From khijol!erc at apple.com Sun Aug 1 01:01:03 1993 From: khijol!erc at apple.com (Ed Carp) Date: Sun, 1 Aug 93 01:01:03 PDT Subject: D. Bernstein's Open Letter on NIST-PKP-DSA In-Reply-To: <9308010625.AA13452@longs.lance.colostate.edu> Message-ID: > Someone flamed once over including Usenet (esp. sci.crypt) postings What was their rationale? I'd rather see relevent postings reposted here- damnit, I don't have *time* to read 280MB a week of news! What's the person's problem who flamed you? -- Ed Carp, N7EKG erc at apple.com 510/659-9560 If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From khijol!erc at apple.com Sun Aug 1 01:02:06 1993 From: khijol!erc at apple.com (Ed Carp) Date: Sun, 1 Aug 93 01:02:06 PDT Subject: Anon remailer to USENET gate bogus In-Reply-To: Message-ID: > I have been experimenting the past few days with anon remailer to USENET > gateway systems to see what the results would be -- nada. I used Chael's > BSU system (nowhere at bsu-cs.bsu.edu) to attempt a usenet post which never > (magically?) appeared in the desired group (alt.privacy, I believe). I > waited for several days for the post, but nada, zilch, zero. I retried > the bsu remailer with a test message to make sure it was still active, > and yes, it seemed to work perfectly. My guess is that the usenet gateway > at utexas refuses anon e-mail. Anyone got any other suggestions? I > haven't tried any other gateways -- yet. You're right. Fletcher Mattox disabled anonymous posts a while back. :( -- Ed Carp, N7EKG erc at apple.com 510/659-9560 If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From ckchiu at cs.cuhk.hk Sun Aug 1 01:51:03 1993 From: ckchiu at cs.cuhk.hk (Chiu Chong-kan) Date: Sun, 1 Aug 93 01:51:03 PDT Subject: Any UNIX security references/mailing-lists ? Message-ID: <9308010852.AA07244@cucs18.cs.cuhk.hk> Hi, Can anyone suggest some good references/mailing-lists about UNIX security ? I've already read lots of popular papers/books, such as "practical unix security", "improving UNIX security",internet worm, race condition to gain root permission, phrack(25), CERT, etc. I heard that there exists some references circulated among the SAs only, such as Neil Gorsuch mailings, right ? I doubt if there any way to get some ? -- Chong-kan Chiu The Chinese University of Hong Kong Shatin, Hong Kong E-mail address : ckchiu at cs.cuhk.hk From fergp at sytex.com Sun Aug 1 03:18:27 1993 From: fergp at sytex.com (Paul Ferguson) Date: Sun, 1 Aug 93 03:18:27 PDT Subject: Computer Systems Laboratory Newsletter, Aug '93 Message-ID: <928k8B1w165w@sytex.com> FYI - A LETTER FROM THE COMPUTER SYSTEMS LABORATORY August 1993 TRACKING DEVELOPMENTS IN TRUSTED SYSTEMS The 16th National Computer Security Conference, to be held September 20-23, 1993, at the Baltimore Convention Center, will dedicate a full track to Information Technology (IT) Security Criteria and Evaluation. The track will expand on the collaborative effort between the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) to develop a security criteria document suitable for use by both government and industry. The objectives are to enhance the development and evaluation of IT products with security features and to develop an extensible and flexible framework for defining new requirements for IT security products that will be used by the international IT community. The new track will focus on IT security criteria efforts over the last year. An introduction to the Federal Criteria will be followed by tutorials on protection profile development and the potential ways in which profiles may be reviewed and registered for use by product developers, customers, and evaluators. Other panel discussions will include a comparison of the current evaluation processes in North America and Europe and a report on the status and plans for a commercial security evaluation process in the U.S. The track will also feature a panel discussion on a new international project to develop common IT security criteria that will align existing national criteria. NIST and NSA officials announced the project during the Federal Criteria Invitational Workshop, held on June 2-3, 1993. The project is a joint activity of the governments of the U.S., Canada, and European nations. Six government IT security officials from these nations have formed the Common Criteria Editorial Board (CCEB). Presenting their perspectives, CCEB panel members will describe their work, the starting documents, and the timetable for planned draft criteria, review, and trial use periods. Ellen Flahavin, coordinator for the Criteria and Evaluation track, expects IT professionals from around the world to attend these sessions. For specific information on the track, contact Ellen at NIST, Computer Systems Laboratory, POLY A241, Gaithersburg, MD 20899-0001, telephone (301) 975-3871. For general information on the computer security conference, see the Upcoming Technical Conferences section of the newsletter. We welcome your participation in the 16th National Computer Security Conference and look forward to seeing you at the Baltimore Convention Center at the Inner Harbor in September. FEDERAL INFORMATION PROCESSING STANDARDS (FIPS) ACTIVITIES Secure Hash Standard Approved for Federal Agency Use On May 11, 1993, the Secretary of Commerce approved FIPS 180, Secure Hash Standard, for use by federal agencies in protecting unclassified information that is not subject to section 2315 of Title 10, United States Code, or section 3502(2) of Title 44, United States Code. To be effective October 15, 1993, FIPS 180 specifies a Secure Hash Algorithm (SHA) which can be used to generate a condensed representation of a message called a message digest. The SHA is required for use with the planned Digital Signature Algorithm (DSA) and whenever a secure hash algorithm is required for federal applications. Private and commercial organizations are encouraged to adopt and use the standard. The SHA is used by both the transmitter and intended receiver of a message in computing and verifying a digital signature. Appropriate applications of the SHA include electronic mail, electronic funds transfer, software distribution, data storage, and other applications which require data integrity assurance and data origin authentication. The SHA may be implemented in software, firmware, hardware, or any combination. Implementations of the SHA will be validated by NIST. Secretary of Commerce Approves POSIX Revision FIPS 151-1, POSIX: Portable Operating System Interface for Computer Environments, has been revised to adopt International Standard ISO/IEC 9945-1:1990, Information Technology--Portable Operating System Interface (POSIX)--Part 1: System Application Program Interface (API) [C Language] which defines a C programming language source interface to an operating system environment. Effective October 15, 1993, the revised standard will be published as FIPS 151-2 and supersedes FIPS 151-1 in its entirety. FIPS 151-2 will maximize the federal return on investment in generating or purchasing computer programs by enhancing operating system compatibility. Computer Graphics Metafile (CGM) Standard Revised The Secretary of Commerce approved a revision to FIPS 128, CGM, which will be published as FIPS 128-1. The revised standard adopts the redesignated version of the CGM standard known as ANSI/ISO 8632.1-4:1992; adds a requirement for the use of profiles which define the options, elements, and parameters of ANSI/ISO 8632 necessary to accomplish a particular function and to maximize the probability of interchange between systems implementing the profile; and adopts the first such profile, the military specification MIL-D-28003A, November 15, 1991, known as the CALS (Computer-aided Acquisition and Logistic Support) CGM Application Profile. FIPS 128-1 is a graphics data interface standard which specifies a file format suitable for the description, storage, and communication of graphical (pictorial) information in a device- independent manner. The standard facilitates the transfer of graphical information between different graphical software systems, different graphical devices, and different computer graphics installations. The revised standard becomes effective October 15, 1993. The use of the CGM Application Profile is mandatory October 15, 1994. We encourage agencies to use the application profile in acquisitions initiated during this period. Revision of FIPS for Database Language SQL On May 12, 1993, the Secretary of Commerce approved a substantial enhancement of FIPS 127-1, SQL. Effective December 3, 1993, the revised standard will be published as FIPS 127-2 and replaces FIPS 127-1 in its entirety. FIPS 127-2 is mandatory for all federal procurements of relational model database management systems. The revised SQL standard adds significant new features for schema definition, diagnostics management, integrity constraints, and international character set support, as well as new data types, new table operations, and enhanced data manipulation expressions. A new Information Schema makes all schema data available to applications. FIPS 127-2 is specified in four separate conformance levels: Entry SQL, Transitional SQL, Intermediate SQL, and Full SQL. Although only Entry SQL is required, initially, for conformance to FIPS 127-2, a higher conformance level may be specified as mandatory in individual agency procurements. The NIST SQL Test Suite, Version 4.0, provides conformance tests for the Entry SQL level of FIPS 127-2. Future versions of the test suite will evaluate other FIPS SQL conformance levels. We invite you to call Joan Sullivan on (301) 975-3258 for order information on the NIST SQL Test Suite. Input/Output Interface Standards Withdrawn Effective May 11, 1993, eight FIPS have been withdrawn because the technical specifications that they adopt are obsolete and are no longer supported by industry. The standards include: -- FIPS 60-2, I/O Channel Interface, revised December 18, 1990. -- FIPS 61-1, Channel Level Power Control Interface, revised December 18, 1990. -- FIPS 62, Operational Specifications for Magnetic Tape Subsystems, revised December 18, 1990. -- FIPS 63-1, Operational Specifications for Variable Block Rotating Mass Storage Subsystems, revised December 18, 1990; Supplement to FIPS 63-1, Additional Operational Specifications for Variable Block Rotating Mass Storage Subsystems, revised December 18, 1990. -- FIPS 97, Operational Specifications for Fixed Block Rotating Mass Storage Subsystems, revised December 18, 1990. -- FIPS 111, Storage Module Interfaces (with extensions for enhanced storage module interfaces), revised December 18, 1990. -- FIPS 130, Intelligent Peripheral Interface (IPI), revised December 18, 1990. -- FIPS 131, Small Computer System Interface (SCSI), revised December 18, 1990. UPDATE ON NEW PUBLICATIONS CSL publishes the results of studies, investigations, and research. The reports listed below may be ordered from the following sources as indicated for each: *Superintendent of Documents U.S. Government Printing Office (GPO) Washington, DC 20402 Telephone (202) 783-3238 *National Technical Information Service (NTIS) 5285 Port Royal Road Springfield, VA 22161 Telephone (703) 487-4650 The First Text REtrieval Conference (TREC-1) D. K. Harman, Editor NIST Spec. Pub. 500-207 March 1993 SN003-003-03207-7 $29.00 Order from GPO This report constitutes the proceedings of the first Text REtrieval Conference (TREC-1) held November 4-6, 1992. Cosponsored by NIST and the Defense Advanced Research Projects Agency (DARPA), the conference was the first in an ongoing series of workshops to evaluate new technologies in text retrieval. Software Error Analysis By Wendy W. Peng and Dolores R. Wallace NIST Spec. Pub. 500-209 March 1993 SN003-003-03212-3 $7.00 Order from GPO This document provides the software engineering community with current information regarding error analysis for software. It assists users by describing how error analysis can improve the software development process and provides guidelines for the evaluation of high-integrity software. The DARPA TIMIT Acoustic Phonetic Continuous Speech Corpus CD-ROM [TIMIT] By John S. Garofolo, Lori F. Lamel, William M. Fisher, Jonathan G. Fiscus, David S. Pallett, and Nancy L. Dahlgren NISTIR 4930 February 1993 PB93-173938 $19.50 paper Order from NTIS $ 9.00 microfiche This document presents the documentation supporting the DARPA TIMIT (Texas Instruments/Massachusetts Institute of Technology) Acoustic-Phonetic Continuous Speech Corpus released on CD-ROM in October 1990 (NIST Speech Disc 1-1.1). An International Survey of Industrial Applications of Formal Methods Volume 1: Purpose, Approach, Analysis, and Conclusions; Volume 2: Case Studies By Dan Craigen, Susan Gerhart, and Ted Ralston NIST GCR 93/626 March 1993 PB93-178556(vol.1) $27.00 paper PB93-178564(vol.2) $17.50 microfiche Order from NTIS This two-volume study evaluates international industrial experience in using formal methods and presents cases representative of industrial-grade projects which span a variety of application domains. Building Hadamard Matrices in Steps of 4 to Order 200 By Nathalie Drouin NISTIR 5121 April 1993 PB93-189835 $17.50 paper Order from NTIS $ 9.00 microfiche This report describes the construction of Hadamard matrices for use in generating statistical plans of analysis for the synthetic perturbation tuning technique of program sensitivity analysis. Computer Systems Laboratory Annual Report--1992 By Elizabeth B. Lennon, Shirley Radack, and Ramona Roach NISTIR 5127 December 1992 PB93-181873 $19.50 paper Order from NTIS $12.50 microfiche This report describes the 1992 computer and related telecommunications activities of NIST's Computer Systems Laboratory. Using Synthetic-Perturbation Techniques for Tuning Shared Memory Programs By Robert Snelick, Joseph Ja'Ja', Raghu Kacker, and Gordon Lyon NISTIR 5139 March 1993 PB93-178572 $17.50 paper Order from NTIS $ 9.00 microfiche This paper explains the synthetic-perturbation tuning (SPT) methodology which is based on an empirical approach that introduces artificial delays into the multiple-instruction, multiple-data (MIMD) program. It also addresses specific features that are the main source of poor performance on the shared memory programming model. Detailed Design Specification for Conformance Testing of Computer Graphics Metafile (CGM) Interpreter Products Daniel R. Benigni, Editor NISTIR 5146 March 1993 PB93-178580 $19.50 paper Order from NTIS $ 9.00 microfiche This report presents a detailed design specification for determining conformance of CGM Interpreter Products to the requirements of Federal Information Processing Standard (FIPS) 128, CGM, and the Military Specification MIL-D-28003A. The work supports the Computer-aided Acquisition and Logistic Support (CALS) initiative of the Department of Defense. Statistical Analysis of Information Content for Training Pattern Recognition Networks By C.L. Wilson NISTIR 5149 March 1993 PB93-178861 $17.50 paper Order from NTIS $ 9.00 microfiche This report provides an analysis, based upon statistical models of neural networks, of the data content for training pattern recognition systems. Minimum Security Requirements for Multi-User Operating Systems By David Ferraiolo, Nickilyn Lynch, Patricia Toth, David Chizmadia, Michael Ressler, Roberta Medlock, and Sarah Weinberg NISTIR 5153 March 1993 PB93-185999 $17.50 paper Order from NTIS $ 9.00 microfiche This document provides basic commercial computer system security requirements applicable to both government and commercial organizations. These requirements form the basis for the commercially oriented protection profiles in Volume II of the draft Federal Criteria for Information Technology Security document (known as the Federal Criteria). Comparative Performance of Classification Methods for Fingerprints By G.T. Candela and R. Chellappa NISTIR 5163 April 1993 PB93-184273 $17.50 paper Order from NTIS $ 9.00 microfiche This study compares the results of several pattern classifiers as tested on NIST Special Database 4, which consists of fingerprint images produced from two rollings of each of 2000 different fingers. The classifiers tested are drawn from traditional pattern recognition literature as well as neural network literature. NIST Scoring Package Certification Procedures in Conjunction with NIST Special Databases 2 and 6 By Michael D. Garris NISTIR 5173 April 1993 PB93-188126 $17.50 paper Order from NTIS $ 9.00 microfiche This document presents procedures developed by CSL to promote compliance with existing Scoring Package file formats. CSL strongly encourages Scoring Package certification to maximize the successful scoring of recognition system data. Optimization of Adaptive Resonance Theory Network With Boltzmann Machine By Omid M. Omidvar and Charles L. Wilson NISTIR 5176 April 1993 PB93-188134 $17.50 paper Order from NTIS $ 9.00 microfiche This report presents optical character recognition research which combines Boltzmann methods and the Adaptive Resonance Theory (ART) to generate small testing networks which achieve reduced training error and improved network speed applicable to the optimization of large neural networks. Computer Graphics Metafile (CGM) Test Requirements Document (Update) By Lynne S. Rosenthal NISTIR 5191 April 1993 PB93-198273 $19.50 paper Order from NTIS $ 9.00 microfiche This document updates and supplements the Computer Graphics Metafile (CGM) Test Requirements Document published in 1989 as NISTIR 4329. Revisions in FIPS 128, CGM, and MIL-D-28003A add new functionality and additional requirements, necessitating the update of the conformance test suite and tools. UPCOMING TECHNICAL CONFERENCES Digital Systems Reliability and Nuclear Safety Workshop This workshop will provide state-of-the-art information to the U.S. Nuclear Regulatory Commission (NRC) staff and to the nuclear industry from outside experts regarding potential safety issues, proposed regulatory positions, and research associated with the application of digital systems in nuclear power plants. Sponsor: Nuclear Regulatory Commission, in cooperation with NIST Dates: September 13-14, 1993 Place: Rockville Crowne Plaza Hotel, Rockville, MD Contact: Dolores Wallace (301) 975-3340 Open System Environment (OSE) Implementors Workshop (OIW) This workshop is part of a continuing series to develop implementation specifications from international standard design specifications for computer network protocols. Sponsors: NIST and the IEEE Computer Society Dates: September 13-17, 1993 December 6-10, 1993 Place: NIST, Gaithersburg, MD Contact: Brenda Gray (301) 975-3664 16th National Computer Security Conference The theme of this year's conference is "Information Systems Security: User Choices." The major emphasis will be on meeting the special needs of users and creating better security for user information technology resources. Sponsors: NIST and NSA's National Computer Security Center Date: September 20-23, 1993 Place: Baltimore Convention Center, Inner Harbor, Baltimore, MD Contacts: Irene Gilbert Perry (301) 975-3360 Dennis Gilbert (301) 975-3872 Federal Wireless Users Forum (FWUF) This new users group was established to address wireless digital interface issues in the federal government. Although focusing on the requirements of federal wireless telecommunication users, the forum encourages the participation of state and local government, other interested users, product providers, and service providers. Sponsors: NIST and the National Communications System (NCS) Date: September 27-29, 1993 at Marriott Washingtonian Center, Gaithersburg, MD Date: January 18-20, 1994, at NIST Contact: Mary Ruhl (301) 975-2983 North American ISDN Users' Forum (NIUF) The NIUF addresses many concerns over a broad range of Integrated Services Digital Network (ISDN) issues and seeks to reach consensus on ISDN Implementation Agreements. Participants include ISDN users, implementors, and service providers. Dates: October 18-22, 1993 Place: NIST, Gaithersburg, MD Contact: Dawn Hoffman (301) 975-2937 Applications Portability Profile (APP)/Open Systems Environment (OSE) Workshop This workshop is designed as a user's forum to discuss the latest developments in the APP/OSE. Dates: November 16-17, 1993 Place: NIST, Gaithersburg, MD Contact: Joe Hungate (301) 975-3368 Paul Ferguson | "Government, even in its best state, Network Integrator | is but a necessary evil; in its worst Centreville, Virginia USA | state, an intolerable one." fergp at sytex.com | - Thomas Paine, Common Sense I love my country, but I fear its government. From frissell at panix.com Sun Aug 1 04:57:09 1993 From: frissell at panix.com (Duncan Frissell) Date: Sun, 1 Aug 93 04:57:09 PDT Subject: "Village Voice" Article i Message-ID: <199308011155.AA22970@panix.com> To: cypherpunks at toad.com T >The "Voice" is not a technophilic mag like T >"Wired," so the social T >implications are handled differently. I think T >their readers will be T >well-served. T >-Tim May I didn't like being called a neo-luddite, however. I don't see many paralells between extropianism and cypherpunks and Ned Lud. Duncan Frissell -- You don't have to be nice to nation states you meet on the way up if you're not coming back down. --- WinQwk 2.0b#0 From elee9sf at Menudo.UH.EDU Sun Aug 1 09:37:12 1993 From: elee9sf at Menudo.UH.EDU (elee9sf at Menudo.UH.EDU) Date: Sun, 1 Aug 93 09:37:12 PDT Subject: Anon remailer to USENET gate bogus Message-ID: <199308011634.AA13308@Menudo.UH.EDU> > and yes, it seemed to work perfectly. My guess is that the usenet gateway > at utexas refuses anon e-mail. Anyone got any other suggestions? I This could very well be. An associate of mine :-) discovered that anonymous posts made via remailers concerning the student suspension at UH (traffic on comp.admin.policy and alt.comp.acad-freedom.talk a few weeks ago) stopped showing quite suddenly. On the other hand, be advised that the gateway at UTexas doesn't post to all groups - I tried posting to alt.security once, only to have the post returned to me with a note "group renamed to comp.security.misc". So if anonymous posts are filtered - how is it being done? If it is something simple like refusing posts from a username of nobody then that can be fixed easily enough. But it may block posts by taking addresses from the list of remailers. /-----------------------------------\ | Karl L. Barrus | | elee9sf at menudo.uh.edu | <- preferred address | barrus at tree.egr.uh.edu (NeXTMail) | \-----------------------------------/ From bart at netcom.com Sun Aug 1 11:57:13 1993 From: bart at netcom.com (Harry Bartholomew) Date: Sun, 1 Aug 93 11:57:13 PDT Subject: Has the other shoe dropped ? Message-ID: <9308011855.AA26646@netcom5.netcom.com> Has nobody else heard on NPR's Weekend Edition that the FBI has requested the banning of non-Clipper encryption ? Or was I really not quite awake and recalling a bad dream ? Bart From fergp at sytex.com Sun Aug 1 13:48:31 1993 From: fergp at sytex.com (Paul Ferguson) Date: Sun, 1 Aug 93 13:48:31 PDT Subject: Key Escrow and MYK-ky Mouse Message-ID: <8kZL8B1w165w@sytex.com> On Sat, 31 Jul 93 22:59:12 -0600, L. Detweiler wrote - > I don't recall seeing articles saying that the government officially > decided to stop calling Clipper Clipper, and start calling it Skipjack, > because of the trademark infringement. I wonder when this actually > happened. Just another little humiliation... Probably because the government never officially annonced it. ,-) The algoritm is _still_ called Skipjack, only the entire initiative, and the chips themselves, have seemed to been discreetly renamed. Actually, I noticed that the NIST stopped calling the plan "Clipper" and started emphatically calling the entire farce the "key-escrow" initiative when the open forum and hearing was announced in May for the Computer Systems Security and Privacy Advisory Board review held in June in Gaithersburg. A "contact" in the NIST explained that they were embarrassed by the Intergraph correlation in the "Clipper" moniker, so they just casually started calling it something else completely. As far as I'm concerned, it's still the MYK-78 and "Capstone" is still MYK-80. It sounds more militaristic, which is in keeping with the image of a Gestapo dictatorship. Cheers. Paul Ferguson | "Government, even in its best state, Network Integrator | is but a necessary evil; in its worst Centreville, Virginia USA | state, an intolerable one." fergp at sytex.com | - Thomas Paine, Common Sense I love my country, but I fear its government. From nate at VIS.ColoState.EDU Sun Aug 1 13:49:09 1993 From: nate at VIS.ColoState.EDU (CVL staff member Nate Sammons) Date: Sun, 1 Aug 93 13:49:09 PDT Subject: "Big Brother Inside" logo Message-ID: <9308012048.AA19505@vangogh.VIS.ColoState.EDU> CPs, I have just now finished my "Big Brother Inside" logo. Here is a recap: The logo was scanned in as 600dpi line-art on a Microtech scanner (logo from an ad in Time mag.). I then used Adobe Photoshop to change the size to 8.667" wide and 8" tall, at 300 dpi. At this size, I messed with the letters, and smoothed out all the aliasing bumbs that the scanner made. Short story: The logo is REALLY cool. I have a 8.667" by 8" logo and a 2" by 1.8" version (for stickers) - I envision the larger one being for T-shirts... I am investigating having Tshirts made with the logo on the front and a blurb about not using the Clipper (or is it Skipjack?) chips. Does anyone have any good ideas for what to put on the back? so far I have this: (BIG LETTERS HERE) Fight the Clipper. (Smaller letters) Arise, you have nothing to lose but your barbed wire fences! (with Tim's permission, assuming he grants it) Quis Custodiet Ipsos Custodes? Consult the EFFto find out what you can do: Electronic Frontier Foundation 1001 G Street, NW Suite 950 East Washington, DC 20001 VOX +1 202 347 5400 FAX +1 202 393 5509 Internet: eff at eff.org Anyway, I will send the files in Gif and PICT format to soda in the morning (I have been having REAL problems with sending data over the phone lately) BTW, has anyone had luck getting that guy's phone number - the one who said he could make vinyl stickers? I'll keep posting about the T-shirts... -nate sammons nate at vis.colostate.edu From julian at panix.com Sun Aug 1 14:53:32 1993 From: julian at panix.com (Julian Dibbell) Date: Sun, 1 Aug 93 14:53:32 PDT Subject: Village Voice sidebars Message-ID: <199308012152.AA20354@panix.com> Here are the two short sidebars that accompany the Village Voice article on Cypherpunks et al. Posted by and with the permission of the author. The first contains some of the more practical information that Tim May was wondering about, though it does not point anyone towards ftp sites, mailing lists, or anything as concrete as that. I didn't know whether you all would appreciate an influx of "left-biased" :-) crypto-naifs flooding in here as a result of my posting the list address, so I refrained. Also didn't think advertising locations for PGP was a good idea, given the legal hassles that might result to people doing the distribution. But if any of you think I was being overscrupulous, I encourage you to write the Voice with further information and I will do my best to see the letter gets published. BUILDING A BETTER MONKEY WRENCH Contrary to the conventional wisdom of an age gone cuckoo for ``smart'' technology, Luddism is neither dead nor beside the point -- it's just gotten smarter. The Cypherpunks and other cryptography hackers are model practitioners of a new, techno-savvy Luddism, implementing and popularizing sophisticated gadgets that could short-circuit the awesome surveillance capabilities built into cyberspace without harming its equally awesome power to connect individuals. Long-term, these brave new tools will do more to keep Big Brother out of your business than any legislation can, so you owe yourself at least a cursory understanding of how they work. The following primer should jump-start you. Read it and get smart. PUBLIC-KEY CRYPTOGRAPHY: Most encryption schemes require sender and receiver to agree on a secret encoding number, or key, before communication. This increases vulnerability, since that first message establishing the key can't itself be encrypted. Public-key systems, invented in 1975 by Ur-cypherpunk Whitfield Diffie along with Martin Hellman, have no such requirement, making them ideal for the highly snoopable channels of computer networks. In public-key crypto, everybody creates two keys, one published for all the world to read, and one kept absolutely secret. Whatever's encrypted with the first can only be unlocked with the second. Thus, if you want to send someone a secret message there's no need to make prior contact -- you just look up that person's public key and use it to encrypt the text. Current usage: The free public-key encryption program PGP is one of the most popularly deployed crypto tools in the on-line world, with PGP public keys rapidly becoming the electronic superhighway's equivalent of vanity plates. ANONYMOUS REMAILERS: These systems aim to conceal not the contents of a message but its source. A remailer is a network-connected computer that takes in e-mail, then sends it on to a destination specified in attached, encrypted instructions, thus placing a veil between sender and receiver. If the message is sent through a chain of even a few remailers, the veil quickly becomes rock solid, guaranteeing the sender's anonymity. Current usage: The Cypherpunks maintain a working anonymous remailer chain, but the most active are the one-hop systems used by participants in public on-line discussions of bondage, foot worship, and assorted other predilections they might not want their computer-literate boss/parents/neighbors to know about. DIGITAL SIGNATURES: In the fluid world of digital info, how do you verify that a message is really from whom it claims it's from? Turn public-key cryptography inside out, that's how. Have the sender encrypt the message with her private key, then let the receiver try to decrypt it with the sender's public key. If the decryption comes out clear, then the sender's identity is confirmed -- without revealing her private key or even, if the public key is attached to a pseudonymous but otherwise trustworthy on-line persona, her physical identity. This is more or less how digital signatures work. Current usage: mainly in corporate and bureaucratic settings, though all good Cypherpunks try to make a habit of e-signing their e-mail. ELECTRONIC CASH: Imagine the convenience of credit cards combined with the anonymity of cash. Imagine a microchip-equipped debit card that instantly deducts transactions from the user's bank account, yet does so without revealing the payer's identity to the payee or linking payer and payee in the bank's records. Imagine these mechanisms set loose in the world's computer nets, converting great chunks of money supply into fast, loose, digital e-cash. The wizardry of public-key crypto can make all this happen and probably will. Current usage: experimental, mostly. Denmark, however, is gearing up to implement an encrypted smart-card system, based on the ideas of crypto-hacker David Chaum, who holds patents on most e-money applications. -- TALE FROM THE CRYPTO WARS The high weirdness of the military's code-busting censorship moves peaked in World War II, but didn't end there. It was during the Gulf War, in fact, that military censors made one of the strangest additions to their already strange list of banned communications: the Navajo language. A small number of Navajos, it seems, wanted to send broadcast greetings in their native tongue to loved ones stationed overseas, but Armed Forces Radio refused to pass the messages along. Once again, the mere possibility of enemy signals lurking in the noise was too much for the censors to bear. ``We have a responsibility to control what's on the radio,'' said the lieutenant colonel in charge, ``and if I don't know what it says then I can't control it.'' In the ripest of ironies, however, it turns out that the only nation ever known to have used Navajo as a cover for secret communications was the United States itself. Throughout World War II's Pacific campaign, the Marine Corps made heavy and effective use of its Navajo codetalker units--teams of Navajo radiomen who spoke a slangy, cryptic patois difficult even for uninitiated Navajos to grasp, and ultimately impossible for the Japanese to decode. Today the codetalkers remain legendary figures on the rez and beyond -- legendary enough indeed that New Mexico congressman Bill Richardson, wielding the memory of their exploits, finally shamed Armed Forces Radio into lifting its ban and letting Navajo greetings reach the Gulf. It's a familiar story. Prized and feared for its impenetrable otherness, Navajo has met the same uneasy fate reserved for all true difference in a country that both prides itself on cultural diversity and insistently suppresses it. But in its blurring of the lines between language and secret code, Navajo's passage through the belly of the military beast hints at one way out of America's terminal cultural ambivalence. As arch-Cypherpunk John Gilmore has argued, committing to universally accessible encryption is one way for our society to finally take the ideal of diversity seriously -- backing it up ``with physics and mathematics, not with laws,'' and certainly not with the lip service it's traditionally honored with. Cryptography could guarantee us each a language of our own, which no censor, military or otherwise, could hope to silence. -- ********************************************************************* Julian Dibbell julian at panix.com ********************************************************************* From cme at ellisun.sw.stratus.com Sun Aug 1 15:17:17 1993 From: cme at ellisun.sw.stratus.com (Carl Ellison) Date: Sun, 1 Aug 93 15:17:17 PDT Subject: Sterilized medflies of crypto Message-ID: <9308012216.AA09933@ellisun.sw.stratus.com> It hit me yesterday that if the FBI succeeds in getting the Clipper chip as the de facto hardware standard for encryption, it will be like the effort to fight the Medfly infestation by releasing sterilized flies: a world full of worthless encryption chips -- ones we'd never be able to use ourselves or export, but with chips occupying the sites labeled "encryption chips go here". Meanwhile, notice how the FBI & Co. chose to milk the accusaiton that if the algorithm is secret, it might have a back door? ...ignoring the obvious security weakness in the registration itself? I have heard nothing about the registration plan -- probably never will. It's too easy for them to fight over security of algorithms. - Carl From wayner at cs.cornell.edu Sun Aug 1 16:41:10 1993 From: wayner at cs.cornell.edu (Peter Wayner) Date: Sun, 1 Aug 93 16:41:10 PDT Subject: Recent AP story... Message-ID: <9308012340.AA18800@leo.cs.cornell.edu> Apparently, a recent Congressional investigation has revealed widespread misuse of the National Crime Information Center. The most scandalous case occured when an ex-officer found his ex-girlfriend using the system and killed her. In other cases, the girlfriend of a drug dealer ran all the new recruits through the system to see if they were undercover agents. In many cases, private investigators accessed the data for a number of different purposes. It is interesting to note that all of the access was caused by insiders (as a previous poster noted ). These are the people we're going to trust with the Clipper technology? -Peter From thug at phantom.com Sun Aug 1 18:02:26 1993 From: thug at phantom.com (Murdering Thug) Date: Sun, 1 Aug 93 18:02:26 PDT Subject: Sterilized Medflies of Crypto In-Reply-To: <9308012216.AA09933@ellisun.sw.stratus.com> Message-ID: Carl Ellison writes: > It hit me yesterday that if the FBI succeeds in getting the Clipper chip as > the de facto hardware standard for encryption, it will be like the effort > to fight the Medfly infestation by releasing sterilized flies: a world full > of worthless encryption chips -- ones we'd never be able to use ourselves > or export, but with chips occupying the sites labeled "encryption chips go > here". > > Meanwhile, notice how the FBI & Co. chose to milk the accusaiton that if > the algorithm is secret, it might have a back door? ...ignoring the > obvious security weakness in the registration itself? I have heard nothing > about the registration plan -- probably never will. It's too easy for them > to fight over security of algorithms. The whole argument over whether or not the algorithm is secure is a wild goose chase designed by the NSA. Yes, it's a fucking ploy in case anyone hasn't realized it. They can bring in D. Denning and a dozen other "cryptographic experts" to analyze the algorithm and say "We find this algorithm to be free of backdoors." *FIRST*, any hacker worth his weight in mud knows that an algorithmic backdoor is several hundred orders of magnitude harder to unearth than it is to create/bury in an algorithm. If Denning and the others say the algorithm is good, that doesn't mean that a backdoor doesn't exist, only that they haven't found it. *SECONDLY*, let us give the NSA and FBI the benefit of the doubt, and assume that there is no back door in the _algorithm_. HOWEVER, there is no way for us to know if a backdoor in the _chip_ will be designed onto the production IC mask, one that can disable the algorithm by remote control (a secret 64-bit code sent down the phone line to your phone telling it to turn your Skipjack chip off). Remote control of the chip is but one method of building a backdoor into the chip that has nothing to do with the algorithm, and of course there are hundreds of others. Is Denning and the crew authorized to inspect the chip fabrication IC masks that will be used for manufacturing the _actual_ chips? Assuming they are allowed to inspect the hardware design (I'm sure this will be the second wild goose chase to prove to the American public that the chip is secure), the NSA/FBI can just as easily show the "experts" the IC mask of a chip without the hardware backdoor, and then tell the manufacturers produce chips with the hardware backdoor. I hope that the press is aware of the above and are not buying into the government's bullshit and wild goose chases designed to prove something secure which inherently cannot be proved secure simply because it is manufactured in secret. I have not seen this idea mentioned in the press so I assume they are unaware of how many low down tricks the NSA is willing to stoop to in order to get this chip to be trusted by the American public. Thug From fergp at sytex.com Sun Aug 1 18:47:25 1993 From: fergp at sytex.com (Paul Ferguson) Date: Sun, 1 Aug 93 18:47:25 PDT Subject: NSA: The Eyes of Big Brother Message-ID: reprinted without permission from Claustrophobia: Claustrophobia August 1993 Volume 2, Number 7 NSA: The Eyes of Big Brother by Charles Dupree ----------------------------------------------------------- The historical of the National Security Agency (NSA) presented here includes and depends on information reported in three books. The vast majority of data on the National Security Agency comes from James Bamford's book The Puzzle Palace [1982]; all quotations are taken from Bamford unless otherwise noted. As Tim Weiner says, this book is "The best -- the only -- history of the NSA." Material about NSA's secret funding comes entirely from Weiner's Blank Check [1990], which also provided budget estimates and supporting material for other sections. The CIA and the Cult of Intelligence by Victor Marchetti and John D. Marks [1980 edition, originally published 1974], provided background information and a glimpse of the NSA from within the intelligence community but outside the agency itself. -------------------------------------------------------------- The oppressive atmosphere of Orwell's 1984 arises from the omnipresence of Big Brother, the symbol of the government's concern for the individual. Big Brother controls the language, outlawing words he dislikes and creating new words for his favorite concepts. He can see and hear nearly everything, public or private. Thus he enforces a rigid code of speech and action that erodes the potential for resistance and reduces the need for force. As Noam Chomsky says, propaganda is to democracy what violence is to totalitarianism. Control thoughts, and you can easily control behavior. U.S. history affords a prime example in the era named after Senator Joseph McCarthy, though he had many supporters in his attack on freedom of thought and speech. Perhaps his most powerful friend was J. edgar Hoover, who fed him material from Federal Bureau of Investigation (FBI) files (some of it true) which he used to attack individuals for their supposed political leanings. By the time of Watergate, the Central Intelligence Agency (CIA) had become at least as notorious as the FBI, due largely to its assassinations of foreign leaders and support for military coups around the world. The Creation of the NSA Budgetary authority for the National Security Agency (NSA) apparently comes from the Central Intelligence Act of 1949. This act provides the basis for the secret spending program known as the black budget by allowing any arm of the government to transfer money to the CIA "without regard to any provisions of the law," and allowing the CIA to spend its funds as it sees fit, with no need to account for them. Congress passed the C.I.A. Act despite the fact that only the ranking members of the Senate and House Armed Services Committees knew anything about its contents; the remaining members of Congress were told that open discussion, or even clear explanation, of the bill would be counterproductive. There were complaints about the secrecy; but in the end the bill passed the House by a vote of 348-4, and the Senate by a majority voice vote. The NSA's estimated $10 billion annual allocation (as of 1990) is funded entirely through the black budget. Thus Congress appropriates funds for the NSA not only without information on the agency's plans, but without even a clear idea of the amount it appropriates; and it receives no accounting of the uses to which the funds were put. This naturally precludes any debate about the direction or management of such agencies, effectively avoiding public oversight while spending public funds. (Weiner notes the analogy to "Taxation without representation.") Watching and Listening "The NSA has also spent a great deal of time and money spying on American citizens. For 21 years after its inception it tracked every telegram and telex in and out of the United States, and monitored the telephone conversations of the politically suspect." (Weiner, Blank Check) Due to its unique ability to monitor communications within the U.S. without a warrant, which the FBI and CIA cannot legally do, NSA becomes the center of attempts to spy on U.S. citizens. Nominally this involves only communications in which at least one terminal is outside the U.S., but in practice target lists have often grown to include communications between U.S. citizens within the country. And political considerations have sometimes become important. During the Nixon administration, for example, various agencies (e.g., FBI, CIA, Secret Service) requested that the NSA provide all information it encountered showing that foreign governments were attempting to influence or controls activities of U.S. anti-war groups, as well as information on civil rights, draft resistance/evasion support groups, radical-related media activities, and so on, "where such individuals have some foreign connection," probably not that uncommon given the reception such groups usually receive at home. Clearly it would have been illegal for those agencies to gather such information themselves without warrants, but they presumably believed that the NSA was not similarly restricted when they included on their watch lists such as Nixonian bugaboos as Eldridge Cleaver, Abbie Hoffman, Jane Fonda, Joan Biaz, Dr. Benjamin Spock, and the Rev. ralph Abernathy. Presumably the name of Dr, Martin Luther King, Jr., was removed from the list the year Nixon was elected; certainly it was a targeted name before that time. It is not feasible to determine in advance which telegrams and telephone calls will be among those the NSA is tasked with intercepting. Therefore, the NSA is normally reduced to recording all traffic on lines it is monitoring, and screening this traffic (by computer when possible) to catch targeted communications. This is called the "vacuum-cleaner approach." Also basic to this method is the "watch list" of groups and individuals whose communications should be "targeted." When a target is added to the watch list, NSA's computers are told to extract communications to, from, or about the target; the agency can then examine the selected communications and determine whether they constitute intelligence data. This list of targets usually expands to include all members of targeted groups plus individuals and groups with whom they communicate; thus it has a tendency to grow rapidly if not checked. Some requests seems a bit astonishing: during the presidency of Richard Nixon, a Quaker, J. Edgar Hoover requested "complete surveillance of all Quakers in the United States" because he thought they were shipping food and supplies to Southeast Asia. Project Shamrock Project Shamrock was initiated in 1945 by the Signal Security Agency (SSA), which eventually merged into the NSA. Until the project was terminated in 1975 to prevent investigation, Shamrock involved NSA (and its predecessors) in communications collection activities that would be illegal for agencies such as the CIA or FBI. Under Shamrock, the international branches of RCA, ITT, and Western Union provided access by SSA, and its successor NSA, to certain telegrams sent by those companies. each company's counsel recommended against involvement on legal grounds; each company requested the written opinion of the Attorney General that it was not making itself liable to legal action. However, none of them received anything in writing from anyone in the government, and they all cooperated without it. (They did get a verbal assurance from the first Secretary of Defense, James Forrestal, who said he was speaking for the President; thus they may have been concerned at his resignation just over a year later, his hospitalization within a week suffering from depression, anxiety, and paranoia, and his suicide less than two months later.) As Shamrock grew, and the NSA began to develop its own means of intercepting communications, the watch list approach became the accepted standard, since nothing less was effective or worthwhile. the intelligence community became aware that it could enter a name on the watch list more or less at will, and it would soon receive the requested material, marked classified, and gathered in within (or perhaps under cover of) the law. The Huston Plan The Huston Plan, formally known as "Domestic Intelligence Gathering Plan: Analysis and Strategy," was submitted in July 1970 to President Nixon. The goal of the plan was to relax some restrictions on intelligence gathering, apparently those of NSCID No. 6. Some parts of the intelligence community felt that these relaxations would assist their efforts. The proposals included: o allowing the NSA to monitor "communications of U.S. citizens using international facilities" (presumably facilities located in the U.S., since the NSA already had authority to monitor such communications if at least one terminal was outside U.S. territory) o intensifying "coverage of individuals and groups in the United States who pose a major threat to the internal security" o modifying restrictions "to permit selective use of [surreptitious entry] against other urgent and high priority internal security targets" as well as to procure "vitally needed foreign cryptographic material," which would have required the FBI to accept warrantless requests for such entries from other agencies ("Use of this technique is clearly illegal: it amounts to burglary. It is also highly risky and could result in great embarrassment if exposed. However, it is also the most fruitful tool and can produce the type of intelligence which cannot be obtained in any other fashion.") President Nixon approved this plan over the objection of J. Edgar Hoover and without the knowledge of Attorney General Mitchell. Hoover went to Mitchell, who had been left out of the entire process, and was consequently angry; Mitchell convinced Nixon to withdraw his approval 13 days after giving it. Project Minaret The size and complexity of the domestic watch list program became a problem, since it bordered on illegality. Project Minaret was established on July 1, 1969, to "privid[e] more restrictive control" on the domestic products, and "to restrict the knowledge that information is being collected and processed by the National Security Agency." The agency knew it was close to legal boundaries, and wanted to protect itself. Minaret continued until the fall of 1973, when Attorney General Richardson became aware of the domestic watch list program and ordered such activities stopped. As the Watergate drama played out, Congress began to hear about the NSA's projects, and within two years formally inquiring about them Uncontrolled Activities Like most