied anything of the sort. Furthermore, IMHO, it ain't a group: it's a new kind of beast and you're trying to apply old paradigms to it. Shift, man. I am only trying to help something be born properly. >>You are talking to many people (i.e. bureacrats and legislators) who >>may be totally displaced and bypassed (i.e. lose illegitimate power) by >>this service. There are a great many people you are talking to, I >>think, whose every interest is to totally castrate the project of any >>`offensiveness'. I think you are trying to operate on a much more >>respectable level than is possible currently. That level can only be >>attained by a gradual evolution of the medium, starting with something >>rather crude, kludgy, and unsophisticated. Call your local Congressperson's office and tell them there is a possibility that they could receive whistleblowing info on Govt abuses from reliable sources reporting via direct anon/encrypted email and see if they think it's offensive. My experience is that they rub their hands with glee - it might be dirt on their opponents. Try the same thing with ANY member of the Press or any Activist Org (I suggest your local Amnesty Int'l office). If they complain it's "offensive," and you can prove that, I will personally buy you a car. If you can get them to label it as "respectable" I'll throw in a boat. Since I'm poor, you can gather that I feel pretty certain it won't happen. >>Your efforts amount to singlehandedly educating the public about the >>Internet. Nope, just email. How to get it and send it anonymously and encrypt it with PGP, but that's enough for most people. They could use CompuServe, I don't care. Whatever's easy. No messy Newsgroups, no Internet user's guides, nothing fancy: I leave stuff like that to Ed Krol. This is WB-ing for the common person. Lowcommondenominatorsville. I can't IMAGINE where you read this stuff into my postings - it must be YOUR agenda laid over mine... >>>- We haven't figured out who'll be polled to send in msgs and exactly HOW >>>we'll offer them some sort of anonymity and what they need to do >>afterward. >> >>polled? sounds like an election, like something democratic, like >>something that can be twisted by a misguided majority. Again, you sound >>like you are looking for a group with high quality control. >>Unfortunately, I think this goal is largely antithetical the essential >>spirit of the whistleblower idea. The whistleblower is alone and >>isolated, almost by definition. Somehow, the word has to be passed across the Internet and other media (print, TV) to potential WBers. I invite your ideas as to how to do this. >>Your ideas on filtering incoming >>messages, gained from those you've talked to, sound rather naive and >>dangerous to me. Filtering? Did I say that? I think I said that the Users would have to filter out the useful WB messages from the bogus, as they would with any volume of WB info coming in. This is their job, not mine and is the natural thing to do. Call if "verification" if you like, it's still a LOT of work for them, not for us (or me). There's nothing naive about this: if someone calls you and says "the DOD spent $80K on a toothbrush," you would have to make sure it was true before you went to Congress or to a Court or the front page. Simple as that. >>The [US Constitution] is not perfect. There are flaws and cracks >>that have poked through after 200 years. Do you think our judicial >>system is as effective as possible? Do you think our legislative system >>is the most representative of people's expectations of and directives >>to their subservient government? Do you think our government today >>truly represents, in all ways, the intentions of its founders? Do you >>think they considered all possible scenarios? Do you think they would >>not want to make some minor adjustments or major changes after seeing >>200 years pass from their noble experiment? Do you think that anything >>that is dynamic can be static? Do you think I would be working so hard on a friggin' Whistleblower project if I could answer 'yes' to _any_ of those questions? What are you THINKing? >>Look at everything that is efficient in the world, and you will see >>that it is so because of *independently operating* components, with >>minimized centralized control. >>[...] >>Message transmission on the internet is so >>reliable because virtually an infinite number of routing pathways exist >>that a message can take, avoiding any obstacles, each component >>performing its job *independently*. Exactly why Wb should be a non-USENET-oriented phenomenon, not associated with any attackable entity, totally in the hands of individual WB's and their corresponding Users. >>Now, let me hear again how you want >>us to submit all our public keys to you, submit the group guidelines >>for your personal perusal (and presumably veto), and wait for all your >>congressional friends to understand the concept? And how this will >>ultimately lead to an ideal and robust system? Man, you really don't read me very carefully, do you? I don't want all your Public keys so I can control anything, I want them so I can discuss elements of the technology with each of you who volunteer to add a brick to the structure of the system. Period. If you want to discuss things in the clear, that's your right, I just might not want to send you sensitive info that might compromise others, so it's your loss. Besides, why are you guarding your PUBLIC key like I'm some sort of enemy? And I have NO INTEREST and have never espoused any interest in becoming a veto power over the Guidelines, only the collector of everyone's ideas, a position i would GLADLY vacate at the drop of a SprintPin if someone else was doofus enough to volunteer. As for waiting for all my "congressional friends:" I have no friends in Congress, in fact, I have very little respect for anyone holding public office. The only reason I called any of them was [1] because they might impart a bit of respectability to our efforts if they sign on early, and [2] congressional committees and their investigators routinely raise hell with other branches of Govt (eg. the Military) and the prospect of supplying them with ammunition to shoot at each other pleases me immensely. >>You simply don't understand. This idea is bigger than you, it is bigger >>than me. Anyone who tries to wrap themselves completely around it will >>explode from the pressure. Thanks for your advice. Sheesh. FYI, the only thing I wrap myself completely around is a burritto. Bang! :) >>Let's' start a mailing group for `nambypambypunks'. This sort of ad hominem puerility doesn't even deserve a response. I'm tired of discussing this here: If anyone is still too dense to understand what I'm saying about patience, silence and persistence at this point, they have no business using anything as complicated as a computer. If those people continue to insist on trashing all the leg and phonework I have put in contacting Users by blorting the WB concept all over USENET with half-assed, ill-conceived newsgroups and Votes on Vaporware, I may just go elsewhere to do my good works and see if there are any people who have good invisible ink technology and can make up physical envelopes without leaving fingerprints. I imagine that those Cypherpunks who've put significant time into coding the anon and crypto technology can empathize. I don't feel like repeating myself any more. Let's be Golden, shall We? dave (slow and steady but getting pretty fed up by now) From deltorto at aol.com Mon Apr 19 10:40:50 1993 From: deltorto at aol.com (deltorto at aol.com) Date: Mon, 19 Apr 93 10:40:50 PDT Subject: FWEE!: Silence is Golden, already Message-ID: <9304191339.tn35251@aol.com> Gang, Lance Detweiler wrote a rather stinging (and somewhat rude, IMHO) rebuttal of Will Kinney's posting: >>Mr. Kinney's comments annoy me tremendously. They bespeak a lukewarm, >>lackadaisical, and wishwashy view of something of extreme importance. >>Frankly, it bothers me that it has taken this long just to get the >>whistleblower group going. I don't think anything is being accomplished >>by delaying newsgroup creation. It just gives people who are enemies >>more time to mount a concerted attack against this new blip in the status >>quo. Mr. Detweiler's (who is otherwise pretty sensible and intelligent on this list) comments annoy me tremendously. To imagine that Mr. Kinney is without passion just because he doesn't run across the ice without listening for cracks first is to vastly underestimate his intelligence. That sort of thinking gets your tail wet every time, Lance. Better to proceed cautiously and stay dry. Who says a measured, patient build doesn't result in solid software (to be metaphorical)? Using Lance's logic, we'd all throw together code "real fast" and not worry about it crashing on everyone's systems. I like my 1.0's more stable than that, and I just don't understand this need that some folks have to rush the WB into the public light. In fact, I can't imagine why it should be public at all! I think Lance and others have no clue about how Whistleblowing works! However, I think I might have an idea why Lance et. al. are so confused: There are TWO DIFFERENT WB systems being discussed here! That's right! TWO! DIFFERENT! [1] Lance is talking about a USENET newsgroup. [2] I'm talking about a service that uses the Internet, but NOT a NEWSGROUP! Why does WB info need to be placed in public view? Since when does someone with sensitive information blow it all over the front pages? Never. They call a reporter first and let him do the legwork with proof they provide: THEN the reporter blows it all over the front page. I believe that Lance and the USENET folks want to get their jollies and read all about it in public on their own personal USENET front page newsgroup (doomed to be a "narc fest" as someone sagely termed it), whereas MY idea is to have the Cypherpunks pool technology and assistance to set up something that is used by others outside the inbred USENET community for the common good and taking advantage of the inherent advantages of anon/encrypted email technology. My original concept was not intended to glorify anyone, least of all the Cypherpunks. In fact it shoould be as QUIET AS POSSIBLE to be of any good at all. Why is it necessary to get all this glory if the WB system provides REAL WORLD BENEFITS to the people? Hmmm? Think about it: whose good are we in it for: our own or everybody's? Let me be a bit more specific about my vision, lest Lance or anyone jump all over Will Kinney or anyone else with sound ideas (and decent Sun Tzu quotes) any further: [1] The WB System is a stand-alone email system using anonymous mixes and encryption to provide secure, safe communications between two primary groups: - Whistleblowers: People in Government and Industry who have first-hand information about abuse of human rights, public funds and/or the Constitution, etc. by members of Corporate and Government entities. - Users: Members of the Press, members of Congress and representatives of public-interest activist groups (eg. Ralph Nader, James Love, Greenpeace, Amnesty Int'l, Worldwatch, Consumer Reports, NORML, etc.) who can INVESTIGATE the reports and TAKE ACTION on them against the abusers in the public eye and in the Courts. Many of these people are clueless about email, much less the Internet, anonymous remailers or encryption - but they know what they need and they know we've got it. [2] The system consists of a network of anonymous mixes laid over the Internet and reaching in and out of the borders of the US wherever applicable. It is not a USENET newsgroup for public digest, although occasional digests would be posted to USENET by interested Cypherpunks. Anyone who insists on discussing these sensitive plans in public is IMHO working against the interests of the WB Team and should be considered one of the Enemy. Anyone who wants to test the technology should be encouraged to do so on the Cypherpunks list and NOT on USENET, thus maintaining a certain amount of "radio silence." Broadcasting the D-Day invasion was considered Treason: broadcasting the WB launch is the same kind of betrayal of the Cypherpunk Ethos, IMHO. THose who would betray us should be asked to go away in the interest of all those people who would be hurt by a crippled WB system. What we need is cunning and stealth, not big-mouthed dweebs (present readership excluded, natch) who can't keep something quiet. >>If you think that you are the whistleblower moderator, fine. Be one. >>But we need a completely unmoderated group. If you think you have any >>right to hold up an unmoderated group to squeeze through your own >>bottleneck, please go elsewhere. I don't think any such thing. If nominated, I will not run, if elected, I will not serve. However, I think your idea that WB should be a group, moderated or otherwise, is completely off-kilter. All I'm asking is that you let go of the glory and let it do its work quietly and effectively, without me, even. >>I just don't get it. This is a group like any other. >>Why do you think the whole international public has >>to be prepared for its creation by you personally? I'm not even sure if I should bother to answer such a completely misguided question, but I will: I do not think this, and have never even implied anything of the sort. Furthermore, IMHO, it ain't a group: it's a new kind of beast and you're trying to apply old paradigms to it. Shift, man. I am only trying to help something be born properly. >>You are talking to many people (i.e. bureacrats and legislators) who >>may be totally displaced and bypassed (i.e. lose illegitimate power) by >>this service. There are a great many people you are talking to, I >>think, whose every interest is to totally castrate the project of any >>`offensiveness'. I think you are trying to operate on a much more >>respectable level than is possible currently. That level can only be >>attained by a gradual evolution of the medium, starting with something >>rather crude, kludgy, and unsophisticated. Call your local Congressperson's office and tell them there is a possibility that they could receive whistleblowing info on Govt abuses from reliable sources reporting via direct anon/encrypted email and see if they think it's offensive. My experience is that they rub their hands with glee - it might be dirt on their opponents. Try the same thing with ANY member of the Press or any Activist Org (I suggest your local Amnesty Int'l office). If they complain it's "offensive," and you can prove that, I will personally buy you a car. If you can get them to label it as "respectable" I'll throw in a boat. Since I'm poor, you can gather that I feel pretty certain it won't happen. >>Your efforts amount to singlehandedly educating the public about the >>Internet. Nope, just email. How to get it and send it anonymously and encrypt it with PGP, but that's enough for most people. They could use CompuServe, I don't care. Whatever's easy. No messy Newsgroups, no Internet user's guides, nothing fancy: I leave stuff like that to Ed Krol. This is WB-ing for the common person. Lowcommondenominatorsville. I can't IMAGINE where you read this stuff into my postings - it must be YOUR agenda laid over mine... >>>- We haven't figured out who'll be polled to send in msgs and exactly HOW >>>we'll offer them some sort of anonymity and what they need to do >>afterward. >> >>polled? sounds like an election, like something democratic, like >>something that can be twisted by a misguided majority. Again, you sound >>like you are looking for a group with high quality control. >>Unfortunately, I think this goal is largely antithetical the essential >>spirit of the whistleblower idea. The whistleblower is alone and >>isolated, almost by definition. Somehow, the word has to be passed across the Internet and other media (print, TV) to potential WBers. I invite your ideas as to how to do this. >>Your ideas on filtering incoming >>messages, gained from those you've talked to, sound rather naive and >>dangerous to me. Filtering? Did I say that? I think I said that the Users would have to filter out the useful WB messages from the bogus, as they would with any volume of WB info coming in. This is their job, not mine and is the natural thing to do. Call if "verification" if you like, it's still a LOT of work for them, not for us (or me). There's nothing naive about this: if someone calls you and says "the DOD spent $80K on a toothbrush," you would have to make sure it was true before you went to Congress or to a Court or the front page. Simple as that. >>The [US Constitution] is not perfect. There are flaws and cracks >>that have poked through after 200 years. Do you think our judicial >>system is as effective as possible? Do you think our legislative system >>is the most representative of people's expectations of and directives >>to their subservient government? Do you think our government today >>truly represents, in all ways, the intentions of its founders? Do you >>think they considered all possible scenarios? Do you think they would >>not want to make some minor adjustments or major changes after seeing >>200 years pass from their noble experiment? Do you think that anything >>that is dynamic can be static? Do you think I would be working so hard on a friggin' Whistleblower project if I could answer 'yes' to _any_ of those questions? What are you THINKing? >>Look at everything that is efficient in the world, and you will see >>that it is so because of *independently operating* components, with >>minimized centralized control. >>[...] >>Message transmission on the internet is so >>reliable because virtually an infinite number of routing pathways exist >>that a message can take, avoiding any obstacles, each component >>performing its job *independently*. Exactly why Wb should be a non-USENET-oriented phenomenon, not associated with any attackable entity, totally in the hands of individual WB's and their corresponding Users. >>Now, let me hear again how you want >>us to submit all our public keys to you, submit the group guidelines >>for your personal perusal (and presumably veto), and wait for all your >>congressional friends to understand the concept? And how this will >>ultimately lead to an ideal and robust system? Man, you really don't read me very carefully, do you? I don't want all your Public keys so I can control anything, I want them so I can discuss elements of the technology with each of you who volunteer to add a brick to the structure of the system. Period. If you want to discuss things in the clear, that's your right, I just might not want to send you sensitive info that might compromise others, so it's your loss. Besides, why are you guarding your PUBLIC key like I'm some sort of enemy? And I have NO INTEREST and have never espoused any interest in becoming a veto power over the Guidelines, only the collector of everyone's ideas, a position i would GLADLY vacate at the drop of a SprintPin if someone else was doofus enough to volunteer. As for waiting for all my "congressional friends:" I have no friends in Congress, in fact, I have very little respect for anyone holding public office. The only reason I called any of them was [1] because they might impart a bit of respectability to our efforts if they sign on early, and [2] congressional committees and their investigators routinely raise hell with other branches of Govt (eg. the Military) and the prospect of supplying them with ammunition to shoot at each other pleases me immensely. >>You simply don't understand. This idea is bigger than you, it is bigger >>than me. Anyone who tries to wrap themselves completely around it will >>explode from the pressure. Thanks for your advice. Sheesh. FYI, the only thing I wrap myself completely around is a burritto. Bang! :) >>Let's' start a mailing group for `nambypambypunks'. This sort of ad hominem puerility doesn't even deserve a response. I'm tired of discussing this here: If anyone is still too dense to understand what I'm saying about patience, silence and persistence at this point, they have no business using anything as complicated as a computer. If those people continue to insist on trashing all the leg and phonework I have put in contacting Users by blorting the WB concept all over USENET with half-assed, ill-conceived newsgroups and Votes on Vaporware, I may just go elsewhere to do my good works and see if there are any people who have good invisible ink technology and can make up physical envelopes without leaving fingerprints. I imagine that those Cypherpunks who've put significant time into coding the anon and crypto technology can empathize. I don't feel like repeating myself any more. Let's be Golden, shall We? dave (slow and steady but getting pretty fed up by now) From deltorto at aol.com Mon Apr 19 10:40:50 1993 From: deltorto at aol.com (deltorto at aol.com) Date: Mon, 19 Apr 93 10:40:50 PDT Subject: BIZ: Mailing list name Message-ID: <9304191340.tn35254@aol.com> > In the light of recent developments concerning government cryptography > initiatives, we might soon find ourselves innundated by working press. > > Given this, I think that the name "cypherpunks" produces the wrong > connotations -- it makes us sound like criminals when we are in fact > people who are interested in expanding personal privacy with > technology. Often, little things like this end up being of tremendous > importance in the long haul. > > I would propose changing the name of the mailing list to > "cryptoprivacy" or something similar. How about Cypherfolks? Cryptoids? PrivacyWarriors? :) dave From deltorto at aol.com Mon Apr 19 10:43:57 1993 From: deltorto at aol.com (deltorto at aol.com) Date: Mon, 19 Apr 93 10:43:57 PDT Subject: FWEE!: more on kiosks Message-ID: <9304191342.tn35269@aol.com> Yo Peoples, Eric responded to my "Three Strikes" against public kiosks: >>>[1] Strike One: Installation and maintenance costs (economics again). >>>[They are too high.] >> >>I'm not talking about building a network of machines just for the >>purpose of whistleblowing. I'm talking about making interfaces to >>existing systems. In particular, the public machines at sfnet would >>_also_ be interfaces to any whistleblowing system. The incremental >>cost is minimal; it's a small bit of software at the server. >> >>>[2] Strike Two: Lack of Privacy while using the kiosks. >> >>There is a different kind of privacy in a public space than in private >>space. In a private space, everyone may know where you live, but >>nobody knows what goes on inside. In a public space, everyone may see >>what happens, but no one knows who you are. Please consider these >>approximations to reality. In theory, I think it's not a dead idea, ie. there are possibilities here to be explored, and yes it's basically a simple software addition to SF Net by a remailer coder such as Eric. HOWEVER, having used the SF Net tables, I am a bit dubious about their Privacy viability in their current state. I have had bozos lean over my shoulder buggin me when I am having a "private" conversation with someone, and I have even seen people _photograph_ someone at the screen without their permission (amazing, huh?). IF there was a sort of Passport PhotoBooth approach, it might mitigate such physical problems: THEN the software end would become more feasible. Also, unless there is encryption built into SF Net (made unlikely by the overhead?), I probably wouldn't drive over from the Federal Building to log on and blow the whistle on some blue-suited government weasel. I still think that this is several stages away from being a useful idea UNTIL we have a working model with anonymity and encryption working on USENET first. >>In particular, since it is anonymity which is desired, a public place >>is sufficient. >> >>>I think Eric Hughes' argument (with due respects to Eric) about the >>>expensive economics of monitoring the kiosks falls down just a tad >>>when you consider that these would not even be _moving targets_! >> >>The cost of placing a video camera to monitor a computer inside a >>coffeehouse must also include the possibility of negative publicity >>and lawsuit when such an emplacement is discovered. Monitoring a >>public place in advance of any "crime" being committed is _very_ bad >>for job security and department funding. Well, your point is taken Eric, but I still stress that video monitoring would be trivial. First of all, if I was a three-letter agency, i SURE as hell wouldn't go to the operators of say, Brainwash Cafe and ASK to put a video cam up on the ceiling! I'd sneak in late one night and place a more sophisticated (and extremely tiny) unit over the table where it couldn't easily be found. Secondly, since when does the FBI worry about job security? I think they could easily convince a federal judge that they had reason to believe that government secrets might be leaked in public and get permission to monitor "that subversive group known as the 'Whistleblowers' and _every public terminal_ they've placed around SF." Maybe it's unlikely, but then so was the notion that CREEP would break into the Watergate Towers and stick bugs on McGovern's phones... >>>[...] but any such defenses would pale in comparison with the Privacy >>>inherent in the WB input from a single user's personal system. >> >>I am also not talking about replacing the ability to post from home. >>I am talking about expanding the number of entry points into the >>distribution system. I do understand this point, I'm just not totally convinced that public kiosks are the best solution to this problem. I am open to suggestions along this line, and I do think that it would at least be worth a test on SF Net. >>The largest benefit for public-space access is that you can use this >>if you don't have a computer at home. You can also use it if you >>don't have a computer at work. Agree 100%. I don't intend to discriminate against people just because they don't have a computer. >>>have the feeling that they would be a PRIMARY contributor to the overall >>>bullshit noise that would clutter up a decent WB systems and exponentially >>>increase the difficulty of filtering out the "good" stuff for proper use. >> >>A whistleblower system, by default, must be free of judgements about >>what is "good" to be on it and what is "bad". If someone thinks that >>something ought to be brought to light, then I say let them speak, no >>matter how trivial or inappropriate it might be. Forgive my semantics. When I say "good" (note the quotes), I refer to useful material that eventually produces the desired results. As far as the apparent triviality of an item, that is entirely up to the users (ie. the Press, Activist, or other operatives who "process" the information). As I have stated, it is not up to us to preview anything, only to help make it more likely that useful information from determined WB's with strategic info gets to the right people who can do something about it. This is a tough one, I admit. I believe that the key to this problem is part technology and part psychology: make the system easy enough to use that as many potential whistleblowers as possible will look at it, and just difficult enough so that only the most determined will actually send in their information. >>It is easy to ignore messages you don't want to consider. It is much, >>much harder to read messages that the author hesistates to write for >>fear of reprisal. A whistleblower system can tolerate more noise than >>usenet, since the core content of it can be so extremely valuable. A valid proposition. Keep in mind that part of the initial acceptance of the system among the users will be a high signal-to-noise ratio (at least during the early phases). >>If there is only access to a whistleblowing system for those who own >>computers or are provided access to them, then any such system will >>remain only a tool of the wealthy. You do not hear of abuses in labor >>law from anybody but the employees; these employees do not have >>computers. Agree 95%. >>Anybody who has NATIONAL SECRETS to tell is, I would guess, a fool to >>post twice from a particular location. Anybody who has anything >>lengthy or digitally copied to say cannot easily use this system. >>It's not conducive to digital signatures. "Level 10 WB" (with serious national secrets to divulge, such as unmentioned abuses at nuclear waste disposal plants, etc.) MUST be able to post from ANY location using a key established through preliminary contact with a WB Central User Registry. Ie., once a WB has established credentials by providing verifiable info, s/he must be given a key to a "WB PO Box" wherein s/he can leave msgs from any terminal with anonymity and encryption. FYI, a TV reporter mentioned that the most useful information usually crops up in the third or fourth contact with a WB - after all, there's a lot of preliminary "getting-to-know-each-other" formality to get past (the Trust Factor goes both ways, especially if the WB is placing him/herself in Jepoardy). Such capabilities should be built into any kiosk calling itself "fully WB-enabled." Perhaps SF Net tables could be considered "Introducing Stations" and not full-blown (pun intended) WB Stations, used only for a preliminaries. >>Public kiosks are not a panacea. To argue that they should therefore >>not exist is nonsense. I'm certainly glad I didn't say that in any way, as I hate being nonsensical. Phil Karn's excellent (and adventurous) suggestion that kiosk(s) be thought of more as a public mailbox than a public phone, strikes at the crux of the issue, though it presupposes that SF Net tables have floppy drives (of the correct type eg. Mac- or DOS-compatible drives?) and other technological amenities that they do not (yet?) have. The idea that a WB could prepare material in the privacy of his/her own home is very, very appealing. I genuinely apreciate all thoughful comments on the project. dave From internaut at aol.com Mon Apr 19 11:08:57 1993 From: internaut at aol.com (internaut at aol.com) Date: Mon, 19 Apr 93 11:08:57 PDT Subject: FWEE!: the importance of being patient Message-ID: <9304191408.tn35454@aol.com> Yo, Apropos of my earlier posting calling for a delay in the establishment of the WB remailer, I herein repost portions of Marc Ringuette's excellent comments from March 26th on Remailer strategies: >>We must address a strategy question before it jumps on us. >>Do we want to be yet another "this remailer exists, let's >>stomp on it" whipping boy, or will another tactic be more >>effective? >> >>I have the following suggestion. Do not announce our >>cypherpunks remailers right away. This is not the right time. >>Instead, announce that we intend, at a later date, to install >>remailers which are "friendly" in the sense that they use a >>special header line, but which will be not be able to be shut >>down. Essentially, Marc and I agree on this issue (if I read him correctly). Marc's point seems to be that prematurely establishing anon remailers such as the WB system before the World is really ready for them will make us vulnerable to attack on a policy level and will significantly dimish the viability of such systems in general, by opening debate on whether or not this is a good idea before most potential users even understand WHAT it is we're trying to do. >>[ My suggestion for how to do this: encourage thousands of >>users who support anonymity to run the software, and make it >>easy for them to do so. Then, thousands of users must be >>kicked out in order to prevent remailers being available! ] This gets back to what I was saying about educating WB users, providing them with friendly software and getting lots of support before going public. >>But, here's the important part, DELAY RELEASE until after a >>waiting period. The delayed release is intended to allow >>concerned network sites and individuals to install filters for >>these messages, and to allow users the time to discuss this >>(and, for instance, to voice their objections to catch-all >>anonymity filters at the news-relay level). It also prevents >>our opponents from achieving a sense of "something must be >>done" urgency. [...] I couldn't have put it better. Opponents are looking for a chink in the theoretical anon armor, and at this point there are many. Calling all remailer specialists... dave ----- ASIDE: I'm not sure how many of you saw the posting about Port Watson in the Bahamas "An Island in the Net...", but it got me to thinking about how many Cypherpunks, Extropians and Libertarians would actually be interested in collaborating on setting up a physical location for the preservation of a secure, encrypted, anon remailing site on an island not legally bound by any nation (ie. no more problems like Julf has). I suppose it's a bit fantastic to consider, but I'm looking into the viability of selling/renting my SF house and moving down there. Anyone want to join me for a meeting on this subject? Would it be appropriate for discussion at the next physical meeting? From internaut at aol.com Mon Apr 19 11:08:57 1993 From: internaut at aol.com (internaut at aol.com) Date: Mon, 19 Apr 93 11:08:57 PDT Subject: ANON: accountability Message-ID: <9304191408.tn35455@aol.com> greg at ideath.goldenbear.com contributed: >>It's this slippery notion of 'accountability' that is perhaps >>at the root of this 'anonymity' problem - the idea that there's >>gonna be some hell to pay if somebody writes to >>'postmaster at leviathan.com', and complains about Chris Jones. >>The fact is, you can mail to 'postmaster at goldenbear.com' and >>whine all you like, it's just another alias for the same damn >>person (me). I think there are going to be more & more people >>like me in the future - I *am* my boss, the postmaster, and the >>sysadmin - and if people don't like what I do or say on the >>net, that's just too damn bad. I think Greg is right on the money here. The first time someone complained to my sysadmin (me), I'd send that person a sorrowful note apologizing for the nasty-icky behaviour prompting the complaint and assuring the complainer that the offending user on my system (also me) would have his account cancelled immediately. Then, I'd go back to living my life as I please. :) Seems to me that this approach would guarantee accountability on my system and keep everyone happy. dave Level Seven Design From TO1SITTLER at APSICC.APS.EDU Mon Apr 19 12:10:27 1993 From: TO1SITTLER at APSICC.APS.EDU (TO1SITTLER at APSICC.APS.EDU) Date: Mon, 19 Apr 93 12:10:27 PDT Subject: ÿûalt.privacy.clipper Message-ID: <930419130811.1b3e@APSICC.APS.EDU> NOT all of us have usenet! Please keep convercation on cypherpunks! Kragen Sittler From fnerd at smds.com Mon Apr 19 12:14:30 1993 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Mon, 19 Apr 93 12:14:30 PDT Subject: Mad Musings/Sneath Message-ID: <9304191859.AA25735@smds.com> ld231782 at longs.lance.colostate.edu sez> > > `cypherpunk' actually has some pretty endearing qualities as a name, > and I'd be a bit horrified to give it up, just when I was waiting for > the T shirt ``Cypherpunks do it stealthily'' (secretly? sneakily?). Cypherpunks do it with Sneath. (Sneath is a road near San Francisco.) Hey, did anybody think to just mail the people on that Clipper chip announcements list and ask them how they got on it? -fnerd quote me From david at staff.udc.upenn.edu Mon Apr 19 13:03:35 1993 From: david at staff.udc.upenn.edu (R. David Murray) Date: Mon, 19 Apr 93 13:03:35 PDT Subject: How tapper works: see alt.privacy.clipper Message-ID: <9304192001.AA18866@staff.udc.upenn.edu> If it is not too late, please ignore my previous request for an explanation of how tapper works. I found the answer in alt.privacy.clipper. The missing piece of info was that the session key must be negotiated separately. -- david david at staff.udc.upenn.edu From fnerd at smds.com Mon Apr 19 13:18:00 1993 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Mon, 19 Apr 93 13:18:00 PDT Subject: AT&T Announcement? Message-ID: <9304192015.AA26036@smds.com> > AT&T announced yesterday that will will begin selling devices with these > Clippers in them immediatly. We've been sold down the river by ma bell again. > > Dave Banisar > CPSR Washington Office Does someone know how to get an official-looking printed form of this announcement? I want something to xerox and send in when I switch long distance service. -fnerd quote me From TO1SITTLER at APSICC.APS.EDU Mon Apr 19 13:26:38 1993 From: TO1SITTLER at APSICC.APS.EDU (TO1SITTLER at APSICC.APS.EDU) Date: Mon, 19 Apr 93 13:26:38 PDT Subject: Another forwarded message Message-ID: <930419142408.1d39@APSICC.APS.EDU> From: APSICC::GR2KITTRELL "TOO MANY SECRETS" 18-APR-1993 21:52:10.16 To: TO1SITTLER CC: Subj: Process From: SMTP%"igor at e5.ijs.si" 18-APR-1993 18:05:57.69 To: gr2kittrell at apsicc.aps.edu CC: Subj: (fwd) Re: Secret algorithm [Re: Clipper Chip and crypto key-escrow] Date: Mon, 19 Apr 1993 01:34:02 +0200 From: Igor Petrovski Message-Id: <199304182334.AA00721 at kekec.e5.ijs.si> To: gr2kittrell at apsicc.aps.edu Subject: (fwd) Re: Secret algorithm [Re: Clipper Chip and crypto key-escrow] Newsgroups: sci.crypt Organization: Open Systems & Networks, ijs, Slovenia Relay-Version: VMS News - V6.1 30/1/93 VAX/VMS V5.5-1; site cathy.ijs.si Path: cathy.ijs.si!arnes.si!scsing.switch.ch!ira.uka.de!sol.ctr.columbia.edu!zaphod.mps.ohio-state.edu!darwin.sura.net!haven.umd.edu!uunet!looking!brad Newsgroups: sci.crypt Subject: Re: Secret algorithm [Re: Clipper Chip and crypto key-escrow] Message-ID: <1993Apr17.204850.26711 at clarinet.com> From: brad at clarinet.com (Brad Templeton) Date: Sat, 17 Apr 1993 20:48:50 GMT References: Organization: ClariNet Communications Corp. Keywords: encryption, wiretap, clipper, key-escrow, Mykotronx Lines: 24 One presumes the system could work as follows: a) Blank clips are manufactured by Mykotronx and VLSI. The number produced is carefully audited and they are shipped to the first escrow house. It programs the chips with its half the key, and prints out a paper slip with the key half and non-secret chip serial number. The reams of paper are filed in locked boxes in the vault, a fuse is burnt in the chip so that the key is now unreadable. The chip then goes to the next escrow house, where the same thing is done. This continues through N escrow houses, perhaps, could be more than 2. The last one provides the chip to the cellular phone maker. And yes, this has to be a public key system or it would be almost impossible to handle. It might not be RSA, but that does not mean that PKP doesn't get paid. Until 1997, PKP has the patent on the general concept of public key encryption, as well as the particular implementation known as RSA. -- Brad Templeton, ClariNet Communications Corp. -- Sunnyvale, CA 408/296-0366 From robichau at lambda.msfc.nasa.gov Mon Apr 19 14:20:56 1993 From: robichau at lambda.msfc.nasa.gov (Paul Robichaux) Date: Mon, 19 Apr 93 14:20:56 PDT Subject: Intergraph speaks! (sort of) Message-ID: <9304192120.AA00819@lambda.msfc.nasa.gov> I just had a nice phonecon with Jim Ruester of Intergraph's public relations department. For those of you who don't follow CAD, Intergraph produces a line of workstations based on the Clipper CPU, a private-label RISC chip that Intergraph acquired from Fairchild some years ago. He hadn't seen the press release, or heard of the wiretap chip. His (predictable) reaction was to say that he'd forward it to their legal department. I asked that he pass any comments back to me for reposting here. A plea: please *don't* call Intergraph and bother them about this. Putting pressure on AT&T (which has announced products based on the wiretap chip) is one thing. Harrassing a company with a similarly named (and trademarked!) product, in the hope that they'll put pressure on the gov't, is nothing more than bothersome. -Paul -- Paul Robichaux, KD4JZG | HELP STOP THE BIG BROTHER CHIP! NTI Mission Software Development Div. | RIPEM key on request. From jet at nas.nasa.gov Mon Apr 19 15:34:26 1993 From: jet at nas.nasa.gov (J. Eric Townsend) Date: Mon, 19 Apr 93 15:34:26 PDT Subject: non-cypher related question on audio analysis Message-ID: <9304192234.AA26763@boxer.nas.nasa.gov> This is only the tiniest bit related to crypto, but that doesn't seem to be much outside the criteria for submissions to this list.. :-) Anyone got pointers to decoding audio tones? An intro book, source code, newsgroup, mailing list, somebody I can take to lunch? I'd like to sample audio with my SGI, and suck out various simple tones and combinations of tones. (DTMF, single pitch variant tones, etc.) thx. -- J. Eric Townsend jet at nas.nasa.gov 415.604.4311 NASA Ames Numerical Aerodynamic Simulation | play: jet at well.sf.ca.us Parallel Systems Support, CM-5 POC | '92 R100R / DoD# 0378 PGP2.1 public key available upon request or finger jet at simeon.nas.nasa.gov From andrew at cubetech.com Mon Apr 19 15:41:05 1993 From: andrew at cubetech.com (Andrew Loewenstern) Date: Mon, 19 Apr 93 15:41:05 PDT Subject: comments on the clipper Message-ID: <9304191939.AA11767@valinor.cubetech.com> Going through all the messages on the Clipper, I noticed what may be a flaw that wasn't quite addressed... The family key, which is the same for all devices, is hardwired onto the chip with the algorithm. However, the device serial number and the unit key must be burned into a ROM. This is somewhat like the EIN/MIN burned into the ROM of a cellular phone. Just ask anyone who is familiar with cellular fraud how difficult it is to change the EIN/MIN of the phone. So it should be more than possible for anyone to throw a wrench into the system by using hacked phones that have a random device serial number. In this way it would not be possible for authorities to obtain the proper unit key since the device serial number would not exist in the escrow authority's database or would have the incorrect unit key associated with it. Of course, it is possible that the scheme (i.e. the algorithm and the handshaking) is not secure. Assuming it is not truly secure, I would think that only such agencies as the NSA and FBI would have not only the resources to decrypt Clipper generated communications without the session key, but the resources to keep such equipment from public knowledge (i.e. there is a companion device that breaks such communications). It would most likely be too difficult to keep such equipment secret if it were available to local and state authorities. Furthermore, the whole idea of escrow agents is hogwash to me. How difficult is it to get someone's credit report? How difficult is it to get social security records on a person? Apparently no information held by a government or even private agency like TRW is impossible or even exceedingly difficult to obtain, and anyone wishing to intercept your communications will simply have to buy off the appropriate persons at each escrow authority. To sum up, I think the whole idea stinks. andrew From sneal at muskwa.ucs.ualberta.ca Mon Apr 19 16:03:21 1993 From: sneal at muskwa.ucs.ualberta.ca (Sneal) Date: Mon, 19 Apr 93 16:03:21 PDT Subject: The first casualty of war Message-ID: <9304192302.AA10374@muskwa.ucs.ualberta.ca> ld231782 at longs.lance.colostate.edu writes: >Who Has the Keys? >----------------- > >The evasion of `who stores the keys' makes me wonder. It suggests that >the proposal was poorly crafted (which is true in any case), but, more >likely, IMHO, the scheme is weak enough for the NSA (but maybe not >cops) to break regardless, and hence their casual disregard for this >seemingly monumentally crucial point. It appears that the opposition is using the old rhetorical trick of "begging the question." Rather than stating the important question (which is "Should there be a key registration scheme?"), they jump right over it to "Who will register the keys?". The purpose is to focus debate on the latter issue without anyone stopping to examine the former. However, two can play at that game, as in: "Nobody seems to have thought about what will happen when Clipper is broken." "Developing a system that is "impervious" (to anyone but its developers) required at least four years." Sleazy? Yeah. Not that I'm advocating fighting fire with fire or anything. From kinney at pprince.colorado.edu Mon Apr 19 16:09:38 1993 From: kinney at pprince.colorado.edu (KINNEY WILLIAM H) Date: Mon, 19 Apr 93 16:09:38 PDT Subject: True Randoms Message-ID: <9304192309.AA11889@pprince.colorado.edu> A little nuclear physics anyone? Seems like one real bitch with roll-your-own cryptography is the scarcity of good random numbers to work with. I've read about various schemes using I/O buffers, or keystroke timing like PGP does (even there, true randoms are referred to as "precious"). So I thought a bit about how one could construct a true random generating box. Went out to Sears and bought a $7 smoke detector, a "Family Gard" model FG888D, and took it apart. What's inside is a 1.0 microCurie chunk of Americium 241 (I checked other models, and they seem to all be AM241, right around the 1 uCi activity range, although I have an older one at home with 5.0 uCi). I did a little research on the isotope in the CRC Handbook and the Brookhaven National Lab's online database, and what I found was pretty interesting: About AM241: Half-Life: 458 years Decay: AM241 ---> (Neptunium 237) + (5.5 MeV alpha particle) 1.0 uCi = 37,000 decays/second average NP237 has a half-life of around 2 million years This is very good design. AM241 has only one basic decay mode, and it decays to an essentially inert daughter product without any intermediate daughters to worry about. Very simple and safe. In addition, the 1.0 uCi activity of the sample makes the decay rate just right for counting alphas with electronic devices -- a 100 KHz sample rate would be overkill for resolving individual alphas. And the half-life is long enough to make the source relatively stable over a reasonable period of use. I took my sample into the lab and it barely registered on the geiger counter, but when I set it up on a scintillating detector, I got about 1200 counts/sec above a background of 25 count/sec. A nice clear signal. Seems to me it would be pretty easy to buy a small solid-state detector and a couple of chips and wire it up to toggle a pin on an RS232 cable, giving a nice true random source -- for instance, assuming the 1200 counts/sec rate I saw in the lab, you could count alphas for 10 milliseconds and send a 1 down the cable if you saw an odd number, a 0 if you saw an even number. Could probably do better than 1200 /sec, too, I bet. Does anyone see a real need for something like this? Any hardware jocks out there who could lend some expertise? Radiological safety data (permissible quarterly intake): AM241 (oral): 7.6 uCi AM241 (inhalation): 3.8E-03 uCi NP237 (oral): 6.2 uCi NP 237 (inhalation): 2.5E-03 uCi In other words, whatever you do, don't smoke it... -- Will From cburian at uiuc.edu Mon Apr 19 17:20:17 1993 From: cburian at uiuc.edu (cburian at uiuc.edu) Date: Mon, 19 Apr 93 17:20:17 PDT Subject: send info Message-ID: <199304200020.AA11361@ux4.cso.uiuc.edu> send info #or, if you're human, _please_ send info on how to subscribe & send the FAQ. #Thanks, Chris Burian -------------------------------------------------------------------------- | Chris Burian | PGP public key available on a server near you | -------------------------------------------------------------------------- From greg at amex-trs.com Mon Apr 19 17:25:05 1993 From: greg at amex-trs.com (Greg Thompson) Date: Mon, 19 Apr 93 17:25:05 PDT Subject: Subscribing Message-ID: <9304192016.AA39795@tonga.cs90-dev.amex-trs.com> Hello, Please add me to your list of subscribers. Thanks. Greg Thompson greg at amex-trs.com From rorvig at plains.NoDak.edu Mon Apr 19 17:32:22 1993 From: rorvig at plains.NoDak.edu (Nathan Rorvig) Date: Mon, 19 Apr 93 17:32:22 PDT Subject: Unsubscribe Message-ID: Please, unsubsribe me now. Thanks. The mail volume is way to much. From fergp at sytex.com Mon Apr 19 17:54:10 1993 From: fergp at sytex.com (Paul Ferguson) Date: Mon, 19 Apr 93 17:54:10 PDT Subject: Let's see here ... Message-ID: Once again, I pull together my collective thoughts (that _was_ rather difficult) and send them along for the remainder of the cypherpunks to ponder. It would appear that several things have happened; let's see if I can summarize - - The Clinton administration was presented with a golly-gee proposal from either the NSA or the NIST (probably both) on a way to "offer" public encryption. ('Nuf said.) - From what we have surmised (researched, hypothesized and down-right taken for face value), the government (whether it be the NIST or whomever) has obviously been working on this "technology" for a few years. Albeit, their negligence to inform anyone. - Mr. Clinton and crew obligingly acknowledge this new, technological wonder, and think that they're doing us all a favor. - Enter the "Clipper Chip", and all it's fanfare. Okay. I took The Dark One's advice (not that I needed the prodding, mind you) and faxed every one of the contacts on the list that he posted earlier (a couple of which were voice numbers, BTW). The big three (ABC, NBC and CBS + CNN) got my fax and my thoughts on the subject. I'm mad as hell, too -- yet I'm more prone to bringing this highly volatile subject (it would seem that it's only an explosive situation to those of us who understand it's implications) into the public eye. Let's put this topic into proper prospective -- for the layman, for the "man in the streets." Let me try to put this into prospective for some of our less politically inclined participants. For those of you who live within earshot of the "Beltway", you are probably familiar with the G. Gordon Liddy radio show. Well, to make a long story short, one afternoon the topic was computer crime. A young man called in to express his concern with the topic of "underground" computer virus distribution and all that rot. He was talking on a deaf ear, folks. The program was dominated by yuppies, calling in worried about their precious credit records and how they could possibly be disclosed or damaged by the computer criminals. I turned off the show in disgust at that point, but the point is this: No matter how hard you attempt to bring matters into the light that the _computer_ public should be concerned about, they revert into their own realm of protected computerdom. This is an observation, not a conviction. What we need to do, is to make folks understand that this is not just a computer issue -- it's privacy issue, for cryin' out loud! If the techno-fascists within certain levels of government service think that they can _impose_ their will on the computer community at large, they are most definately ill-informed. Most would probably think that they could fluff this little tidbit of "legislation" into reality. Bottom line: I stand by the ideals that we have every right, as common citizens, to encrypt and cipher as we see fit. Legality be damned. (This is not a legality issue, for christ's sake!) This is an issue where the government is playing bully and we find ourselves on the receiving end of their quest for superiority. I urge each and every one of you to take the time to write your congressman, fax the closest televison or radio station and make this topic as public as possible! I refuse to be treated like a criminal because I desire electronic privacy. Say "No". Cheers. Oh. By the way, I'm looking for some kind sort to offer an avenue to place Legal Net News on an archive site on a regular basis. I find it extremely difficult to meet subscription requests and would prefer to offer this compilation as an anon FTP'able newsletter. Any takers? Issue 2 has bee released, which covers our recent travails .... Paul Ferguson | Uncle Sam wants to read Network Integration Consultant | your e-mail... Alexandria, Virginia USA | Just say "NO" to the Clipper fergp at sytex.com | Chip... From jet at nas.nasa.gov Mon Apr 19 18:14:40 1993 From: jet at nas.nasa.gov (J. Eric Townsend) Date: Mon, 19 Apr 93 18:14:40 PDT Subject: NSA and all this (was Let's see here ... In-Reply-To: Message-ID: <9304200114.AA02335@boxer.nas.nasa.gov> Paul Ferguson writes: > - The Clinton administration was presented with a golly-gee proposal > from either the NSA or the NIST (probably both) on a way to "offer" > public encryption. ('Nuf said.) Actually, according to an ex-NSA'er I know, probably not the NSA. They claim that this sort of thing gets attributed to them quite often when they in fact have little, if anything, to do with "minor stuff like that". They went on to say "anybody who really *needs* to have crypto cellular calls will already buys stuff from other countries and modifies it for use here." Think about the resources *that* implies. Also, if the clipper thing is "minor", I'm not sure I want to know what major is. From peb at PROCASE.COM Mon Apr 19 18:17:10 1993 From: peb at PROCASE.COM (peb at PROCASE.COM) Date: Mon, 19 Apr 93 18:17:10 PDT Subject: Mailing list name Message-ID: <9304200115.AA03350@banff> I vote for cryptoprivacy because it is more appropriate, and due to recent events, it helps to be clear about these things when the media gets involved. Examples: 1. The infamous CBS coverage of the Hacker's Conference that turned "Cracker" Conference in the nightly news regardless of what the reporters were told. 2. Notice how the NIST press release said ``This system is more secure than many other voice encryption systems readily available today. [^^^^^^^^^^^^^^^^^^^^^^ not claiming the best] While the algorithm will remain classified to protect the security of the key escrow.'' but the Knight-Ridder translated this into: ``...National Security Agency invented a new coding device, called the "Clipper Chip," which is said to be much harder to crack than encoding systems now on the market. Now the wiretap chip sounds better than any equipment on the market rather than "better than many" which is a very weak claim. Happens all the time. Information must be very clear. Punk isn't the right word. Paul E. Baclace peb at procase.com From peb at PROCASE.COM Mon Apr 19 18:42:50 1993 From: peb at PROCASE.COM (peb at PROCASE.COM) Date: Mon, 19 Apr 93 18:42:50 PDT Subject: Sound bite time Message-ID: <9304200141.AA03355@banff> Okay, here are my sound bytes: 1. The long one (needed when they try to outlaw encryption): As we move into the electronic frontier, the freedom to use crypto-privacy technology is becoming the equivalent to the right to bear arms: it is the last line of defense against a tyrannic government. The good news is that privacy is a defensive technology, not an offensive one. Giving up this un-enumerated right could be disasterous to future generations. 