intelligence agencies, the NSA uses words such as "interrupt" and "target" in a technical sense with a precise but often classified definition. This specialized language makes it difficult to legislate or oversee the activities involved. For instance, in NSA terms a conversation that is captured, decoded if necessary, and distributed to the requesting agency is not considered to be the product of eavesdropping unless one of the parties to the conversation is explicitly targeted. However, the NSA does not depend on semantic defences; it can also produce some legal arguments for exempting itself from normal requirements. On the rare occasions when NSA officials have to testify before Congress, they have claimed a mandate broad enough to require a special legal situation. In 1975, the NSA found its activities under scrutiny by the Senate Intelligence Committee, chaired by Frank Church; the House Select Committee on the Intelligence Community, under Otis Pike; and the House Government Operations Subcommittee on Government Information and Individual Rights, led by Bella Abzug. The agency was notably consistent in responding to those committees. When Lt. Gen. Lew Allen appeared before the Pike committee, he pointed out that it was the first time an NSA director had been required to testify in open session. Two days earlier, CIA director William Colby had testified that the NSA was not always able to separate the calls of U.S. citizens from the traffic it monitors. The general counsel of the NSA, Roy Banner, joined Allen as witness. he was asked if, in his opinion, the NSA could legally intercept overseas telephone calls from U.S. citizens despite the legal prohibition on wiretapping. He replied, "That is correct." The top three officers of the NSA spoke with a single voice to the Church committee. When the committee's chief counsel said to Allen, "You believe you are consistent with the statutes, but there is not any statute that prohibits your interception of domestic communications." When deputy director Buffham was asked about the legality of domestic aspects of the Huston plan, he said, "Legality? That particular aspect didn't enter into the discussions." Counsel Banner responded at least three times to similar questions that the program had been legal at the time. (Testimony took place on Oct. 29, 1975; Project Shamrock and its watch lists were halted in mid-May of that year.) The Abzug committee tried to get the story from the communications corporations that had cooperated in Project Shamrock. its hearings in late 1975 were unproductive because RCA and ITT informed the committee, two days before hearings began, that their executives would not appear without a subpoena; and a former FBI agent who had been cooperating was forbidden by his old employer from testifying. When the committee reconvened in early 1976, it issued subpoenas to three FBI special agents, plus one former agent; one NSA employee; and executives from international arms of RCA, ITT, and Western Union. President Ford prevented the five FBI/NSA people from testifying with a claim of executive privilege, and the Attorney general requested that the corporations refuse to comply with the subpoenas on the same grounds. Their testimony in spite of that request brought Project Shamrock to light less than a year after it was quickly terminated. There may have been some legal basis for the NSA claims of extra-legal status. Despite having no statutory basis or charter, the NSA has considerable statutory protection: various statutes, such as the COMINT statute, 18 U.S.C. 798; Public Law 86-36; and special provisions of the 1968 Omnibus Crime Control and safe Streets Act, exempt it from normal scrutiny, even from within the government. Thus the agency may be right in interpreting the law to say that it can do anything not specifically prohibited by the President of the National Security Council. NSCID No. 6, NSA's secret charter, includes this important exemption (according to James Bamford's reconstruction): "The special nature of Communications Intelligence activities requires that they be treated in all respects as being outside the framework of other or general intelligence activities. Orders, directives, policies, or recommendations of any authority of the Executive branch relating to the collection ... of intelligence shall not be applicable to Communications Intelligence activities, unless specifically so stated and issued by competent departmental or agency authority represented on the [U.S. Communications Intelligence] Board. Other National Security Council Intelligence Directives to the Director of Central Intelligence and related implementing directives issued by the Director of Central Intelligence shall be construed as non-applicable to Communications Intelligence unless the National Security Council has made its directive specifically applicable to COMINT." The unchecked ability to intercept and read communications, including those of U.S. citizens within the country, would be dangerous even if carefully regulated by elected officials held to a public accounting. When the method is available to officials whose names are often unknown even to Congress who work for unaccountable agencies like the NSA, it is very difficult for the intelligence community, the defense community, and the Executive to refrain form taking advantage of such easily obtained knowledge. The lack of any effective oversight of the NSA makes it possible for the agency to initiate or expand operations without authorization from higher (or even other) authority. Periodic meetings of members of the intelligence community do not constitute true oversight or public control of government; and the same is true of the provision of secret briefings to a small number of senior members of the Congress, all chosen by the intelligence community and sworn to secrecy. Oversight of such extensive communications capability is important enough; but NSA's capabilities are not necessarily limited to intercepting and decrypting communications. The NSA can also issue direct commands to military units involved in Signals Intelligence (SIGINT) operations, bypassing even the Joint Chiefs of Staff. Such orders are subject only to appeal to the Secretary of Defense, and provide the NSA with capabilities with which it could conceivably become involved in operations beyond the collection of intelligence. At least, it does not seem to be legally restrained from doing so. It appears that the only effective restraint on the NSA is the direct authority of the President, the National Security Council (NSC), the Secretary of Defense, and the U.S. Intelligence Board. Since the agency was created and chartered in secret by the President and the NSC, it can presumably be modified in secret by the same authorities. Nor is the NSA bereft of means of influence other branches of government, as Marchetti and Marks note: "A side effect of the NSA's programs to intercept diplomatic and commercial messages is that rather frequently certain information is acquired about American citizens, including members of Congress and other federal officials, which can be highly embarrassing to those individuals. This type of intercept message is handled with even greater care than the NSA's normal product, which itself is so highly classified a special security clearance is needed to see it." Complete control over a secret agency with at least 60,000 direct employees, a $10 billion budget, direct command of some military units, and the ability to read all communications would be an enormous weapon with which to maintain tyranny were it to arise. A President with a Napoleonic or Stalinistic delusion would find the perfect tool for the constant supervision of the individual by the state in the NSA; not unlike scenarios depicted in novels such as Orwell's 1984. Senator Schweiker of the Church committee asked NSA director Allen if it were possible to use NSA's capabilities "to monitor domestic conversations within the United States if some person with malintent desired to do it," and was probably not surprised by Allen's "I suppose that such a thing is technically possible." Certainly Senator Church feared the possibility: "That capability at any time could be turned around on the American people and no American would have any privacy left, such is the capability to monitor everything: telephone conversations, telegrams, it doesn't matter. There would be no place to hide. If this government ever became a tyranny, if a dictator ever took charge in this country, the technological capacity that the intelligence community has given the government could enable it to impose total tyranny, and there would be no way to fight back, because the most careful effort to combine together in resistance to the government, no matter how privately it was done, is within the reach of the government to know. Such is the capability of this technology ... I don't want to see this country ever go across the bridge. I know the capability that is there to make tyranny total in America, and we must see it that this agency and all agencies that possess this technology operate within the law and under proper supervision, so that we never cross over that abyss. That is the abyss from which there is no return..." [This concludes part one of our two-part series on the National Security Agency. Read part 2. "The NSA and the Clipper Initiative," in next month's Claustrophobia.] -------------------------------------------------------------- Charles Dupree writes user documentation for a Silicon Valley software company. In recent years he has become concerned at the intrusive power of the National Security Agency; but this is probably just the effect of his antisocial habit of reading. 8<------ Snip, snip --------- For more information on Claustrophobia, contact Dena Bruedigam at dbruedig at magnus.acs.ohio-state.edu Paul Ferguson | "Government, even in its best state, Network Integrator | is but a necessary evil; in its worst Centreville, Virginia USA | state, an intolerable one." fergp at sytex.com | - Thomas Paine, Common Sense I love my country, but I fear its government. From khijol!erc at apple.com Sun Aug 1 19:31:15 1993 From: khijol!erc at apple.com (Ed Carp) Date: Sun, 1 Aug 93 19:31:15 PDT Subject: D. Bernstein's Open Letter on NIST-PKP-DSA In-Reply-To: <9308020215.AA25380@longs.lance.colostate.edu> Message-ID: > [flaming over sci.crypt posts] > >What was their rationale? I'd rather see relevent postings reposted here- > >damnit, I don't have *time* to read 280MB a week of news! What's the person's > >problem who flamed you? > > rationale was that most people on the list also read sci.crypt. And it > is irritating for some to see the same message in multiple places, but > personally I appreciate the redunancy. I do, too! I don't have time to read sci.crypt, which has upwards of 50 messages a day posted to it. I'd much rather see relevent culls posted here. Isn't that what this list is all about, getting information out to people instead of censoring or controlling it? I'd rather delete the ones I don't wanna see, personally. I think your flamer was way off base. -- Ed Carp, N7EKG erc at apple.com 510/659-9560 If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From warlord at MIT.EDU Sun Aug 1 20:41:15 1993 From: warlord at MIT.EDU (Derek Atkins) Date: Sun, 1 Aug 93 20:41:15 PDT Subject: [sci.crypt] SKIPJACK Review, Interim Report Message-ID: <9308020340.AA25883@steve-dallas.MIT.EDU> ------- Start of forwarded message ------- From: denning at guvax.acc.georgetown.edu Newsgroups: sci.crypt Subject: SKIPJACK Review, Interim Report Date: 1 Aug 93 22:09:27 -0400 Distribution: world Organization: Georgetown University SKIPJACK Review Interim Report The SKIPJACK Algorithm Ernest F. Brickell, Sandia National Laboratories Dorothy E. Denning, Georgetown University Stephen T. Kent, BBN Communications Corporation David P. Maher, AT&T Walter Tuchman, Amperif Corporation July 28, 1993 (copyright 1993) Executive Summary The objective of the SKIPJACK review was to provide a mechanism whereby persons outside the government could evaluate the strength of the classified encryption algorithm used in the escrowed encryption devices and publicly report their findings. Because SKIPJACK is but one component of a large, complex system, and because the security of communications encrypted with SKIPJACK depends on the security of the system as a whole, the review was extended to encompass other components of the system. The purpose of this Interim Report is to report on our evaluation of the SKIPJACK algorithm. A later Final Report will address the broader system issues. The results of our evaluation of the SKIPJACK algorithm are as follows: 1. Under an assumption that the cost of processing power is halved every eighteen months, it will be 36 years before the cost of breaking SKIPJACK by exhaustive search will be equal to the cost of breaking DES today. Thus, there is no significant risk that SKIPJACK will be broken by exhaustive search in the next 30-40 years. 2. There is no significant risk that SKIPJACK can be broken through a shortcut method of attack. 3. While the internal structure of SKIPJACK must be classified in order to protect law enforcement and national security objectives, the strength of SKIPJACK against a cryptanalytic attack does not depend on the secrecy of the algorithm. 1. Background On April 16, the President announced a new technology initiative aimed at providing a high level of security for sensitive, unclassified communications, while enabling lawfully authorized intercepts of telecommunications by law enforcement officials for criminal investigations. The initiative includes several components: A classified encryption/decryption algorithm called "SKIPJACK." Tamper-resistant cryptographic devices (e.g., electronic chips), each of which contains SKIPJACK, classified control software, a device identification number, a family key used by law enforcement, and a device unique key that unlocks the session key used to encrypt a particular communication. A secure facility for generating device unique keys and programming the devices with the classified algorithms, identifiers, and keys. Two escrow agents that each hold a component of every device unique key. When combined, those two components form the device unique key. A law enforcement access field (LEAF), which enables an authorized law enforcement official to recover the session key. The LEAF is created by a device at the start of an encrypted communication and contains the session key encrypted under the device unique key together with the device identifier, all encrypted under the family key. LEAF decoders that allow an authorized law enforcement official to extract the device identifier and encrypted session key from an intercepted LEAF. The identifier is then sent to the escrow agents, who return the components of the corresponding device unique key. Once obtained, the components are used to reconstruct the device unique key, which is then used to decrypt the session key. This report reviews the security provided by the first component, namely the SKIPJACK algorithm. The review was performed pursuant to the President's direction that "respected experts from outside the government will be offered access to the confidential details of the algorithm to assess its capabilities and publicly report their finding." The Acting Director of the National Institute of Standards and Technology (NIST) sent letters of invitation to potential reviewers. The authors of this report accepted that invitation. We attended an initial meeting at the Institute for Defense Analyses Supercomputing Research Center (SRC) from June 21-23. At that meeting, the designer of SKIPJACK provided a complete, detailed description of the algorithm, the rationale for each feature, and the history of the design. The head of the NSA evaluation team described the evaluation process and its results. Other NSA staff briefed us on the LEAF structure and protocols for use, generation of device keys, protection of the devices against reverse engineering, and NSA's history in the design and evaluation of encryption methods contained in SKIPJACK. Additional NSA and NIST staff were present at the meeting to answer our questions and provide assistance. All staff members were forthcoming in providing us with requested information. At the June meeting, we agreed to integrate our individual evaluations into this joint report. We also agreed to reconvene at SRC from July 19-21 for further discussions and to complete a draft of the report. In the interim, we undertook independent tasks according to our individual interests and availability. Ernest Brickell specified a suite of tests for evaluating SKIPJACK. Dorothy Denning worked at NSA on the refinement and execution of these and other tests that took into account suggestions solicited from Professor Martin Hellman at Stanford University. NSA staff assisted with the programming and execution of these tests. Denning also analyzed the structure of SKIPJACK and its susceptibility to differential cryptanalysis. Stephen Kent visited NSA to explore in more detail how SKIPJACK compared with NSA encryption algorithms that he already knew and that were used to protect classified data. David Maher developed a risk assessment approach while continuing his ongoing work on the use of the encryption chip in the AT&T Telephone Security Device. Walter Tuchman investigated the anti-reverse engineering properties of the chips. We investigated more than just SKIPJACK because the security of communications encrypted with the escrowed encryption technology depends on the security provided by all the components of the initiative, including protection of the keys stored on the devices, protection of the key components stored with the escrow agents, the security provided by the LEAF and LEAF decoder, protection of keys after they have been transmitted to law enforcement under court order, and the resistance of the devices to reverse engineering. In addition, the success of the technology initiative depends on factors besides security, for example, performance of the chips. Because some components of the escrowed encryption system, particularly the key escrow system, are still under design, we decided to issue this Interim Report on the security of the SKIPJACK algorithm and to defer our Final Report until we could complete our evaluation of the system as a whole. 2. Overview of the SKIPJACK Algorithm SKIPJACK is a 64-bit "electronic codebook" algorithm that transforms a 64-bit input block into a 64-bit output block. The transformation is parameterized by an 80-bit key, and involves performing 32 steps or iterations of a complex, nonlinear function. The algorithm can be used in any one of the four operating modes defined in FIPS 81 for use with the Data Encryption Standard (DES). The SKIPJACK algorithm was developed by NSA and is classified SECRET. It is representative of a family of encryption algorithms developed in 1980 as part of the NSA suite of "Type I" algorithms, suitable for protecting all levels of classified data. The specific algorithm, SKIPJACK, is intended to be used with sensitive but unclassified information. The strength of any encryption algorithm depends on its ability to withstand an attack aimed at determining either the key or the unencrypted ("plaintext") communications. There are basically two types of attack, brute-force and shortcut. 3. Susceptibility to Brute Force Attack by Exhaustive Search In a brute-force attack (also called "exhaustive search"), the adversary essentially tries all possible keys until one is found that decrypts the intercepted communications into a known or meaningful plaintext message. The resources required to perform an exhaustive search depend on the length of the keys, since the number of possible keys is directly related to key length. In particular, a key of length N bits has 2^N possibilities. SKIPJACK uses 80-bit keys, which means there are 2^80 (approximately 10^24) or more than 1 trillion trillion possible keys. An implementation of SKIPJACK optimized for a single processor on the 8-processor Cray YMP performs about 89,000 encryptions per second. At that rate, it would take more than 400 billion years to try all keys. Assuming the use of all 8 processors and aggressive vectorization, the time would be reduced to about a billion years. A more speculative attack using a future, hypothetical, massively parallel machine with 100,000 RISC processors, each of which was capable of 100,000 encryptions per second, would still take about 4 million years. The cost of such a machine might be on the order of $50 million. In an even more speculative attack, a special purpose machine might be built using 1.2 billion $1 chips with a 1 GHz clock. If the algorithm could be pipelined so that one encryption step were performed per clock cycle, then the $1.2 billion machine could exhaust the key space in 1 year. Another way of looking at the problem is by comparing a brute force attack on SKIPJACK with one on DES, which uses 56-bit keys. Given that no one has demonstrated a capability for breaking DES, DES offers a reasonable benchmark. Since SKIPJACK keys are 24 bits longer than DES keys, there are 2^24 times more possibilities. Assuming that the cost of processing power is halved every eighteen months, then it will not be for another 24 * 1.5 = 36 years before the cost of breaking SKIPJACK is equal to the cost of breaking DES today. Given the lack of demonstrated capability for breaking DES, and the expectation that the situation will continue for at least several more years, one can reasonably expect that SKIPJACK will not be broken within the next 30-40 years. Conclusion 1: Under an assumption that the cost of processing power is halved every eighteen months, it will be 36 years before the cost of breaking SKIPJACK by exhaustive search will be equal to the cost of breaking DES today. Thus, there is no significant risk that SKIPJACK will be broken by exhaustive search in the next 30-40 years. 4. Susceptibility to Shortcut Attacks In a shortcut attack, the adversary exploits some property of the encryption algorithm that enables the key or plaintext to be determined in much less time than by exhaustive search. For example, the RSA public-key encryption method is attacked by factoring a public value that is the product of two secret primes into its primes. Most shortcut attacks use probabilistic or statistical methods that exploit a structural weakness, unintentional or intentional (i.e., a "trapdoor"), in the encryption algorithm. In order to determine whether such attacks are possible, it is necessary to thoroughly examine the structure of the algorithm and its statistical properties. In the time available for this review, it was not feasible to conduct an evaluation on the scale that NSA has conducted or that has been conducted on the DES. Such review would require many man-years of effort over a considerable time interval. Instead, we concentrated on reviewing NSA's design and evaluation process. In addition, we conducted several of our own tests. 4.1 NSA's Design and Evaluation Process SKIPJACK was designed using building blocks and techniques that date back more than forty years. Many of the techniques are related to work that was evaluated by some of the world's most accomplished and famous experts in combinatorics and abstract algebra. SKIPJACK's more immediate heritage dates to around 1980, and its initial design to 1987. SKIPJACK was designed to be evaluatable, and the design and evaluation approach was the same used with algorithms that protect the country's most sensitive classified information. The specific structures included in SKIPJACK have a long evaluation history, and the cryptographic properties of those structures had many prior years of intense study before the formal process began in 1987. Thus, an arsenal of tools and data was available. This arsenal was used by dozens of adversarial evaluators whose job was to break SKIPJACK. Many spent at least a full year working on the algorithm. Besides highly experienced evaluators, SKIPJACK was subjected to cryptanalysis by less experienced evaluators who were untainted by past approaches. All known methods of attacks were explored, including differential cryptanalysis. The goal was a design that did not allow a shortcut attack. The design underwent a sequence of iterations based on feedback from the evaluation process. These iterations eliminated properties which, even though they might not allow successful attack, were related to properties that could be indicative of vulnerabilities. The head of the NSA evaluation team confidently concluded "I believe that SKIPJACK can only be broken by brute force there is no better way." In summary, SKIPJACK is based on some of NSA's best technology. Considerable care went into its design and evaluation in accordance with the care given to algorithms that protect classified data. 4.2 Independent Analysis and Testing Our own analysis and testing increased our confidence in the strength of SKIPJACK and its resistance to attack. 4.2.1 Randomness and Correlation Tests A strong encryption algorithm will behave like a random function of the key and plaintext so that it is impossible to determine any of the key bits or plaintext bits from the ciphertext bits (except by exhaustive search). We ran two sets of tests aimed at determining whether SKIPJACK is a good pseudo random number generator. These tests were run on a Cray YMP at NSA. The results showed that SKIPJACK behaves like a random function and that ciphertext bits are not correlated with either key bits or plaintext bits. Appendix A gives more details. 4.2.2 Differential Cryptanalysis Differential cryptanalysis is a powerful method of attack that exploits structural properties in an encryption algorithm. The method involves analyzing the structure of the algorithm in order to determine the effect of particular differences in plaintext pairs on the differences of their corresponding ciphertext pairs, where the differences are represented by the exclusive-or of the pair. If it is possible to exploit these differential effects in order to determine a key in less time than with exhaustive search, an encryption algorithm is said to be susceptible to differential cryptanalysis. However, an actual attack using differential cryptanalysis may require substantially more chosen plaintext than can be practically acquired. We examined the internal structure of SKIPJACK to determine its susceptibility to differential cryptanalysis. We concluded it was not possible to perform an attack based on differential cryptanalysis in less time than with exhaustive search. 4.2.3 Weak Key Test Some algorithms have "weak keys" that might permit a shortcut solution. DES has a few weak keys, which follow from a pattern of symmetry in the algorithm. We saw no pattern of symmetry in the SKIPJACK algorithm which could lead to weak keys. We also experimentally tested the all "0" key (all 80 bits are "0") and the all "1" key to see if they were weak and found they were not. 4.2.4 Symmetry Under Complementation Test The DES satisfies the property that for a given plaintext-ciphertext pair and associated key, encryption of the one's complement of the plaintext with the one's complement of the key yields the one's complement of the ciphertext. This "complementation property" shortens an attack by exhaustive search by a factor of two since half the keys can be tested by computing complements in lieu of performing a more costly encryption. We tested SKIPJACK for this property and found that it did not hold. 4.2.5 Comparison with Classified Algorithms We compared the structure of SKIPJACK to that of NSA Type I algorithms used in current and near-future devices designed to protect classified data. This analysis was conducted with the close assistance of the cryptographer who developed SKIPJACK and included an in-depth discussion of design rationale for all of the algorithms involved. Based on this comparative, structural analysis of SKIPJACK against these other algorithms, and a detailed discussion of the similarities and differences between these algorithms, our confidence in the basic soundness of SKIPJACK was further increased. Conclusion 2: There is no significant risk that SKIPJACK can be broken through a shortcut method of attack. 5. Secrecy of the Algorithm The SKIPJACK algorithm is sensitive for several reasons. Disclosure of the algorithm would permit the construction of devices that fail to properly implement the LEAF, while still interoperating with legitimate SKIPJACK devices. Such devices would provide high quality cryptographic security without preserving the law enforcement access capability that distinguishes this cryptographic initiative. Additionally, the SKIPJACK algorithm is classified SECRET NOT RELEASABLE TO FOREIGN NATIONALS. This classification reflects the high quality of the algorithm, i.e., it incorporates design techniques that are representative of algorithms used to protect classified information. Disclosure of the algorithm would permit analysis that could result in discovery of these classified design techniques, and this would be detrimental to national security. However, while full exposure of the internal details of SKIPJACK would jeopardize law enforcement and national security objectives, it would not jeopardize the security of encrypted communications. This is because a shortcut attack is not feasible even with full knowledge of the algorithm. Indeed, our analysis of the susceptibility of SKIPJACK to a brute force or shortcut attack was based on the assumption that the algorithm was known. Conclusion 3: While the internal structure of SKIPJACK must be classified in order to protect law enforcement and national security objectives, the strength of SKIPJACK against a cryptanalytic attack does not depend on the secrecy of the algorithm. ------- End of forwarded message ------- From warlord at MIT.EDU Sun Aug 1 20:42:25 1993 From: warlord at MIT.EDU (Derek Atkins) Date: Sun, 1 Aug 93 20:42:25 PDT Subject: [sci.crypt] Appendix (in LaTex) to SKIPJACK Review, Interim Report Message-ID: <9308020341.AA25890@steve-dallas.MIT.EDU> ------- Start of forwarded message ------- Oops.. I didn't see this article when I sent the last one. Sorry. -derek From: denning at guvax.acc.georgetown.edu Newsgroups: sci.crypt Subject: Appendix (in LaTex) to SKIPJACK Review, Interim Report Date: 1 Aug 93 22:11:40 -0400 Distribution: world Organization: Georgetown University \documentstyle{article} \textheight 8.25in \topmargin -.25in \textwidth 6.5in \oddsidemargin 0in \begin{document} \parskip .25in \large \raggedright \setcounter{page}{8} \centerline{\bf Appendix A} {\bf A.1 Cycle Structure Tests} The first set of tests examined the cycle structure of SKIPJACK. Fix a set of keys, $\cal K$, a plaintext, $m$, and a function $h\; : \; {\cal M} \longrightarrow {\cal K}$, where ${\cal M}$ is the set of all 64 bit messages. Let $f \; : \; {\cal K} \longrightarrow {\cal K}$ be defined as $f(k) = h ( SJ(k,m))$ (where $SJ(k,m)$ denotes the SKIPJACK encryption of plaintext $m$ with key $k$). Let $N = |\cal K|$. The expected cycle length of $f$ is $\sqrt{\pi N /8}$. We chose sets of $\cal K$ with $N \; = \; 2^{10}, 2^{16}, 2^{24}, 2^{32}, 2^{40}, 2^{48}, 2^{56}$. For all of these $N$, the mean of the cycle lengths computed across all experiments was close to an expected relative error of $(1/\sqrt{j}$ for $j$ experiments) of the expected cycle length. We did not do this test with larger sets of keys because of the time constraints. \begin{center} \begin{tabular}{lrrrrr} $N$ & \# of exps & Mean cycle len & Expec cycle len & Rel Err & Expec rel err \\ \hline $2^{10}$ & 5000 & 20.4 & 20.1 & .019 & .014 \\ $2^{16}$ & 3000 & 164.7 & 160.4 & .027 & .018 \\ $2^{24}$ & 2000 & 2576.6 & 2566.8 & .004 & .022 \\ $2^{32}$ & 2000 & 40343.2 & 41068.6 & .018 & .022 \\ $2^{40}$ & 1000 & 646604.9 & 657097.6 & .016 & .032 \\ $2^{48}$ & 10 & 8,980,043 & 10,513,561 & .145 & .316 \\ $2^{56}$ & 1 & 28,767,197 & 168,216,976 & .829 & 1 \\ \end{tabular} \end{center} {\bf A.2 Statistical Randomness and Correlation Tests} The second set of tests examined whether there were any correlations between the input and output of SKIPJACK, or between a key and the output. We also looked for nonrandomness in functions of the form $SJ(k,m) \oplus SJ(k,m \oplus h)$ and functions of the form $SJ(k,m) \oplus SJ(k \oplus h , m)$ for all $h$ of Hamming weight 1 and 2 and for some randomly chosen $h$. All results were consistent with these functions behaving like random functions. Given a set of $N$ numbers of $k$-bits each, a chi-square test will test the hypothesis that this set of numbers was drawn (with replacement) from a uniform distribution on all of the $2^k$, $k$-bit numbers. We ran the tests using a 99\% confidence level. A truly random function would pass the test approximately 99\% of the time. The test is not appropriate when $N/2^k$ is too small, say $\leq 5$. Since it was infeasible to run the test for $k = 64$, we would pick 8 bit positions, and generate a set of $N= 10,000$ numbers, and run the test on the $N$ numbers restricted to those 8 bit positions (thus $k=8$). In some of the tests, we selected the 8 bits from the output of the function we were testing, and in others, we selected 4 bits from the input and 4 from the output. Some of the tests were run on both the encryption and decryption functions of SKIPJACK. The notation $SJ^{-1}(k,m)$ will be used to denote the decryption function of SKIPJACK with key $k$ on message $m$. {\bf Test 1: Randomness test on output. } In a single test: Fix $k$, fix mask of 8 output bits, select 10,000 random messages, run chi-square on the 10,000 outputs restricted to the mask of 8 output bits. Repeat this single test for 200 different values of $k$ and 50 different masks, for a total of 10,000 chi-square tests. We found that .87\% of the tests failed the 99\% confidence level chi-square test. This is within a reasonable experimental error of the expected value of 1\%. On the decryption function, there were only .64\% of the tests that failed. This was on a much smaller test set. \begin{center} \begin{tabular}{|c|c|c|c|c|} \hline \# $k$ & \# masks & function, $f(m)$ & mask & \% failed \\ \hline 200 & 50 & $SJ(k,m)$ & 8 of $f(m)$ & .87 \\ \hline 25 & 50 & $SJ^{-1}(k,m)$ & 8 of $f(m)$ & .64 \\ \hline \end{tabular} \end{center} {\bf Test 2: Correlation test between messages and output.} Single test: Fix $k$, fix mask of 4 message bits and 4 output bits, select 10,000 random messages, run chi-square. \begin{center} \begin{tabular}{|c|c|c|c|c|} \hline \# $k$ & \# masks & function, $f(m)$ & mask & \% failed \\ \hline 200 & 1000 & $SJ(k,m)$ & 4 of $m$, 4 of $f(m)$ & 1.06 \\ \hline 25 & 1000 & $SJ^{-1}(k,m)$ & 4 of $m$, 4 of $f(m)$ & 1.01 \\ \hline \end{tabular} \end{center} {\bf Test 3: Randomness test on the xor of outputs, given a fixed xor of inputs. } Single test: Fix $k$, fix mask of 8 output bits, select 10,000 random messages. Let $\cal H$ be the union of all 64 bit words of Hamming weight 1 (64 of these), all 64 bit words of Hamming weight 2 (2016 of these), and some randomly chosen 64 bit words (920 of these). Repeat this single test for all $h \in \cal H$, 50 different masks, and 4 different values of $k$. \begin{center} \begin{tabular}{|c|c|c|c|c|c|} \hline \# $k$ & \# masks & \# $h$ & function, $f(m)$ & mask & \% failed \\ \hline 4 & 50 & 3000 & $SJ(k,m) \oplus SJ(k,m \oplus h)$ & 8 of $f(m)$ & .99 \\ \hline \end{tabular} \end{center} {\bf Test 4: Correlation test between message xors and output xors. } Single test: Fix $k$, fix mask of 4 bits of $h$ and 4 bits of output, select 10,000 random $(m,h)$ pairs. \begin{center} \begin{tabular}{|c|c|c|c|c|} \hline \# $k$ & \# masks & function, $f(m,h)$ & mask & \% failed \\ \hline 200 & 1000 & $SJ(k,m) \oplus SJ(k,m \oplus h)$ & 4 of $h$, 4 of $f(m,h)$ & .99 \\ \hline 25 & 1000 & $SJ^{-1}(k,m) \oplus SJ^{-1}(k,m \oplus h)$ & 4 of $h$, 4 of $f(m,h)$ & 1.02 \\ \hline \end{tabular} \end{center} {\bf Test 5: Correlation test between messages and output xors.} Single test: Fix $k$, fix mask of 4 bits of $m$ and 4 bits of output xor, select 10,000 random messages. Let $\cal H$ be the union of all 64 bit words of Hamming weight 1 (64 of these), some of the 64 bit words of Hamming weight 2 (100 of these), and some randomly chosen 64 bit words (100 of these). \begin{center} \begin{tabular}{|c|c|c|c|c|c|} \hline \# $k$ & \# masks & \# $h$& function, $f(m)$ & mask & \% failed \\ \hline 2 & 1000 & 264 & $SJ(k,m) \oplus SJ(k,m \oplus h)$ & 4 of $m$, 4 of $f(m)$ & .99 \\ \hline \end{tabular} \end{center} {\bf Test 6: Correlation test between keys and output.} Single test: Fix $m$, fix mask of 4 key bits and 4 output bits, select 10,000 random keys. \begin{center} \begin{tabular}{|c|c|c|c|c|} \hline \# $m$ & \# masks & function, $f(k)$ & mask & \% failed \\ \hline 200 & 1000 & $SJ(k,m)$ & 4 of $k$, 4 of $f(k)$ & 1.00 \\ \hline 25 & 1000 & $SJ^{-1}(k,m)$ & 4 of $k$, 4 of $f(k)$ & 1.02 \\ \hline \end{tabular} \end{center} {\bf Test 7: Randomness test on the xor of outputs, given a fixed xor of keys. } Single test: Fix $m$, fix mask of 8 output bits, select 10,000 random keys. Let $\cal H$ be the union of all 80 bit words of Hamming weight 1 (80 of these), all 80 bit words of Hamming weight 2 (3160 of these), and some randomly chosen 80 bit words (760 of these). Repeat this single test for all $h \in \cal H$, 50 different masks, and 2 different values of $m$. \begin{center} \begin{tabular}{|c|c|c|c|c|c|} \hline \# $m$ & \# masks & \# $h$ & function, $f(k)$ & mask & \% failed \\ \hline 2 & 50 & 4000 & $SJ(k,m) \oplus SJ(k\oplus h,m )$ & 8 of $f(k)$ & .99 \\ \hline \end{tabular} \end{center} {\bf Test 8: Correlation test between key xors and output xors. } Single test: Fix $m$, fix mask of 4 bits of $h$ and 4 bits of output, select 10,000 random $(k,h)$ pairs. \begin{center} \begin{tabular}{|c|c|c|c|c|} \hline \# $m$ & \# masks & function, $f(k,h)$ & mask & \% failed \\ \hline 200 & 1000 & $SJ(k,m) \oplus SJ(k\oplus h,m )$ & 4 of $h$, 4 of $f(k,h)$ & 1.02 \\ \hline 25 & 1000 & $SJ^{-1}(k,m) \oplus SJ^{-1}(k\oplus h,m )$ & 4 of $h$, 4 of $f(k,h)$ & 1.1 \\ \hline \end{tabular} \end{center} \end{document} ------- End of forwarded message ------- From jpp at markv.com Sun Aug 1 22:13:43 1993 From: jpp at markv.com (jpp at markv.com) Date: Sun, 1 Aug 93 22:13:43 PDT Subject: Clipper counter-attack, technical Message-ID: <9308012212.aa10519@hermix.markv.com> -----BEGIN PGP SIGNED MESSAGE----- The Law Enforcement Field is used by my clipper chip to make the session key it is using available to the gov't. Would it be possible that my clipper chip could have a subtle flaw causing the LEF (sp?) data to be corrupted? Would my chip still function; would I be able to use it to to communicate with other clipper chips? Would anyone be able to tell that my chip was broken without the help of the key escrow agents? Would the sesion key still be recoverable if the clipper chip at the other end were working 'correctly'? j' - -- O I am Jay Prime Positive jpp at markv.com 1250 bit key fingerprint = B8 95 E0 AF 9A A2 CD A5 89 C9 F0 FE B4 3A 2C 3F 524 bit key fingerprint = 8A 7C B9 F2 D5 46 4D ED 66 23 F1 71 DE FF 51 48 Public keys by `finger jpp at markv.com' or mail to pgp-public-keys at pgp.mit.edu Your feedback is welcome, directly or via symbol JPP on hex at sea.east.sun.com -----BEGIN PGP SIGNATURE----- iQBXAgUBLFyiN9C3U5sdKpFdAQGz3wILBs/DZRkKw8SwmnMuxqjH2GKwl+9FyLjh i5GaBE6mjyT53SDYBhVsUuimHI2lYsOVO1H9p6etX4fVlLK8k+/+1xDy -----END PGP SIGNATURE----- From mdiehl at vesta.unm.edu Sun Aug 1 22:53:43 1993 From: mdiehl at vesta.unm.edu (J. Michael Diehl) Date: Sun, 1 Aug 93 22:53:43 PDT Subject: Recent AP story... In-Reply-To: <9308012340.AA18800@leo.cs.cornell.edu> Message-ID: <9308020552.AA06779@vesta.unm.edu> According to Peter Wayner: > Apparently, a recent Congressional investigation has revealed widespread > misuse of the National Crime Information Center. The most scandalous > case occured when an ex-officer found his ex-girlfriend using the system > and killed her. > In other cases, the girlfriend of a drug dealer ran all the new recruits > through the system to see if they were undercover agents. In many cases, > private investigators accessed the data for a number of different > purposes. Can this be documented? If so, this would be the most convincing arguement against the Big Brother chip. References anybody? Thanx. ========================+==========================================+ J. Michael Diehl ;^) | Have you hugged a Hetero........Lately? | mdiehl at triton.unm.edu | "I'm just looking for the opportunity to | mike.diehl at fido.org help| be Politically Incorrect!" +=========+ al945 at cwns9.ins.cwru.edu| Is Big Brother in your phone? | PGP KEY | (505) 299-2282 (voice) | If you don't know, ask me. |Available| ========================+================================+=========+ PGP Key = 7C06F1 = A6 27 E1 1D 5F B2 F2 F1 12 E7 53 2D 85 A2 10 5D This message is protected by 18 USC 2511 and 18 USC 2703. Monitoring by anyone other than the recipient is absolutely forbidden by US Law From s.summers1 at genie.geis.com Mon Aug 2 02:13:46 1993 From: s.summers1 at genie.geis.com (s.summers1 at genie.geis.com) Date: Mon, 2 Aug 93 02:13:46 PDT Subject: D. Bernstein's Open Letter Message-ID: <9308020913.AA17916@relay2.geis.com> In-Reply-To: <9308010625.AA13452 at longs.lance.colostate.edu> from "L. Detweiler" >From Ed Carp: > From L. Detweiler: >> Someone flamed once over including Usenet (esp. sci.crypt) postings >What was their rationale? I'd rather see relevent postings reposted here- >damnit, I don't have *time* to read 280MB a week of news! What's the >person's problem who flamed you? I second that. I _don't_ have Usenet access (I actually would be willing to read 280MB a week), or ftp access. This mailing list is my only source of information of this kind. If this person can back their rationale with a e-mail gateway to usenet newsgroups (not just an e-mail POSTING server like utexas'), I might see some justification... Sean From pcw at access.digex.net Mon Aug 2 05:42:33 1993 From: pcw at access.digex.net (Peter Wayner) Date: Mon, 2 Aug 93 05:42:33 PDT Subject: Recent AP story... Message-ID: <199308021241.AA28365@access.digex.net> Yes, it can. My information about the abuses of the NCIC came from an AP story by Lawrence Knutson. I didn't want to type the whole thing because it would violate copyright. Apparently, the Philadelphia Inquirer ran it on 7/29. -Peter From nobody at alumni.cco.caltech.edu Mon Aug 2 05:58:48 1993 From: nobody at alumni.cco.caltech.edu (nobody at alumni.cco.caltech.edu) Date: Mon, 2 Aug 93 05:58:48 PDT Subject: No Subject Message-ID: <9308021255.AA25406@alumni.cco.caltech.edu> Hi there, I tried to post anonymously to netnews using the remailers with not success. The procedure was for example: :: Request-Remailing-To: misc.test at cs.utexas.edu and I addressed my mail to let's say nowhere-cs.bsu.edu. Using cs.utexas.edu to post (not anonymously) works though. Any help is highly 8-) appreciated. Thanks in advance. From dmandl at lehman.com Mon Aug 2 06:47:34 1993 From: dmandl at lehman.com (David Mandl) Date: Mon, 2 Aug 93 06:47:34 PDT Subject: Public Key Servers Message-ID: <9308021340.AA13894@disvnm2.shearson.com> > > Are the key servers listed in the PGP documentation still active? > > And if so, what is the general opinion of using them? > > Key server == list of people to bust and who knows who. > (compute the transitive closure of the signatures) Yeah, but there are >1501 keys on it (last time I checked, which was about three weeks ago). And the size seems to be growing pretty fast. Remember the "mandatory" draft registration imposed by Carter in 1980? I think about two kids were ever busted for not registering, and they were VERY active and vocal. The whole draft registration program was basically ignored, and what was the government going to, arrest every American male born after 1962? I think it's important to get as many keys on the servers as possible, for the same reasons that encryption itself should be used as widely as possible. --Dave. From nate at VIS.ColoState.EDU Mon Aug 2 06:48:49 1993 From: nate at VIS.ColoState.EDU (CVL staff member Nate Sammons) Date: Mon, 2 Aug 93 06:48:49 PDT Subject: lookin' for a slogan for Tshirts Message-ID: <9308021347.AA20508@vangogh.VIS.ColoState.EDU> It looks like I'll be making a set of Big Brother inside T-shirts, and I would like to ask for slogan ideas.... The ones that I like so far are: "They can have my private key when they pry it from my cold, dead hands." "When privacy is outlawed, only outlaws will have privacy." thanks, -nate From cme at ellisun.sw.stratus.com Mon Aug 2 07:01:29 1993 From: cme at ellisun.sw.stratus.com (Carl Ellison) Date: Mon, 2 Aug 93 07:01:29 PDT Subject: Encrypted BBS? Message-ID: <9308021400.AA11508@ellisun.sw.stratus.com> >Date: Sat, 31 Jul 1993 16:11:13 -0700 (PDT) >From: "Jeremy R. Smith" >Subject: Encrypted BBS? >Message-Id: > Would it be at all possible, given today's present state of >cryptography, to run a bbs in a totally encrypted form? If so, are there >any software packages out there that accomplish this at some level? We did this about 8 years ago at E&S using DEC VMS NOTES. We used a plain vanilla secret key algorithm and a key shared by all legitimate members of the group. We could do it today -- but why bother? If you have a key that widespread, it's effectively certain that a "wrong person" (however you define him/her) will have a copy of the key. From cme at ellisun.sw.stratus.com Mon Aug 2 07:11:30 1993 From: cme at ellisun.sw.stratus.com (Carl Ellison) Date: Mon, 2 Aug 93 07:11:30 PDT Subject: Has the other shoe dropped ? Message-ID: <9308021409.AA11536@ellisun.sw.stratus.com> >From: bart at netcom.com (Harry Bartholomew) >Message-Id: <9308011855.AA26646 at netcom5.netcom.com> >Subject: Has the other shoe dropped ? >Date: Sun, 1 Aug 93 11:55:32 PDT > Has nobody else heard on NPR's Weekend Edition that the FBI > has requested the banning of non-Clipper encryption ? > Or was I really not quite awake and recalling a bad dream ? I taped it, listened twice -- heard the opposite: that the FBI has no plans at present to ban other encryption. I can listen again, if you're dubious. From nate at VIS.ColoState.EDU Mon Aug 2 07:12:34 1993 From: nate at VIS.ColoState.EDU (CVL staff member Nate Sammons) Date: Mon, 2 Aug 93 07:12:34 PDT Subject: someone wanted 12 shirts by Aug 16 -- who are you? Message-ID: <9308021411.AA20631@vangogh.VIS.ColoState.EDU> I received some mail a few days ago saying that someone wanted 12 shirts by the 16th.... that mail has been vaporized. who were you? thanks, -nate From elee9sf at Menudo.UH.EDU Mon Aug 2 07:19:24 1993 From: elee9sf at Menudo.UH.EDU (Karl Barrus) Date: Mon, 2 Aug 93 07:19:24 PDT Subject: REMAIL: list 8/2/93 Message-ID: <199308021419.AA26546@Menudo.UH.EDU> -----BEGIN PGP SIGNED MESSAGE----- Q1: What cypherpunk remailers exist? A1: 1: nowhere at bsu-cs.bsu.edu 2: hh at cicada.berkeley.edu 3: hh at pmantis.berkeley.edu 4: hh at soda.berkeley.edu 5: 00x at uclink.berkeley.edu 6: hal at alumni.caltech.edu 7: ebrandt at jarthur.claremont.edu 8: phantom at mead.u.washington.edu 9: remailer at rebma.mn.org 10: elee7h5 at rosebud.ee.uh.edu 11: hfinney at shell.portal.com 12: remail at tamsun.tamu.edu 13: remail at tamaix.tamu.edu 14: remailer at utter.dis.org 15: remailer at entropy.linet.org 16: remail at extropia.wimsey.com NOTES: #1-#5 no encryption of remailing requests #6-#15 support encrypted remailing requests #16 special - header and message must be encrypted together #9,#14,#15,#16 introduce larger than average delay (not direct connect) #9,#14,#16 running on privately owned machines ====================================================================== Q2: What help is available? A2: Check out the pub/cypherpunks directory at soda.berkeley.edu (128.32.149.19). Instructions on how to use the remailers are in the remailer directory, along with some unix scripts and dos batch files. The public keys for the remailers which support encrypted remailing requests is also available in the same directory. Mail to me (elee9sf at menudo.uh.edu) for further help and/or questions. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLF0iL4OA7OpLWtYzAQHfUwP/RdoFAsUHn5N30Y4nUbskx4iXtrC36uai LoktYeLaHEDPz0B46nmSt0Szzf4LWSVAAS6cdQQ+jMHKnL66avP/cmQ+aeY8xx5r AJ69hLmkXLpdSc5566aKlSV1kCv5Yika7mp3WNlh+1OuW7uOFg5hcnVnXmx3aLye hBIJtB3Yga4= =AKHS -----END PGP SIGNATURE----- From cme at ellisun.sw.stratus.com Mon Aug 2 07:32:33 1993 From: cme at ellisun.sw.stratus.com (Carl Ellison) Date: Mon, 2 Aug 93 07:32:33 PDT Subject: Sterilized medflies of crypto Message-ID: <9308021431.AA11569@ellisun.sw.stratus.com> >Message-Id: <9308020407.AA26817 at longs.lance.colostate.edu> >To: cme at ellisun.sw.stratus.com (Carl Ellison) >Subject: Re: Sterilized medflies of crypto >Date: Sun, 01 Aug 93 22:07:21 -0600 >From: "L. Detweiler" >>By "milking the algorithm talk", I'm talking about getting everybody to look >>at the algorithm which might easily be secure and ignore the weakness: >>the registration of keys. >> >>I don't care about the algorithm. I care about registration. That's what I >>want to see people/press/citizens outraged about. > >amen. Sorry you didn't elaborate on this on the list. OK -- here's my replies for the list. >The whole Key Escrow thing is totally ill conceived. It is clearly not >the underlying point of the proposal. They don't name the entities. >Denning comes up with some strange explanation of laptops in a vault >shortly after the announcement. It is so transparent it is >pathetic--but unfortunately the issue is largely framed as `who will be >the agencies' in many places so far... I believe key registration is the *whole point* of the Skipjack proposal. This is the first time in the history of cryptography, as far as I can tell, when a government has tried to interfere with the private citizenry's ability to use strong cryptography -- and they're doing it strictly through key registration. However, being clever folks, they have added a strawman to the proposal. They proposed an NSA-designed algorithm -- something people would fight in such a way that the government could hopefully turn around and call the opponents paranoid and get the public to believe the gov't, writing off the opposition. Look back at the original announcement. The gov't said, in effect, 'if you don't like to use NSA's algorithm, you're free to design algorithms of your own provided they permit key escrow.' Then they left that as a note -- an aside -- and proceeded to take on all comers w.r.t. the Skipjack algorithm. I say: don't fight their strength, even if it's flawed. It's a tar baby at best. We should fight the only thing which matters: key registration. What's important about key registration, to me, isn't the details. It's the philosophy. This is the first time in the history of the world that the government has laid any claim at all to a citizen's cryptographic keys. The government has never had a right to private keys. The private crypto users have always had strong crypto. The government should never have the right to private keys. Private crypto users should always have strong crypto in the future. - Carl From norm at netcom.com Mon Aug 2 07:41:29 1993 From: norm at netcom.com (Norman Hardy) Date: Mon, 2 Aug 93 07:41:29 PDT Subject: ftp access to the Silk Road Paper Message-ID: <9308021442.AA09524@netcom2.netcom.com> The Digital Silk road paper is now availnle in three forms at netcom.com:pub/joule/DSR1.ps.gz, DSR1.rtf.gz and DSR1.txt netcom.com may sometimes be too busy and then direct you to one of several other machines any of which can access the files. From nobody at mead.u.washington.edu Mon Aug 2 07:57:34 1993 From: nobody at mead.u.washington.edu (nobody at mead.u.washington.edu) Date: Mon, 2 Aug 93 07:57:34 PDT Subject: No Subject Message-ID: <9308021454.AA04893@mead.u.washington.edu> > Duncan Frissell sez: > I didn't like being called a neo-luddite, however. I don't see many > paralells between extropianism and cypherpunks and Ned Lud. > > Duncan Frissell This is the cypherpunks list, not the extropians list. The article was about cypherpunks, not extropians, so it's irrelevent whether the extrops are luddites. As for the c-punks, there's nothing inherently non-luddite about us. Not all of us accept all uses of computers and technology without question. There are certain machines that need to be trashed. I liked the reference in the article. I don't think it was 100% accurate, but you should be aware that there ARE cypherpunks Luddites lurking out here... .snail From csvcjld at nomvst.lsumc.edu Mon Aug 2 08:07:34 1993 From: csvcjld at nomvst.lsumc.edu (csvcjld at nomvst.lsumc.edu) Date: Mon, 2 Aug 93 08:07:34 PDT Subject: lookin' for a slogan for Tshirts In-Reply-To: <9308021347.AA20508@vangogh.VIS.ColoState.EDU> Message-ID: <19930802100425065@nomvst.lsumc.edu> >"When privacy is outlawed, only outlaws will have privacy." How about, "When privacy is outlawed, only governments will have privacy." From frissell at panix.com Mon Aug 2 08:53:52 1993 From: frissell at panix.com (Duncan Frissell) Date: Mon, 2 Aug 93 08:53:52 PDT Subject: No Subject Message-ID: <199308021552.AA19677@panix.com> To: cypherpunks at toad.com nobody at mead.u.washington.edu said: N.>This is the cypherpunks list, not the extropians list. The article was N.>about cypherpunks, not extropians, so it's irrelevent whether the N.>extrops are luddites. N.> N.>As for the c-punks, there's nothing inherently non-luddite about us. N.>Not all of us accept all uses of computers and technology without N.>question. There are certain machines that need to be trashed. I N.>liked the reference in the article. I don't think it was 100% accurate, N.>but you should be aware that there ARE cypherpunks Luddites lurking out N.>here... N.> .snail N.> However the list was founded and is dominated by extropians and (small e) expropianism is the dominent philosophy of the nets. Ned Lud and the boys wished to keep themselves and everyone else poor, smash technology, and stop the world just so they would not have to transform their lives. Just like the french farmers of today. Since one must already have transformed one's life to get connected to the nets (at least at this stage of technology) there can't be too many genuine luddites here. If anyone qualifies as luddites in this contrroversy it is the *government*. They are trying to slow the pace of technological transformation because it realizes that bureaucratic structures are hopless market competitors and will be destroyed by technological change. I, for one, am not going to permint the neeo-luddites of the coercive state apparatus to stop change just so they can avoid honest work. Duncan Frissell ************************************************************************* EDI, Temporary Employment, Quants, Securitization, Equipment Leasing, Fullfillment Companies, Overnight Delivery Services, Facsimile Machines - Not as sexy as Tim May's signature line but just as important. --- ~ WinQwk 2.0b#0 ~ Unregistered Evaluation Copy From cme at ellisun.sw.stratus.com Mon Aug 2 09:17:34 1993 From: cme at ellisun.sw.stratus.com (Carl Ellison) Date: Mon, 2 Aug 93 09:17:34 PDT Subject: lookin' for a slogan for Tshirts Message-ID: <9308021614.AA11760@ellisun.sw.stratus.com> >From: csvcjld at nomvst.lsumc.edu >Message-Id: <19930802100425065 at nomvst.lsumc.edu> >Subject: Re: lookin' for a slogan for Tshirts >Date: 02 Aug 93 10:04:25 -0700 >"When privacy is outlawed, only governments will have privacy." How about, "celebrating 4000 years of strong cryptography in the hands of private citizens" ?? - Carl From 72114.1712 at CompuServe.COM Mon Aug 2 09:58:52 1993 From: 72114.1712 at CompuServe.COM (Sandy) Date: Mon, 2 Aug 93 09:58:52 PDT Subject: SKIPJACK PANEL Message-ID: <930802165408_72114.1712_FHF34-1@CompuServe.COM> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT Reply to: ssandfort at attmail.com . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Is it just me, or is anyone else dubious about Dorothy Dennings and company running their various Skipjack tests ON AN *NSA* CRAY COMPUTER? Since many of the objections to the whole plan arouse because of doubts about the intentions of the NSA, why would D.D. et al. trust them to run these critical tests? How difficult would it be for the NSA to spoof its own computer? Next big news items: United Nations hires Serbian troops to report on human rights violations in Bosnia. Farmer Brown puts fox in charge of henhouse. Film at eleven. S a n d y >>>>>> Please send e-mail to: ssandfort at attmail.com <<<<<< ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From cme at ellisun.sw.stratus.com Mon Aug 2 10:28:52 1993 From: cme at ellisun.sw.stratus.com (Carl Ellison) Date: Mon, 2 Aug 93 10:28:52 PDT Subject: T-shirt detail Message-ID: <9308021728.AA11831@ellisun.sw.stratus.com> Sorry for distracting people with my T-shirt suggestion, but the more I think about it, the more I like "celebrating 4000 years..." -- possibly on the back. On the front, I'd have 4 boxes (or regions set apart): LEB KAMAI y_i = x_i + k_{(i mod m)} y_i = x_i (+) k_i y = x^e mod N -------------------------------------------------- 1. LEB KAMAI, in Hebrew characters from the Bible -- cf., Kahn's "The Codebreakers", pp. 77-78 -- atbash cipher, stronger than Caesar's and predating him by more than a month :-) 2. polyalphabetic substitution -- stronger than nomenclators (based on when attacks were known to exist) but ignored by gov't users for 100s of years 3. Vernam's tape -- theoretically unbreakable -- in the hands of citizens from about 1920 {the (+) is a circled "+" -- meaning XOR} 4. RSA -- 1978 -------------------------------------------------- It might be interesting to date the four boxes. Anyone have a date for the LEB KAMAI? - Carl From cme at ellisun.sw.stratus.com Mon Aug 2 10:32:34 1993 From: cme at ellisun.sw.stratus.com (Carl Ellison) Date: Mon, 2 Aug 93 10:32:34 PDT Subject: more T-shirt alternative Message-ID: <9308021731.AA11837@ellisun.sw.stratus.com> "celebrating 4000 years of personal privacy through strong cryptography" From tedwards at wam.umd.edu Mon Aug 2 10:47:34 1993 From: tedwards at wam.umd.edu (technopagan priest) Date: Mon, 2 Aug 93 10:47:34 PDT Subject: LEEF->LEAF etc. Message-ID: <199308021746.AA17259@rac2.wam.umd.edu> I think it is interesting how the Law Enforcement Exploitation Field has been renamed LEAF. Good P.R. move NIST! I'm personally not motivated to believe that Skipjack is a flawed algorithm, but at the same time I do not consider it tested until it has stood up to peer-reviewed public analysis. I am very concerned about the key-exchange system. As far as I can see, we still don't know exactly what it is, and whether that is safe. Public key systems are much more difficult to design securely than private key systems. The key exchange has to be secure from eavesdroppers and also proof against "man-in-the-middle" attacks. Furthermore, there is the traffic-analysis problem. Everything I have read so far has indicated there will be a single system key which will encrypt Clipper serial numbers. A trivial phone tap with someone armed with the system key could result in massive traffic-analysis, and the government could do this simply because they have the system key, the Mafia will follow soon. I think a good avenue of attack right now is to politically attack the key-escrow parts of Clipper, and get Skipjack as a published private-key standard. Write your congresscritters. -Thomas From thug at phantom.com Mon Aug 2 10:48:52 1993 From: thug at phantom.com (Murdering Thug) Date: Mon, 2 Aug 93 10:48:52 PDT Subject: SKIPJACK PANEL In-Reply-To: <930802165408_72114.1712_FHF34-1@CompuServe.COM> Message-ID: Sandy Sandford writes: > > Is it just me, or is anyone else dubious about Dorothy Dennings > and company running their various Skipjack tests ON AN *NSA* > CRAY COMPUTER? Since many of the objections to the whole plan > arouse because of doubts about the intentions of the NSA, why > would D.D. et al. trust them to run these critical tests? How > difficult would it be for the NSA to spoof its own computer? > > Next big news items: United Nations hires Serbian troops to > report on human rights violations in Bosnia. Farmer Brown puts > fox in charge of henhouse. Film at eleven. This is but one of the obvious flaws in the whole Clipper scheme. I think the whole Clipper debate can be boiled down to this one important fact: * It is not in the interest of the NSA for Clipper/Skipjack to be secure, therefore they will find a way to make sure that either the algorithm or the chip itself contains a NSA backdoor before the chip is sold to the American public. The whole escrow scheme is an obvious wild goose chase as well. We all know that the NSA operates by importing large amounts of information (oceans of data) and uses it's computers to extract the goodies. The would not be able to do this if they had to obtain a warrant for each conversation that constitutes a part of the ocean of data. The whole escrow aspect of the system is obviously bogus. To review: 1) The key escrow aspect is a wild goose chase. 2) The security of the algorithm is also a wild goose chase. 3) The backdoor must be in the chip hardware itself. Therefore even if Clinton and the NSA deside to make the two key escrow agents the E.F.F. and the A.C.L.U, and Denning and her crew declare the algorithm to be secure, I will still advocate a complete boycott of the Clipper/Skipjack technology because the backdoor will be in those tamper-proof chips. Thug From baumbach at atmel.com Mon Aug 2 11:01:28 1993 From: baumbach at atmel.com (Peter Baumbach) Date: Mon, 2 Aug 93 11:01:28 PDT Subject: money tracing Message-ID: <9308021742.AA07002@bass.chp.atmel.com> Thug writes: > The black ink that is used to print the front side of U.S. cash contains a > very finely ground black iron oxide powder. The ink is magnetic. This > magnetism is used mostly by vending & change machines to distinguish real > bills from forgeries/photocopies. >[...] > 3. Magnetic ink detection. Real bills are printed with magnetic > ink, forgeries/photocopies are not. Magnetic toner for laser printers does exist. Its purpose is to allow people to print their own checks. Peter Baumbach baumbach at atmel.com From tk at reagan.ai.mit.edu Mon Aug 2 11:27:34 1993 From: tk at reagan.ai.mit.edu (Tom Knight) Date: Mon, 2 Aug 93 11:27:34 PDT Subject: SKIPJACK PANEL In-Reply-To: Message-ID: <19930802182633.5.TK@ROCKY.AI.MIT.EDU> Date: Mon, 2 Aug 1993 13:52 EDT From: thug at phantom.com (Murdering Thug) To review: 1) The key escrow aspect is a wild goose chase. 2) The security of the algorithm is also a wild goose chase. 3) The backdoor must be in the chip hardware itself. Dr. Thug ignores the most obvious weakness, which is likely in the key generation process. By selecting the key from a relatively small keyspace (say 40 bit equivalent, rather than the 80 bit nominal keyspace) the cost of exhaustive search can be dramatically lowered to those who know the basis of key selection, without any outward evidence of tampering, weakness of the algorithm, weakness of the chip, vulnerability to external attacks, special hardware to respond to trapdoor codes, etc. Examining the chip hardware for correctness will not discover this attack. Only providing users with the ability to program their own keys, together with public disclosure of the Skipjack algorithm and verification of its implementation can help. If there are a significant number of weak keys in the Skipjack algorithm (which is explicitly denied in the panel report) then even this approach could be dangerous. From mccoy at ccwf.cc.utexas.edu Mon Aug 2 11:29:26 1993 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Mon, 2 Aug 93 11:29:26 PDT Subject: lookin' for a slogan for Tshirts In-Reply-To: <9308021614.AA11760@ellisun.sw.stratus.com> Message-ID: <199308021828.AA12198@flubber.cc.utexas.edu> > > "celebrating 4000 years of strong cryptography in the > hands of private citizens" A nice thought, but it is not quite true now, is it? Cryptography has been a tool for specialists, scholars, and governments for those 4000 years, but to claim that "the masses" have had access to it is clearly untrue. In fact, it seems that the current friction between groups such as this one and the U.S. governement is caused mostly because private citizens are beginning to get access to this strong cryptography and this is something "those who watch" do not like... jim From pcw at access.digex.net Mon Aug 2 12:03:53 1993 From: pcw at access.digex.net (Peter Wayner) Date: Mon, 2 Aug 93 12:03:53 PDT Subject: SKIPJACK PANEL Message-ID: <199308021903.AA21750@access.digex.net> Tom Knight is correct that the key generation process is a good place to hide a weakness. If I remember correctly, the chip's key is generated directly from it's ID number by padding it with 160 random bits and encrypting the whole mess. 80 bits of the result becomes the key. Obviously, if you can keep a copy of the 160 bits of padding, then you can regenerate the chip's local key without calling up the key-escrow fascility. Apparently, an early document said that each collection of padding would be used for a batch of 300 chips. So if you can keep a list of these padding bits, then you're set... (Disclosure: This data came from the hip, not from documents.) -Peter From cme at ellisun.sw.stratus.com Mon Aug 2 13:01:30 1993 From: cme at ellisun.sw.stratus.com (Carl Ellison) Date: Mon, 2 Aug 93 13:01:30 PDT Subject: LEEF->LEAF etc. Message-ID: <9308021959.AA11988@ellisun.sw.stratus.com> >Date: Mon, 2 Aug 1993 13:46:24 -0400 >From: technopagan priest >Message-Id: <199308021746.AA17259 at rac2.wam.umd.edu> >Subject: LEEF->LEAF etc. >I am very concerned about the key-exchange system. As far as I can >see, we still don't know exactly what it is, and whether that is safe. Safe? You are joking, yes? As long as *anyone* has skeleton keys, the system is worthless. Even if *I* am the one holding the skeleton keys, you shouldn't trust it, and I'm a great deal more trustworthy than the FBI and NSA and CIA, according to our respective histories of abuses of privacy. - Carl - <> - Carl Ellison cme at sw.stratus.com - Stratus Computer Inc. M3-2-BKW TEL: (508)460-2783 - 55 Fairbanks Boulevard ; Marlborough MA 01752-1298 FAX: (508)624-7488 From cme at ellisun.sw.stratus.com Mon Aug 2 13:11:31 1993 From: cme at ellisun.sw.stratus.com (Carl Ellison) Date: Mon, 2 Aug 93 13:11:31 PDT Subject: lookin' for a slogan for Tshirts Message-ID: <9308022009.AA12019@ellisun.sw.stratus.com> >Message-Id: <199308021828.AA12198 at flubber.cc.utexas.edu> >Subject: Re: lookin' for a slogan for Tshirts >Date: Mon, 2 Aug 1993 13:28:36 -0500 (CDT) >From: Jim McCoy I wrote: >> "celebrating 4000 years of strong cryptography in the >> hands of private citizens" Jim replied: >A nice thought, but it is not quite true now, is it? Cryptography has been >a tool for specialists, scholars, and governments for those 4000 years, but >to claim that "the masses" have had access to it is clearly untrue. In >fact, it seems that the current friction between groups such as this one >and the U.S. governement is caused mostly because private citizens are >beginning to get access to this strong cryptography and this is something >"those who watch" do not like... Jim, I meant precisely this. It is quite true. I didn't say "the masses". In the old days, first you had to be literate to use crypto. That excluded the masses immediately. However, it was private citizens -- not military folks or diplomats -- who had access to and who often invented the crypto. I am concerned that you would continue to state the popular misconception. This is, in fact, my one complaint with Julian's article in the Village Voice. Check out the first several chapters of David Kahn's "The Codebreakers". Cryptography originated with private individuals. Private individuals have *always* had access to and used cryptography at least as strong as that used by the military of the time. The few exceptions have been very short-lived and rare. My 4 examples for the T-shirt show a steady progression of strong cryptography in the hands of private citizens. I stopped at 4 to keep from making the T-shirt too busy. I *really* recommend reading Kahn about this. The notion that strong crypto in private hands is somehow new is totally bogus -- flattering to those of us who like to think we're better off than our parents or that we're exploring new ground -- but it's wrong and, even worse, it plays into the hands of the NSA and FBI. Once you start saying that citizens have "first time ever" access to strong crypto, the FBI is free to turn around and say "OK - now the gov't will have first time ever power to take strong crypto away from the people". Read Kahn. - Carl From cme at ellisun.sw.stratus.com Mon Aug 2 14:31:31 1993 From: cme at ellisun.sw.stratus.com (Carl Ellison) Date: Mon, 2 Aug 93 14:31:31 PDT Subject: cross-post Message-ID: <9308022129.AA12752@ellisun.sw.stratus.com> Path: transfer.stratus.com!ellisun.sw.stratus.com!cme From: cme at ellisun.sw.stratus.com (Carl Ellison) Newsgroups: sci.crypt Subject: Skipjack review as a side-track Date: 2 Aug 1993 21:25:11 GMT Organization: Stratus Computer, Marlboro MA Lines: 28 Message-ID: <23k0nn$8gk at transfer.stratus.com> NNTP-Posting-Host: ellisun.sw.stratus.com It amuses the gallows-humor bone in me to see people busily debating the quality of Skipjack as an algorithm and the quality of the review of its strength. Someone proposes to dangle you over the Grand Canyon using sewing thread tied to steel chain tied to knitting yarn and you're debating whether the steel chain has been X-rayed properly to see if there are flaws in the metal. Key generation, chip fabrication, court orders, distribution of keys once acquired from escrow agencies and safety of keys within escrow agencies are some of the real weaknesses. Once those are as strong as my use of 1024-bit RSA and truly random session keys in keeping keys on the two sides of a conversation with no one in the middle able to get the key, then we need to look at the steel chain in the middle: Skipjack itself. -- - <> - Carl Ellison cme at sw.stratus.com - Stratus Computer Inc. M3-2-BKW TEL: (508)460-2783 - 55 Fairbanks Boulevard ; Marlborough MA 01752-1298 FAX: (508)624-7488 From greg at ideath.goldenbear.com Mon Aug 2 17:01:32 1993 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Mon, 2 Aug 93 17:01:32 PDT Subject: ... Message-ID: I think the T-shirt thing is a nice idea, and I think that the "Big Brother Inside" thing is also a nice idea, but I liked them better when they were separate. Wearing a shirt that suggests "big brother inside" seems like it might send the wrong message. Dunno if there are enough of us in the world for it to be worth worrying about, but some of us Cypherpunks just laugh at L and XL T-shirt sizes; best fit for me is a XXXL-Tall. I might order an XL shirt to hang on my wall, but it's unlikely it'll ever hang on me. :) The "celebrating 400 years .." thing sounds wonderful. Would make a neat poster/flyer, too. -- Greg Broiles greg at goldenbear.com Golden Bear Computer Consulting +1 503 465 0325 Box 12005 Eugene OR 97440 BBS: +1 503 687 7764 From nate at VIS.ColoState.EDU Mon Aug 2 17:51:32 1993 From: nate at VIS.ColoState.EDU (CVL staff member Nate Sammons) Date: Mon, 2 Aug 93 17:51:32 PDT Subject: "Big Brother Inside" tshirts Message-ID: <9308030049.AA21541@vangogh.VIS.ColoState.EDU> I regret to inform the group that I cannot make the T-shirts. I have no money to fund them, and even less time. I do, however, encourage anyone else who want to make the shirts to do so. I uploaded the logos to soda this morning, so they should be available soon (if not already). I printed on of the images out (the large one) and it looked great...... I am sorry for this, but I am absolutely financially strapped now. BTW, the images names started with "BigBro" -= and if you want, you can strip off the "Image Edited by Nate Sammons" line I dropped in the lower right corner of the large images (it was in, I think, 12-pixel high letters). Well, for anyone whe makes the T-shirts, put something cool on the back, and sign me up for one, size XL. -nate sammons nate at vis.colostate.edu From wcs at anchor.ho.att.com Mon Aug 2 18:21:33 1993 From: wcs at anchor.ho.att.com (Bill_StewartHOY0021305) Date: Mon, 2 Aug 93 18:21:33 PDT Subject: Encrypted BBS? Message-ID: <9308021921.AA11320@anchor.ho.att.com> > > Would it be at all possible, given today's present state of > >cryptography, to run a bbs in a totally encrypted form? If so, are there > >any software packages out there that accomplish this at some level? You've got to think about what threats you're trying to protect against. - Confiscated Machine - this can be done today with commercial products, a no-brainer. You keep the disk in encrypted form, either using software or a hardware-assist DES board, and it's automatically handled by your disk drivers using a boot-time secret-key password. Neither your users nor your BBS sofware knows any difference. (Obviously you also want to decrypt your backup floppies.) - Wiretapping - there are tons of possible solutions, at varying amounts of work. you can either do this with public or secret-key approaches, and you can use a shared secret key, separate secret keys, session keys set up using secret or public keys, etc. Most of these methods affect the BBS sofware itself, though you could use an encrypted telnet or other comm program instead, presumably in conjunction with the encrypted disk. A solution that requires a little more integration is to have the users upload the files encrypted (using random keys), and upload the keys (encrypted) and have the host recrypt them with the readers public or private keys, either at upload or download time, or perhaps on a batch basis during idle time. You could probably adapt PGP to retain the initial key for each file, and only re-encrypt the key when a user wants to download it, instead of re-encrypting the whole file. - Untrusted users - if there may be narcs on your box, you've got to give the users control over who can access what messages they create. If the users trust *you*, you can use some sort of password-based system; some existing BBSs presumably provide this, and you can even hack Usenet to do it (for non-NNTP use, anyway) using Unix groups; this allows groups of users who trust each other but not other users. - Untrusted Sysadm - if *you* may be a narc :-), your users can include PGP-encrypted messages in their postings, and there's not much you can do about it :-) This somewhat solves the untrusted-user problem as well, though it makes the closed user group bit more annoying. Bill Stewart From wcs at anchor.ho.att.com Mon Aug 2 18:32:39 1993 From: wcs at anchor.ho.att.com (Bill_StewartHOY0021305) Date: Mon, 2 Aug 93 18:32:39 PDT Subject: Skipjack Panel Message-ID: <9308021853.AA11158@anchor.ho.att.com> I'll disagree with Mr. Thug. It probably *is* in the interests of the National Spook Agency to have the SkipJack algorithm secure; they've taken too much heat in the past for DES, and if they can't convince enough of us that we can trust them, we'll all use real encryption products from independent vendors, or at least triple-DES. The Key Escrow business strikes me as major sleight of hand, but even if they don't steal the keys somewhere in that process, they can change to rules so they can get them from the experts. Obviously they could hide weaknesses anywhere in the system, but the SkipJack part is pretty clean, and trapdoors in the chip itself are a lot of trouble to use compared to the escrow process. Right now they're trying to draw everybody's attention to the foot-thick concrete walls and roof, and the final release of the report will emphasize the heavy steel door with the big bulletproof neon sign saying "COPS ONLY" and the elaborate ceremony for opening the two case-hardened real-estate-agent locks on the doors, so you forget to notice that they've already made a spare copy of the key, and maybe you can pop the unbreakable titanium pins out of the hinges as well. Bill # Bill Stewart wcs at anchor.ho.att.com +1-908-949-0705 Fax-4876 # AT&T Bell Labs, Room 4M-312, Crawfords Corner Rd, Holmdel, NJ 07733-3030 From cme at ellisun.sw.stratus.com Mon Aug 2 20:27:40 1993 From: cme at ellisun.sw.stratus.com (Carl Ellison) Date: Mon, 2 Aug 93 20:27:40 PDT Subject: ... Message-ID: <9308030325.AA13237@ellisun.sw.stratus.com> >Subject: ... >From: greg at ideath.goldenbear.com (Greg Broiles) >Message-Id: >Date: Mon, 02 Aug 93 16:55:01 PDT > >The "celebrating 400 years .." thing sounds wonderful. Would make a neat >poster/flyer, too. Thanks. It's 4000 years, BTW. I assume your 400 was a typo. - Carl From nobody at soda.berkeley.edu Mon Aug 2 22:09:03 1993 From: nobody at soda.berkeley.edu (nobody at soda.berkeley.edu) Date: Mon, 2 Aug 93 22:09:03 PDT Subject: REMAIL: Anonymous posts Message-ID: <9308030504.AA01150@soda.berkeley.edu> -----BEGIN PGP SIGNED MESSAGE----- Several people have asked about anonymous posting given that the utexas gateway is blocking (some?) cypherpunks remailers. Another possibility is to use Julf's anonymous remailer in Finland. I'm not sure what groups it posts to but I'm pretty sure it includes sci.crypt and most of the alt groups. For more security, you can mail to it from my remailer at hfinney at shell.portal.com, and probably other cypherpunks remailers as well. I'm pretty sure my other remailer, hal at alumni.caltech.edu, will work too. Send mail of the form: ========================= cut ==================== :: Request-Remailing-To: alt.privacy at anon.penet.fi This is a post to alt.privacy. ========================= cut ==================== This should work. You can also use PGP encryption; encrypt that message above with the PGP public key of my remailer, add the header: :: Encrypted: PGP and a blank line before the -----BEGIN PGP MESSAGE----- line, and send it to the remailer. You can chain through a bunch of cpunks remailers using Karl's scripts for higher security. Hal Finney hfinney at shell.portal.com -----BEGIN PGP SIGNATURE----- iQCVAgUBLF28O6gTA69YIUw3AQFj8QQAvaATrxKVYbKR4Jvj/Oj54DYJT7NdSs+z lozanaG70YJRnJNI5EAzRK8mT9egjxHzd41aa/XqEeuC9qjLCA5qDYQEhsFFr6tw LclgvXJ9I8xFvzHmIa7sVEytlWhDZJHXImHcyoFxAsmNFbLBJ5/h1szNgCx6NpzV UnmXw3ftshQ= -----END PGP SIGNATURE----- From anonymous at extropia.wimsey.com Tue Aug 3 00:29:05 1993 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Tue, 3 Aug 93 00:29:05 PDT Subject: REMAIL: Virtual remailers Message-ID: <199308030627.AA12383@xtropia> -----BEGIN PGP SIGNED MESSAGE----- I run two remailers; one is hal at alumni.caltech.edu and the other is hfinney at shell.portal.com. The first one is on a system to which I have free access, while the second is on a system for which I am paying about $40 a month. I feel like the second one is "stronger" politically, since I am paying hard-earned money for it. Also, I remember the summaries that were posted of last year's Hacker's conference, in which it was stated that the owner of the Portal system was eager to support remailers. I don't know if he realizes that he is indirectly supporting them now since I am using my Portal account to run one, but I feel that if they get some complaints and come to me, I might be able to get the boss to step in on my behalf. Given this situation, it has occured to me that it would be easy to have the caltech remailer forward all mail to the portal remailer, to be remailed from there. This way nobody would receive objectionable mail from the caltech account, and no one would ask for it to be shut down. In the past, we have had suggestions that this would be a desirable mode of operation for our cypherpunks remailers: to have the "front ends" be a different set of machines than the actual remailers. It was said that this would represent a sort of "distributed computing" environment, a "virtual remailer" that would span the network, thus making it harder to shut down. I did not really agree with these arguments, since I felt that the targets would simply be the final-remailing machines, since these are the ones from which people would receive anonymous mail. If they were shut down, then other machines would have to come on-line to replace them. Given that such replacements actually existed, I felt that it would be better simply to use them from the beginning as stand-alone remailers, so that there would be more remailers out there for people to use. Now I am faced with a concrete test of this principle, and I'm soliciting suggestions. Would it be better to keep my two remailers operating, even though I might eventually have to shut one down due if complaints arise? Or should I make one just a front-end for the other, thereby creating a "virtual remailer" (a term I don't really agree with) which spans the two machines and which makes it unlikely that the front-end remailer at caltech will be terminated. Are there any advantages to having the caltech remailer if it just feeds into the one at portal? I'm not sure I see much point in keeping it operating if it performs no useful task. On the other hand, if people do see advantages, we could create a set of "second-tier" remailers which would be politically safe. They would always feed into one of the "first-tier" remailers which would be the ones which would actually send mail. No anonymous mail or postings would ever come from these second-tier remailers, hence their operators, owners, and sysops would receive no complaints. Perhaps more people would be willing to run remailers on this basis, knowing they were relatively immune from political pressure. Hal Finney hfinney at shell.portal.com -----BEGIN PGP SIGNATURE----- iQCVAgUBLF2/d6gTA69YIUw3AQEHOQP/dU996sl0yQk8FlbSVG3LjUzLOIg7ktGs 57IRPU9zWJXOTGbxxhcA/p+kApXzU4hwnLV4ch9+DFst/hPFDMoHuuetmUMSLscL EjaCz5ySzS532i/6TdfNbHMiDMgpWNIorQCysC+Ilpi5J9VCBXURbd0ZSlMPj19a 0crq5P/scvA= -----END PGP SIGNATURE----- From greg at ideath.goldenbear.com Tue Aug 3 00:57:39 1993 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Tue, 3 Aug 93 00:57:39 PDT Subject: Remailer configuration Message-ID: <0w5o8B1w164w@ideath.goldenbear.com> Hal Finney writes and asks what folks think about his remailers - if two are better than one, etc. My two cents' worth is that two is better; already we're starting to see applications (like the UT mail-to-news gateway) where people are filtering known remailers out. The bigger the list of remailers which might be sending mail, the harder it'll be to do that sort of thing. I wonder how big the list would need to get before sysadmins would consider it more economical to abandon filtering entirely? Let a thousand flowers bloom. -- Greg Broiles greg at goldenbear.com Golden Bear Computer Consulting +1 503 465 0325 Box 12005 Eugene OR 97440 BBS: +1 503 687 7764 From gast at cs.ucla.edu Mon Aug 2 18:23:16 1993 From: gast at cs.ucla.edu (gast at cs.ucla.edu) Date: Tue, 3 Aug 93 01:23:16 GMT Subject: FBI wants to ban Crypto Message-ID: <1993Aug3.012316.9036@cs.ucla.edu> I just heard a little of the report on NPR on Saturday, but it seems that the FBI went public last week at a security conference with its desires to ban cryptography, at least crypto that it cannot break. The FBI said that in four different wiretap cases, it got encrypted messages instead of talk. I know that the FBI has previously announced similar plans including at CFP-2, but this seems to be a new salvo. David From Brad.Huntting at HK.Super.NET Tue Aug 3 02:39:38 1993 From: Brad.Huntting at HK.Super.NET (Brad Huntting) Date: Tue, 3 Aug 93 02:39:38 PDT Subject: crypto in HK Message-ID: <199308030938.AA25459@hk.super.net> Greetings from Hong Kong. I've spent the last couple weeks helping setup Hong Kong SuperNet, the first dialup Internet provider in China. Sudenly last week, it dawned on me! I'm not in Kansas anymore! I dont have to worry about ludicrous RSA patents, or antiquated export laws! In fact there's not much respect for any intelectual property laws here, but that's another matter.... So, I have two question's: First, where (outside of the US) can I ftp (or mirror) the latest version of PGP? Second, does anyone know where I can find the RSA extensions for ISODE (often called the osisec package). There's an ftp site in the UK, but the files are all des'ed, and the person with the key is ignoring my e-mail messages. brad From bart at netcom.com Tue Aug 3 02:57:42 1993 From: bart at netcom.com (Harry Bartholomew) Date: Tue, 3 Aug 93 02:57:42 PDT Subject: Other shoe drop confirmation Message-ID: <9308030956.AA27451@netcom5.netcom.com> Well, somebody else heard the story as I did. Bart From nate at VIS.ColoState.EDU Tue Aug 3 07:54:13 1993 From: nate at VIS.ColoState.EDU (CVL staff member Nate Sammons) Date: Tue, 3 Aug 93 07:54:13 PDT Subject: Sterilized medflies of crypto Message-ID: <9308031453.AA22423@vangogh.VIS.ColoState.EDU> Detweiler says: We should fight the only thing which matters: key registration. I think that he has a point here. The SkipJack *may* be secure, it may not (my feeling is that it is not), but the whole bit about key registration is absolutely absurd (at best). -nate sammons nate at vis.colostate.edu From elee9sf at Menudo.UH.EDU Tue Aug 3 10:14:13 1993 From: elee9sf at Menudo.UH.EDU (Karl Barrus) Date: Tue, 3 Aug 93 10:14:13 PDT Subject: BOOK: Differential Cryptanalysis Message-ID: <199308031713.AA16913@Menudo.UH.EDU> Just yesterday I saw _Differential Cryptanalysis of the Data Encryption Standard_ by Biham and Shamir at a local bookstore and immediately purchased it. It is published by Springer-Verlag (who also publish Salomaa's _Public Key Cryptography_); ISBN 0-387-97930-1 and 3-540-97930-1. The book describes the differential cryptanalysis attack, which is also applicable to "bounded-round versions" of certain other cryptosystems [what is a "bounded-round version" anyway?]. Phil Zimmerman is acknowledged in the Preface [could this be the same prz of PGP?] I haven't had a chance to read the book - I've just been flipping around so far, but here are the chapters: 1 Introduction 2 Results 3 Introduction to Differential Cryptanalysis 4 Differential Cryptanalysis of DES Variants four rounds six rounds eight rounds arbitrary number of rounds modified variants of DES DES with independent keys generalized DES 5 Differential Cryptanalysis of the Full 16-Round DES 6 Differential Cryptanalysis of FEAL FEAL-8 FEAL-N and FEAL-NX other properties 7 Differential Cryptanalysis of Other Cryptosystems Khafre REDOC-II LOKI Lucifer 8 Differential Cryptanalysis of Hash Functions Snefru N-Hash 9 Non-Differential Cryptanalysis of DES with a Small Number of Rounds Ciphertext Only Known Plaintext Statistical Known Plaintext Appendix A: Description of DES Appendix B: Difference Distribution Tables of DES I doesn't look like IDEA, MD4, or MD5 are mentioned. /-----------------------------------\ | Karl L. Barrus | | elee9sf at menudo.uh.edu | <- preferred address | barrus at tree.egr.uh.edu (NeXTMail) | \-----------------------------------/ From mdiehl at vesta.unm.edu Tue Aug 3 11:07:52 1993 From: mdiehl at vesta.unm.edu (J. Michael Diehl) Date: Tue, 3 Aug 93 11:07:52 PDT Subject: Sign my Key? Message-ID: <9308031806.AA24971@vesta.unm.edu> Hi all! Well, I'm getting married Aug. 7. for our Honeymoon, we are taking a driving trip through Pheonix, Az., Las Angeles, Ca., Sacramento, Ca., and Denver Co. I MIGHT be able get away from my wife in order to have my pub key signed. Are there any Cypherpunks in these cities who might be willing to sign my key? Thanx in advance. Laters. ========================+==========================================+ J. Michael Diehl ;^) | Have you hugged a Hetero........Lately? | mdiehl at triton.unm.edu | "I'm just looking for the opportunity to | mike.diehl at fido.org help| be Politically Incorrect!" +=========+ al945 at cwns9.ins.cwru.edu| Is Big Brother in your phone? | PGP KEY | (505) 299-2282 (voice) | If you don't know, ask me. |Available| ========================+================================+=========+ PGP Key = 7C06F1 = A6 27 E1 1D 5F B2 F2 F1 12 E7 53 2D 85 A2 10 5D This message is protected by 18 USC 2511 and 18 USC 2703. Monitoring by anyone other than the recipient is absolutely forbidden by US Law From eric at Synopsys.COM Tue Aug 3 11:39:16 1993 From: eric at Synopsys.COM (eric at Synopsys.COM) Date: Tue, 3 Aug 93 11:39:16 PDT Subject: REMAIL: Virtual remailers In-Reply-To: <199308030627.AA12383@xtropia> Message-ID: <199308031838.AA12893@gaea.synopsys.com> Hal: you should definitely keep your caltech remailer up, and forwarding it to portal will not destroy its usefulness. Remember that a primary function of the remailers is to obscure the sender of a message. A message that passed through both caltech and portal would require collecting logs from both systems to trace back beyond that point. That can't be easier than collecting the logs from only one of the systems. -eric messick (eric at toad.com) From HAHN at lds.loral.com Tue Aug 3 13:17:52 1993 From: HAHN at lds.loral.com (Reply to: hahn@lds.loral.com) Date: Tue, 3 Aug 93 13:17:52 PDT Subject: PKZIP Encryption Been Compromised? Message-ID: <930803161718.1285@lds.loral.com> A friend of mine tells me that the encryption feature of the PKZIP compressor/archiver is vulnerable. I have been using it for private material that is not to be passed to anybody else. To what extent is this material vulnerable to attack, given that the attacker has no examples of a plaintext/ciphertext pair using my key. Also, to what extent is the vulnerability a function of the key length? Thanks in advance to anybody who can help me. Karl | (V) | "Tiger gotta hunt. Bird gotta fly. | (^ (`> | Man gotta sit and wonder why, why, why. | ((\\__/ ) | Tiger gotta sleep. Bird gotta land. | (\\< ) der Nethahn | Man gotta tell himself he understand." | \< ) | | ( / | Kurt Vonnegut Jr. | | | | ^ | From talon57 at well.sf.ca.us Tue Aug 3 14:24:47 1993 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Tue, 3 Aug 93 14:24:47 PDT Subject: another shirt idea... Message-ID: <93Aug3.142353pdt.13986-1@well.sf.ca.us> How 'bout this one; NSA Mother to Big Brother MYK-78 Brian Williams Cypherpatriot From nobody at pmantis.berkeley.edu Tue Aug 3 15:11:41 1993 From: nobody at pmantis.berkeley.edu (nobody at pmantis.berkeley.edu) Date: Tue, 3 Aug 93 15:11:41 PDT Subject: PKZIP Encryption is worthless Message-ID: <9308032211.AA21345@pmantis.berkeley.edu> To the best of my knowledge, PKZip uses a simple Vigenere algorithm for its encryption. There is a program called "zipcrack", widely available on BBSes, that does cryptanalysis of encrypted PKZip files. The rumor is that the "zipcrack" program originated in Russia, but really, cryptanalysis of the stuff that PK is using is relatively trivial. There are many good implementations of DES, including Symantec's in the Norton Utilities. You could also use PGP. But don't rely on PKZip to protect your privacy. That's not what it's designed for. Note the reply-to address above if you wish to reply. From bart at netcom.com Tue Aug 3 16:11:41 1993 From: bart at netcom.com (Harry Bartholomew) Date: Tue, 3 Aug 93 16:11:41 PDT Subject: mail failed, returning to sender (fwd) Message-ID: <9308032311.AA28097@netcom5.netcom.com> Forwarded message: From Jon_Axelrad at third.wsgr.com Tue Aug 3 16:39:24 1993 From: Jon_Axelrad at third.wsgr.com (Jon_Axelrad at third.wsgr.com) Date: Tue, 3 Aug 93 16:39:24 PDT Subject: Cypherpunk Mailing List Message-ID: <9308032329.AA25435@radiomail.net> I've read about the cypherpunks and your mailing list in recent issues of _Wired_ and the _Whole Earth Review_. I support your goals and would appreciate being added to the mailing list. While I probably couldn't contribute to discussions from a technical standpoint, I am a lawyer and may have an occasional useful comment on policy/legal matters. From hughes at soda.berkeley.edu Tue Aug 3 17:59:24 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Tue, 3 Aug 93 17:59:24 PDT Subject: ADMIN: misconfigured host north.net has been removed from the list Message-ID: <9308040054.AA15387@soda.berkeley.edu> The host north.net is misconfigured to send mail to itself forever, that is, until it bounces. I've removed it from the list, so any further problems with this host may be ignored. Eric From MAILER-DAEMON at uunorth.north.net Tue Aug 3 15:07:00 1993 From: MAILER-DAEMON at uunorth.north.net (MAILER-DAEMON at uunorth.north.net) Date: Tue, 3 Aug 93 18:07 EDT Subject: mail failed, returning to sender Message-ID: |------------------------- Failed addresses follow: ---------------------| accesspt.north.net!brettm ... loop detection: maximum hop count exceeded |------------------------- Message text follows: ------------------------| Received: from uunorth.uucp by uunorth.north.net with uucp (Smail3.1.28.1) id m0oNUVi-0001dLC; Tue, 3 Aug 93 18:07 EDT Received: from uunorth.uucp by uunorth.north.net with uucp (Smail3.1.28.1) id m0oNUTS-0001b8C; Tue, 3 Aug 93 18:04 EDT Received: from uunorth.uucp by uunorth.north.net with uucp (Smail3.1.28.1) id m0oNURC-0001dKC; Tue, 3 Aug 93 18:02 EDT Received: from uunorth.uucp by uunorth.north.net with uucp (Smail3.1.28.1) id m0oNUOM-0001b8C; Tue, 3 Aug 93 17:59 EDT Received: from uunorth.uucp by uunorth.north.net with uucp (Smail3.1.28.1) id m0oNULt-0001c8C; Tue, 3 Aug 93 17:57 EDT Received: from uunorth.uucp by uunorth.north.net with uucp (Smail3.1.28.1) id m0oNUJT-0001c8C; Tue, 3 Aug 93 17:54 EDT Received: from uunorth.uucp by uunorth.north.net with uucp (Smail3.1.28.1) id m0oNUH5-0001c7C; Tue, 3 Aug 93 17:52 EDT Received: from uunorth.uucp by uunorth.north.net with uucp (Smail3.1.28.1) id m0oNUEY-0001c7C; Tue, 3 Aug 93 17:49 EDT Received: from uunorth.uucp by uunorth.north.net with uucp (Smail3.1.28.1) id m0oNUBz-0001b8C; Tue, 3 Aug 93 17:46 EDT Received: from uunorth.uucp by uunorth.north.net with uucp (Smail3.1.28.1) id m0oNU9a-0001b8C; Tue, 3 Aug 93 17:44 EDT Received: from uunorth.uucp by uunorth.north.net with uucp (Smail3.1.28.1) id m0oNU79-0001c7C; Tue, 3 Aug 93 17:41 EDT Received: from uunorth.uucp by uunorth.north.net with uucp (Smail3.1.28.1) id m0oNTpc-0001c7C; Tue, 3 Aug 93 17:23 EDT Received: from uunorth.uucp by uunorth.north.net with uucp (Smail3.1.28.1) id m0oNTnB-0001c8C; Tue, 3 Aug 93 17:21 EDT Received: from uunorth.uucp by uunorth.north.net with uucp (Smail3.1.28.1) id m0oNTka-0001c8C; Tue, 3 Aug 93 17:18 EDT Received: from uunorth.uucp by uunorth.north.net with uucp (Smail3.1.28.1) id m0oNTiB-0001c8C; Tue, 3 Aug 93 17:15 EDT Received: from uunorth.uucp by uunorth.north.net with uucp (Smail3.1.28.1) id m0oNTfX-0001c8C; Tue, 3 Aug 93 17:13 EDT Received: from uunorth.uucp by uunorth.north.net with uucp (Smail3.1.28.1) id m0oNTcu-0001c8C; Tue, 3 Aug 93 17:10 EDT Received: from uunorth.uucp by uunorth.north.net with uucp (Smail3.1.28.1) id m0oNTaB-0001c7C; Tue, 3 Aug 93 17:07 EDT Received: from uunorth.uucp by uunorth.north.net with uucp (Smail3.1.28.1) id m0oNTXp-0001c7C; Tue, 3 Aug 93 17:05 EDT Received: from uunorth.uucp by uunorth.north.net with uucp (Smail3.1.28.1) id m0oNTVY-0001c8C; Tue, 3 Aug 93 17:02 EDT Received: from netcom.com by uunorth.north.net with uucp (Smail3.1.28.1) id m0oNJFk-0001eWC; Tue, 3 Aug 93 06:05 EDT Received: from toad.com by relay2.UU.NET with SMTP (5.61/UUNET-internet-primary) id AA26190; Tue, 3 Aug 93 06:06:28 -0400 Received: by toad.com id AA20888; Tue, 3 Aug 93 02:57:42 PDT Received: by toad.com id AA20824; Tue, 3 Aug 93 02:55:25 PDT Return-Path: Received: from netcom5.netcom.com ([192.100.81.113]) by toad.com id AA20820; Tue, 3 Aug 93 02:55:23 PDT Received: by netcom5.netcom.com (5.65/SMI-4.1/Netcom) id AA27451; Tue, 3 Aug 93 02:56:11 -0700 From: bart at netcom.com (Harry Bartholomew) Message-Id: <9308030956.AA27451 at netcom5.netcom.com> Subject: Other shoe drop confirmation To: cypherpunks at toad.com Date: Tue, 3 Aug 93 2:56:10 PDT X-Mailer: ELM [version 2.3 PL11] Well, somebody else heard the story as I did. Bart >From netcom.com!csus.edu!decwrl!decwrl!spool.mu.edu!agate!library.ucla.edu!ddsw1!uunet!news.claremont.edu!ucivax!ucla-cs!gast Tue Aug 3 02:52:20 1993 Newsgroups: alt.privacy.clipper Path: netcom.com!csus.edu!decwrl!decwrl!spool.mu.edu!agate!library.ucla.edu!ddsw1!uunet!news.claremont.edu!ucivax!ucla-cs!gast From: gast at cs.ucla.edu Subject: FBI wants to ban Crypto Message-ID: <1993Aug3.012316.9036 at cs.ucla.edu> Originator: gast at oahu.cs.ucla.edu Sender: usenet at cs.ucla.edu (Mr Usenet) Nntp-Posting-Host: oahu.cs.ucla.edu Reply-To: gast at CS.UCLA.EDU (David Gast) Organization: UCLA Computer Science Department Distribution: alt Date: Tue, 3 Aug 93 01:23:16 GMT Lines: 10 I just heard a little of the report on NPR on Saturday, but it seems that the FBI went public last week at a security conference with its desires to ban cryptography, at least crypto that it cannot break. The FBI said that in four different wiretap cases, it got encrypted messages instead of talk. I know that the FBI has previously announced similar plans including at CFP-2, but this seems to be a new salvo. David -- From murphy at s1.elec.uq.oz.au Tue Aug 3 18:09:24 1993 From: murphy at s1.elec.uq.oz.au (Peter Murphy) Date: Tue, 3 Aug 93 18:09:24 PDT Subject: crypto in HK In-Reply-To: <199308030938.AA25459@hk.super.net> Message-ID: <9308040106.AA28473@s2.elec.uq.oz.au> > > > Greetings from Hong Kong. > > I've spent the last couple weeks helping setup Hong Kong SuperNet, the > first dialup Internet provider in China. > > Sudenly last week, it dawned on me! I'm not in Kansas anymore! I dont > have to worry about ludicrous RSA patents, or antiquated export laws! > In fact there's not much respect for any intelectual property laws > here, but that's another matter.... > > So, I have two question's: > > First, where (outside of the US) can I ftp (or mirror) the latest > version of PGP? Try nic.penet.fi . > > Second, does anyone know where I can find the RSA extensions for ISODE > (often called the osisec package). There's an ftp site in the UK, but > the files are all des'ed, and the person with the key is ignoring my > e-mail messages. > No idea. I'm sorry. > > brad > Peter. -- ============================================================================= Peter Murphy - Department of Electrical Engineering,|Phone: 61 - 7 - 300 3452. University of Queensland: murphy at s2.elec.uq.oz.au .