2. The short one (simple-minded Clipper is no good): Crypto Privacy is like a bullet proof vest for your transmitted speech; the Clipper chip is a paper jacket with extra zippers in the back. Paul E. Baclace peb at procase.com From fnerd at smds.com Mon Apr 19 19:01:07 1993 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Mon, 19 Apr 93 19:01:07 PDT Subject: The Wing-Clipper Message-ID: <9304200142.AA27709@smds.com> > Matthew Lyle (214) 888-0474 > OpenConnect Systems matt at oc.com > Dallas, TX > > "...and once you have tasted flight, you will walk the earth with your > eyes turned skyward, for there you have been, and there you long > to return..." It's the Wing-Clipper chip. Great emblem: a bald eagle with its wings clipped. -fnerd quote me From mckang at solomon.technet.sg Mon Apr 19 19:03:57 1993 From: mckang at solomon.technet.sg (Kang Meng Chow) Date: Mon, 19 Apr 93 19:03:57 PDT Subject: Subscribe me Message-ID: SUBSCRIBE ME From marc at GZA.COM Mon Apr 19 19:04:36 1993 From: marc at GZA.COM (Marc Horowitz) Date: Mon, 19 Apr 93 19:04:36 PDT Subject: Sound bite time In-Reply-To: <9304200141.AA03355@banff> Message-ID: <9304200203.AA15663@mu-hsu-chicken.aktis.com> Neither of those is aimed at Joe Average Citizen. The first isn't any good, because most people don't see any need to protect against a tyranny. The second is no good because although people might be afraid of getting shot, most people don't go around wearing bulletproof vests all the time. I'd be for something applicable and simple like "Giving the government keys to your encrypted messages is like giving them keys to the front door of your house." People can relate to that. Marc From grady at netcom.com Mon Apr 19 19:37:39 1993 From: grady at netcom.com (1016/2EF221) Date: Mon, 19 Apr 93 19:37:39 PDT Subject: Waco, crypto, and unbreakable links Message-ID: <9304200237.AA14578@netcom.netcom.com> We can only speculate that the loss of life might have been much fewer if the Branch Davidian cult had a copy of PGP as well as a 2m packet radio. They could have maintained private links with journalists who could have given us their side of the story, which now, tragically will never be told. From tcmay at netcom.com Mon Apr 19 19:42:36 1993 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 19 Apr 93 19:42:36 PDT Subject: True Randoms Message-ID: <9304200242.AA15040@netcom.netcom.com> William Kinney writes: >A little nuclear physics anyone? > >Seems like one real bitch with roll-your-own cryptography is the >scarcity of good random numbers to work with. I've read about various >schemes using I/O buffers, or keystroke timing like PGP does (even >there, true randoms are referred to as "precious"). > >So I thought a bit about how one could construct a true random generating >box. Went out to Sears and bought a $7 smoke detector, a "Family Gard" > >Does anyone see a real need for something like this? >Any hardware jocks out there who could lend some expertise? What follows is my standard "alpha particles as sources of random numbers" posting, which I have forwarded to the list a couple of times. (I'm not being at all critical of William Kinney for raising the issue again.) Quick summary: thermal noise in a back-biased diode is easier to get, has more bandwidth, doesn't have safety concerns, and is readily buildable. From: tcmay (Timothy C. May) Message-Id: <9210260530.AA00679 at netcom2.netcom.com> Subject: Alpha Particles and One Time Pads To: cypherpunks at toad.com Date: Sun, 25 Oct 92 22:30:54 PDT Cc: tcmay (Timothy C. May) X-Mailer: ELM [version 2.3 PL11] Fellow Cypherpunks, Here's a posting I just sent to sci.crypt, dealing with using alpha particle sources as noise sources for generating one-time pads. Ordinarily I wouldn't bother you folks with this, especially since you're all reading sci.crypt (aren't you? Only the FidoNetters have a good excuse not to.). But this thread ties together two aspects of my life, cryptography and alpha particle errors in chips. --Tim Newsgroups: sci.crypt Path: netcom.com!tcmay From: tcmay at netcom.com (Timothy C. May) Subject: Re: Hardware random number generators compatible with PCs? Message-ID: <1992Oct26.051612.29869 at netcom.com> Organization: Netcom - Online Communication Services (408 241-9760 guest) X-Newsreader: Tin 1.1 PL5 References: <1992Oct25.224554.1853 at fasttech.com> Date: Mon, 26 Oct 1992 05:16:12 GMT Bohdan Tashchuk (zeke at fasttech.com) wrote: : The recent post on building a random number generator using a zener diode got : me to thinking once again about commercial alternatives. : : I haven't seen any commercial alternatives discussed here recently. And since : the market is so specialized, they may well exist but I'm simply not aware of : them. : : The ideal product would have the following features: : : * cost less than $100 : * use a radioactive Alpha ray emitter as the source It's a small world! In my earlier incarnation as a physicist for Intel, I discovered the alpha particle "soft error" effect in memory chips. By 1976 chips, especially dynamic RAMs, were storing less than half a million electrons as the difference between a "1" and a "0". A several MeV alpha could generate more than a million electron-hole pairs, thus flipping some bits. (Obviously the effect of alphas on particle detectors was known, and smoke detectors were in wide use, but nobody prior to 1977 knew that memory bits could be flipped by alphas, coming from uranium and thorium in the package materials. It's a long story, so I won't say any more about it here.) : * connect to an IBM PC serial or parallel port : * be "dongle" sized, ie be able to plug directly onto the port, and : not have a cable from an external box to the port : * be powered directly from the port : * generate at least 1000 "highly random" bits per second This should be feasible by placing a small (sub-microcurie) amount of Americium-241 on a small DRAM chip that is known to be alpha-sensitive (and not all of them are, due to processing tricks). Errors would occur at random intervals, depending on which bits got hit. Getting 1000 errors a second would be tough, though, as such high intensities would also tend to eventually destroy the chip (through longterm damage to the silicon, threshold voltage shifts, etc.). If you really want to pursue this seriously, I can help with the calculations, etc. : Details: : : Certainly in high volume these things can be made cheaply. Smoke detectors : often sell for under $10, and have a radioactive source, an IC, a case, etc. Yes, but smoke detectors use ionization in a chamber (the smoke from a fire makes ionization easier). That is, no real ICs. But ICs, and even RAM chips, are cheap, so your $10 figure is almost certainly in the ballpark. A bigger concern is safety, or the _perceived_ safety. Smoke detectors have, I understand, moved away from alpha particle-based detectors to photoelectric detectors (smoke obscures beam of light). Don't underestimate the public's fear of radioactivity, even at low levels. : Using a well-designed circuit based on Alpha decay should mean that the : randomness is pretty darn good. But not necessarily any better than noise from a Zener. With the higher bit rate from diode noise, more statistical tricks can be done. The relatively low bit rate from alpha decay gives less flexibility. On the other hand, alpha hits are undeniably quite random, with essentially no way to skew the odds (unlike with diode noise). : Everyone these days has either a serial or parallel port available, either : directly or thru a switch box. : : The tiny "dongle" size is a convenience. If it is small and powered directly : from the port, there are no cables to get in the way. There is enough power : available from the signal lines on these ports to power simple devices. E.g. : most mice don't require an external power supply. : : For most applications 1000 bits per second should be adequate. For example, : it would be quite adequate for session keys. For generating pseudo : one-time-pads, an overnight run should generate plenty of values. Continuously : generating values for a month would produce about 300 MB, which should be : enough to exchange new CD-ROM key disks once a month. One time pads are complicated to use. Only very high security applications that can also afford them use them. For example, some diplomatic traffic. I can't conceive of a case where 300 MB a month could be used. And _theft_ (or copying) of the CD-ROM one time pads has got to be a much bigger issue that whether alpha particle noise sources are better than diode noise sources! By about 10 orders of magnitude I would say. Black bag jobs on the sites holding the keys will be the likeliest attack, not trying to analyze how random the noise is (even a fairly crummy noise source will not yield enough information to a cryptanalyst trying to break a one-time pad). Having said all this, I'm glad you gave some thought to alphas. For a time in the late 1970s this was the chip industry's number one headache...it was definitely the most exciting time of my life. --Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | PGP 2.0 and MailSafe keys by arrangement. From uni at acs.bu.edu Mon Apr 19 20:13:41 1993 From: uni at acs.bu.edu (Shaen Bernhardt) Date: Mon, 19 Apr 93 20:13:41 PDT Subject: Sound Bite Message-ID: <9304200313.AA107798@acs.bu.edu> "Giving the government keys to your encrypted messages is like giving them keys to the front door of your house." + "and accepting the promise, we'll only use them with proper authority." From sward+ at cmu.edu Mon Apr 19 20:52:04 1993 From: sward+ at cmu.edu (David Reeve Sward) Date: Mon, 19 Apr 93 20:52:04 PDT Subject: Sound Bite In-Reply-To: <9304200313.AA107798@acs.bu.edu> Message-ID: > "Giving the government keys to your encrypted messages is like giving > them keys to the front door of your house." > > + "and accepting the promise, we'll only use them with proper authority." "*wink* *wink*" -- David Sward sward+ at cmu.edu Finger or email for PGP public key: 3D567F Fingerprint = E5 16 82 B0 3C 96 DB 6F B2 FB DC 8F 82 CB E9 45 Stop the Big Brother Chip - Just say NO to the Clipper "Wiretap" Chip! From sasha at cs.umb.edu Mon Apr 19 21:01:14 1993 From: sasha at cs.umb.edu (Alexander Chislenko) Date: Mon, 19 Apr 93 21:01:14 PDT Subject: Is 40 bits too little? Message-ID: <199304200401.AA26166@ra.cs.umb.edu> Yes, in just a trillion iterations you can test all possible keys. But if for testing *each* key you will have to figure out whether a text /signal you produced represents sensible speech... - it may be prohibitively expensive. Alex Chislenko. From tcmay at netcom.com Mon Apr 19 21:02:58 1993 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 19 Apr 93 21:02:58 PDT Subject: (fwd) THE CLIPPER CHIP: A TECHNICAL SUMMARY Message-ID: <9304200403.AA18854@netcom3.netcom.com> Cypherpunks, Here's the most complete and readable summary of the Wiretap Chip I've seen. Ironically, it comes from none other than Dorothy, the Wicked Witch of the East, who claims she knew nothing of it until Thursday night, just before the announcement. Curiouser and curiouser. -Tim May From: denning at guvax.acc.georgetown.edu Newsgroups: sci.crypt Subject: THE CLIPPER CHIP: A TECHNICAL SUMMARY Date: 19 Apr 93 18:23:27 -0400 Distribution: world Organization: Georgetown University The following document summarizes the Clipper Chip, how it is used, how programming of the chip is coupled to key generation and the escrow process, and how law enforcement decrypts communications. Since there has been some speculation on this news group about my own involvement in this project, I'd like to add that I was not in any way involved. I found out about it when the FBI briefed me on Thursday evening, April 15. Since then I have spent considerable time talking with the NSA and FBI to learn more about this, and I attended the NIST briefing at the Department of Commerce on April 16. The document below is the result of that effort. Dorothy Denning --------------- THE CLIPPER CHIP: A TECHNICAL SUMMARY Dorothy Denning April 19, 1993 INTRODUCTION On April 16, the President announced a new initiative that will bring together the Federal Government and industry in a voluntary program to provide secure communications while meeting the legitimate needs of law enforcement. At the heart of the plan is a new tamper-proof encryption chip called the "Clipper Chip" together with a split-key approach to escrowing keys. Two escrow agencies are used, and the key parts from both are needed to reconstruct a key. CHIP STRUCTURE The Clipper Chip contains a classified 64-bit block encryption algorithm called "Skipjack." The algorithm uses 80 bit keys (compared with 56 for the DES) and has 32 rounds of scrambling (compared with 16 for the DES). It supports all 4 DES modes of operation. Throughput is 16 Mbits a second. Each chip includes the following components: the Skipjack encryption algorithm F, an 80-bit family key that is common to all chips N, a 30-bit serial number U, an 80-bit secret key that unlocks all messages encrypted with the chip ENCRYPTING WITH THE CHIP To see how the chip is used, imagine that it is embedded in the AT&T telephone security device (as it will be). Suppose I call someone and we both have such a device. After pushing a button to start a secure conversation, my security device will negotiate a session key K with the device at the other end (in general, any method of key exchange can be used). The key K and message stream M (i.e., digitized voice) are then fed into the Clipper Chip to produce two values: E[M; K], the encrypted message stream, and E[E[K; U] + N; F], a law enforcement block. The law enforcement block thus contains the session key K encrypted under the unit key U concatenated with the serial number N, all encrypted under the family key F. CHIP PROGRAMMING AND ESCROW All Clipper Chips are programmed inside a SCIF (secure computer information facility), which is essentially a vault. The SCIF contains a laptop computer and equipment to program the chips. About 300 chips are programmed during a single session. The SCIF is located at Mikotronx. At the beginning of a session, a trusted agent from each of the two key escrow agencies enters the vault. Agent 1 enters an 80-bit value S1 into the laptop and agent 2 enters an 80-bit value S2. These values serve as seeds to generate keys for a sequence of serial numbers. To generate the unit key for a serial number N, the 30-bit value N is first padded with a fixed 34-bit block to produce a 64-bit block N1. S1 and S2 are then used as keys to triple-encrypt N1, producing a 64-bit block R1: R1 = E[D[E[N1; S1]; S2]; S1] . Similarly, N is padded with two other 34-bit blocks to produce N2 and N3, and two additional 64-bit blocks R2 and R3 are computed: R2 = E[D[E[N2; S1]; S2]; S1] R3 = E[D[E[N3; S1]; S2]; S1] . R1, R2, and R3 are then concatenated together, giving 192 bits. The first 80 bits are assigned to U1 and the second 80 bits to U2. The rest are discarded. The unit key U is the XOR of U1 and U2. U1 and U2 are the key parts that are separately escrowed with the two escrow agencies. As a sequence of values for U1, U2, and U are generated, they are written onto three separate floppy disks. The first disk contains a file for each serial number that contains the corresponding key part U1. The second disk is similar but contains the U2 values. The third disk contains the unit keys U. Agent 1 takes the first disk and agent 2 takes the second disk. The third disk is used to program the chips. After the chips are programmed, all information is discarded from the vault and the agents leave. The laptop may be destroyed for additional assurance that no information is left behind. The protocol may be changed slightly so that four people are in the room instead of two. The first two would provide the seeds S1 and S2, and the second two (the escrow agents) would take the disks back to the escrow agencies. The escrow agencies have as yet to be determined, but they will not be the NSA, CIA, FBI, or any other law enforcement agency. One or both may be independent from the government. LAW ENFORCEMENT USE When law enforcement has been authorized to tap an encrypted line, they will first take the warrant to the service provider in order to get access to the communications line. Let us assume that the tap is in place and that they have determined that the line is encrypted with Clipper. They will first decrypt the law enforcement block with the family key F. This gives them E[K; U] + N. They will then take a warrant identifying the chip serial number N to each of the key escrow agents and get back U1 and U2. U1 and U2 are XORed together to produce the unit key U, and E[K; U] is decrypted to get the session key K. Finally the message stream is decrypted. All this will be accomplished through a special black box decoder operated by the FBI. ACKNOWLEDGMENT AND DISTRIBUTION NOTICE. All information is based on information provided by NSA, NIST, and the FBI. Permission to distribute this document is granted. -- From mdiehl at triton.unm.edu Mon Apr 19 21:35:40 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Mon, 19 Apr 93 21:35:40 PDT Subject: Is 40 bits too little? In-Reply-To: <199304200401.AA26166@ra.cs.umb.edu> Message-ID: <9304200423.AA04402@triton.unm.edu> > Yes, in just a trillion iterations you can test all possible keys. > But if for testing *each* key you will have to figure out whether a text > /signal you produced represents sensible speech... - it may be prohibitively > expensive. > Well, what if you're "close?" Will it sound "kinda sensible?" Perhapse it would sound like long distance.... ;^) Just a thought. +-----------------------+-----------------------------+---------+ | J. Michael Diehl ;-) | I thought I was wrong once. | PGP KEY | | | But, I was mistaken. |available| | +-----------------------------+---------+ | mdiehl at triton.unm.edu | "I'm just looking for the opportunity | | mike.diehl at fido.org | to be Politically Incorrect! | | (505) 299-2282 | | +-----------------------+---------------------------------------+ From wcs at anchor.ho.att.com Mon Apr 19 21:35:53 1993 From: wcs at anchor.ho.att.com (wcs at anchor.ho.att.com) Date: Mon, 19 Apr 93 21:35:53 PDT Subject: Is 40 bits too little? Message-ID: <9304200435.AA00977@anchor.ho.att.com> h Yes, 40 bits would be too little, especially since you can probably tell if you've got the correct key by the form of the data, but they're actually generating your 80-bit key as the XOR of two other 80-bit numbers, and searching 2**80 still takes reasonably long. Unfortunately, the method of generating the two 80-bit numbers is disturbingly suspect; see articles in sci.crypt and alt.privacy.clipper posted by Steve Bellovin and somebody with email from Martin Hellman and Dorothy Denning. Bill Stewart From 74076.1041 at CompuServe.COM Mon Apr 19 22:38:04 1993 From: 74076.1041 at CompuServe.COM (Hal) Date: Mon, 19 Apr 93 22:38:04 PDT Subject: Is 40 bits too little? Message-ID: <930420053136_74076.1041_FHD37-1@CompuServe.COM> Just to remind everyone, the clipper key is not 40 bits. It is 80 bits. It is not divided up into two 40-bit halves. It is the result of xor'ing two 80-bit numbers, each of which would be held separately. Knowing one of the numbers would not improve your chances of guessing the key. Hal From wixer!wixer.bga.com!gumby at cactus.org Mon Apr 19 23:43:34 1993 From: wixer!wixer.bga.com!gumby at cactus.org (Douglas Barnes) Date: Mon, 19 Apr 93 23:43:34 PDT Subject: Sound bite (a bit crude) Message-ID: <9304200447.AA28123@wixer> Came up during brainstorm session for article: "Clipper Chip Encryption: A leaky condom for the masses?" -- Doug (gumby at wixer.bga.com) From karn at qualcomm.com Mon Apr 19 23:53:42 1993 From: karn at qualcomm.com (Phil Karn) Date: Mon, 19 Apr 93 23:53:42 PDT Subject: Sound bite time Message-ID: <9304200653.AA10987@servo> Paul E. Baclace: >As we move into the electronic frontier, the freedom to use crypto-privacy >technology is becoming the equivalent to the right to bear arms: >it is the last line of defense against a tyrannic government. The good >news is that privacy is a defensive technology, not an offensive one. >Giving up this un-enumerated right could be disasterous to future >generations. I really, *REALLY* hope that this argument doesn't catch on. Regardless of your opinions on gun control, you have to admit that linking crypto to weapons saddles it with an enormous amount of political baggage that we simply doesn't need. And it plays right into the hands of those in the government who consider it as a "munition" for export control purposes. I think we already have plenty of strong arguments in defense of the right to encrypt without opening up this can of worms. It can only turn off a lot of people who would otherwise support us. Phil From uunet!netcom.com!tcmaydenning at guvax.acc.georgetown.edu Mon Apr 19 21:39:00 1993 From: uunet!netcom.com!tcmaydenning at guvax.acc.georgetown.edu (Timothy C. May Timothy C. May) Date: Tue, 20 Apr 93 00:39 EDT Subject: (fwd) THE CLIPPER CHIP: A TECHNICAL SUMMARYTHE CLIPPER CHIP: A TECHNICAL SUMMARY Message-ID: <9304200403.AA18854@netcom3.netcom.com> Paul Ferguson | The future is now. Network Integrator | History will tell the tale; Centreville, Virginia USA | We must endure and struggle fergp at sytex.com | to shape it. Stop the Wiretap (Clipper/Capstone) Chip. From tcmay at netcom.com Tue Apr 20 01:08:21 1993 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 20 Apr 93 01:08:21 PDT Subject: Sound bite time Message-ID: <9304200808.AA15339@netcom.netcom.com> Phil Karn, referring to some parallels with gun control, writes: >I really, *REALLY* hope that this argument doesn't catch on. >Regardless of your opinions on gun control, you have to admit that >linking crypto to weapons saddles it with an enormous amount of >political baggage that we simply doesn't need. And it plays right into >the hands of those in the government who consider it as a "munition" >for export control purposes. > >I think we already have plenty of strong arguments in defense of the >right to encrypt without opening up this can of worms. It can only >turn off a lot of people who would otherwise support us. I agree. Mentioning guns raises too many confusing issues, including emotional reactions, talk of private vs. public ownership, etc. Several decades ago it might have been better received. The compelling "sound bites" revolve around these kinds of examples: - having to deposit copies of all your private letters with the authorities, "in case" they need to later read them... - not being allowed to use locks--on anything--that the government can't bypass - recording all private conversations and escrowing the tapes, just in case the government later wants to hear them - video cameras in all bedrooms to allow the police to check for illegal activities (even with proper "court orders," most people will react with shock at this suggestion) These are things that everyone can understand. And be shocked by. When they realize just how similar the "key escrow" idea is to these examples, they may get more indignant. -Tim May -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, smashing of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available. Waco Massacre + Big Brother Wiretap Chip = A Nazi Regime From pmetzger at lehman.com Tue Apr 20 03:09:46 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Tue, 20 Apr 93 03:09:46 PDT Subject: Another Clipper Weakness In-Reply-To: <9304200403.AA18854@netcom3.netcom.com> Message-ID: <9304201009.AA21829@snark.shearson.com> Another clipper weakness. The unit key is derived directly from the serial number for the chip. We are supposed to feel comfy that the unit key is 80 bits long -- but the unit serial numbers are only 30 bits long! Am I crazy, or could you could systematically generate all possible unit keys! Perry From jrk at information-systems.east-anglia.ac.uk Tue Apr 20 03:21:00 1993 From: jrk at information-systems.east-anglia.ac.uk (Richard Kennaway) Date: Tue, 20 Apr 93 03:21:00 PDT Subject: True Randoms Message-ID: <23693.9304201020@sys.uea.ac.uk> I have seen mentioned in sci.electronics (not recently) that true random number generator chips are available off-the-shelf. Texas Instruments was mentioned as one source, but I don't remember details. -- ____ Richard Kennaway \ _/__ School of Information Systems Internet: jrk at sys.uea.ac.uk \X / University of East Anglia uucp: ...mcsun!ukc!uea-sys!jrk \/ Norwich NR4 7TJ, U.K. From pcw at access.digex.com Tue Apr 20 05:21:01 1993 From: pcw at access.digex.com (Peter Wayner) Date: Tue, 20 Apr 93 05:21:01 PDT Subject: Objections... Message-ID: <199304201220.AA27725@access.digex.com> I think one very serious objection to the SkipJack system is that the secrecy prevents us from coming up with Software implementations of the system. Naturally, they don't want that to happen because people start finding easy ways to screw up the encrypted block of key information needed by the government. But regardless of that, software implementations of DES have been extremely useful for everyone. There is probably 10 times as much encryption done using software DES than hardware. Maybe 1000 times as much. The fact is that software protection is much easier for the public to use. They don't need to buy an extra chip for their computer. They just run some software. It's cheaper. More populist. I think this is the most practical and non-inflamatory argument for public access to the algorithm. -Peter Wayner From robichau at lambda.msfc.nasa.gov Tue Apr 20 06:03:37 1993 From: robichau at lambda.msfc.nasa.gov (Paul Robichaux) Date: Tue, 20 Apr 93 06:03:37 PDT Subject: NPR piece on "Clipper Chip" this morning Message-ID: <9304201303.AA23547@lambda.msfc.nasa.gov> NPR did a (for them, anyway) well-balanced piece on the wiretap chip this morning. Per their standard, the reporter (Dan Charles) had sound bites from both sides: Whit Diffie, representing the strong-privacy-through-crypto crowd, and the (acting?) director of NIST, Raymond whose-last-name-I-forget. Highlights: Diffie compared Clipper to a real estate lockbox. The feds don't have to have the key to the house (=phone), just the key to the lockbox. If you change your Clipper key, the chip keeps a copy. NIST guy said that he strongly supports individual privacy, but law enforcement needs have to be counted, too. Diffie (rough quote): "Technology makes policy. If the gov't spends hundreds of millions of dollars on a chip which allows them to tap phones, they will do so because the technology's there." Good for NPR. A balanced piece. -Paul -- Paul Robichaux, KD4JZG | HELP STOP THE BIG BROTHER CHIP! NTI Mission Software Development Div. | RIPEM key on request. From zane at genesis.mcs.com Tue Apr 20 06:35:33 1993 From: zane at genesis.mcs.com (Sameer Parekh) Date: Tue, 20 Apr 93 06:35:33 PDT Subject: CLIP: Revised sample letter Message-ID: I finished my letter about the wiretap chip. (I still need to proof for grammar, but the content I have set.) I'm posting it here so others may see it and their efforts could be aided. Feel free to distribute this AS MUCH as possible. If you want to comment on the letter, so so publicly, because I am sending this tomorrow morning and sending to me privately will do no good-- I will have sent it by the time I read your comments. Comments *will* be helpful though for other people. I will keep the lists informed as to what response I get from my letter if people wish. -- | Sameer Parekh-zane at genesis.MCS.COM-PFA related mail to pfa at genesis.MCS.COM | | Apprentice Philosopher, Writer, Physicist, Healer, Programmer, Lover, more | | "Be God" - Me __ "Specialization is for Insects" - Robert A. Heinlein ____/ Editor: The Clinton administration on Friday unveiled their plan for establishing a standard data encryption system for voice communications. President Clinton says that he wants to bring the United States into the twenty-first century. This proposal is bringing us to 1984. I will mention first the technical reasons why the system is inadequate. The encryption algorithim is classified; only a select group of people will be allowed to examine the algorithim for flaws. The members of the cryptographic community continually and persistently emphasize that the only way to ensure security in a cryptographic system is to have as many people as possible analyze and try to break it for as long as possible. A system which has been examined by a small segment of the population should not be trusted. Release of the algorithim is crucial to verification of a good encryption method. The earlier Data Encryption Standard (DES) for data storage encryption was a very strong standard; the academic world examined it and after a number of months found weaknesses, spawning the now-standard "triple-DES" system which is more secure. From what little is known about the encryption system, it appears to be a weak system. Such a weak system lends itself to easy decryption by an unauthorized party. It would lend a false sense of security to laypersons in the field who do not realize that a key of such simplicity could be cracked easily by any talented criminal. The necessarily secure communications between a doctor and his patient could be thus breached. If the system were strong, the government would use it for internal use, but according to the AT&T release, the government will not be using the same chip which is marketed to consumers. Apart from the technical flaws in the system, there are many political problems with this big brother proposal. First, there is the assumption that the government has a right to spy on its own citizens. The proposal for this wiretap chip includes the registration of keys with two escrow agencies. This proposal is purported to allow law enforcement to keep track of "terrorists" and "drug-dealers." The first flaw in this key-escrow system is that no self-respecting criminal will use a cryptography system which can be easily tapped by law enforcement officials-- they will use strong cryptography. The only people who may end up using the wiretap encryption system will be law-abiding laypeople who don't fully understand cryptography. (Law-abiding citizens who do understand cryptography will use strong cryptography to preserve their privacy from a talented criminal.) The proposal states that in order to obtain the key of a wiretap chip user a law enforcement agency must first establish that they have a valid interest in the key. Translated out of legalese, that means that all a government agency will have to do to get access to all of the private communications, for example, between a lawyer and her client will be to fill out the necessary forms. Registering cryptographic keys with the government is similar to giving the IRS the keys to your house and filing cabinet. A criminal who wants access to the communications between a priest and confessor needs only to find a corrupt judge. The chip is being manufactured exclusively by one company. The release stated that the Attorney shall request (i.e. coerce) telecommunication product manufacturers to use this product. This aspect of the system is a government-mandated monopoly. Such monopolies result in high prices and the elimination of market forces which drive the improvement of technology. (One needs only look at the state of the Soviet Union to see how the lack of market forces affects consumer technology.) The system exposes our President's hypocrasy because of his campaign promise to protect womens' rights to privacy and that he will see a Supreme Court nominee who believes that the Bill of Rights guarantees a right to privacy. By mandating a weak cryptosystem he is reneging on his promise to provide privacy rights to the nation's citizenry. If Clinton supported a right to privacy to limit government interference with regards to abortions, he must limit government interference with regards to communication. Another element of Clinton's hypocrasy lies in his promise to reduce the budget deficit. By introducing additional responsibilities for government agencies (keeping track of the millions of keys registered in escrow) he is only using our tax dollars to invade our privacy, tax dollars which are better spent lowering the budget deficit. What I fear most from the proposal is that if the wiretap chip becomes the standard, strong cryptography will be declared illegal. If such is the case, then only criminals will have access to strong cryptography. As I have stated above-- the wiretap chip will not be used by criminals because of the obvious flaws in the crypto-system-- criminals will use strong crypto, while law-abiding citizens will have to use a system which can be easily defeated by any criminal. Strong cryptography already exists for data communications, for -free-. Strong cryptography for voice communications for -free- is only a few months away for people who own a personal computer. There is no way that making strong cryptography illegal will stop it-- it will only turn otherwise law-abiding citizens into criminals. Sincerely, Sameer Parekh 829 Paddock Lane Libertyville, IL 60048-3743 zane at genesis.mcs.com 708-362-9659 From pat at tstc.edu Tue Apr 20 06:43:02 1993 From: pat at tstc.edu (Patrick E. Hykkonen) Date: Tue, 20 Apr 93 06:43:02 PDT Subject: Waco, crypto, and unbreakable links Message-ID: <9304201342.AA08444@tstc.edu> > We can only speculate that the loss of life > might have been much fewer if the Branch Davidian > cult had a copy of PGP as well as a 2m packet > radio. > > They could have maintained private links with journalists > who could have given us their side of the story, which > now, tragically will never be told. I thought about this yesterday at lunch, at about the time the fire started in the Davidian compound. Only as it applies to the overthrow of a government or such. Agree on the initial frequency and time, then send the next frequency and time encoded in the message text to avoid jamming. "A rebellion is not a few men huddled around a candle talking in whispers. But a large, well funded, organization with an intricate communications network." - Unknown -- Pat Hykkonen, N5NPL Texas State Technical College at Waco {pat,postmaster}@tstc.edu Instructional Network Services PGP Key available by finger. 3801 Campus Dr. Waco, Tx 76705 V:(817) 867-4830 F:(817) 799-2843 From jim at tadpole.com Tue Apr 20 08:41:58 1993 From: jim at tadpole.com (Jim Thompson) Date: Tue, 20 Apr 93 08:41:58 PDT Subject: (fwd) THE CLIPPER CHIP: A TECHNICAL SUMMARY In-Reply-To: <9304200403.AA18854@netcom3.netcom.com> Message-ID: <9304201041.ZM1104@chiba> Note that SCIF is not Secure Computer Information Facility, its Secure Compartment(alized) Information Facility. One can only wonder what else Dottie Denning got wrong. What happens to the disk that has 'U' on it? :-) Jim From 74076.1041 at CompuServe.COM Tue Apr 20 08:56:46 1993 From: 74076.1041 at CompuServe.COM (Hal) Date: Tue, 20 Apr 93 08:56:46 PDT Subject: Another Clipper weakness Message-ID: <930420155129_74076.1041_FHD54-1@CompuServe.COM> Perry asks about the 30-bit serial number. Actually, it appears that the unit key UK is a function of the serial number plus the two 80-bit random numbers input by the escrow agents when the chips are programmed. This would prevent an easy guessing attack as long as these random numbers S1 and S2 are unknown. The one problem is that S1 and S2 are not changed for each chip, but are rather kept the same in programming a batch of about 300 chips. Then they are supposed to be destroyed. The potential weakness is that if someone managed to keep a copy of the S1 and S2 values which were used to program all clipper chips (only about 3000 such values for a million chips), then Perry's suggested attack could work. This would be few enough bits that the unit key could be guessed. Those who are asked to judge the safety of the system will presumably pay careful attention to the measures used to insure that S1 and S2 are not saved. I don't know how they'll check for NSA micro-cameras in the vault ceiling, though... Hal From dstalder at gmuvax2.gmu.edu Tue Apr 20 09:10:21 1993 From: dstalder at gmuvax2.gmu.edu (Darren/Torin/Who ever...) Date: Tue, 20 Apr 93 09:10:21 PDT Subject: WIRETAP: Non-technical statement Message-ID: <9304201606.AA10704@gmuvax2.gmu.edu> I've had some people ask me about a non-technical synopsis of the Wiretap Chip proposal. What follows is it. Can you please look over it for errors? I am still very much the amateur when it comes to cryptography. The WIRE-TAP Proposal: Problems with it. The White House sent out a press release on Friday 16 April about a voice encryption chip called the Clipper chip. This has come to be known as the Wiretap chip since it allows any Law Enforcement agency to automatically decrypt any conversations made with it with a search warrant. The LE presents said search warrant to two different escrow agencies to obtain the keys (80 bits long) that automatically decrypts your conversation. The Electronic Freedom Foundation (EFF) and the Computer Professionals for Social Responsibility (CPSR) have both criticized the proposal. There was even a negative article already in Network World (19 Apr 93). The paragraphs that follow are facts and problems I have collected by listening to other discuss the Wiretap chip. Say you wanted to encrypt your talk with someone over a phone. Well, since you and the person you want to talk to both have the Wiretap (Clipper) chip in your phones, you can automatically encrypt your conversation. All fine and good encryption for the consumer. Now, what if you come under investigation by the local constabulary? The get a court order and ask the escrow agencies (non-law enforcement types) for your key. They already have the family key since that is the same in each chip. They now have your specific key. With these two keys, they can decrypt all conversations that you have. This includes conversations that are not legal to wiretap such as attorney-client, doctor-patient and so on. They also have that key for any all future sessions that you use that phone for. Start to see the problem? This part is all legal... Search warrants are even exceedingly easy to get at times. There have been reports of the FBI get groups of 50 signed and blank search warrants from the DoJ. Now, there are other problems. Would you give the IRS keys to your house and filing cabinet as long as they promised that they would only use it under proper authorization? The key length of 80 bits is still considered cryptographically weak. It would take determined effort by an agency with a supercomputer but your key could be broken. The cryptographic algorithm is also being kept classified. This is not the usual practice. In the cryptographic community, algorithms are public. This way people can be assured there aren't any back doors and that the algorithm can stand on its own strengths, not that of secrecy. It has also been hinted at by NIST (the agency behind the technical implementation of the chip.) that the chip could be compromised if the algorithm was made public. It is not that difficult to reverse engineer a chip these days. Finally, some of the implications behind this announcements are dire. The Wiretap chip could become the market or legislative standard. This could mean that other implementations of cryptographic voice transactions would be very difficult to obtain or would be illegal to obtain. Why would a criminal use the Wiretap chip when they knew it wouldn't encrypt their conversations against the LE agencies? They wouldn't, they would use other encryption technologies. Would this mean that using something other than the Wiretap chip is probable cause and puts you under suspicion? One last fishy thing is that AT&T has already (on the same day) announced phones with this chip. This implies (means?) that AT&T has known about this chip for a while. They seem to be more concerned about getting a jump on the competition than producing a product that will actually give their users real security. 