|------------------------ "Contrary to popular belief, the wings of demons are|Please do not put any the same as the wings of angels, although they're |Heinlein quotes in your often better groomed." - Terry Pratchett. |.sig - they're old. ============================================================================= From peb at PROCASE.COM Tue Aug 3 18:11:42 1993 From: peb at PROCASE.COM (Paul Baclace) Date: Tue, 3 Aug 93 18:11:42 PDT Subject: Sterilized Medflies of Crypto Message-ID: <9308040110.AA00834@banff.procase.com> >hardware backdoor The NSA does mask inspection for it's own purposes. They require source code for products they buy under certain conditions too. The CIA has been accused of stealing a company's source code and reselling said software modified with a trojan horse to specific targets outside the U.S. I don't remember the name of the company, but read about the lawsuit pending against the government. Anyone have more details? This is nice evidence for people who think the spooks are fully accountable. Paul E. Baclace peb at procase.com From julf at penet.FI Tue Aug 3 22:24:25 1993 From: julf at penet.FI (Johan Helsingius) Date: Tue, 3 Aug 93 22:24:25 PDT Subject: crypto in HK In-Reply-To: <9308040106.AA28473@s2.elec.uq.oz.au> Message-ID: <9308040723.aa12479@penet.penet.FI> > > First, where (outside of the US) can I ftp (or mirror) the latest > > version of PGP? > > Try nic.penet.fi . Er... Nice to be famous, but... It's nic.funet.fi... Julf From tcmay at netcom.com Tue Aug 3 23:01:44 1993 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 3 Aug 93 23:01:44 PDT Subject: Inslaw and PROMIS software In-Reply-To: <9308040110.AA00834@banff.procase.com> Message-ID: <9308040600.AA10364@netcom5.netcom.com> > The CIA has been accused of stealing a company's source code and > reselling said software modified with a trojan horse to specific targets > outside the U.S. I don't remember the name of the company, but read about > the lawsuit pending against the government. Anyone have more details? > This is nice evidence for people who think the spooks are fully accountable. > > > Paul E. Baclace That sounds like the Inslaw case, in which their "PROMIS" (for "Prosecution MIS") software was allegedly stolen/taken by government agencies for various uses. There are many tangled threads to this story: the murder of Danny Casolaro, back doors, Ed Meese, Cabazon Indian Reservation, Dr. Earl Brian, Contra arms deals, Iraqgate, Israel, NSA SIGINT facilities, Elliot Richardson, and on an on. This story comes up frequently and was described here in Cypherpunks some months back by Kelly Goen, if I remember correctly. I won't recap the story tonight. Check out alt.conspiracy for some discussion (though you may have to wait a while for this topic to come back around). My opinion: There's something to the stories. -Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From greg at ideath.goldenbear.com Tue Aug 3 23:28:01 1993 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Tue, 3 Aug 93 23:28:01 PDT Subject: Sterilized Medflies of Crypto Message-ID: uunet!PROCASE.COM!peb (Paul Baclace) writes: > The CIA has been accused of stealing a company's source code and > reselling said software modified with a trojan horse to specific targets > outside the U.S. I don't remember the name of the company, but read about > the lawsuit pending against the government. Anyone have more details? > This is nice evidence for people who think the spooks are fully accountable. This sounds like the Inslaw thing - a company called Inslaw sold some software for case management and person-tracking (intended for use by prosecuting attorneys for maintaining dossiers, etc.) to the Justice department. Then (the story goes) the Justice department deliberately failed to make agreed-upon payments and screwed around with Inslaw's cash flow to the point that they were forced into choosing between bankruptcy and selling out to another software company owned by cronies of Ed Meese. They chose bankruptcy and subsequently sued the Justice Department. The first judge who heard the case ruled in Inslaw's favor was not reappointed to his seat. I'm unable to remember the specifics of the following events - and the above summary probably leaves out important stuff. I've got a few text files on this - if folks are interested I can upload them to the soda archives. This is also related to the "suicide" of writer Danny Casolaro about 2 years ago in Washington, D.C. - he was working on a book on this mess, supposedly discovered something pretty important, then allegedly killed himself. Conspiracy stuff abounds with this. Supposedly the PROMIS software has also been given to Canadian intelligence/police forces, as well as the Israelis. It's a pretty sordid story and frankly I dunno how much of it to believe. I don't know if this is exactly relevant to Cypherpunk stuff (and it's long) so I'm not posting it to the list, but I can mail or ftp the stuff to interested folks. -- Greg Broiles greg at goldenbear.com Golden Bear Computer Consulting +1 503 465 0325 Box 12005 Eugene OR 97440 BBS: +1 503 687 7764 From ld231782 at longs.lance.colostate.edu Tue Aug 3 23:29:14 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Tue, 3 Aug 93 23:29:14 PDT Subject: CAKE--Citizens Against Key Escrow Message-ID: <9308040625.AA21063@longs.lance.colostate.edu> Hey cypherfolks. It seems to me that the fundemental issue of the acceptability of key escrow is not getting debated well enough in the mainstream media. The Clipper debate keeps getting framed in terms of `who will be the escrow agencies' or `how secure is the algorithm really' or whatever. Also, I'm a bit disappointed in both EFF and CPSR not coming out with firm positions *against* key escrow systems in general (CPSR spokesman: `I don't want to sound too stridently opposed...'). We have something of a void. The problem is that the stance is seen as anti-law enforcement by these organizations (or they are afraid it will be perceived that way). Anyway, as part of the propaganda effort, I am proposing starting a new `group' called the Citizens Against Key Escrow. (Now, don't get too excited.) To start out, what would be ideal is just a document describing Clipper, a lot of anti-Clipper propaganda, and the appended *signatures* of everyone who is a `member' of CAKE and affirms the position `unlimited and unrestricted use of strong cryptography is an inalienable right.' Please do *not* mail me saying that you want to sign it. I'm not ready. In particular, I'd like to propose that a patriotic cypherpunk set up a mini-email server to handle signature additions, so that people can send automated messages. Then, when this is posted to sci.crypt and circulated to every dark corner of Cyberspace, the ability to handle the traffic will be automatic, and hopefully we will collect *many* signors. (Yes, there could be tricky authentication issues with names. I would like to see the utmost attention given to the veracity of signors if possible. If `David Sternlight' makes it to the list we know its fake, and people could criticize it on that ground. Maybe some way to `contest signatures' via email--if a signature is contested it is removed?) By the way, the supposed `comprehensive policy review' blared in the Clipper announcement by the Clinton adminstration regarding cryptographic policies (export, freedom of use, etc.) is rumored to be over in mid-September. Surprise, they haven't contacted us yet! This document would be something tangible to present and herald to them *prior* to a big ugly hand-me-down announcement. If we got press coverage of our view, saying that we're being excluded, that these are the real issues at stake, and then the real announcement came out shortly thereafter with all the inevitable bad news, it would be a great PR coup. Anyway, here are some propaganda items that will be included in the final document if this actually happens. I'd really appreciate if anyone would contribute *specific* paragraphs. (I've never really gotten great response from this kind of query, despite a lot of lip service and excitement, and judging by the current Cypherpunk FAQ this is not uncommon, but I'm the eternal optimist.) - Description of Clipper - Emphatic terms: we think Skipjack could be a strong algorithm, but key escrow is inappropriate for a civilized cyberspatial society - of course, we're not against law enforcement in general! we just believe that just as the government currently has the capability to wiretap insecured communications, the public has a right to thwart wherever it wants with it secured - Debate on security of key agencies, who will be `it' etc. are smokescreen decoys by the NSA - Indications that key escrow is not the actual fundamental motivation of Clipper, from FOIA documents (the classification of the national security reasons), the rather pathetic circumlocutions about vaults and the agencies, etc. - Maybe a little history of NSA and the abuses from Bamford - Jefferson as cryptographic innovator, other revolutionaries requiring anonymity and security in their writing - Constitutional issues: freedom of speech and illegal search & seizure - cryptographic device export restriction by the NSA - Quotes from the FBI and NSA: cryptography is like nitroglycerin, we might have a lot of dead bodies lying around, all the waffling quotes about whether cryptography should be regulated, etc. If you have anything on the above, please send it! In particular I need `mini-essays'. This is another project that everyone can contribute to and prove we're not just a bunch of listless, noisy, inconsequential nihilists. (Once again, my optimism overshadows my memory.) From ld231782 at longs.lance.colostate.edu Wed Aug 4 00:29:25 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Wed, 4 Aug 93 00:29:25 PDT Subject: comments on Denning's American Scientist article on Clipper Message-ID: <9308040728.AA22252@longs.lance.colostate.edu> Some notes on the D. Denning article on Clipper in Sigma Xi American Scientist, July-August, vol 81 p. 319-323. Essentially almost nothing new for people who have tracked the debate on the Internet. Some tiny scraps at the end. This is a sort of `Scientific American' article on the Clipper chip. Apparently it was written before the switch to the Skipjack moniker, although under the photo caption of the chip it states `The name `Clipper Chip' should not be confused with Integraph Corperation's microprocessor.' The article begins by noting that cryptography is as ancient as Julius Caesar and the Gallic Wars. Clinton's Clipper and Capstone as a `new government standard for encryption.' Short blurb on public key cryptosystems a la Diffie & Hellman and RSA in mid 1970s, `a turning point in the development of modern cryptosystem.' (Madam, it is a revolution.) DES in 1977 by IBM `with advice from the National Security Agency.' Mentions PEM as example of `growing interest in strong cryptosystems that protect unclassified, private-sector telecommunications and computer data.' Next, the AT&T Model 3600 Telephone Security Device, which used the DES chip that `illustrates the basic issues--some technical and some societal--involved in securing voice communcations.' Denning says the key exchange algorithm in the phone is `proprietary' but gives the Diffie Hellman math as example. Then we hear of Omnibus Crime Control and Safe Streets Act of 1968 that limits electronic surveillance, including wiretapping, to be `conducted lawfully only by law-enforcement agencies that are authorized with a court warrant, and then only for serious criminal activities in which other means of gathering evidence have failed, are likely to fail or are too dangerous.' `This act prohibits surveillance in other cases such as political discourse. The law provides a practical basis for safeguarding privacy rights while allowing legitimate criminal investigations. In applies only to federal investigations; two-thirds of the states have their own laws that govern local surveillance activities.' `Officials in the Dept. of Justice have become concerned that the increasing use of digital encoding and the success of public cryptography may make it impossible to intercept or understand criminal communications. The AT&T telephone device added urgency to that concern.' Hm, even the Clipper announcement didn't note any `concern'... Then, Clipper was `proposed' by Clinton administration to (1) secure telephone conversations, (2) preserve law-enforcement capability to `legally intercept the telephone conversations of suspected criminals' (wow, finally a word like `suspected' or `reputed' or `alleged' in conjunction with Clipper, a real milestone), and (3) split key escrow system that `balances' privacy. `The president declared that it is essential to establish these principles now, while the `national information infrastructure' is still young, so that privacy and effective law enforcement can guaranteed for everyone in years ahead.' I don't recall that proclamation. What were his exact words again? Next, description of Clipper and Capstone and the first user-friendly diagrams suitable for public consumption showing the key generation, communication session, and interception. Fairly detailed esp. with the key generation. Does not indicate at all how the key escrow agencies are assured that the chip IDs presented to them are actually of the people named in a warrant. `The details of the law-enforcement field are classified so that no one will be able to construct compatible chips that bypass this feature. Consequently, the structure of the law enforcement decoder is classified.' Then, Capstone as Clipper successor `will be relased this summer' with all the same elements plus DSA, key negotiation, exponentiation, and random number generator. `If the Capstone Chip become available on workstations and personal computers, it could also be used for Privacy Enhanced Mail.' (Boy, clearly someone at NSA is really concerned about this PEM thing.) Yeeks, here's the news: `The Clinton administration intends to [promote Clipper and] by developing and promulgating a standard for all sensitive, unclassified federal communications by the end of 1993.'' The ominous statement is that this seems to suggest something more than Clipper. `The Clinton administration believes that industry will follow the government's lead as it did in the 1970s with the DES system.' (we'll see.) `The administration does not propose to enforce the use of the Clipper Chip because it believes the technology will become widespread without coercion'. This is the tantalizingly familar NSAspeak into which people can read whatever they want, the same sounds-OK-except-to-here and what-are-they-really-saying sentence structure that permeated the Clipper announcment. Taken in the first half, it seems to be the most bold and unequivocal indication so far in the popular press that Clipper nor any other system will be `enforced'. On the other hand, it also has the ulterior suggestion that if the technology does *not* become widespread without coercion, some other attack will be formulated, and the `administration' cannot be considered liable for any seeming promises for unrestriction. Now, for the kicker: the National Security Council will finish their `comprehensive policy review' hinted in the Clipper announcement on `privacy, secure business communications, ... electronic surveillance, ... manufacture and export of advanced [cryptographic] products, use of advanced [cryptographic] technologies in digital networks and telecommunications, ... expected to be completed in September'. Can't wait for that one. `issues such as software encryption and private-sector standards are likely to be raised by industry during the process'. Don't you love that ubiquitous evasive passive voice? As the Clipper announcement stated `public debate is expected to intensify'...yelled at and echoing off the brick wall of the castle, soon to disgorge the concealed schemers with their Royal Proclamation for the Citizenry... At the end: `Note: the author obtained some of the information in this article during private briefings with the National Security Agency and the Federal Bureau of Investigation.' No kidding. From ld231782 at longs.lance.colostate.edu Wed Aug 4 00:49:58 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Wed, 4 Aug 93 00:49:58 PDT Subject: Clipper Key generation Message-ID: <9308040749.AA22749@longs.lance.colostate.edu> The Clipper key generation is almost too bizarre to contemplate. In the recent Denning article we still have the fantastically implausible (or at least unimaginable) indication that it is all done on a `laptop computer'. She left out the indication that it is destroyed. Only one implausibility at a time. Anyway, there are various aspects that don't entirely make sense, or seem to indicate some kind of ulterior design constraints. I would like to hear speculation on what the design constraints were. In particular, they could just let the key generator site create random keys. But then there would be accusations that they are encoding secret information or something, and the appearance is too much like `we will know all the keys' irrespective of key escrow agencies. So we have this picture of the two escrow agencies entering in information into the initial system that determines the final unit key, two 80 bit values. This means the escrow agencies could theoretically combine keys and reproduce the entire process to recompute the unit key and prove that the key generation as described is actually taking place. It also makes it look like the key originates completely from outside sources. But wait! The generation site (read: NSA in capital letters) supplies the `starting serial number'. That is, it is completely at the discretion of the NSA to determine the serial number. Now, given that this should be random and contain no extra information, wouldn't we all feel a bit more comfortable if the key escrow agencies also supplied it, or that it was based on their input? What could be put in the serial number that is useful? There are 64 bits to play with here and the two keys are 160. Denning says that it is `padded' -- almost a Freudian slip. The key generation process is rather interesting. It clearly is not `cryptographically secure' in the sense that it relies on the security of an algorithm for protection against abuse. This makes me think of the following problem, which I wonder how has been explored in the literature: consider it the Clean Key Generation problem. How can a chip be programmed such that no one ever has the complete key all at once? I would like to see the chip go through two stages: in the first stage the first agency plugs in their half of the secret key, in the second stage the second key agency does so, and the ability for either to read the other is impossible. This would guarantee there is no illicit archival. In fact, the centralized key generation in the scheme seems so absolutely preposterous, because it is not `cryptographically secure', it is only `NSA-assured-secure' (hey, a new category of communications security!) What is the assurance that the facility is `safe'? Alternatively, it would be very useful to devise some cryptographic or technological scheme whereby a chip could be programmed at a centralized location based on the input from multiple escrow agencies, but the complete key is never available to the programmers. Seems like a real catch-22, but then again so is public key cryptography (need to ruminate on this one some more). of course, these are all just theoretical ramblings and not to be taken in any way of endorsement of key escrow... From pcw at access.digex.net Wed Aug 4 05:38:08 1993 From: pcw at access.digex.net (Peter Wayner) Date: Wed, 4 Aug 93 05:38:08 PDT Subject: Key Generation Scheme... Message-ID: <199308041236.AA18293@access.digex.net> According to my latest communication with Dorothy Denning: "The key generation process is not as described in my earlier Clipper paper and is classifed. We did look at it and will come back to it in our Final Report." So don't even bother spending your time thinking about what she wrote before. -Peter From nate at VIS.ColoState.EDU Wed Aug 4 06:41:47 1993 From: nate at VIS.ColoState.EDU (CVL staff member Nate Sammons) Date: Wed, 4 Aug 93 06:41:47 PDT Subject: "Big Brother Inside" tshirts Message-ID: <9308041340.AA24461@vangogh.VIS.ColoState.EDU> I regret to inform the group that I cannot make the T-shirts. I have no money to fund them, and even less time. I do, however, encourage anyone else who want to make the shirts to do so. I uploaded the logos to soda this morning, so they should be available soon (if not already). I printed on of the images out (the large one) and it looked great...... I am sorry for this, but I am absolutely financially strapped now. BTW, the images names started with "BigBro" -= and if you want, you can strip off the "Image Edited by Nate Sammons" line I dropped in the lower right corner of the large images (it was in, I think, 12-pixel high letters). Well, for anyone whe makes the T-shirts, put something cool on the back, and sign me up for one, size XL. -nate sammons nate at vis.colostate.edu From pmulivor at eckert.acadcomp.monroecc.edu Wed Aug 4 07:08:09 1993 From: pmulivor at eckert.acadcomp.monroecc.edu (pmulivor at eckert.acadcomp.monroecc.edu) Date: Wed, 4 Aug 93 07:08:09 PDT Subject: Mulivor's new address Message-ID: <00970837.83594C00.13450@eckert.acadcomp.monroecc.edu> To the sizeable group of cypherpunks who have been in contact with me during the last couple weeks concerning my current magazine article: I've just been given a new e-mail address -- pmulivor at eckert.acadcomp.monroecc.edu. Please direct all e-mail there from now on. Thanks for the valuable assistance you've provided. I've enjoyed working with you all. Phil Mulivor 716 256-2222 716 244-7212 716 271-4052 (fax) From bwp at mindvox.phantom.com Wed Aug 4 08:54:34 1993 From: bwp at mindvox.phantom.com (Jane Doe) Date: Wed, 4 Aug 93 08:54:34 PDT Subject: things that have been on my mind Message-ID: <2FLR8B3w165w@mindvox.phantom.com> Reading Denning's latest remarks about the key generation process of Clipper being classified, and reading the latest tired redundant flame war with David Sternlight in Usenet, I have to wonder why so much energy is being spent trying to discredit these people who are obviously working towards Clipper and against pgp. Denning has her own agenda, Lord knows where it all comes from, and she's apparently listened to in the government. Sternlight, well, I can't get a handle on him, but it seems like his motives are somewhat similar to Denning's except that he hides his statements behind a veil of claiming to want what is "legal." The thing is, why spend any energy on these two at all? CP's write code. If CP's want to exert any political pressure at all, they should be working with CPSR and EFF to mount a public information drive similar to that which was put up against the FBI Wiretap-PBX deal. Making congressmen uncomfortable with Clipper and facilitating the efforts of reporters like those behind more the recent spate of news articles is where CP's can excel. Just my thought for the day. Preserving privacy is a cause worth fighting for, but keep your eyes on the prize. On the other hand, maybe there's nothing here to get upset over; after all, this is the same government that nominated Kimba Woods. ;-) -bwp From tcmay at netcom.com Wed Aug 4 10:24:36 1993 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 4 Aug 93 10:24:36 PDT Subject: Nice summary of NIST/PKP Deal in sci.crypt Message-ID: <9308041724.AA20926@netcom5.netcom.com> Ross Williams has distributed a nice summary of the current NIST/PKP/DSA situation in sci.crypt, entitled "NIST/PKP scandal: All you need to act." It's 2000 lines, so I'm not sending it out to the entire List (and, no, I was not the one Lance said chastised him, at least not so far as I know). Anyone without Usenet access to sci.crypt can mail me and I'll forward to you the Williams article. If enough folks are sci-crypt-deprived, perhaps I'll post the whole thing. Cheers, -Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From chaos at aql.gatech.edu Wed Aug 4 13:59:37 1993 From: chaos at aql.gatech.edu (Paul Goggin) Date: Wed, 4 Aug 93 13:59:37 PDT Subject: InfoWorld Letter Message-ID: <9308042058.AA22297@toad.com> Brought to without permission of anyone in authority. InfoWorld August 2,1993 Section: To the Editor (pg.54) _Big Brother's encryption_ In his Peer to Peer essay on the Clipper data encryption chip (see "Clipper chip won't clip your wings, it will just protect the unprotected," June 21, page 55), A. Padgett Peterson contends that "the government has more to lose by being exposed to world ridicule from a trapdoor or backdoor than it can hope to gain." My direct experience with the National Security Agency indicates otherwise. At the 1981 fall Comdex, Epic computer Corp. unveiled Kryptyk, the only commerical E-mail crypto package for CP/M computers. My software team and I had implemented the first RSA public key cryptosystem for microprocessors. Our booth was swamped with managers from the Fortune 500 and many international firms. Our ecstasy was still strong when a week later we were visited by the NSA. I proudly explained that we could not inject a trapdoor function -- that cracking the algorithm was computationally infeasible, even with the then- recent advances of prime number theory in France. Within a month we received a letter from the Bureau of Tobacco and Firearms the proclaimed our product was "strategic munition" and could not be sold either to multinational companies nor outside the continental United States -- a heavy penalty for not allowing a trapdoor. And we should believe that NIST and NSA did not boobytrap the Clipper chip? I agree with Mr. Peterson that "security by obscurity just does not work." Remember Watergate? Teh Warren Commission's magic-bullet findings? But as long as governments are the only people who can depend on having secrets, they will always view their citizenry as fools to be manipulated. And when governments sanction data security, rest assured they can freely "E-avesdrop" Steven Fisher, CDP Controlled Information Environments Compuserve: 71750,3203 All spelling mistakes my own. Paul -- R O All Comments Copyright by | Technofetisht A N Paul S. Goggin (1993) | Cypher, Cyber, Chaos V Information Broker | Ergoflux, Interzone E chaos at aql.gatech.edu | Carpe Diem: Stop the Clipper wiretap chip Finger account for latest _Phrack_ | Public Key: PGP and RIPEM available For anonymous communication:---> anonymus+4744 at charcoal.com ------------------------------------------------------------------------------ Title 18 USC 2511 and 18 USC 2703 Protected -- Monitoring Absolutely Forbidden From DIC1241 at cup.edu Wed Aug 4 14:08:16 1993 From: DIC1241 at cup.edu (DIC1241 at cup.edu) Date: Wed, 4 Aug 93 14:08:16 PDT Subject: INSLAW Message-ID: <744498404.270000.DIC1241@cup.edu> Ahhh, I was looking around on ftp.eff.org and I found something(a paper) on the INSLAW thingie... So if you want it, ftp ftp.eff.org and get pub/cud/papers/inslw*... From edgar at spectrx.Saigon.COM Wed Aug 4 14:14:37 1993 From: edgar at spectrx.Saigon.COM (Edgar W. Swank) Date: Wed, 4 Aug 93 14:14:37 PDT Subject: Anon Bank Accounts? Message-ID: <2ayR8B6w165w@spectrx.saigon.com> Duncan Frissell said: Did you know that it is still possible -- in 1993 -- to open a bank account in the United States in a nome de guerre? No, I sure didn't know that. My wife works in a bank, & she tells me that she needs to see two forms of ID to open a new account. So please, Duncan, elucidate! -- edgar at spectrx.saigon.com (Edgar W. Swank) SPECTROX SYSTEMS +1.408.252.1005 Cupertino, Ca From edgar at spectrx.Saigon.COM Wed Aug 4 14:15:08 1993 From: edgar at spectrx.Saigon.COM (Edgar W. Swank) Date: Wed, 4 Aug 93 14:15:08 PDT Subject: Anon remailer to USENET gate bogus Message-ID: Paul Ferguson wrote: I have been experimenting the past few days with anon remailer to USENET gateway systems to see what the results would be -- nada. ... My guess is that the usenet gateway at utexas refuses anon e-mail. Anyone got any other suggestions? I haven't tried any other gateways -- yet. I had a similar experience with utexas. It worked the first time I tried it, but failed on a subsequent attempt. I suspect that after some complaint utexas was modified to reject anonymous input. Here is my list of E-mail/Usenet gateways: group-name at ucbvax.berkeley.edu * (blocked from non-bky sites) group-name at cs.utexas.edu * (was working but now blocked???) group-name at pws.bull.com * (Bounced to remailer) group-name at demon.co.uk group.name.usenet at decwrl.dec.com group.name at news.cs.indiana.edu Note that some of these require trans-literation of periods to dashes in the newsgroup name; others do not. Ucbvax is supposed to block mail from non-Berkely sites; it might work from these Cypherpunks remailers (I haven't tried it): 1: hh at pmantis.berkeley.edu 2: hh at cicada.berkeley.edu 3: hh at soda.berkeley.edu Utexas see above, bull bounced to the (wimsey) remailer; I haven't tried the others yet. But I'm afraid that the utexas story will be repeated for any gateway that continues to allow anonymous posting to newsgroups. I see the obvious solution is for the Cypherpunks remailers to support direct anonymous posting. Certainly the programming should be trivial. The "political" risk is something to consider, however. But we are supposed to be the fearless leaders to crypto-anarchy. "If not us, who? If not now, when?" -- edgar at spectrx.saigon.com (Edgar W. Swank) SPECTROX SYSTEMS +1.408.252.1005 Cupertino, Ca From hughes at soda.berkeley.edu Wed Aug 4 18:30:13 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Wed, 4 Aug 93 18:30:13 PDT Subject: CAKE--Citizens Against Key Escrow In-Reply-To: <9308040625.AA21063@longs.lance.colostate.edu> Message-ID: <9308050126.AA06825@soda.berkeley.edu> >In particular, I'd like to propose that a patriotic cypherpunk set up a >mini-email server to handle signature additions, so that people can >send automated messages. The cypherpunks remailer was designed to be run out of a user account, and can be modified to be just such an email server. The remailer as it is now is just such an email server, whose only function is to remail. Handling lists and votes as above is straightforward. I do take it that you're a patriotic cypherpunk, no? Eric From wcs at anchor.ho.att.com Wed Aug 4 19:58:22 1993 From: wcs at anchor.ho.att.com (Bill_StewartHOY0021305) Date: Wed, 4 Aug 93 19:58:22 PDT Subject: InfoWorld Letter Message-ID: <9308050109.AA01631@anchor.ho.att.com> Paul Goggin sent the list a copy of Steven Fisher's letter to InfoWorld about NSA harassment for offering commercial crypto back in 1981. The NSA is supposedly a bit better behaved these days, at least in public :-), but it's no surprise. Sometime around then, they slapped patent secrecy orders on a guy who had designed an analog scrambler for CB radio; a real crypto-system must have been a much more significant threat to them. A couple of comments were interesting: One was the assertion in the letter he received from the BATF that their product, as munition, could not only not be exported, but could also not be sold to *multinational companies*. Was that the law then? Or was the BATF just a bit over-enthusiastic about what they could get away with? It's also interesting that it was the BATF. Another was that the NSA asked them to put in a trapdoor. These days, escrow is the politically correct way of implementing a trapdoor, but - I wonder if it would be possible to make a trapdoor/weak escrow system, which escrows the keys for *some* kinds of keys, enough to make the bureaucrats think it's ok, but which also has a class of keys for which the escrow is non-effective, bogus, or otherwise doesn't let the cops in, which could be revealed to users after the system has been approved and sold? Perhaps a system which requires 2**N steps to retrieve most keys from escrow, but has a small set that can be gotten quickly for demos? Could you do a system like that and hide it from the NSA for a while? Some alternative approaches would be a system that obscured the escrow (easy to build from clipper if you've got a programmable phone; you just encrypt the Wiretap Field with your session key), or worked fine with a bogus Wiretap Field, or a system where the escrow can be made ineffective administratively (either lost by the escrow agents, or requiring the participation of the telephone owner, or tampered by the owner) At the very minimum, having a system that doesn't let the NSA cheat during the escrow process would be a good start - where each part of the escrow key is really installed separately, and verifiable hardwarily-random numbers are used to seed the key generation. Since the NSA\b\b\bNIST hasn't announced their plans for how to select escrow agents, much less who they are, or how they *really* plan to set the keys, I suppose it's premature to ask them to announce what the rules will be for approval of escrow procedures or agencies or guarantee that if you follow them, you'll be allowed to export your products? :-) Bill Bill Stewart wcs at anchor.ho.att.com +1-908-949-0705 fax-4876 ROT13 public key available upon request From nowhere at bsu-cs.bsu.edu Wed Aug 4 20:58:23 1993 From: nowhere at bsu-cs.bsu.edu (Chael Hall) Date: Wed, 4 Aug 93 20:58:23 PDT Subject: Anon remailer to USENET gate bogus In-Reply-To: Message-ID: <9308050359.AA23838@bsu-cs.bsu.edu> > >I have been experimenting the past few days with anon remailer to USENET >gateway systems to see what the results would be -- nada. I used Chael's >BSU system (nowhere at bsu-cs.bsu.edu) to attempt a usenet post which never >(magically?) appeared in the desired group (alt.privacy, I believe). I >waited for several days for the post, but nada, zilch, zero. I retried >the bsu remailer with a test message to make sure it was still active, >and yes, it seemed to work perfectly. My guess is that the usenet gateway >at utexas refuses anon e-mail. Anyone got any other suggestions? I >haven't tried any other gateways -- yet. > >Cheers. > >Paul Ferguson | "Government, even in its best state, Paul, I have seen several bounces from the utexas server because there was no Subject for the posting, you need to put a subject line in the pasted header like so: :: Request-Remailing-To: alt-test at utexas.whatever... Subject: this is a test Organization: there [body] Good luck, but that's what the error message said, there's nothing about anonymity in the bounce, though. Chael -- Chael Hall nowhere at bsu-cs.bsu.edu, 00CCHALL at BSUVC.BSU.EDU, chall at bsu.edu (317) 776-4000 from 8 am - 5 pm CST From nowhere at bsu-cs.bsu.edu Wed Aug 4 21:10:15 1993 From: nowhere at bsu-cs.bsu.edu (Chael Hall) Date: Wed, 4 Aug 93 21:10:15 PDT Subject: mail-to-news error (fwd) Message-ID: <9308050412.AA24270@bsu-cs.bsu.edu> This is what was in my mailbox... Just so you know, the anonymous remailer here strips out your ENTIRE header. It will process commands in the header, but the original message's subject won't get passed on. Anything in the pasted "::" header block will get tacked onto the outgoing header unless it is a command to the remailer. So put a "Subject:" line in the pasted header block and it will get through the news gateway barring any other difficulties. Chael Hall Forwarded message: >From daemon at cs.utexas.edu Wed Jul 32 23:59:59 1993 >Delivery-Date: Wed, 32 Jul 93 23:59:39 -0600 >Date: Wed, 32 Jul 93 10:00:00 -0600 >From: daemon at cs.utexas.edu >Message-Id: <9312345678.AA00001 at cs.utexas.edu> >To: nowhere at bsu-cs.bsu.edu >Subject: mail-to-news error > >The post failed. >Required "Subject" header is missing or empty. >(Article not posted.) > >------- original message appended ------- > >>From nowhere at bsu-cs.bsu.edu Wed Jul 32 23:59:59 >Received: from bsu-cs.bsu.edu by deepthought.cs.utexas.edu (5.64/1.2/relay) with SMTP > id AA00001; Wed, 32 Jul 93 10:00:00 -0600 >Received: by bsu-cs.bsu.edu (5.57/Ultrix3.0-C) > id AA00001; Wed, 32 Jul 93 11:00:00 -0600 >Date: Wed, 32 Jul 93 10:00:00 -0600 >Message-Id: <9312345678.AA00001 at bsu-cs.bsu.edu> >From: Anonymous >To: alt-test at cs.utexas.edu >X-Remailed-By: Anonymous >X-Ttl: 0 >X-Notice: This message was forwarded by a software- > automated anonymous remailing service. > >[Remains of the bounced message] -- Chael Hall nowhere at bsu-cs.bsu.edu, 00CCHALL at BSUVC.BSU.EDU, chall at bsu.edu (317) 776-4000 from 8 am - 5 pm CST From jpp at markv.com Wed Aug 4 22:03:23 1993 From: jpp at markv.com (jpp at markv.com) Date: Wed, 4 Aug 93 22:03:23 PDT Subject: CAKE--Citizens Against Key Escrow In-Reply-To: <9308040625.AA21063@longs.lance.colostate.edu> Message-ID: <9308042202.aa19224@hermix.markv.com> My mini-essay for the cake-paper: The most important right is that of free speech. The area in which free speech is most important is political speech, and the most important kind of political speech is political dissent. If all speech is subject to government scrutiny the right to dissenting political speech is greatly reduced or eliminated. The chill of big brother's gaze silences many dissenters. Key escrow is a way for the government to gain the ability to scrutinize all of your speech; it is an attempt to take away your most important right. Fight it. j' -- O I am Jay Prime Positive jpp at markv.com 1250 bit key fingerprint = B8 95 E0 AF 9A A2 CD A5 89 C9 F0 FE B4 3A 2C 3F 524 bit key fingerprint = 8A 7C B9 F2 D5 46 4D ED 66 23 F1 71 DE FF 51 48 Public keys by `finger jpp at markv.com' or mail to pgp-public-keys at pgp.mit.edu Your feedback is welcome, directly or via symbol JPP on hex at sea.east.sun.com From IE63 at vaxb.acs.unt.edu Wed Aug 4 22:53:26 1993 From: IE63 at vaxb.acs.unt.edu (IE63 at vaxb.acs.unt.edu) Date: Wed, 4 Aug 93 22:53:26 PDT Subject: help with encryptor - please?!?! Message-ID: <01H11DLJLG020009B3@vaxb.acs.unt.edu> I've been working on a program for MS-DOS machines that will encrypt and/or password protect .COM and .EXE files. The way it works is this: It encrypts the entire file specified by the user, then it uses a polymorphic encryptor to encrypt the decryption code for the file and put it in a decryption envelope filled with anti-debugging code. IT then attaches the entire module/decryption code to the file so that it is executed initially when the file is run - at which point it decrypts the file and does whatever relocation is needed (for .EXE files). In the case of a password - it asks for the password, encrypts it and checks it against the stored version, then if they match it decrypts restoration code using the password as a key and continues on. I've got it working really well at this point - but my encryption algorithms are rather simple. I'm fairly new in the encryption biz, and I was wondering what would be good to use for the file encryption algorithm to make it as secure as possible? Of course - the code to decrypt it MUST be present in the file, so if you can bypass the anti- debugging code it's yours, but the polymorphism makes it difficult to do this on more than a case-by-case basis. Still - I'd like to make it to where one can't just run a "decrypt-em-all" analysis program on it and be able to read the included text - but I need a good algorithm for it. Any help/suggestions would REALLY be appreciated. Oh - if you are interested in the protection utilities, email me at the address below - it's freeware. Thanks a lot, Michael Ellison ie63 at vaxb.acs.unt.edu If you wish to encrypt any messages E-mailed to me, please use the following key..... -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAixUuYYAAAEEAKNllAee26qGqxJck3Bftdkrz0MUQLABGMZqVem9UW9kjjS+ rMAafauqYTE5/Kdnx+4Asj0Wgfon0YBtRMT0crMcBYNqVp4//RUh7wrxQNvKFeeO ZGuQp2hyHQqh1FDfWsHG4ldGqIV1YuOXq6oeIDkmbwgf8BRgPcZkwUqsF4b1AAUR tCpNaWNoYWVsIEEuIEVsbGlzb24gPGllNjNAdmF4Yi5hY3MudW50LmVkdT4= =0rss -----END PGP PUBLIC KEY BLOCK----- From lazylion at netcom.com Wed Aug 4 23:41:55 1993 From: lazylion at netcom.com (Ben Weiss) Date: Wed, 4 Aug 93 23:41:55 PDT Subject: CAKE--Citizens Against Key Escrow Message-ID: <9308050642.AA03698@netcom.netcom.com> >The cypherpunks remailer was designed to be run out of a user account, >and can be modified to be just such an email server. The remailer as >it is now is just such an email server, whose only function is to >remail. Handling lists and votes as above is straightforward. > >I do take it that you're a patriotic cypherpunk, no? > >Eric So Eric, how's bout we all send messages to cypherpunk-cake at toad.com with a valid reply-to and it sends back a response such as "Please confirm that this is a valid signiture by ... (doing something random?) BTW, do you remember who it was that was talking about pgp mail headers who has not yet responded to my groovy idea of using rfc822's "Encrypted:" field? So far, the only responses I've seen are from others saying "Yea, when ya find out, let me know too..." Any thoughts? +---------------------------- Ben Weiss -------------------------------+ ! Telephone: (510) 841-5709 voice Internet: LazyLion at Netcom.com ! ! (415) 325-9600 fax Ben_D._Weiss at bmug.org ! +-------------- Packet Radio: WB5QAL at N6EEG.#NOCAL.CA.US ---------------+ ! This message is protected by 18 USC 2511 and 18 USC 2703. Monitoring ! ! by anyone other than the recipient is absolutely forbidden by US Law ! +---------------------------- Ben Weiss -------------------------------+ From tcmay at netcom.com Wed Aug 4 23:58:27 1993 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 4 Aug 93 23:58:27 PDT Subject: Offshore Data Havens and Services Message-ID: <9308050656.AA12955@netcom5.netcom.com> Crypto Anarchists, I saw today a newspaper report that was initially surprising, then utterly unsurprising (this is possible). Namely, that the "900" sex service numbers, which have mostly been subjected to call blocking and other forms of regulatory oblivion, have been moved _offshore_. Surprised parents of teenaged children are discovering international toll calls on their phone bills! Short of barring international phone calls, the Feds can do nothing! I love it! I suppose if I followed the phone sex biz more closely, I'd've seen this trend coming. (The "unsurprising" part of my realization is that such moves offshore to avoid the regulations of one country are as old as history. With the explosion in "degrees of freedom," which we cypherpunks are riding, such movements become even easier.) (Needless to say, the operators of such services can redirect the calls back to the U.S., either via other phone lines, or via high-speed networks. The Feds can do little.) It really shows the "data transparency" of borders and the futility of trying to legislate morality through technology. (For you worried parents out there who worry about Junior calling these or any other numbers, the "politically correct" (liberrtarian :-} ) solution is also just about the only practical one: either control the phones yourself, or have a persuasive talk with Junior, or just stop worrying about who he calls--at least he won't get any diseases. The bad solution, and the essentially unenforceable one, is to have the State block certain calls, with or without the collusion of the phone company.) Things to Come: * when will the first "personal data" agencies appear, which offer dossier information for a fee? Information like rental records, skip trace cases (deadbeats), alimony situation, arrests, etc. (I'm talking about information which many of us need or want, but which "fair credit reporting" laws forbid us to buy and sell. This is the "Mom and Pop" data service I've talked about, where apartment owners, landlords, employers, and ordinary people sell scraps of data--with their actual or digital reputations on the line of course--to data brokers who cross-correlate it in databases and then resell it.) With these cypherspace tools (using remailers and some form of digital money), we can have greater freedom in buying and selling data. This may be criticized by some as "redlining," but I call it market efficiency. * preexisting medical conditions databases, similar to the above. (If I'm thinking about insuring someone, it'd be nice to have some info showing her lifestyle suggests a high risk.) * data bases and information markets for medical research. Anyone wanna buy some World War II medical experiment data? Banned in the U.S. (really), but available on the digital black market...at least some good will come of the deaths. (Cryonicists will be especially interested in bootleg medical research networks, to handle the data from voluntary suspension cases, the freezing of capital prisoners in Third World countries, and similar cases where the market makes data available that moralistic governments deem to be unethical or illegal.) * to truly smash governments, we need to see the development of information markets for government secrets: Stealth bomber plans, CBW formulas, Skipjack algorithms, locations of government facilities, etc. (I don't envision this happening anytime soon, nor do I see it as some kind of hackerish creation of the folks we usually deal with. This'll take some money, some black market connections, and will not just suddenly appear as a new newsgroup. It may already be forming in certain circles...arms dealers, black marketeers, etc. What we can offer with remailers, better encryption, digital money, and other "cypherpunks" technology is a superior medium for exchange.) Crypto anarchy is gonna change the world! -Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From dsinclai at acs.ucalgary.ca Thu Aug 5 03:28:30 1993 From: dsinclai at acs.ucalgary.ca (Douglas Sinclair) Date: Thu, 5 Aug 93 03:28:30 PDT Subject: help with encryptor - please?!?! In-Reply-To: <01H11DLJLG020009B3@vaxb.acs.unt.edu> Message-ID: <9308051027.AA31381@acs1.acs.ucalgary.ca> Hm. We seem to have a duplication of effort here. I am currently working with s_duck at pinetree.org on the same sort of thing that you describe. Right now we're having problems fooling DOS with the virtual EXE. However, the encryption algorithm used is IDEA -- the same one as PGP uses. I suggest we pool our efforts and swap ideas/source code. -- PGP 2.3 Key by finger From M..Stirner at f28.n125.z1.FIDONET.ORG Thu Aug 5 05:03:32 1993 From: M..Stirner at f28.n125.z1.FIDONET.ORG (M. Stirner) Date: Thu, 5 Aug 93 05:03:32 PDT Subject: Cypherpunks Message-ID: <1584.2C60BE70@shelter.FIDONET.ORG> Please netmail the address for requesting subscribe/unsubscribe for this mailing. Thanks. ********************************************************************* * - PGP Key D30909 via servers * * > What country can preserve its liberties if its rulers are not <* * > warned from time to time that their people preserve the spirit <* * > of resistance? Let them take arms!" - Thomas Jefferson, 1787 <* ********************************************************************* ___ Blue Wave/QWK v2.12 -- M. Stirner - via FidoNet node 1:125/1 UUCP: ...!uunet!kumr!shelter!28!M..Stirner INTERNET: M..Stirner at f28.n125.z1.FIDONET.ORG From pcw at access.digex.net Thu Aug 5 06:39:51 1993 From: pcw at access.digex.net (Peter Wayner) Date: Thu, 5 Aug 93 06:39:51 PDT Subject: No Subject Message-ID: <199308051338.AA26748@access.digex.net> The Rule of Law and the Clipper Escrow Project Last Thursday, I attended the first day of the Computer System Ssecurity and Privacy Advisory Board in Washington. This is a group of industry experts who discuss topics in computer security that should affect the public and industry. Some of the members are from users like banks and others are from service providing companies like Trusted Information Services. Lately, their discussion has centered on the NSA/NIST's Clipper/Capstone/Skipjack project and the effects it will have on society. At the last meeting, the public was invited to make comments and they were almost unanimously skeptical and critical. They ranged from political objections to the purely practical impediments. Some argued that this process of requiring the government to have the key to all conversations was a violation of the fourth amendment of the constitution prohibiting warrentless searches. Others noted that a software solution was much simpler and cheaper even if the chips were going to cost a moderate $25. There were many different objections, but practically everyone felt that a standard security system was preferable. This meeting was largely devoted to the rebutals from the government. The National Security Association, the Department of Justice, the FBI, the national association of District Attorneys and Sheriffs and several others were all testifying today. The board itself runs with a quasi-legal style they make a point of making both video and audio tapes of the presentations. The entire discussion is conducted with almost as much gravity as Congressional hearings. The entire meeting was suffused with an air of ernest lawfullness that came these speakers. All of them came from the upper ranks of the military or legal system and a person doesn't rise to such a position without adopting the careful air of the very diligent bureaucrat. People were fond of saying things like, "Oh, it's in the Federal Register. You can look it up." This is standard operating procedure in Washington agencies and second nature to many of the day's speakers. Dorothy Denning was one of the first speakers and she reported on the findings of the committee of five noted public cryptologists who agreed to give the Clipper standard a once-over. Eleven people were asked, but six declined for a variety of reasons. The review was to be classified "Secret" and some balked at this condition because they felt it would compromise their position in public. The talk made clear that the government intended to keep the standard secret for the sole purpose of preventing people from making unauthorized implementations without the law enforcement back door. Dr. Denning said that everyone at the NSA believes that the algorithm could withstand public knowledge with no trouble. The review by the panel revealed no reason why they shouldn't trust this assessment. Although lack of time lead the panel to largely rubberstamp the more extensive review by the NSA, they did conduct a few tests of their own. They programmed the algorithm on a Cray YMP, which incidentally could process 89,000 encryptions per second in single processor mode. This implementation was used for a cycling test which they found seemed to imply that there was good randomness. The test is done by repeatedly encrypting one value of data until a cycle occurs. The results agreed with what a random process should generate. They also tested the system for strength against a differential cryptanalysis attack and found it worthy. There was really very little other technical details in the talk. Saying more would have divulged something about the algorithm. My general impression is that the system is secure. Many people have played paranoid and expressed concerns that the classified algorithm might be hiding a trapdoor. It became clear to me that these concerns were really silly. There is a built-in trapdoor to be used by the government when it is "legal authorized" to intercept messages. The NSA has rarely had trouble in the past exercising either its explicitly granted legal authority or its implied authority. The phrase "national security" is a powerful pass phrase around Washington and there is no reason for me to believe that the NSA wouldn't get all of the access to the escrow database that it needs to do its job. Building in a backdoor would only leave a weakness for an opponent to exploit and that is something that is almost as sacrilidgeous at the NSA as just putting the classified secrets in a Fed Ex package to Saddam Hussein. Next there was a report from Geoff Greiveldinger , the man from the Department of Justice with the responsibility of implementing the the Key Escrow plan. After the Clipper/Capstone/SkipJack chips are manufactured, they will be programmed with an individual id number and a secret, unique key. A list is made of the id, key pairs and this list is split into two halves by taking each unique key, k, and finding two numbers a and b such that a+b=k. (+ represents XOR). One new list will go to one of the escrow agencies and one will go to the other. It will be impossible to recover the secret key without getting the list entry from both agencies. At this point, they include an additional precaution. Each list will be encrypted so even the escrow agency won't be able to know what is in its list. The key for decoding this list will be locked away in the evesdropping box. When a wiretap is authorized, each escrow agency will lookup the halves of the key that correspond to the phone being tapped and send these to evesdropping box where they will be decrypted and combined. That means that two clerks from the escrow agencies could not combine their knowledge. They would need access to a third key or an evesdropping box. It became clear that the system was not fully designed. It wasn't obvious how spontenaeous and fully automated the system would be. Mr. Greiveldinger says that he is trying to balance the tradeoffs between security and efficiency. Officers are bound to be annoyed and hampered if they can't start a tap instanteneously. The kidnapping of a child is the prototypical example of when this would be necessary. The courts also grant authority for "roving" wiretaps that allow the police to intercept calls from any number of phones. A tap like this begs out for a highly automated system for delivering the keys. I imagine that the system as it's designed will consist of escrow computers with a few clerks who have nothing to do all day. When a tap is authorized, the evesdropping box will be programmed with a private key and shipped to the agents via overnight express. When they figure out the id number of the phone being tapped, the evesdropping box will probably phone the two escrow computers, perform a bit of zero-knowledge authorization and then receive the two halves of the key. This would allow them to switch lines and conduct roving taps effectively. The NSA would presumably have a box that would allow them to decrypt messages from foreign suspects. At this point, I had just listened to an entirely logical presentation from a perfect gentleman. We had just run though a system that had many nice technological checks and balances in it. Subverting it seemed very difficult. You would need access to the two escrow agencies and an evesdropping box. Mr. Greiveldinger said that there would be many different "auditting" records that would be kept of the taps. It was very easy to feel rather secure about the whole system in a nice, air-conditioned auditorium where clean, nice legally precise people were speaking in measured tones. It was very easy to believe in the Rule of Law. To counteract this, I tried to figure out the easiest way for me to subvert the system. The simplest way is to be a police officer engaged in a stakeout of someone for whom you've already received a warrant. You request the Clipper evesdropping box on the off chance that the suspect will buy a Clipper phone and then you "lend" it to a friend who needs it. I think that the automation will allow the person who possesses the box to listen in to whatever lines that they want. The escrow agency doesn't maintain a list of people and id numbers-- they only know the list matching the id number to the secret key. There is no way that they would know that a request from the field was unreasonable. Yes, the audit trails could be used later to reconstruct what the box was used for, but that would only be necessary if someone got caught. The bribe value of this box would probably be hard to determine, but it could be very valuable. We know that the government of France is widely suspected of using its key escrow system to evesdrop on US manufacturers in France. Would they be willing to buy evesdropping time here in America? It is not uncommon to see reports of industrial espionage where the spies get millions of dollars. On the other hand, cops on the beat in NYC have been influenced for much less. The supply and demand theory of economics virtually guarantees that some deals are going to be done. It is not really clear what real effect the key escrow system is going to have on security. Yes, theives would need to raid two different buildings and steal two different copies of the tapes. This is good. But it is still impossible to figure out if the requests from the field are legitimate-- at least within the time constraints posed by urgent cases involving terrorism and kidnapping. The net effect of implementing the system is that the phone system would be substantially strengthened against nieve intruders, but the police (and those that bribe them) would still be able to evesdrop with impunity. Everyone needs to begin to do a bit of calculus between the costs and benefits of this approach. On one hand, not letting the police intercept signals will let the crooks run free but on the other hand, the crooks are not about to use Clipper phones for their secrets if they know that they can be tapped. The most interesting speaker was the assistant director of the National Security Agency, Dr. Clint Brooks. He immediately admitted that the entire Clipper project was quite unusual because the Agency was not used to dealing with the open world. Speaking before a wide audience was strange for him and he admitted that producing a very low cost commercial competitive chip was also a new challenge for them. Never-the-less, I found him to be the deepest thinker at the conference. He readily admitted that the Clipper system isn't intended to catch any crooks. They'll just avoid the phones. It is just going to deny them access to the telecommunications system. They just won't be able to go into Radio Shack and buy a secure phone that comes off the line. It was apparent that he was somewhat skeptical of the Clipper's potential for success. He said at one point the possibilities in the system made it worth taking the chance that it would succeed. If it could capture a large fraction of the market then it could help many efforts of the law enforcement and intelligence community. When I listened, though, I began to worry about what is going to happen as we begin to see the eventual blurring of data and voice communications systems. Right now, people go to Radio Shack to buy a phone. It's the only way you can use the phone system. In the future, computers, networks and telephones are going to be linked in much more sophisticated ways. I think that Intel and Microsoft are already working on such a technology. WHen this happens, programmable phones are going to emerge. People will be able to pop a new ROM in their cellular digital phone or install new software in their computer/video game/telephone. This could easily be a proprietary encryption system that scrambles everything. The traditional way of controlling technology by controlling the capital intensive manufacturing sites will be gone. Sure, the NSA and the police will go to Radio Shack and say "We want your cooperation" and they'll get it. But it's the little, slippery ones that will be trouble in the new, software world. The end of the day was dominated by a panel of Law Enforcement specialists from around the country. These were sheriffs, district attorneys, FBI agents and other officers from different parts of the system. Their message was direct and they didn't hesitate to compare encryption with assault rifles. One even said, "I don't want to see the officers outgunned in a technical arena." They repeatedly stressed the incredible safe guards placed upon the wiretapping process and described the hurdles that the officers must go through to use the system. One DA from New Jersey said that in his office, they process about 10,000 cases a year, but they only do one to two wiretaps on average. It just seems like a big hassle and expense for them. It is common for the judges to require that the officers have very good circumstantial evidence from informers before giving them the warrant. This constraint coupled with the crooks natural hesitation to use the phone meant that wiretaps weren't the world's greatest evidence producers. One moment of levity came when a board member asked what the criminals favorite type of encryption was. The police refused to answer this one and I'm not that sure if they've encountered enough cases to build a profile. At the end of all of the earnestness and "support-the-cop-on-the-beat", I still began to wonder if there was much value to wiretaps at all. The police tried to use the low numbers of wiretaps as evidence that they're not out there abusing the system, but I kept thinking that this was mainly caused by the high cost and relatively low utility of the technique. It turns out that there is an easy way to check the utility of these devices. Only 37 states allow their state and local police to use wiretaps in investigations. One member of the panel repeated the rumor that this is supposedly because major politicians were caught with wiretaps. The state legislatures in these states supposedly realized that receipients of graft and influence peddlers were the main target of wiretaps. Evesdropping just wasn't a tool against muggers. So they decided to protect themselves. It would be possible to check the crime statistics from each of these states and compare them against the evesdropping states to discover which has a better record against crime. I would like to do this if I can dig up the list of states that allow the technique. I'm sure that this would prove little, but it could possibly clarify something about this technique. It is interesting to note that the House of Representative committee on the Judiciary was holding hearings on abuses of the National Crime Information Center. They came in the same week as the latest round of Clipper hearings before the CSAB. The NCIC is a large computer system run by the FBI to provide all the police departments with a way to track down the past records of people. The widespread access to the system makes it quite vulnerable to abuse. In the hearings, the Congress heard many examples of unauthorized access. Some were as benign as people checking out employees. The worst was an ex-police officer who used the system to track down his ex-girlfriend and kill her. They also heard of a woman who looked up clients for her drug-dealing boyfriend so he could avoid the undercover cops. These hearings made it obvious that there were going to be problems determining the balance of grief. For every prototypical example of a child kidnapped to make child pornography, there is a rengade police officer out to knock off his ex-girlfriend. On the whole, the police may be much more trustworthy than the criminals, but we need to ask how often a system like Clipper will aid the bad guys. In the end, I reduced the calculus of the decision about Clipper to be a simple tradeoff. If we allow widespread, secure encryption, will the criminals take great advantage of this system? The secure phones won't be useful in rapes and random street crime, but they'll be a big aid to organized endeavors. It would empower people to protect their own information unconditionally, but at the cost of letting the criminals do the same. Built-in back doors for the law enforcement community, on the other hand, will deny the power of off-the-shelf technology to crooks, but it would also leave everyone vulnerable to organized attacks on people. I began to wonder if the choice between Clipper and totally secure encryption was moot. In either case, there would be new opportunities for both the law-abiding and the law-ignoring. The amount of crime in the country would be limited only by the number of people who devote their life to the game-- not by any new fangled technology that would shift the balance. I did not attend the Friday meeting so someone else will need to summarize the details. From faust at cd.chalmers.se Thu Aug 5 08:13:32 1993 From: faust at cd.chalmers.se (Johann Faust) Date: Thu, 5 Aug 93 08:13:32 PDT Subject: ARAs Message-ID: <199308051512.AA25436@castafiore.cd.chalmers.se> -----BEGIN PGP SIGNED MESSAGE----- Ben Weiss wrote: > BTW, do you remember who it was that was talking about pgp mail headers who > has not yet responded to my groovy idea of using rfc822's "Encrypted:" > field? So far, the only responses I've seen are from others saying "Yea, > when ya find out, let me know too..." Any thoughts? Huh, I guess that was me... I thought that was a nice idea, the reason I "forgot" to reply was that I've read it , thought about it, yes, that would be a nice idea, as long as you don't have to see the ugly 64-radix-junk in your editor you don't care about the bandwidth... Then it hit me ... Shit, I gotta go and study so I can get accepted to MIT and work out a Ph.D under (hopefully) the almighty hero Ron Rivest. That's the problem , soo much things to do, and soo little time... (I happend to be one of those students who belives that 1 semester is AT LEAST equal to 2 semesters :-)). Anyhow, I'm learning perl now, and working on "improving" (eh, well "hack") the cypherpunk remailing software, but for the moment my devilish Linux kernel barfs core as soon as it sees the chain-program... Anyhow, keep on working on those rfc822 fields, and please keep us informed, I think it's a good idea, but still, remailers with capability to store headers associated with a username and forward mail to them are better. And remember: NSA says that all American citizens are criminals, NSA consists of American citizens... Stop the Clipper/Skipjack/Jackpot/Crackpot/Potshot chip! Signed in Primes, Johann. -----BEGIN PGP SIGNATURE----- Version: 2.3 iQBVAgUBLGE97jxzhCdu2hFdAQEYIwH/cMBwxiLIECKQlKKgPOifvP0PE8yZHLHG LULAH3eFjf/SxgWLv1vKkPsVp6FVP8rkbtmHdc93Y1khrHKsii325w== =sXsi -----END PGP SIGNATURE----- From HAHN at lds.loral.com Thu Aug 5 08:43:33 1993 From: HAHN at lds.loral.com (Reply to: hahn@lds.loral.com) Date: Thu, 5 Aug 93 08:43:33 PDT Subject: FAX Numbers of Congress Message-ID: <930805114136.1acd@lds.loral.com> For those folks who would like to FAX their congresspersons their positions on SkipJack, here is a list of FAX numbers. If you do intend to use this channel, please do so wisely. Choose your words carefully, get to the point quickly, and don't go on too long. Remember that flames and usage of profanity to Congress is counterproductive to your position. //CONGRESS US Senate, 103rd Congress phone and fax numbers =============================================== Information from US Congress Yellow Book, January 1993 p st name phone fax = == ======================== ============== ============== R AK Murkowski, Frank H. 1-202-224-6665 1-202-224-5301 R AK Stevens, Ted 1-202-224-3004 1-202-224-1044 D AL Heflin, Howell T. 1-202-224-4124 1-202-224-3149 D AL Shelby, Richard C. 1-202-224-5744 1-202-224-3416 D AR Bumpers, Dale 1-202-224-4843 1-202-224-6435 D AR Pryor, David 1-202-224-2353 na D AZ DeConcini, Dennis 1-202-224-4521 1-202-224-2302 R AZ McCain, John 1-202-224-2235 na D CA Boxer, Barbara 1-202-225-5161 na D CA Feinstein, Diane 1-202-224-3841 na D CO Campbell, Ben N. 1-202-225-4761 1-202-225-0228 R CO Brown, Henry 1-202-224-5941 na D CT Dodd, Christopher J. 1-202-224-2823 na D CT Lieberman, Joseph I. 1-202-224-4041 1-202-224-9750 D DE Biden Jr., Joseph R. 1-202-224-5042 na R DE Roth Jr., William V. 1-202-224-2441 1-202-224-2805 D FL Graham, Robert 1-202-224-3041 na R FL Mack, Connie 1-202-224-5274 1-202-224-8022 D GA Nunn, Samuel 1-202-224-3521 1-202-224-0072 R GA Coverdell, Paul 1-202-224-3643 na D HI Akaka, Daniel K. 1-202-224-6361 1-202-224-2126 D HI Inouye, Daniel K. 1-202-224-3934 1-202-224-6747 D IA Harkin, Thomas 1-202-224-3254 1-202-224-7431 R IA Grassley, Charles E. 1-202-224-3744 na R ID Craig, Larry E. 1-202-224-2752 1-202-224-2573 R ID Kempthorne, Dirk 1-202-224-6142 1-202-224-5893 D IL Moseley-Braun, Carol 1-202-224-2854 na D IL Simon, Paul 1-202-224-2152 1-202-224-0868 R IN Coats, Daniel R. 1-202-224-5623 1-202-224-8964 R IN Lugar, Richard G. 1-202-224-4814 na R KS Dole, Robert 1-202-224-6521 1-202-224-8952 R KS Kassebaum, Nancy L. 1-202-224-4774 1-202-224-3514 D KY Ford, Wendell H. 1-202-224-4343 na R KY McConnell, Mitch 1-202-224-2541 1-202-224-2499 D LA Breaux, John B. 1-202-224-4623 na D LA Johnston, J. Bennett 1-202-224-5824 na D MA Kennedy, Edward M. 1-202-224-4543 1-202-224-2417 D MA Kerry, John F. 1-202-224-2742 na D MD Mikulski, Barbara A. 1-202-224-4654 1-202-224-8858 D MD Sarbanes, Paul S. 1-202-224-4524 1-202-224-1651 D ME Mitchell, George J. 1-202-224-5344 na R ME Cohen, William S. 1-202-224-2523 1-202-224-2693 D MI Levin, Carl 1-202-224-6221 na D MI Riegle Jr., Donald 1-202-224-4822 1-202-224-8834 D MN Wellstone, Paul 1-202-224-5641 1-202-224-8438 R MN Durenberger, David 1-202-224-3244 na R MO Bond, Christopher S. 1-202-224-5721 1-202-224-8149 R MO Danforth, John C. 1-202-224-6154 na R MS Cochran, Thad 1-202-224-5054 na R MS Lott, Trent 1-202-224-6253 1-202-224-2262 D MT Baucus, Max 1-202-224-2651 na R MT Burns, Conrad R. 1-202-224-2644 1-202-224-8594 R NC Faircloth, D. M. 1-202-224-3154 1-202-224-7406 R NC Helms, Jesse 1-202-224-6342 na D ND Conrad, Kent 1-202-224-2043 na D ND Dorgan, Byron L. 1-202-225-2611 1-202-225-9436 D NE Exon, J. J. 1-202-224-4224 na D NE Kerrey, Joseph R. 1-202-224-6551 1-202-224-7645 R NH Gregg, Judd 1-202-224-3324 na R NH Smith, Robert 1-202-224-2841 1-202-224-1353 D NJ Bradley, William 1-202-224-3224 1-202-224-8567 D NJ Lautenberg, Frank R. 1-202-224-4744 1-202-224-9707 D NM Bingaman, Jeff 1-202-224-5521 na R NM Domenici, Pete V. 1-202-224-6621 1-202-224-7371 D NV Bryan, Richard H. 1-202-224-6244 na D NV Reid, Harry 1-202-224-3542 1-202-224-7327 D NY Moynihan, Daniel P. 1-202-224-4451 1-202-224-9293 R NY D'Amato, Alfonse M. 1-202-224-6542 1-202-224-5871 D OH Glenn, John 1-202-224-3353 na D OH Metzenbaum, Howard 1-202-224-2315 1-202-224-6519 D OK Boren, David L. 1-202-224-4721 na R OK Nickles, Donald 1-202-224-5754 1-202-224-6008 R OR Hatfield, Mark O. 1-202-224-3753 na R OR Packwood, Robert 1-202-224-5244 na D PA Wofford, Harris 1-202-224-6324 1-202-224-4161 R PA Specter, Arlen 1-202-224-4254 na D RI Pell, Claiborne 1-202-224-4642 1-202-224-4680 R RI Chafee, John H. 1-202-224-2921 na D SC Hollings, Ernest F. 1-202-224-6121 na R SC Thurmond, Strom 1-202-224-5972 1-202-224-1300 D SD Daschle, Thomas A. 1-202-224-2321 1-202-224-2047 R SD Pressler, Larry 1-202-224-5842 1-202-224-1630 D TN Mathews, Harlan 1-202-224-1036 1-202-228-3679 D TN Sasser, James 1-202-224-3344 na D TX Krueger, Robert 1-202-224-5922 na R TX Gramm, Phil 1-202-224-2934 na R UT Bennett, Robert 1-202-224-5444 na R UT Hatch, Orrin G. 1-202-224-5251 1-202-224-6331 D VA Robb, Charles S. 1-202-224-4024 1-202-224-8689 R VA Warner, John W. 1-202-224-2023 1-202-224-6295 D VT Leahy, Patrick J. 1-202-224-4242 na R VT Jeffords, James M. 1-202-224-5141 na D WA Murray, Patty 1-202-224-2621 1-202-224-0238 R WA Gorton, Slade 1-202-224-3441 1-202-224-9393 D WI Feingold, Russell 1-202-224-5323 na D WI Kohl, Herbert H. 1-202-224-5653 na D WV Byrd, Robert C. 1-202-224-3954 1-202-224-4025 D WV Rockefeller, John D. 1-202-224-6472 1-202-224-1689 R WY Simpson, Alan K. 1-202-224-3424 1-202-224-1315 R WY Wallop, Malcolm 1-202-224-6441 1-202-224-3230 --- Joe Knapp jmk at cbvox.att.com 103rd Congress phone and fax numbers ==================================== The following information is from the US Congress "Yellow Book," Jan. 1993. Four seats were vacant at that time, in CA, MS, OH, and WI. The list below of 436 people includes 5 non-voting members, from Guam (GU), Puerto Rico (PR), Samoa (SA), Virgin Islands (VI), and DC. (some of those abbreviations may be wrong) Corrections welcome. p st representative phone fax = == ============================= ============== ============== R AK Young, Donald 1-202-225-5765 1-202-225-5765 D AL Bevill, Thomas 1-202-225-4876 1-202-225-0842 D AL Browder, Glen 1-202-225-3261 1-202-225-9020 D AL Cramer Jr, Robert E. 1-202-225-4801 na D AL Hilliard, Earl F. 1-202-225-2665 na R AL Bachus, Spencer 1-202-225-4921 na R AL Callahan, H. L. 1-202-225-4931 1-202-225-0562 R AL Everett, Terry 1-202-225-2901 na D AR Lambert, Blanche 1-202-225-4076 na D AR Thornton, Raymond 1-202-225-2506 1-202-225-9273 R AR Dickey, Jay 1-202-225-3772 1-202-225-8646 R AR Hutchinson, Tim 1-202-225-4301 na D AZ Coppersmith, Sam 1-202-225-2635 1-202-225-2607 D AZ English, Karan 1-202-225-2190 1-202-225-8819 D AZ Pastor, Ed 1-202-225-4065 1-202-225-1655 R AZ Kolbe, James T. 1-202-225-2542 1-202-225-0378 R AZ Kyl, Jon L. 1-202-225-3361 na R AZ Stump, Robert 1-202-225-4576 1-202-225-6328 D CA Becerra, Xavier 1-202-225-6235 1-202-225-2202 D CA Beilenson, Anthony 1-202-225-5911 na D CA Berman, Howard L. 1-202-225-4695 na D CA Brown Jr., George E. 1-202-225-6161 1-202-225-8671 D CA Condit, Gary 1-202-225-6131 1-202-225-0819 D CA Dellums, Ronald V. 1-202-225-2661 1-202-225-9817 D CA Dixon, Julian C. 1-202-225-7084 1-202-225-4091 D CA Dooley, Calvin M. 1-202-225-3341 1-202-225-9308 D CA Edwards, Donald 1-202-225-3072 1-202-225-9460 D CA Eshoo, Anna G. 1-202-225-8104 na D CA Fazio, Vic 1-202-225-5716 1-202-225-0354 D CA Filner, Bob 1-202-225-8045 na D CA Hamburg, Dan 1-202-225-3311 na D CA Harman, Jane 1-202-225-8220 na D CA Lantos, Thomas 1-202-225-3531 na D CA Lehman, Richard H. 1-202-225-4540 na D CA Martinez, Matthew G. 1-202-225-5464 1-202-225-4467 D CA Matsui, Robert T. 1-202-225-7163 1-202-225-0566 D CA McCandless, Alfred 1-202-225-5330 1-202-226-1040 D CA Miller, George 1-202-225-2095 1-202-225-5609 D CA Mineta, Norman Y. 1-202-225-2631 na D CA Pelosi, Nancy 1-202-225-4965 1-202-225-8259 D CA Roybal-Allard, Lucille 1-202-225-1766 1-202-226-0350 D CA Schenk, Lynn 1-202-225-2040 1-202-225-2042 D CA Stark, Fortney H. 1-202-225-5065 na D CA Torres, Esteban E. 1-202-225-5256 na D CA Tucker III, Walter R. 1-202-225-7924 1-202-225-7926 D CA Waters, Maxine 1-202-225-2201 na D CA Waxman, Henry A. 1-202-225-3976 1-202-225-4099 D CA Woolsey, Lynn 1-202-225-5161 na R CA Baker, Bill 1-202-225-1880 1-202-225-2150 R CA Calvert, Ken 1-202-225-1986 na R CA Cox, Christopher 1-202-225-5611 1-202-225-9177 R CA Cunningham, Randy 1-202-225-5452 1-202-225-2558 R CA Doolittle, John T. 1-202-225-2511 1-202-225-5444 R CA Dornan, Robert K. 1-202-225-2965 1-202-225-3694 R CA Dreier, David 1-202-225-2305 1-202-225-4745 R CA Gallegly, Elton 1-202-225-5811 na R CA Herger, Walter W. 1-202-225-3076 1-202-225-1609 R CA Horn, Steve 1-202-225-6676 na R CA Huffington, Michael 1-202-225-3601 na R CA Hunter, Duncan L. 1-202-225-5672 1-202-225-0235 R CA Kim, Jay C. 1-202-225-3201 1-202-226-1485 R CA Lewis, Jerry 1-202-225-5861 1-202-225-6498 R CA McKeon, Howard P. 1-202-225-1956 1-202-226-0683 R CA Moorhead, Carlos J. 1-202-225-4176 1-202-226-1279 R CA Packard, Ronald 1-202-225-3906 1-202-225-0134 R CA Pombo, Richard 1-202-225-1947 1-202-226-0861 R CA Rohrabacher, Dana 1-202-225-2415 1-202-225-7067 R CA Royce, Ed 1-202-225-4111 na R CA Thomas, Bill 1-202-225-2915 na D CO Schroeder, Patricia 1-202-225-4431 1-202-225-5842 D CO Skaggs, David E. 1-202-225-2161 na R CO Allard, Wayne 1-202-225-4676 1-202-225-8630 R CO Hefley, Joel 1-202-225-4422 1-202-225-1942 R CO McInnis, Scott 1-202-225-4761 1-202-226-0622 R CO Schaefer, Daniel 1-202-225-7882 1-202-225-7885 D CT DeLauro, Rosa 1-202-225-3661 1-202-225-4890 D CT Gejdenson, Samuel 1-202-225-2076 1-202-225-4977 D CT Kennelly, Barbara B. 1-202-225-2265 1-202-225-1031 R CT Franks, Gary 1-202-225-3822 1-202-225-5085 R CT Johnson, Nancy L. 1-202-225-4476 1-202-225-4488 R CT Shays, Christopher 1-202-225-5541 1-202-225-9629 D DC Norton, Eleanor Holmes 1-202-225-8050 1-202-225-3002 R DE Castle, Michael N. 1-202-225-4165 1-202-225-2291 D FL Bacchus, James 1-202-225-3671 1-202-225-9039 D FL Brown, Corrine 1-202-225-0123 1-202-225-2256 D FL Deutsch, Peter 1-202-225-7931 1-202-225-8456 D FL Gibbons, Samuel M. 1-202-225-3376 na D FL Hastings, Alcee L. 1-202-225-1313 1-202-225-0690 D FL Hutto, Earl 1-202-225-4136 1-202-225-5785 D FL Johnston II, Harry 1-202-225-3001 1-202-225-8791 D FL Meek, Carrie 1-202-225-4506 1-202-226-0777 D FL Peterson, Peter 1-202-225-5235 1-202-225-1586 R FL Bilirakis, Michael 1-202-225-5755 1-202-225-4085 R FL Canady, Charles T. 1-202-225-1252 na R FL Diaz-Balart, Lincoln 1-202-225-4211 1-202-225-8576 R FL Fowler, Tillie 1-202-225-2501 na R FL Goss, Porter J. 1-202-225-2536 1-202-225-6820 R FL Lewis, Thomas 1-202-225-5792 1-202-225-1860 R FL McCollum, William 1-202-225-2176 na R FL Mica, John L. 1-202-225-4035 1-202-226-0821 R FL Miller, Dan 1-202-225-5015 1-202-226-0828 R FL Ros-Lehtinen, Ileana 1-202-225-3931 1-202-225-5620 R FL Shaw Jr., E. C. 1-202-225-3026 1-202-225-8398 R FL Stearns, Clifford B. 1-202-225-5744 1-202-225-3973 R FL Thurman, Carol L. 1-202-225-1002 1-202-226-0329 R FL Young, C. W. 1-202-225-5961 1-202-225-9764 D GA Bishop, Sanford 1-202-225-3631 1-202-225-2203 D GA Darden III, George 1-202-225-2931 na D GA Deal, Nathan 1-202-225-5211 1-202-225-8272 D GA Johnson, Don 1-202-225-4101 1-202-226-1466 D GA Lewis, John 1-202-225-3801 1-202-225-0351 D GA McKinney, Cynthia 1-202-225-1605 1-202-226-0691 D GA Rowland, J. R. 1-202-225-6531 na R GA Collins, Mac 1-202-225-5901 1-202-225-2515 R GA Gingrich, Newt 1-202-225-4501 1-202-225-4656 R GA Kingston, Jack 1-202-225-5831 1-202-226-2269 R GA Linder, John 1-202-225-4272 na D GU Underwood, Robert A. 1-202-225-1188 1-202-226-0341 D HI Abercrombie, Neil 1-202-225-2726 na D HI Mink, Patsy T. 1-202-225-4906 1-202-225-4987 D IA Smith, Neal 1-202-225-4426 na R IA Grandy, Fred 1-202-225-5476 na R IA Leach, James 1-202-225-6576 1-202-226-1278 R IA Lightfoot, James R. 1-202-225-3806 1-202-225-6973 R IA Nussle, James Allen 1-202-225-2911 1-202-225-9129 D ID LaRocco, Larry 1-202-225-6611 na R ID Crapo, Michael D. 1-202-225-5531 na D IL Collins, Cardiss 1-202-225-5006 1-202-225-8396 D IL Costello, Jerry F. 1-202-225-5661 1-202-225-0285 D IL Durbin, Richard J. 1-202-225-5271 1-202-225-0170 D IL Evans, Lane 1-202-225-5905 1-202-225-5396 D IL Lipinski, William O. 1-202-225-5701 1-202-225-1012 D IL Poshard, Glendal W. 1-202-225-5201 1-202-225-1541 D IL Reynolds, Mel 1-202-225-0773 na D IL Rostenkowski, Daniel 1-202-225-4061 na D IL Rush, Bobby L. 1-202-225-4372 1-202-226-0333 D IL Sangmeister, George 1-202-225-3635 1-202-225-4447 D IL Yates, Sidney R. 1-202-225-2111 1-202-225-3493 R IL Crane, Philip M. 1-202-225-3711 na R IL Ewing, Thomas 1-202-225-2371 1-202-225-8071 R IL Fawell, Harris W. 1-202-225-3515 1-202-225-9420 R IL Gutierrez, Luis V. 1-202-225-8203 1-202-225-7810 R IL Hastert, J. D. 1-202-225-2976 1-202-225-0697 R IL Hyde, Henry J. 1-202-225-4561 1-202-226-1240 R IL Manzullo, Donald 1-202-225-5676 1-202-225-5284 R IL Michel, Robert H. 1-202-225-6201 1-202-225-9461 R IL Porter, John E. 1-202-225-4835 1-202-225-0157 D IN Buyer, Steve 1-202-225-5037 na D IN Hamilton, Lee H. 1-202-225-5315 1-202-225-1101 D IN Jacobs Jr., Andrew 1-202-225-4011 na D IN Long, Jill 1-202-225-4436 na D IN McCloskey, Frank 1-202-225-4636 1-202-225-4688 D IN Roemer, Timothy 1-202-225-3915 1-202-225-6798 D IN Sharp, Philip R. 1-202-225-3021 na D IN Visclosky, Peter J. 1-202-225-2461 1-202-225-2493 R IN Burton, Daniel 1-202-225-2276 1-202-225-0016 R IN Myers, John T. 1-202-225-5805 na D KS Glickman, Daniel 1-202-225-6216 na D KS Slattery, James 1-202-225-6601 1-202-225-1445 R KS Meyers, Jan 1-202-225-2865 1-202-225-0554 R KS Roberts, Pat 1-202-225-2715 1-202-225-5375 D KY Baesler, Scotty 1-202-225-4706 na D KY Barlow, Tom 1-202-225-3115 1-202-225-2169 D KY Mazzoli, Romano L. 1-202-225-5401 na D KY Natcher, William H. 1-202-225-3501 na R KY Bunning, James 1-202-225-3465 1-202-225-0003 R KY Rogers, Harold 1-202-225-4601 1-202-225-0940 D LA Fields, Cleo 1-202-225-8490 1-202-225-8959 D LA Hayes, James A. 1-202-225-2031 1-202-225-1175 D LA Jefferson, William 1-202-225-6636 1-202-225-1988 D LA Tauzin, W. J. 1-202-225-4031 1-202-225-0563 R LA Baker, Richard H. 1-202-225-3901 1-202-225-7313 R LA Livingston, Robert 1-202-225-3015 1-202-225-0739 R LA McCrery, James 1-202-225-2777 1-202-225-8039 D MA Frank, Barney 1-202-225-5931 1-202-225-0182 D MA Kennedy II, Joseph P. 1-202-225-5111 1-202-225-9322 D MA Markey, Edward J. 1-202-225-2836 1-202-225-8689 D MA Meehan, Martin T. 1-202-225-3411 1-202-226-0771 D MA Moakley, John Joseph 1-202-225-8273 1-202-225-7304 D MA Neal, Richard E. 1-202-225-5601 1-202-225-8112 D MA Olver, John W. 1-202-225-5335 1-202-226-1224 D MA Studds, Gerry E. 1-202-225-3111 1-202-225-2212 R MA Blute, Peter I. 1-202-225-6101 1-202-225-2217 R MA Torkildsen, Peter G. 1-202-225-8020 1-202-225-8037 D MD Cardin, Benjamin L. 1-202-225-4016 na D MD Hoyer, Steny H. 1-202-225-4131 1-202-225-4300 D MD Mfume, Kweisi 1-202-225-4741 1-202-225-3178 D MD Wynn, Albert R. 1-202-225-8699 1-202-225-8714 R MD Bartlett, Roscoe G. 1-202-225-2721 na R MD Bentley, Helen D. 1-202-225-3061 1-202-225-4251 R MD Gilchrest, Wayne T. 1-202-225-5311 1-202-225-0254 R MD Morella, Constance 1-202-225-5341 1-202-225-1389 D ME Andrews, Thomas H. 1-202-225-6116 1-202-225-9065 R ME Snowe, Olympia J. 1-202-225-6306 na D MI Barcia, James A. 1-202-225-8171 1-202-225-2168 D MI Bonior, David E. 1-202-225-2106 1-202-226-1169 D MI Carr, Robert 1-202-225-4872 1-202-225-1260 D MI Collins Jr., Barbara 1-202-225-2261 1-202-225-6645 D MI Conyers Jr., John 1-202-225-5126 1-202-225-0072 D MI Dingell, John D. 1-202-225-4071 1-202-225-7426 D MI Ford, William D. 1-202-225-6261 na D MI Kildee, Dale E. 1-202-225-3611 na D MI Levin, Sander M. 1-202-225-4961 1-202-226-1033 D MI Stupak, Bart 1-202-225-4735 1-202-225-4744 R MI Camp, David Lee 1-202-225-3561 1-202-225-9679 R MI Henry, Paul B. 1-202-225-3831 na R MI Hoekstra, Peter 1-202-225-4401 na R MI Knollenberg, Joe 1-202-225-5802 1-202-226-2356 R MI Smith, Nick 1-202-225-6276 na R MI Upton, Frederick S. 1-202-225-3761 1-202-225-4986 D MN Minge, David 1-202-225-2331 na D MN Oberstar, James L. 1-202-225-6211 1-202-225-0699 D MN Penny, Timothy J. 1-202-225-2472 1-202-225-0051 D MN Peterson, Collin C. 1-202-225-2165 1-202-225-1593 D MN Sabo, Martin O. 1-202-225-4755 na D MN Vento, Bruce F. 1-202-225-6631 na R MN Grams, Rod 1-202-225-2271 1-202-225-9802 R MN Ramstad, James M. 1-202-225-2871 1-202-225-6351 D MO Clay, William L. 1-202-225-2406 1-202-225-1725 D MO Danner, Pat 1-202-225-7041 na D MO Gephardt, Richard A. 1-202-225-2671 1-202-225-7452 D MO Skelton, Ike 1-202-225-2876 1-202-225-2695 D MO Volkmer, Harold L. 1-202-225-2956 1-202-225-7834 D MO Wheat, Alan 1-202-225-4535 1-202-225-5990 R MO Emerson, Bill 1-202-225-4404 1-202-225-9621 R MO Hancock, Melton D. 1-202-225-6536 1-202-225-7700 R MO Talent, James M. 1-202-225-2561 1-202-225-2563 D MS Montgomery, G. V. 1-202-225-5031 1-202-225-3375 D MS Parker, Paul M. 1-202-225-5865 1-202-225-5886 D MS Taylor, Gene 1-202-225-5772 1-202-225-7074 D MS Whitten, Jamie L. 1-202-225-4306 1-202-225-4328 D MT Williams, Pat 1-202-225-3211 na D NC Clayton, Eva 1-202-225-3101 na D NC Hefner, W. G. 1-202-225-3715 1-202-225-4036 D NC Lancaster, H. M. 1-202-225-3415 1-202-225-0666 D NC Neal, Stephen L. 1-202-225-2071 1-202-225-4060 D NC Price, David E. 1-202-225-1784 1-202-225-6314 D NC Rose, Charles 1-202-225-2731 1-202-225-2470 D NC Valentine, Tim 1-202-225-4531 1-202-225-1539 D NC Watt, Melvin 1-202-225-1510 1-202-225-1512 R NC Ballenger, Thomas C. 1-202-225-2576 1-202-225-0316 R NC Coble, Howard 1-202-225-3065 1-202-225-8611 R NC McMillan, J. A. 1-202-225-1976 na R NC Taylor, Charles Hart 1-202-225-6401 1-202-251-0794 D ND Pomeroy, Earl 1-202-225-2611 1-202-226-0893 D NE Hoagland, Peter 1-202-225-4155 na R NE Barrett, William E. 1-202-225-6435 na R NE Bereuter, Douglas 1-202-225-4806 1-202-226-1148 D NH Swett, Richard N. 1-202-225-5206 na R NH Zeliff Jr., William 1-202-225-5456 1-202-225-4370 D NJ Andrews, Robert E. 1-202-225-6501 na D NJ Hughes, William J. 1-202-225-6572 1-202-226-1108 D NJ Klein, Herbert C. 1-202-225-5751 na D NJ Menendez, Robert 1-202-225-7919 1-202-226-0792 D NJ Pallone Jr., Frank 1-202-225-4671 1-202-225-9665 D NJ Payne, Donald M. 1-202-225-3436 1-202-225-4160 D NJ Torricelli, Robert 1-202-224-5061 1-202-225-0843 R NJ Franks, Bob 1-202-225-5361 1-202-225-9460 R NJ Gallo, Dean A. 1-202-225-5034 1-202-225-0658 R NJ Roukema, Marge 1-202-225-4465 1-202-225-9048 R NJ Saxton, H. J. 1-202-225-4765 1-202-225-0778 R NJ Smith, Christopher 1-202-225-3765 1-202-225-7768 R NJ Zimmer, Richard A. 1-202-225-5801 1-202-225-9181 D NM Richardson, William 1-202-225-6190 na R NM Schiff, Steven H. 1-202-225-6316 1-202-225-4975 R NM Skeen, Joseph 1-202-225-2365 1-202-225-9599 D NV Bilbray, James H. 1-202-225-5965 1-202-225-8808 R NV Vucanovich, Barbara 1-202-225-6155 1-202-225-2319 D NY Ackerman, Gary L. 1-202-225-2601 na D NY Engel, Eliot L. 1-202-225-2464 na D NY Flake, Floyd H. 1-202-225-3461 1-202-226-4169 D NY Hinchey, Maurice D. 1-202-225-6335 na D NY Hochbrueckner, G. 1-202-225-3826 1-202-225-0776 D NY LaFalce, John J. 1-202-225-3231 na D NY Lowey, Nita M. 1-202-225-6506 1-202-225-0546 D NY Maloney, Carolyn B. 1-202-225-7944 na D NY Manton, Thomas J. 1-202-225-3965 na D NY McNulty, Michael R. 1-202-225-5076 1-202-225-5077 D NY Nadler, Jerrold 1-202-225-5635 1-202-225-6923 Committee: Public Works & Transportation Judiciary Committee Subcommittees: Economic Dev. Surface Transportation Water Resources & Environment Civil & Constitutional Rights International Law, Immigration & Refugees Member, Cong. Arts Caucus Member, Cong. Caucus for Women's Issues D NY Owens, Major R. 1-202-225-6231 1-202-226-0112 D NY Rangel, Charles B. 1-202-225-4365 1-202-225-0816 D NY Schumer, Charles E. 1-202-225-6616 1-202-225-4183 D NY Serrano, Jose E. 1-202-225-4361 1-202-225-6001 D NY Slaughter, Louise M. 1-202-225-3615 1-202-225-7822 D NY Towns, Edolphus 1-202-225-5936 1-202-225-1018 D NY Velazquez, Nydia M. 1-202-225-2361 1-202-226-0327 R NY Boehlert, Sherwood 1-202-225-3665 1-202-225-1891 R NY Fish Jr., Hamilton 1-202-225-5441 1-202-225-0962 R NY Gilman, Benjamin A. 1-202-225-3776 na R NY Houghton, Amory 1-202-225-3161 1-202-225-5574 R NY King, Peter T. 1-202-225-7896 1-202-226-2279 R NY Lazio, Rick A. 1-202-225-3335 na R NY Levy, David A. 1-202-225-5516 1-202-225-4672 R NY McHugh, John M. 1-202-225-4611 na R NY Molinari, Susan 1-202-225-3371 1-202-226-1272 R NY Paxon, L. W. 1-202-225-5265 1-202-225-5910 R NY Quinn, Jack 1-202-225-3306 1-202-226-0347 R NY Solomon, Gerald B. 1-202-225-5614 1-202-225-1168 R NY Walsh, James T. 1-202-225-3701 1-202-225-4042 D OH Applegate, Douglas 1-202-225-6265 na D OH Brown, Sherrod 1-202-225-3401 na D OH Fingerhut, Eric D. 1-202-225-5731 na D OH Hall, Tony P. 1-202-225-6465 na D OH Kaptur, Marcy 1-202-225-4146 1-202-225-7711 D OH Mann, Davis S. 1-202-225-2216 na D OH Sawyer, Thomas C. 1-202-225-5231 1-202-225-5278 D OH Stokes, Louis 1-202-225-7032 1-202-225-1339 D OH Strickland, Ted 1-202-225-5705 1-202-226-0331 D OH Traficant Jr., James 1-202-225-5261 1-202-225-3719 R OH Boehner, John Andrew 1-202-225-6205 1-202-225-0704 R OH Gillmor, Paul E. 1-202-225-6405 na R OH Hobson, David L. 1-202-225-4324 na R OH Hoke, Martin R. 1-202-225-5871 1-202-226-0994 R OH Kasich, John R. 1-202-225-5355 na R OH Oxley, Michael G. 1-202-225-2676 na R OH Pryce, Deborah 1-202-225-2015 1-202-226-0986 R OH Regula, Ralph 1-202-225-3876 1-202-225-3059 D OK Brewster, Billy Kent 1-202-225-4565 na D OK English, Glenn 1-202-225-5565 1-202-225-8698 D OK McCurdy, David 1-202-225-6165 1-202-225-9746 D OK Synar, Michael 1-202-225-2701 1-202-225-2796 R OK Inhofe, James M. 1-202-225-2211 1-202-225-9187 R OK Istook, Ernest Jim 1-202-225-2132 na D OR DeFazio, Peter A. 1-202-225-6416 na D OR Furse, Elizabeth 1-202-225-0855 na D OR Kopetski, Michael J. 1-202-225-5711 1-202-225-9477 D OR Wyden, Ronald 1-202-225-4811 na R OR Smith, Robert F. 1-202-225-6730 na D PA Blackwell, Lucien E. 1-202-225-4001 1-202-225-7362 D PA Borski, Robert A. 1-202-225-8251 1-202-225-4628 D PA Coyne, William J. 1-202-225-2301 na D PA Foglietta, Thomas M. 1-202-225-4731 1-202-225-0088 D PA Holden, Tim 1-202-225-5546 1-202-226-0996 D PA Kanjorski, Paul E. 1-202-225-6511 1-202-225-9024 D PA Klink, Ron 1-202-225-2565 na D PA Margolies-Mezvinsky, Marjorie 1-202-225-6111 1-202-226-0798 D PA McHale, Paul 1-202-225-6411 1-202-225-5320 D PA Murphy, Austin J. 1-202-225-4665 1-202-225-4772 D PA Murtha, John P. 1-202-225-2065 1-202-225-5709 R PA Clinger Jr., William 1-202-225-5121 1-202-225-4681 R PA Gekas, George W. 1-202-225-4315 1-202-225-8440 R PA Goodling, William F. 1-202-225-5836 1-202-226-1000 R PA Greenwood, Jim 1-202-225-4276 1-202-225-9511 R PA McDade, Joseph M. 1-202-225-3731 1-202-225-9594 R PA Ridge, Thomas J. 1-202-225-5406 na R PA Santorum, Richard J. 1-202-225-2135 1-202-225-7747 R PA Shuster, Bud 1-202-225-2431 na R PA Walker, Robert S. 1-202-225-2411 na R PA Weldon, Curt 1-202-225-2011 1-202-225-8137 D PR Romero-Barcelo, Carlos 1-202-225-2615 1-202-225-2154 D RI Reed, John F. 1-202-225-2735 1-202-225-9580 R RI Machtley, Ronald K. 1-202-225-4911 1-202-225-4417 D SA Faleomavaega, Eni F.H. 1-202-225-8577 na D SC Clyburn, James E. 1-202-225-3315 1-202-225-2302 D SC Derrick, Butler 1-202-225-5301 na D SC Spratt Jr., John M. 1-202-225-5501 1-202-225-0464 R SC Inglis, Bob 1-202-225-6030 na R SC Ravenel Jr., Arthur 1-202-225-3176 na R SC Spence, Floyd 1-202-225-2452 1-202-225-2455 D SD Johnson, Timothy P. 1-202-225-2801 1-202-225-2427 D TN Clement, Robert 1-202-225-4311 1-202-226-1035 D TN Cooper, James 1-202-225-6831 1-202-225-4520 D TN Ford, Harold E. 1-202-225-3265 na D TN Lloyd, Marilyn 1-202-225-3271 1-202-225-6974 D TN Tanner, John S. 1-202-225-4714 1-202-225-1765 R TN Duncan Jr., John J. 1-202-225-5435 1-202-225-6440 R TN Gordon, Bart 1-202-225-4231 1-202-225-6887 R TN Quillen, James H. 1-202-225-6356 1-202-225-7812 R TN Sundquist, Donald 1-202-225-2811 1-202-225-2814 D TX Andrews, Michael A. 1-202-255-7508 na D TX Brooks, Jack 1-202-225-6565 1-202-225-1584 D TX Bryant, John 1-202-225-2231 na D TX Chapman, Jim 1-202-225-3035 1-202-225-7265 D TX Coleman, Ronald D. 1-202-225-4831 na D TX Edwards, Chet 1-202-225-6105 1-202-225-0350 D TX Frost, Martin 1-202-225-3605 1-202-225-4951 D TX Geren, Peter 1-202-225-5071 1-202-225-2786 D TX Gonzalez, Henry B. 1-202-225-3236 1-202-225-1915 D TX Green, Gene 1-202-225-1688 1-202-225-9903 D TX Hall, Ralph M. 1-202-225-6673 1-202-225-3332 D TX Johnson, Eddie Bernice 1-202-225-8885 na D TX Laughlin, Gregory H. 1-202-225-2831 1-202-225-1108 D TX Ortiz, Solomon P. 1-202-225-7742 1-202-226-1134 D TX Pickle, J. J. 1-202-225-4865 na D TX Sarpalius, Bill 1-202-225-3706 1-202-225-6142 D TX Stenholm, Charles W. 1-202-225-6605 1-202-225-2234 D TX Tejeda, Frank 1-202-225-1640 na D TX Washington, Craig A. 1-202-225-3816 na D TX Wilson, Charles 1-202-225-2401 1-202-225-1764 D TX de la Garza, E 1-202-225-2531 1-202-225-2534 R TX Archer, William 1-202-225-2571 1-202-225-4381 R TX Armey, Richard K. 1-202-225-7772 1-202-225-7614 R TX Barton, Joseph 1-202-225-2002 1-202-225-3052 R TX Bonilla, Henry 1-202-225-4511 na R TX Combest, Larry 1-202-225-4005 na R TX DeLay, Thomas 1-202-225-5951 na R TX Fields, Jack 1-202-225-4901 na R TX Johnson, Sam 1-202-225-4201 na R TX Smith, Lamar S. 1-202-225-4236 1-202-225-8628 D UT Orton, William H. 1-202-225-7751 1-202-226-1223 D UT Shepherd, Karen 1-202-225-3011 1-202-226-0354 R UT Hansen, James V. 1-202-225-0453 1-202-225-5857 D VA Boucher, Rick 1-202-225-3861 na D VA Byrne, Leslie L. 1-202-225-1492 na D VA Moran Jr., James P. 1-202-225-4376 1-202-225-0017 D VA Payne Jr., Lewis F. 1-202-225-4711 1-202-226-1147 D VA Pickett, Owen B. 1-202-225-4215 1-202-225-4218 D VA Scott, Robert C. 1-202-225-8351 1-202-225-3854 D VA Sisisky, Norman 1-202-225-6365 1-202-226-1170 R VA Bateman, Herbert H. 1-202-225-4261 1-202-225-4382 R VA Bliley Jr., Thomas J. 1-202-225-2815 na R VA Goodlatte, Robert W. 1-202-225-5431 1-202-225-9681 R VA Wolf, Frank R. 1-202-225-5136 na D VI de Lugo, Ron 1-202-225-1790 1-202-225-9392 I VT Sanders, Bernard 1-202-225-4115 1-202-225-6790 D WA Cantwell, Maria 1-202-225-6311 1-202-225-2286 D WA Dicks, Norman D. 1-202-225-5916 na D WA Foley, Thomas S. 1-202-225-2006 na D WA Inslee, Jay 1-202-225-5816 1-202-226-1137 D WA Kreidler, Mike 1-202-225-8901 1-202-226-2361 D WA McDermott, James A. 1-202-225-3106 1-202-225-9212 D WA Swift, Al 1-202-225-2605 1-202-225-2608 D WA Unsoeld, Jolene 1-202-225-3536 1-202-225-9095 R WA Dunn, Jennifer 1-202-225-7761 na D WI Barrett, Thomas M. 1-202-225-3571 na D WI Gunderson, Steve 1-202-225-5506 1-202-225-6195 D WI Kleczka, Gerald D. 1-202-225-4572 na D WI Obey, David R. 1-202-225-3365 na R WI Klug, Scott 1-202-225-2906 na R WI Petri, Thomas E. 1-202-225-2476 1-202-225-2356 R WI Roth, Toby 1-202-225-5665 1-202-225-0087 R WI Sensenbrenner, F. J. 1-202-225-5101 1-202-225-3190 D WV Mollohan, Alan B. 1-202-225-4172 1-202-225-7564 D WV Rahall II, Nick Joe 1-202-225-3452 1-202-225-9061 D WV Wise Jr., Robert E. 1-202-225-2711 1-202-225-7856 R WY Thomas, Craig 1-202-225-2311 1-202-225-0726 //WHITE HOUSE If you send a message to the White House, please include a US Post office address for replies. You can send e-mail to the following accounts: Compuserve: 75300,3115 GO: WHITE HOUSE finds White House forum America OnLine: clinton pz KEYWORD: WHITEHOUSE finds White House area MCI TO: WHITE HOUSE VIEW WHITE HOUSE views bulletin boards Internet: clinton-hq at Campaign92.Org 75300.3115 at compuserve.com clintonpz at aol.com whouse at mcimail.com __ | (V) | "Tiger gotta hunt. Bird gotta fly. | (^ (`> | Man gotta sit and wonder why, why, why. | ((\\__/ ) | Tiger gotta sleep. Bird gotta land. | (\\< ) der Nethahn | Man gotta tell himself he understand." | \< ) | | ( / | Kurt Vonnegut Jr. | | | | ^ | From peb at PROCASE.COM Thu Aug 5 10:55:22 1993 From: peb at PROCASE.COM (Paul Baclace) Date: Thu, 5 Aug 93 10:55:22 PDT Subject: Offshore Data Havens and Services Message-ID: <9308051754.AA01156@banff.procase.com> >(For you worried parents out there who worry about Junior calling these I recently heard about a married adult who would call some sex line uncontrollably...so apparently it is possible for some people to become addicted to a phone number--the blocking isn't just for concerned parents! What a surprise (to me). >* when will the first "personal data" agencies appear, which offer Yesterday on American Public Radio (used to be called NPR?) reported that the IRS recently busted 300 or so of their employees for accessing tax returns of relatives, famous people, etc. They noted that this information was also being sold to lawyers, private investigators, and market researchers. The IRS even stated that they cannot control the problem since 56,000 employees have access to the data. The black market of tax information is doing quite fine... >landlords A database already exists for the purpose of identifying defaulting renters. I'd like to create a reverse one that tracks landlords who never make repairs or charge excessive cleaning fees. >preexisting medical conditions databases This kinda thing irks me since is a policy choice as to how preexisting conditions are covered. Since I've changed jobs often (startups, etc.), it can be a real hassle every time they try to use this to weasle out of a claim. (My wife just had a checkup, everything is fine, and they want all kinds of information released to them to determine whether there was a preexisting condition even though she is being treated for nothing at all!) The clause varies from company to company considerably and is archaic since insurance should be for the individual, not subsidized and controlled by group policies... >Crypto anarchy is gonna change the world! The race is on. Paul E. Baclace peb at procase.com From tedwards at wam.umd.edu Thu Aug 5 11:08:35 1993 From: tedwards at wam.umd.edu (technopagan priest) Date: Thu, 5 Aug 93 11:08:35 PDT Subject: Our chances Message-ID: <199308051805.AA26736@rac2.wam.umd.edu> About NSA assistant director Dr. Clint Brooks: >He readily admitted that the Clipper system isn't intended to catch >any crooks. They'll just avoid the phones. It is just going to deny >them access to the telecommunications system. They just won't be able >to go into Radio Shack and buy a secure phone that comes off the line. This is why it is _imperative_ that Cypherpunks develop secure voice communication systems, to kill Clipper market share. >Their message was direct and they didn't hesitate to compare encryption >with assault rifles. Of course, the assault weapon issue is, for the most part, a bogus attempt to grab rifles. Semi-auto long weapons do not actually show up in the crime stream with any regularity, there are millions of legally owned rifles that are never used in crime, and anti-gun groups are using people's inexperience with semi-auto weapons and crime statistics to achieve their ends. -Thomas From deathmon at sunrayce.solar.umn.edu Thu Aug 5 13:29:53 1993 From: deathmon at sunrayce.solar.umn.edu (Jared "Jake" Gage) Date: Thu, 5 Aug 93 13:29:53 PDT Subject: Mulivor's new address Message-ID: <9308052034.AA14203@sunrayce.solar.umn.edu.