'Course, there is the question of collusion between the governement and industry. Only two companies will be allowed to manufacture the chip, VLSI and Mykotronix. Jeff Hendy, director of new product marketing for VLSI, says his company expects to make $50 million of the chip in the next 3 years. (This from the San Jose Mercury News.) Hopefully, I haven't left stuff out. I am going to forward this to cypherpunks for the experts there to check it out. Think free, -- Defeat the Torin/Darren Stalder/Wolf __ Wiretap Chip Internet: dstalder at gmuvax2.gmu.edu \/ PGP2.x key available. Proposal! Bitnet: dstalder at gmuvax Finger me. Write me for Sprintnet: 1-703-845-1000 details. Snail: 10310 Main St., Suite 110/Fairfax, VA/22030/USA DISCLAIMER: A society where such disclaimers are needed is saddening. From peb at PROCASE.COM Tue Apr 20 10:31:28 1993 From: peb at PROCASE.COM (peb at PROCASE.COM) Date: Tue, 20 Apr 93 10:31:28 PDT Subject: Sound bite time Message-ID: <9304201727.AA03474@banff> I like the newer sound bites. ``Having to deposit copies of all your private letters with the authorities, "in case" they need to later read them...'' and ``Giving the government keys to your encrypted messages is like giving them keys to the front door of your house.'' seem best. Phil, About the right to bear arms and crypto-privacy...you are right--it is not a good sound bite for J. Q. Public, but could be a good angle for *understanding* (uhg, I hate this sound bite stuff.) Paul E. Baclace peb at procase.com From wcs at anchor.ho.att.com Tue Apr 20 10:35:05 1993 From: wcs at anchor.ho.att.com (wcs at anchor.ho.att.com) Date: Tue, 20 Apr 93 10:35:05 PDT Subject: Wiretapping chip: vid clips & sound bites Message-ID: <9304201734.AA09381@anchor.ho.att.com> I strongly agree with Ray Cromwell's suggestions that we consistently refer to "the wiretap chip", and avoid "drug dealer" examples. One that might be closer to home when you need an example is "Suppose the IRS thinks you may have cheated on your income tax and decides they want to wiretap your phone ..." It's within the range of things people imagine could happen to them, and it makes the point that it's *their* phone that's being trapped, not some public enemy bogeyman. Making it personal is important... Bill # Bill Stewart wcs at anchor.ho.att.com +1-908-949-0705 Fax-4876 # AT&T Bell Labs, Room 4M-312, Crawfords Corner Rd, Holmdel, NJ 07733-3030 From jet at nas.nasa.gov Tue Apr 20 10:40:23 1993 From: jet at nas.nasa.gov (J. Eric Townsend) Date: Tue, 20 Apr 93 10:40:23 PDT Subject: Waco, crypto, and unbreakable links In-Reply-To: <9304200237.AA14578@netcom.netcom.com> Message-ID: <9304201740.AA18148@boxer.nas.nasa.gov> 1016/2EF221 writes: > We can only speculate that the loss of life > might have been much fewer if the Branch Davidian > cult had a copy of PGP as well as a 2m packet > radio. Yes, we can only speculate. We can only speculate what would have happened if the members who had left had told what they knew -- they had/have many chances, including one member who called media from prison. Maybe the BD's didn't have anything to say in the first place? Koresh et al got plenty of radio time, and had even more time offered. His lawyers negotiated with media for film rights... I don't think PGP/packet would have helped him a bit. Having all his neurons operating in a reality the rest of us live in might have helped a bit more. (I used to live in Texas, and have long known of the "Wackos in Waco", so my sympathy level is a bit low...) From hughes at soda.berkeley.edu Tue Apr 20 11:01:07 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Tue, 20 Apr 93 11:01:07 PDT Subject: Ad hoc Cypherpunks meeting April 24 Message-ID: <9304201754.AA23465@soda.berkeley.edu> ANNOUNCEMENT ============ Ad Hoc Cypherpunks Meeting on the recent Wiretap Chip proposal. Where: Cygnus Support, Mt. View (directions follow) When: 12:00 noon sharp - 6:00 p.m. I'm mad as hell. I know that a lot of other folks are too. So I'm calling an ad hoc meeting to vent some spleen, to calm our heads, and to plan a counterattack. If you have any interest in this whatsoever, please attend. As with all cypherpunks meetings, this meeting is open. Tell anyone you want to tell. Show up. Encourage your friends to show up. I'm going to try to get some of the folks from RSA Data Security to show up, as well as some others who would normally not attend. Eric Hughes cypherpunks list and ftp maintainer AGENDA ====== 12:00 - 6:00 Wiretap chip discussions. There will be a break. DIRECTIONS ========== Cygnus Support 1937 Landings Drive Mt. View, CA 94043 +1 415 903 1400 switchboard +1 415 903 1418 John Gilmore Take US 101 toward Mt. View. From San Francisco, it's about a 40-minute drive. Get off at the Rengstorff Ave/Amphitheatre Parkway exit. If you were heading south on 101, you curve around to the right, cross over the freeway, and get to a stoplight. If you were heading north on 101, you just come right off the exit to the stoplight. The light is the intersection of Amphitheatre and Charleston Rd. Take a right on Charleston; there's a right-turn-only lane. Follow Charleston for a short distance. You'll pass the Metaphor/Kaleida buildings on the right. At a clump of palm trees and a "Landmark Deli" sign, take a right into Landings Drive. At the end of the road, turn left into the complex with the big concrete "Landmark" sign. Follow the road past the deli til you are in front of the clock tower that rises out of one of the buildings, facing you. Enter through the doors immediately under the clock tower. They'll be open between noon and 1PM at least. (See below if you're late.) Once inside, take the stairs up, immediately to your right. At the top of the stairs, turn right past the treetops, and we'll be in 1937 on your left. The door is marked "Cygnus". If you are late and the door under the clock tower is locked, you can walk to the deli (which will be around the building on your left, as you face the door). Go through the gate in the fence to the right of the deli, and into the back lawns between the complex and the farm behind it. Walk forward and right around the buildings until you see a satellite dish in the lawn. Go up the stairs next to the dish, which are the back stairs into the Cygnus office space. We'll prop the door (or you can bang on it if we forget). Or, you can find the guard who's wandering around the complex, who knows there's a meeting happening and will let you in. They can be beeped at 965 5250, though you'll have trouble finding a phone. Don't forget to eat first, or bring food at noon! I recommend hitting the burrito place on Rengstorff (La Costen~a) at about 11:45. To get there, when you get off 101, take Rengstorff (toward the hills) rather than Amphitheatre (toward the bay). Follow it about ten blocks until the major intersection at Middlefield Road. La Costen~a is the store on your left at the corner. You can turn left into the narrow lane behind the store, which leads to a parking lot, and enter by the front door, which faces the intersection. To get to the meeting from there, just retrace your route on Rengstorff, go straight over the freeway, and turn right at the stoplight onto Charleston; see above. See you there! John Gilmore From TO1SITTLER at APSICC.APS.EDU Tue Apr 20 12:23:58 1993 From: TO1SITTLER at APSICC.APS.EDU (TO1SITTLER at APSICC.APS.EDU) Date: Tue, 20 Apr 93 12:23:58 PDT Subject: cypherpunks vs. cryptoprivacy Message-ID: <930420132135.2132@APSICC.APS.EDU> I agree with those who think that "CypherPunks" is a bad name for the list. It brings up negative associations in the minds of outsiders, who are, after all, the people who we want to influence against the Big Brother wiretap chip. Kragen From 74076.1041 at CompuServe.COM Tue Apr 20 13:13:48 1993 From: 74076.1041 at CompuServe.COM (Hal) Date: Tue, 20 Apr 93 13:13:48 PDT Subject: Another Clipper weakness Message-ID: <930420195747_74076.1041_FHD36-1@CompuServe.COM> -----BEGIN PGP SIGNED MESSAGE----- From: "Perry E. Metzger" > I've just looked over the proposal again, and I've seen no mention of > random inputs -- only that the 30 bit key would get a "fixed 34 bit > padding" added to it. Here is what Denning's writeup says: At the beginning of a session, a trusted agent from each of the two key escrow agencies enters the vault. Agent 1 enters an 80-bit value S1 into the laptop and agent 2 enters an 80-bit value S2. These values serve as seeds to generate keys for a sequence of serial numbers. To generate the unit key for a serial number N, the 30-bit value N is first padded with a fixed 34-bit block to produce a 64-bit block N1. S1 and S2 are then used as keys to triple-encrypt N1, producing a 64-bit block R1: R1 = E[D[E[N1; S1]; S2]; S1] . Similarly, N is padded with two other 34-bit blocks to produce N2 and N3, and two additional 64-bit blocks R2 and R3 are computed: R2 = E[D[E[N2; S1]; S2]; S1] R3 = E[D[E[N3; S1]; S2]; S1] . R1, R2, and R3 are then concatenated together, giving 192 bits. The first 80 bits are assigned to U1 and the second 80 bits to U2. The rest are discarded. The unit key U is the XOR of U1 and U2. U1 and U2 are the key parts that are separately escrowed with the two escrow agencies. Here, the notiation E[X; Y] means to encrypt 64-bit number X using 80-bit key Y with the Skipjack algorithm. U1 and U2 come from concatenating R1, R2, and R3. Each of R1, R2, and R3 is a function not only of N, the serial number, along with the 3 fixed 34-bit blocks, but also S1 and S2, the two random numbers entered by agents from the escrow organizations. > > The one problem is that S1 and S2 are not changed for each chip, but are > > rather kept the same in programming a batch of about 300 chips. Then > > they are supposed to be destroyed. > > This was not clearly implied, either. Furthermore, no clear reason has > been stated why all this complexity is needed and U1 and U2 can't just > be randomly generated. All Clipper Chips are programmed inside a SCIF (secure computer information facility), which is essentially a vault. The SCIF contains a laptop computer and equipment to program the chips. About 300 chips are programmed during a single session. The SCIF is located at Mikotronx. I agree that the process seems complex. Why should the keys U1 and U2 be correlated with the serial number in this way? Here is one thought: The most straightforward approach would be to get two random seeds, S1 and S2, and use them to run a PRNG that produces U1 and U2, the two key-halves, and N, the serial number. But the problem with this is that you are depending on the security of your PRNG to ensure that there is no correlation between N and U1/U2. Ordinary PRNG's might allow some correlation to exist. This would be weak because then just knowing the N of your chip might allow a good organization like NSA to crunch out U1 and U2 without going through the escrow agencies, by exploiting weaknesses in the PRNG. Instead, they go through a roundabout process which appears to show that the relationship between N and U1/U2 is as strong as the Skipjack algorithm itself, in fact when run in a triple-encryption mode. If NSA had a way, given N, to produce U1/U2, then it would appear that they must be able to break Skipjack, in which case they wouldn't need U1/U2. So this key generation process can be argued not to introduce any new vulnerability in the system. Hal -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK9QrV6gTA69YIUw3AQGGrAP/Rmx0H603b1EdBIsiGuc637wptW133IFU /irxw+aCPrL3yOzuBTQbUW+LeMIwpC+Y8DARkAohxnIjhuu/aQXVnIvJPPiUSPr0 fz2PLxhA5tgjVAH0e5xvl9K+CgWnRXazd9Tp+Zbi/xAiWz0PI6kff4QtNG13p1xw /V0dGDb4tec= =XgfH -----END PGP SIGNATURE----- From pmetzger at lehman.com Tue Apr 20 13:32:50 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Tue, 20 Apr 93 13:32:50 PDT Subject: Another Clipper weakness In-Reply-To: <930420195747_74076.1041_FHD36-1@CompuServe.COM> Message-ID: <9304202032.AA23137@snark.shearson.com> Hal says: > Here is what Denning's writeup says: > > At the beginning of a session, a trusted agent from each of the two key > escrow agencies enters the vault. Agent 1 enters an 80-bit value S1 > into the laptop and agent 2 enters an 80-bit value S2. These values > serve as seeds to generate keys for a sequence of serial numbers. > > To generate the unit key for a serial number N, the 30-bit value N is > first padded with a fixed 34-bit block to produce a 64-bit block N1. > S1 and S2 are then used as keys to triple-encrypt N1, producing a > 64-bit block R1: [...] I've reread the text again. There seems to be no assurance at all that S1 and S2 are random or that they are not the same for all chips. There also seems to be no rational explanation of why N is only thirty bits long -- its a strange number in the modern world of computing. > I agree that the process seems complex. Why should the keys > U1 and U2 be correlated with the serial number in this way? Here is > one thought: > > The most straightforward approach would be to get two random seeds, > S1 and S2, and use them to run a PRNG that produces U1 and U2, the > two key-halves, and N, the serial number. The number N is not secret and is not random -- it is therefore not necessary that the PRNG generate N, and indeed N is not generated, it is given. Its presumably just an ordinary serial number. > But the problem with this is that you are depending on the security > of your PRNG to ensure that there is no correlation between N and > U1/U2. Ordinary PRNG's might allow some correlation to exist. This > would be weak because then just knowing the N of your chip might allow > a good organization like NSA to crunch out U1 and U2 without going > through the escrow agencies, by exploiting weaknesses in the PRNG. > > Instead, they go through a roundabout process which appears to show that > the relationship between N and U1/U2 is as strong as the Skipjack > algorithm itself, in fact when run in a triple-encryption mode. > If NSA had a way, given N, to produce U1/U2, then it would appear > that they must be able to break Skipjack, in which case they wouldn't > need U1/U2. So this key generation process can be argued not to > introduce any new vulnerability in the system. Why not just generate U1 and U2 by a more straighforward approach that doesn't involve strange padding and odd randomly selected constants? Indeed, why not just use true random numbers? Surely a radioactive source isn't unavailable to Mykotronix. Furthermore, Denning says about 300 chips are programmed in a batch using baroque methods in a vault. Well, folks, that just won't do if twenty or thirty million of these babys are being sold a year -- or even if just five million are sold a year. Seems to me that the processing is going to have to get more efficient, and likely thus much more sloppy. Perry From szabo at techbook.com Tue Apr 20 13:33:45 1993 From: szabo at techbook.com (Nick Szabo) Date: Tue, 20 Apr 93 13:33:45 PDT Subject: WIRETAP: Non-technical statement In-Reply-To: <9304201609.AA20256@churchy.gnu.ai.mit.edu> Message-ID: > [proposed press statement] > .... > This has come to be known as the > Wiretap chip since it allows any Law Enforcement agency to automatically > decrypt any conversations made with it with a search warrant. > ... I understand there are some situations where law enforcement agencies can gain access to keys _without_ a search warrant, and furthermore access to the keys allows wiretapping of conversations that go well beyond the scope of the search warrant. This might be better phrased "with, or in many cases even without, a search warrant". Does anybody know of specific examples of wiretapping without a search warrant, or beyond the scope of the search warrant that we can cite? Especially famous ones (didn't Nixon wiretap somebody?) Question: does there need to be a warrant to search *both* parties in a conversation, or just one? What if one of the parties is a foreign citizen calling from their homeland? What about conference calls? In addition to lawyer-client and doctor-patient conversations, ubiquity of the wiretap chip allows the U.S. government exclusive access to recording the following calls under the rubric of a "secure" system: * husband-wife * psychologist-client * priest-confessor * foreign tourists, businessmen, and diplomats * international phone calls * phone calls outside the U.S. involving Clipper phones (last I heard AT&T was planning to export the wiretap chip phone, can that be verified?) * etc. We might design a special press release to be sent to the *international* press and foreign companies. We might especially target electronics giants like Matsushita, Phillips, Siemens, Fujitsu, NEC, etc. that can make alternative chips if they feel there is market demand for privacy from U.S. spooks who speak of using the wiretap chip to "enhance U.S. economic competitiveness". This might be a joint venture with U.S. companies like Security Technologies Inc. that AT&T and the U.S. government have screwed with their collusion. The vast majority of consumer-product chips are manufactured outside the U.S. It is doubtful that VLSI can compete, much less corner the market if international concern is raised over the potential U.S. wiretapping monopoly. However, we do need to do this in such a way that we do not encourage foreign government escrow-key schemes. Let's use the term "wiretap chip" for the entire class of escrow-key hardware schemes. I think we have a shot at giving the entire class of Denning-style schemes a bad reputation in the international community. One desirable foreign government action would be to ban the import of phone equipment containing escrow-key chips from the U.S.; a very undesirable outcome is for foreign governments to set up their own escrow-key systems. Primarily, we want to give wiretap chips a bad reputation in the market. We also need to dig up information on the phone call archives being kept by the NSA and other agencies. How extensive are they? Is there any guarantee phone calls will be deleted after some period, or are phone calls once tapped stored forever on some CD-ROM? Can foreign companies operating in the U.S. have any confidence that the U.S. government is not wiretapping their phones, gleaning trade secrets and distributing them to favored U.S. megacorps like AT&T? If we don't have answers to these questions we need to ask them, in public and often. Nick Szabo szabo at techbook.com From ld231782 at longs.lance.colostate.edu Tue Apr 20 14:01:03 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Tue, 20 Apr 93 14:01:03 PDT Subject: Denning Unmasked Message-ID: <9304202034.AA24791@crestone> Denning, April 19 >I'd like to add that I was not in >any way involved. I found out about it when the FBI briefed me on >Thursday evening, April 15. Mr. May calls Mrs. Denning's claims that she was ``not in any way involved'' with this project ``curious''. I'm a bit amazed at everyone's tiptoeing around Mrs. Denning and reluctance to challenge her outright given overwhelming evidence as to her two-facedness. Maybe it is her established reputation in the field, maybe it is her cryptography book, maybe it is her participation at conferences like CFP. Nevertheless, I cannot let lies stand. Mrs. Denning wants to have her cake and eat it too. She wants to be perceived as an unbiased academic and taken seriously for her participation in scientific forums. She also wants to mask her involvement in this proposal, which for me, appears unequivocal, and only the *degree* and *extent* is unclear. I cannot comprehend how she cannot be involved. It would not be so outrageous if she stated that ``I cannot comment on my involvement for obvious reasons''. But her denial to me has all the signs of a desperate fabrication. Lets look at what she's done: 1. She was the *first*, if I'm not mistaken, to bring up the idea of splitting keys among impartial agencies many months ago on sci.crypt after the firestorm and barrage of protests on the initial balloon on key registration. 2. She has shown ``prescient insight'' (as another tiptoer noted on sci.crypt) into anticipating major aspects of the proposal. Key registration itself was largely unheard-of until she began advocating the idea. She posts a massive technical description to sci.crypt less than a week after her initial ``briefing''. 3. The rhetoric (more aptly called propaganda) of the public announcement closely mirrors words and arguments she used in the initial debate on sci.crypt, esp. the ``need to balance legitimate law enforcement goals with privacy.'' 4. Since she persists in her sheer, ugly chutzpuh, and people here and on sci.crypt are still pussyfooting around her, I must offer my new evidence. In early April I became extremely concerned about her continuing advocation of key registration in the recent further CACM articles in the face of such vocal opposition and defiance on sci.crypt. I was astonished with the claims in her latest posting to sci.crypt when I read it on 28 March, and replied to it. I expressed my appreciation for her postings, because ``you're definitely one of the most highly regard personalities in this area posting publicly,'' (I was disenchanted enough then not to say `authority') and I wrote of my extreme concern with her seeming evasion of addressing critical aspects of the key-registration idea from a scientific standpoint. I advised her to ``abandon the idea to salvage the remainder of your reputation''. I will be quoting only some critical parts of her letter now (there is only one, but it speaks volumes), and I ask that I not be assaulted for this, because in my opinion the extreme circumstances merit it, and her hypocrisies cannot go unchallenged! Her comments follow her pattern of revealing a few more details of the overall plan after being violently assaulted on the revealed ones. (I remind the reader that this all transpired before any knowledge on my part whatsoever of the Clipper proposal, but apparently not before her own...) - - - L.D.: (Sun, 28 Mar 93 22:13:06 -0700) >The issue is not that "the government is corrupt QED" but that such a >system would be such a tremendous temptation to a government only bordering >on moral rectitude, as ours generally is... Part of the idea of >democracy is not even INTRODUCING mechanisms that have a potential for >extremely insideous and treacherous abuse. D.D.: (Tue, 30 Mar 93 17:23:14 EST) >I am convinced that with the new technologies and crypto, we can make it >extremely difficult -- much more difficult than now -- for the government >to perform illegal taps. L.D.: (Sun, 28 Mar 93 22:13:06 -0700) >I like those new technologies for the same revolutionary reasons. >hehe, we can make it IMPOSSIBLE right now for the government to tap AT >ALL. I guess you can imagine how appealing your proposal is in the face >of this. We're doing just fine, thank you very much. The best thing >the government can do on this issue is STAY OUT OF IT. Given it's >unweildy and intrusive history, this is quite an optimistic expectation. - - - L.D.: (Sun, 28 Mar 93 22:13:06 -0700) >There are just no good assurances that these kind of systems won't >be radically abused, and until you describe precisely how to do this >most reasonable people will not touch your proposals with a 20ft >pole, even in cyberspace... D.D.: (Tue, 30 Mar 93 17:23:14 EST) >Obviously a much more detailed proposal would be needed in >order to answer all the questions people have asked. L.D.: (Tue, 30 Mar 93 17:03:04 -0700) >We eagerly await such a proposal from you or others, to show how none >of the specifics can possibly be implemented without a totalitarian >state, bizarre and unrealistic assumptions, unbearable and >anti-competitive commercial restrictions, or new grotesque government >bureacracies. - - - L.D.: (Sun, 28 Mar 93 22:13:06 -0700) >The issue is not that "criminals won't comply QED" >but that "enforcement is impossible except in a totalitarian state". D.D.: (Tue, 30 Mar 93 17:23:14 EST) >Not necessarily if you don't try to demand 100% compliance. Everyone is >required to register their car, and this has not required a totalitarian state. >Compliance might be enforced only when there is already probably cause and >a warrant issued. Compliance might be promoted by putting requirements on >products that are sold. L.D.: (Tue, 30 Mar 93 17:03:04 -0700) >I object to this vehemently. I consider this somewhat of a subterfuge. >The public then may not be aware how much they are spending to promote >an agenda of the anointed government officials' plans detrimental to >privacy. It would weaken technological competiveness, for companies to >be burdened by these artificial and warped restrictions. > >Unfortunately, I find it one of your most dangerously insidious ideas, >because it has the most likelihood of influencing some naive, >uninformed, and misguided policymaker... > >These policies you have in mind are exactly the kind that sound good on >paper and intent, but when implemented come nothing close to the >intentions of the purveyors, who on hint of failure would then >disassociate themselves, saying that ``it wasn't implemented according >to my suggestions.'' That's the problem, its an inherently flawed idea >to begin with, and NO implementation would have the desired effect... - - - D.D.: (Tue, 30 Mar 93 17:23:14 EST) >I do not find >sci.crypt a constructive environment to explore the issues or try to develop >a more concrete proposal, so I will use other forums for this. L.D.: (Tue, 30 Mar 93 17:03:04 -0700) >definitely, Usenet has all the delicacy, subtlety and finesse of a >melee. On the other hand, it also has a low tolerance for pretentious >and impractical ideas ... > >I'm serious. I think you ought to stop promoting the idea. Otherwise, >the label "Denning Proposal" will have all the valiant credibility that >the label "Chamberlain Treaty" had after WWII.... Don't say I didn't warn >you! > >Do you know how much trouble the NSA has caused for the development and >proliferation of cryptography? Do you think they have harmed American >interests in the international market? Weakened their ability to >compete? I guarantee that all this would PALE TOTALLY in comparison to >any kind of key-registration scheme, and would earn its advocates, in >historical hindsight, the utmost black discredit imaginable. - - - Mrs. Denning did not respond to my letter of Tue, 30 Mar 93 17:03:04 -0700, for obvious reasons... Let me add that of all the things she wrote about, the `commercial compliance by requirements on products sold' alarmed me the most, and I thought she might be hinting at Telephony-style bill. I considered sending a warning to the cypherpunk list, but decided that it would be premature and I intended to watch and wait for more signs first... Perhaps I am condemning aspects of my own future in academic circles for attacking Denning. Perhaps I am the subject of zealous blacklisting at this moment for my public comments on the Clipper chip. But I cannot be silent in the face of repulsive and outrageous hypocrisy. Because of her denial, I have no alternative but to recognize Mrs. Denning as the intellectual and moral equivalent of a double-agent. She is a traitor to at least *one* cause. I hope her friends involved in the Clipper proposal appreciate her work in that area, because, for me, she no longer has any credibility whatsoever as an unbiased cryptographic authority or an honest and ethical scientist. Like a compromised code, the integrity has been lost... NOTE! this letter is a *warning* for the private cypherpunks list only! I do not grant, and specifically prohibit, redistribution. If Mrs. Denning publicly addresses the points I have raised in this letter, I will consider my sincere trust misguided and violated. From 74076.1041 at CompuServe.COM Tue Apr 20 14:26:00 1993 From: 74076.1041 at CompuServe.COM (Hal) Date: Tue, 20 Apr 93 14:26:00 PDT Subject: Another Clipper weakness Message-ID: <930420210931_74076.1041_FHD64-1@CompuServe.COM> -----BEGIN PGP SIGNED MESSAGE----- From: "Perry E. Metzger" > The number N is not secret and is not random -- it is therefore not > necessary that the PRNG generate N, and indeed N is not generated, it > is given. Its presumably just an ordinary serial number. Yes, sorry, I was confused about that. N is indeed an ordinary serial number. > Why not just generate U1 and U2 by a more straighforward approach that > doesn't involve strange padding and odd randomly selected constants? > Indeed, why not just use true random numbers? Surely a radioactive > source isn't unavailable to Mykotronix. Again, I think the fact that the S1 and S2 are introduced by agents of the escrow organizations is supposed to make the process appear more trustworthy. Since the escrow organizations must be trusted, it does not add any weaknesses to have them creating the random seeds for the keys. Getting numbers from a true random source would be better in some ways, but it would be hard to know whether the source was truly random and was not subtly hacked by the NSA to reduce the randomness. Verifying the randomness of a black box could not be done easily on site. With the S1/S2 approach, theoretically an escrow agent could stop the process at some point and issue a challenge, making S1 and S2 public and verifying that the keys were in fact generated by the specified algorithm. However, there has been no discussion of such a challenge in the key-creation protocol. > Furthermore, Denning says about 300 chips are programmed in a batch > using baroque methods in a vault. Well, folks, that just won't do if > twenty or thirty million of these babys are being sold a year -- or > even if just five million are sold a year. Seems to me that the > processing is going to have to get more efficient, and likely thus > much more sloppy. Yes, this is a good point, although it depends on the specific numbers of chips being produced and how long it takes to go through this process for a batch of 300 chips. I gather that the chips are actually programmed in this vault, under control of the laptop computer which holds the keys (and is then destroyed? Ha!). If they had a batch programmer which actually did 300 chips in a tray, then several batches could be done in a sitting. There are probably a few hundred million phones in the U.S., but I doubt that more than a few percent of them would be secure phones in the next three or four years. This might correspond to a production level of a few hundred thousand chips per year, which would be a couple of dozen batches per week. This sounds doable. Beyond this point there would be problems, though. Probably other manufacturers would be involved by then. Hal -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK9Q8HKgTA69YIUw3AQEYkwP/USkSY0pWeJEBXT+A8guzc+pVXJzNXExk alGJoOLo3E9ZvJEW/e1sbO9TM1AjGnXdHrPMACqIdPUHdn+wnKE3jLBH/026ncQw POeYBIaKuqvkV0HMkf3ebu4YXr06D9o3sapl0DnpZDm5RNUkoGpUvKpWa6EEJUDt yBuCGiW5qsk= =tpn9 -----END PGP SIGNATURE----- From norm at netcom.com Tue Apr 20 14:45:48 1993 From: norm at netcom.com (Norman Hardy) Date: Tue, 20 Apr 93 14:45:48 PDT Subject: Webs of Trust vs Trees of Trust Message-ID: <9304202145.AA19546@netcom2.netcom.com> I have worked with the NCSC (National Computer Security Center) on certifying operating systems according to the "Orange Book". As I understand RIPEM there is a tree of agencies such that everyone must trust all elements of the tree between him and the root. This is much ingrained in all of the legally mandated security systems that I am aware of. It assumes, at first glance, that there is a root, an inner sanctum, which is totally trusted by all. The Orange Book for operating system security has such assumptions embedded deeply. We had to essentially weeken our security features by disableing our "mutually supicious user" logic to meet their requirements. >In <40485.pfarrell at cs.gmu.edu> Pat Farrell says: >At this Fall's National Computer Security Conference, Mr. McNulty >was a speaker on the NIST's digital signature session. They talked about >both the non-RSA DSS, and use of Certifying Authorities with a RSA-based >scheme. >>At that same conference, I gave a paper on security that described >a fishnet of trust between systems. This was written in February 92, >well before I read Phil's "web of trust" from the PGP docs, which I >read sometime over the summer. >During the Q&A, I asked Mr NcNulty to compare the advantages and >disadvantages of a heirarchical CA approach to an interlocking fishnet/web >of trust. I hoped he would at least recognize that any heirarchy has >problems from the top down if an upper level is compromised. Instead, >he could not address any differences. I believe that working in the >government has made the hierarchy seem to be the only implementation that >he envisioned. He fobbed the question off to one of his technical >underlings, but he, too, was unable to answer it (or even coherently >address it). It is a pervasive mind-set in military security. From norm at netcom.com Tue Apr 20 15:46:00 1993 From: norm at netcom.com (Norman Hardy) Date: Tue, 20 Apr 93 15:46:00 PDT Subject: Webs of Trust vs Trees of Trust Message-ID: <9304202246.AA26311@netcom2.netcom.com> I have worked with the NCSC (National Computer Security Center) on certifying operating systems according to the "Orange Book". As I understand RIPEM there is a tree of agencies such that everyone must trust all elements of the tree between him and the root. This is much ingrained in all of the legally mandated security systems that I am aware of. It assumes, at first glance, that there is a root, an inner sanctum, which is totally trusted by all. The Orange Book for operating system security has such assumptions embedded deeply. We had to essentially weeken our security features by disableing our "mutually supicious user" logic to meet their requirements. >In <40485.pfarrell at cs.gmu.edu> Pat Farrell says: >At this Fall's National Computer Security Conference, Mr. McNulty >was a speaker on the NIST's digital signature session. They talked about >both the non-RSA DSS, and use of Certifying Authorities with a RSA-based >scheme. >>At that same conference, I gave a paper on security that described >a fishnet of trust between systems. This was written in February 92, >well before I read Phil's "web of trust" from the PGP docs, which I >read sometime over the summer. >During the Q&A, I asked Mr NcNulty to compare the advantages and >disadvantages of a heirarchical CA approach to an interlocking fishnet/web >of trust. I hoped he would at least recognize that any heirarchy has >problems from the top down if an upper level is compromised. Instead, >he could not address any differences. I believe that working in the >government has made the hierarchy seem to be the only implementation that >he envisioned. He fobbed the question off to one of his technical >underlings, but he, too, was unable to answer it (or even coherently >address it). It is a pervasive mind-set in military security. From norm at netcom.com Tue Apr 20 17:08:25 1993 From: norm at netcom.com (Norman Hardy) Date: Tue, 20 Apr 93 17:08:25 PDT Subject: Anonymous Remailers, WB etc. Message-ID: <9304210008.AA25503@netcom4.netcom.com> If I were chartered to be prepared to find the source of anonymous mail, and had the money, attitude and resources that skeptics among us assume are available for such efforts, here is how I would proceed. This plan is due, in part, to my experience in building secure operating systems. I would catalog the various weaknesses of Unix and perhaps other systems where the remailers live. I would make a list of remailers and suspected remailers. I would design programs that would inhabit the remailer machines benignly except for gathering information that I need. Such efforts are a natural by product of the public NCSC charter to know OS weaknesses. I would further examine the IP protocols for weaknesses. Those protocols trust not only the machines thru which the data flows but also trusts other machines on the net not to introduce phony datagrams that at least bolix legitimate traffic and may well spoof it. This is aided by a real time passive tap on the links carrying the legitimate traffic. It is not the style of this group to study OS security and I don't propose to change the style. OS security and protocol security may, however, be an Achilles heel to anonymity. From uni at acs.bu.edu Tue Apr 20 17:23:27 1993 From: uni at acs.bu.edu (Shaen Bernhardt) Date: Tue, 20 Apr 93 17:23:27 PDT Subject: No Subject Message-ID: <9304210023.AA194636@acs.bu.edu> Does anybody know of specific examples of wiretapping without a search warrant, or beyond the scope of the search warrant that we can cite? Especially famous ones (didn't Nixon wiretap somebody?) ----- By exec. order (12333 is it?) those suspected of espionage for a foreign may be wiretaped, searched without warrant. (foreign = foreign power) From zane at genesis.mcs.com Tue Apr 20 17:28:52 1993 From: zane at genesis.mcs.com (Sameer) Date: Tue, 20 Apr 93 17:28:52 PDT Subject: Petition to Clinton, digisigned Message-ID: I noticed someone post about writing up a petition and emailing it to Pres. Clinton, signing it with digital signatures, but that was in a joking manner. To me it seems like a good idea. What do others think? Good/bad? (I'm not too PGP-experienced-- The petition would be circulated and people would create "signature certificates" and forward those to the person sending the petition-- once all the signatures are collected then the petition and all the certificates would be sent together? I'd imagine that the signatures certs could be sent in a different package than the petition, but I don't think Clinton's aides would be able to recognize that all the certificates belong with the petition.) -- | Sameer Parekh-zane at genesis.MCS.COM-PFA related mail to pfa at genesis.MCS.COM | | Apprentice Philosopher, Writer, Physicist, Healer, Programmer, Lover, more | | "Be God" - Me __ "Specialization is for Insects" - Robert A. Heinlein ____/ \_____________/ \____________________________________________________/ From psionic at wam.umd.edu Tue Apr 20 19:37:26 1993 From: psionic at wam.umd.edu (Haywood J. Blowme) Date: Tue, 20 Apr 93 19:37:26 PDT Subject: Artilce Message-ID: <199304210237.AA27464@rac3.wam.umd.edu> The Washington Times April 17, 1993 Saturday, Final Edition Government picks affordable chip to scramble phone calls. By Frank J. Murray [Nasty sarcastic comments inserted by psionic at wam.umd.edu ] [Typing errors by me. ] President Clinton gave a major boost yesterday to one telephone- scrambler technology in a decision its delighted manufacture likens to the choice of VHS over Beta for videotape machines. Mr. Clinton's action could allow the use of relatively cheap scramblers on almost every cellular, business and government phone and make scramblers common even on ordinary home telephones. An administration official said the consideration will be given to BANNING more sophisticated systems investigators cannot crack, thereby creating a balance between banning private encryption and declaring a public right to unbreakably coded coversations. ^^^^^ [Does this assert that the government has an inherent right to ] [hear everything its citizens say? Or does it mean that only ] [the government has a right to good encryption systems?? ] "We've got a balance we've got to strike between the public's important need for privacy and the public's need to be assured it's save from crime," ^^^^^ [What crime? Please cite an example where an encrypted message was later] [proven to be connected with a criminal activity. (Messages intercepted ] [from the CIA don't count because they never do anything illegal.) ] [Also what are the chances that a criminal that doesn't want to get ] [caught will actually use this crippled chip? ] said Raymond G. Kammer, acting director of the National Institute of Standards and Technology, which developed the system with the National Security Agency. [And of course the NSA would never think of listening to every sattelite ] [communication coming into and out of this country would they? ] In an unusual decision he said was examined by the National Security Council, Mr. Clinton directed the Commerce and Justice departments to encourage the development of the high-tech system, which inludes electronic master keys to enable law enforcement officials to decode transmissions if they obtain court orders. "This technology preserves the ability of federal, state and local law enforcement agencies to intercept lawfully the phone conversations of criminals." Mr. Clinton said, citing the fear that encryptoed phones could aid terrorists and drug dealers. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ [If you want to spook americans, just say the word terrorist or drug ] [dealer. Realistically, they have the money to buy good, secure crypto] [gear. Again, is this system to realy catch "Drug dealers" and ] ["terrorists", or is it to spy on citizens and businesses?? ] The system is designed to protect from unauthorized interception the electronic transmission of conversations, computer data and video images at a cost per telephone that could be under $30, said Ted Bettwy, executive vice president of the manufactureer, Mykotronx Inc. of Torrance, Calif. He said the chip announced yesterday, internally referred to as MYK-78, costs about $40 and uses an algorithm 16 million times more complex than that used by chips now on the market. Computer hackers have penetrated the current chips. ^^^^^^^^^^^^^^ [This is incorrect. If they have penetrated the "Current Chips" this is ] [news to me. If they could break the current technology so easily then ] [there would be no need for the clipper chip would there? ] The new chip uses an 80-bit code instead of the 56-bit code that is the digital encryption standard (DES). [Yeah, well IDEA uses a 128 bit key. My RSA Public key is 1024 bits. ] [If I were to use an 80 bit public key that would be considered weak. ] [So I don't care how many bits it has, I want to see the algorithm and ] [then decide. Too bad it's classified... ] The new chip eventually could sell in lots of 10,000 for about $25 each, Mr. Kammer said, with later versions priced around $10 each. Government engineers at NSA and the Commerce Department's NIST designed and developed the chip, which was then produced by privately owned Mykotronx and a publicly traded subcontractor, VLSI Technology. A Silver Spring [Maryland] competitor cried foul, particularly because the commercial device was developed without notice or competitive bids in a classified laboratory that does work for the National Security Agency. "If the purpose of this chip is to catch bad guys, then no bad guy will use it." said Stephen Bryen of Secure Communications Technology in Silver Spring, which produces a competitive chip he said could sell for $10. "The answer is to invest more money intor breaking codes," Mr. Bryen said in an interview after yesterday's announcement. "They're trying to put us out of business." Mr. Kammer said the secrecy was justified. "The technology we're using was actually developed in a classified environment in the first place and then transferred to a sole-source supplier. I don't know that there was any way around it," he said in an interview. The Justice Department will buy several thousand of the Mykotronx devices, which use a "Clipper Chip." They are being incorporated into other systems by Mororola and American Telegraph & Telephone Co., Mr Bettwy said. [So this means that secret agencies will still have access to secure ] [communications devices. While the ordinary person will not. Sounds ] [fair enough for me! ] Other sophisticated encryption systems do not allow ready access for authorized law enforcement purposes, said Mr. Bryen, who predicted that an ^^^^^^^^^^ [Also don't allow access for unauthorized law enforcement either] elaborate security plan for the electronic master key would not prevent misuse. Mike Newman, a spokesman for the National Institute of Standards and Technology, said "The key is split into two parts and stored separately to ensure security of the key system." ^^^^^^^^^^^^^^^ [If the key is stored in a computer database, then unauthorized access] [is possible no matter what precautions are taken to ensure security. ] Access would be provided to the two parts for an agency that produced legitimate authority or a court order, he said. The Justice Department will determine whether the two parts will be held by separate federal agencies or a federal agency and a private agency. "This chip is going to do something that we, the citizens, really need, and that is to allow us the privacy we want as common citizens," Mr. Bettwy said in a telephone interview from California yesterday. [Translation: "This chip is going to do something that we, the NSA, ] [really need, and that is to allow us to listen to whoever we want ] [whenever we want to, whether they are private citizens, or commercial] [organizations." ] He said the vital part of yesterday's decision is the government's declaration that it intends to use the device. Mr. Bettwy says that use will establish his device as the new standard and will require private facilities to use the same system to communicate with the govenment. He said the decision's impact is "exactly" like the adoption of VHS standards, making most private use of Beta video systems obsolete. [But that doesn't mean that VHS is better just because it is the standard] "I hope that's true," he said of the business implications for Mykotronx. "We're hoping this will become the new standard." [Translation: "I hope that's true," he said of the business implications] [for Mykotronx. "Because were going to reap a lot of cash out of this ] [bloated hoax of a system. ] Only compatible phones can receive secure communications from a phone using a clipper chip. "To me the real siginificance is if everybody uses this, everybody can talk to anyone else," Mr. Bettwy said. [And only the govt. can listen. That makes me feel safe.] "It creates false hope," Mr. Bryen said. "The secret key could fall into other people's hands. When you create a system that has a back door, other people will find the back door." [Amen. ] ------------ end of article ----------------- The government is making this chip out as a great gift to humanity. This is really too bad because people are losing quite a bit of privacy with this new farce the government is trying to pull. I'm writing my congressman tommorrow to voice my concerns. Also I'll try to contact the company mentioned in there (in Silver Spring, MD) to find out information about their chip. I'll post the information here.. ============================================================================= /// | psionic at wam.umd.edu | Fight the WIRETAP CHIP!! Ask me how! __ /// C= | | \\\/// Amiga| PGP Key Available | "Those who would give up liberty for \/// 1200 | by request. | security deserve neither." ============================================================================= From eab at msc.edu Tue Apr 20 20:20:57 1993 From: eab at msc.edu (Edward Bertsch) Date: Tue, 20 Apr 93 20:20:57 PDT Subject: Ad hoc Cypherpunks meeting April 24 In-Reply-To: <9304201754.AA23465@soda.berkeley.edu> Message-ID: <9304210320.AA01800@uh.msc.edu> As I wasn't able to attend this meeting (for obvious geographic reasons) I did the next best thing (and urge every concerned list member to do the same): I gave my elected goons^h^h^h^h^hpoliticians a barrage of fax messages on the subject. If you don't have a fax modem, it's about time you get one, it really is the best way to make your views heard by your elected thugs (and to have them heard in your words, not summarized like will happen when you call and give your message to their staff by voice). I write one leter, then select multiple (local) fax phone #'s to send it to. The program takes care of the rest. (I use a multitech modem with a beta version of the windows print capture fax software) Get PGP22 before it becomes illegal! Edward A. Bertsch (eab at msc.edu) Minnesota Supercomputer Center, Inc. Operations/User Services 1200 Washington Avenue South (612) 626-1888 work Minneapolis, Minnesota 55415 (612) 645-0168 voice mail FAX: (612) 624-6550 From newsham at wiliki.eng.hawaii.edu Tue Apr 20 20:30:16 1993 From: newsham at wiliki.eng.hawaii.edu (Timothy Newsham) Date: Tue, 20 Apr 93 20:30:16 PDT Subject: Artilce In-Reply-To: <199304210237.AA27464@rac3.wam.umd.edu> Message-ID: <9304210329.AA07440@relay2.UU.NET> this is exactly like the vhs vs. beta issue. Beta is technically superior, yet it isnt used because its non-standard, its just too good for our public :) From markh at wimsey.bc.ca Tue Apr 20 20:43:40 1993 From: markh at wimsey.bc.ca (Mark C. Henderson) Date: Tue, 20 Apr 93 20:43:40 PDT Subject: Webs of Trust vs Trees of Trust Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Subject: Re: Webs of Trust vs Trees of Trust On Apr 20, 14:45, Norman Hardy wrote: } Subject: Webs of Trust vs Trees of Trust } As I understand RIPEM there is a tree of agencies such that everyone } must trust all elements of the tree between him and the root. I just want to point out (as has been pointed out before) that it is a mistake to confuse RIPEM with PEM. RIPEM is an implementation of a subset of PEM. At this moment, RIPEM has absolutely no support for certificates or signed public keys. PEM on the other hand, is a draft internet standard which requires certificates and a hierarchy that can be described as a "Tree of Trust". There are at least a couple of full PEM implementations. Probably the best known at this point is the one from T.I.S. which is currently in beta test. Apologies in advance for cluttering the mailboxes of the majority of cypherpunks who already know this. Mark - -- Mark Henderson mch at squirrel.wimsey.bc.ca markh at wimsey.bc.ca -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK9S+T+I11LPFgBXjAQF9EwP+J69peq9ccWAvKIlzVRI88QbD5ZN4RIwA GmVw8FzOCAu0tK3MQqoeBu+//gQfD6MoEBeGXvBzXJffNGVc2UvPk8vr/uB1y9Je K5y7mlQNrGoil9wxv6kR9IgVgHzkOsXBSo3Uv/ldpVQL82jR4Ms0qccF8fAcjpHB wDtNiEZkPc4= =Yo4O -----END PGP SIGNATURE----- From ebrandt at jarthur.Claremont.EDU Tue Apr 20 21:07:30 1993 From: ebrandt at jarthur.Claremont.EDU (Eli Brandt) Date: Tue, 20 Apr 93 21:07:30 PDT Subject: Article In-Reply-To: <199304210237.AA27464@rac3.wam.umd.edu> Message-ID: <9304210407.AA29203@toad.com> > From: "Haywood J. Blowme" [ quoting an article ] > President Clinton gave a major boost yesterday to one telephone- > scrambler technology in a decision its delighted manufacture likens to the > choice of VHS over Beta for videotape machines. Interesting that they picked that particular analogy. It's quite close, in that it's an inferior technology winning over a superior one. It's different, of course, in that the Federales had nothing to do with videotape standards (afaik), and certainly didn't outlaw Beta. > An administration official said the consideration will be given to > BANNING more sophisticated systems investigators cannot crack, thereby > creating a balance between banning private encryption and declaring a public > right to unbreakably coded coversations. Right on schedule. "Consideration will be given", will it? This looks like a good time to load up on source code and photocopy relevant journal articles. While it won't sway Joe Public much, it's worth remembering that the suppression of strong communications privacy will also make it difficult or impossible to get good digicash (or other systems relying on cryptographic techniques) deployed before our government proposes its "just one little loophole" scheme, HarmoniousBalanceCash. Don't worry, transaction records will only be released upon formal request from the IRS or a major marketing division, and only suspected drug users and potential terrorists will have their assets annulled. And statute strictly prohibits intelligence agencies from padding their assassination budgets by using the loophole to forge cash. PGP 2 key by finger or e-mail (offer void when prohibited) Eli ebrandt at jarthur.claremont.edu From szabo at techbook.com Tue Apr 20 21:08:38 1993 From: szabo at techbook.com (Nick Szabo) Date: Tue, 20 Apr 93 21:08:38 PDT Subject: European front: wiretapping vs. GSM Message-ID: Forwarded from comp.dcom.telecom: Subject: Re: Truly Amazing, Truly Amazing ... Feds Reply-To: Michael_Lyman at sat.mot.com Message-ID: Organization: Motorola Inc. - Satellite Communications Sender: Telecom at eecs.nwu.edu In article 1 at eecs.nwu.edu, naddy at mips.ruessel.sub.org (Christian Weisgerber) writes: > I wonder, is the signal only digitally encoded or digitally encoded > and *additionally* encrypted? Yes on both counts. On the air interface between the base station ( BSS ) and mobile station ( MS ) the signals are digitally encoded. Traffic channel rate is 13 Kb/s. In addition to this, ciphering is done to protect the signalling channel such that user data privacy is provided then, encryption is provided for all voice traffic. As an aside, the GSM system also assigns "alias" subscriber numbers which are changed automatically with ( usually ) every call -- the subscribers real phone number is never ( well, almost never ) used over the air. > I'm getting a little paranoid over this, but in Germany when you buy > an approved wireless phone you are told that it is impossible to > listen in to it. Bullsh*t. In fact it's only impossible to listen in > with another (unmodified) wireless phone -- just get a scanner and > you're in. For GSM, the level of privacy for both signalling and voice is considerable. Just to give you an idea, encryption keys change for each call made by the subscriber and the encryption algorithms use the changing physical properties of the radio channel. As a matter of fact, GSM is SO secure that several European governments including Britain are insisting that the scrambling algorithm ( called A5 in GSM ) be modified to allow at least government operatives ( read "undercover eavesdroppers" ) to listen in on suspected criminal activities. Agencies such as GCHQ, the British government's listening post near Cheltenham and the FBI in America are concerned that the A5 scrambling algorithm provided with the GSM Mobile Stations is equivalent to many military systems and in fact when exported may be adapted for military applications. Vendors of GSM equipment are starting to run into export problems due to the nature of the encryption / ciphering. Although there are some industrious "scanners" out there, I dare say that listening in on a GSM conversation will be a bit of a job. Michael Lyman Motorola - Iridium Phoenix, Arizona From wixer!wixer.bga.com!gumby at cactus.org Tue Apr 20 21:11:35 1993 From: wixer!wixer.bga.com!gumby at cactus.org (Douglas Barnes) Date: Tue, 20 Apr 93 21:11:35 PDT Subject: Objections... In-Reply-To: <199304201220.AA27725@access.digex.com> Message-ID: <9304210108.AA07845@wixer> Peter Wayner writes: > I think this is the most practical and non-inflamatory argument > for public access to the algorithm. Along the same lines, I am left scratching my head about the "baroque activities in the vault." Surely this is going to add substantially to the cost of these chips over a system that uses a known algorithm and non-escrowed