> Sorry about this, but how do I desubscribe to this mailing list. -Jake From talon57 at well.sf.ca.us Thu Aug 5 14:02:03 1993 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Thu, 5 Aug 93 14:02:03 PDT Subject: big brother Message-ID: <93Aug5.140053pdt.14007-1@well.sf.ca.us> I just was remembering a little thing we had to do anytime we answered a phone, when we were at squadron, it would make an interesting form of social protest. We always had to answer "This is an unsecured line etc etc...." Brian Williams Cypherpatriot From khijol!erc at apple.com Thu Aug 5 15:24:56 1993 From: khijol!erc at apple.com (Ed Carp) Date: Thu, 5 Aug 93 15:24:56 PDT Subject: big brother In-Reply-To: <93Aug5.140053pdt.14007-1@well.sf.ca.us> Message-ID: > I just was remembering a little thing we had to do anytime we answered a > phone, when we were at squadron, it would make an interesting form of social > protest. We always had to answer "This is an unsecured line etc etc...." Something like "X-Comment: This is an unsecured email message, prone to being tampered with, forged, or obliterated." :) -- Ed Carp, N7EKG erc at apple.com 510/659-9560 anon-2133 at twwells.com If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From jet at netcom.com Thu Aug 5 15:38:39 1993 From: jet at netcom.com (J. Eric Townsend) Date: Thu, 5 Aug 93 15:38:39 PDT Subject: Offshore Data Havens and Services In-Reply-To: <9308050656.AA12955@netcom5.netcom.com> Message-ID: <9308052236.AA17974@netcom5.netcom.com> Timothy C. May writes: > Short of barring international phone calls, the Feds can do nothing! I > love it! Actually, the Feds can do anything they want. Theyve taking to raiding off-short pirate radio statons in international waters, there was that bit with Noriega, etc etc. Reagan set a standard by completely ignore the world court. From UFLTAI at MSUVX1.MEMST.EDU Thu Aug 5 15:52:04 1993 From: UFLTAI at MSUVX1.MEMST.EDU (UFLTAI at MSUVX1.MEMST.EDU) Date: Thu, 5 Aug 93 15:52:04 PDT Subject: Needed: Source for the air force's chicken gun Message-ID: <01H1E8BSWMFM9ANI4G@MSUVX1.MEMST.EDU> Hi, I need to find out if the air force's chicken gun (frozen chicken is shot at engines to test the engine's ability to meet little flying birdies) is for real, and if it is, a source (paper, article, etc) that says that it exists. I've seen this a couple of times in news, but I've never seen a source quoted. I know this is not the usual cypherpunkish themes, but I've found that the people on this list are some of the best informed ones, and I am hoping you all can help. Please reply to me and not the list. Thanx very very much. Ciao. -Tai ps: btw, I need the source quite urgently... thanx again! From fergp at sytex.com Thu Aug 5 17:18:40 1993 From: fergp at sytex.com (Paul Ferguson) Date: Thu, 5 Aug 93 17:18:40 PDT Subject: PKP and DSS -- Licensing and Summation (fwd) Message-ID: From: ross at wattle.itd.adelaide.edu.au (Ross Williams) Newsgroups: sci.crypt Subject: NIST/PKP scandal: All you need to act. Followup-To: sci.crypt Date: 4 Aug 1993 04:21:12 GMT Organization: Rocksoft Pty Ltd. Lines: 1885 Distribution: world NNTP-Posting-Host: wattle.itd.adelaide.edu.au Summary: NIST/PKP scandal: All you need to act. Keywords: nist pkp dsa dss patent digital signature Why It Is Important That You Read This Document and Address This Issue ---------------------------------------------------------------------- Right now there are some fairly significant political things happening in the area of digital signatures that will determine how they are managed for the next two decades. This matters because digital signatures will be a key technology in the future. It is likely that, in the future, most commercial transactions, and most digital communications (including email) will be sealed with a digital signature. In 1999 when J.Random Citizen goes the supermarket and swipes his credit card to buy a chocolate bar, he will most likely be issuing a digital signature. Digital signatures are going to be an extremely important technology in future society, not just in the US, but throughout the world. Because of the propagation of patents through GATT and other agreements, what happens in the US affects everyone. Unfortunately, as far as I can tell, this is a technology that the general public is not even aware of. As a result, the entire legal and political foundation for the technology is being layed down right now by the US Government and other organizations, without much interaction with the outside world. Now this isn't necessarily a bad thing; governments do a lot of good things. However, recent political developments have alarmed many people. A difficulty with the situation is that the issues are rather complex and the approach one takes to them will depend on one's attitudes towards Government, industry, intellectual property, patents and so on. And even if you have firm convictions on any of these issues, deciding what one's position on the issue is, and what one should do can be difficult. It's easy to be a radical and shoot from the hip, and it's easy to be a cynic and do nothing, but I don't like either of these approaches. The only alternative is to think it through properly and make a measured response (which may well happen to be radical!). The document below is my attempt to enumerate the facts, identify the key constraints and issues and identify a number of possible positions and responses. Rather than attempting to "precompile" all this information and advocate a particular course of action, I have provided information so that you can make up your own mind. To this end, I have added appendices containing reference material that you might otherwise have to look up (as I had to). The deadline for action (by fax) is midnight ending Monday 9 August 1993 Washington D.C. time, but it would be best to act well before then to be on the safe side. I urge you, at the very least, to read this document and make up your own mind about this important issue. Ross Williams (ross at guest.adelaide.edu.au.) 4 August 1993. AN ANALYSIS OF THE NIST/PKP DIGITAL SIGNATURE PATENT LICENSING PROPOSAL ======================================================================= Version : 3. Date : 4 August 1993. Author : Ross N. Williams. Net : ross at guest.adelaide.edu.au. Snail : 16 Lerwick Avenue, Hazelwood Park 5066, Australia. Fax : +61 8 373-4911. Phone : +61 8 379-5020 (10am to 10pm Adelaide Australia time). Thanks : The following people have provided me with information: Noah Friedman (friedman at gnu.ai.mit.edu.). Jack Larsen (jl at epsilon.eecs.nwu.edu.). Richard Stallman (rms at gnu.ai.mit.edu.). Dan Bernstein (djb at silverton.berkeley.edu.) Cleared : Cleared for public release 1:18am 04-Aug-1993: RNW. Status : Copyright (C) Ross Williams 1993. However, permission is granted to make and distribute verbatim copies of this document provided that this copyright notice is included. Disclaimer: Where this document expresses opinions on behalf of the author, those opinions are the author's only and are not representative of any organization associated with the author. Note: A GLOSSARY appears at the end of this document. If you are unsure of an acronym, look it up. Search for the word "glossary". 0. TABLE OF CONTENTS ==================== 1. The Facts of the Case 1.1 Public Key Cryptography 1.2 The Digital Signature Standard 1.3 The Choice 1.4 The Gift 1.5 Objecting and Appealing 2. What People Think (and Feel!) 3. Analysis. 3.1 Enumerating The Objections 3.2 The US Code 3.3 Alternatives for NIST 3.4 A Modern Aesops Fable 4. What You Can Do. 4.1 Many Options 4.2 To Whom To Write 4.3 A Selection of Things To Say -- A. Glossary. B. NIST's Announcement C. United States Code Title 35. D: 37 CFR 404.7 (Checklist for License Application) E: Dan Bernstein's Posting and Form Letter F: The LPF Announcement G. The letters I intend to send. 1. THE FACTS OF THE CASE ======================== As far as I can determine, these are the facts of the case. I have not checked all these facts, and welcome corrections. I regret that I do not have the time to substantiate the stuff in this section with formal references. 1.1 Public Key Cryptography ---------------------------- * In late 1970's and early 1980's there was a revolution in cryptography caused by the invention of public-key cryptography by researchers at MIT and Stanford. Those researchers created patents covering much of the new technology, and these patents were assigned to their respective institutions. * In order to exploit the new technology, MIT and Stanford created a company called Public Key Partners (PKP) to whom they granted exclusive sublicensing rights to the cryptography patents. As a result PKP has controlled the use of public key cryptography for the last decade or so. * PKP claims that its patents are very broad and cover not just specific public key cryptography techniques such as the RSA technique, but also cover the IDEA of public-key cryptography too. Like most issues involved in this whole situation, this issue is not clear and can only be resolved in the courts. This document assumes that the PKP patends are broad. * The PKP patents expire between 1997 and 2008. The most important ones expire between 1997 and 2000. * Public key cryptography is a seminal enabling technology that solves most information integrity problems, including the ability to create unforgeable digital signatures. Digital signatures are just like real handwritten signatures except that they can be applied to digital documents. 1.2 The Digital Signature Standard ---------------------------------- * Digital signatures are extremely powerful, but also rather technologically messy to implement. Keys have to be generated and managed. In particular, the issuing of a digital signature is a social and commercial event most likely requiring network events. In my opinion digital signatures will not enter widespread use until they are standardized. * Several years ago, the US Congress, recognising the need for a standard, instructed NIST (The US National Institute of Standards and Technology) to perform a study and come up with a proposal for a digital signature standard. * NIST evaluated the options and, among other things, commissioned its own signature scheme called DSA (Digital Signature Algorithm). The DSA was prepared with assistance from the NSA (National Security Agency). * When all the dust settled, there were two proposals to choose from: a proposal by PKP based on RSA, and DSA. NIST patented DSA which meant that both proposals were embodied in patents, one owned by PKP and the other by NIST. * There were many pros and cons for each proposal including: - PKP asserted that the NIST proposal was technically more arbitrary than the RSA and was created in a more politically impure environment (with help from the NSA) and so was more likely to have a backdoor in it somewhere. RSA is based on prime numbers and is simpler and more self-evidently backdoor-free. - The PKP proposal was privately owned and so, if it was chosen, everyone would have to pay PKP royalties. * Because the use of digital signatures requires the interaction between random pairs of individuals in society and other organizations and agencies, it would appear that there is no room for two standards. It might be possible for two standards to coexist, but once one catches on, no one will want to know about the other, as "hardly anybody uses it". Furthermore, whatever is chosen as the standard is likely to become mandatory when interacting with various government institutions. Thus, whatever happens, the standard that catches on is likely to dominate and will be hard to supplant even by technologically better rivals. This makes right-now a critical time. 1.3 The Choice -------------- * The decision was up to NIST. In the end it chose its own proposal which was subsequently named in its DSS (Digital Signature Standard) as the standard algorithm. * NIST's problem then was how to cope with PKP. It seems that earlier on, NIST declared the DSA free of coverage from other patents: "[We] believe this technique is patentable and that no other patents would apply to the DSS." -- NIST --US Federal Register, 30 August 1991. However, it seems that since that time, PKP applied pressure to NIST claiming that the DSA was covered by PKP's broader patents. It is still not clear what the practical scope of PKP's patents is and the only way to tell is go to court. What is certain is that the PKP patents THREATEN the DSA patent and can cause trouble for it at any time. Meanwhile, NIST has certainly behaved as if the PKP patents are a problem as it stated in its DSA license proposal announcement (see Appendix B of this document): >The prospective license is a cross-license which would resolve a >patent dispute with Public Key Partners and includes the right to If PKP are right then patent law says that neither party can use the technology without obtaining a license from the other party. However, the coverage of PKP's patents is far from clear. 1.4 The Gift ------------ * In the end, NIST decided to simply GIVE its DSA patent to PKP. Actually, it's not giving, it's an exclusive license, which is effectively the same thing. We will use the word "give" in this document. * This decision has been, to say the least, controversial. At least is has within the subculture that knows about these things. It hasn't hit Donahue yet. * The PKP patents run out between 1997 and 2000. The DSA patent runs out in about 2010. Thus, if PKP's patents have teeth then NIST is GIVING PKP a monopoly of a major national standard for 10 years. If PKP's patents don't have coverage, then NIST is GIVING PKP the monopoly for about 16 years. Either way, it's an unnecessarily generous gift and one that will probably cost the public hundreds of millions of dollars. * Monopolistic control over DSA is a gold mine. I can't put a figure on how much it would be worth, but certainly more than three flat rocks and a piece of string. Just remember that most commercial transactions of the future and probably most electronic communications will be executed using digital signatures and you get an idea of the scope of the monopoly. It's almost like simultaneously owning a patent on the pens with which all people must sign contracts and on sealing wax with which people seal envelopes (or did in more romantic eras). * PKP has stated its INTENT to license DSA free for non-commercial use: >It is PKP's intent to make practice of the DSA royalty free for >personal, noncommercial and U.S. Federal, state and local >government use. As explained below, only those parties who enjoy >commercial benefit from making or selling products, or certifying >digital signatures, will be required to pay royalties to practice >the DSA. However, this apparently does not cover software distribution schemes that operate at cost or which cross-subsidize distribution to yield a non-profit. Note also that this statement of intent does not represent a binding committment. * PKP has issued a statement committing itself to charging a maximum royalty rate of 5% if the deal goes through. However, there are also "minimum fees" which are going to be $10000 per year, plus $10000 for small companies and $25000 for big companies. * An important aspect of the situation is that after PKP's patents run out, there will be nothing stopping anyone from creating and using new digital signature algorithms that are not DSA. The trouble is that by that stage DSA will be so well established that no one will want to use anything else. So, while PKP will eventually lose control over public-key cryptography, they will still have control over the DSA, and by then nobody will be able to supplant it with a free standard. * If the deal does go through then we are likely to see an interesting effect as the PKP patent expiry dates approach. At roughly that time, PKP's RSA patents will expire and we will find that PKP is promoting the DSA (over which it holds a patent) and downplaying (and possibly denigrating) the RSA algorithms upon which the company was founded!!!!!!!!!!!!! 1.5 Objecting and Appealing --------------------------- * The DSA patent has not yet been licensed to PKP. By 37 CFR 404.7, this cannot occur unless NIST first advertises the fact that the licensing is to take place, and solicits objections from the public. NIST made such an advertisement in the US Federal Register on 8 June 1993: >The prospective license will be granted unless, within sixty (60) >days of this notice, NIST receives written evidence and argument >which established that the grant of the license would not be >consistent with the requirements of 35 U.S.C. 209 and 37 CFR 404.7. >Dated: June 2, 1993. This noticed was published on about 8 June 1993 so the deadline for responses is 8 August 1993 Washington D.C. time. However, this is a Sunday and we have obtained a verbal commitment from NIST that Monday is OK too. * A lawyer I know who has knowledge of this case has indicated that he thinks that there is no likelihood that NIST will back out of the deal at this stage. However, he feels that this stance is a result of leftovers from the Bush administration. Apparently appeals will be heard by the new Clinton administration and so there is a chance of a change of mind by NIST. * An appeal can be made later to the new administration by anyone who submitted written comments to NIST (as explained above) in opposition to the proposal. Appealants can appeal "de novo" which means that they are not limited to facts and arguments submitted now. * The word "algorithm" appears in the DSA patent, despite the fact that it is officially impossible to register a software patent (it has to be framed in terms of hardware) so it may be that the DSA patent is invalid. 2. WHAT VARIOUS PEOPLE THINK (AND FEEL!) ======================================== * Many people do not believe that algorithmic processes, and in particular, software should be patentable at all. This is an extremely complex issue, but if you do not believe that software patents should exist, you will also believe that the PKP patents should not exist. * Many people are worried that public key cryptography was patented, given its origins. They point out that most of the research leading to it was funded by public (i.e. taxpayer's) money granted by the US Federal Government to Universities. They point out that if the result of such research should be framed as property at all (e.g. patents) then it should be public property. In fact, a database search of the relevant patents reveals that many of them have the following note attached which would seem to indicate that the government may have some direct rights to the patents: >GOVERNMENT INTEREST (GI) The Government has rights in this > invention pursuant to Grant No. ENG-10173 of > the National Science Foundation and IPA No. > 0005. * One of the purposes of the patent system is to cause technology to be exploited. Some people have suggested that PKP has not been effective in allowing the diffusion public key cryptography. I am not in a position to establish the truth or falsehood of this statement. However, there is intuitive evidence in the fact that public key cryptography was invented almost 20 years ago, and yet is not yet in widespread use. A visit to the supermarket checkout counter reveals no digital signatures. Why not? * Some people have suggested that the reason for the lack of diffusion of public key cryptography is that a cosy unspoken understanding exists between PKP and various US Government agencies that are none-too-happy about the prospect of a diffusion of this technology. Evidence for the attitude of government agencies is: 1) the smoking gun of the 56-bit DES key, 2) the fact that much cryptographic technology is currently classified as "munitions" and cannot be exported without a license. Evidence of the lack of diffusion is the supermarket argument above. The rest is speculation. * Many people were worried when NIST patented the DSA. They felt that no good could come from embodying a public standard as a piece of intellectual property. Their fears have been realized as NIST is about to license that property exclusively to PKP. * It is very easy to get hot under the collar at NIST. However, it is also important to realize that their actions MAY be motivated by no more than a desire for the public good - to disseminate digital signature technology as quickly as possible. In this quest they ran up against a problem - PKP - and solved it as quickly and as easily as they could - by giving the DSA patent to PKP. * I do not particularly hold any bad feelings towards PKP or its employees. I have been developing a product recently that has required me to interact with PKP and to license one of their algorithms. They have been nothing but polite and helpful and have provided me with useful information. My concern is not with PKP, but with the future of digital signatures. 3. ANALYSIS =========== 3.1 Enumerating The Objections ------------------------------ I you are at all like me, by this stage your brain will be feeling as if it is full of cotton wool so let's attempt to crystalize it all. First, why should we care at all? The answer to this is that digital signatures are going to be very important in the future. Second, what bad things have happened, or are about to happen? This depends on your stand on various issues in intellectual property. Combing through previous sections, we can assemble at least the following list of potential objections: * Object to software patents in general. * Object to publicly funded universities creating patents at all. * Object to such universities assigning such patents to commercial companies. * Object to PKP allegedly holding up the diffusion of public key technology. * Object to the involvement of the NSA in creating the DSA. * Object to NIST choosing DSA as standard instead of RSA. * Object to NIST embodying DSA in a patent. * Object to government agencies assigning patents to commercial companies. * Object to NIST assigning the patent to just ONE company. * Object to NIST effectively extending PKP's patent powers. * Object to NIST making it more difficult for companies that wish to fight PKP to do so. So there is certainly a lot to grumble about! This is a problem with this issue: there are too many ducks to shoot at and the more idealistic you are the easier it becomes to get angry and confused. However, right now we are right near the end of NIST's 60-day deadline and coherent focussed action is required. >From the legal tactical point of view, there are many many angles of attack. I won't go into them here; the situation touches on constitutional law, administrative law, patent law and I don't understand it all. Just be assured that "teams of lawyers are working around the clock" :-) What we really need of course is a turbo-charged Hillary, but this is not possible at this time. What IS important is that the current situation seems to be largely a result of the leftovers of the Bush administration. The new Clinton administration may take different view on all this. I have heard that soon the top few people in NIST will be replaced by Clinton people. This means that if enough people object now with enough good reasons, the issue might get held up long enough for it to be caught by the new administration. And the "de novo" aspect of the appeals process means that new arguments can be created and presented later, so you are not limited later to what you say now. So say anything, but please say something, now. As we have seen, there are many legitimate objections that could be made. In my mind the key ones are: * That NIST is placing a key international standard in the hands of a single company. * That by handing DSA to PKP, NIST is giving PKP power unnecessarily. It may be that some companies believe that they can beat PKP's broad patents in court. However, if the NIST/PKP deal goes through, such companies will have to break not only the broad PKP patents, but the more specific DSA one as well. If the PKP patents are so strong, why should NIST need to give PKP the DSA patent at all? In addition to these general objections, we can also respond directly and formally to NIST's requests for comments on the deal. The next section discusses this. 3.2 The US Code --------------- NIST has requested objections to its proposal before 8 August 1993. Furthermore, it has specified exactly what its criterion is for evaluating objections: >The prospective license will be granted unless, within sixty (60) >days of this notice, NIST receives written evidence and argument >which established that the grant of the license would not be >consistent with the requirements of 35 U.S.C. 209 and 37 CFR 404.7. >Dated: June 2, 1993. I have obtained copies of 35 U.S.C. 209 (see Appendix C) and 37 CFR 404.7 (see Appendix D). The latter is basically the former repeated over a few times with some bits added. Here are the juicy clauses of 35 U.S.C. 209 - the ones that specify the criteria that NIST is supposed to be using to determine whether to license DSA to PKP. NIST is most likely to respond favourably to objections lodged to it that address these criteria and explain why they are not being met. Here we go: >(A) the interests of the Federal Government and the public will >best be served by the proposed license, in view of the applicant's >intentions, plans, and ability to bring the invention to practical >application or otherwise promote the invention's utilization by >the public; I think it's fairly clear from the history of the computer industry in the last two decades that computer companies will need little encouragement in adopting and implementing this standard without the help of PKP! >(B) the desired practical application has not been achieved, or is not >likely expeditiously to be achieved, under any non-exclusive license >which has been granted, or which may be granted, on the invention; DSS has only recently been declared a standard, so it's hard to judge. It depends on how good PKP's is at preventing companies from implementing DSA. >(C) exclusive or partially exclusive licensing is a reasonable and >necessary initiative to call forth the investment of risk capital and >expenditures to bring the invention to practical application or >otherwise promote the invention's utilization by the public; and This condition absolutely is not met. The history of the computer industry and the potential for the DSA clearly indicates that there will be, if anything, a glut of risk capital for implementing DSA. And it's probably not even likely to be "risk" capital! >(D) the proposed terms and scope of exclusivity are not greater than >reasonably necessary to provide the incentive for bringing the invention >to practical application or otherwise promote the invention's >utilization by the public. Even if DSA is a subset of PKP's patents and NIST is assigning DSA to PKP to simplify the situation, this condition is definitely not met as NIST is licensing DSA to PKP for at least 10 years longer than it needs to - more than half the life of the patent. PKP's patents expire before 2000, but NIST is granting DSA until the year 2010. This is FAR greater than is reasonably necessary. Because technology tends to diffuse in accordance with an exponential curve (at least until it saturates), it is likely that the royalties PKP will receive between 2000 and 2010 will be a hundred times greater than those it receives beween 1993 and 2000. Thus, in practice, NIST may be being overgenerous by a factor of one hundred or more. SUMMARY: If we assume that NIST's goal is to get DSA in use as quickly as possible, then their only obstacle is PKP. The clauses above address the issues of technology diffusion and the attraction of risk capital. These issues are not central in this case as it must be blindingly obvious to anyone who knows the computer industry that the DSA standard would go like curry through a senior citizen if all the patents were lifted from it (remember, we are most likely talking about most commercial outlets in the US and nearly all electronic mail in the future). Thus, the only reason why NIST should consider handing over the DSA patent under these clauses is because PKP has the industry by the throat. But this is not certain, and even if it was, under clause (D) above, NIST should attempt to minimize its commitment to PKP. If it is to license DSA to PKP AT ALL, it should license it only until PKP's patents run out, not until the year 2010. And even licensing DSA to PKP until the patents run out is unnecessary because if NIST offered a public license of DSA, companies could simply fight PKP's patents in the courts directly without DSA being involved. 3.3 Alternatives for NIST ------------------------- As we have seen above, NIST's actions are at least inconsistent with the code with respect to section (D). So, we can write to them and complain about that specifically. By now, you should have a pretty good feel for the situation. My personal opinion is that NIST are simply eager to diffuse the technology, but because they feel "blocked" by PKP, have folded to them. Unfortunately, they seem to giving up far more than they need to. So let's help them get their confidence back :-) by coming up with some alternatives: A1: ISSUE A GENERAL PUBLIC LICENSE: This would knock NIST out of it, allowing those wishing to implement DSA to deal with PKP directly, either through the courts, or the banks. :-) At least PKP's power would not be increased. A2: FIND ANOTHER STANDARD OR ENCOURAGE INFRASTRUCTURE FOR ANOTHER STANDARD: Do we want DSA at all? Given that the NSA had a finger in it, it's not clear how secure it is. Is it really desirable for certain U.S. government agencies, perhaps a little out of control, to be able to digitally prove in court that any citizen it particularly feels like targetting has taken out a $200,000 loan which has not been repayed? Well, of course, it's not that simple. Even so, these technologies have a habit of being used for increasingly serious applications and this sort of abuse is not unimaginable. In the new commercial world, a backdoor to the DSA would be a license to print money, without all the hassles of running a printing press. Perhaps it is better to take a completely different approach. Independent of licensing issues, I don't think that NIST are going to back down from their own standard. However, they could assist the free market along by specifying that all implementations of DSA incorporate a general digital signature framework into which a variety of digital signature algorithms could be inserted, including DSA. If all manufacturers implemented this, then, at a later date it would be easy to switch to another standard or choose one or another standard at the supermarket till. Even if NIST gave PKP DSA, by enforcing this "slot" openness in the implementation of DSA, it could pave the way for the standard to be replaced in the future by a better one (perhaps RSA!) when the PKP patents expire. 3.4 A Modern Aesops Fable ------------------------- During times of drought a farmer noticed that his cow was looking a bit thin so he sent his son out with the cow to find some nice green grass to munch on so that the cow would grow fat and yield lots of milk. The son walked the cow for miles and miles (making the cow even thinner in the process), but couldn't find any grass (it's the Australian outback). In the end he found a nice green paddock and set the cow grazing. Later the son returned to the homestead: Farmer : How'd it go son? Do we have a happy cow now? Son : Well sort of; I had trouble finding a grassy paddock. Farmer : But you found one in the end didn't you? Son : Yes, and I put the cow in the paddock. But soon another farmer came running out. He said it was his paddock --- he had rented it for three years --- and that I couldn't graze my cow there without giving him some milk. It was the only green paddock there was. Farmer : So what did you do? Son : I gave him the cow. 4. WHAT YOU CAN DO ================== 4.1 Many Options ---------------- If you've read this far, the extra amount of work required to print out a letter of objection and mail it to NIST will seem trivial by comparison! Furthermore, if you act, you may be able to secure a DSA license for yourself from NIST before DSA is handed over to PKP. It is important to realize that NIST are actually SOLICITING objections. So it's not as if you are writing in cold. Regardless of what NIST's real attitude is, the fact is that they have to receive and collate all the objections they receive and pay some sort of attention to them. As we've seen above, the issues are complicated, and the sort of response you'll want to send NIST will depend on your point of view. I'm not going to tell you what to send to NIST. However, I am going to make it as easy as possible to send SOMETHING to NIST by providing handy information such as the address of the person to send to :-) along with various form letters. One interesting aspect of objecting is stated by NIST in their announcement: >Applications for a license filed in response to this notice will be >treated as objections to the grant of the prospective license. Thus, if you do no more than simply file an application for a DSA license (to NIST before it hands it over to PKP), you will be objecting implicitly. 4.2 To Whom To Write -------------------- NIST states in their announcement that "Inquiries, comments, and other materials relating to the prospective license shall be submitted to: Michael R. Rubin Active Chief Counsel for Technology Room A-1111, Administration Building, National Institute of Standards and Technology Gaithersburg, Maryland 20899 Phone: +1(301) 975-2803. Fax: +1(301) 926-2569. The formal deadling is the end of 08-Aug-1993. However as that is a Sunday, Michael Rubin has stated to others that correspondence received on Monday 09-Aug-1993 will be accepted. Furthermore, in a telephone conversation between Michael Rubin and myself between 1:22am and 1:24am on 04-Aug-1993 Adelaide time, he informed me that faxed correspondence would be accepted until midnight ending Mon 09-Aug-1993 [implicitly Washington DC time]. (Sorry, I forgot to ask him his email address - fax is probably better anyway, as I understand that faxed signatures are accepted in law (no digital signatures in email yet :-)). The LPF has requested that you send a copy of your letter to them at: League for Programming Freedom 1 Kendall Square #143 P.O.Box 9171 Cambridge, Massachusetts 02139 The League for Programming Freedom is an organization which defends the freedom to write software, and opposes monopolies such as patented algorithms and copyrighted languages. It advocates returning to the former legal system under which if you write the program, you are free to use it. Please write to the League if you want more information. Sending copies to the League will enable them to show them to elected officials if that is useful. 4.3 A Selection of Things To Say -------------------------------- Here is a list of actions to give you ideas. * Write to NIST and ask for a personal or implementors license. The personal license will allow you to use the DSA technology in 5,231,668. The implementors license will allow you to create for-private-use or public domain DSA implementations. You can use the Dan Bernstein form letters in Appendix E to do this. NIST may or may not grant the license, but at least you can try. * Write to NIST objecting to the DSA deal on one or more of the following grounds: - Various idealistic reasons such as the creation of the technology using public money, the assignment of the technology to a private company, and the involvement of the NSA in formulating the standard. - Because the deal "is not consistent with requirements of 35 U.S.C. 209 and 37 CFR 404.7." More specifically >(C) exclusive or partially exclusive licensing is a reasonable and >necessary initiative to call forth the investment of risk capital and >expenditures to bring the invention to practical application or >otherwise promote the invention's utilization by the public; and There will be no shortage of risk capital for DSA! >(D) the proposed terms and scope of exclusivity are not greater than >reasonably necessary to provide the incentive for bringing the invention >to practical application or otherwise promote the invention's >utilization by the public. PKP's patents run out by 2000, but NIST is granting them DSA to 2010. * Write to NIST and suggest that they issue a general public license. * Write to NIST objecting, explaining the importance of DSA in future society and urging them to (as the LPF puts it) "pursue all possible means, judicial and legislative, to invalidate or annull the PKP patents", and failing that "take them by eminent domain". This would be cheaper in the long run than the current plan. (Note: I can't help you with the details here: I don't know what eminent domain is. I presume it's what happens when congress finds out that someone has patented the slush fund :-) * Send a copy of the farmer fable :-) That's it! Over to you now! ===================================================================== APPENDIX A: GLOSSARY ==================== DES = Data Encryption Standard. DSA = Digital Signature Algorithm. DSS = Digital Signature Standard. LPF = League for Programming Freedom NIST = National Institute of Standards and Technology. NSA = National Security Agency. PKP = Public Key Partners. RSA = Rivest Shamir Adelman - an important public-key cypher. ===================================================================== APPENDIX B: NIST'S ANNOUNCEMENT =============================== ** The following notice was published in the Federal Register, Vol. 58, No. 108, dated June 8, 1993 under Notices ** National Institute of Standards and Technology Notice of Proposal for Grant of Exclusive Patent License This is to notify the public that the National Institute of Standards and Technology (NIST) intends to grant an exclusive world-wide license to Public Key Partners of Sunnyvale, California to practice the Invention embodied in U.S. Patent Application No. 07/738.431 and entitled "Digital Signature Algorithm." A PCT application has been filed. The rights in the invention have been assigned to the United States of America. The prospective license is a cross-license which would resolve a patent dispute with Public Key Partners and includes the right to sublicense. Notice of availability of this invention for licensing was waived because it was determined that expeditious granting of such license will best serve the interest of the Federal Government and the public. Public Key Partners has provided NIST with the materials contained in Appendix A as part of their proposal to NIST. Inquiries, comments, and other materials relating to the prospec- tive license shall be submitted to Michael R. Rubin, Active Chief Counsel for Technology, Room A-1111, Administration Building, National Institute of Standards and Technology, Gaithersburg, Maryland 20899. His telephone number is (301) 975-2803. Applica- tions for a license filed in response to this notice will be treated as objections to the grant of the prospective license. Only written comments and/or applications for a license which are received by NIST within sixty (60) days for the publication of this notice will be considered. The prospective license will be granted unless, within sixty (60) days of this notice, NIST receives written evidence and argument which established that the grant of the license would not be consistent with the requirements of 35 U.S.C. 209 and 37 CFR 404.7. Dated: June 2, 1993. Raymond G. Kammer Acting Director, National Institute Standards and Technology. Appendix "A" The National Institute for Standards and Technology ("NIST") has announced its intention to grant Public Key Partners ("PKP") sublicensing rights to NIST's pending patent application on the Digital Signature Algorithm ("DSA"). Subject to NIST's grant of this license, PKP is pleased to declare its support for the proposed Federal Information Processing Standard for Digital Signatures (the "DSS") and the pending availability of licenses to practice the DSA. In addition to the DSA, licenses to practice digital signatures will be offered by PKP under the following patents: Cryptographic Apparatus and Method ("Diffie-Hellman") No. 4,200,770 Public Key Cryptographic Apparatus and Method ("Hellman-Merkle") No. 4,315,552 Exponential Cryptographic Apparatus and Method ("Hellman-Pohlig") No. 4,434,414 Method For Identifying Subscribers And For Generating And Verifying Electronic Signatures In A Data Exchange System ("Schnorr") No. 4,995,082 It is PKP's intent to make practice of the DSA royalty free for personal, noncommercial and U.S. Federal, state and local government use. As explained below, only those parties who enjoy commercial benefit from making or selling products, or certifying digital signatures, will be required to pay royalties to practice the DSA. PKP will also grant a license to practice key management, at no additional fee, for the integrated circuits which will implement both the DSA and the anticipated Federal Information Processing Standard for the "key escrow" system announced by President Clinton on April 16, 1993. Having stated these intentions, PKP now takes this opportunity to publish its guidelines for granting uniform licenses to all parties having a commercial interest in practicing this technology: First, no party will be denied a license for any reason other that the following: (i) Failure to meet its payment obligations, (ii) Outstanding claims of infringement, or (iii) Previous termination due to material breach. Second, licenses will be granted for any embodiment sold by the licensee or made for its use, whether for final products software, or components such as integrated circuits and boards, and regard- less of the licensee's channel of distribution. Provided the requisite royalties have been paid by the seller on the enabling component(s), no further royalties will be owned by the buyer for making or selling the final product which incorporates such components. Third, the practice of digital signatures in accordance with the DSA may be licensed separately from any other technical art covered by PKP's patents. Fourth, PKP's royalty rates for the right to make or sell products, subject to uniform minimum fees, will be no more than 2 1/2% for hardware products and 5% for software, with the royalty rate further declining to 1% on any portion of the product price exceeding $1,000. These royalty rates apply only to noninfringing parties and will be uniform without regard to whether the licensed product creates digital signatures, verifies digital signatures or performs both. Fifth, for the next three (3) years, all commercial services which certify a signature's authenticity for a fee may be operated royalty free. Thereafter, all providers of such commercial certification services shall pay a royalty to PKP of $1.00 per certificate for each year the certificate is valid. Sixth, provided the foregoing royalties are paid on such products or services, all other practice of the DSA shall be royalty free. Seventh, PKP invites all of its existing licensees, at their option, to exchange their current licenses for the standard license offered for DSA. Finally, PKP will mediate the concerns of any party regarding the availability of PKP's licenses for the DSA with designated representatives of NIST and PKP. For copies of PKP's license terms, contact Michael R. Rubin, Acting Chief Counsel for Technolo- gy, NIST, or Public Key Partners. Dated: June 2, 1993. Robert B. Fougner, Esq., Director of Licensing, Public Key Partners, 310 North Mary Avenue, Sunnyvale, CA 94033 [FR Doc. 93-13473 Filed 8-7-93; 8:45 am] ===================================================================== APPENDIX C: UNITED STATES CODE (U.S.C.) TITLE 35 - PATENTS SECTION 209 ====================================================================== Note: 37 CFR 404.7. is basically the following repeated over a few times with some irrelevant bits added. S 209. Restrictions on licensing of federally owned inventions -------------------------------------------------------------- (a) No Federal agency shall grant any license under a patent or patent application on a federally owned invention unless the person requesting the license has supplied the agency with a plan for development and/or marketing of the invention, except that any such plan may be treated by the Federal agency as a commercial and financial information obtained from a person and privileded and confidential and not subject to disclosure under section 552 of title 5 of the United States Code. (b) A Federal agency shall normally grant the right to use or sell any federally owned invention in the United States only to a licensee that agrees that any products embodying the invention and produced through the use of the invention will be manufactured substantially in the United States. (c) (1) Each Federal agency may grant exclusive or partially exclusive licenses in any invention covered by a federally owned domestic patent or patent application only if, after public notice and opportunity for filing written objections, it is determined that --- (A) the interests of the Federal Government and the public will best be served by the proposed license, in view of the applicant's intentions, plans, and ability to bring the invention to practical application or otherwise promote the invention's utilization by the public; (B) the desired practical application has not been achieved, or is not likely expeditiously to be achieved, under any non-exclusive license which has been granted, or which may be granted, on the invention; (C) exclusive or partially exclusive licensing is a reasonable and necessary initiative to call forth the investment of risk capital and expenditures to bring the invention to practical application or otherwise promote the invention's utilization by the public; and (D) the proposed terms and scope of exclusivity are not greater than reasonably necessary to provide the incentive for bringing the invention to practical application or otherwise promote the invention's utilization by the public. (2) A Federal agency shall not grant such exclusive or partially exclusive license under paragraph (1) of this subsection if it determines that the grant of such license will tend substantially to lessen competition or result in undue concentration in any section of the country in any line of commerce to which the technology to be licensed relates, or to create or maintain other situations inconsistent with the antitrust laws. (3) First preference in the exclusive or partially exclusive licensing of federally owned inventions shall go to small business firms submitting plans that are determined by the agency to be within the capabilities of the firm and equally likely, if executed, to bring the invention to practical application as any plans submitted by applicants that are not small business firms. <<<>>> (f)...(4) the right of the Federal agency to terminate the license in whole or in part if the agency determines that such action is necessary to meet requirements for public use specified by Federal regulations issued after the date of the license and such requirements are not reasonably satisfied by the licensee. ===================================================================== APPENDIX D: 37 CFR 404.8 (Checklist for License Application) ============================================================ 37 CFR 404.8 gives a checklist of the things you have to do to apply for a license. S 404.8 Application for a License --------------------------------- An application for a license should be addressed to the Federal agency having custody of the invention and should normally include: (a) Identification of the invention for which the license is desired including the patent application, serial number or patent number, title, and date, if known; (b) Identification of the type of license for which the application is submitted. (c) Name and address of the person, company, or organization applying for the license and the citizenship or place of incorporation of the applicant; (d) Name, address, and telephone number of the representative of the applicant to whom correspondence should be sent; (e) Nature and type of the applicant's business, identifying products and services which the applicant has successfully commercialized; and approximate number of the applicant's employees; (f) Source of information concerning the availability of a license on the invention. (g) A statement indicating whether the applicant is a small business firm as defined in S404.3(c) [S404.3 (c) SMALL BUSINESS FIRM means a small business concern as defined in section 2 of Pub. L. 85-536 (U.S.C.632) and implementing regulations of the Administrator of the Small Business Administration.] (h) A detailed description of applicant's plans for developing or marketing the invention, or both, which should include: (1) A statement of the time, nature and amount of anticiapted investment capital and other resources which applicant believes will be required to bring the invention to practical application; (2) A statement as to the applicant's capability and intention to fulfill the plan, including information refarding manufacturing, marketing, financial and technical resources; (3) A statement of the fields of use for which applicant intends to practice the invention; and (4) A statement of the geographic areas in which applicant intents to manufacture any products embodying the invention and geographic areas where applicant intents to use or sell the invention, or both; (i) Identification of licenses previously granted to applicant under federally owned inventions; (j) A statement containing applicant's best knowledge of the extent to which the invention is being practiced by private industry or Government, or both, or is otherwise available commercially; and (k) Any other information which applicant believes will support a determination to grant the license to the applicant. ===================================================================== APPENDIX E: DAN BERNSTEIN'S POSTING AND FORM LETTER =================================================== The following is a recent posting to sci.crypt by Dan Bernstein. It provides two form letter that can be used to apply for a DSA license. The first letter requests a personal license. The second requests an implementer's license. Dan's letters seems to provide all the information required by some sort of US code. I don't know which one though. Certainly the information provided seems very similar to that specified in 37 CFR 404.8 (see Appendix D). Path: news.adelaide.edu.au!yoyo.aarnet.edu.au!fang.dsto.gov.au!foxhound.dsto.gov.au! munnari.oz.au!news.Hawaii.Edu!ames!agate!ucbvax!silverton.berkeley.edu!djb From: djb at silverton.berkeley.edu (D. J. Bernstein) Newsgroups: sci.crypt Subject: You want to use DSA? Apply for a personal license from NIST! Message-ID: <13176.Jul2706.22.0393 at silverton.berkeley.edu> Date: 27 Jul 93 06:22:03 GMT Organization: IR Lines: 103 NIST plans to give Public Key Partners exclusive rights to the Digital Signature Algorithm. Do you want to guarantee your own rights to this technology? You can! It's free, if you can spare a stamp. Attached is a form letter you can send to NIST to apply for a personal license. Put in your own name, address, country, and the right date; print it out; read through to check it over; sign it; and drop it in the mail. You don't have to get everything right the first time---NIST will contact you if they need more information to make a decision. And, as a bonus, your application will automatically count as an objection to the NIST-PKP deal! I believe that NIST must receive your application by next Friday, the 6th of August, but the due date might be earlier. You might want to check immediately with Michael Rubin at 301-975-2803. If necessary you can fax your letter to him. ---Dan [address] [date] Michael R. Rubin Acting Chief Counsel for Technology Room A-1111 Administration Building National Institute of Standards and Technology Gaithersburg, MD 20899 Dear Mr. Rubin: I hereby apply for a personal license to use the Digital Signature Algorithm. 