keys. Given that such a system would be cheaper to produce and would offer stronger security, I think it is not especially inflamatory to suggest that the government is contemplating either an outright ban or the strong discouragement of alternative systems. -- Doug Barnes (gumby at wixer.bga.com) From tcorcora at sunlab.cit.cornell.edu Tue Apr 20 21:36:07 1993 From: tcorcora at sunlab.cit.cornell.edu (Travis Corcoran) Date: Tue, 20 Apr 93 21:36:07 PDT Subject: Radical politics Message-ID: <9304210435.AA11296@vinca.cit.cornell.edu> Sheesh, it's enough to make one turn into a radical libertarian/anarchist (if one wasn't already...). I firmly suggest that we all call ou [ unauthorized communication, re: Sec 12-2, .2-12.6; channel closed under Anti-Terrorist-Communications Act on 00:30 21 MAR 93. Authorization 4ff0 -NIST] From mark at coombs.anu.edu.au Tue Apr 20 22:30:50 1993 From: mark at coombs.anu.edu.au (Mark) Date: Tue, 20 Apr 93 22:30:50 PDT Subject: Just a thought... Message-ID: <9304210524.AA11273@coombs.anu.edu.au> Whilst being heavily opposed to the chip although less affected by it since I dont reside on US soil, one useful purpose of it would to exploit the functions of it to send your pre-encrypted data through it and have it come out the other end in the same form, thus using it's protocols of retransmission and error correction. Using the encryption part of it isnt worth considering due to the real lack of data integrity if (as?) the TLA's have backdoors. Basically mooch it's good points and ignore the bad points as your data wont be channeled to the phone in cleartext anyway. (This isnt an advocacy of the damn thing, just a note that it has SOME functionality for those that wont use the encryption functions). Mark mark at coombs.anu.edu.au From fergp at sytex.com Tue Apr 20 22:41:11 1993 From: fergp at sytex.com (Paul Ferguson) Date: Tue, 20 Apr 93 22:41:11 PDT Subject: Meets 'n Greets Message-ID: <3Tcc3B1w165w@sytex.com> On Tue, 20 Apr 93 10:54:00 -0700, Eric Hughes wrote - EH> ANNOUNCEMENT EH> ============ EH> Ad Hoc Cypherpunks Meeting on the recent Wiretap Chip proposal. EH> Where: Cygnus Support, Mt. View (directions follow) EH> When: 12:00 noon sharp - 6:00 p.m. EH> I'm mad as hell. I know that a lot of other folks are too. You're right, Eric -- we are mad as hell, too. But I'm not about to jump on a flight to the west coast to simply share strategies. The fact that I would even consider it negates the functions which we are working towards, no? I propose that us east coasters organize and meet as well. Pat and I are DC bourne, for those interested, I'd like to propose a DC local meeting. Suggestions? Keep in mind that I'm in NYC during the week, so my only available meeting times aare on the weekends. (By the way, lets get our shit together DC'ers. We need technologists, not lacidaisical idealisms.) Your DC based Cypherpunk group is hereby established. BTW, if anyone noticed, the EFF is drawing some serious fire by the public press. "Sold out to commercialism", one headline reads. Cheers. Paul Ferguson | Uncle Sam wants to read Network Integration Consultant | your e-mail... Alexandria, Virginia USA | Just say "NO" to the Clipper fergp at sytex.com | Chip... From fergp at sytex.com Tue Apr 20 22:41:15 1993 From: fergp at sytex.com (Paul Ferguson) Date: Tue, 20 Apr 93 22:41:15 PDT Subject: A few notes on the WIRED article (kudos) Message-ID: <61ac3B1w165w@sytex.com> I hope this goes over well. I found this article to be just what we need --- publicity. The kind that opens eyes. Tim, Eric and John -- I sat to thee, "How come this only happens in California?" ;-) - Snip, Snip ----- 8< ------ From the "For What It's Worth Department"... A totally biased review of Steven Levey's "Crypto Rebels" article in WIRED, Volume 1, Issue 2, May/June 1993 I was a bit interested when a fellow cypherpunk mentioned that there was a "decent" write-up in WIRED on the cypherpunk issues. Somehow, I envisioned some sidebar mention. In these interesting times, any mention of our efforts on the computer privacy frontier gets A-1 attention in my book. However, I was startled (and pleasantly surprised) when I took a jaunt down to my local magazine-ary on Broadway and found that my internaut campadres were on the cover, no less. Golly gee, imagine that. The cover itself conjures images of computer cultist symbolism. Tim May, Eric Hughes and John Gilmore strike an interesting pose wearing plain white, plastic carnival masks. The American flag held in their hands is even more striking considering the topic at hand. (What the hell does the Russian inscription mean?) I remember reading the post announcement in the cypherpunks mail area about that meeting in Mountain View. (If I had known that you western cypherpunks would get all the press attention, I would've hopped a red-eye and met you guys at Cygnus.) It's ironic that this topic built steam and attention _before_ the "Clipper Chip" fiasco and still provides the computer community with viable (perhaps not altogether proper) alternatives. I knew it would. Ha. Steven Levey has long since established himself as a solid, factual and sometimes thought-provoking writer. His book "Hackers" is considered by many professionals in the field to be the authoritative work on the progression of computer hackers. Levey earns himself one more brownie badge by bringing attention to the cypherpunk dilemma. The article is thought provoking (read: it is not designed for disinterested parties), accurate and for the most part, right on the mark. Key statements are sprinkled on the page margins, including "In the Cypherpunk mind, cryptography is too important to leave to government or even well-meaning companies. To insure that the tools of privacy are available to all, individual acts of heroism are required." That piece alone is enough to invoke thoughts of ... A key profile is included about John Gilmore and his headaches with the NSA, the Cypherpunk subscription mail group and several other side-bar notes that lend some valuable credibility to the otherwise incredulous auspices of the cypherpunk image. Not only is this article well written, as far as information blurbs go, this is good stuff, even for us neanderthals on the east coast. In a broader aspect, WIRED is a magazine that deserves your attention. Pick up this rag and give it the once-over. Somehow, I classify this 'zine as a combination of INFO World, The New Yorker and Mondo 2000. Isn't that a draw? Humor and seriousness implied... Paul Ferguson, Editor, Legal Net News - Snip, Snip --- 8< ----- I loved the feel of the magazine, too. All recycled. Ain't that great? Cheers. Paul Ferguson | Uncle Sam wants to read Network Integration Consultant | your e-mail... Alexandria, Virginia USA | Just say "NO" to the Clipper fergp at sytex.com | Chip... From cnotting at cosmos.gmu.edu Tue Apr 20 23:12:26 1993 From: cnotting at cosmos.gmu.edu (Craig Nottingham) Date: Tue, 20 Apr 93 23:12:26 PDT Subject: Meets 'n Greets In-Reply-To: <3Tcc3B1w165w@sytex.com> Message-ID: <9304210612.AA02469@toad.com> > You're right, Eric -- we are mad as hell, too. But I'm not about to > jump on a flight to the west coast to simply share strategies. The > fact that I would even consider it negates the functions which we are > working towards, no? I propose that us east coasters organize and > meet as well. Pat and I are DC bourne, for those interested, I'd like > to propose a DC local meeting. Suggestions? Keep in mind that I'm in > NYC during the week, so my only available meeting times aare on the > weekends. (By the way, lets get our shit together DC'ers. We need > technologists, not lacidaisical idealisms.) > > Your DC based Cypherpunk group is hereby established. BTW, if anyone > noticed, the EFF is drawing some serious fire by the public press. > "Sold out to commercialism", one headline reads. > > Cheers. > > Paul Ferguson | Uncle Sam wants to read > Network Integration Consultant | your e-mail... > Alexandria, Virginia USA | Just say "NO" to the Clipper > fergp at sytex.com | Chip... > There is plenty of DC area support fr such a group. The only problem that presents it self is where to hold a meeting where there will be no hassles. In addition a thought that many people are overlooking- the wiretap chip transmissions of encrypted data would make a perfect envelope for the transfer of more secure information encrypted with powerful encryption schemes. There would be no easy way to tell the diffence between pre-encypted transmissions and wiretap chip encrypted conversation. ~~~~~ Craig Nottingham -Reality is for people who lack imagination NeXTmail -I hate to advocate drugs, alcohol, violence or insanity to anyone, but they've always worked for me. <=> Hunter S Thompson -A good cap of acid costs five dollars and for that you can hear the Universal Symphony with God singing solo and the Holy Ghost on drums. <=> H.S Thompson ~~~~~ From tcmay at netcom.com Tue Apr 20 23:26:27 1993 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 20 Apr 93 23:26:27 PDT Subject: Proliferating Cypherpunks Groups! In-Reply-To: <3Tcc3B1w165w@sytex.com> Message-ID: <9304210626.AA22823@netcom3.netcom.com> Paul Ferguson writes: > You're right, Eric -- we are mad as hell, too. But I'm not about to > jump on a flight to the west coast to simply share strategies. The > fact that I would even consider it negates the functions which we are > working towards, no? I propose that us east coasters organize and > meet as well. Pat and I are DC bourne, for those interested, I'd like > to propose a DC local meeting. Suggestions? Keep in mind that I'm in > NYC during the week, so my only available meeting times aare on the > weekends. (By the way, lets get our shit together DC'ers. We need > technologists, not lacidaisical idealisms.) > > Your DC based Cypherpunk group is hereby established. BTW, if anyone Hear, hear! We need more such groups! I get occasional messages from folks bemoaning the fact that the Silicon Valley seems to be where it's all happening. Well, it's easier for *you folks* in other areas to pull together a local meeting than it was for Eric Hughes and others of us to set up the first such meeting last September. A list now exists and that helps a lot. (I'll grant you that some of your communities may be more scattered and out-of-touch with each other than our community was...it seems we in the Bay Area mostly all know each other through frequent parties, Hackers Conferences, science fiction groups and parties, high-tech startups, Xanadu, VR, "Mondo 2000," "Wired," and so on. In other less-interconnected areas, you may have to advertise well in advance on this list and perhaps even elsewhere to reach enough like-minded people. But not to sound snotty or anything, that's how your "backwater" regions like Washington can become "happening" places like our area....actually, this is a gross exaggeration, as D.C. has had a very active "2600" group, as has NYC, so neither is a backwater.) There are currently 3 groups holding physical meetings, that I know of: * Silicon Valley/San Francisco Bay Area, meeting since September. * UK Cypherpunks, meeting in London since around December/January. * Boston Cypherpunks, just had its first meeting recently. There are several very active Cypherpunks in the Southern California area, covering San Diego, LA, and as far north as Santa Barbara. Some of them have asked us to have a Cypherpunks meeting down there, which we may still do (personally, I favor some kind of "West Coast Cypherpunks" meeting just before or just after the Crypto Conference this summer, held as always in Santa Barbara. Santa Barbara is about halfway between the two extremes, and is a nice place to meet.). But a better idea is for the SoCal Cypherpunks to form their own group. Likewise, the Washington, D.C. area seems a natural spot, as there are several Cypherpunks that I know of off-hand who're in the area. New York, too. Well, you get the point. No permission is needed! Good luck in these dark days. -Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. From szabo at techbook.com Tue Apr 20 23:26:42 1993 From: szabo at techbook.com (Nick Szabo) Date: Tue, 20 Apr 93 23:26:42 PDT Subject: FAQ: Overview of crypto Message-ID: The wiretap chip has generated quite a bit of new interest in learning how to protect our electronic privacy. We need to bring folks up to speed quickly on practical use of crypto, so I'm going to write up some mini-FAQs. Experts, please send me succinct descriptions of PGP, anonymous remailers, the Clipper wiretap chip, GMS, or anything else you feel is an important basic. Alternatively, write up and post your own FAQ, and we'll sort it out later. Here is an overview of computer-based crypto that Bill Stewart posted a few weeks ago. Nick Szabo szabo at echbook.com ----------------------------------------------------------------- You can get a proper faq by ftp from rsa.com, in the directory pub/faq. Cryptography = writing stuff only authorized people can read. Real crypto depends on algorithms that are secure as long as the Bad Guys don't know the keys, even if they know everything else. Most of the interesting stuff depends on mathematical processes that take exponential amounts of time, so a 56-bit key would take 2**56 attempts to guess - you can't guess it a bit at a time in 56 steps. Factoring large numbers is believed to take roughly expontential time. M = plaintext message Cyphertext C = E(k, M), E = encryption function, k = key. Plaintext M = D(k, C) ITAR - International Traffic In Armaments Regulations - the US has a bunch of laws about exporting munitions, and crypto hardware and software count as munitions - algorithms are OK, but our Benevolent Govt KNOWS that foreigners aren't bright enough to turn algorithms into code. Lots of flamewars discuss exactly the boundaries, and the laws are contradictory about which bureaucrats are really in control, but nobody's wanted to get thrown in jail for arms dealing badly enough to force a court case .... Appears to apply to importing crypto also, though that hasn't been something anybody's made a big deal about. Other countries besides the US may have major restrictions as well. Alice and Bob - the people sending messages to each other. Eve may be eavesdropping, and Charlie may be around also, Secret-Key Cryptosystem, also called Symmetric-key or private-key - the same key k is used for E and D, or at least a closely related key that's easy to derive if you know the other one. DES = Data Encryption Standard = IBM/NSA-designed secret-key system, very widely used, keys 56 bits long which may be a bit short, some people worry there may be an trapdoor put there by NSA, but if I told you I'd have to kill you :-) Banks use it, for instance. IDEA - a Swiss-written secret-key system, maybe more secure than DES, newer anyway. Patented in Switz but not US, easy licensing. Public-Key CryptoSystem - Encryption key ke and Decryption key kd are related, but in a way that you can't determine kd knowing only ke. ke is called the public key and kd the private key - you can publish ke where everyone can see it and encrypt stuff to mail to you, you can decrypt with private key kd. (If you want to reply, you've got to get their public key.) Public-key algorithms are pretty slow, so generally people use create a random secret key, encrypt their message with a secret-key algorithm like DES, and encrypt the secret key with the recipient's public key; recipient decrypts the secret key with his private key, then uses it to decrypt the message. Digital Signatures - if you can do public-key crypto, then you can do the reverse as well to sign a message - you *decrypt* the message with your private key, and the recipient encrypts it with your public key - if it restores the original message, she knows it's good and knows that *you* sent it, because only you have your private key. For speed, you normally make a "hash" checksum of the message, and sign the hash instead of the whole thing. Some public-key algorithms can only be used for encryption, some only for signatures, some for both but you need different keys. MD-4 and MD-5 - Message Digest hashing algorithms from (?) Rivest, which are thought to be unforgeable, unlike the CRC checksums used by many programs which are easily forged. RSA - A public-key algorithm developed by Rivest, Shamir, and Adelman. It's the only well-known public-key algorithm that does everything everybody wants, including signatures and public-key, that's secure enough that you can't crack it as long as you use reasonably long keys. Unfortunately, it's patented in the US, by Public Key Partners, a company R, S, A, and friends started that owns most of the interesting patents related to public-key. On the other hand, to avoid having the NSA classify their patent right when they applied (the NSA can do that), they published the algorithm before applying, which means that it's public-knowledge in most of the world and you can't patent it there, even in places that do allow algorithm patents. Their claims about what techniques their patents cover are *very* broad; if you want to do anything public-key related in the US, you've got to deal with them or carry a BIG lawyer, and so far everybody's chosen to deal with them rather than risk a long expensive difficult court case, or else chosen to ignore or infringe their patent but not sell their products for cash, and hoped to get away with it. RSAREF - an RSA implementation from PKP, which you may use free for personal non-commercial use as long as you agree to follow a set of rules that are much less restrictive than they used to be; you can't export it outside the US and Canada, and can't change the interface without their permission, and a few other terms. Better implementations of RSA's algorithms have been done, but you can use this one free, with their permission. Or you can pay them money and get support for incorporating their techniques into your products. Key certification - Public Keys are usually long - RSA keys are often 1024 bytes. Public keys crypto is only secure if you can be SURE you have the public key for the person you're trying to send a message to, like Bob, and that Eve hasn't handed you HER public key instead - she could be intercepting all your mail to Bob, decrypting it, and re-encrypting with Bob's key. So you need to find a secure way to transmit public keys, where "secure" means it can't be forged without you knowing about it (though anybody can read them.) Publishing in the New York Times classified ads is one approach, as is any other broadcast method you can be SURE everyone gets correctly. Another method is to use digital signatures - somebody you trust, whose public key you can be sure you know accurately, gets Bob's public key from Bob, and signs it with their public-key. Since not everybody knows somebody who knows Bob, the problem can be handled by a chain or hierarchy of key certifications - Charlie signs Bob's, Dave signs Charlie's ... and You know Xerxes yourself. Or George Bush signs all the general's keys, the generals all sign the keys for the colonels under them, the colonels sign for the majors under them, .... and you can check some sergeant's key because it's got a certificate from his lieutenant on up to Bush, and Bush's key is in the Phone Book. PGP - Phil's Pretty Good Privacy program - a nice packaging of this technology that can be used easily to prepare secure email. The original version used RSA and a choice of DES or a home-brew secret-crypto system; the current version uses RSA and IDEA. For certification, the method is non-hierarchical - you have a "keyring" containing public keys you know, maybe with certificates, and you can sign the ones *you* trust and give your signed keyring to your friends. Hierarchies imply the potential for control; this is cooperative anarchy, and there's no chain of people you HAVE to obey to exchange keys. When PGP version 1 first came out, RSA yelled at Phil Zimmerman, the author, and told him he was risking patent infringement lawsuits and such if he didn't cease and desist, so he's no longer distributing it. But some of those SNEAKY FOREIGNERS *somehow* got a copy, and so ongoing development of PGP is taking place outside the US, unhindered by patent problems. Version 2.1 is out, 2.2 real soon. Parts of PGP are probably not covered by PKP's patents, and parts are clearly not covered by ITAR, but some parts are a problem. RIPEM - Mark Riordan's public-key email system, which uses RSAREF to do RSA, so it's legally kosher but not exportable, and is related to the internet Privacy Enhanced Mail stuff that was being developed for a while. Still real new, but probably Pretty Good also; I seem to remember its key certification was more hierarchical. ---- More PGP info - PGP was originally written for a DOS environment (there are problems trusting any system you don't totally control, and it's tough to say you totally control a multi-user system), but it's been ported to lots of things by now, including UNIX and some early Mac ports (work is in progress to make the Mac port feel like Mac-stuff rather than Unix-stuff.) You can get the source, compile it, play with it, and do anything you want that doesn't infringe PKP's patent, so remember not to use it to exchange keys with anyone or send them mail unless you've got a licensing agreement..... Once it's compiled, type pgp -h to get help, and/or read the documentation. Where to get things: The fun place to shop is nic.funet.fi, by anonymous ftp, but if you telnet to an archie server like archie.rutgers.edu (login as archie) you can ask it wher to find anything. Using a US site would be potentially better legally, and also cuts down on the bandwidth used between here and Finland.... Bill Stewart From szabo at techbook.com Tue Apr 20 23:39:37 1993 From: szabo at techbook.com (Nick Szabo) Date: Tue, 20 Apr 93 23:39:37 PDT Subject: FAQ: where to get PGP Message-ID: Here is a list of PGP sites generated by "archie". I have checked sony.com which has PGP 2.2 but have not checked the other sites. If you know any of these sites to be down, out of date, etc. please let me know and I'll update the list. Also let me know of sites archie did not catch. Strong crypto is available worldwide, but the Clinton Adminstration has threatened to ban it in the U.S. In the age of digitial telecom and fascist governments, strong crypto is your only guarantee of electronic privacy. Get it, learn it, and use it while it's still legal! Nick Szabo szabo at techbook.com ----------------------------------------------- /usr2/users/szabo> archie pgp Host sony.com Location: /pub DIRECTORY drwxr-xr-x 512 Apr 9 20:26 pgp Host quepasa.cs.tu-berlin.de Location: /pub/os/386BSD/386bsd-0.1/unofficial/doc/software FILE -rw-rw-r-- 12121 Feb 2 00:01 pgp Host reseq.regent.e-technik.tu-muenchen.de Location: /informatik.public/comp/usenet/alt.sources DIRECTORY drwxrwxr-x 512 Dec 9 01:24 pgp Host ftp.uni-kl.de Location: /pub1/unix/security DIRECTORY drwxrwxr-x 512 Feb 24 19:24 pgp Host cwdynm.echem.cwru.edu Location: /scriptures/ALL.plain FILE -r--r--r-- 167535 Sep 11 1991 pgp Host goya.dit.upm.es Location: /tmp DIRECTORY drwxr-xr-x 512 Aug 22 1992 pgp Host walton.maths.tcd.ie Location: /src/misc/pgp-2.0/src FILE -rwxr-xr-x 316640 Oct 18 00:00 pgp Host ftp.uu.net Location: /pub/security DIRECTORY drwxrwxr-x 512 Mar 9 15:13 pgp Host isy.liu.se Location: /pub/misc DIRECTORY drwxr-xr-x 512 Mar 11 23:54 pgp Host ftp.luth.se Location: /pub/infosystems DIRECTORY drwxr-xr-x 512 Jan 27 12:59 pgp Host unix.hensa.ac.uk Location: /pub/uunet/pub/security DIRECTORY drwxr-xr-x 512 Mar 19 07:35 pgp From ral at telerama.pgh.pa.us Wed Apr 21 00:54:03 1993 From: ral at telerama.pgh.pa.us (Robert Luscombe) Date: Wed, 21 Apr 93 00:54:03 PDT Subject: PGP help? Message-ID: I am in search of any MSDos (or Windows, but not preferred) offline mail readers, text editors, etc. that work well with PGP-- anything to help me use PGP for everyday email. I use a dial-up internet connection, so i have no choice but to use the remote system's PINE mail reader... if anyone knows of anything that will let me compose and encrypt email locally and format the messages into a .QWK packet for upload, that would be IDEAL, but anything else could still help. (BTW-- i have already posted on alt.security.pgp and nothing ever came of it. So it goes.) --Robert Luscombe Internet: ral at telerama.pgh.pa.us Voice:412/488-0941 robert at well.sf.ca.us (Finger for PGP Pub Key) From jhart at agora.rain.com Wed Apr 21 01:31:06 1993 From: jhart at agora.rain.com (Jim Hart) Date: Wed, 21 Apr 93 01:31:06 PDT Subject: GSM vs. wiretapping: Australia Message-ID: Forwarded from comp.org.eff.talk In article <1993Apr12.081136.1 at cc.curtin.edu.au>, zrepachol at cc.curtin.edu.au (Paul Repacholi) writes: > In article <1993Apr11.175007.10136 at news.acns.nwu.edu>, jlacour at merle.acns.nwu.edu (John LaCour) writes: > Have not seen a proposal like the FBI one yet, doesn't mean it isn't out there > though. One thing that has happened is the delaying of the new GSM digital > mobile phones. It seems that ASIO and friends have been told by GCHQ about > the dificulty of breaking MD5. Info is still a bit thin. You could try posting > to aus.comms. > Please note, I have added aus.comms and aus.politics to this one. I enquired of Austel ( the Australian telecoms regulatory body), and the Federal Atourny Generals Office today. The Telecom GSM trail marketing that started in Brisbane in March has been canceled. GSM will *NOT* be legal in Australia till the use of MD% encryption is changed, or the system is altered to allow monitoring of calls. This is a requirement of the 'Telecomunications Interception Act'( AG perth.) There are also prohibitions on using codes and cyphers in the 'Crimes Act' various state police acts and criminal codes ( thought these would not affect Telecomms, as that is federal jusistiction. I will try to find the acts, and quote the relevent sections on this. There has also been posts on 'pen-recorders' I notice. The .au situation on this is that a commisioned officer of the federal police can give the telco a written notice requiring the supplying of cal info for the date range in the notice. I saw this some monthes ago, and had the impression that this included info *PRIOR* to the notice, info Telecom claims not to have if mear chattels inquire! Strange, wonder where it matterializes from. Note the absence of words like 'warrant', 'judge', 'court' or other such! I think there is a requirement for the commisioner of the FP to include in his anual report to parlament the number of notices issued. All this has been in place in one form or another for decades. I first saw this sort of stuff when I worked in the post office ( ob history: the post offie used to run the phon system in australia years ago ) As I worked both as a night shift telephonist and in the office itself, I had to sign a stack of secrecy stuff, and a copy of the 'Posts and Telegraphs Act' was standard issue. This had a prohibition on "unlawfull codes, cyphers and secret writings" The Comercial Telex Code was the *ONE* allowed code. Any other code used in a telegram *HAD* to be stated on the logment form. Don't know what happened after that. Small country town, never saw one. Only the banks used codes. This would have been Dec '67 or '68 I think. Will try to fill in the gaps, and post a full account later. Note that I will be probably away next week, ( school hols ) so it may be a while. I will also try to get some extra info on use etc. ~Paul From ggoebel at sun1.ruf.uni-freiburg.de Wed Apr 21 02:21:35 1993 From: ggoebel at sun1.ruf.uni-freiburg.de (Garrett Goebel) Date: Wed, 21 Apr 93 02:21:35 PDT Subject: cypherpunks vs. cryptoprivacy Message-ID: <9304210921.AA17398@sun1.ruf.uni-freiburg.de> All, Kragen writes: } I agree with those who think that "CypherPunks" is a bad name for the list. } It brings up negative associations in the minds of outsiders, who are, after } all, the people who we want to influence against the Big Brother wiretap chip Is anyone against changing the name from cypherpunks to cryptoprivacy? Seems to be the general consensus... that cryptoprivacy would be more PC. Unoriginal Thought: couldn't the list/group name be changed to "CP"? o For outsiders, and formally, it could stand for CryptoPrivacy o To insiders... it could still stand for CypherPunks o CP is the opposite of PC (I like that). back to lurking, Garrett -- C. Garrett Goebel From gnu Wed Apr 21 02:51:51 1993 From: gnu (John Gilmore) Date: Wed, 21 Apr 93 02:51:51 PDT Subject: FAQ: Overview of crypto In-Reply-To: Message-ID: <9304210951.AA05964@toad.com> > You can get a proper faq by ftp from rsa.com, in the directory pub/faq. Last time I looked, it was something like 75 pages. Those questions aren't all asked *that* frequently. > ITAR - International Traffic In Armaments Regulations - the US has a bunch ... > Appears to apply to importing crypto also, though that hasn't been > something anybody's made a big deal about. This part is false. The ITAR does *not* apply to importing crypto. I have read the regs and found no evidence of import regulations on cryptography. If anyone tells you that they exist, ask for a copy of the regulations, or a citation of the regulations, or a citation of a court case that was based on the regulations. Any of these will let me (or you) determine what is actually happening. [Nobody who I've asked for this stuff has ever been able to produce it.] > as archie) you can ask it wher to find anything. Using a US site would > be potentially better legally, and also cuts down on the bandwidth > used between here and Finland.... Ditto -- no legal problem, just bandwidth. Though the posting appears to assume that the reader is in the U.S., a bad assumption. `Using a local site...`? John Gilmore From kelly at pleiku.netcom.com Wed Apr 21 02:55:38 1993 From: kelly at pleiku.netcom.com ($HOME/.sig) Date: Wed, 21 Apr 93 02:55:38 PDT Subject: Meets 'n Greets In-Reply-To: <3Tcc3B1w165w@sytex.com> Message-ID: <9304210955.AA04369@netcomsv.netcom.com> A non-text attachment was scrubbed... Name: not available Type: text/x-pgp Size: 1801 bytes Desc: not available URL: From crunch at netcom.com Wed Apr 21 03:00:20 1993 From: crunch at netcom.com (John Draper) Date: Wed, 21 Apr 93 03:00:20 PDT Subject: Lets connect the meetings together Message-ID: <9304211000.AA09748@netcom4.netcom.com> I propose that the E. Coaster Cypherpunks connect via computer to the one on the West Coast on the 24th. Perhaps on a private IRC channel, but doing it via encryption would be the best. From habs at Panix.Com Wed Apr 21 05:29:39 1993 From: habs at Panix.Com (Harry Shapiro) Date: Wed, 21 Apr 93 05:29:39 PDT Subject: The Family Key Message-ID: <199304211229.AA28337@sun.Panix.Com> I think the largest weakness in the whole Clipper scheme, and I am not sure If I am right about this is,.... The NSA knows the family key (the key that is built into each chip; or perhaps large meta batch of chips). The family key encrypts the Law Enforcement Block [LEB] of the message, which contains the serial number for the chip in the device being used to communicate. This key is known to NSA. Thus, the NSA will be able to maintain an active traffic pattern analysis of ALL communications sent via the Clipper chiped devices. I think in many ways that traffic watching can and does often reveal more information about someone than at time listening in to what is actually being said. The big point here is the the press release claims that the Clipper chip doesn't provide anything more than what Law Enforcement already has. That is not true. What they get is a complete serialized, accurate method of traffic analysis. Note: Denning claims that a proper order to wire tap an encrypted communication will be "gotten" prior to decoding the LEB. Then a second batch of paper work will be processed once the serial number is revealed to get the encrypted/escrowed keys. -- Harry Shapiro habs at panix.com List Administrator of the Extropy Institute Mailing List Private Communication for the Extropian Community since 1991 From pat at tstc.edu Wed Apr 21 06:19:37 1993 From: pat at tstc.edu (Patrick E. Hykkonen) Date: Wed, 21 Apr 93 06:19:37 PDT Subject: Meets 'n Greets (IRC Meetings Maybe?) Message-ID: <9304211319.AA12656@tstc.edu> > You're right, Eric -- we are mad as hell, too. But I'm not about to > jump on a flight to the west coast to simply share strategies. The > fact that I would even consider it negates the functions which we are > working towards, no? I propose that us east coasters organize and > meet as well. Pat and I are DC bourne, for those interested, I'd like > to propose a DC local meeting. Suggestions? Yeah. Does anybody have the resources to setup an IRC at a known cypherpunk site? -- Pat Hykkonen, N5NPL Texas State Technical College at Waco {pat,postmaster}@tstc.edu Instructional Network Services PGP Key available by finger. 3801 Campus Dr. Waco, Tx 76705 V:(817) 867-4830 F:(817) 799-2843 From ah at uknet.ac.uk Wed Apr 21 07:07:09 1993 From: ah at uknet.ac.uk (ah at uknet.ac.uk) Date: Wed, 21 Apr 93 07:07:09 PDT Subject: No Subject Message-ID: <9304211406.AA10509@toad.com> To: cypherpunks at toad.com Subject: Re: The Family Key Newsgroups: ml.cypherpunks In-Reply-To: <199304211229.AA28337 at sun.Panix.Com> Organization: Dunathad Cc: In article <199304211229Y.AA28337 at sun.Panix.Com> wrote: >I think the largest weakness in the whole Clipper scheme, and >I am not sure If I am right about this is,.... >... >Thus, the NSA will be able to maintain an active traffic pattern >analysis of ALL communications sent via the Clipper chiped devices. > >I think in many ways that traffic watching can and does often reveal >more information about someone than at time listening in to what >is actually being said. > I can't help feeling that they'll be looking for a little more, an edge; not enough that their promises to the executive are broken, but enough to get an edge if they need to decrypt without the key. No offense against the NSA of course, but that's how I'd expect the British to work "in the National Interest". Rgds Alan --- Alan Hunter Johnson Hunter Ltd Isle of Islay, Scotland A.Hunter at dunaad.co.uk fax: +44-496-2336 voice: +44-496-2286 From pfarrell at cs.gmu.edu Wed Apr 21 07:09:25 1993 From: pfarrell at cs.gmu.edu (Pat Farrell) Date: Wed, 21 Apr 93 07:09:25 PDT Subject: Webs of Trust vs Trees of Trust Message-ID: <36516.pfarrell@cs.gmu.edu> In norm at netcom.com (Norman Hardy) writes: >This is much ingrained in all of the legally mandated security >systems that I am aware of. It assumes, at first glance, that there >is a root, an inner sanctum, which is totally trusted by all. > >It is a pervasive mind-set in military security. While I can't claim to understand the military mind set, I can believe that it is pervasive. It is also at best simplistic. Under the "new world order" we must forge aliances according the the needs of the situation, so that the trusted aliance's members vary over time. Economic aliances have similar dynamics, with trust and allegiance changing. The government's view seems to be that trust is transitive. I believe that it can't be, because the world is not a simplistic heirarchy that starts with Billery and flows down. The tree of trust also ignores international exchanges, as Billery's signature means far less to an European than to a US citizen. There was a recent article about a ring of college students in Texas selling forged driver's licenses. They used Montana and Idaho as samples, with the expectation that a bouncer in a Texas bar wouldn't know a real Idaho license if he saw one. Seems like the value of a US-based signature would be lowered in Sydney or Delhi in a similar manner. More importantly, I expect that digital signatures will be used for commercial transactions accross the net. This means that there is money involved, and with a tree of trust, the higher level trees are _worth_ bribing, forging, and perhaps killing for. Once a high level node is compromised, all lower nodes are worthless. This is why we need a serious education effort for the "decision makers" in the government. Pat Pat Farrell Grad Student pfarrell at cs.gmu.edu Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include From grady at netcom.com Wed Apr 21 08:33:40 1993 From: grady at netcom.com (1016/2EF221) Date: Wed, 21 Apr 93 08:33:40 PDT Subject: alt.encrypted Message-ID: <9304211533.AA16188@netcom.netcom.com> I guess the cryptowranglers read this group too. But of course I knew that because it is so easy to do. There is not a single doubt in my mind that every byte that passes every significant gateway or 'bone is captured for the colligation of data about __________? (Maybe your name is here). Maybe we should start a newsgroup for the distribution of encrypted posts intended of members of affinity groups with a shared private key. For example at the coming up Cypherpunks meeting, a private key corresponding to that particular meeting could be passed out by a moderator. Minutes, followup comments to other participants, and so on could be posted to the alt.encrypted group for the use of the people who attended. Communiques intended by the group for non-attendees could of course just be signed using the private key but otherwises not encrypted. Starting a alt.encrypted newsgroup rather than just maintaining mailing lists is better for several reasons. First, it would be easier to archive for people who might join a group "late" and who might like to easily read earlier posts; second, traffic analysis to know exactly to whom an affinity message is directed would be foiled; three, a newsgroup is much more public and would serve to publicize available privacy measures on the internet. And it would be fun to accumulate a secret keyring full of such keys -- it beats giving out t-shirts as a door prize. We could send a copy of alt.encrypted directly to Judge William Sessions or Admiral Studeman to save them the time of having it collected for them. -- grady at netcom.com 2EF221 / 15 E2 AD D3 D1 C6 F3 FC 58 AC F7 3D 4F 01 1E 2F From yerazunis at aidev.enet.dec.com Wed Apr 21 08:48:35 1993 From: yerazunis at aidev.enet.dec.com (Communism is like MS-DOS: It doesn't work, and you wouldn't want to use it even if it did. 21-Apr-1993 1120) Date: Wed, 21 Apr 93 08:48:35 PDT Subject: Making Clippers More Secure Message-ID: <9304211548.AA29737@enet-gw.pa.dec.com> Agreeing with all the previous problems and issues put forth; key-escrow, secret algorithms that can't be formally tested, etc... So, let's *assume* that the US Gummint makes all other encryption illegal, except those that use this chip, and they intend to check all messages that look encrypted to verify that they have the correct system key: Well, we can use more than one chip, or use it in ways that were "unanticipated". F'rinstance: Use PGP (or SROT, or some other p.d. crypto package) to encrypt once, and then use a Clipper to put a legal-looking wrapper on the message. The problem with this is that *if* there is a law making all other cryptosystems illegal, then you still do time. Then the gummint says "You can use chips, but ONLY chips. No other encryptation.". Well, how 'bout this: Use three chips. The first two are BOTH fed the message, and the resulting bitstreams are XORed together and then fed to the third chip (to provide a legal-looking "wrapper") The XORing should obscure the serial numbers of the first two chips, meaning that the NSA can not go to a key-escrow authority with a blanket court order and obtain the keys. Rather, assuming the "secret algorithm" is good, the worst-case scenario is either a full search of the keyspace (if the secret algorithm forms a mathematical "group", or an exhaustive search of [issued-keyspace]^2. Yes, the above does not address the issue of decoding (as stated above, you can't recover the plaintext.) But that's soluble, by inserting a known (but secret) string into the start of the bitstream for both the encoding and decoding second chips; the result is that by the time the second decoding chip needs to start knowing what was XORed into the incoming stream, the first decoding chip has already decoded that part of the message, which can be re-encoded using the first encoding chip's keys to provide the continuing bitstream needed for the XOR. Now, the BIG issue is this: is it possible to obtain the serial numbers of a pair of Clipper chips from the XOR of two output streams? How about three? How about N, where N is large? Without knowing the algorithm, this will be difficult to answer... -Bill % ====== Internet headers and postmarks (see DECWRL::GATEWAY.DOC) ====== % Received: by enet-gw.pa.dec.com; id AA02474; Wed, 21 Apr 93 05:13:14 -0700 % Received: from mc by mc.lcs.mit.edu id ak02907; 20 Apr 93 11:15 EDT % Received: from enet-gw.pa.dec.com by mc.lcs.mit.edu id aa02377; 20 Apr 93 10:20 ED % Received: by enet-gw.pa.dec.com; id AA27388; Tue, 20 Apr 93 07:19:42 -0700 % Message-Id: <9304201419.AA27388 at enet-gw.pa.dec.com> % Received: from aidev.enet; by decwrl.enet; Tue, 20 Apr 93 07:19:43 PDT % Date: Tue, 20 Apr 93 07:19:43 PDT % From: "Dulce et decorum est pro patria mori. 20-Apr-1993 0950" % To: elbows at mc.lcs.mit.edu % Cc: aidev::yerazunis % Apparently-To: elbows at mc.lcs.mit.edu % Subject: Clipper Chip From fergp at sytex.com Wed Apr 21 09:43:51 1993 From: fergp at sytex.com (Paul Ferguson) Date: Wed, 21 Apr 93 09:43:51 PDT Subject: DC Cypherpunks Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Wed, 21 Apr 93 09:15:25 EST, Pat Farrell writes - PF> Craig, there is no problem having a meeting, you just have to have PF> more sense than the kids who think Pentagon City Mall is public PF> space. A small meeting can be in my house, or at Maggie's bar over PF> beer and pizza. You've got my vote for beer and pizza. ;-) Pat, let's plan accordingly. I'd like to be there for the first meeting, so I'll give you a call and we can discuss this at length. In the meantime, I'm keeping a list and building a kering of interested parties. Cheers. -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBK9VurZRLcZSdHMBNAQG6GQP/aWlhwgaBwLU2QFUsjdoauIuPYrVRiu5f 87z4s8YhRj/dNX/alIO6LTGIT0Q4V5UW7w9gu2EChok618KJly3zgqg1slDBhg0x F6ZIJjbdiPmkeNGjlswfm/x/yGF2NWLu+F2YsMfbXEjnmdOaZaooiOQFA1tiMN2x AysEJYTBnJs= =q/Pf -----END PGP SIGNATURE----- Paul Ferguson | Uncle Sam wants to read Network Integration Consultant | your e-mail... Centreville, Virginia USA | Just say "NO" to the Clipper fergp at sytex.com | Chip... From fergp at sytex.com Wed Apr 21 09:44:18 1993 From: fergp at sytex.com (Paul Ferguson) Date: Wed, 21 Apr 93 09:44:18 PDT Subject: DC Cypherpunks Message-ID: On Wed, 21 Apr 93 2:07:49 EDT, Craig Nottingham wrote - CN> There is plenty of DC area support fr such a group. The only CN> problem that presents it self is where to hold a meeting where CN> here will be no hassles. I'm putting together of interested parties who would like to get together for physical meetings on a "psuedo-random" basis. As Pat mentioned earlier, my free time is non-existant at least until mid-May (getting re-married May 1), but I'm eager to meet, unite and build a DC chapter. Solidarity and determination, my brothers and sisters! Also, send your pubkey. Little things mean alot. Paul Ferguson | Uncle Sam wants to read Network Integration Consultant | your e-mail... Centreville, Virginia USA | Just say "NO" to the Clipper fergp at sytex.com | Chip... From strat at intercon.com Wed Apr 21 10:55:58 1993 From: strat at intercon.com (Bob Stratton) Date: Wed, 21 Apr 93 10:55:58 PDT Subject: DC Cypherpunks Message-ID: <9304211239.AA53513@horton.intercon.com> > Subject: DC Cypherpunks > From: fergp at sytex.com (Paul Ferguson) > Date: Wed, 21 Apr 93 12:16:22 EDT > > -----BEGIN PGP SIGNED MESSAGE----- > > On Wed, 21 Apr 93 09:15:25 EST, > Pat Farrell writes - > > PF> Craig, there is no problem having a meeting, you just have to have > PF> more sense than the kids who think Pentagon City Mall is public > PF> space. A small meeting can be in my house, or at Maggie's bar over > PF> beer and pizza. > > You've got my vote for beer and pizza. ;-) > > Pat, let's plan accordingly. I'd like to be there for the first > meeting, so I'll give you a call and we can discuss this at length. In > the meantime, I'm keeping a list and building a kering of > interested parties. Hear, hear. I think I can also swing permission to have it at my office in Herndon, if having a T1 to the Net is at all helpful. I'll ask, if anyone's interested. --Strat, whose company actually took a position on the Clipper chip! (It's the right one, BTW) Help stop the wiretap chip! (a.k.a "Clipper") RIPEM and PGP keys available on request. From gnu Wed Apr 21 11:17:43 1993 From: gnu (John Gilmore) Date: Wed, 21 Apr 93 11:17:43 PDT Subject: Meets 'n Greets (IRC Meetings Maybe?) -- Internet audio? In-Reply-To: <9304211319.AA12656@tstc.edu> Message-ID: <9304211816.AA14002@toad.com> We could set up an encrypted `vat' audio session between the locations. Cygnus has T1 connectivity to the Internet. Someone would need to provide a good self-powered speaker to plug into the Sun audio port (a standard mini phono plug). We have a microphone that will possibly work, though we should run some tests before the meeting. Cygnus does not have multicast support, so we can't feed the `mbone' (multicast backbone) with it, but we can attempt one or several point-to-point links. `vat' runs on Suns and is available from ftp.ee.lbl.gov or ftp.cygnus.com:/pub/vat.1.56.tar.Z. It's `Van's Audio Tool', unfortunately available only in binary. Its encryption option requires that the participants agree on a key in advance, and type it into each workstation at the time of the conference. John Gilmore From uni at acs.bu.edu Wed Apr 21 11:37:47 1993 From: uni at acs.bu.edu (Shaen Bernhardt) Date: Wed, 21 Apr 93 11:37:47 PDT Subject: Meets 'n Greets Message-ID: <9304211837.AA240185@acs.bu.edu> de_armor_file: infile = AppDisk:fm ?, outfile = AppDisk:fm ?.