1. Title of invention: Digital Signature Algorithm (DSA). 2. Patent Application Serial Number: 07/738.431. 3. United States Patent Number: To be issued as 5,231,668, I believe. 4. Source of information concerning availability of a license: Various sources, including your Federal Register notice. 5. Name and address of applicant: [name], [address, phone, etc.]. 6. Applicant's representative: not applicable. 7. I am a [country] citizen. 8. Approximate number of persons employed: not applicable. 9. I am not a small business firm. 10. Purpose: I would like a personal license allowing me to implement and use DSA. See #12. 11. Business and commercialization: not applicable; see #10. 12. Plans: I plan to use DSA to attach digital signatures to a variety of electronic documents, primarily for authentication. I plan to use DSA implementations, initially in software but perhaps later in hardware, from a variety of potential future sources. Investments: I may spend many hours programming a DSA implementation. 13. Fields of commercialization: not applicable; see #10. 14. I am not willing to accept a license for less than all fields of use of DSA. 15. I intend to implement and use DSA only in [country]. 16. Type of license: I would like a non-exclusive license which does not require royalty payments. 17. I have never been granted a license to a federally owned invention. 18. Known uses of DSA by industry or government: I have heard that ISC sells a product called dsaSIGN, and that Bellcore has implemented DSA. 19. Other information: I understand that NIST may grant an exclusive DSA license to PKP, and that this license application will be treated as an objection to the PKP license. Please note that PKP has stated its intent to make DSA free for personal use. Therefore, if NIST grants PKP a license and PKP acts according to its stated intent, there is no harm to anyone if I am granted this personal license. However, I do not trust PKP to act according to its stated intent, and I do not want to have to apply for a license from PKP even if it is royalty-free. So I ask that you grant me a license directly. Thank you for your kind attention. Please let me know if you need more information. Sincerely, [name] Path: news.adelaide.edu.au!yoyo.aarnet.edu.au!fang.dsto.gov.au!foxhound.dsto.gov.au! munnari.oz.au!news.Hawaii.Edu!ames!agate!ucbvax!silverton.berkeley.edu!djb From: djb at silverton.berkeley.edu (D. J. Bernstein) Newsgroups: sci.crypt Subject: You want to publish your dsa.c? Apply for a license from NIST! Message-ID: <13238.Jul2706.22.3993 at silverton.berkeley.edu> Date: 27 Jul 93 06:22:39 GMT Organization: IR Lines: 101 NIST plans to give Public Key Partners exclusive rights to the Digital Signature Algorithm. Do you have a free DSA implementation, or have you been thinking of writing one for the benefit of the net community? Do you want to guarantee your users the rights to this technology? You can! It's free, if you can spare a stamp. This is another form letter---just like the personal license application exhibited in my previous message. You should make sure to apply for a personal license. Once you've done that, follow the same instructions for the implementor's license. Once again, as a bonus, your application will automatically count as an objection to the NIST-PKP deal! I believe that NIST must receive your application by next Friday, the 6th of August, but the due date might be earlier. You might want to check immediately with Michael Rubin at 301-975-2803. If necessary you can fax your letter to him. ---Dan [address] [date] Michael R. Rubin Acting Chief Counsel for Technology Room A-1111 Administration Building National Institute of Standards and Technology Gaithersburg, MD 20899 Dear Mr. Rubin: I hereby apply for an implementor's license permitting me to sublicense the use of the Digital Signature Algorithm. 1. Title of invention: Digital Signature Algorithm (DSA). 2. Patent Application Serial Number: 07/738.431. 3. United States Patent Number: To be issued as 5,231,668, I believe. 4. Source of information concerning availability of a license: Various sources, including your Federal Register notice. 5. Name and address of applicant: [name], [address, phone, etc.]. 6. Applicant's representative: not applicable. 7. I am a [country] citizen. 8. Approximate number of persons employed: not applicable. 9. I am not a small business firm. 10. Purpose: I would like a license allowing me to let others freely use my implementation of DSA, i.e., allowing me to sublicense the use of DSA at no cost. See #12. 11. Business and commercialization: not applicable; see #10. 12. Plans: I plan to create a source-code implementation of DSA in software, using computer resources which are already available to me. I plan to give this implementation to anyone who asks, and perhaps to publish this implementation via electronic or non-electronic means, for study and use by the academic and non-academic communities. I hope to have people hear about this implementation by a variety of means, including word of mouth. 13. Fields of commercialization: not applicable; see #10. 14. I am not willing to accept a license for less than all fields of use of DSA. 15. I intend to implement DSA in [country]. 16. Type of license: I would like a non-exclusive license which does not require royalty payments. 17. I have never been granted a license to a federally owned invention. 18. Known uses of DSA by industry or government: I have heard that ISC sells a product called dsaSIGN, and that Bellcore has implemented DSA. 19. Other information: I understand that NIST may grant an exclusive DSA license to PKP, and that this license application will be treated as an objection to the PKP license. Let me emphasize that this is not a commercial license application. I do not intend to collect any fees for the use of this implementation. Thank you for your kind attention. Please let me know if you need more information. Sincerely, [name] ===================================================================== APPENDIX F: THE LPF ANNOUNCEMENT ================================ From wet!naga Thu Aug 5 18:22:04 1993 From: wet!naga (Peter Davidson) Date: Thu, 5 Aug 93 18:22:04 PDT Subject: help with encryptor Message-ID: In reply to your: >Subject: help with encryptor - please?!?! >To: cypherpunks at toad.com > > I've been working on a program for MS-DOS machines that will >encrypt and/or password protect .COM and .EXE files. > I've got it working really well at this point - but my encryption >algorithms are rather simple. I'm fairly new in the encryption biz, >and I was wondering what would be good to use for the file encryption >algorithm to make it as secure as possible? I dunno, but the Aug/Sept 1993 issue of PC Techniques magazine contains a notice on page 100 of the publication of something that might be useful. It's a C library of encryption routines (Microsoft and Borland compatible). "The encryption method is a symmetric key encryption process applicable both to blocks of data in RAM ... and also to data residing in disk files. ... Full source code is included ..." Unfortunately it's not free (though I don't suppose there's any reason why it should be). The notice says further details are available from the publisher at 510-464-3009. From gnu Thu Aug 5 19:08:40 1993 From: gnu (John Gilmore) Date: Thu, 5 Aug 93 19:08:40 PDT Subject: `Web of trust model' matches common business situation too Message-ID: <9308060205.AA11833@toad.com> Date: Thu, 5 Aug 93 14:33 EDT From: TCJones at DOCKMASTER.NCSC.MIL ... Interestingly, I am coming to the conclusion that big business operates on a web of trust very much like what is found in PGP. There are Dun&Bradstreet reports of course, but, bye-and-large, when a company wants credit, they give a list of the other companies that they do business with as evidence of their trustworthiness in receiving credit. Peace ..Tom Jones From tcmay at netcom.com Thu Aug 5 20:48:39 1993 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 5 Aug 93 20:48:39 PDT Subject: (fwd) Re: Will SKIPJACK's algorithm get out? (Non-technical) Message-ID: <9308060347.AA16297@netcom5.netcom.com> Here's a posting I did on how Skipjack (which I deliberately called "Clipjack") can be likely broken by groups like ours. The anonymous remailers, and the alt.whistleblowing group, can be used to publish details of the whole Skipjack/Capstone/Mykotronx/MYK-78/etc. ball of wax as they become available. Whether we can actually be the ones to analyze the chips or not is immaterial: spreading reports that Clipjack is vulnerable will be useful disinformation (reduced confidence, fewer commercial sales, more acceptance of more provably strong software-based alternatives, etc.) -Tim Newsgroups: sci.crypt,alt.privacy.clipper From: tcmay at netcom.com (Timothy C. May) Subject: Re: Will SKIPJACK's algorithm get out? (Non-technical) Message-ID: Date: Fri, 6 Aug 1993 03:36:27 GMT Larry Loen (lwloen at rchland.vnet.ibm.com) wrote: : Myself, I confidently expect to see Skipjack published in some Eurocrypt : proceedings or other in the next 4 or 5 years, especially if the darn thing : is actually produced in any volumes. There is a decidely : different attitude in W. Europe towards this sort of thing. : It's mostly a question of economics. Will someone, somewhere put out the : bucks to do a "tear down" of the chip and figure out how it works. I could : imagine some crypto company in Europe doing just that and being also motivated : to publish what they find for competitive reasons. . . Some of us plan to do just this: once "Clipjack" phones are finalized and on sale and/or Mykotronx is selling finalized chips, they'll be looked at. I once ran Intel's electron-beam testing lab, so I have some familiarity with looking at chips, including ostensibly tamper-resistant modules. VLSI Technology is fabbing the chips, using a process said to be quite tamper-resistant. We'll see. (While publishing the algorithm may or may not be illegal, there's no reasonable law saying you can't look at something, unless perhaps it's formally classified....will the Clipjack chips have "Top Secret" stamped on them? Somehow I can't quite picture this in phones sold across the country and outside!) (I'm not saying it'll be easy to do this reverse-engineering, mind you. Between mechanical barriers to access (carbide-like particles in the packaging compound to deter grinding), complex-chemistry epoxies to deter plasma- and chemical-decapping, various chip-level countermeasures (storing bits on floating gates, using multiple layers of metal, etc.), the access to the die surface may be very difficult. The "smartcard" chip makers have led the way in devising tamper-resistant chip processes, though their task is quite a bit easier (stopping access to an active chip on an active smartcard, to modify the money amounts) than Clipjack faces (stopping any examination of the chip topology and programming which would reveal the algorithms used) But given enough samples, enough time, and some commitment, the secrets of Clipjack will fall.) As a "Cypherpunk" (cf. cover of "Wired" #2, "Whole Earth Review" Summer '93, and the current (8-2-93) "Village Voice" cover story), I see no reason not to publish the details. This'll let other folks build phones and other comm systems which spoof or defeat the Clipjack system, especially the disgusting and thoroughly un-American "key escrow" system. Naturally, we'll use our "anonymous remailers" (multiple reroutings of messages, with each node decrypting with its key and passing on what's left to the next chosen node....diffusion and confusion, a la Chaum's 1981 "CACM" paper on "digital mixes") to protect ourselves. No sense taking chances that the Feds will view our "liberation" efforts with disfavor and hit us with charges they devise (violations of Munitions Act, RICO, sedition, etc.). This is how some of our members were able to "liberate" secret Mykotoxin documents from the dumpsters of Mykotoxin (something the Supremes have said is OK for law enforcement to do, by the way) and post them anonymously to our mailing list (I believe these docs were then posted to alt.whistleblowers, but they were only _mentioned_ on sci.crypt, not actually posted). I expect at least _three_ separate groups are preparing to break the Clipjack algorithm, at least as embodied in the Clipper/Skipjack chips that come on the market. Breaking the system also allows independent observers to see if it does in fact contain deliberate weaknesses (though the focus on "weaknesses" is secondary to the basic issue of "key escrow" as a concept--it is key escrow, especially mandatory key escrow, that is the real issue. (Mandatory key escrow is not yet part of law, to be fair, but still "in the wind"...we won't really know for a few more years whether the "voluntary" key escrow system will become mandatory) It'll also be interesting to see how Clipjack phone customers react to the revelations of the algorithms. Crypto anarchy means never having to say you're sorry. Yours in the struggle, -Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From fergp at sytex.com Thu Aug 5 21:18:40 1993 From: fergp at sytex.com (Paul Ferguson) Date: Thu, 5 Aug 93 21:18:40 PDT Subject: IRS flunkies browsing your tax records (Surprise!) Message-ID: <9cau8B1w165w@sytex.com> excerpted from: The Washington Post 5 August 1993 page A6 Accused of Failing to Protect Data, IRS Says It Will Buttress Safeguards by Stephen Barr Washington Post Staff Writer The Internal revenue Service, assailed by senators yesterday over a breakdown in computer security that allowed IRS workers to browse through tax records and monitor fraudulent tax refunds, pledged to strengthen safeguards set up to ensure taxpayer records are kept confidential. "it's not easy. it's painful to admit mistakes you make," Internal revenue Commissioner Margaret Milner Richardson said after listening to members of the Senate Governmental Affairs Committee express outrage that IRS workers abused their public trust. Addressing committee Chairman John Glenn (D-Ohio), Richardson said,"I feel very strongly about protecting the integrity of the tax system, and I told you we will not tolerate anything that will impinge on that integrity or the credibility of the American people." But Richardson rebuffed a suggestion by Sen. David Pryor (D-Ark.) that the IRS notify the taxpayers whose files were improperly reviewed. "I'm not sure there would be a serious value to that in terms of tax administration or in the connection with what I see as protecting the taxpayer's rights," she said. Pryor said he would continue to press for taxpayer notification, saying, "I'm going to really come down hard.... I think anyone that we can identify whose files have been browsed for no official reason, I think that taxpayer needs to know." Richardson's testimony followed the release of a report this week that showed almost 370 IRS employees in the agency's Southeast Region have been investigated or disciplined for creating fraudulent tax returns or browsing through tax returns of friends, relatives, neighbors and celebrities. In 154 cases, employees were disciplined. Deputy Commissioner Michael P. Dolan said three employees were forced to resign, three were fired, 38 received suspensions, 67 were given reprimands, 24 were admonished, 17 underwent counseling and two received "caution letters." Sen. Byron L. Dorgan (D-N.D.), noting that few employees were dismissed, questioned Richardson and Dolan on whether "we are dealing appropriately enough" with violators. They said the IRS would provide the committee with detailed information on how disciplinary judgements were made. Few details emerged at the hearing on how IRS regional employees created bogus refunds. An IRS investigative report released by the committee said that four employees are facing criminal prosecution. "In one case," the IRS report said, "an employee prepared over 200 fraudulent tax returns and monitored the refunds" on IRS computers. The report suggested that the fake refunds cost the government more than $300,000. In another case, "the employee used her position to input fraudulent adjustments and monitor the accounts of local taxpayers. She also prepared fraudulent returns, including returns for herself and her parents," the IRS report said. Dolan noted that the violations ranged from the serious to the benign, such as employees who were asked by neighbors for a favor: determine the status of their income tax refund. In answering questions, Richardson pointed out that IRS's internal audit staff had uncovered the information with the General Accounting Office. The IRS audit examined the Integrated Data Retrieval System, a database of taxpayer accounts used by 56,000 IRS workers nationwide. Richardson said the IRS is developing a "comprehensive review" of computer security issues that will improve the agency's ability to detect "inappropriate use." The IRS also is reviewing its high-risk operations, such as credit transfers amd taxpayer adjustments, in a renewed effort tp avert employee misconduct. Dolan said a review of the agency's most sensitive computer commands would be completed within the next six weeks. Richardson was a washington tax attorney before being selected earlier this year by President Clinton to run the IRS. Dolan, a career civil servant, was named deputy commissioner last year. 8<--------- End article ------------------- A old friend of mine sent me an e-mail this afternoon; it appears we see eye-to-eye on this entire fiasco -- and the dangerous role the government wants to play in the Information Age: 8<--------- forwarded message -------------- Subject: Clipper, escrows, and honesty. . . To: "fergp" Saw your recent posting on SCI.CRYPT. I generally shun public postings in such an arena. . . . However, it occurred to me, with only a little bit of thought, that after the recent articles in the Washington Post regarding the employee's of the IRS browsing through friends, enemies, and famous folk's 1040's -- simply for kicks -- how would this be any different than an escrow key arrangment. Isn't it simply a given truth that if one man can view a personal secret of another, that he will be tempted? And let's face it, history proves that, more often than not, the "apple is bitten," ---- or at least "nibbled." No matter how you work it, there will always be a small group, perhaps even one, that will have access to your key. Just like that little girl that sits behind the faceless terminal can pull up my 1040 and run through the schedules to see what I won on and what I lost ---- and I'll never know that it even happened. Of course, until someone who shouldn't know does know, and perhaps at a cocktail party makes mention. . . . . Small potatoes. . . . but not if you're encrypting.. 8<---------- end forwarded mail ----------- Once again -- "Be afraid; be very afraid." Paul Ferguson | "Government, even in its best state, Network Integrator | is but a necessary evil; in its worst Centreville, Virginia USA | state, an intolerable one." fergp at sytex.com | - Thomas Paine, Common Sense I love my country, but I fear its government. From an12070 at anon.penet.fi Thu Aug 5 21:55:33 1993 From: an12070 at anon.penet.fi (an12070 at anon.penet.fi) Date: Thu, 5 Aug 93 21:55:33 PDT Subject: Wayner's Wonderland Message-ID: <9308060454.AA01127@anon.penet.fi> Mr. Wayner posts thoughtful descriptions and reflections on the CSSPAB proceedings. While I want to express my appreciation for this interesting and revealing glimpse and encourage future postings in the same vein, there are some deeply upsetting views and grating, gratuitous benedictions expressed therein that would sound worse than fingernails on a chalkboard for any hard core cypherpunk. Following is mostly vitriolic and sarcastic flame; feel free to ignore it; you've been warned. * * * Peter Wayner >The board itself runs with a quasi-legal style quasi-legal? and the NSA was there? how apropos! >All of them came from the upper >ranks of the military or legal system and a person doesn't rise to >such a position without adopting the careful air of the very diligent >bureaucrat. This is precisely the fluffery and facade we are *not* impressed with. The very Cream of the NSA, the brilliant minds who brought you Clipper and DSA. >The NSA has rarely had trouble in the past >exercising either its explicitly granted legal authority or >its implied authority. The phrase "national security" is a >powerful pass phrase around Washington and there is no reason >for me to believe that the NSA wouldn't get all of the access >to the escrow database that it needs [...] but you see, that is the problem. As P. Ferguson wrote, ` `National security': the root password to the Constitution.' >Building in >a backdoor would only leave a weakness for an opponent to exploit >and that is something that is almost as sacrilidgeous at the NSA >as just putting the classified secrets in a Fed Ex package to >Saddam Hussein. Hm, do you think they felt the same about DES? DSA? decreasing key size makes me wonder at night... >Next there was a report from Geoff Greiveldinger , the man from the >Department of Justice with the responsibility of implementing the the >Key Escrow plan. >[...] >It became clear that the system was not fully designed. Reminds me of the trembling, pale kid at the front of the classroom giving a book report, reading aloud from a blank page. He didn't do his homework. Not only that, but it's the wrong assignment. No matter, he's about to be expelled anyway. This key escrow system is as solid as oozing phlegm. In the Official Announcement we hear of a new Key Escrow System. Hm, what's it about? Apparently not a Key Escrow System, from what I can figure out. Denning scrambles out with some bizarre circumlocution soon after the announcement that is supposedly now Null and Void, and we have this grand new system with the Magic Eavesdropping Box. How are we to be sure that this Box is secure? Why, it utilizes a Secure Chip inside. What about the Chip? Why, there are Secure Atoms and Electrons, assuredly in the Proper Places with Correct Clearance, as designated by The Grand Holiness. >At this point, I had just listened to an entirely logical presentation >from a perfect gentleman. We had just run though a system that had many >nice technological checks and balances in it. Subverting it seemed >very difficult. Gee, I missed something there somewhere. `Not fully designed' but `difficult to subvert' because of all the `nice technological checks'. Yes, I would bet my life on that. >The most interesting speaker was the assistant director of the National >Security Agency, Dr. Clint Brooks. He immediately admitted that the >entire Clipper project was quite unusual because the Agency was not >used to dealing with the open world. Speaking before a wide audience >was strange for him and he admitted that producing a very low cost >commercial competitive chip was also a new challenge for them. their amateurism is frightening and pathetic. The lesson is not that it is `a new challenge' but a outrageous violation of their authority. I'm quite nauseated that someone here would succumb to their transparent and shifty rhetoric. They have no legal authority whatsoever in proposing this. They still fail to grasp this simple fact, despite a bludgeoning CPSR lawsuit slaps and FOIA jabs. It is a wonder they have stopped hiding behind the legs of the President. >He readily admitted that the Clipper system isn't intended to catch >any crooks. Ah, but we have the Official Announcement from Mr. Clinton explaining how it would be used to catch `criminals, drug dealers, and terrorists'! How are we to reconcile this bizarre twist? This is all so grotesque, so Orwellian, so wretched, so horribly nightmarish... we have the Key Escrow Initiative with everything but the Key Escrow read, to catch all the Criminals who aren't Criminals. >When I listened, though, I began to worry about what is going to happen >as we begin to see the eventual blurring of data and voice communications >systems. what a fantastic revelation! when did you come to this epiphany? >WHen this happens, programmable phones are going to emerge. what a ... >This >could easily be a proprietary encryption system that scrambles >everything. what a ... gosh, it would make sense for the NSA to propose Clipper for a scenario like that! what a coincidence! >The traditional way of controlling technology by >controlling the capital intensive manufacturing sites will be gone. what a ... `traditional way of controlling'? more like the `past method of manipulation'! >Sure, >the NSA and the police will go to Radio Shack and say "We want your >cooperation" and they'll get it. But it's the little, slippery ones >that will be trouble in the new, software world. what a ... It is the big, lumbering one called NSA that is already in *deep* trouble. [ sheriffs, district attorneys, FBI agents] >Their message was direct and they didn't hesitate to compare encryption >with assault rifles. One even said, "I don't want to see the officers >outgunned in a technical arena." sorry, they don't have a choice in the matter. >One DA from New Jersey said that >in his office, they process about 10,000 cases a year, but they only >do one to two wiretaps on average. It just seems like a big hassle >and expense for them. oh, perhaps you are proposing it shouldn't be a `hassle' or a `expensive'. Let me tell you, infringing on rights better DAMN WELL be more than a `hassle'! >The >police tried to use the low numbers of wiretaps as evidence that they're not >out there abusing the system, but I kept thinking that this was mainly >caused by the high cost and relatively low utility of the technique. bless you. Now I only feel 95% like strangling you. >In the end, I reduced the calculus of the decision about Clipper to be >a simple tradeoff. If we allow widespread, secure encryption, will the >criminals take great advantage of this system? who is `we'? what do you mean by `allow'? this terminology presupposes the fact that you, the NSA, or anyone else has the capability to control it. >It would empower people to protect their own >information unconditionally, but at the cost of letting the criminals >do the same. ultimately a net gain, IMHO. There is far more to gain from protection of businesses and private mail than any increased evasive power given to criminals. The point is, we can catch criminals without illegitimate crutches like wiretapping. In fact, I think wiretapping ultimately encourages laziness and inefficiency in law enforcement and investigative/detective work. We stand to gain a more efficient law enforcement system when it is ultimately rendered impossible. >I began to wonder if the choice between Clipper and totally secure >encryption was moot. for any true cypherpunk, it is not. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From gnu Thu Aug 5 23:28:40 1993 From: gnu (John Gilmore) Date: Thu, 5 Aug 93 23:28:40 PDT Subject: My personal objection to NIST's DSS exclusive licensing proposal Message-ID: <9308060627.AA19182@toad.com> [I encourage you to file objections too. They don't have to be eight pages long! One page will do.] John Gilmore PO Box 170608 San Francisco, California, USA 94117 August 5, 1993 Michael R. Rubin Active Chief Counsel for Technology Room A-1111, Administration Building, National Institute of Standards and Technology Gaithersburg, Maryland 20899 Phone: +1(301) 975-2803. Fax: +1(301) 926-2569. Dear Sir: I am writing to provide written evidence and argument that the grant of your prospective license for the Digital Signature Algorithm (DSA) to Public Key Partners (PKP) would not be consistent with the requirements of 35 U.S.C. 209 and 37 CFR 404.7. I am also applying for a personal, non-exclusive, sublicensable, and transferable license for the DSA. I propose that instead of granting a license to PKP, the Government: Put its DSA technology into the public domain, and Standardize RSA as a digital signature algorithm. In particular, the NIST proposal must meet the following criteria from 35 U.S.C. 209 (c)(1): (A) the interests of the Federal Government and the public will best be served by the proposed license, in view of the applicant's intentions, plans, and ability to bring the invention to practical application or otherwise promote the invention's utilization by the public; I argue that interests of the Federal Government and the public will best be served by my proposed approach to the problem. The RSA cryptosystem was strongly considered as a digital signature standard by NIST, and was reportedly rejected for two reasons: (1) RSA is patented, while NIST wanted a royalty-free algorithm. (2) The National Security Agency objected to the standardization of RSA, for reasons it did not specify. The first objection is interesting; both DSA and RSA are now controlled by patents, and both would require royalty payments by users in the United States. However, the RSA patents only apply in the United States, so that the public (which includes all people on the Earth) will be better served by standardizing on the algorithm that is available for royalty-free use in other countries. Also, the RSA patent is royalty-free to the government, because it was invented with government grants. The patents which control the DSA are in force worldwide, and the government does not have free use of the algorithm. This gives a clear edge to the RSA algorithm. Also, the patents controlling RSA will expire at least ten years earlier than the DSA patent (if issued) and more than seven years before the Schnorr patent which controls use of DSA. In particular, the RSA patent will expire on September 20, 2000, and all other patents which control the use of RSA expire in 1997. The Schnorr patent expires on February 19, 2008, and the DSA patent would expire seventeen years after it is issued, which has not occurred yet. The traditional model of market acceptance of technology begins with a long slow climb, requiring years, and only peaks after this momentum has built up the proper infrastructure to support the technology. At the peak, many millions of people use the technology (in some cases, almost everyone in society). Digital signature technology has followed this model, and is widely expected to reach millions of people within the next five to ten years. This is important for two reasons: (a) RSA's patent will expire before or near the point when this technology enters the "mass market" of millions of users. This will benefit the public by reducing the cost of deploying the technology to these users. The size of the market clearly provides an economic incentive sufficient to cause its deployment even in the absence of exclusive licensing. (b) RSA digital signature technology has already been climbing the curve for many years. Standardizing on it will produce quicker deployment of digital signature technology. PKP is already licensing the RSA technology on terms similar to the proposed DSA terms, and has promised non-discriminatory licensing if RSA is standardized by NIST. As for the second problem with standardizing on RSA, the objection of the National Security Agency, there are two possible reasons: (a) NSA does not want to see a digital signature technology standardized if it would also allow data encryption, because that could make interception of intelligence data harder. This objection is completely specious. NSA does not have a valid role in setting domestic policy. It is a secret agency, not accountable to the public, and explicitly prohibited by statute from operating in the United States or against United States citizens. Its advice to NIST under the Computer Security Act is restricted to be of a technical nature, not straying onto questions of policy. NIST is required to give full weight to the interests of the public when deliberating on standards. Secret agencies whose policies oppose the public interest have no weight in NIST's standardization process. In fact, the standardization of identical technology for digital signatures and for key exchange and other data encryption uses would be a *good* decision. This technology has already been implemented in Lotus Notes and Privacy Enhanced Mail, and is well proven to be acceptable to users, implementable by manufacturers, and without fault as regards domestic encryption policy. Tens of thousands of copies of these products are in daily use without any impact on domestic tranquility. (b) NSA knows of a technical reason why RSA is not suitable. In this scenario, NSA has learned how to "break" RSA, either by factoring large composites, or by some other method. The proper response of the Government, in that case, is to publicize this fact, in order to protect domestic communications. Because if NSA knows it, it's likely that opposing intelligence agencies also know how to break RSA. The United States is the most computerized society, the most networked, the most communicative. We have the most to lose by having unsecured communications that we believe are secure. In addition, it's likely that the revelation of the NSA method of breaking RSA would result in substantial progress in mathematics in other areas besides cryptography, providing further benefit to the public. Further reasons to standardize RSA rather than DSA: The strengths and weaknesses of the RSA algorithm are better understood by the technical community. More than ten years of research has gone into understanding and implementing it. The DSA has had much less research and thought brought to bear on it. A prominent cryptographer, Gustavus Simmons, alleges that the DSA contains flaws which permit small amounts of secret information to be conveyed in its digital signatures. These flaws, which appear to have been deliberately designed in, would permit the signing party to send information to recipients of the signature, without the affected party having any way to determine this. For example, if a Government agency provided a digital signature on a passport, it could secretly communicate messages such as "this person should be searched at every border crossing" or "this person is suspected of anti-American leanings". Such unproved `information' would not be tolerated by the public if communicated on the face of the passport, but using the DSA, an unscrupulous agency could use such suspicions to harass citizens in the free exercise of their rights. All of the above information should convince NIST that standardizing the RSA technology and freeing the DSA technology would best serve the interest of the Federal Government and the public, rather than granting an exclusive license for the DSA technology to PKP. The NIST proposal must also meet the following criterion from 35 U.S.C. 209 (c)(1): (B) the desired practical application has not been achieved, or is not likely expeditiously to be achieved, under any non-exclusive license which has been granted, or which may be granted, on the invention; NIST's own experience with the Data Encryption Standard (DES) makes it clear that releasing an encryption system for public use, without assignment of exclusive rights to any organization, produces widespread use within a short period of time. The DES is clearly the premier private-key encryption system in the country and in the world today. It is used in every Automatic Teller Machine, in every bank, as well as on the Fedwire interbank network. A derivative algorithm is used in the Unix password security system, which runs on more than a million computers in daily use. It is used in electronic mail privacy systems, including Lotus Notes and the Privacy Enhanced Mail system for the Internet. It was used in secure telephones built by AT&T -- and in fact the deployment there was too rapid for government comfort (the FBI, NIST and NSA ended up rushing the Clipper/Skipjack program into the public eye to prevent further deployment of telephones using this algorithm.) Whenever private-key encryption is used, DES is likely to be there. DES products are available worldwide from a large number of chip, board, peripheral, system, and software vendors, providing data rates ranging from very slow to a gigabit per second. It is clear that the non-exclusive licensing of DES, as well as its technical capability, was directly responsible for its widespread adoption and use. Had it been exclusively licensed, say to IBM, its originator, it would not have enjoyed the wide use it has received. IBM has built DES into products, but they did not sell well and capture the market. It was the innovative uses pioneered by others, who were free to build on IBM's and NIST's standard without negotiations or royalties, who produced the machines and software which has since served large numbers of government users and the public. The United States has a collection of programmers and cryptographers, numbering in the hundreds, who have made significant contributions to the development and deployment of cryptographic algorithms throughout society. I have seen at least ten different software implementations of DES, freely available to everyone who wants them, including full source code and commentary. Each of these implementers was able to study and build upon the work of the others, resulting in gradual improvement of the speed and robustness of the implementations. The algorithm has been embedded into freely available software for electronic mail (TIS-PEM and early PGP versions), computer network security (Kerberos), clock synchronization (NTP), and networked voice communications (VAT), just to name a few. (Most of the work involved in building these products was the software and infrastructure that was built up AROUND the DES, by the way.) If and when the DSA technology is released for free use by the public, the same community will produce widely available programs that employ it. PKP may argue that the same development would occur, under its grant of free noncommercial DSA licenses, but the point is that this developement would occur WITHOUT granting an exclusive license to PKP. And if this is true, then by statute, NIST cannot grant an exclusive license. PKP may also argue that its ownership of the Schnorr patent would prevent the development of noncommercial DSA products, unless it was granted an exclusive license in return for allowing noncommercial use of the Schnorr and DSA patents. However, the record clearly shows that even when a technology is patented (RSA, or Lempel-Ziv compression) and when the patent owner does not have a policy of permitting noncommercial use, the free software community will still produce widely used programs (PGP and Compress) which produce great benefit for the public and for the government. These programs can be used immediately by those willing to challenge the patent, or to whom the patent does not apply, and can be used by everyone after the patent expires, or if the patent owner's policy changes. Furthermore, Public Key Partners is in the position of having paid a lot of money for the Schnorr patent. If the government doesn't standardize DSA, and doesn't give PKP an exclusive DSA patent, then PKP will have to CONVINCE people to use their expensive patent. The traditional way to do so is by licensing it cheaply and widely. If people end up wanting to use DSA even though it has not been standardized, it's likely that a license for the Schnorr patent that controls it will be available at a similar price to what PKP proposed under the exclusive licensing scheme. PKP has already granted no-cost noncommercial licenses to other patents that it holds, including the RSA patent, so it is certainly conceivable that it would come to grant similar licenses for the Schnorr patent, for the same reasons. 35 USC 209 (c)(1)(C) requires that exclusive or partially exclusive licensing is "reasonable and necessary" to call forth capital to deploy the invention. The above discussion, particularly the DES evidence, has shown that this condition does not hold. 35 USC 209 (c)(1)(D) requires that the proposed terms and scope of exclusivity are not greater than reasonably necessary to bring the invention to practical application. The scope proposed by NIST is exclusive to a single company for seventeen years. My proposal is partially exclusive to the same company for seven years, then would eliminate the exclusivity completely. The company has promised similar terms for the licensing of the RSA patent, for that seven year period, so the terms of the NIST proposal and my proposal are similar, though the scope of exclusivity in mine is shorter. My proposal continues to provide the incentive for bringing the invention to practical application, so condition (D) does not hold either. The conditions in 35 USC 209 (c)(1) are joined with "and" and prefaced with "only if"; failure to meet any one of the conditions denies the agency the ability to issue an exclusive or partially exclusive license. All four conditions have failed to be met in this case, so for NIST to grant an exclusive license to PKP would be unlawful. The public interest in this technology is substantial, and it is unlikely that NIST would escape without being sued if it attempted to grant the exclusive license anyway. I myself contract for the full time of a lawyer, who is currently engaged in suing the Federal Government for its unlawful acts. I believe that two such suits are currently in process, against NSA and the Department of Justice. I would not be averse to adding NIST to the list. In the event that NIST fails to follow my recommendation that the DSA technology be made freely available to the public, I hereby request a personal, non-exclusive license to practice it. The information required under 37 CFR 404.8 for such an applicant is: Invention: Digital Signature Algorithm Patent application number: 07/738.431 Type of license: Personal, non-exclusive, sublicensable, and transferable. My name, address, email address, and phone number: John Gilmore PO Box 170608 San Francisco, California, USA 94117 gnu at toad.com +1 415 903 1418 My citizenship: USA My representative to correspond with: myself. Nature and type of my business: I am a privacy advocate, a programmer, an entrepreneur. Personally, I have no employees at this time, though I am co-founder and part owner of a business which employs 40 people. I am also co-founder and on the Board of Directors of a foundation which employs about ten people. I contract with a lawyer for his full-time services, though he is not an employee. Products and services which I have successfully commercialized: I was employee #5 at Sun Microsystems, and contributed significantly to the success of the company, which is now one of the world's largest computer companies. I have co-founded several businesses. I have written several substantial pieces of software which enjoy wide use, including PD Tar, a tape archive program, GNUUCP, which provides low-cost data communications, and GDB, which is a very widely used debugger. All of these programs were developed under an intellectual property technology that involves giving away the program itself, and selling services related to the program. The 40-person business mentioned above supports itself solely by this method, and provides commercial support for GDB among many other products. I am also a co-founder of the Electronic Frontier Foundation, which, as a non-profit educational foundation, has commercialized the services of advocating privacy and the public interest in electronic media, and the service of defending the public against unconstitutional or unlawful searches, seizures, and restrictions on rights in electronic media. I have successfully organized several volunteer teams of programmers and writers to produce products which were made available to the public, without requiring significant investment, by leveraging the goodwill of the people involved, and the availability of low cost computers and communications media. Source of information concerning the availability of the license: Internet electronic mail, including copies of the Federal Register. Statement indicating whether I am a small business: As an individual, I am probably not considered a small business. I do not seek use of the patent for business purposes, but for my activities in advocating privacy and anonymity in electronic media. Detailed description of plans for developing or marketing the invention: If granted this license, I would immediately sublicense all persons who wished to use the patent, at no charge. I challenge any other proposed licensee to provide a greater benefit at a lower cost. I would market the invention via online and printed communications, making the public and the software development community aware of their ability to freely use the invention without restraint from me or from the Government. I would negotiate with Public Key Partners to come to an agreement on terms by which noncommercial use of the Schnorr patent could proceed. Such availability would lead the way to commercial applications, as has happened with the RSA algorithm. I believe that minimal time and investment capital would be required in this endeavour: less than a month of my personal time, spread across several months of elapsed time, and less than $20,000 in investment, which I have available from personal funds. My capability and intention to fulfill the plan is shown by my record of achievements listed above. I and my sublicensees intend to practice the invention in all fields of use. I and my sublicensees intend to practice the invention in all geographical areas, limited only by Government- imposed export restrictions. I have not applied for nor been granted previous licenses for federally owned inventions. I believe that the DSA is being practiced by a small number of companies in private industry, and is being practiced by the Government and its contractors in conjunction with the Capstone program of the NSA. Further information which I believe will support a determination to grant me the license: If NIST truly wishes that the public be granted the maximum capability to use this invention, then granting me this license, or in the alternative, granting a royalty-free license to everyone, would best achieve that goal. Sincerely, John Gilmore From gnu Thu Aug 5 23:35:33 1993 From: gnu (John Gilmore) Date: Thu, 5 Aug 93 23:35:33 PDT Subject: Cliphack? Message-ID: <9308060635.AA19414@toad.com> Tim was calling it Clipjack, but I think Cliphack is better. John PS: Would you trust your momma to escrow your private key? The government is not your momma! From demon at aql.gatech.edu Thu Aug 5 23:55:03 1993 From: demon at aql.gatech.edu (Network Demon) Date: Thu, 5 Aug 93 23:55:03 PDT Subject: Our Rights are Dropping like Flies Message-ID: <9308060654.AA20012@toad.com> [ I just saw this posted. I think it might be of some interest. Though I hesitate to say "enjoy it". --demon ] ------------ Feel free to copy this article far and wide, but please keep my name and this sentence on it. The Bill of Rights, a Status Report by Eric Postpischil 4 September 1990 6 Hamlett Drive, Apt. 17 Nashua, NH 03062 edp at jareth.enet.dec.com How many rights do you have? You should check, because it might not be as many today as it was a few years ago, or even a few months ago. Some people I talk to are not concerned that police will execute a search warrant without knocking or that they set up roadblocks and stop and interrogate innocent citizens. They do not regard these as great infringements on their rights. But when you put current events together, there is information that may be surprising to people who have not yet been concerned: The amount of the Bill of Rights that is under attack is alarming. Let's take a look at the Bill of Rights and