$00, curline = 0 ERROR: Badly formed ASCII armor checksum, line 28. Error: Transport armor stripping failed for file AppDisk:fm ? Please resend From szabo at techbook.com Wed Apr 21 12:32:20 1993 From: szabo at techbook.com (Nick Szabo) Date: Wed, 21 Apr 93 12:32:20 PDT Subject: Intergraph employee claims trademark violation Message-ID: Forwarded from Libernet: Date: Tue, 20 Apr 93 10:30:47 PDT From: ald at clipper.clipper.ingr.com (Al Date) Subject: "Clipper Chip" --NOT! To: libernet at Dartmouth.EDU Clipper TM chip is a registered trademark of Intergraph Corp. The so-called Clipper chip which was recently mentioned here and in other media with respect to encryption is being used in violation of that trademark. The Intergraph Clipper chip is a Unix microprocessor, originally developed by Fairchild Semiconductors, and has no relationship to the encryption chip whatsoever. I mention this here with the hope that someone reading this will intercede before the group alt.privacy."clipper" is established. --Al Date From ral at telerama.pgh.pa.us Wed Apr 21 12:46:46 1993 From: ral at telerama.pgh.pa.us (Robert Luscombe) Date: Wed, 21 Apr 93 12:46:46 PDT Subject: PGP again. Message-ID: I apologize for this, but... If anyone sent me a response re:pgp help, i just lost my incoming mailbox before i read my mail. I did see a few responses listed in my new mail, but they were gone when i tried to read them. Sorry for the hassle, but could anyone who did send me something re-send it? I am not too happy about all my lost mail. --Robert Luscombe Internet: ral at telerama.pgh.pa.us Voice:412/488-0941 robert at well.sf.ca.us (Finger for PGP Pub Key) From morrison at tantalus.scl.ameslab.gov Wed Apr 21 12:55:29 1993 From: morrison at tantalus.scl.ameslab.gov (Andrew Morrison) Date: Wed, 21 Apr 93 12:55:29 PDT Subject: Cancellation Message-ID: <9304211951.AA19740@tantalus.scl.ameslab.gov> Please remove me from the list. I have limited access to my e-mail, and can't keep up. Thank you, Andrew Morrison From peb at PROCASE.COM Wed Apr 21 13:09:45 1993 From: peb at PROCASE.COM (peb at PROCASE.COM) Date: Wed, 21 Apr 93 13:09:45 PDT Subject: Free Speech Message-ID: <9304211949.AA03767@banff> What do people think about crypto being considered Free Speech? This might be the most powerful angle. Freedom of expression would be a great way to protest a ban on hard crypto; detecting the use of crypto on the Internet would be like Prodigy monitoring all news groups for non-family (and non-Prodigy) material. Not only that, but if the proported crypto material wasn't actually crypto but random bits, then no laws would be broken. The next step for the tyrant in this arms race is to send messages that merely appear to contain crypto illegal. By analogy, the FCC can fine people for joking about the metal detector and xray equipment security check points. I don't know if this is a law, but the FCC could enforce its fine by not allowing you to fly again on a commercial airline. (Monopolies, they work just great. ;^) A further step in this scenario is for the pro-free-speech people to start using various data compression techniques--a proliferation of non-standards for various reasons (well, C++ compression could be specialized--no dictionary need be sent if the reciever knows it is C++; same for English used on particular news groups, poetry, etc.). This would cause massive false positives of packets that appear to be encrypted. Obviously, fairly enforcing a law against such usage would be impossible. I can see two outcomes at this stage: (1) the laws are eliminated, or (2) they are enforced only selectively. Considering the way things usually work, (2) seems more likely, however the fact that the merger of phones and computers is already happening (e.g., Sun ss10 with ISDN has a complete phone answering system written by Jeff Peck at Sun), the volume of resistance can easily be *large* and *convenient*. Few protests are convenient; with this, people don't even have to leave work! (The downside is, however, that it would be difficult to get media attention for doing it...TV camera pointed at the workstation, OK, I'm pressing the Send button now. Hah! Take that!) If the powers-that-be then come up with a law that crypto is illegal only if used for illegal activity, I wouldn't complain so much. Changing your name is legal as long as you don't commit fraud, so there are tolerable examples of this type of law now. Paul E. Baclace peb at procase.com From jwarren at autodesk.com Wed Apr 21 13:38:10 1993 From: jwarren at autodesk.com (Jim Warren) Date: Wed, 21 Apr 93 13:38:10 PDT Subject: more details from Denning Message-ID: <9304211652.AA24148@megalon.YP.acad> I've been collecting this flow over the last few days, and finally have a chance to upload it to 'punks. I think all of it is new, but part of it might have already appeared in the last several daze [sic] deluge. If so, apologies for repetition. And, a coupla tidbits about Dorothy: I have known her for several years, worked closely with her on creating the first Computers, Freedom & Privacy conference in 1991, have absolutely the *highest* regard for her integrity, honesty and candor -- and absolutely trust what she says ... even when it's about a subject on which we may disagree. Dorothy Denning is an honorable person with great personal integrity, and I urge that she be treated as such -- even in disagreement. --jim Jim Warren, MicroTimes futures columnist; InfoWorld founder; DataCast founder; founder & chair, First Conf. on Computers, Freedom & Privacy, blah blah blah :-) ============echoing the messages of significance========== From anton at hydra.unm.edu Wed Apr 21 13:51:24 1993 From: anton at hydra.unm.edu (Stanton McCandlish) Date: Wed, 21 Apr 93 13:51:24 PDT Subject: FAQ: PGP where? Message-ID: <9304212051.AA14092@hydra.unm.edu> For those with modems but not full Internet access, you can obtain PGP2.2 from the BBS listed in the .sib below. Full access first call. I stock the DOS, Mac, and Unix versions, the source code/utils package (in .ZIP format), and the DOS menu/shell program. Look in the LOGIN and NON- IBM file areas. All are direct from wel established FTP sites (garbo, oak, etc.), NOT from uploads or from other BBSs. Clean as whistle! If you wish anonymity, you can get the DOS ver, source and shell from the LOGIN file area, if you login as GUEST password GUEST. Don't futz about though, the GUEST acct. is quite time-restricted. Best bet is login normally. If you never plan to call again, just enter x and 0000 for all the question- naire fields, and leave a "delete me" omment to sysop, if you would. -- Testes saxi solidi! ********************** Podex opacus gravedinosus est! Stanton McCandlish, SysOp: Noise in the Void Data Center BBS IndraNet: 369:1/1 FidoNet: 1:301/2 Internet: anton at hydra.unm.edu Snail: 8020 Central SE #405, Albuquerque, New Mexico 87108 USA Data phone: +1-505-246-8515 (24hr, 1200-14400 v32bis, N-8-1) Vox phone: +1-505-247-3402 (bps rate varies, depends on if you woke me up...:) From tcmay at netcom.com Wed Apr 21 13:53:57 1993 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 21 Apr 93 13:53:57 PDT Subject: Crypto Activism and Respectability Message-ID: <9304212053.AA23743@netcom.netcom.com> Crypto Activism and Respectability, or, Should We Become "Suits"? Several Cyperpunks, er, "Privacy Advocates," have called for the name "Cypherpunks" to be changed to something more serious, more respectable, less likely to scare the horses. Something like "Cryptography Privacy" or "Cryptologic Research Association." Some even want a parallel to the NRA, such as the "National Cryptography Association." Further, there have been comments that referring to "crypto anarchy," as I've been doing for several years (my "Crypto Anarchist Manifesto" was first distributed in 1988) is, to put it bluntly, "not helpful to the cause." Talk of libertarian ideas, "If crypto is outlawed, only outlaws will have crypto," and other such "crypto radicalism" is seen as unrespectable, as counterproductive. We're not speaking the language of the "suits," it's said. Middle America will be turned off by the hippie radicals in t-shirts, leather jackets, sandals, and beards. (Some readers of this list have volunteered that they'd make better spokespersons for the Cause because they are clean-shaven, they look like good corporate citizens, and they know how to make the right soothing noises to interviewers. I say, "Great! We need more publicity." Just don't tell the rest of us California types, where sandals, beards, and jeans remain common, that we need to "go corporate." Picture a "smiley" here, if that's your style.) I want to respond by making several comments: * Radicals like ourselves have always been under pressure to conform to societal norms, whether to dress in the "gray flannel suit" in the 1950s or to eschew long hair and beads in the 60s. * Guess what? The message is almost more important than the messenger. People have a pretty clear idea of what people are saying, despite their appearance. And, frankly, my guess is that even most of Middle America will feel somewhat more comfortable listening to a John Gilmore, for example, than a Bill Gates-type nerd clone. People know honesty and sincerity when they see it, and they know lawyers when they see them. It's been 25 years since the hippie heyday, and most Americans have adjusted to varying outward appearances. (Actually, they've internalized and accepted long hair and beards....shaved heads, nose piercings, and body adornments they probably haven't yet accepted. But most of the "crypto anarchist cypherpunks" are of the more conventional kind of "disreputable" appearance, so the point is moot.) * The more serious message of toning down our calls for complete and total access to whatever crypto tools we can get is potentially more divisive to this group. We don't all have the same politics...some of us are anarcho-capitalists, some are socialists (I hear), some are nonpolitical (as near as I can tell), some decline to state, and some may off in their own uncharted territory. But what we all seem to believe in common is that no government has the right to force us to make tape recordings of all of our conversations (to be placed in escrow, in case the government someday needs to listen to them!), to tap our phones, to insist we speak in government-approved non-coded language, and to use their "Wiretap Chips." I said "potentially" more divisive. In practice, nobody on this list is really disagreeing in a major way with our general goals of privacy and access to tools (to borrow the "Whole Earth" phrase). A few people disagreed with the way remailers, like our home-grown remailers and like Johan Helsingius' (he's also on this list, of course), were being handled. But that's the kind of debate we want. * To some, like David Sternlight, Dorothy Denning, and Andrew Molitor, these are radical, unreasonable, and subversive views. "Remember, children, the policeman is your *friend*." seems to sum up their view of crypto. It's hard to imagine just what we have to "be reasonable" about with such people. A basic ideological divide separates us. * I fully agree with many of you that the name "Cypherpunks" has some, shall we say, _unusual_ connotations. Some will assume we're skateboarding geeks, others will assume we're "crypto primitives" who pierce our bodies and spend all our time at raves. But the name has undeniable appeal to many, and certainly grabs a lot of attention. It seems improbable that some staid name like "Northern California Cryptography Hobbyists Association" would've gotten much attention, let alone a write-up in "Wired" (and upcoming pieces in "Whole Earth Review," "The Village Voice," etc.). (Perhaps you out there who first heard about us via an article in "Mondo 2000," or "Wired," or a reference someplace, like MindVox or sci.crypt, can tell us what grabbed your attention, what you liked and disliked about the name, etc. Just as feedback.) In any case, it's much too late to change the name now. Publicity of "Cypherpunks" has spread the name, lots of journalists are intrigued by it, and it basically *does* capture the spirit of our group. After all, for basic civil liberties and cyberspace issues, the ACLU, CPSR, and EFF already exist and do a fair job at presenting lawyer-like faces to the press. And for conventional "phreaking," the group "2600" is having their own meetings. We don't have to be the group with the subdued and staid image. And note tha the "Hackers Conference" has not changed _their_ name, either, despite the negative publicity given the name. (A meta-rule: There is no such thing as negative publicity. All they have to do is spell your name right. Ironically, in a recent "MacWorld" column, Steven Levy misspelled our name as "Cipherpunks." He got it right in his "Wired" piece, though.) * As for respectablity, is our goal to be "co-opted" into the Establishment? (Geez. these words I'm writing could've been written in 1968!) Is it to be a respectable voice for moderation and the gentle process of negotiating? I think not. (Note that the Wiretap Chip was *not* presented for discussion and for industry comment. Neither the Bush nor Clinton camps presented this for public debate--unless you consider Dorothy Denning's comments to be the "trial balloon" I suggested it was last fall in sci.crypt...Denning has made the curious claim that she knew "nothing" of the Clipper plan until the night before it was publicly announced. This plan is a fait accompli, production of the chips is underway, and AT&T has already announced their Clipper-tapped phone. The best we can do is undermine the proposal, deploy strong crypto as widely as possible before it's outlawed completely (Clipper will fail if strong crypto alternatives are available...what do you think Big Brother plans to do about this?), and continue to make as much noise as we can about the evils of invading privacy in this way. I see little indication that reasonable negotiation is being invited.) * There are already several groups, as I've mentioned, made up of lawyers and "respectable spokesmen" like Mitch Kapor and Mike Godwin (wherever he is now). In a sense, Cypherpunks fill an important ecological niche by being the outrageous side, the radical side...perhaps a bit like the role the Black Panthers, Yippies, and Weather Underground played a generation ago. (By the way, "The Crypto Underground" was one of my favorite name proposals....aren't you glad now we settled on Jude Milhon's "Cypherpunks" suggestion?) * Cypherpunks write code, as Eric put it. They write code, they build remailers, they test systems to see how they break, they share their findings, they ignore restrictions on crypto, they look at the consequences of strong crypto, and they write articles like this. * Now I'm all for respectability in certain ways, ways that come naturally to each of us. When I talk to journalists, I speak in complete sentences, I explain things in the most straightforward way possible, etc. I don't roll in on my skateboard and say "Dewd! Yo bro, let's skank this Clipper shit!" But I don't plan to shave off my beard, cut my hair, start wearing suits, or be "moderate and reasonable" in my arguments. Nor do I intend to water down my messages about digital money, anonymous systems, and crypto anarchy. "Let a thousand flowers bloom." --Mao (not one of my heroes) "Live dangerously." --Nietzsche (one of my heroes) -Tim May, Cypherpunk -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, smashing of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available. Waco Massacre + Big Brother Wiretap Chip = A Nazi Regime From fergp at sytex.com Wed Apr 21 14:42:24 1993 From: fergp at sytex.com (Paul Ferguson) Date: Wed, 21 Apr 93 14:42:24 PDT Subject: WIRED snippet Message-ID: On Wed, 21 Apr 93 11:30:24 -0600, L. Detweiler LD> EFF is drawing fire on the proposal or EFF is drawing fire on LD> itself? I read this elsewhere, but I just can't remember where, off the top of my head. Anyway, here is a snippet from WIRED (Vol 1, Issue 2, May/June 1993, page 97) that also mentions it - 8<------- Cut Here ------------ HYPE LIST Current Position Months Position Last Month on List -------- ---------- ------- Cryptography 1 4 3 Wireless Everything 2 - 2 Wired 3 - 1 EFF Sells Out 4 - 1 Piercing 5 - 2 1. Cryptography Cryptography continues to rise in popularity as the solution for all digital ills. The use of the software encryption package Pretty Good Privacy (PGP) for e-mail is now tres hip among the network elites, and public keys are being traded like baseball cards. Of course, encryption is just a way to hide the same boring messages, but it does add that element of intrigue. Crypto-philes are a '90s version of the NRA gun nuts: paranoid of the government's attempts to legislate, and coonvinced that their guns (codes) are necessary for freedom. "If encryption is outlawed, only outlaws will have encryption," is already splattered around the Net. 2. Wireless Everything There seems to be an unwritten rule nowadays that every product announcement must trumpet the fact that the new gizmo is, even if only in some minor way, wireless. We now have wireless mice, keyboards, modems, printers, and networks. The once-esoteric deliberations concerninng radio bandwidth auctioning have become front page news in the Wall Street Journal. What's strange is that there is no corresponding consumer clamor for wireless products. In fact, wireless keyboards and printers have flopped every time thay have been introduced. But don't expect this to stop Buck Rogers-obsessed electronics companies anytime soon. 3. Wired The glut of recent media hype surrounding this new rag is proof the WIRED staff has read and understood its Marshall McLuhan. Through deliberate manipulation of broadcasters, spin-doctored press releases, and billboards everywhere, WIRED has achieved near total ubiquity, including spots on everything from Good Morning America to NPR. While the mainstream media looks on in disbelief, the reaction on the Net has been more divided. Some on alt.cyberpunk see it as the unholy offspring of M2 and the Economist, while others see it as a rehash of the Same Old Stuff, down to the obligatory article on virtual sex. Like VR, it's a viewpoint-dependent medium. 4. EFF Sells Out The Electronic Frontier Foundation's announcement of their reorganization and the closure of their Cambridge office was greeted with cries of betrayal and the ripping of membership cards. Many people on the Net saw the reorganization as a move by the EFF towards a more slick-corporate-Washington D.C.-Clinton-ass-kicking type of organization. The critics have grossly exaggerated the charges, but there is a kernel of truth to them: The EFF gets most of its financial support from large corporations such as AT&T and Apple, and John Perry Barlow has admitted that this has influenced the EFF's actions. (Heck, how many times hhave you seen John Sculley standing next to Clinton in the past four months?) But a well-endowed EFF is sure to be more effective than a politically correct one -- we just need to hope that what is best for Apple is also best for us. 5. Piercing Body piercing has been hyped for the last five years, but only recently has it really caught on in the computer community. Now it seems as though every programmer in San Jose has a pierced nipple and is eagerto tell you about it. As Jaron Lanier said, piercing is the only thing left that can still get a rise from a teenager's ex-hippy parent. Cyberpunk lit has always emphasized body malfunctions, from fake eyes to knives implanted under yourr finger nails, and piercing is a cheap and easy way to be like your heros -- and it;s oh so rebellious. I just hope that liposuction becomes the next big trend with this group. - Steve Steinberg 8<----- Cut Here --------- Cheers. Paul Ferguson | Uncle Sam wants to read Network Integration Consultant | your e-mail... Centreville, Virginia USA | Just say "NO" to the Clipper fergp at sytex.com | Chip... From tcmay at netcom.com Wed Apr 21 14:47:02 1993 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 21 Apr 93 14:47:02 PDT Subject: Crypto Activism and Respectability Message-ID: <9304212146.AA01218@netcom.netcom.com> Crypto Activism and Respectability, or, Should We Become "Suits"? Several Cyperpunks, er, "Privacy Advocates," have called for the name "Cypherpunks" to be changed to something more serious, more respectable, less likely to scare the horses. Something like "Cryptography Privacy" or "Cryptologic Research Association." Some even want a parallel to the NRA, such as the "National Cryptography Association." Further, there have been comments that referring to "crypto anarchy," as I've been doing for several years (my "Crypto Anarchist Manifesto" was first distributed in 1988) is, to put it bluntly, "not helpful to the cause." Talk of libertarian ideas, "If crypto is outlawed, only outlaws will have crypto," and other such "crypto radicalism" is seen as unrespectable, as counterproductive. We're not speaking the language of the "suits," it's said. Middle America will be turned off by the hippie radicals in t-shirts, leather jackets, sandals, and beards. (Some readers of this list have volunteered that they'd make better spokespersons for the Cause because they are clean-shaven, they look like good corporate citizens, and they know how to make the right soothing noises to interviewers. I say, "Great! We need more publicity." Just don't tell the rest of us California types, where sandals, beards, and jeans remain common, that we need to "go corporate." Picture a "smiley" here, if that's your style.) I want to respond by making several comments: * Radicals like ourselves have always been under pressure to conform to societal norms, whether to dress in the "gray flannel suit" in the 1950s or to eschew long hair and beads in the 60s. * Guess what? The message is almost more important than the messenger. People have a pretty clear idea of what people are saying, despite their appearance. And, frankly, my guess is that even most of Middle America will feel somewhat more comfortable listening to a John Gilmore, for example, than a Bill Gates-type nerd clone. People know honesty and sincerity when they see it, and they know lawyers when they see them. It's been 25 years since the hippie heyday, and most Americans have adjusted to varying outward appearances. (Actually, they've internalized and accepted long hair and beards....shaved heads, nose piercings, and body adornments they probably haven't yet accepted. But most of the "crypto anarchist cypherpunks" are of the more conventional kind of "disreputable" appearance, so the point is moot.) * The more serious message of toning down our calls for complete and total access to whatever crypto tools we can get is potentially more divisive to this group. We don't all have the same politics...some of us are anarcho-capitalists, some are socialists (I hear), some are nonpolitical (as near as I can tell), some decline to state, and some may off in their own uncharted territory. But what we all seem to believe in common is that no government has the right to force us to make tape recordings of all of our conversations (to be placed in escrow, in case the government someday needs to listen to them!), to tap our phones, to insist we speak in government-approved non-coded language, and to use their "Wiretap Chips." I said "potentially" more divisive. In practice, nobody on this list is really disagreeing in a major way with our general goals of privacy and access to tools (to borrow the "Whole Earth" phrase). A few people disagreed with the way remailers, like our home-grown remailers and like Johan Helsingius' (he's also on this list, of course), were being handled. But that's the kind of debate we want. * To some, like David Sternlight, Dorothy Denning, and Andrew Molitor, these are radical, unreasonable, and subversive views. "Remember, children, the policeman is your *friend*." seems to sum up their view of crypto. It's hard to imagine just what we have to "be reasonable" about with such people. A basic ideological divide separates us. * I fully agree with many of you that the name "Cypherpunks" has some, shall we say, _unusual_ connotations. Some will assume we're skateboarding geeks, others will assume we're "crypto primitives" who pierce our bodies and spend all our time at raves. But the name has undeniable appeal to many, and certainly grabs a lot of attention. It seems improbable that some staid name like "Northern California Cryptography Hobbyists Association" would've gotten much attention, let alone a write-up in "Wired" (and upcoming pieces in "Whole Earth Review," "The Village Voice," etc.). (Perhaps you out there who first heard about us via an article in "Mondo," or "Wired," or a reference someplace, like MindVox or sci.crypt, can tell us what grabbed your attention, what you liked and disliked about the name, etc. Just as feedback.) In any case, it's much too late to change the name now. Publicity of "Cypherpunks" has spread the name, lots of journalists are intrigued by it, and it basically *does* capture the spirit of our group. After all, for basic civil liberties and cyberspace issues, the ACLU, CPSR, and EFF already exist and do a fair job at presenting lawyer-like faces to the press. And for conventional "phreaking," the group "2600" is having their own meetings. We don't have to be the group with the subdued and staid image. And note tha the "Hackers Conference" has not changed _their_ name, either, despite the negative publicity given the name. (A meta-rule: There is no such thing as negative publicity. All they have to do is spell your name right. Ironically, in a recent "MacWorld" column, Steven Levy misspelled our name as "Cipherpunks." He got it right in his "Wired" piece, though.) * As for respectablity, is our goal to be "co-opted" into the Establishment? (Geez. these words I'm writing could've been written in 1968!) Is it to be a respectable voice for moderation and the gentle process of negotiating? I think not. (Note that the Wiretap Chip was *not* presented for discussion and for industry comment. Neither the Bush nor Clinton camps presented this for public debate--unless you consider Dorothy Denning's comments to be the "trial balloon" I suggested it was last fall in sci.crypt...Denning has made the curious claim that she knew "nothing" of the Clipper plan until the night before it was publicly announced. This plan is a fait accompli, production of the chips is underway, and AT&T has already announced their Clipper-tapped phone. The best we can do is undermine the proposal, deploy strong crypto as widely as possible before it's outlawed completely (Clipper will fail if strong crypto alternatives are available...what do you think Big Brother plans to do about this?), and continue to make as much noise as we can about the evils of invading privacy in this way. I see little indication that reasonable negotiation is being invited.) * There are already several groups, as I've mentioned, made up of lawyers and "respectable spokesmen" like Mitch Kapor and Mike Godwin (wherever he is now). In a sense, Cypherpunks fill an important ecological niche by being the outrageous side, the radical side...perhaps a bit like the role the Black Panthers, Yippies, and Weather Underground played a generation ago. (By the way, "The Crypto Underground" was one of my favorite name proposals....aren't you glad now we settled on Jude Milhon's "Cypherpunks" suggestion?) * Cypherpunks write code, as Eric put it. They write code, they build remailers, they test systems to see how they break, they share their findings, they ignore restrictions on crypto, they look at the consequences of strong crypto, and they write articles like this. * Now I'm all for respectability in certain ways, ways that come naturally to each of us. When I talk to journalists, I speak in complete sentences, I explain things in the most straightforward way possible, etc. I don't roll in on my skateboard and say "Dewd! Yo bro, let's skank this Clipper shit!" But I don't plan to shave off my beard, cut my hair, start wearing suits, or be "moderate and reasonable" in my arguments. Nor do I intend to water down my messages about digital money, anonymous systems, and crypto anarchy. "Let a thousand flowers bloom." --Mao (not one of my heroes) "Live dangerously." --Nietzsche (one of my heroes) -Tim May, Cypherpunk -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, smashing of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available. Waco Massacre + Big Brother Wiretap Chip = A Nazi Regime From psionic at wam.umd.edu Wed Apr 21 14:55:01 1993 From: psionic at wam.umd.edu (Haywood J. Blowme) Date: Wed, 21 Apr 93 14:55:01 PDT Subject: New Algorithm... Message-ID: <199304212154.AA15610@rac3.wam.umd.edu> As promised, I spoke today with the company mentioned in a Washington Times article about the Clipper chip announcement. The name of the company is Secure Communicatiions Technology (Information will be given at the end of this message on how to contact them). Basically they are disturbed about the announcement for many reasons that we are. More specifically however, Mr. Bryen of Secure Communications brought to light many points that might interest most of the readers. His belief is that AT&T was made known of the clipper well before the rest of the industry. This is for several reasons, several of which are: - A company of AT&T's size could never be able to make a decision to use the new chip on the SAME DAY it was announced. - Months ago they proposed using their own chip for AT&T's secure telephone devices. AT&T basically blew them off as being not interested at all. This stuck them as strange, until now... Also I spoke with Art Melnick, their cryptographer, he expressed several concerns over the new Clipper Chip: - The obvious backdoor will be able to let many people decrypt the code. - Once the key is released to authorities the security of the crypto system is lost forever. These keys can end up in the hands of any agency of the government. - The fact that the escrowed keys never change means that the algorithm is vulnerable over time to an attacker. - The classified algorithm may hide another backdoor. But he feels that it is probably to keep people from forging fake serial numbers, or changing the keys themselves. - Additionally he feels that the NSA has probably spent enough time and money in working on a way to keep this chip from being reversed engineered, that he feels that reverse engineering it will be very difficult to do. He feels that they have developed a suitable technique to protect the chip from this attack. Also he feels that the chip is hardware encoded with the algorithm and not microcoded onto the chip. Additonally I spoke with Mr. Melnick about their algorithm. He couldn't tell me much about their new agorithm because it hasn't been patented yet. However he told me a little: - The algorithm will be released for public review after patents have been granted for it. This is so the crypto community can see that it is secure. - The algorithm is called NEA for New Encryption Algorithm. The details were sketchy because now it is held as a trade secret until the patent was issued, but I was told that it will incorporate the following: - It will have fast encryption of data (Exact specs not given, but Mr. Melnick stated "Much faster than what an RS-232 can put out.") - It is a symmetric cipher, just like IDEA and DES. - It will use 64 bit data blocks for encryption (like DES and IDEA). - The key length was not given to me, but Mr. Melnick states that it is _adujustable_ and is "More than adequate for security." - The algorithm is written in C and Assembler in software form, and can be ported to many platforms (Unlike the the Clipper Chip which is hardware ONLY and cannot be made into software) This I consider a definite plus for the NEA for widespread use. - The algorithm will accomodate public key distribution techniques such as RSA or Diffie-Hellman. This will also be supported in the hardware chip. - Right now the projected cost of the NEA chip will be about 10 dollars for each!! (Clipper will run 25 each chip [that is if it is produced enough, which probably won't happen]). - They currently sell a program called C-COM that uses the algorithm and a special streaming protocol that does not divide the encrypted data into "blocks." This could prevent plaintext attacks if you know what the block header is. This program operates at all supported RS-232 speeds and uses the software implementation of the algorithm. - Most importantly: IT DOES NOT HAVE A BACKDOOR!! Right now the company is afraid that the new clipper chip will put them out of business. This is a very real possibility. So they really need help in stopping the clipper chip from becoming a standard. If you want to contact them, they can be reached at.. Secure Communications Technology 8700 Georgia Ave. Suite 302 Silver Spring, MD (301) 588-2200 I talked to Mr. Bryen who represents the company. He can answer any questions you have. ============================================================================= /// | psionic at wam.umd.edu | Fight the WIRETAP CHIP!! Ask me how! __ /// C= | -Craig H. Rowland- | \\\/// Amiga| PGP Key Available | "Those who would give up liberty for \/// 1200 | by request. | security deserve neither." ============================================================================= From tcmay at netcom.com Wed Apr 21 15:09:54 1993 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 21 Apr 93 15:09:54 PDT Subject: Crypto Activism and Respectability Message-ID: <9304212209.AA03876@netcom.netcom.com> Crypto Activism and Respectability, or, Should We Become "Suits"? Several Cyperpunks, er, "Privacy Advocates," have called for the name "Cypherpunks" to be changed to something more serious, more respectable, less likely to scare the horses. Something like "Cryptography Privacy" or "Cryptologic Research Association." Some even want a parallel to the NRA, such as the "National Cryptography Association." Further, there have been comments that referring to "crypto anarchy," as I've been doing for several years (my "Crypto Anarchist Manifesto" was first distributed in 1988) is, to put it bluntly, "not helpful to the cause." Talk of libertarian ideas, "If crypto is outlawed, only outlaws will have crypto," and other such "crypto radicalism" is seen as unrespectable, as counterproductive. We're not speaking the language of the "suits," it's said. Middle America will be turned off by the hippie radicals in t-shirts, leather jackets, sandals, and beards. (Some readers of this list have volunteered that they'd make better spokespersons for the Cause because they are clean-shaven, they look like good corporate citizens, and they know how to make the right soothing noises to interviewers. I say, "Great! We need more publicity." Just don't tell the rest of us California types, where sandals, beards, and jeans remain common, that we need to "go corporate." Picture a "smiley" here, if that's your style.) I want to respond by making several comments: * Radicals like ourselves have always been under pressure to conform to societal norms, whether to dress in the "gray flannel suit" in the 1950s or to eschew long hair and beads in the 60s. * Guess what? The message is almost more important than the messenger. People have a pretty clear idea of what people are saying, despite their appearance. And, frankly, my guess is that even most of Middle America will feel somewhat more comfortable listening to a John Gilmore, for example, than a Bill Gates-type nerd clone. People know honesty and sincerity when they see it, and they know lawyers when they see them. It's been 25 years since the hippie heyday, and most Americans have adjusted to varying outward appearances. (Actually, they've internalized and accepted long hair and beards....shaved heads, nose piercings, and body adornments they probably haven't yet accepted. But most of the "crypto anarchist cypherpunks" are of the more conventional kind of "disreputable" appearance, so the point is moot.) * The more serious message of toning down our calls for complete and total access to whatever crypto tools we can get is potentially more divisive to this group. We don't all have the same politics...some of us are anarcho-capitalists, some are socialists (I hear), some are nonpolitical (as near as I can tell), some decline to state, and some may off in their own uncharted territory. But what we all seem to believe in common is that no government has the right to force us to make tape recordings of all of our conversations (to be placed in escrow, in case the government someday needs to listen to them!), to tap our phones, to insist we speak in government-approved non-coded language, and to use their "Wiretap Chips." I said "potentially" more divisive. In practice, nobody on this list is really disagreeing in a major way with our general goals of privacy and access to tools (to borrow the "Whole Earth" phrase). A few people disagreed with the way remailers, like our home-grown remailers and like Johan Helsingius' (he's also on this list, of course), were being handled. But that's the kind of debate we want. * To some, like David Sternlight, Dorothy Denning, and Andrew Molitor, these are radical, unreasonable, and subversive views. "Remember, children, the policeman is your *friend*." seems to sum up their view of crypto. It's hard to imagine just what we have to "be reasonable" about with such people. A basic ideological divide separates us. * I fully agree with many of you that the name "Cypherpunks" has some, shall we say, _unusual_ connotations. Some will assume we're skateboarding geeks, others will assume we're "crypto primitives" who pierce our bodies and spend all our time at raves. But the name has undeniable appeal to many, and certainly grabs a lot of attention. It seems improbable that some staid name like "Northern California Cryptography Hobbyists Association" would've gotten much attention, let alone a write-up in "Wired" (and upcoming pieces in "Whole Earth Review," "The Village Voice," etc.). (Perhaps you out there who first heard about us via an article in "Mondo," or "Wired," or a reference someplace, like MindVox or sci.crypt, can tell us what grabbed your attention, what you liked and disliked about the name, etc. Just as feedback.) In any case, it's much too late to change the name now. Publicity of "Cypherpunks" has spread the name, lots of journalists are intrigued by it, and it basically *does* capture the spirit of our group. After all, for basic civil liberties and cyberspace issues, the ACLU, CPSR, and EFF already exist and do a fair job at presenting lawyer-like faces to the press. And for conventional "phreaking," the group "2600" is having their own meetings. We don't have to be the group with the subdued and staid image. And note tha the "Hackers Conference" has not changed _their_ name, either, despite the negative publicity given the name. (A meta-rule: There is no such thing as negative publicity. All they have to do is spell your name right. Ironically, in a recent "MacWorld" column, Steven Levy misspelled our name as "Cipherpunks." He got it right in his "Wired" piece, though.) * As for respectablity, is our goal to be "co-opted" into the Establishment? (Geez. these words I'm writing could've been written in 1968!) Is it to be a respectable voice for moderation and the gentle process of negotiating? I think not. (Note that the Wiretap Chip was *not* presented for discussion and for industry comment. Neither the Bush nor Clinton camps presented this for public debate--unless you consider Dorothy Denning's comments to be the "trial balloon" I suggested it was last fall in sci.crypt...Denning has made the curious claim that she knew "nothing" of the Clipper plan until the night before it was publicly announced. This plan is a fait accompli, production of the chips is underway, and AT&T has already announced their Clipper-tapped phone. The best we can do is undermine the proposal, deploy strong crypto as widely as possible before it's outlawed completely (Clipper will fail if strong crypto alternatives are available...what do you think Big Brother plans to do about this?), and continue to make as much noise as we can about the evils of invading privacy in this way. I see little indication that reasonable negotiation is being invited.) * There are already several groups, as I've mentioned, made up of lawyers and "respectable spokesmen" like Mitch Kapor and Mike Godwin (wherever he is now). In a sense, Cypherpunks fill an important ecological niche by being the outrageous side, the radical side...perhaps a bit like the role the Black Panthers, Yippies, and Weather Underground played a generation ago. (By the way, "The Crypto Underground" was one of my favorite name proposals....aren't you glad now we settled on Jude Milhon's "Cypherpunks" suggestion?) * Cypherpunks write code, as Eric put it. They write code, they build remailers, they test systems to see how they break, they share their findings, they ignore restrictions on crypto, they look at the consequences of strong crypto, and they write articles like this. * Now I'm all for respectability in certain ways, ways that come naturally to each of us. When I talk to journalists, I speak in complete sentences, I explain things in the most straightforward way possible, etc. I don't roll in on my skateboard and say "Dewd! Yo bro, let's skank this Clipper shit!" But I don't plan to shave off my beard, cut my hair, start wearing suits, or be "moderate and reasonable" in my arguments. Nor do I intend to water down my messages about digital money, anonymous systems, and crypto anarchy. "Let a thousand flowers bloom." --Mao (not one of my heroes) "Live dangerously." --Nietzsche (one of my heroes) -Tim May, Cypherpunk -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, smashing of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available. Waco Massacre + Big Brother Wiretap Chip = A Nazi Regime From phantom at u.washington.edu Wed Apr 21 15:29:58 1993 From: phantom at u.washington.edu (The Phantom) Date: Wed, 21 Apr 93 15:29:58 PDT Subject: JOBS: Cypherpunks employing Cypherpunks Message-ID: Clipper: If anyone wants it, I can send you the text to the letter I just sent President Clinton and the local papers. I think it is a decent, fairly non-technical letter that might point out some of the parallels between this crypto chip and invasion of privacy to the common person. In my local area, I have now been responsible for 'educating' over 30 people to my interpretation of the meaning of this chip offering. I think it is important that the public knows a little about what is going on so that they can make a conscious decision about the usefulness of it. I don't however, wish to waste list bandwidth with the text of it, as I don't personally think it is a masterpeice. :) Cypherpunks employing Cypherpunks: On another note, I hate it when people use the list for purely personal reasons, but I really need a summer job / internship. If you own your own business [ :) ] or know of a _possible_ opening in a company you work for, please, please contact me and run it by me. I am an Electrical Engineering student at the University of Washington (I hold a 3.2 in my EE classes) and have very few qualms about relocating over the summer (it might even be nice if it were in the bay area, as then I could make it to a Cypherpunk meeting!) It'd be really nice to finally meet some of the people I've been talking to for all of these months. Any leads or ideas would be appreciated. Matt Thomlinson University of Washington, Seattle, Washington. Internet: phantom at u.washington.edu phone: (206) 528-5732 PGP 2.2 key available via email or finger phantom at hardy.u.washington.edu From anton at hydra.unm.edu Wed Apr 21 15:31:36 1993 From: anton at hydra.unm.edu (Stanton McCandlish) Date: Wed, 21 Apr 93 15:31:36 PDT Subject: Crypto Activism and Respectability In-Reply-To: <9304212055.AA04324@churchy.gnu.ai.mit.edu> Message-ID: <9304212230.AA21644@hydra.unm.edu> RE: becoming suits. No. Cypherpunks is a unique group, don't cheapen it. Get the suits sympathetic to you (and among you) to do the suit thing. RE: change the name. Why? It is not as if cypherpunks is a cable network. It is a mailing list. Most people will never know it exists. If you send out missives for the masses, just sign them with you name, and don't put "cypherpunks" on it, if you fear it will be misinterpreted. I know how it feels. My BBS sounds like a hackers' den, but it is a clean, legal online library, and has not that much in common with the typical BBS. Sometimes I think of changing the name and then I think, "No, no Noise in the Void was the name, is the name, will be the name." If people want a Nat'l. Cryptography Assoc., let them go make one. Re: why I joined, and if it has anything to do with the name. I signed on the list, because I needed info on crypto, and sci.crypt is in- convenient (I hardly use UseNet anymore, it becomes more worthless by the second it seems.) However I did grin punkishly at the name. I like it. If the list had been Nat'l. Crypto. Assoc., I would likely have avoided it, simple because it sounds suit, and I have no patience with suits, and do not trust them. -- Testes saxi solidi! ********************** Podex opacus gravedinosus est! Stanton McCandlish, SysOp: Noise in the Void Data Center BBS IndraNet: 369:1/1 FidoNet: 1:301/2 Internet: anton at hydra.unm.edu Snail: 8020 Central SE #405, Albuquerque, New Mexico 87108 USA Data phone: +1-505-246-8515 (24hr, 1200-14400 v32bis, N-8-1) Vox phone: +1-505-247-3402 (bps rate varies, depends on if you woke me up...:) From derek at cs.wisc.edu Wed Apr 21 15:57:49 1993 From: derek at cs.wisc.edu (Derek Zahn) Date: Wed, 21 Apr 93 15:57:49 PDT Subject: "Cypherpunks Write Code" Message-ID: <9304212257.AA15529@lynx.cs.wisc.edu> Hmm, I write code -- but so far no cyphercode. Since I'd like to be part of the cypherdelic revolution, what code needs writing? I agree that the PC/modem scrambled telephone is a good idea, but others are already bashing that out; there must be other neat projects that want doing. Any thoughts? derek psypherdelic psypherdewd (in training) From peb at PROCASE.COM Wed Apr 21 16:07:41 1993 From: peb at PROCASE.COM (peb at PROCASE.COM) Date: Wed, 21 Apr 93 16:07:41 PDT Subject: The Family Key Message-ID: <9304212235.AA03841@banff> >From: Harry Shapiro >press release claims that the Clipper >chip doesn't provide anything more than what Law Enforcement already >has. That is not true. I was about to say this myself too, but Hellman already pointed it out. However, it is worth mentioning for emphasis. The Family key is known not only to the NSA, but to the FBI with their black box units. No special protection is given to this key and it allows the equivalent of Caller-ID *and* Callee-ID over all transmissions using Clipper regardless of how the calls are routed. This is *much* cheaper than speaker recognition used in roving wiretaps! Roving wire taps are given out sparingly, but it seems that Clipper would make the scanning of huge numbers of calls and saving traffic info the normal mode of operation. In my letter to Casa Blanca I mentioned that I noticed this deception in the NIST press release. Another feature of the F key is that it could be changed in new runs of chip making, but evidently, protecting F is not a great concern by NIST/FBI, et al. The 3, 34 bit pads, if/when the entire system is entirely compromised, could be changed--in fact they could do it regularly anyway--they can keep a list of Serial number to pad mappings. This would prevent the system from entirely being compromised by an outside [NSA] entity, so it is somewhat robust to that possibility. Paul E. Baclace peb at procase.com From a2 at well.sf.ca.us Wed Apr 21 16:09:53 1993 From: a2 at well.sf.ca.us (Arthur Abraham) Date: Wed, 21 Apr 93 16:09:53 PDT Subject: The (very) next Saturday Meeting Message-ID: <199304212309.AA12908@well.sf.ca.us> I will be presenting a short talk entitled: Clipper (Nail* | *Ship): External Functionality based on the hardware specs of this topical device. p.s. I tried to get samples, but the price was $300,000 for 10,000 units, and I didn't think that many pe From a2 at well.sf.ca.us Wed Apr 21 16:09:55 1993 From: a2 at well.sf.ca.us (Arthur Abraham) Date: Wed, 21 Apr 93 16:09:55 PDT Subject: The (very) next Saturday Meeting Message-ID: <199304212309.AA12929@well.sf.ca.us> I will be presenting a short talk entitled: Clipper (Nail* | *Ship): External Functionality based on the hardware specs of this topical device. p.s. I tried to get samples, but the price was $300,000 for 10,000 units, From 0005533039 at mcimail.com Wed Apr 21 16:25:05 1993 From: 0005533039 at mcimail.com (Giuseppe Cimmino) Date: Wed, 21 Apr 93 16:25:05 PDT Subject: Meets 'n Greets Message-ID: <42930421215924/0005533039ND1EM@mcimail.com> DC's 26oo meetings are held in the food court of a local mall. The location doesn't require scheduling, can be gotten to via Metro and while private property, usually doesn't run into problems with peaceful gathering. A National Park would solve (for the time being) the later problem (perhaps the park in front of the White House?). Any other DC folks interested? From pmetzger at lehman.com Wed Apr 21 16:43:45 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Wed, 21 Apr 93 16:43:45 PDT Subject: Should we become "suits"? Message-ID: <9304212343.AA29698@snark.shearson.com> No one said anything about becoming "suits", Tim. The problem is this: the name "Cypherpunks" makes us sound like people who break into computers for fun or other such stuff. I was on the phone with John Markoff of the New York Times a couple of days ago, and I was unhappy that no one had yet changed the name of the group because I frankly felt that I could not encourage him to subscribe -- the results would be unpredictable. I encouraged him to read more sci.crypt instead, which he has already been doing. I've been associated with radical political causes for a while. I've found that in general, the radicals are their own worst enemy. People are NOT happy about being lectured to by strange-acting people. Bill Winter of the Libertarian Party of New Hampshire was their chairman over the period in which the LPNH went from four members of the state party to actually becoming a force in New Hampshire politics. New Hampshire is the *only* LP outpost to make any significant electoral inroads, *anywhere*. He once told me this: you can get people to accept strange sounding ideas when promulgated by normal looking people. You can get them to accept normal-sounding ideas when promulgated by strange looking people. You can't get them to accept strange ideas when promulgated by strange people. No, I'm not saying you should wear a suit. I'm not saying John Gilmore should cut his hair and start wearing Armani. I'm just saying that our name is a stumbling block. Why shoot ourselves in the foot for something worthless? The simple change in our name from something confrontational that makes us sound like machine crackers to something that expresses what this group is about would make a radical positive change in our image. Now, what are the benefits of keeping the current name "cypherpunks"? Well, lets see Tim's list. >In a sense, Cypherpunks fill an important ecological niche by >being the outrageous side, the radical side...perhaps a bit like the role >the Black Panthers, Yippies, and Weather Underground played a generation >ago. None of whom accomplished any of their goals. You REALLY want to emulate them? I've been an occassional visitor to #9 Bleeker Street, where Dana Beal, last of the Yippies, holds court. He doesn't wash regularly, and he wonders occassionaly why no one takes his drug legalization crusade seriously. Hint: they are connected. We can't afford to lose this fight. This is a matter of life and death. Playing out fantasy games about being 1960s radicals is fine and well -- when you don't care about the outcome. We can't afford to lose, so we can't afford to emulate losing strategies. > And, frankly, my guess is that even most of Middle America will >feel somewhat more comfortable listening to a John Gilmore, for example, >than a Bill Gates-type nerd clone. People know honesty and sincerity when >they see it, and they know lawyers when they see them. It's been 25 years >since the hippie heyday, and most Americans have adjusted to varying >outward appearances. Well, I'm not proposing that John not be a spokesman -- most of our interaction with the media is happening electronically and not in person, and John is eloquent. But you are fooling yourself if you think people listen to Hippies over Suits. I'm speaking as a person who used to have long hair and worked exclusively in Tee-shirt and shorts. I feel more comfortable dressed that way -- but these days I wear a suit because thats what gets me paid. I'm also speaking as a person who's extensively looked at this question in connection with my activism in the Libertarian Party. The fact is this: over and over again, every scientific study thats been done (by lots of people), every anecdotal comparison I can make in things like why one LP candidate did well and another did poorly or why one local group soared while another failed, each one of them point to the same conclusion: that conclusion is, sadly, that you are completely wrong Tim, and that people judge by appearances, and that even the most down and out people in our society will take the word of a person who looks respectable over a person who doesn't. This includes hackers -- hackers will trust grungy looking people as soon as they have verified that they are fellow hackers, but watch what they do sometime when they drive by a hitchhiker as casually dressed as themselves. Take a sample of hackers, put them in a sociology lab, show them videotapes of people making statements who are dressed like hippies and dressed like bankers, and five will get you ten that they react just like the rest of the population. Influencing the public is not a guessing game any more -- its a science. People have done honest to god studies on this. I'll happily forward you references if you want. >We don't all have the same politics...some of us are >anarcho-capitalists, some are socialists (I hear), some are nonpolitical >(as near as I can tell), some decline to state, and some may off in their >own uncharted territory. But what we all seem to believe in common is that >no government has the right to force us to make tape recordings of all of >our conversations (to be placed in escrow, in case the government someday >needs to listen to them!), to tap our phones, to insist we speak in >government-approved non-coded language, and to use their "Wiretap Chips." Fine and dandy, but how does changing our name to "cryptoprivacy" harm any of this? >In any case, it's much too late to change the name now. No its not. Its perfectly easy. >And note tha the "Hackers Conference" has not changed _their_ name, >either, despite the negative publicity given the name. They aren't doing any lobbying. Their name doesn't matter. Their image makes no difference at all. Ours does. >As for respectablity, is our goal to be "co-opted" into the >Establishment? Tim, I'm an anarchist. Do you REALLY think I'm about to become co-opted by the establishment? Is it REALLY your belief that changing the name of the group to "cryptoprivacy" would turn me into a raving statist, foaming at the mouth about imposing regulatory control structures? >There are already several groups, as I've mentioned, made up of lawyers >and "respectable spokesmen" like Mitch Kapor and Mike Godwin (wherever he >is now). No one can log in to their groups -- we provide an essential service. I WANT the New York Times reporter reading this group, but I don't want him to think we are crackers or nuts. >But I don't plan to shave off my beard, cut my hair, start wearing suits, >or be "moderate and reasonable" in my arguments. Who asked you to? You aren't going on television, and moderating your ARGUMENTS is useless. I'm talking about appearances, nothing more. Our name is cheap and easy to change. It costs us little, and I'm not proposing we change anything else. Perry From baumbach at atmel.com Wed Apr 21 17:00:53 1993 From: baumbach at atmel.com (Peter Baumbach) Date: Wed, 21 Apr 93 17:00:53 PDT Subject: The Wiretap Chip and the reaction so far Message-ID: <9304212342.AA00841@minnow.chp.atmel.com> I have been suprised at how wide the knowledge of the Wiretap Chip has spread. (and how quickly!) My mom even heard about it before I could tell her. Most of the people I've talked to don't like the idea of the gov't having the keys. These people came to this conlusion on their own. The sources of their information might be biasing their view. :-) I heard a commentary on National Public Radio that was against it! Keep up the fight. It's not a loosing battle. There is also a bright side to this battle. Look at all the free publicity that privacy has gotten. Our gov't has given ground in the early rounds of the negotiation by stating there is a right to encryption. They want to completely control that right to encryption, and this we will fight and win. -----tactic I recommend telling people about the freedom and privacy gained in other countries by their use of PGP. Tell them that the secret police can no longer spy on their citizens as effectively. privacy == freedom no privacy == tyranny Peter Baumbach baumbach at atmel.com Boycott the KGB chip Boycott the IRS chip From Danny.Swerdloff at f246.n107.z1.ieee.org Wed Apr 21 19:05:15 1993 From: Danny.Swerdloff at f246.n107.z1.ieee.org (Danny Swerdloff) Date: Wed, 21 Apr 93 19:05:15 PDT Subject: John Draper Message-ID: <28187.2BD5FC66@nisc.ieee.org> Anyone know how I can contact John Draper ("Cap'n Crunch") Thanx... Danny -- =*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*= Danny Swerdloff - Internet: Danny.Swerdloff at f246.n107.z1.ieee.org From gnu Wed Apr 21 19:35:26 1993 From: gnu (John Gilmore) Date: Wed, 21 Apr 93 19:35:26 PDT Subject: Wired `Cypherpunk' issues will be available at the meeting Message-ID: <9304220235.AA23434@toad.com> I got a box of magazines and will be selling them at the cover price ($5) at the meeting. It's the May/June issue. The cover features three masked cypherpunks behind a flag; the whole crew appears on page 54. People who aren't coming to the meeting can get copies at their local bookstore, or call George Clark at Wired at +1 415 904 0660. If you want to subscribe (6 issues/year, $20), you can call +1 800 SO WIRED or send a check to Wired, 544 2nd St, SF, CA 94107. John From TO1SITTLER at APSICC.APS.EDU Wed Apr 21 19:49:43 1993 From: TO1SITTLER at APSICC.APS.EDU (TO1SITTLER at APSICC.APS.EDU) Date: Wed, 21 Apr 93 19:49:43 PDT Subject: Is this list still operational? Message-ID: <930421204720.302b@APSICC.APS.EDU> Ive been wondering if the list still exists. Ive seen very little traffic in the last few hours, and Im wondering if this mailing list is still around. Kragen From karn at qualcomm.com Wed Apr 21 19:58:00 1993 From: karn at qualcomm.com (Phil Karn) Date: Wed, 21 Apr 93 19:58:00 PDT Subject: The Family Key Message-ID: <9304220257.AA22606@servo> At 08:29 AM 4/21/93, Harry Shapiro wrote: >Thus, the NSA will be able to maintain an active traffic pattern >analysis of ALL communications sent via the Clipper chiped devices. > >I think in many ways that traffic watching can and does often reveal >more information about someone than at time listening in to what >is actually being said. I think this is an extremely important point. The US precedents regarding traffic analysis (e.g., telephone "pen registers") are very anti-privacy. I would not be at all surprised to see decisions saying that law enforcement could use the Chipper ID anyway they liked, without a warrant. Phil From tcmay at netcom.com Wed Apr 21 20:52:03 1993 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 21 Apr 93 20:52:03 PDT Subject: Duplicate messages--Sorry! Message-ID: <9304220352.AA07384@netcom.netcom.com> Multiple copies of my "Suits?" posting went out earlier today. I apologize profusely, as this was caused by my mailer software (and me), not by anything in the list software. Basically, my mailer program (Eudora, for the Mac) would choke part way through uploading a message...sometime numbers in the message, as in "Mondo xxxx" cause it to think data is about to be sent and it chokes. (Why it does it on some files and not others is a mystery to me. I'm investigating it further.) I fiddled with the files and tried again...I didn't think any of the files had actually gotten through until I sent a modified file through that just had "Mondo" instead of "Mondo xxxx" in it. (When the file transfer choked with an "SMTP Error," it left the file marked as unsent.) Anyway, very sorry! Deep apologies. -Tim From dstalder at gmuvax2.gmu.edu Wed Apr 21 21:23:00 1993 From: dstalder at gmuvax2.gmu.edu (Darren/Torin/Who ever...) Date: Wed, 21 Apr 93 21:23:00 PDT Subject: family key Message-ID: <9304220255.AA23546@gmuvax2.gmu.edu> Is it true that all LE agencies will have the family key to the wiretap chip? If not, can any LE angency obtain the family key with a search warrant/court order? I am putting the statements about traffic monitoring into my non-technical description of the problems with the wiretap chip proposal. Thanks, -- Defeat the Torin/Darren Stalder/Wolf __ Wiretap Chip Internet: dstalder at gmuvax2.gmu.edu \/ PGP2.x key available. Proposal! Bitnet: dstalder at gmuvax Finger me. Write me for Sprintnet: 1-703-845-1000 details. Snail: 10310 Main St., Suite 110/Fairfax, VA/22030/USA DISCLAIMER: A society where such disclaimers are needed is saddening. From fergp at sytex.com Wed Apr 21 22:05:29 1993 From: fergp at sytex.com (Paul Ferguson) Date: Wed, 21 Apr 93 22:05:29 PDT Subject: Problems Message-ID: I relaize that this is a bit off-topic, but I'm experiencing a problem that may be just a case of either user stupidity or Stacker. (Okay, hold the leers and jeers, my laptop has Stacker installed for a reason.) Trying to (-e) encrypt a textfile with someone's pubkey produces both "DOS general read errors" and "device not ready" errors. I suspect that PGP is using some direct BIOS calls for this, which bypass Stacker, however I haven't looked at the source code yet. (Silly me.) Every other function of PGP that I have utilized seems to work okay. After invoking PGP with the following parameters - PGP -e text.txt userid I get these errors. Also, after being bumped back out to the system prompt, any further requests to access the file system is greeted with the same errors. (Lucky me.) Anyway, after rebooting the system and fixing the file allocations errors (yes, usually two to three files created by PGP named filename.$01, filename.$02, etc. are classified by DOS as mis-allocated), everything is just peachy. Like I said before, all othere PGP functions (adding and validating keys, etc) work okay. I point the finger at Stacker, but I figured it might be worth my time to toss a message into the group for advice... Cheers. For what it's worth, I don't normally use Stacker for the same reasons that Steve Gibson forbids his employees to use any disk compression software -- the problems and possibilty for irreversible data loss greatly outweigh the silly need to compress. Paul Ferguson | Uncle Sam wants to read Network Integration Consultant | your e-mail... Centreville, Virginia USA | Just say "NO" to the Clipper fergp at sytex.com | Chip... From tcmay at netcom.com Wed Apr 21 22:26:12 1993 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 21 Apr 93 22:26:12 PDT Subject: Should we become "suits"? Message-ID: <9304220526.AA14476@netcom.netcom.com> Perry Metzger has written a clear summary of his position, which differs from mine. I won't restate my points, as both our positions are clear. (As disputes go, it's quite minor...if a good enough alternative to the name "Cypherpunks" were to be invented, one that still captured our "no-compromises" position, I would certainly listen with interest. But if something ain't provably broke....) I will answer a couple of Perry's specific points: >The problem is this: the name "Cypherpunks" makes us sound like people >who break into computers for fun or other such stuff. I was on the >phone with John Markoff of the New York Times a couple of days ago, >and I was unhappy that no one had yet changed the name of the group >because I frankly felt that I could not encourage him to subscribe -- >the results would be unpredictable. I encouraged him to read more >sci.crypt instead, which he has already been doing. I talked to Markoff at the Hackers Conference in October...he is already aware of Cypherpunks. He placed a call to me last week, before the Clippershit hit the fan, but I was out. His message to me in e-mail was that he wanted to check up on what the Cypherpunks were doing....so clearly he knows all about it. As it turned out, he talked to others. I can only assume Eric Hughes, who talked to him on Friday, filled him in on Cypherpunks doings...though by Friday the focus had of course shifted dramatically. I think Perry is overly worried about the reaction to our name. Neither Markoff, nor Levy, nor Kelly, nor Dibbell, nor Mandl has seemed disturbed by the name. And like I said, the name is interesting and acts as a kind of "Schelling point" (a natural gathering place) for the subculture of crypto rebels and privacy advocates. >I've been associated with radical political causes for a while. I've >found that in general, the radicals are their own worst enemy. People >are NOT happy about being lectured to by strange-acting people. I can only hope Perry is not referring to *me*! Perry comments on my mention of radical groups in the 60s: >None of whom accomplished any of their goals. You REALLY want to >emulate them? I've been an occassional visitor to #9 Bleeker Street, >where Dana Beal, last of the Yippies, holds court. He doesn't wash >regularly, and he wonders occassionaly why no one takes his drug >legalization crusade seriously. Hint: they are connected. I wasn't holding them up as moral beacons, just noting that various "niches" exist, in kind of a good cop/bad cop sort of way. Journalists like some "color" and will seek out those who'll provide it. Readers, too, seek some excitement. The "Crypto Rebels" title of Steven Levy's piece bespeaks volumes. (Frankly, I really like the name "Crypto Rebels"...I should note that some of the names we debated last fall were of this flavor, including "Crypto Liberation Front," "The Crypto Underground," and "Crypto Radicals." Even a whimsical "Cryptoids." I guess it's clear that the West Coast camp is somewhat more radical than Perry might like.) >We can't afford to lose this fight. This is a matter of life and >death. Playing out fantasy games about being 1960s radicals is fine >and well -- when you don't care about the outcome. We can't afford to >lose, so we can't afford to emulate losing strategies. Well, I think referring to our activities as "playing out fantasy games" is somewhat intemperate and misleading. Sounds like rhetorical excess to me. And implying that I, or the others in our group, don't care about the outcome is also misleading and, I think, unfair. I won't list our achievements as a group or as individuals, but I'll remind Perry that I was the one who correctly picked up on Denning's tone in her Computer Security Conference paper and posted the original alert to sci.crypt, the "A Trial Balloon to Ban Encryption?" posting. Last time I counted, there were more than a thousand replies--some good, some crap, some repetitive--to this thread. In my opinion, this helped prepare the readers of sci.crypt, comp.org.eff, Cypherpunks, and Extropians in the current situation. I'm hoping you were merely carried away by the exuberance of your rhetoric and do not really believe these charges. >..... But you are fooling yourself if you >think people listen to Hippies over Suits. I didn't argue this. I was arguing that Gilmore, Hughes, and others, are perfectly acceptable messengers to the journalists I know. If "suits" are available and are as articulate, fine. I don't see any around here, though! Sidenote: I hold to one other fairly debatable view: I don't think reaching Middle America, Mom and Pop, our neighbors, the Silent Majority, etc., is really all that important. The battle, such as it is happening, is taking place amongst a fairly small elite. Others believe that Joe Average needs to be sold on the virtues of crypto and privacy. Maybe so, but that's not a battle I see Cypherpunks fighting and winning. If this is really your point, that the Crypto Rebels/Cypherpunks approach will not be convincing to the folks in Peoria, then I basically *agree* with you. To reach them, you'll need Madison Avenue ad campaigns, Perot-style populism, and legions of smooth talkers hitting the talk shows and airwaves. Not something Cypherpunks have any intentions of doing, so far as I've heard. As I said in my first message, perhaps a large lobbying group is needed. The NRA is a useful model, but recall how long it had to get rolling before the assault on the Second Amendment started in earnest. In this battle, there are few lobbying groups, few sources of NRA-style publicity and funding, and the government has *already* struck. Remember, this is not a proposal, it's a done deal...our only hope now is to demolish it with withering criticism, with sabotage of trust in it, and with the rapid deployment of strong crypto alternatives. (I don't want to belabor the parallels with the NRA, for various reasons. Suffice it to say that with gun-owners, Americans had long owned and used guns and the right was included as the Second Amendment. The NRA thus had a running head start and had lots of sources of funding. The crypto situation is much newer, much more abstract, and only has a tiny handful of active users. Ironically, most of them are balking at paying *anything* to RSA Data Security to use convincingly strong crypto, so I don't see many folks shelling out even $25 a year for a subscription to "American Cryptographer" or whatever. However, I wish anyone who forms such a group the best luck. I'll certainly support them.) Back to Perry's points: >The fact is this: over and over again, every scientific study thats >been done (by lots of people), every anecdotal comparison I can make >in things like why one LP candidate did well and another did poorly or >why one local group soared while another failed, each one of them >point to the same conclusion: that conclusion is, sadly, that you are >completely wrong Tim, and that people judge by appearances, and that >even the most down and out people in our society will take the word of >a person who looks respectable over a person who doesn't. Yes, you've made this point clear a couple of times. Speaking about the existing groups I mentioned, Perry writes: >No one can log in to their groups -- we provide an essential service. >I WANT the New York Times reporter reading this group, but I don't >want him to think we are crackers or nuts. Well, while the list is open to all subscribers, it has never been intended, so far as I know, as a *resource service* for reporters! Perhaps it *should* be, but that's a much different sort of list than we now have. (For the Extropians who are reading this, it would be like making the Extropians list a resource for those trying to learn about the basics of libertarianism or whatnot, rather than a list for those "already clued in.") Several reporters have, at times, subscribed to the list, for brief periods of time. They were mostly "lurkers." A couple of times I got e-mail, as I suspect others did, asking me to clarify some point or send more information. This I did whenever possible. And with an open list, nothing can be done to censor or stop postings that make us seem "crackers or nuts," to use Perry's terms. That's just the way it is. The list is for crypto rebels and people fed up with crypto laws and regulations, not as an educational arena for outsiders. And not for sanitized discussions. People on the list want to talk about digital money, data havens, anonymous mail services, ways to subvert governments, and so on. They don't want to just have some unified front that is palatable to reporters. (If I'm wrong in this judgement, I hope others will give their views as well.) Your ideas may make sense, Perry, for *some* group. EFF and CPSR operate roughly in this way, with a paid staff of "reasonable" lawyers and spokespersons (the newsgroups, like comp.org.eff.talk, are another thing altogether...as wild and crazy as our list can be). But Cypherpunks does not seem to fit the bill. We're an anarchy, with no formal rules, no formal political agenda, and just a bunch of spontaneously ordered crypto rebels. (Personally, I hope EFF takes a leading role in the fight. They have recently been sidetracked into stuff about ISDN and away from core issues like privacy in the electronic frontier. They have the resources, lawyers, speakers, etc.) As always, I appreciated Perry's comments. Some are reasonable, some I disagree with strongly. Two hundred other Cypherpunks will probably have their own views. Enough for now. -Tim May -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, smashing of governments. Higher Power: 2^756839 | Public Key: MailSafe and PGP available. Waco Massacre + Big Brother Wiretap Chip = A Nazi Regime From mdiehl at triton.unm.edu Wed Apr 21 23:14:12 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Wed, 21 Apr 93 23:14:12 PDT Subject: Problems In-Reply-To: Message-ID: <9304220606.AA27912@triton.unm.edu> > I relaize that this is a bit off-topic, but I'm experiencing a problem > that may be just a case of either user stupidity or Stacker. (Okay, > hold the leers and jeers, my laptop has Stacker installed for a > reason.) I don't think this is off-topic. If it affects the way we use pgp, it is on topic. > Trying to (-e) encrypt a textfile with someone's pubkey produces both > "DOS general read errors" and "device not ready" errors. I suspect > that PGP is using some direct BIOS calls for this, which bypass > Stacker, however I haven't looked at the source code yet. (Silly me.) > Every other function of PGP that I have utilized seems to work okay. > After invoking PGP with the following parameters - I don't get an error when I do this, but when I do it from a batch file, I sometimes get a 0-length encrypted file. Seems related to your problem. > PGP -e text.txt userid Only I use pgp -we text.txt uid. +-----------------------+-----------------------------+---------+ | J. Michael Diehl ;-) | I thought I was wrong once. | PGP KEY | | | But, I was mistaken. |available| | +-----------------------------+---------+ | mdiehl at triton.unm.edu | "I'm just looking for the opportunity | | mike.diehl at fido.org | to be Politically Incorrect! | | (505) 299-2282 | | +-----------------------+---------------------------------------+ From tcmay at netcom.com Thu Apr 22 00:48:28 1993 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 22 Apr 93 00:48:28 PDT Subject: Explanation of Clipper Chip Name Message-ID: <9304220748.AA00962@netcom3.netcom.com> In the days before Xerox machines, one provided copies of correspondence to others by using sheets of carbon paper to make duplicates when typing. This is the origin of "cc" or "cc:" on memos and correspondence. Henceforth, "cc" refers to the automatic carbon copy provided by the "cc" chip, the Clipper Chip. BB (Big Brother) gets a CC of everything. (I know, it's a voice encryption standard, and it's voluntary, but a quick look at the "Capstone" chip reveals it's a complete crypto package, containing the DSS government signature standard, and lots of other stuff. The Wiretap Chip will be used for more than just voice, I'll be willing to bet.) -Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. From dstalder at gmuvax2.gmu.edu Thu Apr 22 00:54:38 1993 From: dstalder at gmuvax2.gmu.edu (Darren/Torin/Who ever...) Date: Thu, 22 Apr 93 00:54:38 PDT Subject: Non-Technical description of problems with wiretap chip Message-ID: <9304220755.AA00743@gmuvax2.gmu.edu> The WIRE-TAP Proposal: Problems with it. The White House sent out a press release on Friday 16 April about a voice encryption chip called the Clipper chip. This has come to be known as the Wiretap chip since it allows any Law Enforcement agency to automatically decrypt any conversations made with it with a search warrant. The LE presents said search warrant to two different escrow agencies to obtain the keys (80 bits long) that automatically decrypts your conversation. The Electronic Frontier Foundation (EFF) and the Computer Professionals for Social Responsibility (CPSR) have both criticized the proposal. There was even a negative article already in Network World (19 Apr 93). The paragraphs that follow are facts and problems I have collected by listening to other discuss the Wiretap chip. Say you wanted to encrypt your talk with someone over a phone. Well, since you and the person you want to talk to both have the Wiretap (Clipper) chip in your phones, you can automatically encrypt your conversation. All fine and good encryption for the consumer. Now, what if you come under investigation by the local constabulary? The get a court order and ask the escrow agencies (non-law enforcement types) for your key. They already have the family key since that is the same in each chip. They now have your specific key. With these two keys, they can decrypt all conversations that you have. This includes conversations that are not legal to wiretap such as attorney-client, doctor-patient and so on. They also have that key for any all future sessions that you use that phone for. Start to see the problem? This part is all legal... Search warrants are even exceedingly easy to get at times. There have been reports of the FBI get groups of 50 signed and blank search warrants from the DoJ. Now, there are other problems. Would you give the IRS keys to your house and filing cabinet as long as they promised that they would only use it under proper authorization? The key length of 80 bits is still considered cryptographically weak. The cryptographic algorithm is also being kept classified. This is not the usual practice. In the cryptographic community, algorithms are public. This way people can be assured there aren't any back doors and that the algorithm can stand on its own strengths, not that of secrecy. It is clear from the description that the plan for key registration would be compromised if the algorithm was made public; anyone could make chips or software that implemented it, using their own keys. These keys, of course, would not be registered. It is not that difficult to reverse engineer a chip these days. It may also be true that the algorithm itself is too weak to be shown to the public. This was true of a digital cellular encryption standard (IS-54B). It is not available to the public and is incredibly weak. Finally, some of the implications behind this announcements are dire. The Wiretap chip could become the market or legislative standard. This could mean that other implementations of cryptographic voice transactions would be very difficult to obtain or would be illegal to obtain. Why would a criminal use the Wiretap chip when they knew it wouldn't encrypt their conversations against the LE agencies? They wouldn't, they would use other encryption technologies. Would this mean that using something other than the Wiretap chip is probable cause and puts you under suspicion? The way the encryption works also allows for ludicrously easy call-tracing. Each chip has a serial number that is transmitted with each message. That serial number is encrypted with the "Family" key. This key is the *same* for every chip. You gain that key and you can track when and for how long any person or groups of people calls *anyone* else. (Easy to do, since any LE agency can gain the 'family' key with a search warrant. It would leak easily into other hands.) One last fishy thing is that AT&T has already (on the same day) announced phones with this chip. This implies (means?) that AT&T has known about this chip for a while. They seem to be more concerned about getting a jump on the competition than producing a product that will actually give their users real security. 'Course, there is the question of collusion between the governement and industry. Only two companies will be allowed to manufacture the chip, VLSI and Mykotronix. Jeff Hendy, director of new product marketing for VLSI, says his company expects to make $50 million of the chip in the next 3 years. (This from the San Jose Mercury News.) Permission is granted to distribute this document to whomsoever you should desire. You may change it only if you send me the changes. Think Free, -- Defeat the Torin/Darren Stalder/Wolf __ Wiretap Chip Internet: dstalder at gmuvax2.gmu.edu \/ PGP2.x key available. Proposal! Bitnet: dstalder at gmuvax Finger me. Write me for Sprintnet: details. Snail: 10310 Main St., Suite 110/Fairfax, VA/22030/USA DISCLAIMER: A society where such disclaimers are needed is saddening. From gg at well.sf.ca.us Thu Apr 22 01:04:35 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Thu, 22 Apr 93 01:04:35 PDT Subject: Intergraph employee claims trademark violation Message-ID: <199304220802.AA20104@well.sf.ca.us> Most interesting about Intergraph! Someone look into this one QUICK and if there are any attorneys reading this, could you help Intergraph go after whoever might be violating their trademark... in particular AT&T...? -gg From tcmay at netcom.com Thu Apr 22 01:31:16 1993 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 22 Apr 93 01:31:16 PDT Subject: A Volunteer in a Suit Has Appeared! Message-ID: <9304220831.AA26386@netcom.netcom.com> I am pleased to announce that the Search Committee has found an Executive Director for the newly renamed "Privacy Institute." He will serve as both manager and as external spokesman for the Institute. We searched for a respectable person, preferably middle-aged, who knew how to communicate with bureaucrats and was prepared to relocate to the Washington, D.C. area to act as our official lobbyist (the matter of his compensation will be dealt with in a later memo, one which also explains our dues structure. membership grades, and official bylaws). Our candidate is an active poster in sci.crypt, is well-known to the Net, and yet has strong connections with the Washington bureaucracy. We feel he will do much to project a more proper, even anal, image of our group. We hope his appointment as Executive Director, The Privacy Institute, will go a long way toward improving the image we developed during our first phase of existence when we were known by the c-word name. Our new Director intends to immediately correct many of the wrongs he sees. Without further ado, here is his name: David Sternlight I hope you'll all join me in welcoming Sternie, or Sterno, as his friends call him, to the Privacy Institute. -Tim May, Recording Secretary, The Privacy Institute ("Don't call us Cypherpunks!") (The preceeding spoof was brought to you as a public service.) From gg at well.sf.ca.us Thu Apr 22 02:07:59 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Thu, 22 Apr 93 02:07:59 PDT Subject: Making Clippers More Secure Message-ID: <199304220907.AA26844@well.sf.ca.us> As for me, I still think software-based steganography is the answer. If you can't detect it, you can't prosecute. For instance, how many people do you think are fired from their jobs for LSD on their drug tests...? Far fewer than do LSD, according to people I know in Silicon Valley who say that certain mil subcontractors are infested with acid-taking Deadheads; because LSD dissapears from the bloodstream a couple of days after you take it. From fergp at sytex.com Thu Apr 22 07:18:55 1993 From: fergp at sytex.com (Paul Ferguson) Date: Thu, 22 Apr 93 07:18:55 PDT Subject: Crypto Activism and Respectability Message-ID: Let'em all eat cake. On Wed, 21 Apr 93 14:46:55 -0700, Timothy C. May wrote - TM> Crypto Activism and Respectability, or, Should We Become TM> "Suits"? In a word: No. The name is fine (Cypherpunks), and the attitude is great. There are plenty of us who do wear ties on a daily basis and have our hearts in the right place. ;-) Thanks for the sanity check. You've got my support. Now if we can "Win the hearts and minds" of the public and change the venue of our own Stalinistic government... BTW, who (off-hand) knows the fax number of the G. Gordon Liddy show at WJFK in Washington? I have this fax I need for him to see .... Cheers. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.2 mQCNAiuk0/8AAAEEALqlLc+x9lmgiJCRSpu/aPhQdi0hMjwiGlN2B/GJQqgZPhTb pR+u5/blGogqT+WwcXZ2XfEdIV19FrJY4BXGGn4+4TjdVN3XuuCHuueoygBAmOQD IloU6SJuDqJa0kFA5X/i/1ELn86I5+8A4Hx88FiYJIVUBR6SApRLcZSdHMBNAAUR tB9QYXVsIEZlcmd1c29uIDxmZXJncEBzeXRleC5jb20+ =0Kua -----END PGP PUBLIC KEY BLOCK----- Paul Ferguson | Uncle Sam wants to read Network Integration Consultant | your e-mail... Centreville, Virginia USA | Just say "NO" to the Clipper fergp at sytex.com | Chip... From grady at netcom.com Thu Apr 22 07:21:37 1993 From: grady at netcom.com (1016/2EF221) Date: Thu, 22 Apr 93 07:21:37 PDT Subject: name change? Message-ID: <9304221421.AA10279@netcom.netcom.com> I vote we change our name to the "CryptOrchids." Many people like flowers and lots of people don't care for dangling gobbets of flesh. ObCrypt: Leonard Rosenthal of Aladdin Systems, Inc. confirms that the previously strong DES family encryption option has been replaced in Stuffit 3.0 with a system that has been 'approved' for export. However, Leonard asks me not to call it a 'weak XOR' system because he says no one has broken it yet. ObCrypt Prime: I am testing the IDEA block cipher implementations and needs some golden test vectors. I've looked through the postscript IDEA chapter but the single example gives me zero degrees of freedom. I'll contact the inventor if necessary but since we are paying him money for use of his invention, I'd like to offload this from him. Anybody got vectors? (No disease vectors, please). From hughes at soda.berkeley.edu Thu Apr 22 07:36:31 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Thu, 22 Apr 93 07:36:31 PDT Subject: ADMIN: delayed mail yesterday Message-ID: <9304221433.AA19686@soda.berkeley.edu> Some of you may have worried that the list was down to due government interference yesterday. The truth is much more prosaic. toad.com, where the mailing list resides, is on the commercial side of the Appropriate use barrier. In order to send to NSFNET hosts, all the traffic must pass through uunet. The default mail router that toad uses, relay2.uu.net, was munged for mail yesterday. All the queue has been flushed out at this point. Thanks to Hugh Daniel and John Gilmore for figuring this out. Eric From hughes at soda.berkeley.edu Thu Apr 22 08:00:04 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Thu, 22 Apr 93 08:00:04 PDT Subject: Automation package. In-Reply-To: <9304172100.AA00859@triton.unm.edu> Message-ID: <9304221456.AA21041@soda.berkeley.edu> I may have already answered your letter about telix scripts, etc., so pardon me if this is a duplicate. The pgp developers maintain a collection of utilities that integrate pgp into various other pieces of software. You should send your stuff to Phil Z. and he'll forward it to the right people. It may be added to the contrib directory of the next release. Eric From hughes at soda.berkeley.edu Thu Apr 22 08:14:26 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Thu, 22 Apr 93 08:14:26 PDT Subject: CLIP: Legal Aspects In-Reply-To: <23041800272877@vms2.macc.wisc.edu> Message-ID: <9304221511.AA21674@soda.berkeley.edu> > With regard to the fear that the issuance of your 'Klinton Key' >will allow your favorite TLA to decrypt all conversations taped >previous to the issuance of the warrant granting the key, there >is precedence that disallows it. [citations deleted] It is true that evidence from an illegal wiretap cannot be used as evidence in court; this is called the Exclusionary Rule. While the ER has been weakened in the last decade, it still basically holds. Unfortunately, that is not where the main threat lies. Exploratory wiretaps, illegally made and whose evidence is not directly admissible, provide information that may lead investigators to other information. This secondary information _is_ admissible. It would be a wonderful if the ER were strengthened so that all evidence which resulted from an illegal search _and all of its subsidiaries_ were conidered tainted. That battle, however, is a much longer one to fight. Even in that situation, though, the defense would have to prove that an unauthorized wiretap took place. Eric From steve at oc3s-emh1.army.mil Thu Apr 22 08:24:01 1993 From: steve at oc3s-emh1.army.mil (Steve Greenberg) Date: Thu, 22 Apr 93 08:24:01 PDT Subject: SUBSCRIBE steve@oc3s-emh1.army.mil Message-ID: <9304221523.AA04591@toad.com> SUBSCRIBE steve at oc3s-emh1.army.mil From hughes at soda.berkeley.edu Thu Apr 22 08:26:31 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Thu, 22 Apr 93 08:26:31 PDT Subject: Thoughts on the proposal In-Reply-To: <9304180722.AA01178@unix.ka9q.ampr.org> Message-ID: <9304221523.AA22213@soda.berkeley.edu> >It is entirely possible that Clinton, if he understands anything at >all about this proposal, sincerely thinks that he's helping the cause >of personal privacy. Consider that his entire education on the >subject of cryptography probably consisted of a 5 minute briefing [rest elided] Phil points out indirectly in this post one of the very clever tactics used by the PR people on the wiretap side: They presented strong hardware cryptography and the backdoor as inextricably linked. I've gone through some of the press coverage on the chip from last weekend and their argument basically goes like this: "This is stronger than most cryptography currently existing. And it also lets us spy on the BAD people!" Now the first claim is true and irrelevant, since most stuff is not encrypted. And the second claim is presented without mentioning that you can make strong crypto without backdoors. Therefore, one educational goal must be that strong cryptography is possible in hardware which doesn't have backdoors. For press coverage, the announcement of a new hardware device with longer keys and no backdoor could point out this difference and could get press coverage by explicitly denying the gov't claims. I would suggest a triple-keyed DES chip would satisfy this nicely and be very quick to engineer. Eric From hughes at soda.berkeley.edu Thu Apr 22 08:44:29 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Thu, 22 Apr 93 08:44:29 PDT Subject: WIRETAP: boycotts In-Reply-To: Message-ID: <9304221541.AA23538@soda.berkeley.edu> >Also for consideration: boycott AT&T and all other companies making >phones with the wiretap chip, and let the phone makers know about >the boycott early and often. Boycotting AT&T overall isn't going to do much economic harm, since the number of anti-wiretap chips is small in comparison to the number of long-distance companies. If you want to hurt them, get them where it counts. 1. The AT&T wiretap phone is designed by a division in Greensboro. Find out everything that this specific division makes. 2. Take this list and in the second column write down all the products which directly compete with those in the first column; these are the alternatives. 3. Get Communication Week to give (or sell) you a mailing list of their subscribers; these folks are already qualified purchasers of telecom equipment. 4. Send and educational mailing to this list, explaining that if they support AT&T in wiretapping, that soon they'll be screwed themselves. Include the list of AT&T products and alternatives and urge people to voice their frustration by buying from someone else. They might also want to send in the sample protest letter you've included. Now this strategy has a few characteristics I'd like to point out. First, if no one buys wiretap chips, the wiretap chip doesn't gain market share, a very important point where compatibility creates positive feedback loops in the market. Second, it's selective in it's targets; the model here is to target one division. When sales actually suffer, there is the possibility of getting the division manager fired for taking an action not in the best interest of the company. A shareholder lawsuit might also help here. If you can bring down wrath on one manager's head, you will deter others from following the same strategy. Third, since this is such a charged issue, you might be able to get donated mailing lists, ad agency consults (Jerry Mander comes to mind), etc. free or cheap. At the very least, such a campaign doesn't cost a lot (on corporate terms) to do entirely commercially; CPSR and/or EFF could mount it. As a second round, target the PBX division of AT&T, since that's where the next round of chip deployments are. Eric From dmandl at lehman.com Thu Apr 22 08:46:54 1993 From: dmandl at lehman.com (David Mandl) Date: Thu, 22 Apr 93 08:46:54 PDT Subject: Should we become "suits"? Message-ID: <9304221546.AA17697@tardis.shearson.com> 1) God bless Tim May. I am in complete agreement with his response to Perry Metzger re his name change proposal (shouldn't be a surprise, as I believe I was the first one to express my horror at it). 2) The time I can devote here at work to this sort of thing is very limited. If I had more time, I'd send a much more in-depth response to Perry's proposal; I don't, so this will have to be shorter and pithier than I'd like. Perry says: > No one said anything about becoming "suits", Tim. I think you did, even if it was indirectly. > The problem is this: the name "Cypherpunks" makes us sound like people > who break into computers for fun or other such stuff. I was on the > phone with John Markoff of the New York Times a couple of days ago, > and I was unhappy that no one had yet changed the name of the group > because I frankly felt that I could not encourage him to subscribe -- > the results would be unpredictable. I encouraged him to read more > sci.crypt instead, which he has already been doing. I don't have the same problem you do with people who "break into computers," though I wouldn't do it. Nevertheless, the cypherpunks as a group never advocate, and rarely even discuss, cracking. I couldn't care less what journalists think, especially journalists from the New York Times. If someone makes an inference like that (the sort of distortion or basic cluelessness I wouldn't be surprised to see in the NYT), he's a bad journalist, and that's his problem. And what does our name have to do with "the results" of subscribing to the group? I take it you're referring to the content of our discussions, which wouldn't change along with our name--unless you're also suggesting that we should tone down our more inflammatory rhetoric (and I think it's a short step from the name change to that anyway). > I've been associated with radical political causes for a while. I've > found that in general, the radicals are their own worst enemy. People > are NOT happy about being lectured to by strange-acting people. So don't lecture them. I don't lecture people. I think people are open- minded about reasonable-sounding ideas if they make sense and are explained in a reasonable way. > Bill Winter of the Libertarian Party of New Hampshire was their > chairman over the period in which the LPNH went from four members of > the state party to actually becoming a force in New Hampshire > politics. New Hampshire is the *only* LP outpost to make any > significant electoral inroads, *anywhere*. He once told me this: you > can get people to accept strange sounding ideas when promulgated by > normal looking people. You can get them to accept normal-sounding > ideas when promulgated by strange looking people. You can't get them > to accept strange ideas when promulgated by strange people. Big deal. If they became a wing of the Democratic Party they'd have even more supporters. The electoral system is a scam, and the LP is deluding itself by getting involved in it. (Ancient anarchist wisdom: "If voting could change anything, it would be illegal.") I won't get any deeper into this, because it's getting way off the subject. > The simple change in our name from something confrontational that > makes us sound like machine crackers to something that expresses what > this group is about would make a radical positive change in our image. > > Now, what are the benefits of keeping the current name "cypherpunks"? > > Well, lets see Tim's list. > > >In a sense, Cypherpunks fill an important ecological niche by > >being the outrageous side, the radical side...perhaps a bit like the role > >the Black Panthers, Yippies, and Weather Underground played a generation > >ago. > > None of whom accomplished any of their goals. You REALLY want to Do you really think the Black Panthers would have accomplished more if they wore suits? Ever hear of Cointelpro? The murder of Fred Hampton? In fact, the Panthers were much more reasonable than John Q. Public thought they were. There was a massive propaganda campaign from the government and the straight press to appeal to white America's basic racism and make the Panthers look like some crazed niggers who wanted to kill whitey and rape his daughter. It would have been the same thing no matter what. I've got news for you: if we do change our name, and the FBI is pissed enough, they'll call us crackers and cypherpunks anyway. There are millions of precedents for this. > emulate them? I've been an occassional visitor to #9 Bleeker Street, > where Dana Beal, last of the Yippies, holds court. He doesn't wash > regularly, and he wonders occassionaly why no one takes his drug > legalization crusade seriously. Hint: they are connected. I know Dana. People don't take him seriously because he's a jerk. > I WANT the New York Times reporter reading this group, but I don't > want him to think we are crackers or nuts. How can the name we use influence his opinion of us more than the 50 messages a day posted to the group? I don't have time to respond to the rest of Perry's message; there's just too much to say. But I repeat: there are more "respectable" groups involved, like the EFF and CPSR, so you're free to work with them when talking to the media. Perry, I have very strong differences with your views of how the media and the "spectacle" work, and I can't do justice to the subject given this limited space and time; it's also not directly relevant to cypherpunks business. For anyone wanting a more modern take on how the media works today, I humbly suggest you read the situationists, who addressed all these issues twenty-five years ago, or Jerry Mander's great book "Four Arguments for the Elimination of Television." --Dave. From uri at watson.ibm.com Thu Apr 22 09:30:02 1993 From: uri at watson.ibm.com (uri at watson.ibm.com) Date: Thu, 22 Apr 93 09:30:02 PDT Subject: more details from Denning In-Reply-To: <9304211652.AA24148@megalon.YP.acad> Message-ID: <9304221629.AA14269@buoy.watson.ibm.com> Jim Warren says: > And, a coupla tidbits about Dorothy: I have known her for several years, > worked closely with her on creating the first Computers, Freedom & Privacy > conference in 1991, have absolutely the *highest* regard for her integrity, > honesty and candor -- and absolutely trust what she says ... > about a subject on which we may disagree. > Dorothy Denning is an honorable person with great personal integrity, and ^^^^^^^^^^^^^^^^ ^^^^^ ^^^^^^^^^ I don't see it from her actions. > I urge that she be treated as such -- even in disagreement. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ no objective reasons, your words only. I disagree with your conclusions and believe, that your high esteem of her is rather subjective. But this is way off the topic of this list. Now: > No single person or authority should have the power to > authorize wiretaps > No single person does, at least for FBI taps. After completing a mound > of paperwork, an agent must get the approval of several people on a chain > that includes FBI legal counsel before the request is even taken to the > Attorney General for final approval. > Dorothy Denning Don't you just love that "must get approval"... Fine, but what if that agent just happens to have a key or two left over from previous tap? And another one is willing to trade him the key he wants now, for one of those other ones? How on Earth is this going to be detected? Once the key (Unit Key) is released - there's no force in the Universe to make it un-released again! From now on, everything encrypted with this chip is essentially clear - AND THIS WILL ENDANGER EVERYBODY TALKING TO THIS CHIP, no matter whether YOU have YOUR key "released" or not... Besides, isn't the described "authorized" tapping procedure the same good old one in use today? How come it doesn't stop illegal wiretaps? [I guess, people break laws?! :-] -- Regards, Uri uri at watson.ibm.com scifi!angmar!uri N2RIU ----------- >From cypherpunks-request Thu Apr 22 11:57:15 1993 From hughes at soda.berkeley.edu Thu Apr 22 09:38:52 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Thu, 22 Apr 93 09:38:52 PDT Subject: Status of Voice Encryption with PC/Mac? In-Reply-To: <9304182217.AA114200@acs.bu.edu> Message-ID: <9304221635.AA28138@soda.berkeley.edu> >I keep hearing about voice scrambling technology in conjunction >with high speed modems and soundblaster cards.... Paul Rubin is going to demonstrate some of the voice coders he's been working on at the meeting Saturday, hardware willing. As far as soundblaster cards, I would recommend instead something like a bigmouth board, which already has the phone line access and handset on it. Secure phones will be a large topic Saturday, since that's where the first deployment of the wiretap chip will be. Eric From falcor at agora.rain.com Thu Apr 22 09:43:28 1993 From: falcor at agora.rain.com (Andy Burt) Date: Thu, 22 Apr 93 09:43:28 PDT Subject: ADD falcor@agora.rain.com Message-ID: Or, if this is human-maintained, please add falcor at agora.rain.com to your mailing list! (cypherpunks) Thanks! -- ------------------------------------------------------------------------------ // Falcor, aka // InterNet: falcor at agora.rain.com // If you're bored, // // Andy Burt // FidoNet: 1:105/354.0 // you must not be // // // // paying attention // ------------------------------------------------------------------------------ From hughes at soda.berkeley.edu Thu Apr 22 10:04:16 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Thu, 22 Apr 93 10:04:16 PDT Subject: non-cypher related question on audio analysis In-Reply-To: <9304192234.AA26763@boxer.nas.nasa.gov> Message-ID: <9304221700.AA00422@soda.berkeley.edu> >Anyone got pointers to decoding audio tones? An intro book, source >code, newsgroup, mailing list, somebody I can take to lunch? I'd like >to sample audio with my SGI, and suck out various simple tones and >combinations of tones. (DTMF, single pitch variant tones, etc.) I've got a good book on DSP by Rabiner and Gold. There are a few DSP newsgroups where the local experts hang out. Also the modem design groups. After you know something, remember this: The FIR filter is the same mathematically as a FFT, multiplication by a filter window function, and an inverse FFT. As I recall, you can process multiple FIR's in parallel. All the DSP manufacturers come with lots of example source code for standard filters (FFT, FIR, IIR, etc.). Eric From wln at ground.cs.columbia.edu Thu Apr 22 10:10:45 1993 From: wln at ground.cs.columbia.edu (William Lee Nussbaum) Date: Thu, 22 Apr 93 10:10:45 PDT Subject: DC Meeting this weekend? Message-ID: <199304221710.AA14284@ground.cs.columbia.edu> Hello, all... If there is going to be a DC meeting this weekend, please try to determine by this evening what it will be... I won't have mail access after about 9am tomorrow until the end of the weekend, and I will be in DC (Although, since I'm traveling with others, I don't know whether I'll be able to make it even if I do know, but if I have some sort of contact information, that can be worked out in other ways.) Please excuse the pushiness, just trying to get a hectic couple of weeks organized... - Lee From fergp at sytex.com Thu Apr 22 10:18:26 1993 From: fergp at sytex.com (Paul Ferguson) Date: Thu, 22 Apr 93 10:18:26 PDT Subject: Fowarded messages from RISKS Message-ID: Greets. These two forwarded message are from the RISKS Forum (14.51). I thought some of you folks might be interested. (Padgett Peterson is a fellow assembler buff who is better known on comp.virus.) ---- Forwded Messages -------------------------- Date: Mon, 19 Apr 93 9:21:53 EDT [RISKS-14.51] From: Clipper Chip Announcement Organization: FIRST, The Forum of Incident Response & Security Teams Subject: Slide presented at White House briefing on Clipper Chip Note: The following material was handed out a press briefing on the Clipper Chip on 4/16. Chip Operation Microchip User's Message +----------------------+ ------------------> | | 1. Message encrypted | Encryption Algorithm | with user's key | | | Serial # | 2. User's key encrypted | |--> with chip unique key | Chip Unique Key | User's Encryption | | 3. Serial # encrypted Key | Chip Family Key | with chip family key ------------------> | | | | +----------------------+ For Law Enforcement to Read a Suspect's Message 1. Need to obtain court authorized warrant to tap the suspect's telephone. 2. Record encrypted message 3. Use chip family key to decrypt chip serial number 4. Take this serial number *and* court order to custodians of disks A and B 5. Add the A and B components for that serial number = the chip unique key for the suspect user 6. Use this key to decrypt the user's message key for this recorded message 7. Finally, use this message key to decrypt the recorded message. - ------------------------------ Date: Sat, 17 Apr 93 09:12:57 -0400 [RISKS-14.51] From: padgett at tccslr.dnet.mmc.com (A. Padgett Peterson) Subject: "Clipper Chip" I suppose we should have expected something after all of the sound and fury of the last few years. The announcement does not really give enough information though. My first thought involves conventional compromise: what happens if the keys are captured through theft *and you know about it* - how difficult is it to change the keys ? What do you do between the time the loss is detected and the time a new key set is approved. How difficult is it to program the chip or do you need a new one ? (and if the chip can be reprogrammed, how do you prevent covert changes that will not be discovered until authorization to tap is received and the agency finds out that it cannot ?). Potentially this must occur every time a trusted employee leaves. For some time, I have been playing with dynamic access cards ("tokens") as seeds for full session encryption rather than just for password devices. Since the encryption requires three parts (PIN, challenge, and token) which are only physically together at the secure system, and since only the challenge passes on the net, and since once encryption starts you have not only provided protection to the session, you have also authenticated both ends simultaneously (by the fact that you can communicate), it seems ideal. *And everything necessary already exists*. >From several US companies. It just has not been put together as a commercial product (FUD at work 8*(. Since key generation is on-the-fly at the onset of the session, obviously what the gov needs is not the key but the "key to the key" (of course computers, even a PC, are really good at this. The real question is "Why a new chip ?" The technology to do this has been around for years and several DES chips are available commercially today. The BCC laptop (I like Beaver better 8*) 007 provides this internally today with (I believe) the LSI-Logic chip and Enigma-Logic's PC-SAFE (plugs) does the same with software alone. As indicated in the announcement, financial institutions have been using encrypted transmissions for years without any great outcry. IMHO the real hold-up has been $$$ - cheap error-correcting modem technology to prevent synch losses rather than a lack of good crypto algorithms. Today this is a done deal (actually we have known how to keep in synch since the sixties but you couldn't buy 56kb for under $300.00 at BizMart - now part of K-Mart ! - then). True, there are a lot of questions yet to be answered, but again IMHO most center on the exception cases and not the encryption technology itself. Padgett ---- End Forwarded Messages -------------------------- Cheers. Paul Ferguson | Uncle Sam wants to read Network Integration Consultant | your e-mail... Centreville, Virginia USA | Just say "NO" to the Clipper fergp at sytex.com | Chip... From fergp at sytex.com Thu Apr 22 10:20:54 1993 From: fergp at sytex.com (Paul Ferguson) Date: Thu, 22 Apr 93 10:20:54 PDT Subject: Answers revealed! Film at Eleven! Message-ID: To make a long story short, don't try to (-e) encrypt anything with PGP on a STACKERed drive -- it ain't gonna work. When I got in this morning, I proved this point by encrypting without nary a problem on a non-compressed drive. The proof is in the pudding, so to speak. Cheers. (BTW, Kelly -- the second message that you sent is still crippled. What are you doing? Software (PGP) development? ;-) Paul Ferguson | Uncle Sam wants to read Network Integration Consultant | your e-mail... Centreville, Virginia USA | Just say "NO" to the Clipper fergp at sytex.com | Chip... From hughes at soda.berkeley.edu Thu Apr 22 10:30:37 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Thu, 22 Apr 93 10:30:37 PDT Subject: ADMIN: Should we become "suits"? In-Reply-To: <9304221546.AA17697@tardis.shearson.com> Message-ID: <9304221727.AA03341@soda.berkeley.edu> David Mandl writes: >2) The time I can devote here at work to this sort of thing is very limited. This is true for all of us right now. This topic is a time waster. As list maintainer and thus occasional bringer of order, I declare this topic off limits for two weeks. Don't talk about it on the list; if you've got a gripe about this, mail me directly. As for John Markoff, the New York Times reporter, he was put on the list last September or October and was on until last month. A special note for Perry: If you don't like the name, you are free to do whatever you want, as you have said yourself in other forums. You are in particular free to start your own mailing list called cryptoprivacy. _Verbum sapienti satis est_. Eric From ld231782 at longs.lance.colostate.edu Thu Apr 22 11:21:52 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Thu, 22 Apr 93 11:21:52 PDT Subject: cypherpunks vs. nambypambypunks and cyphercranks In-Reply-To: <9304212343.AA29698@snark.shearson.com> Message-ID: <9304221821.AA12903@longs.lance.colostate.edu> (For this I move out of my vitriol vein, to dish out something non-overly-`stinging' even though it *could* be deadly.) P. Metzger: >We can't afford to lose this fight. This is a matter of life and >death. Playing out fantasy games about being 1960s radicals is fine >and well -- when you don't care about the outcome. We can't afford to >lose, so we can't afford to emulate losing strategies. Mr. Metzger, surely you realize you can call yourself anything you like in the mainstream media. However, I was attracted to this list precisely because of the name, find it highly descriptive and apropos, and I think trying to change it is counterproductive, superfluous, and highly disillusioning, and am becoming increasingly annoyed with attempts to do so. I will proudly wear the banner of `cypherpunk' even if it becomes an epithet. You seem to take it as given that `punk' has negative connotations, but I assure you that it has a distinct ingredient of allure in the public consciousness. Less colorful terms would only provoke blandness and sabotage the vigor of our cause. Young leaders of the American Revolution would aptly be deemed ``punks'' by the robe-cladded wig-wearing British establishment, had the term been around... Nathan ``Give Me Liberty or Give Me Death'' Hale was quite a punk... The list is private. People can choose to present themselves in public any way they like. If they prefer to say that they belong to the "cryptoprivacy group," fine. But I believe you are deliberately ignoring the fundamental underlying personalities of people who are members of the list in your irritating, noisy, and desperate advocation to change the name. In fact, this agenda seems to me very much like someone trying to impose leadership on anarchy. Join EFF or CPSR; they seem to think like you do. ``Obviously, to partake in a revolution, one must, by definitition, at the very minimum, be nonconforming with and disrespectful of the status quo.'' From AOLCHTNN at vax1.tcd.ie Thu Apr 22 11:23:15 1993 From: AOLCHTNN at vax1.tcd.ie (AOLCHTNN at vax1.tcd.ie) Date: Thu, 22 Apr 93 11:23:15 PDT Subject: life, universe, everything Message-ID: <01GXBKLI1Q1C000HXH@vax1.tcd.ie> I got your address in mondo8. I need information on encryption software. Unfortunately, external telnets have been impossible for some time now, so I can't look for it through the usual channels. Thanks in advance. AOL From elee9sf at Menudo.UH.EDU Thu Apr 22 11:26:30 1993 From: elee9sf at Menudo.UH.EDU (elee9sf at Menudo.UH.EDU) Date: Thu, 22 Apr 93 11:26:30 PDT Subject: "Cypherpunks Write Code" Message-ID: <199304221826.AA25404@Menudo.UH.EDU> Derek writes: > > Since I'd like to be part of the cypherdelic revolution, > what code needs writing? I agree that the PC/modem Heh, lots of stuff could be done: 1) Hack around with the anonymous remailers. Eric mentioned he is working on a "second generation" remailer which allows users to specify cut marks, etc. I've been fooling with one that caches all incoming messages in a directory, and then at midnight (by using the at command) mails/routes each messages on its way. Still got problems with it, though... 2) DC Nets. Yanek Martinson is working on a DC Net implementation using email. A TCP/IP version would be nice! 3) CELP. Don't know much about this other that porting it and hand coding parts in assembly for speed would be welcome. Then, we could have our own encrypted conversations. 4) Digital Bank. A full-blown implementation (RSA encryption and decryption, blinded messages, etc). I have written a scaled down digital bank which provides privacy and security by using random cash and random account numbers, and does not correlate account numbers with usernames. It's written in the Korn shell, and I plan many improvements once the semester is over (rewrite in PERL for one...) But my bank does not implement Chaum's digicash scheme, and that would be best. 5) Once that is done, we can experiment with a "cash accepting" remailer - one that will only remail if valid digicash is included in the header, or whatever. Then, such a system may be expanded to do anonymous or pseudonymous usenet posting, which may be an acceptible (to folks who are vehemently against anonymous posting, etc.) solution to helping prevent abuse by such services. 6) Steganography, hiding code in other documents. For example, hiding each bit of a message (encrypted or not) in the low order bits of an image, gif, tiff, whatever. I've played around with the tiff format and will try to use Sam Lieffler's (sp?) tiff package to help out. Writing a program that will automatically embed a message in a picture and read a message out will be useful. ("hey everyone, be sure to get the denning.gif from alt.binaries.pictures.misc and read my comments about the clipper chip!") 7) Misc stuff. Check out the scripts which help in the use of the anonymous remailers - they are for UNIX and DOS. Amiga, Mac, etc. versions needed. 8) Take your favorite unix utility (mail for example) or whatever and add encryption automatically. Sure, using it on a multi-user systems may not be the best thing to do, but the code, techniques, and solutions would be of value and would aid others. 9) probably lots of other stuff that would be nice... /-----------------------------------\ | Karl L. Barrus | | elee9sf at menudo.uh.edu | <- preferred address | barrus at tree.egr.uh.edu (NeXTMail) | \-----------------------------------/ From root at pleiku.netcom.com Thu Apr 22 11:29:32 1993 From: root at pleiku.netcom.com ($HOME/.sig) Date: Thu, 22 Apr 93 11:29:32 PDT Subject: ANON SITES: Message-ID: <9304221829.AA05811@netcomsv.netcom.com> The present plan prosed by John Gilmore is good 3-4 U.S. Sites willing to risk litigation and counter-litigation. And I have a another sort of plan that still really requires an out of country A-server(anonymous posting server). A number of PGP-related services may be set up behind such a screen. Having PGP encryption in the style of PAX would be crucial to maintain the anonymity of such services. #1. Michael Grafs PGP Key-Server #2. Anonymous Digital "face" banks(ala Chaum) #3. Gray Market Exchange #4. Encrypted Anonymous Mailing Lists(Example: Dark Technology) #5. Data Havens. #6. alt.whistleblowers(really "hearing aid" see Brunner, J. "Shockwave Rider" A vast network of anonymous servers may be maintained behind the screen of a single foreign site A-server ready to come on line at a single command if suppression attempts are experienced. However AARM type scripts will continue to be a threat,I also think we should look at the possibility of both port 25 and port 119 manipulation with auto-search and random selection of NNTP and SMTP open servers as well as header addition to confuse path analysis... I know this is normally regarded as unprofitable but considering what we are up against... Addition dialup slip and ppp hosts could use a variety of 9.6-56kb dialup sites to provide rotating xntp synchronized anonymous posting and mail services.Uucp sites could play as well on email-based services via uucp. Are any foreign sites up for running David Clunies PAX Code??? cheers kelly - -------- - -- To add the following key block to your PGP2.0 Public Key Ring save this entire message to a file and enter the following command: pgp -ka [name_of_file_saved] The above key block is included on every message I send from - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.2 mQCNAiqua1sAAAEEAMhfx9J4HPDUZReVFsxS1EZh1jArbIKYtFsL8qit1xCDU8xk Sg/MyOVg37CXv/zKGhjrYt1/F4zntHewIDMm3LkH/G/do74zq1R1NrukD5PUbU8/ aeOvsFmjI3HGJGQNpPXXd8eegxHeggOpQPqLNbsl+VSFY5qka/gXinP2G6VzAAUR tB9rZWxseSA8cGxlaWt1IWtlbGx5QG5ldGNvbS5jb20+tBFzbmFrZUBjYWRlbmNl LmNvbbQdS2VsbHkgR29lbiA8a2VsbHlAbmV0Y29tLmNvbT6JAJUCBRAq0+Yk4nXe Dv9n9wsBAUbXA/9nPYjlRcak+JHZzrU8IHwqvSi/eA8IxKfviB0aaOgEkJOgoSrD FzGl0wq9usgqywl1cG05pHhy9dE5YisPrhQUq7Vo3piOxsrhAxdX3OP14wEfqpIU g23lgq55DKKHVf5ea+/F84mdTO7l3Ef4BzfwdKa7YfsFzLOcjWthwnQa84kAlQIF ECq1XovhoOw8SgKpbwEB8bgD/RkyuGei5GZFmXACvF5tBJ2UsCOmmv1c4y4gFQ6U /YO+lO22kVbW497tKJYZyJIMqCj9AnlhqPePiYrj76n951tF3R5AkmTaBIC1SAB6 2oB7xgOSnrt0LxZJml6cLROM6ZpFYIvOVp5GHGlVWu9vxP7BKo+z4LnzFlQzu83O Et4U =PfOI - -----END PGP PUBLIC KEY BLOCK----- pleiku!kelly at netcom.com.... ------- End of Unsent Draft From crunch at netcom.com Thu Apr 22 11:39:14 1993 From: crunch at netcom.com (John Draper) Date: Thu, 22 Apr 93 11:39:14 PDT Subject: A question... Message-ID: <9304221839.AA00612@netcom4.netcom.com> Excuse the high bozo factor, but... I have a question... Does the Clipper Er: Wiretap chip provide a means of authentification? From newsham at wiliki.eng.hawaii.edu Thu Apr 22 11:42:26 1993 From: newsham at wiliki.eng.hawaii.edu (Timothy Newsham) Date: Thu, 22 Apr 93 11:42:26 PDT Subject: non-cypher related question on audio analysis In-Reply-To: <9304221700.AA00422@soda.berkeley.edu> Message-ID: <9304221842.AA08140@toad.com> > > After you know something, remember this: The FIR filter is the same > mathematically as a FFT, multiplication by a filter window function, > and an inverse FFT. As I recall, you can process multiple FIR's in > parallel. you can do two FFT's by using the fact that: FFT( x(t) + j y(t) ) = Z(w) then X(l) = 1/2 ( Z(l) + Z*(N-l)) and Y(l) = 1/2j (Zl) - Z*(N-l)) Where x(t) <-> X(w) y(t) <-> Y(w) N is the length of both arrays j is sqrt(-1) Z* is the conjugate of Z (a+jb <-> a-jb ) From 72114.1712 at CompuServe.COM Thu Apr 22 11:47:22 1993 From: 72114.1712 at CompuServe.COM (Sandy) Date: Thu, 22 Apr 93 11:47:22 PDT Subject: AT&T/SUITS Message-ID: <930422182755_72114.1712_FHF70-2@CompuServe.COM> _________________________________________________________________ FROM THE VIRTUAL DESK OF SANDY SANDFORT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Punksters, AT&T: CO-CONSPIRATORS At the last physical San Francisco meeting, I mentioned a curious conversation I had with an AT&T representative. I had called him for info about the ATT Secure Phone 3600. What I reported to the meeting was that while the representative would not "confirm or deny" that the 3600 had a backdoor, his demeanor suggested to me that it did. Now in reviewing the conversation in my memory, I realize that what I was hearing from him was a SMUGNESS. It had the flavor of the cat that swallowed the canary. He obviously knew about the upcoming announcement. In retrospect, I see that he was playing with me by dropping hints such as: "If the NSA were to ask us to put a backdoor in the 3600, of course we would have to cooperate." Talk about your "secret government." Where are Slick Willie's "town hall meetings" when you need them? SUITS ME Let a hundred flowers blossom. Those of us who wish to fight the good fight in suits, should do so. Likewise, those who wish to remain long-haired, maggot-infested, dope-smoking hippies, should follow their hearts. I have no problem with the "Cypherpunks" moniker. It hasn't hurt us, and it has brought us some favorable publicity. I think Perry is being an alarmist. In one point, though, Perry is right. He said people will listen to unconventional folks who present reasonable ideas. But it appears that Perry thinks our support of freedom and privacy is somehow unreasonable in the eyes of Joe Lunchbucket. I respectfully disagree. I think we represent the essence of American values. All we have to do is put it in terms the are immediate and personally relevant to the average American. For the record though, as Tim May can attest, I am bi-cultural. I have gotten in touch with the Suit inside me. If Cypherpunks ever needs a spokesperson in a "dress for success" suit, I'll be glad to volunteer. There is one condition, however. I will only do it if I'm teamed with someone not in a suit; preferably with long hair and wearing tie-dyed. Think of the photo op! S a n d y _________________________________________________________________ PLEASE RESPOND TO: ssandfort at attmail.com (except from CompuServe) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From anton at hydra.unm.edu Thu Apr 22 11:49:26 1993 From: anton at hydra.unm.edu (Stanton McCandlish) Date: Thu, 22 Apr 93 11:49:26 PDT Subject: MAIL: threaded mail reader? In-Reply-To: <199304221826.AA25404@Menudo.UH.EDU> Message-ID: <9304221849.AA13917@hydra.unm.edu> Anyone know of a mail reader a la elm that works on a threaded basis like trn, so I can kill entire threads at once (or, gods forbid, READ them in some sort of meaningful order?) SOrry if this is dreadfully off topic, but you folks seem to know a LOT about mail tech, so... -- Testes saxi solidi! ********************** Podex opacus gravedinosus est! Stanton McCandlish, SysOp: Noise in the Void Data Center BBS IndraNet: 369:1/1 FidoNet: 1:301/2 Internet: anton at hydra.unm.edu Snail: 8020 Central SE #405, Albuquerque, New Mexico 87108 USA Data phone: +1-505-246-8515 (24hr, 1200-14400 v32bis, N-8-1) Vox phone: +1-505-247-3402 (bps rate varies, depends on if you woke me up...:) From habs at Panix.Com Thu Apr 22 11:54:31 1993 From: habs at Panix.Com (Harry Shapiro) Date: Thu, 22 Apr 93 11:54:31 PDT Subject: AT&T in Greensboro Message-ID: <199304221854.AA24393@sun.Panix.Com> Eric mentioned boycotting AT&T products produced at facilities in Greensboro. I did a quick search of AT&T Greensboor for the last years, looking through trade and tech pubs. Basically their is mention of their Federal Systems group and there Federal systems advanced technologies group. They have a AT&T Proposal center there and a business called AT&T Technical Service Co. Bell Labs/Federal Systems group runs the Guilford Center complex there. They annouced they are building a 5 Million dollar plant for building telecommunications products for the US Gov. and for the International Commerical Markets. (This was within this years, and may or may not have been, at that time, a cover to hide what ever facilities were being built for the WireTap Chip project. It should be noted that Public Key Partners is located in Greensboro. That the AT&T deal with them at the time, was probally completed so that the WireTap phone systems AT&T will sell will not violate RSA/PKP patents. /harry -- Harry Shapiro habs at panix.com List Administrator of the Extropy Institute Mailing List Private Communication for the Extropian Community since 1991 From root at pleiku.netcom.com Thu Apr 22 12:00:41 1993 From: root at pleiku.netcom.com ($HOME/.sig) Date: Thu, 22 Apr 93 12:00:41 PDT Subject: REMAIL: The other shoe drops Message-ID: <9304221833.AA06368@netcomsv.netcom.com> And John Gilmore Spake: (Much Deleted) > To permanently restore at least last month's level of service, we need > a couple of dedicated, firewalled, buttressed sites. You want a few > geographically separated people who own their own systems (or who own > or run the company that owns them), who have solid network links > (possibly redundant), and who are fully committed to the idea -- as > committed as funet.fi to persist past the vilification and harassment > and threats. > > And those people need backup from the rest of us -- legal help if they > need or want it, money to pay the networking bill if things get tight, > loans of backup equipment during failures under load, system > administration when folks try to break in and trash their machines, > software creation and maintenance, advocacy, policy work, advice, and > a bunch of shoulders to cry on and warm words of encouragement. > > Three to five people providing such setups, in collaboration, would > wedge a steel-toed boot so firmly in the door that it couldn't be > slammed by any dyspeptic "net god". > > Are we up to this job? If not, let's scale back what we're trying to > do. I'd rather succeed at raising consciousness on the issue for a > later try, than try now to set up such a beachhead and fail at it. John I am forced to agree with you here..... I dont think we have the "juice" to carry off a maximum effort at this point... I would gladly volunteer to setup such a site AND I would need a peacenet feed instead of the "gratis" connections I obtain from netcom.... I AM already uncoercible... as you well know and I would need you as well as others in backing on this effort...OK kids... Here we have one volunteer if we can get at least 3 other sites(my mininum buyin is 4 US sites).... Hey John... what about you??? cheers kelly p.s. I would be willing to maintain a PAX type anon operation as well as an anon-remailer.....and a KEY server... would also offer the PGP archives via mail server... note that I am uucp connected and would need to upgrade to 56 kb leased or V-FAST technology... - ------- End of Forwarded Message ------- End of Unsent Draft From root at pleiku.netcom.com Thu Apr 22 12:02:13 1993 From: root at pleiku.netcom.com ($HOME/.sig) Date: Thu, 22 Apr 93 12:02:13 PDT Subject: POLITICAL DISPERSION: Contact with Christic Institute Message-ID: <9304221837.AA06911@netcomsv.netcom.com> Hi All, Due to a recent posting in alt.conspiracy I was finally able to make contact with the Christic Institute. These are the people who were continually suing the CIQA during the 80's for violations of intelligence laws. They were almost completely wiped out by questionable decisions in a federal lawsuit and loss of their non-profit tax status during the last days of the bush administration. Their present status is as follows, 286/AT class machines 20-30 mb hard disks, 1200 baud connectivity only. and have said they will attempt to acquire a 9600 baud modem...(maybe someone on the list has a spare that they could donate). they have only 1 person who knows about "software" and he sounds like he doesnt have a whole lot of time on his hands I was either thinking about obtaining a pubnix account on their behalf..( or cheap commercial shell account(netcom). or installing waffle along with pgp2.2 and praying. Any suggestions from the group would be welcome. BTW I have worked at expressing the power and connectivity of the internet to him. I dont know how much sunk in at the time.The person I talked to was Dave Reed Christic Institute, 310-287-1556 310-287-1559 FAX 8773 Venice Blvd Los Angeles, Ca 90034 In addition I have been attempting to make contact with the Santa Cruz Action Team to get them connected. I will be making contact with many human rights/eco/etc groups over the next month...(I feel like a crypto-anarchist Johnny Appleseed) - -------- - -- To add the following key block to your PGP2.0 Public Key Ring save this entire message to a file and enter the following command: pgp -ka [name_of_file_saved] The above key block is included on every message I send from - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.2 mQCNAiqua1sAAAEEAMhfx9J4HPDUZReVFsxS1EZh1jArbIKYtFsL8qit1xCDU8xk Sg/MyOVg37CXv/zKGhjrYt1/F4zntHewIDMm3LkH/G/do74zq1R1NrukD5PUbU8/ aeOvsFmjI3HGJGQNpPXXd8eegxHeggOpQPqLNbsl+VSFY5qka/gXinP2G6VzAAUR tB9rZWxseSA8cGxlaWt1IWtlbGx5QG5ldGNvbS5jb20+tBFzbmFrZUBjYWRlbmNl LmNvbbQdS2VsbHkgR29lbiA8a2VsbHlAbmV0Y29tLmNvbT6JAJUCBRAq0+Yk4nXe Dv9n9wsBAUbXA/9nPYjlRcak+JHZzrU8IHwqvSi/eA8IxKfviB0aaOgEkJOgoSrD FzGl0wq9usgqywl1cG05pHhy9dE5YisPrhQUq7Vo3piOxsrhAxdX3OP14wEfqpIU g23lgq55DKKHVf5ea+/F84mdTO7l3Ef4BzfwdKa7YfsFzLOcjWthwnQa84kAlQIF ECq1XovhoOw8SgKpbwEB8bgD/RkyuGei5GZFmXACvF5tBJ2UsCOmmv1c4y4gFQ6U /YO+lO22kVbW497tKJYZyJIMqCj9AnlhqPePiYrj76n951tF3R5AkmTaBIC1SAB6 2oB7xgOSnrt0LxZJml6cLROM6ZpFYIvOVp5GHGlVWu9vxP7BKo+z4LnzFlQzu83O Et4U =PfOI - -----END PGP PUBLIC KEY BLOCK----- pleiku!kelly at netcom.com.... ------- End of Unsent Draft From habs at Panix.Com Thu Apr 22 12:05:35 1993 From: habs at Panix.Com (Harry Shapiro) Date: Thu, 22 Apr 93 12:05:35 PDT Subject: Info on Mykotronx Message-ID: <199304221905.AA25268@sun.Panix.Com> Please forward this message far and wide. - Harry I am looking for Info on Mykotronx the company that designed the WireTap chip for the NSA/NIST/FBI. They are said to be a contractor to NSA. Thus we can assume that most if not all of what they do is "hidden from view." I was shocked when I did a database search using the name Mykotronx and Mycotronx (both spellings have been used), in publications that report on these areas: trade, technical, business and financial markets. I also searched press wires and some newspapers. Prior to April 16/17 I have found NO References to this company. Clearly this company takes it security seriously; but such a lack of coverage seems strange. It leads me to wonder if they really existed much prior to April 16/17 - they could be a division of the NSA, for example. Of course the data bases I searched don't have everything in them and they could have been scrubbed... Can anyone find references to this company prior to April 16 1993? Can anyone provide alternative spellings for their name? Thanks, /harry -- Harry Shapiro habs at panix.com List Administrator of the Extropy Institute Mailing List Private Communication for the Extropian Community since 1991 From wixer!wixer.bga.com!gumby at cactus.org Thu Apr 22 12:11:33 1993 From: wixer!wixer.bga.com!gumby at cactus.org (Douglas Barnes) Date: Thu, 22 Apr 93 12:11:33 PDT Subject: Mass producing chips In-Reply-To: <199304212309.AA12929@well.sf.ca.us> Message-ID: <9304221619.AA19426@wixer> Arthur wrote: > > p.s. I tried to get samples, but the price was $300,000 for 10,000 units, > How are they going to produce them at these prices and in that quantity given the "baroque activities in the vault" described by Denning? (Not to mention the destruction of the laptop computer... :-) Doug (gumby at wixer.bga.com) From peb at PROCASE.COM Thu Apr 22 12:35:28 1993 From: peb at PROCASE.COM (peb at PROCASE.COM) Date: Thu, 22 Apr 93 12:35:28 PDT Subject: Crypto Activism and Respectability Message-ID: <9304221824.AA05177@banff> >From: tcmay at netcom.com (Timothy C. May) >And note tha the "Hackers Conference" has not changed _their_ name, Yes, but they are not trying to gain any media attention. If the CPSR or EFF is the main media presence, then fine; the role of cypherpunks is to write code and spread memes. The only downside I see to this approach is that EFF and CPSR are afraid of being critical about wiretapping in general--that's how their press releases read. If they have a deeper agenda, it doesn't show. The attention getting name *could* be used for certain kinds of media and then branching off with pointers to EFF and CPSR would be a good strategy. Paul E. Baclace peb at procase.com From pmetzger at lehman.com Thu Apr 22 13:08:12 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Thu, 22 Apr 93 13:08:12 PDT Subject: New Algorithm... In-Reply-To: <199304212154.AA15610@rac3.wam.umd.edu> Message-ID: <9304222007.AA05127@snark.shearson.com> "Haywood J. Blowme" says: [Lots about some J. Random Companies encryption chip] All fine and well, but since we have IDEA already, why should we want it? For virtually all applicatons these days other than fully encrypting network traffic, software is fine. DES implementations in software can handle 1.5 Mbit/s on reasonable machines. Beyond that, if we need hardware, why not use one of the currently publically known algorithms like DES or IDEA, or a combination of them? Why use some other companies algorithm? Perry From dstalder at gmuvax2.gmu.edu Thu Apr 22 13:19:28 1993 From: dstalder at gmuvax2.gmu.edu (Darren/Torin/Who ever...) Date: Thu, 22 Apr 93 13:19:28 PDT Subject: DC meeting Message-ID: <9304222020.AA29093@gmuvax2.gmu.edu> This is to announce a DC area cypherpunks meeting on Monday 26 April at 1800 (or so) until whenever at my office. Call me or write me for info on how to get here... Think free, -- Defeat the Torin/Darren Stalder/Wolf __ Wiretap Chip Internet: dstalder at gmuvax2.gmu.edu \/ PGP2.x key available. Proposal! Bitnet: dstalder at gmuvax Finger me. Write me for Sprintnet: 1-703-845-1000 details. Snail: 10310 Main St., Suite 110/Fairfax, VA/22030/USA DISCLAIMER: A society where such disclaimers are needed is saddening. From meyer at mcc.com Thu Apr 22 13:47:20 1993 From: meyer at mcc.com (Peter Meyer) Date: Thu, 22 Apr 93 13:47:20 PDT Subject: New Algorithm... In-Reply-To: <9304222007.AA05127@snark.shearson.com> Message-ID: <19930422204625.1.MEYER@OGHMA.MCC.COM> Date: Thu, 22 Apr 1993 15:07 CDT From: "Perry E. Metzger" "Haywood J. Blowme" says: [Lots about some J. Random Companies encryption chip] All fine and well, but since we have IDEA already, why should we want it? For virtually all applicatons these days other than fully encrypting network traffic, software is fine. DES implementations in software can handle 1.5 Mbit/s on reasonable machines. Beyond that, if we need hardware, why not use one of the currently publically known algorithms like DES or IDEA, or a combination of them? Why use some other companies algorithm? Perry Even when using encryption software there may be reasons to use something other than DES. One possible reason (apart from doubts about whether NSA can break DES in one or more of its modes) is that, although the security and speed of an encryption algorithm is of central importance, the quality of the user-interface is also important. For example, if you want to encrypt/decrypt thirty files in five different subdirectories twice a day, and do it in an office with your colleagues looking over your shoulder, you won't want to be using software that encrypts only one file at a time and also displays the encryption key as you type it in (though you might like to have the key echoed when no-one else is about). There are lots of other things to be considered besides the algorithm itself when designing good encryption software, e.g. if someone accidentally yanks out the power cord to the computer during decryption do you kiss goodbye to the data? -- Peter Meyer From pg3448 at csc.albany.edu Thu Apr 22 14:17:49 1993 From: pg3448 at csc.albany.edu (Harbinger ) Date: Thu, 22 Apr 93 14:17:49 PDT Subject: unsubscribe me Message-ID: <9304222117.AA16771@sarah.albany.edu> I cannot keep up with all the mail.. 50+ per day is just too much.. can I please be taken off the subscribed list? thank you.. PG _______________________________________________________________________________ _ @__ ############ ## /\ /\ /\ | \\ ######### ########## ###### _ || || || | \\ ###### ########## / \ || || || _|\ \\ ## ________________ ` / || || || \ \ ++ ___--- / \ \ ---___ | \\||// \ l || _-- / /\ \ \ --_ * ~||~ T\\ || _____/ / / /\ \ \ \_____ || | \\ || \_ / / /__\_\ \ _/ || | \\ ++ -__ / / /________\ __- __ || | \// .-. _ ---___\/___________/___--- _ || || | //\ . | | | ` --___ ___-- / \--+|============--_ | // .\\| t-' | _ ---------------- \_/--+|======||====-- @~~ `.| | t_| The Harbinger is watching! ||__ || ~ ` -- _______________________________________________________________________________ From pmetzger at lehman.com Thu Apr 22 14:18:57 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Thu, 22 Apr 93 14:18:57 PDT Subject: A Volunteer in a Suit Has Appeared! In-Reply-To: <9304220831.AA26386@netcom.netcom.com> Message-ID: <9304222118.AA05266@snark.shearson.com> I wonder, Tim, why you bother to wear clothes at all. After all, they are merely attempts by conservative people to make you fit into a conventional mold. Indeed, why speak in english? Why not invent your own language that no one else understands? After all, using the same language that other people do is a callow and conformist act. In fact, why not just go to the top of a giant tower and get publicity for us by shooting random passers by? After all, as you've noted, there is no such thing as "bad publicity". I assure you that you will be covered by thousands of times more TV and radio stations for such an act. I've watched the Libertarian Party self destruct because many activists are such fools that they can't make a distinction between whats important and random rebellion for the sake of rebellion. People will refuse to be polite, refuse to phrase their arguments comprehensably, refuse to be nice to reporters, and refuse to appear to be reasonable or even rational, and then later on they wonder why it is that everyone makes fun of them and no one listens. Our goal is not to maintain use of the word "cypherpunks". Nor is our goal to change the fashion industry. Our goal is privacy. Tim agreed in his reply to my message with virtually every substantive point that I made. None the less, he makes fun of my comments. He agrees that people do judge on appearances. He agrees that the radical protest movements of the 1960s were largely failures. Yet he wants us to appear unreasonable, and he wants us to emulate these failures. Tim has reacted with extreme vehemence to the minor question of our name. Its a small thing to us personally -- but it could help advance our goals. I can only conclude that since Tim more or less admits that he's wrong but still insists on his position that he is not acting on the basis of rational motivations. I'll repeat -- this is not a fight that we can afford to lose. Why machine gun ourselves in the feet? Perry Timothy C. May says: > > I am pleased to announce that the Search Committee has found an Executive > Director for the newly renamed "Privacy Institute." He will serve as both > manager and as external spokesman for the Institute. > > We searched for a respectable person, preferably middle-aged, who knew how > to communicate with bureaucrats and was prepared to relocate to the > Washington, D.C. area to act as our official lobbyist (the matter of his > compensation will be dealt with in a later memo, one which also explains > our dues structure. membership grades, and official bylaws). > > Our candidate is an active poster in sci.crypt, is well-known to the Net, > and yet has strong connections with the Washington bureaucracy. > > We feel he will do much to project a more proper, even anal, image of our > group. We hope his appointment as Executive Director, The Privacy > Institute, will go a long way toward improving the image we developed > during our first phase of existence when we were known by the c-word name. > > Our new Director intends to immediately correct many of the wrongs he sees. > > > Without further ado, here is his name: > > > David Sternlight > > > I hope you'll all join me in welcoming Sternie, or Sterno, as his friends > call him, to the Privacy Institute. > > > -Tim May, Recording Secretary, The Privacy Institute ("Don't call us > Cypherpunks!") > > > > (The preceeding spoof was brought to you as a public service.) > From ghoast at gnu.ai.mit.edu Thu Apr 22 14:49:35 1993 From: ghoast at gnu.ai.mit.edu (ghoast at gnu.ai.mit.edu) Date: Thu, 22 Apr 93 14:49:35 PDT Subject: tapping method unmentioned Message-ID: <9304222149.AA47908@hal.gnu.ai.mit.edu> In all the articles that I've seen posted, and in the grumbling done about the advancement of government regulated cryptography, I haven't seen much mentioned on *how* the government would go about collecting a certain exchange. Pardon me if I'm missing something key here, but wasn't there some bill circulating in the legislature that proposed that phone co's build tappability into the newer non-copper phone system? Is the phone co's cooperation on this issue part of a bargain to exclude such capability from the system (yeah, right) or is the government focusing on this issue now because it has already accomplished what it wants in other areas of privacy (read: tapping) ~ From treason at gnu.ai.mit.edu Thu Apr 22 14:52:14 1993 From: treason at gnu.ai.mit.edu (treason at gnu.ai.mit.edu) Date: Thu, 22 Apr 93 14:52:14 PDT Subject: What should be done. Message-ID: <9304222151.AA12576@spiff.gnu.ai.mit.edu> I agree as well that this mail is horrendous. 50+ mailings a day is a troublesome thing. I would like to suggest a method of mailing that would be less pain to the mailer, and more useful for storing purposes. I suggest we start an archive. All mail sent to the list in one day is put within this archive, and mailed ONCE per day. Sure this mailing would be rather large, and you may have to wade though alot of stuff that may be uninteresting to you to get to what you want to see, but you could store it in temp, and use vi on it or something...it would be a minor inconvienience. Much more livable than what we have now. I have seen a great list done in this same way. It has the mail header for the list, an index of all articles subjects within at the start, and then basically each article stored linearly with mail headers intact. For those who have seen the archive for the Ultrasound Digest, you know what Im talking about. I suspect that the individual running the list has an automation program generating this Digest each day, and mailing it when the time is appropriate. There are examples of this digest on archive.epas.utoronto.ca in /pub/pc/ultrasound/digest for those of you who want to see what it looks like. I would be happy to consult the list moderator and beg for the software in the lists best interest if we get a good number of wants. treason From zane at genesis.mcs.com Thu Apr 22 14:55:15 1993 From: zane at genesis.mcs.com (Sameer) Date: Thu, 22 Apr 93 14:55:15 PDT Subject: PGPHELP: Digisigning that petition Message-ID: I was looking over PGP in order to figure out how digisigning a petition could work, and I couldn't figure out how to get PGP to do it properly. (It was frustrating, because I remembered doing it before.) What I *want* PGP to output is: -- Begin PGP Signed Message -- We hate the clipper -- End PGP Signed Message -- -- Begin PGP Sig --- dsfDSCSA43523csdcsad235s -- End PGP Sig --- In the same form as many post to this list. How about the format which makes a seperate file out of the PGP -sig, and STILL brackets the PGP signed message. (The PGP sig file would be in ascii armor following a message saying: "This is a PGP-sig cert." I *do* remember doing this before.. I can't figure out HOW I did it though.) -- | Sameer Parekh-zane at genesis.MCS.COM-PFA related mail to pfa at genesis.MCS.COM | | Apprentice Philosopher, Writer, Physicist, Healer, Programmer, Lover, more | | ----STOP THE WIRETAP CHIP/BIG BROTHER PROPOSAL!---MAIL ME FOR DETAILS! __/ | "Be God" - Me __ "Specialization is for Insects" - Robert A. Heinlein__/ \_____________/ \___________________________________________________/ From a2 at well.sf.ca.us Thu Apr 22 15:06:57 1993 From: a2 at well.sf.ca.us (Arthur Abraham) Date: Thu, 22 Apr 93 15:06:57 PDT Subject: the WireTap Chip sobriquet Message-ID: <199304222206.AA14436@well.sf.ca.us> Actually, this is the worst named product since GM decided to name an electric car the "Impact" (they've since announced that they're not going to make it.) This device is very simply the "Privacy Clipper" chip .... "nuf said" -- Stan Lee -a2. From karn at qualcomm.com Thu Apr 22 15:21:45 1993 From: karn at qualcomm.com (Phil Karn) Date: Thu, 22 Apr 93 15:21:45 PDT Subject: WIRETAP: boycotts Message-ID: <9304222221.AA01871@servo> Boycotts seldom do much by direct economic pressure. If they accomplish anything, they generally do so by the publicity they generate. Phil From karn at qualcomm.com Thu Apr 22 15:21:48 1993 From: karn at qualcomm.com (Phil Karn) Date: Thu, 22 Apr 93 15:21:48 PDT Subject: CLIP: Legal Aspects Message-ID: <9304222221.AA01876@servo> At 08:11 AM 4/22/93 -0700, Eric Hughes wrote: >Exploratory wiretaps, illegally made and whose evidence is not >directly admissible, provide information that may lead investigators >to other information. This secondary information _is_ admissible. > >It would be a wonderful if the ER were strengthened so that all >evidence which resulted from an illegal search _and all of its >subsidiaries_ were conidered tainted. That battle, however, is a much >longer one to fight. I thought this was already true, at least in theory. It's known as the "fruit of the poisoned tree" doctrine. Evidence gathered as a consequence of illegally gathered evidence is in itself inadmissable. Of course, this is probably what has been weakened the most by the Reagan/Bush Supreme Court. >Even in that situation, though, the defense would have to prove that >an unauthorized wiretap took place. *This* is the fundamental problem. There are many possible ways that illegal wiretaps can further the collection of other evidence, without the existence of the illegal wiretap ever having to be revealed. Phil From tcmay at netcom.com Thu Apr 22 15:36:14 1993 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 22 Apr 93 15:36:14 PDT Subject: A Volunteer in a Suit Has Appeared! In-Reply-To: <9304222118.AA05266@snark.shearson.com> Message-ID: <9304222236.AA27147@netcom3.netcom.com> Lighten up, Perry! My comments in my lighthearted "A Volunteer Suit Has Appeared" were not directed at you or your position. After all, I was the one who first mentioned "suits," so my comments were not targeted at you use of the term. > In fact, why not just go to the top of a giant tower and get publicity > for us by shooting random passers by? After all, as you've noted, > there is no such thing as "bad publicity". I assure you that you will > be covered by thousands of times more TV and radio stations for such > an act. Perry, Perry, Perry! Please, you're taking my comments and extrapolating them to absurd levels. Is this what you call being reasonable? I haven't said that *anything* goes, rather, I've said that the slightly outre image of our group is not ipso facto a bad thing. But I don't want your time or my time or the list's time this way. > Tim agreed in his reply to my message with virtually every substantive > point that I made. None the less, he makes fun of my comments. He > agrees that people do judge on appearances. He agrees that the radical > protest movements of the 1960s were largely failures. Yet he wants us > to appear unreasonable, and he wants us to emulate these failures. Again, not true. > Tim has reacted with extreme vehemence to the minor question of our > name. Its a small thing to us personally -- but it could help advance > our goals. I can only conclude that since Tim more or less admits that > he's wrong but still insists on his position that he is not acting on > the basis of rational motivations. ?????? All I can say is that I hope Perry cools off a bit. While the Clipper Chip is indeed a serious and dismal matter, I see no call for such anger and charges that I've admitted I'm wrong, that I want our efforts to fail, that I want us to appear unreasonable, and that I am "not acting on the basis of rational motivations." It's clear Perry doesn't like the name of our group. Repeating this over and over again does not seem to be all that produtive. And the issues go beyond that of the mere name, which is a relatively minor issue. My post about "respectability" yesterday had much more to do with addressing the calls by some that our agenda be changed (e.g., reducing discussion of crypto anarchy, of guerilla distribution of software, of offshore remailers, of digital money, of money laundering, and the like), that we deemphasize the "crypto rebel" aspects and instead adopt a more mainstream line. It's clear that some are uncomfortable with these crypto rebel issues, these discussions on the list, and the possible repercussions. Well, these are the topics that got us started, and the latest Clipper Chip is no reason for us to turn into a carbon copy of the CPSR, EFF, and ACLU. Nor is it a reason to lose our sense of humor about things. -Tim May P.S. I'm quite serious that my little joke about Sternlight was not directed at Perry personally. I had already responded at length, and quite reasonably (I thought) to his comments. The Sternlight point came as I was reading Sternie's posts in sci.crypt and realized that what he (Sternlight) seems to want more than anything else is to be the "voice of reason" in the crypto debate. Hence my satire. If I'd wanted to satirize Perry, which I can't honestly say I've wanted to do, I'd've used some kind of material from him, or his kind of words. Cheers. -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. From wcs at anchor.ho.att.com Thu Apr 22 15:37:31 1993 From: wcs at anchor.ho.att.com (wcs at anchor.ho.att.com) Date: Thu, 22 Apr 93 15:37:31 PDT Subject: Info on Mykotronx Message-ID: <9304222236.AA15100@anchor.ho.att.com> Harry Shapiro said he wasn't able to find much information on Mykotronx. The San Francisco Chronicle says it's a "little-known company in Torrance, CA"; "Mykotronx Inc., founded in 1979 by two former engineers from TRW Inc., already sells classified encryption chips to protect satellite communications." "San Jose-based VLSI Research Inc. will manufacture the chip, called the Clipper. VLSI was chosen largely because it has a unique manufacturing process that makes it nearly impossible to take the chip apart and decode it." The Washington Times says that "Government engineers at NSA and [...] NIST designed and developed the chip, which was then produced by privately owned Mykotronx and a publicly traded subcontractor, VLSI Technology." In their discussion of comments by Ted Bettwy, exec VP of Mykotronx, "He said the chip announced yesterday, internally referred to as MYK-78, costs about $40 and uses an algorithm 16 million times more complex than that used by chips now on the market. Computer hackers have penetrated the current chips." Bill Stewart From tcmay at netcom.com Thu Apr 22 15:58:13 1993 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 22 Apr 93 15:58:13 PDT Subject: Being Reasonable to Reporters In-Reply-To: <9304222118.AA05266@snark.shearson.com> Message-ID: <9304222258.AA28208@netcom3.netcom.com> Sorry, gang, but I just can't let this one pass without commenting: Perry Metzger writes: > I've watched the Libertarian Party self destruct because many > activists are such fools that they can't make a distinction between > whats important and random rebellion for the sake of rebellion. People > will refuse to be polite, refuse to phrase their arguments > comprehensably, refuse to be nice to reporters, and refuse to appear > to be reasonable or even rational, and then later on they wonder why > it is that everyone makes fun of them and no one listens. Speaking for myself, I've been *very* polite to reporters. I can only hope Perry is speculating about some Cypherpunks I haven't heard about. John Gilmore, Eric Hughes, myself, and many other members of the list have been quite reasonable, quite articulate, and quite "nice" in our comments to reporters. I hosted Kevin Kelly, Steven Levy, and Julian Dibbell each for several hours, at their request, at my home in Aptos. These were for the various pieces coming out in their publications. I answered their questions, outlined the issues of privacy and crypto as I saw them, explained the workings of new protocols, and so on. Some of them showed up at our meetings, where they were well-treated. The Levy piece is already out, in "Wired," and I've seen the draft of Kelly's piece coming out soon in "Whole Earth Review." Neither paint us as Texas Tower whackos nor as blue-sky dreamers. These journalists are very well-versed in the issues. Julian Dibbell's forthcoming piece I haven't seen, but I doubt it will be a hatchet job or otherwise treat us as crazies. I think this qualifies as being nice and reasonable to reporters. Note: I did not talk to John Markoff this time around, but I have in the past. My understanding is that others talked to him. Cheers. -Tim May From wcs at anchor.ho.att.com Thu Apr 22 16:00:36 1993 From: wcs at anchor.ho.att.com (wcs at anchor.ho.att.com) Date: Thu, 22 Apr 93 16:00:36 PDT Subject: Verbosity by Mail from NIST Message-ID: <9304222257.AA15315@anchor.ho.att.com> I called the phone number for NIST given in one of the announcements, and was routed to Sherry Hankey 1-301-975-2820, who faxed me their package of information they're sending out. There's no new technical information (Dorothy Denning's article and some non-technical viewgraphs), but there's a lot of newspaper clippings, pro and con, the announcements we've seen on the net from Clinton, Q&A, etc., and what look like viewgraphs from a couple of talks. Overall, it looks like they don't know much more than we do :-). One talk is "U.S. Technology Initiative for Secure Telecommunications" Raymond G. Kammer, Acting Director, NIST, 4/16/93 which is basically the announcements turned into viewgraphs (if I've sucessfully decoded the tangle of fax paper :-). Another part of the package looks like another talk, which covers Wiretap cases by the FBI and other agencies, including a summary table for 1982-1991 of State and Federal wiretap authorizations, arrests, and convictions (there's a footnote that reporting of convictions seems to substantially lag actual convictions, though the ration of arrests to convictions has decreased, averaging 2:1 over 10 years, 3:1 recently.) Most wiretaps are State and local, not FBI. Cases they cited included the usual drug dealing and money laundering, a judge taking bribes, a Chicago street gang El Rukn proposing to shoot down an airliner for the Libyans, some Mafiosi, a RICO case against the Concrete and Cement Workers Union "Prevented economic loss $585Mil", some fraud in defense contracting and health care contracting, and the Masters of Disaster "computer hackers" case. Bill Stewart wcs at anchor.att.com # Bill Stewart wcs at anchor.ho.att.com +1-908-949-0705 Fax-4876 # AT&T Bell Labs, Room 4M-312, Crawfords Corner Rd, Holmdel, NJ 07733-3030 From hughes at soda.berkeley.edu Thu Apr 22 16:25:11 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Thu, 22 Apr 93 16:25:11 PDT Subject: Info on Mykotronx In-Reply-To: <9304222236.AA15100@anchor.ho.att.com> Message-ID: <9304222321.AA02657@soda.berkeley.edu> the vp from mycotoxin spoke, and some reporter said: "He said the chip announced yesterday, internally referred to as MYK-78, costs about $40 and uses an algorithm 16 million times more complex than that used by chips now on the market. Computer hackers have penetrated the current chips." 16 M is approx 2^24 80 bit wiretap chip key - 56 bit DES key = 24 Just because the key is 24 bits longer doesn't mean the chips are that much more complex. Biham and Shamir have reduced the security of DES down to 2^47 (maybe down a few more in the exponent), but that does not mean that it has been broken. 2^47 chosen plaintexts is not a feasible attack in a reasonably deployed system. This is the best known attack. Biham and Shamir are not computer hackers, either. So assuming the reporter was basically accurate, what's the score for our VP? One deceit and one outright lie combined with a gratuitous slander. Eric From szabo at techbook.com Thu Apr 22 16:27:48 1993 From: szabo at techbook.com (Nick Szabo) Date: Thu, 22 Apr 93 16:27:48 PDT Subject: WIRETAP: boycotts In-Reply-To: <9304222221.AA01871@servo> Message-ID: Agreed, not much economic pressure would come from directly boycotting Clipper phones, or for that matter from people boycotting AT&T for ideological reasons. Rather, it would come from AT&T getting a reputation as putting the U.S. government's needs before the needs of their customers; and not caring very much about the privacy of their customers' phone calls. What international business, law firm, etc. wants to trust their communications to a company that puts NSA wiretap chips in their phones and touts them as "secure"? A good outcome here is for this fiasco to get wide publicity, and for Sprint, MCI, etc. to subtly use doubts about AT&T's concern for privacy in their ad campaigns. A recent cypherpunks post refferred to a conversation with an AT&T marketing type, who kept insisting that AT&T is very concerned about customer privacy, it's a high priority, etc. AT&T knows they need a good reputation for privacy. Keep up the pressure! Nick Szabo szabo at techbook.com From hughes at soda.berkeley.edu Thu Apr 22 16:30:05 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Thu, 22 Apr 93 16:30:05 PDT Subject: WIRETAP: press articles wanted. Message-ID: <9304222326.AA03395@soda.berkeley.edu> Speaking as the ftp site maintainer, I'm looking for all the press coverage there is on this wiretap chip, both national and local coverage. I've seen quotes from several other sources, but not whole articles. So type in what's at hand and send it to me. I'll put it up for ftp. I've got Saturday's article from the SF Chronicle here, which I haven't yet typed in, but I should warn you that this piece is one of the most slanted things I've seen in that paper. (Those of you who've read the Chron know this is a real insult.) I'll get it typed in myself unless someone can send me a copy. Eric From hughes at soda.berkeley.edu Thu Apr 22 16:42:50 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Thu, 22 Apr 93 16:42:50 PDT Subject: Reaction time and Crypto In-Reply-To: <9304180436.AA49530@acs.bu.edu> Message-ID: <9304222339.AA05222@soda.berkeley.edu> >It seems to me that the following technologies are going to be of increasing >import despite the outcome of the Clinton proposal. >1. Raw headerless output from packages like PGP. It seems obvious that >if crypto is regulated, it must be easier to disguise the type of crypto >one is using, or indeed if one is using crypto. Removing the headers from PGP will accomplish only the most cursory security. The PGP packet structure is recognizable out of a random byte stream even without the headers. More generally, just because _you_ don't know how to recognize something doesn't mean your opponent is similarly lacking. In order to really know it can't be done, you need a proof, that is, an argument that covers all possible ways of looking for something. This principle applies to all forms of steganography. >2. Methodology for the disguising of cyphertext in more innocous data. See my comment above for my opinion on this. >3. The proliferation and consistant use of Crypto for even everyday >communications. I think work done to get PGP, for example, in mail readers is something that should be done with a bit more zeal. I, personally, don't use it much because of my computing environment (receiving mail on a widely-known-to-be-insecure Unix box, dialed in from MSDOS). The integration problems are pressing. >1> The harder it is to find, the less potential there is for regulation. >2> The harder it is to look for, the less potential there is for regulation. >3> The harder it is to abolish, the less potential there is for regulation. True up to a point. Remember, internet users are still a small percentage of the whole. Eric From pete at cirrus.com Thu Apr 22 16:46:01 1993 From: pete at cirrus.com (Pete Carpenter) Date: Thu, 22 Apr 93 16:46:01 PDT Subject: Mass producing chips Message-ID: <9304222251.AA25007@ss2138.cirrus.com> >tried to get samples, but the price was $300,000 for 10,000 units, How are they going to produce them at these prices and in that quantity given the "baroque activities in the vault" described by Denning? Doug (gumby at wixer.bga.com) Assuming that there is some EEPROM, or bipolar fuse PROM (like PALs) they can easily be programmed during the final (packaged) test stage. After the device passes its tests, give it a number. There are already some PALs that have a "silicon signature", a lot number embedded on the chip, which allows process or lot tracing of devices that don't work up to spec. Testing on peripheral controllers is well below 5 seconds each (gross ballpark - not giving away any secrets here) CPUs may be more, but a "wire-tap" chip should be much easier to test than a CPU. Testers can run close to 24 hours a day, and 24*3600/5 is 17,000 chips a day from one test head. QFP trays have 50 chips/tray, and since the tester knows when the trays are full, it can easily use this to form lot/tray/batch,etc numbers, as well as individual device numbers. I don't like what they're doing, but it all sounds technically feasible to me. Pete Carpenter IC Design Engineer Cirrus Logic Inc. pete at cirrus.com From schmittec at MJ.LAAFB.AF.MIL Thu Apr 22 17:02:36 1993 From: schmittec at MJ.LAAFB.AF.MIL (schmittec at MJ.LAAFB.AF.MIL) Date: Thu, 22 Apr 93 17:02:36 PDT Subject: subscribe Message-ID: <2BD7301A@CN.LAAFB.AF.MIL> subscribe, schmittec at mj.laafb.af.mil From GR2KITTRELL at APSICC.APS.EDU Thu Apr 22 17:18:32 1993 From: GR2KITTRELL at APSICC.APS.EDU (TOO MANY SECRETS) Date: Thu, 22 Apr 93 17:18:32 PDT Subject: IRC setup Message-ID: <930422181609.329c@APSICC.APS.EDU> I really don't know if it can be accomplished in time, but TO1SITTLER is working on setting up a client here for IRC. If this can be used for any meetings, just write. GR2KITTRELL at APSICC.APS.EDU Albuquerque, New Mexico (Land of Enchantment) "Right" From strat at intercon.com Thu Apr 22 17:27:14 1993 From: strat at intercon.com (Bob Stratton) Date: Thu, 22 Apr 93 17:27:14 PDT Subject: DC meeting Message-ID: <9304221926.AA59903@horton.intercon.com> [Note: in the interests of hitting everyone interested, this message might be duplicated for several of you. Please accept my apologies in advance --Strat] > Subject: DC meeting > Date: Thu, 22 Apr 93 16:20:50 EDT > From: dstalder at gmuvax2.gmu.edu (Darren/Torin/Who ever...) > > This is to announce a DC area cypherpunks meeting on Monday 26 April at > 1800 (or so) until whenever at my office. Call me or write me for info > on how to get here... A couple of things: - I was reading mail to post my announcement, when I read yours :-) - I'm more than willing to defer to the majority, though I think there's something to be said for networking the meetings, especially if we have good tools. I've also already received a great deal of response to the idea of a Saturday meeting, even from out-of-towners. To that end, I'm going to post an announcement for a Saturday meeting, and see what happens. Several of us have been planning it for a couple of days now, so don't take it personally or anything. - Paul Ferguson and a couple of others and I have been cobbling together a list of people we thought would be interested in meeting in the DC area, so as to do preliminary planning without polluting Cypherpunks too much. I can see that there are more DC area people than I had originally envisioned, which makes me happy. Sorry if we missed you originally. - Eric and I have discussed the idea of audio teleconferencing the various meetings, either via the Internet or by phone. I've got both a Sun IPC equipped to do the former, and a Western Electric conference telephone (and 6- way on my switch) for the latter. Well readers, which do you prefer? --Strat Help stop the wiretap chip! (a.k.a "Clipper") RIPEM and PGP keys available on request. From strat at intercon.com Thu Apr 22 17:43:28 1993 From: strat at intercon.com (Bob Stratton) Date: Thu, 22 Apr 93 17:43:28 PDT Subject: MEET: Ad Hoc Washington meeting Saturday 4/24/93 Message-ID: <9304221943.AA13465@horton.intercon.com> Washington, DC area ad hoc Cypherpunks meeting. Saturday, April 24, 1993 2:00 PM EDT -> not later than 8:00 PM EDT LOCATION: Unless I hear resounding acclaim for the Monday night meeting, I'm going to hold out our original offer of a Saturday meeting, April 24th, from 2:00PM until sometime not later than 8:00PM, at the offices of: InterCon Systems Corporation 950 Herndon Parkway Suite 420 Herndon, Virginia 22070 DIRECTIONS: InterCon is two blocks north of exit 2 on the Dulles Toll Road (Route 267). From the Beltway, take 267 West to exit 2 (Herndon), and make a right onto Eldon Street. Go through the traffic light at Herndon Parkway (there'll be a shopping center with a big Giant Food on your left), and make an immediate right into the office building on the corner of Eldon and Herndon Parkway labelled "Ford Center". Meet at the front entrance of the building where the Riggs Bank ATM is, and I'll come down and let you in. If you find a way, in, take the elevator to the 4th floor, and walk straight out of it to our office door, which you'll be looking at when the elevator doors open. NOTE: The building locks at 1PM. There is a security phone at the rear entrance, but you'll have to get them to find me, and I don't know what extension we'll be at, so the operative word is "punctuality". I'll make periodic sweeps to the FRONT entrance to look for people, but I can't canvass every door looking for people coming by later. If you come by, and don't see an easy way in, wait by the Riggs Bank ATM entrance, and someone will let you in. (I'll need volunteers to occasionally do that, BTW) COMMUNICATIONS: If you need to reach me, you can try the following: Office phone: +1 703 709 5525 Pager(VA): +1 703 826 5238 (Use an area code!) -or- if you're terribly confused or stranded, call: 800 225 0256, Pager ID: 209267 (This is an operator service, try to make it fit within 80 chars) Help stop the wiretap chip! (a.k.a "Clipper") RIPEM and PGP keys available on request. From GR2KITTRELL at APSICC.APS.EDU Thu Apr 22 18:32:39 1993 From: GR2KITTRELL at APSICC.APS.EDU (TOO MANY SECRETS) Date: Thu, 22 Apr 93 18:32:39 PDT Subject: OOPS Message-ID: <930422193017.3b98@APSICC.APS.EDU> Sorry, To1sittler was trying to set up an IRC HOST, not client.. My apologizes.. If anyone knows massive amounts about IRC, PLEASE, help! gr2kittrell at apsicc.aps.edu From TO1SITTLER at APSICC.APS.EDU Thu Apr 22 18:55:49 1993 From: TO1SITTLER at APSICC.APS.EDU (TO1SITTLER at APSICC.APS.EDU) Date: Thu, 22 Apr 93 18:55:49 PDT Subject: IRC Message-ID: <930422195325.3929@APSICC.APS.EDU> NO! I was NOT trying to set up a host, I was trying to set up a CLIENT! I don't have source for a host, nor do I have room in my disk quota for it! I do, however, have source for two IRC clients, neither of which works yet. But really Chris, I think the Clipper is more important. Not only to the people who read the list, but to me too. This is the biggest reason why my time online does not get spent hacking the IRC client into shape. Please stop posting these messages to THIS list. Kragen From root at pleiku.netcom.com Thu Apr 22 19:35:59 1993 From: root at pleiku.netcom.com ($HOME/.sig) Date: Thu, 22 Apr 93 19:35:59 PDT Subject: ANON: Anonymized Mailing Lists Message-ID: <9304230236.AA06951@netcomsv.netcom.com> Hi There, Has any one combined PGP2.2 and one of the mailing lists servers such as MajorDomo to produce an Anonymous multiple recipient Mailing List? I know David Clunie was working on this for PAX at one point but he didnt finish it I believe. Any one got anything like this? cheers kelly - -------- - -- To add the following key block to your PGP2.0 Public Key Ring save this entire message to a file and enter the following command: pgp -ka [name_of_file_saved] The above key block is included on every message I send from - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.2 mQCNAiqua1sAAAEEAMhfx9J4HPDUZReVFsxS1EZh1jArbIKYtFsL8qit1xCDU8xk Sg/MyOVg37CXv/zKGhjrYt1/F4zntHewIDMm3LkH/G/do74zq1R1NrukD5PUbU8/ aeOvsFmjI3HGJGQNpPXXd8eegxHeggOpQPqLNbsl+VSFY5qka/gXinP2G6VzAAUR tB9rZWxseSA8cGxlaWt1IWtlbGx5QG5ldGNvbS5jb20+tBFzbmFrZUBjYWRlbmNl LmNvbbQdS2VsbHkgR29lbiA8a2VsbHlAbmV0Y29tLmNvbT6JAJUCBRAq0+Yk4nXe Dv9n9wsBAUbXA/9nPYjlRcak+JHZzrU8IHwqvSi/eA8IxKfviB0aaOgEkJOgoSrD FzGl0wq9usgqywl1cG05pHhy9dE5YisPrhQUq7Vo3piOxsrhAxdX3OP14wEfqpIU g23lgq55DKKHVf5ea+/F84mdTO7l3Ef4BzfwdKa7YfsFzLOcjWthwnQa84kAlQIF ECq1XovhoOw8SgKpbwEB8bgD/RkyuGei5GZFmXACvF5tBJ2UsCOmmv1c4y4gFQ6U /YO+lO22kVbW497tKJYZyJIMqCj9AnlhqPePiYrj76n951tF3R5AkmTaBIC1SAB6 2oB7xgOSnrt0LxZJml6cLROM6ZpFYIvOVp5GHGlVWu9vxP7BKo+z4LnzFlQzu83O Et4U =PfOI - -----END PGP PUBLIC KEY BLOCK----- pleiku!kelly at netcom.com.... ------- End of Unsent Draft From sommerfeld at orchard.medford.ma.us Thu Apr 22 19:38:04 1993 From: sommerfeld at orchard.medford.ma.us (Bill Sommerfeld) Date: Thu, 22 Apr 93 19:38:04 PDT Subject: crypto export controls. Message-ID: <9304230203.AA00114@orchard.medford.ma.us> I got an announcement last week of a presentation early this week at my place of work on the subject of cryptographic export controls, shortly before the cripple chip announcement was made. This struck me as at least suspicious. Well, turns that the timing was something of a coincidence; it was just a generic presentation on the current sorry state of the export regulations, by one who had to deal with them day in and day out. He seemed to have the right attitude towards "working the regulations" and what they should be, and had been involved in a few meetings with NSA-types. He commented that things have been getting better -- it used to be that they'd refuse to meet with you over the subject of exporting DES; now, they'll meet with you and just refuse to talk about it. The justification for ignoring the current wide availability of strong crypto outside the U.S. was that if they prevent strong crypto from falling into the hands of *one* bad guy, they will have accomplished something... He mentioned that the Software Publishers Association deal (where companies can now export software using crippled versions of RC2 and RC4 on short notice) was a surprise to him and much of the non-PC software industry and represented an almost complete capitulation on the SPA's part. It was also uninteresting to my employer as we aren't interested in using trivially breakable crypto in our products, and the quick turnaround is pretty much meaningless given the amount of lead time needed to get a product out the door. He also mentioned an upcoming amendment to the next version of the law which authorizes the ITAR and the commerce equivalent which would specifically allow the export of generally available encryption software; he didn't hold out much hope for it passing but considered it worth fighting for. He was also taken by surprise by the cripple chip announcement, and also considered it a bad and ominous thing... - Bill From a2 at well.sf.ca.us Thu Apr 22 19:55:12 1993 From: a2 at well.sf.ca.us (Arthur Abraham) Date: Thu, 22 Apr 93 19:55:12 PDT Subject: Don't Piss on Me Message-ID: <199304230254.AA23563@well.sf.ca.us> I refer you to my earlier posting requesting people to direct thier fire at something that needs to be ignighted -- like your local newspaper or local congress person or local president -- but it's definately not the Cypherpunks mailing list. We MUST NOT waste time writing each other letters that we'll learn nothing by reading. We should spend that same time writing to newspapers, congress people, phone companies, Clinton, Gore, and anybody else who thinks they can get away with this because they feel the citizenry either doesn't care about or doesn't understand the issues. What I'd like to see about the Privacy Clipper on this list is something I don't already know, like the name and address of AT&T's president's secretary -- s/he'll complain to the prez if enough privacy mail arrives. Better yet, how about more copies of the letters to the uninformed that you have already sent. Be imaginative, be active, rattle cages, but telling me how pissed you are won't change a thing, except to decrease the time we're both spending on doing something effective. Be effective. Please. -a2. From anton at hydra.unm.edu Thu Apr 22 19:56:39 1993 From: anton at hydra.unm.edu (Stanton McCandlish) Date: Thu, 22 Apr 93 19:56:39 PDT Subject: HUMOUR: re: Wiretap chip sobriquet In-Reply-To: <199304222206.AA14436@well.sf.ca.us> Message-ID: <9304230256.AA06274@hydra.unm.edu> > Actually, this is the worst named product since GM decided to name an > electric car the "Impact" (they've since announced that they're not > going to make it.) > > This device is very simply the "Privacy Clipper" chip .... Heh. Snip snip... But lets not forget a certain Finnish household cleaning product (similar to DiDi Seven), that failed DISMALLY in the English speaking world: Super Piss. No, really that was what it was called I do not lie. ANYWAY: I now have the OS/2 version of PGP available on NitV BBS (see .sig) -- Testes saxi solidi! ********************** Podex opacus gravedinosus est! Stanton McCandlish, SysOp: Noise in the Void Data Center BBS IndraNet: 369:1/1 FidoNet: 1:301/2 Internet: anton at hydra.unm.edu Snail: 8020 Central SE #405, Albuquerque, New Mexico 87108 USA Data phone: +1-505-246-8515 (24hr, 1200-14400 v32bis, N-8-1) Vox phone: +1-505-247-3402 (bps rate varies, depends on if you woke me up...:) From habs at Panix.Com Thu Apr 22 19:59:56 1993 From: habs at Panix.Com (Harry Shapiro) Date: Thu, 22 Apr 93 19:59:56 PDT Subject: Suit vs Non-Suits Message-ID: <199304230259.AA12758@sun.Panix.Com> I feel that perhaps I started this whole mess that is getting, imho, quite out of hand. I said in a post of several days ago, we need Tim M. and John G. to get out there and speak and we also need some people who wear suits. I think we need both. I agree with Perry about the desire to change things and the perception of a person gives off, etc. Still I think we need both, and since we have both people on this list, I don't see what has to really change. It would be nice to get Tim and John and a few suis to make a lobbying trip to washington. But lets stop the debate. /harry -- Harry Shapiro habs at panix.com List Administrator of the Extropy Institute Mailing List Private Communication for the Extropian Community since 1991 From MJMISKI at macc.wisc.edu Thu Apr 22 20:29:01 1993 From: MJMISKI at macc.wisc.edu (Matthew J Miszewski) Date: Thu, 22 Apr 93 20:29:01 PDT Subject: CLIP: Congress works with the Cypherpunks! Message-ID: <23042222282634@vms2.macc.wisc.edu> Cypherpunks (or cryptoprivacy professionals) :-), Hey, some good news. I just got some good information that the winds in Congress are blowing our way. In the latest "Communications Daily", the House of Reps. Telecommunications Subcommittee Chair Markey (D-Mass) has come out actively opposing the Wiretap Chip. He gave several reasons, most of them not technical but commercial. I think he could use some technical talking points too. This could be important guys. A chairman has mucho power (albeit he is only a subcom chair, but he may be well connected). I will digest the article and post it for Eric to put it on the ftp site. I will also get the vital info on this charming privacy advocate (Ill bet he wears a suit too! ;^) This is an incredible window of opportunity. Think, type, send but don't overdo it. This may be our only advocate. But he may have Senator Kennedy's ear. I guess this will test the cypherpunk effectiveness quotient. Progress. Matt mjmiski at macc.wisc.edu From anton at hydra.unm.edu Thu Apr 22 20:53:48 1993 From: anton at hydra.unm.edu (Stanton McCandlish) Date: Thu, 22 Apr 93 20:53:48 PDT Subject: PGP for Amiga Message-ID: <9304230353.AA08274@hydra.unm.edu> As I posted before, I have PGP for DOS, Unix and Mac available on my BBS. I just added the OS/2 version. Does anyone know of an Amiga version? Or any other version? I need site names and/or filenames (xarchie is a Good Thing!) Thanks in advance. -- Testes saxi solidi! ********************** Podex opacus gravedinosus est! Stanton McCandlish, SysOp: Noise in the Void Data Center BBS IndraNet: 369:1/1 FidoNet: 1:301/2 Internet: anton at hydra.unm.edu Snail: 8020 Central SE #405, Albuquerque, New Mexico 87108 USA Data phone: +1-505-246-8515 (24hr, 1200-14400 v32bis, N-8-1) Vox phone: +1-505-247-3402 (bps rate varies, depends on if you woke me up...:) From MJMISKI at macc.wisc.edu Thu Apr 22 21:01:08 1993 From: MJMISKI at macc.wisc.edu (Matthew J Miszewski) Date: Thu, 22 Apr 93 21:01:08 PDT Subject: HOUSE: Wiretap Support from Markey (D-Mass) Message-ID: <23042223002970@vms2.macc.wisc.edu> Here it is: Couldn't remember if the first two articles had been posted but I figured Eric could ftp them even if they were. The 3rd article is the one about Rep. Markey. Ill find his vital info ASAP. -----------------8<---------------------8<---------------- Communications Daily April 19, 1993, Monday Vol. 13, No. 74; Pg. 2 Clinton Sets Policy Review GOVT. WEIGHS IN ON PRIVACY-VS.-ENCRYPTION DEBATE, WITH ITS OWN TECHNOLOGY Clinton Administration Fri. announced sweeping policy directive designed to protect privacy of voice and data transmissions using govt.-developed encryption technology that ensures law enforcement agencies will have ability to eavesdrop. Encyrption is achieved through use of " Clipper Chip" that will be built into telephones, computers, fax machines. Although govt. will adopt new chip as its standard, use in private sector will be on voluntary basis. AT&T Fri. became first company to announce publicly support of Clipper Chip. "We believe it will give our customers far greater protection in defeating hackers or eavesdroppers in attempting to intercept a call," said AT&T Vp Secure Communications Systems Edward Hickey. Govt. already has purchased some evaluation units from AT&T with Clipper Chip installed, said Raymond Kramer, acting dir. of National Institute of Standards & Technology (NIST). Govt. expects to purchase "well over the thousands" of such Clipper Chip units, he said, but he couldn't give figures for how many it might buy from AT&T. AT&T spokesman said products with Clipper Chip included will be available commercially in 2nd quarter. President Clinton Thurs. signed Top Secret National Security Directive outlining details of privacy and encryption policy review. Review will bring together industry and govt. experts under direction of National Security Council in attempt to resolve long-running controversy on right of businesses and citizens to protect all forms of communication and govt. right to conduct lawful investigations. Review will take 3-4 months, NIST's Kramer said. Law enforcement agencies are concerned about rising popularity of digital encryption methods. Multinational businesses, worried about economic espionage, increasingly are incorporating encryption technology for all communications. Law enforcement agencies have voiced growing concern that if they don't move quickly to enact laws assuring them access to encrypted and digital communications, they will be at decided disadvantage in attempting to thwart criminal acts. FBI spokesman James Kallstrom acknowledged that "not many" criminals today are using encryption to skirt law, but putting methods in place now to assure means of intercepting such communications "is vital" to law enforcement's mission. Encryption program will be available to any vendor that wants to manufacture chips, Kramer said. However, company that developed and designed chip under sole-source contract from National Security Agency (NSA) -- Mykotronx, Torrance, Cal. -- has solid lead on market. Kramer acknowledged job was handed to it with NSA's full approval of noncompetitive bid contract. He defended noncompetition aspect: "We went out and found the only company capable of delivering this technology." He said govt. has been using Clipper Chip technology for "a while now in classified applications," but declined to say how long it had been in use before White House announcement. Each chip will have 3 unique "keys" issued to it. When manufactured, 2 of those keys will be sent to govt. and will be held by "escrow agents." For law enforcement agency to be able descramble transmissions, it first must get court order that allows keys held in escrow to be released. Only when those keys are used in tandem can law enforcement agencies unscramble codes and listen in on conversations. Attorney Gen.'s office will "make all arrangements with appropriate entities to hold keys," White House said. Those escrow keys could be held by private organizations, govt. agencies or others, Kramer said. But only 2 entities will be chosen and will be responsible for administering data base that will store keys. Attorney Gen.'s office is expected to select escrow key holders "within a couple of weeks," Kramer said. Plan already is drawing fire from civil liberties groups and privacy advocates. Electronic Frontier Foundation (EFF) said White House acted "before any public comment or discussion has been allowed." It said Administration will use "its leverage to get all telephone equipment vendors to adopt" technology. EFF criticized govt.'s sole-source contract, saying there may be other companies that have better encryption technology, and because encryption algorithm is classified, it can't be tested. "The public will only have confidence in the security of a standard that is open to independent, expert scrutiny," EFF said. Privacy experts are concerned that because Clipper Chip was developed under NSA contract, it might have "backdoor" known only to NSA that would allow agency to crack code and bypass court order. Kramer disagreed: "There is positively no backdoor to this technology." Because use of Clipper Chip is entirely voluntary, businesses and private users -- including criminals -- are free to choose other means of encryption, leaving govt. and law enforcement agencies with dilemma they now face. FBI's Kallstrom acknowledged criminals still could thwart investigations if they used non- Clipper Chip products, "but most criminals aren't so smart." Ability of govt. to eavesdrop on Clipper Chip -equipped devices still doesn't solve broader problem: Ability to wiretap conversations moving across digital telecommunications lines. That problem is being addressed separately by FBI's controversial digital wiretap legislation that has failed to find congressional sponsor and is languishing in Justice Dept., waiting for support of Attorney Gen. InformationWeek April 19, 1993 PHONE CHIP BLOCKS UNWARRANTED TAPS The Clinton administration is attempting to balance privacy concerns with law enforcement agencies' ability to eavesdrop on phone conversations and data transmissions. Last week, government engineers revealed they have developed a " Clipper Chip" that can be placed in ordinary phones to encrypt phone communications. Each device containing the chip will have two unique "key" devices that together can decode those communications. One key will be held by a government agency and one by a private organization. Law enforcement officials would need warrants to obtain the keys. The Justice Department plans to purchase several thousand chips, and AT&T immediately announced it will use Clipper in all of its secure communications products. Communications Daily April 20, 1993, Tuesday Vol. 13, No. 75; Pg. 7 [...] House Telecom Subcommittee Chmn. Markey (D-Mass.) has expressed reservations about govt. use of Clipper Chip, encrypted technology that secures transmissions (CD April 19 p2). Markey wrote to Commerce Secy. Ronald Brown asking whether use of technology could lead to "inadvertently increase[d] costs to those U.S. companies hoping to serve both" govt. and private markets. Chip would be mandatory for govt. use, but optional for private sector, although companies might find greater proprietary need to protect data than govt. Markey asked Brown response to 6 questions: (1) Has algorithm been tested by any entity besides National Security Agency, National Institute of Standards & Technology or vendor supplying chip? (2) Who would hold "key" to descrambling data? (3) Does algorithm have "trap door" or "back door" that could allow someone to crack code? (4) How well would encryption devices adapt to rapidly changing telecommunications technology? (5) What would chip cost federal govt.? (6) What is Commerce Dept. assessment on cost to U.S. exporters of computer and telecommunications hardware and software. Markey said he wanted answers by April 28. [...] National Assn. of State Utility Consumer Advocates opens 2-day conference April 22 on "Telecommunications 2000: What's at Stake for Consumers in the Next Century?" at Rayburn House Office Bldg., Rm. 2168. Rep. Markey (D-Mass.) will speak. Vice President Gore is invited luncheon speaker. Three-member panels Thurs. include: 9:30 a.m. -- National Telecommunications Infrastructure, with former Rep. Tauke (R-Ia.), now Nynex govt. affairs vp. 11 a.m. -- Funding Advanced Networks, with Bell Atlantic Federal Relations Exec. Dir. Edward Lowery. 3:30 p.m. -- New Technologies, with Bell Atlantic Information Services Exec. Dir. Steven Craddock. [I know we missed Thursday but can some suits make it tomorrow?] MultiLink has developed software quality assurance package for its audioconferencing bridge known as System 70. Equipment assures multipoint teleconferences will work through simulator that generates Dual Tone MultiFrequency signals to test 2-way digitized messages over telephone lines, company said. [For those interested in DTMF stuff (I know its an aside)] Ill. Bell has begun offering Call Trace for $4 per successful trace to 56 Chicago area communities. Customers would dial *57, preserving number for Bell's Annoyance Call Bureau or police authorities, although users wouldn't see it directly. Unlike Caller ID, offer is available only on per-call basis. [UUUGGGGHHHH!!!!] Matt mjmiski at macc.wisc.edu From sward+ at cmu.edu Thu Apr 22 21:08:57 1993 From: sward+ at cmu.edu (David Reeve Sward) Date: Thu, 22 Apr 93 21:08:57 PDT Subject: CLIPPER: Explanation sheet? Message-ID: I (along with others) have some sort of phrase in our .signature saying "Stop the Clipper Chip" or somesuch. Since adding this, I have had several people ask me about this, and I have fired off an explanation to them. I am wondering if there is a Wiretap Chip Explanation Sheet to send to people instead of trying to make sure I remember everything (and without double-checking everything I say). Has anyone written such a beast? -- David Sward sward+ at cmu.edu Finger or email for PGP public key 3D567F Stop the Big Brother Chip - Just say NO to the Clipper "Wiretap" Chip! From norm at netcom.com Thu Apr 22 21:40:43 1993 From: norm at netcom.com (Norman Hardy) Date: Thu, 22 Apr 93 21:40:43 PDT Subject: If strong crypto were illegal Message-ID: <9304230440.AA23805@netcom2.netcom.com> Curriously the chip ostensibly makes it nearly impossible for the government to prove that you are using strong crypto on top of skipjack (Clipper). From norm at netcom.com Thu Apr 22 21:40:55 1993 From: norm at netcom.com (Norman Hardy) Date: Thu, 22 Apr 93 21:40:55 PDT Subject: If strong crypto were illegal Message-ID: <9304230441.AA23828@netcom2.netcom.com> Curriously the chip ostensibly makes it nearly impossible for the government to prove that you are using strong crypto on top of skipjack (Clipper). I suppose that the a govenrment agency could use a trap-door to discover that plain text was not plain, then get a warrant, then present evidence that you were using strong crypto. Such might eventually lend credence to the belief that there was a trap-door. From mckang at solomon.technet.sg Thu Apr 22 21:42:05 1993 From: mckang at solomon.technet.sg (Kang Meng Chow) Date: Thu, 22 Apr 93 21:42:05 PDT Subject: OSF's DCE Message-ID: Can anyone tell me what is OSF's DCE, pls. And where can I find more information regarding DCE. Any ftp site carrying documentation on the DCE? Thanks. Kang From mccoy at ccwf.cc.utexas.edu Thu Apr 22 21:59:40 1993 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Thu, 22 Apr 93 21:59:40 PDT Subject: New Algorithm... In-Reply-To: <19930422204625.1.MEYER@OGHMA.MCC.COM> Message-ID: <9304230459.AA18293@tigger.cc.utexas.edu> > Date: Thu, 22 Apr 1993 15:46-0500 > From: Peter Meyer > > Date: Thu, 22 Apr 1993 15:07 CDT > From: "Perry E. Metzger" > > "Haywood J. Blowme" says: > [Lots about some J. Random Companies encryption chip] > > All fine and well, but since we have IDEA already, why should we want > it? For virtually all applicatons these days other than fully > encrypting network traffic, software is fine. DES implementations in > software can handle 1.5 Mbit/s on reasonable machines. [...] > [...] > > > There are lots of other things to be considered besides the algorithm > itself when designing good encryption software, e.g. if someone > accidentally yanks out the power cord to the computer during decryption > do you kiss goodbye to the data? Well, what if I need to the capability of doing 5-10 Mbyte/s? I am still haisng out a few design details of a "secure" BSD using encryption of the filesystem before I hit the code and right now this particular issue is one that I have still not worked out. I need it in hardware. Software is just not fast enough and I a not sure how much work it will require to get a DES card to do E(K1,D(K2,E(K1,x))) if I want to use 128 bit keys. Does anyone know if there is a hardware implementation of IDEA or another algorithm of suitable cryptographic strength available in a card or chip? Then again, maybe I could use a clipper chip... (big ;-) jim From warlord at MIT.EDU Thu Apr 22 22:35:54 1993 From: warlord at MIT.EDU (Derek Atkins) Date: Thu, 22 Apr 93 22:35:54 PDT Subject: MEET: Boston Area Cypherpunks Message-ID: <9304230535.AA14679@deathtongue> ANNOUNCEMENT: In lieu of the recent happenings in the cryptography field, and the Bay Area Cypherpunks meeting, I would like to call to order, an ad-hoc Boston Area Cypherpunks meeting. This meeting is to talk about the Wiretap Chip proposal, and to try to coordinate a counter-attack to the proposal. I hope to have an audio link to the west-coasters, encrypted (of course), so we can discuss these issues together. Place: MIT, Room 1-115, Cambridge. When: 3:00 pm - 9ish Please attend if you have any interest in this topic... DIRECTIONS: To get to MIT, room 1-115: via car: have fun! Building 1 is located right on Mass Ave., close to Memorial Drive. You can try to park anywhere around the area, if you can find a spot. via T: get off at kendall sq. (red line), and walk west... cross Ames St., and keep walking west. Enter the infinite corridor when you cannot walk outside any further, and keep walking west. Once you get into Lobby 7 (a big cathedral-like entryway at 77 Mass. Ave) there will be signs directing you to 1-115. See you there. If you need any more assistance, please feel free to send me e-mail, or call me at 868-4469... -derek From bobanderson%dlu.dnet at net.Vanderbilt.Edu Thu Apr 22 22:48:04 1993 From: bobanderson%dlu.dnet at net.Vanderbilt.Edu (boB -- Geekey Student Worker) Date: Thu, 22 Apr 93 22:48:04 PDT Subject: Request Message-ID: <9304230547.AA08681@net.Vanderbilt.Edu> Please put me on the cypherpunks mailing list Bob From a2 at well.sf.ca.us Thu Apr 22 23:06:32 1993 From: a2 at well.sf.ca.us (Arthur Abraham) Date: Thu, 22 Apr 93 23:06:32 PDT Subject: Meets 'n Greets Message-ID: <199304230606.AA07005@well.sf.ca.us> Craig Nottingham wrote: >In addition a thought that many people are overlooking- the wiretap chip >transmissions of encrypted data would make a perfect envelope for the >transfer of more secure information encrypted with powerful encryption >schemes. There would be no easy way to tell the diffence between >pre-encypted transmissions and wiretap chip encrypted conversation. If I was the LE and unwrapped a Privacy Clipper wrapper and found further encryption, I'd know I had found "probable cause" to... -a2. From warlord at MIT.EDU Thu Apr 22 23:25:24 1993 From: warlord at MIT.EDU (Derek Atkins) Date: Thu, 22 Apr 93 23:25:24 PDT Subject: MEET: Boston Area Cypherpunks Message-ID: Oops.. I forgot to mention a date in my last message... The date of the meeting is THIS SATURDAY, 24 April, 1993. Sorry for any confusion... See you there... -derek From wixer!wixer.bga.com!gumby at cactus.org Thu Apr 22 23:44:09 1993 From: wixer!wixer.bga.com!gumby at cactus.org (Douglas Barnes) Date: Thu, 22 Apr 93 23:44:09 PDT Subject: Mass producing chips In-Reply-To: <9304222251.AA25007@ss2138.cirrus.com> Message-ID: <9304230302.AA15092@wixer> I wrote: > How are they going to produce them at these prices and in that quantity > given the "baroque activities in the vault" described by Denning? > > Doug (gumby at wixer.bga.com) > My point was that given the additional escrow security measures described by D. Denning, I don't see how these prices or volumes will be possible. It is possible that: 1) Denning is describing the process incorrectly, or was merely outlining how the chips would be produced in the best of all possible worlds. 2) The manufacturer actually has many such vaults, and the escrow agencies will provide sufficient staff and disposable laptop computers at no charge to the manufacturer. 3) The chips will not, in fact, be produced in substantial volume (e.g. >1M / year would require over 3,000 "sessions" per working day) You responded: > Assuming that there is some EEPROM, or bipolar fuse PROM (like PALs) they can > easily be programmed during the final (packaged) test stage. After the device > passes its tests, give it a number. There are already some PALs that have a > "silicon signature", a lot number embedded on the chip, which allows process > or lot tracing of devices that don't work up to spec. > > Testing on peripheral controllers is well below 5 seconds each (gross ballpark - > not giving away any secrets here) CPUs may be more, but a "wire-tap" chip > should be much easier to test than a CPU. Testers can run close to 24 hours > a day, and 24*3600/5 is 17,000 chips a day from one test head. QFP trays have > 50 chips/tray, and since the tester knows when the trays are full, it can easily > use this to form lot/tray/batch,etc numbers, as well as individual device numbers. > (all of which I am familiar with) I was referring to: [... from D. Denning's sci.crypt posting ...] All Clipper Chips are programmed inside a SCIF (secure computer information facility), which is essentially a vault. The SCIF contains a laptop computer and equipment to program the chips. About 300 chips ^^^^^^^^^^^ are programmed during a single session. The SCIF is located at ^^^^ suggests only one vault Mikotronx. At the beginning of a session, a trusted agent from each of the two key escrow agencies enters the vault. Agent 1 enters an 80-bit value S1 into the laptop and agent 2 enters an 80-bit value S2. These values serve as seeds to generate keys for a sequence of serial numbers. [... technical info on key generation deleted ...] As a sequence of values for U1, U2, and U are generated, they are written onto three separate floppy disks. The first disk contains a file for each serial number that contains the corresponding key part U1. The second disk is similar but contains the U2 values. The third disk contains the unit keys U. Agent 1 takes the first disk and agent 2 takes the second disk. The third disk is used to program the chips. After the chips are programmed, all information is discarded from the vault and the agents leave. The laptop may be destroyed for additional ^^^^^^^^^^^^^^^ assurance that no information is left behind. The protocol may be changed slightly so that four people are in the room instead of two. The first two would provide the seeds S1 and S2, and the second two (the escrow agents) would take the disks back to the escrow agencies. From gnu Thu Apr 22 23:50:02 1993 From: gnu (John Gilmore) Date: Thu, 22 Apr 93 23:50:02 PDT Subject: CRYPTO '93 - Conference Announcement & Final Call for Papers Message-ID: <9304230649.AA23157@toad.com> I recommend this conference. It's cheap to attend, you'll meet almost all the world-class cryptographers there are (out in the open, as well as some of the spooks), the food is great, and the campus is a fun place to visit. Everything is in walking distance, and the ocean and cliffs are right there. As well as a lot of interesting people and discussions. I wouldn't submit a paper unless it was a serious academic paper, but you could submit a "rump session" talk about some of the cypherpunk activities you've been doing. You'll get five or ten minutes to explain and handle questions, with overhead slides. The presentations have ranged from how to break DES (Adi Shamir & Eli Biham) to ideas about building MSDOS viruses that would infect millions of PC's to do brute force crypto cracking (Steve White of IBM, I think). I've spoken at two of the last three rump sessions about one or another social or political aspect of cryptography. Whit Diffie chairs the rump session, which is held after dinner with beer and wine, and you can send him proposals for your talk by email (diffie at eng.sun.com). John ............................................................................ CRYPTO '93 - Conference Announcement & Final Call for Papers ............................................................................ The Thirteenth Annual CRYPTO Conference, sponsored by the International Association for Cryptologic Research (IACR), in cooperation with the IEEE Computer Society Technical Committee on Security and Privacy, the Computer Science Department of the University of California, Santa Barbara, and Bell-Northern Research (a subsidiary of Northern Telecom), will be held on the campus of the University of California, Santa Barbara, on August 22-26, 1993. Original research papers and technical expository talks are solicited on all practical and theoretical aspects of cryptology. It is anticipated that some talks may also be presented by special invitation of the Program Committee. - ------------------------- INSTRUCTIONS FOR AUTHORS: Authors are requested to send 12 copies of a detailed abstract (not a full paper) by April 26, 1993, to the Program Chair at the address given below. A limit of 10 pages of 12pt type (not counting the bibliography or the title page) is placed on all submissions. Submissions must arrive on time or be postmarked no later than April 21, 1993 and sent by airmail in order to receive consideration by the Program Committee. It is required that submissions start with a succinct statement of the problem addressed, the solution proposed, and its significance to cryptology, appropriate for a non-specialist reader. Technical development directed to the specialist should follow as needed. - ------------------------- Abstracts that have been submitted to other conferences that have proceedings are NOT eligible for submission. Submissions MUST BE ANONYMOUS. This means that names and affiliations of authors should only appear on the title page of the submission; it should be possible to remove this page and send the papers to Program Committee members. A Latex style file that produces output in this format is available by email from the Program Chair. Authors will be informed of acceptance or rejection in a letter mailed on or before June 21, 1993. A compilation of all accepted abstracts will be available at the conference in the form of pre-proceedings. Authors of accepted abstracts will be allowed to submit revised versions for the pre-proceedings. A revised abstract should contain only minor changes and corrections to the originally submitted abstract. All revised abstracts must be received by the Program Chair by July 16, 1993. THE 10 PAGE LIMIT WILL BE STRICTLY ENFORCED for the pre-proceedings. Complete conference proceedings are expected to be published in Springer- Verlag's Lecture Notes in Computer Science series at a later date, pending negotiation. - ------------------------- The Program Committee consists of D. Stinson (Chair, Nebraska) M. Bellare (IBM T. J. Watson) E. Biham (Technion, Israel) E. Brickell (Sandia National Labs) J. Feigenbaum (AT&T Bell Labs) R. Impagliazzo (UCSD) A. Odlyzko (AT&T Bell Labs) T. Okamoto (NTT, Japan) B. Pfitzmann (Hildesheim, Germany) R. Rueppel (R3, Switzerland) S. Vanstone (Waterloo, Canada) - ------------------------- Send submissions to the Program Chair: Douglas R. Stinson, Crypto '93 Computer Science and Engineering Department 115 Ferguson Hall, University of Nebraska Lincoln, NE 68588-0115 USA Telephone: (402)-472-7791 Fax: (402)-472-7767 Internet: stinson at bibd.unl.edu For other information, contact the General Chair: Paul C. Van Oorschot, Crypto '93 Bell-Northern Research (MAIL STOP 000) 3500 Carling Ave. Nepean, Ontario K2H 8E9 Canada Telephone: (613)-763-4199 Fax: (613)-763-2626 Internet: crypto93 at bnr.ca ............................................................................ CRYPTO '93 - General Information (August 22 - 26, 1993) ............................................................................ THE PROGRAM: Crypto'93 is the thirteenth in a series of workshops on cryptology held at Santa Barbara, and is sponsored by the International Association for Cryptologic Research, in cooperation with the IEEE Computer Society Technical Committee on Security and Privacy, the Computer Science Department of the University of California, Santa Barbara, and Bell-Northern Research (a subsidiary of Northern Telecom). The program for the workshop will cover all aspects of cryptology. Extended abstracts of the papers presented at the conference will be distributed to all attendees at the conference, and formal proceedings will be published at a later date. In addition to the regular program of papers selected or invited by the program committee, there will be a rump session on Tuesday evening for informal presentations. Facilities will also be provided for attendees to demonstrate hardware, software and other items of cryptographic interest. If you wish to demonstrate such items, you are urged to contact the General Chair so that your needs will be attended to. The social program will include hosted cocktail parties on Sunday and Monday. In addition, there will be a beach barbecue on We