see which aspects are being pushed on or threatened. The point here is not the degree of each attack or its rightness or wrongness, but the sheer number of rights that are under attack. Amendment I Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances. ESTABLISHING RELIGION: While campaigning for his first term, George Bush said "I don't know that atheists should be considered as citizens, nor should they be considered patriots." Bush has not retracted, commented on, or clarified this statement, in spite of requests to do so. According to Bush, this is one nation under God. And apparently if you are not within Bush's religious beliefs, you are not a citizen. Federal, state, and local governments also promote a particular religion (or, occasionally, religions) by spending public money on religious displays. FREE EXERCISE OF RELIGION: Robert Newmeyer and Glenn Braunstein were jailed in 1988 for refusing to stand in respect for a judge. Braunstein says the tradition of rising in court started decades ago when judges entered carrying Bibles. Since judges no longer carry Bibles, Braunstein says there is no reason to stand -- and his Bible tells him to honor no other God. For this religious practice, Newmeyer and Braunstein were jailed and are now suing. FREE SPEECH: We find that technology has given the government an excuse to interfere with free speech. Claiming that radio frequencies are a limited resource, the government tells broadcasters what to say (such as news and public and local service programming) and what not to say (obscenity, as defined by the Federal Communications Commission [FCC]). The FCC is investigating Boston PBS station WGBH-TV for broadcasting photographs from the Mapplethorpe exhibit. FREE SPEECH: There are also laws to limit political statements and contributions to political activities. In 1985, the Michigan Chamber of Commerce wanted to take out an advertisement supporting a candidate in the state house of representatives. But a 1976 Michigan law prohibits a corporation from using its general treasury funds to make independent expenditures in a political campaign. In March, the Supreme Court upheld that law. According to dissenting Justice Kennedy, it is now a felony in Michigan for the Sierra Club, the American Civil Liberties Union, or the Chamber of Commerce to advise the public how a candidate voted on issues of urgent concern to their members. FREE PRESS: As in speech, technology has provided another excuse for government intrusion in the press. If you distribute a magazine electronically and do not print copies, the government doesn't consider you a press and does not give you the same protections courts have extended to printed news. The equipment used to publish Phrack, a worldwide electronic magazine about phones and hacking, was confiscated after publishing a document copied from a Bell South computer entitled "A Bell South Standard Practice (BSP) 660-225-104SV Control Office Administration of Enhanced 911 Services for Special Services and Major Account Centers, March, 1988." All of the information in this document was publicly available from Bell South in other documents. The government has not alleged that the publisher of Phrack, Craig Neidorf, was involved with or participated in the copying of the document. Also, the person who copied this document from telephone company computers placed a copy on a bulletin board run by Rich Andrews. Andrews forwarded a copy to AT&T officials and cooperated with authorities fully. In return, the Secret Service (SS) confiscated Andrews' computer along with all the mail and data that were on it. Andrews was not charged with any crime. FREE PRESS: In another incident that would be comical if it were not true, on March 1 the SS ransacked the offices of Steve Jackson Games (SJG); irreparably damaged property; and confiscated three computers, two laser printers, several hard disks, and many boxes of paper and floppy disks. The target of the SS operation was to seize all copies of a game of fiction called GURPS Cyberpunk. The Cyberpunk game contains fictitious break-ins in a futuristic world, with no technical information of actual use with real computers, nor is it played on computers. The SS never filed any charges against SJG but still refused to return confiscated property. PEACEABLE ASSEMBLY: The right to assemble peaceably is no longer free -- you have to get a permit. Even that is not enough; some officials have to be sued before they realize their reasons for denying a permit are not Constitutional. PEACEABLE ASSEMBLY: In Alexandria, Virginia, there is a law that prohibits people from loitering for more than seven minutes and exchanging small objects. Punishment is two years in jail. Consider the scene in jail: "What'd you do?" "I was waiting at a bus stop and gave a guy a cigarette." This is not an impossible occurrence: In Pittsburgh, Eugene Tyler, 15, has been ordered away from bus stops by police officers. Sherman Jones, also 15, was accosted with a police officer's hands around his neck after putting the last bit of pizza crust into his mouth. The police suspected him of hiding drugs. PETITION FOR REDRESS OF GRIEVANCES: Rounding out the attacks on the first amendment, there is a sword hanging over the right to petition for redress of grievances. House Resolution 4079, the National Drug and Crime Emergency Act, tries to "modify" the right to habeas corpus. It sets time limits on the right of people in custody to petition for redress and also limits the courts in which such an appeal may be heard. Amendment II A well regulated Militia, being necessary to the security of a free State, the right of the people to keep and bear Arms, shall not be infringed. RIGHT TO BEAR ARMS: This amendment is so commonly challenged that the movement has its own name: gun control. Legislation banning various types of weapons is supported with the claim that the weapons are not for "legitimate" sporting purposes. This is a perversion of the right to bear arms for two reasons. First, the basis of freedom is not that permission to do legitimate things is granted to the people, but rather that the government is empowered to do a limited number of legitimate things -- everything else people are free to do; they do not need to justify their choices. Second, should the need for defense arise, it will not be hordes of deer that the security of a free state needs to be defended from. Defense would be needed against humans, whether external invaders or internal oppressors. It is an unfortunate fact of life that the guns that would be needed to defend the security of a state are guns to attack people, not guns for sporting purposes. Firearms regulations also empower local officials, such as police chiefs, to grant or deny permits. This results in towns where only friends of people in the right places are granted permits, or towns where women are generally denied the right to carry a weapon for self-defense. Amendment III No Soldier shall, in time of peace be quartered in any house, without the consent of the Owner, nor in time of war, but in a manner to be prescribed by law. QUARTERING SOLDIERS: This amendment is fairly clean so far, but it is not entirely safe. Recently, 200 troops in camouflage dress with M-16s and helicopters swept through Kings Ridge National Forest in Humboldt County, California. In the process of searching for marijuana plants for four days, soldiers assaulted people on private land with M-16s and barred them from their own property. This might not be a direct hit on the third amendment, but the disregard for private property is uncomfortably close. Amendment IV The right of the people to be secure in their persons, houses, papers and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. RIGHT TO BE SECURE IN PERSONS, HOUSES, PAPERS AND EFFECTS AGAINST UNREASONABLE SEARCHES AND SEIZURES: The RICO law is making a mockery of the right to be secure from seizure. Entire stores of books or videotapes have been confiscated based upon the presence of some sexually explicit items. Bars, restaurants, or houses are taken from the owners because employees or tenants sold drugs. In Volusia County, Florida, Sheriff Robert Vogel and his officers stop automobiles for contrived violations. If large amounts of cash are found, the police confiscate it on the PRESUMPTION that it is drug money -- even if there is no other evidence and no charges are filed against the car's occupants. The victims can get their money back only if they prove the money was obtained legally. One couple got their money back by proving it was an insurance settlement. Two other men who tried to get their two thousand dollars back were denied by the Florida courts. RIGHT TO BE SECURE IN PERSONS, HOUSES, PAPERS AND EFFECTS AGAINST UNREASONABLE SEARCHES AND SEIZURES: A new law goes into effect in Oklahoma on January 1, 1991. All property, real and personal, is taxable, and citizens are required to list all their personal property for tax assessors, including household furniture, gold and silver plate, musical instruments, watches, jewelry, and personal, private, or professional libraries. If a citizen refuses to list their property or is suspected of not listing something, the law directs the assessor to visit and enter the premises, getting a search warrant if necessary. Being required to tell the state everything you own is not being secure in one's home and effects. NO WARRANTS SHALL ISSUE, BUT UPON PROBABLE CAUSE, SUPPORTED BY OATH OR AFFIRMATION: As a supporting oath or affirmation, reports of anonymous informants are accepted. This practice has been condoned by the Supreme Court. PARTICULARLY DESCRIBING THE PLACE TO BE SEARCHED AND PERSONS OR THINGS TO BE SEIZED: Today's warrants do not particularly describe the things to be seized -- they list things that might be present. For example, if police are making a drug raid, they will list weapons as things to be searched for and seized. This is done not because the police know of any weapons and can particularly describe them, but because they allege people with drugs often have weapons. Both of the above apply to the warrant the Hudson, New Hampshire, police used when they broke down Bruce Lavoie's door at 5 a.m. with guns drawn and shot and killed him. The warrant claimed information from an anonymous informant, and it said, among other things, that guns were to be seized. The mention of guns in the warrant was used as reason to enter with guns drawn. Bruce Lavoie had no guns. Bruce Lavoie was not secure from unreasonable search and seizure -- nor is anybody else. Other infringements on the fourth amendment include roadblocks and the Boston Police detention of people based on colors they are wearing (supposedly indicating gang membership). And in Pittsburgh again, Eugene Tyler was once searched because he was wearing sweat pants and a plaid shirt -- police told him they heard many drug dealers at that time were wearing sweat pants and plaid shirts. Amendment V No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject to the same offence to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use without just compensation. INDICTMENT OF A GRAND JURY: Kevin Bjornson has been proprietor of Hydro-Tech for nearly a decade and is a leading authority on hydroponic technology and cultivation. On October 26, 1989, both locations of Hydro-Tech were raided by the Drug Enforcement Administration. National Drug Control Policy Director William Bennett has declared that some indoor lighting and hydroponic equipment is purchased by marijuana growers, so retailers and wholesalers of such equipment are drug profiteers and co-conspirators. Bjornson was not charged with any crime, nor subpoenaed, issued a warrant, or arrested. No illegal substances were found on his premises. Federal officials were unable to convince grand juries to indict Bjornson. By February, they had called scores of witnesses and recalled many two or three times, but none of the grand juries they convened decided there was reason to criminally prosecute Bjornson. In spite of that, as of March, his bank accounts were still frozen and none of the inventories or records had been returned. Grand juries refused to indict Bjornson, but the government is still penalizing him. TWICE PUT IN JEOPARDY OF LIFE OR LIMB: Members of the McMartin family in California have been tried two or three times for child abuse. Anthony Barnaby was tried for murder (without evidence linking him to the crime) three times before New Hampshire let him go. COMPELLED TO BE A WITNESS AGAINST HIMSELF: Oliver North was forced to testify against himself. Congress granted him immunity from having anything he said to them being used as evidence against him, and then they required him to talk. After he did so, what he said was used to find other evidence which was used against him. The courts also play games where you can be required to testify against yourself if you testify at all. COMPELLED TO BE A WITNESS AGAINST HIMSELF: In the New York Central Park assault case, three people were found guilty of assault. But there was no physical evidence linking them to the crime; semen did not match any of the defendants. The only evidence the state had was confessions. To obtain these confessions, the police questioned a 15-year old without a parent present -- which is illegal under New York state law. Police also refused to let the subject's Big Brother, an attorney for the Federal government, see him during questioning. Police screamed "You better tell us what we want to hear and cooperate or you are going to jail," at 14-year-old Antron McCray, according to Bobby McCray, his father. Antron McCray "confessed" after his father told him to, so that police would release him. These people were coerced into bearing witness against themselves, and those confessions were used to convict them. COMPELLED TO BE A WITNESS AGAINST HIMSELF: Your answers to Census questions are required by law, with a $100 penalty for each question not answered. But people have been evicted for giving honest Census answers. According to the General Accounting Office, one of the most frequent ways city governments use census information is to detect illegal two-family dwellings. This has happened in Montgomery County, Maryland; Pullman, Washington; and Long Island, New York. The August 8, 1989, Wall Street Journal reports this and other ways Census answers have been used against the answerers. COMPELLED TO BE A WITNESS AGAINST HIMSELF: Drug tests are being required from more and more people, even when there is no probable cause, no accident, and no suspicion of drug use. Requiring people to take drug tests compels them to provide evidence against themselves. DEPRIVED OF LIFE, LIBERTY, OR PROPERTY WITHOUT DUE PROCESS OF LAW: This clause is violated on each of the items life, liberty, and property. Incidents including such violations are described elsewhere in this article. Here are two more: On March 26, 1987, in Jeffersontown, Kentucky, Jeffrey Miles was killed by police officer John Rucker, who was looking for a suspected drug dealer. Rucker had been sent to the wrong house; Miles was not wanted by police. He received no due process. In Detroit, $4,834 was seized from a grocery store after dogs detected traces of cocaine on three one-dollar bills in a cash register. PRIVATE PROPERTY TAKEN FOR PUBLIC USE WITHOUT JUST COMPENSATION: RICO is shredding this aspect of the Bill of Rights. The money confiscated by Sheriff Vogel goes directly into Vogel's budget; it is not regulated by the legislature. Federal and local governments seize and auction boats, buildings, and other property. Under RICO, the government is seizing property without due process. The victims are required to prove not only that they are not guilty of a crime, but that they are entitled to their property. Otherwise, the government auctions off the property and keeps the proceeds. Amendment VI In all criminal prosecutions, the accused shall enjoy the right to a speedy and public trial, by an impartial jury of the State and district wherein the crime shall have been committed, which district shall have been previously ascertained by law, and to be informed of the nature and cause of the accusation; to be confronted with the witnesses against him; to have compulsory process for obtaining Witnesses in his favor, and to have the assistance of counsel for his defence. THE RIGHT TO A SPEEDY AND PUBLIC TRIAL: Surprisingly, the right to a public trial is under attack. When Marion Barry was being tried, the prosecution attempted to bar Louis Farrakhan and George Stallings from the gallery. This request was based on an allegation that they would send silent and "impermissible messages" to the jurors. The judge initially granted this request. One might argue that the whole point of a public trial is to send a message to all the participants: The message is that the public is watching; the trial had better be fair. BY AN IMPARTIAL JURY: The government does not even honor the right to trial by an impartial jury. US District Judge Edward Rafeedie is investigating improper influence on jurors by US marshals in the Enrique Camarena case. US marshals apparently illegally communicated with jurors during deliberations. OF THE STATE AND DISTRICT WHEREIN THE CRIME SHALL HAVE BEEN COMMITTED: This is incredible, but Manuel Noriega is being tried so far away from the place where he is alleged to have committed crimes that the United States had to invade another country and overturn a government to get him. Nor is this a unique occurrence; in a matter separate from the Camarena case, Judge Rafeedie was asked to dismiss charges against Mexican gynecologist Dr. Humberto Alvarez Machain on the grounds that the doctor was illegally abducted from his Guadalajara office in April and turned over to US authorities. TO BE INFORMED OF THE NATURE AND CAUSE OF THE ACCUSATION: Steve Jackson Games, nearly put out of business by the raid described previously, has been stonewalled by the SS. "For the past month or so these guys have been insisting the book wasn't the target of the raid, but they don't say what the target was, or why they were critical of the book, or why they won't give it back," Steve Jackson says. "They have repeatedly denied we're targets but don't explain why we've been made victims." Attorneys for SJG tried to find out the basis for the search warrant that led to the raid on SJG. But the application for that warrant was sealed by order of the court and remained sealed at last report, in July. Not only has the SS taken property and nearly destroyed a publisher, it will not even explain the nature and cause of the accusations that led to the raid. TO BE CONFRONTED WITH THE WITNESSES AGAINST HIM: The courts are beginning to play fast and loose with the right to confront witnesses. Watch out for anonymous witnesses and videotaped testimony. TO HAVE COMPULSORY PROCESS FOR OBTAINING WITNESSES: Ronald Reagan resisted submitting to subpoena and answering questions about Irangate, claiming matters of national security and executive privilege. A judge had to dismiss some charges against Irangate participants because the government refused to provide information subpoenaed by the defendants. And one wonders if the government would go to the same lengths to obtain witnesses for Manuel Noriega as it did to capture him. TO HAVE THE ASSISTANCE OF COUNSEL: The right to assistance of counsel took a hit recently. Connecticut Judge Joseph Sylvester is refusing to assign public defenders to people ACCUSED of drug-related crimes, including drunk driving. TO HAVE THE ASSISTANCE OF COUNSEL: RICO is also affecting the right to have the assistance of counsel. The government confiscates the money of an accused person, which leaves them unable to hire attorneys. The IRS has served summonses nationwide to defense attorneys, demanding the names of clients who paid cash for fees exceeding $10,000. Amendment VII In Suits at common law, where the value in controversy shall exceed twenty dollars, the right of trial by jury shall be preserved, and no fact tried by a jury, shall be otherwise reexamined in any Court of the United States, than according to the rules of common law. RIGHT OF TRIAL BY JURY IN SUITS AT COMMON LAW: This is a simple right; so far the government has not felt threatened by it and has not made attacks on it that I am aware of. This is our only remaining safe haven in the Bill of Rights. Amendment VIII Excessive bail shall not be required, nor excessive fines imposed, nor cruel and unusual punishments inflicted. EXCESSIVE BAIL AND FINES: Tallahatchie County in Mississippi charges ten dollars a day to each person who spends time in the jail, regardless of the length of stay or the outcome of their trial. This means innocent people are forced to pay. Marvin Willis was stuck in jail for 90 days trying to raise $2,500 bail on an assault charge. But after he made that bail, he was kept imprisoned because he could not pay the $900 rent Tallahatchie demanded. Nine former inmates are suing the county for this practice. CRUEL AND UNUSUAL PUNISHMENTS: House Resolution 4079 sticks its nose in here too: "... a Federal court shall not hold prison or jail crowding unconstitutional under the eighth amendment except to the extent that an individual plaintiff inmate proves that the crowding causes the infliction of cruel and unusual punishment of that inmate." CRUEL AND UNUSUAL PUNISHMENTS: A life sentence for selling a quarter of a gram of cocaine for $20 -- that is what Ricky Isom was sentenced to in February in Cobb County, Georgia. It was Isom's second conviction in two years, and state law imposes a mandatory sentence. Even the judge pronouncing the sentence thinks it is cruel; Judge Tom Cauthorn expressed grave reservations before sentencing Isom and Douglas Rucks (convicted of selling 3.5 grams of cocaine in a separate but similar case). Judge Cauthorn called the sentences "Draconian." Amendment IX The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people. OTHER RIGHTS RETAINED BY THE PEOPLE: This amendment is so weak today that I will ask not what infringements there are on it but rather what exercise of it exists at all? What law can you appeal to a court to find you not guilty of violating because the law denies a right retained by you? Amendment X The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people. POWERS RESERVED TO THE STATES OR THE PEOPLE: This amendment is also weak, although it is not so nonexistent as the ninth amendment. But few states set their own speed limits or drinking age limits. Today, we mostly think of this country as the -- singular -- United States, rather than a collection of states. This concentration of power detaches laws from the desires of people -- and even of states. House Resolution 4079 crops up again here -- it uses financial incentives to get states to set specific penalties for certain crimes. Making their own laws certainly must be considered a right of the states, and this right is being infringed upon. Out of ten amendments, nine are under attack, most of them under multiple attacks of different natures, and some of them under a barrage. If this much of the Bill of Rights is threatened, how can you be sure your rights are safe? A right has to be there when you need it. Like insurance, you cannot afford to wait until you need it and then set about procuring it or ensuring it is available. Assurance must be made in advance. The bottom line here is that your rights are not safe. You do not know when one of your rights will be violated. A number of rights protect accused persons, and you may think it is not important to protect the rights of criminals. But if a right is not there for people accused of crimes, it will not be there when you need it. With the Bill of Rights in the sad condition described above, nobody can be confident they will be able to exercise the rights to which they are justly entitled. To preserve our rights for ourselves in the future, we must defend them for everybody today. From tcmay at netcom.com Fri Aug 6 00:13:39 1993 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 6 Aug 93 00:13:39 PDT Subject: Cliphack? In-Reply-To: <9308060635.AA19414@toad.com> Message-ID: <9308060713.AA12115@netcom5.netcom.com> John Gilmore writes: > Tim was calling it Clipjack, but I think Cliphack is better. > > John Yes, there's a lot of resonance in the names "skipjack," "clipjack," "cliphack,". "hijack," etc. If t-shirt slogans are still of interest (they will be someday...), how about: "Skipjack hijacks our privacy." or "Has your privacy been hijacked by Skipjack?" Of course, just as the "Clipper" puns and jokes were gathering steam, the Feds went and changed the name on us, so it may happen again. By the way, I think I was about the 2nd or 3rd person in sci.crypt to comment on the Clipper announcenment, and it was immediately obvious to me that "Clipper" as a name was in serious trouble. I wrote: "By the way, the "Clipper" name...isn't this already used for the Clipper processor from Intergraph? I doubt they're the ones making the chip, so a name conflict may be present." If it took me approximately 19.2 seconds to realize a name problem existed, how come the boys in Washington worked so long on this clever little name and then said "Duh...we didn't know."? Methinks they're as stupid as we make them out to be. -Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From ld231782 at longs.lance.colostate.edu Fri Aug 6 00:23:39 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Fri, 6 Aug 93 00:23:39 PDT Subject: Brooks as quoted by Peter Wayner In-Reply-To: <199308051338.AA26748@access.digex.net> Message-ID: <9308060722.AA19039@longs.lance.colostate.edu> Peter Wayner >The most interesting speaker was the assistant director of the National >Security Agency, Dr. Clint Brooks. [...] >He readily admitted that the Clipper system isn't intended to catch >any crooks. [...] >It was apparent that he was somewhat skeptical of the Clipper's potential >for success. [...] Assistant Director of the NSA. this is something to celebrate! break out the bubbles! From tcmay at netcom.com Fri Aug 6 00:30:04 1993 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 6 Aug 93 00:30:04 PDT Subject: Cypherpunks, keep your powder dry.... Message-ID: <9308060729.AA14495@netcom5.netcom.com> Here's a post that pretty much confirms that Dorothy Denning is leaning toward schemes that outlaw competitors to Skipjack. She continues to be the chief "Floater of Trial Balloons" (either that, or she's awfully prescient) and I would suggest anything she says about possible bans or restrictions on crypto that competes with Skipjack be taken very seriously. I'm trying not to be catty about Prof. Denning (even though I slipped up a while back and called her "the wicked witch of the East"), but I'm beginning to think we can automatically replace all occurrences of her name with "According to a senior Administration official..." Anyway, here it is: Newsgroups: alt.privacy.clipper Path: netcom.com!csus.edu!decwrl!decwrl!olivea!uunet!noc.near.net!chpc.chpc.org!rboudrie From: rboudrie at chpc.org (Rob Boudrie) Subject: Clipper article Message-ID: <1993Aug5.043923.4353 at chpc.org> Organization: Center For High Perf. Computing of WPI; Marlboro Ma Date: Thu, 5 Aug 1993 04:39:23 GMT Lines: 16 The August 1993 issue of Security Management (American Society for Industrial Security) has a one page article on Clipper entitled "The Clipper Chip Debate" by Lisa Arbetter. The article goes over a few of the issues discussed in this group, and includes the following : She also conclused that getting criminals to use the system will be a problem. As a solution, Denning suggests legislation tlat places some constraints on the use of other products. This would force them to come up with their own solutions, costing them time and money that they might not be willing to sacrifice, she explains.m -- From khijol!erc at apple.com Fri Aug 6 01:28:40 1993 From: khijol!erc at apple.com (Ed Carp) Date: Fri, 6 Aug 93 01:28:40 PDT Subject: Cypherpunks, keep your powder dry.... In-Reply-To: <9308060729.AA14495@netcom5.netcom.com> Message-ID: > She also conclused that getting criminals to use the system > will be a problem. As a solution, Denning suggests legislation > tlat places some constraints on the use of other products. This > would force them to come up with their own solutions, costing them > time and money that they might not be willing to sacrifice, she > explains.m Nonsense. I can already see a market, either black, gray, or otherwise, for non-Clipper/Skipjack devices. In fact, I'd REALLY be surprised if people haven't already come up with them on their own. How hard could it be to throw together an 80386-based embedded system, put PGP in ROM, add a couple of A/D converters, and *presto* - instant privacy. Add table lookup (programmable from the phone pad, of course, based on the number dialed) and you've got a pretty decent PEP (privacy-enhanced phone) :) -- Ed Carp, N7EKG erc at apple.com 510/659-9560 anon-2133 at twwells.com If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From tcmay at netcom.com Fri Aug 6 01:48:45 1993 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 6 Aug 93 01:48:45 PDT Subject: Cypherpunks, keep your powder dry.... In-Reply-To: Message-ID: <9308060847.AA18069@netcom5.netcom.com> Ed Carp writes: > > She also conclused that getting criminals to use the system > > will be a problem. As a solution, Denning suggests legislation > > tlat places some constraints on the use of other products. This > > would force them to come up with their own solutions, costing them > > time and money that they might not be willing to sacrifice, she > > explains.m > > Nonsense. I can already see a market, either black, gray, or otherwise, > for non-Clipper/Skipjack devices. In fact, I'd REALLY be surprised if > people haven't already come up with them on their own. How hard could it > be to throw together an 80386-based embedded system, put PGP in ROM, add > a couple of A/D converters, and *presto* - instant privacy. Add table > lookup (programmable from the phone pad, of course, based on the number > dialed) and you've got a pretty decent PEP (privacy-enhanced phone) :) At the risk of stating the obvious, I think it is precisely schemes like this that Denning was referring to. These are what she wants to target. Several groups have proposed crypto phones, most using CELP and SoundBlaster-type cards for PCs. Recall that the Cypherpunks in Silicon Valley, Washington, D.C., and Boston/Cambridge linked up with encrypted audio links (albeit briefly). Such things are possible, for sure. But as "street corner drug dealers" start to use encryption (it could happen...the "phase changes" to beepers and cellular phones happened in a matter of months), there will be calls for restrictions to "keep "unbreakable codes' out of the hands of criminals and terrorists. As several others have noted, various nonlegislative measures can be used....requirements for certification of all "devices" attached to phone lines might be one such measure (never mind the futility of enforcement). The ban on using crypto in ham radio transmissions is illustrative. If Denning and her associates are already talking about the need to make non-Clipper use more difficult (read: outlawed), then it is likely the legislation is already being drawn up in some form. -Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From khijol!erc at apple.com Fri Aug 6 03:38:44 1993 From: khijol!erc at apple.com (Ed Carp) Date: Fri, 6 Aug 93 03:38:44 PDT Subject: Cypherpunks, keep your powder dry.... In-Reply-To: <9308060847.AA18069@netcom5.netcom.com> Message-ID: > Ed Carp writes: > > > > She also conclused that getting criminals to use the system > > > will be a problem. As a solution, Denning suggests legislation > > > tlat places some constraints on the use of other products. This > > > would force them to come up with their own solutions, costing them > > > time and money that they might not be willing to sacrifice, she > > > explains.m > > > > Nonsense. I can already see a market, either black, gray, or otherwise, > > for non-Clipper/Skipjack devices. In fact, I'd REALLY be surprised if > > people haven't already come up with them on their own. How hard could it > > be to throw together an 80386-based embedded system, put PGP in ROM, add > > a couple of A/D converters, and *presto* - instant privacy. Add table > > lookup (programmable from the phone pad, of course, based on the number > > dialed) and you've got a pretty decent PEP (privacy-enhanced phone) :) > > At the risk of stating the obvious, I think it is precisely schemes > like this that Denning was referring to. These are what she wants to > target. My apologies - I guess I wasn't clear. Waht I meant was, does she honestly think that people *won't* do what I suggested, just because there are laws forbidding it? If she does, she is surely living in a dreamworld. > Several groups have proposed crypto phones, most using CELP and > SoundBlaster-type cards for PCs. Recall that the Cypherpunks in > Silicon Valley, Washington, D.C., and Boston/Cambridge linked up with > encrypted audio links (albeit briefly). Such things are possible, for > sure. Not to mention the infamous 'netphone' :) > But as "street corner drug dealers" start to use encryption (it could > happen...the "phase changes" to beepers and cellular phones happened > in a matter of months), there will be calls for restrictions to "keep > "unbreakable codes' out of the hands of criminals and terrorists. At the risk of stating the obvious: I think 'could' can very probably be changed to '*will*'. So, how are they going to keep '"unbreakable codes' out of the hands of criminals and terrorists'? Laws are obeyed by the 99% of society who are law-abiding (generally speaking, that is), yet laws are made targeting the 1% of the population who couldn't care less. > As several others have noted, various nonlegislative measures can be > used....requirements for certification of all "devices" attached to > phone lines might be one such measure (never mind the futility of > enforcement). The ban on using crypto in ham radio transmissions is > illustrative. Yes, but remember, most hams are law-abiding, since a ham radio license is not a right. > If Denning and her associates are already talking about the need to > make non-Clipper use more difficult (read: outlawed), then it is > likely the legislation is already being drawn up in some form. Of course it is! But that won't stop anyone but the DAvid Sternlights of the world from using crypto. Can't the folks in DC plainly *see* that?? Time to go to bed - I've got an 11 AM interview. Anyone know of any sysadmin contracts out there?? :) -- Ed Carp, N7EKG erc at apple.com 510/659-9560 anon-2133 at twwells.com If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From cme at ellisun.sw.stratus.com Fri Aug 6 09:50:42 1993 From: cme at ellisun.sw.stratus.com (Carl Ellison) Date: Fri, 6 Aug 93 09:50:42 PDT Subject: a question to ask NSA Message-ID: <9308061650.AA01907@ellisun.sw.stratus.com> Would they be happy using Skipjack phones for their own communication if the key escrow agencies were in Bagdad and Tripoli, respectively, and the key generation and chip programming were done in Tehran? There are more details, but you get the drift. From koontzd at lrcs.loral.com Fri Aug 6 10:15:12 1993 From: koontzd at lrcs.loral.com (David Koontz ) Date: Fri, 6 Aug 93 10:15:12 PDT Subject: No Subject Message-ID: <9308061714.AA06932@nebula.lrcs.loral.com> Subject: AT&T DES vs. Clipper phone security products Uncertainty on the availability of DES versus Clipper based products from AT&T has sparked some interest. Parties within AT&T were contacted to determine the state of their products. DES is not available in AT&T TSD products and one person said "NSA doesn't want DES in the TSD." # Also, the clipper algorithm is currently unavailable and expected in "September". This person deferred to a second person who provided the following: The 3600 is available with two proprietary AT&T encryption algorithms, one ITAR compliant, one for U.S. persons only. Two Telephone Security Devices (TSD) will attempt to hierarchially establish security, the higher security being non-ITAR compliant. This will be extended to the clipper algorithm (highest) when available. Neither proprietary algorithm is in the public domain. [Apparently NSA is perfectly happy with these. + ] You can buy TSDs now, and pay an extra fee (reasonable) for the ungrade path to clipper when available (September not absolutely guaranteed). Paying the fee will allow you to exchange the TSD for a new and improved one at a later date. The hold up on clipper is availability from Mykotronx and questions were deferred to "the NSA". AT&T has been performed product integration tests with clipper and is ready to go as soon as chips are available. Their willingness to sell clipper phones is predicated on marketplace acceptance and the prospect of having a national standard with the chance of interoperability between different manufacturers. There is a perceived need for voice security products, and the balance with respect to "legitimate law enforcement access" was discussed. There was some confusion about key management, which was inferred to be present in the clipper chip. [The question arises as to which clipper chip they are waiting on, the MYK-78 or the MYK-80 which has key management features. The question also arises as to whether or not the MYK-78 is susceptible to a captured control programming attack to prevent transmission of the Law Enforcement Access Field, with an inferred assumption that the MKY-80 does not share this vulnerability. *] AT&T will continue to market the present 3600 sans clipper with the two proprietary encryption algorithms (ITAR/U.S. ONLY). This was stressed rather strongly. The question of relative strenght of cryptographic algorithms was brought up. There were no conclusions, as no common metric can be used, with one public algorithm, two proprietary and one classified algorithm. DES availability was discussed and was inferred to be affected by international agreements limiting DES proliferation. The TSD uses RCELP, a proprietary vocoder that is supposed to add fidelity over CELP, and is supposed to encode female voices better, with better treble. AT&T feels RCELP is superior to anything else at 4800 baud. This raised the question of licensing for RCELP. RCELP is not in the public domain to date. Executive resistance to CELP at 4800 baud is supposedly a good sell for RCELP. The 4800 baud limitation is based on the least common denominator of analog cellular communications paths, which won't support V.32 (9600 baud). The greatest need for telephone security devices is seen for cellular communications. The 3600 optionally comes with 5 handset interface modules (as opposed to one for the base product) that interface different phones to the TSD. This is required based on different frequency response of handset microphones as well as signal amplitudes. The 5 interface modules are considered universal - covering all types of phones. Think of this as signal conditioning to make the RCELP vocoder perform better. The standard power supply takes 110 VAC, 60 Hz. An optional universal power supply and international power package are available. ------ # Is DES secure enough to cause heartburn for our 3 letter agencie cousins? + the inferrence being that DES is higher security than either proprietary algorithm. * It has been reported that MYK-80 chips exist and have been tested by Mykotronx. From geoffw at nexsys.net Fri Aug 6 10:50:13 1993 From: geoffw at nexsys.net (Geoff White) Date: Fri, 6 Aug 93 10:50:13 PDT Subject: Cypherpunks, keep your powder dry.... Message-ID: <9308061733.AA02323@nexsys.nexsys.net> > > But as "street corner drug dealers" start to use encryption (it could > happen...the "phase changes" to beepers and cellular phones happened > in a matter of months), there will be calls for restrictions to "keep > "unbreakable codes' out of the hands of criminals and terrorists. This is not a flame on you Tim, but look at the absurdity of this! Containers full of tons of coke come into the US daily, I'm sure these deals are not made on street corners, (their made in bank offices, and import agencies :), Isn't this like trying to keep our nation safe by passing laws outlawing to carrying of a suit case sized container through a busy public area (like grand central station) because someone might have a portable thermonuclear device hidden inside. How much does it take for the average person to totally see through this flimsy sharade? For the capitalist among us, if the street corner crack dealer is making fortunes, how much are the people who supply him getting? Do they use/ need to use encrypted communications? Most of those dealers who are using any form of remote communication (the smart one's at least, will still do their deals heavy on ghetto slang, nuonce and metaphor, More like; "Hey what up, I'll meet you at the spot, it's 3 yards for dorothy." This translates to " Hello, How are you, we'll rendezvous at the usual location $3,000 for an ounce" From frissell at panix.com Fri Aug 6 10:50:42 1993 From: frissell at panix.com (Duncan Frissell) Date: Fri, 6 Aug 93 10:50:42 PDT Subject: Offshore Data Havens and Message-ID: <199308061749.AA10463@panix.com> To: cypherpunks at toad.com J >From: jet at netcom.com (J. Eric Townsend) J >Actually, the Feds can do anything they want. Theyve taking to J >raiding off-short pirate radio statons in international waters, there J >was that bit with Noriega, etc etc. Reagan set a standard by J >completely ignore the world court. Omniscience, omnipotence, and omnipresence eh? We might as well give up and go home. The feds have many powers including the ability to nuke the hell out of everything. The question becomes how usefull those powers are. After all, Caeser or Louis XIV could "destroy the city, leave no stone standing upon stone and sow the ground with salt." The difference today is that the "peasants" of the OECD countries are much more powerful than those of 18th century France. The Feds can apply point force but they can't apply it everywhere. They can do some things in international waters, they can kidnap some "drug kingpins" they can't go after every "criminal" *inside* the US much less overseas. Their limited current powers will be further limited once secure untraceable communications nets are in place. More than that, their power and prestige depend on how the people they rule view them. If we turn aside from them, their power will evaporate overnight. If the KGB couldn't block liberalization, the Fibbies, the Company, and Ft. Meade won't be able to either. Don't worry about it. Social change is underway. We'll achieve autonomy Just In Time. Duncan Frissell ************************************************************************* ATMs, Contracting Out, Digital Switching, Downsizing, EDI, Fax, Fedex, Home Workers, Internet, Just In Time, Leasing, Quants, Securitization, Temps - Not as sexy as Tim May's signature line but just as important. --- WinQwk 2.0b#0 From norm at netcom.com Fri Aug 6 11:15:13 1993 From: norm at netcom.com (Norman Hardy) Date: Fri, 6 Aug 93 11:15:13 PDT Subject: NSA and Trust Webs Message-ID: <9308061814.AA27453@netcom2.netcom.com> While US military security models are thoroughly hierarchical I imagine that when NSA deals with foreign countries regarding ciphers used to communicate between governments and regarding mutual foes it too uses a web of trust more Byzantine than most amateurs dream of. From peb at PROCASE.COM Fri Aug 6 11:50:13 1993 From: peb at PROCASE.COM (Paul Baclace) Date: Fri, 6 Aug 93 11:50:13 PDT Subject: "Big Brother Inside" logo Message-ID: <9308061849.AA01346@banff.procase.com> >I am investigating having Tshirts made with the logo on the front How about the standard red circle with slash for NO Big Brother Inside. Have you uploaded the gif to soda.berkeley.edu yet? (What's the path?) Paul E. Baclace peb at procase.com From peb at PROCASE.COM Fri Aug 6 12:00:13 1993 From: peb at PROCASE.COM (Paul Baclace) Date: Fri, 6 Aug 93 12:00:13 PDT Subject: Cypherpunks, keep your powder dry.... Message-ID: <9308061859.AA01349@banff.procase.com> >> From: tcmay at netcom.com >> there will be calls for restrictions to "keep >> "unbreakable codes' out of the hands of criminals and terrorists. >This is not a flame on you Tim, but look at the absurdity of this! >[...] How much does it take >for the average person to totally see through this flimsy sharade? I think Tim correct about this as a possible scenario, although the magnitude may be small. Re: the Village Voice article's description of the WWII paranoia. Example: During the Gulf War paging people at the San Francisco airport was banned... Paul E. Baclace peb at procase.com From tcmay at netcom.com Fri Aug 6 12:18:50 1993 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 6 Aug 93 12:18:50 PDT Subject: Cypherpunks, keep your powder dry.... In-Reply-To: <9308061733.AA02323@nexsys.nexsys.net> Message-ID: <9308061916.AA24291@netcom5.netcom.com> Geoff White writes: > > But as "street corner drug dealers" start to use encryption (it could > > happen...the "phase changes" to beepers and cellular phones happened > > in a matter of months), there will be calls for restrictions to "keep > > "unbreakable codes' out of the hands of criminals and terrorists. > > This is not a flame on you Tim, but look at the absurdity of this! > Containers full of tons of coke come into the US daily, I'm sure these deals > are not made on street corners, (their made in bank offices, and import And this is not a flame back. I put "street corner drug dealers" in quotes precisely to make an ironic point, that the Congresscritters who make the laws will be citing these "street corner drug dealers" as the justification of laws cracking down on crypto. A code phrase, if you will. Clearly there are many levels of drug distribution. Actually, I favor complete and total drug legalization, and so I don't view drug smuggling or sales as an kind of real crime. I just cited this is a very likely rationale for crypto legislation--it certainly is not a rationale many of us support. -Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From sneal at muskwa.ucs.ualberta.ca Fri Aug 6 12:30:13 1993 From: sneal at muskwa.ucs.ualberta.ca (Sneal) Date: Fri, 6 Aug 93 12:30:13 PDT Subject: Cypherpunks, keep your humour dry Message-ID: <9308061929.AA18519@muskwa.ucs.ualberta.ca> Tim May writes: >> At the risk of stating the obvious, I think it is precisely schemes >> like this that Denning was referring to. These are what she wants to >> target. and Ed Carp replies: >My apologies - I guess I wasn't clear. Waht I meant was, does she >honestly think that people *won't* do what I suggested, just because >there are laws >forbidding it? If she does, she is surely living in >a dreamworld. An engineer was attending a convention, and after a hard day of conventioneering, returned to his hotel room and feel asleep. About 3 AM, he woke up and smelled smoke, and realized there was a fire in his room! He immediately leaped out of bed, grabbed the fire extinguisher, and let loose at the base of the flames. After 30 seconds of spraying, the fire went out. The engineer went back to sleep. A couple of months later, a physicist attended a physics convention at the same hotel, and coincidentally was given the same room. One night during the convention, the physicist awoke and found the room on fire! The physicist grabbed a notepad and calculator from the bedside table, and made some calculations. He then picked up the fire extinguisher, and made a quick squirt at a point a few feet from the flames. The fire immediately went out, and the physicist went back to sleep. A couple of months after that, a mathematician attended a mathematics convention at the same hotel, and sure enough, was given the same hotel room. After spending the day in seminars, the mathematician returned to her hotel room and went promptly to sleep. Some time later, she awoke to find the hotel room on fire! She quickly grabbed a notepad from the bedside table, made some calculations, said, "There is a solution in principle", went back to sleep and burned to death. -- Steve sneal at muskwa.ucs.ualberta.ca ---------------------------------------------------------------------- Anyone who believes in the intelligence, efficiency, and integrity of any government anywhere really, REALLY needs to get out more often. ---------------------------------------------------------------------- From keru at cpu.us.dynix.com Fri Aug 6 13:08:50 1993 From: keru at cpu.us.dynix.com (Warren Keith Russell) Date: Fri, 6 Aug 93 13:08:50 PDT Subject: Skipjack proposed Thursday? In-Reply-To: <9307312127.AA26124@toad.com> Message-ID: I apologize for the ignorance, but I'm new here! I keep reading about Skipjack; can someone tell me what it is? Is there a question-and-answer file or something of that sort for the list that can educate me and bring me up to speed on what everyone is talking about? ------------------------------------------------------------------------- Keith Russell Dynix Library Systems, Provo, Utah, U.S.A. keru at cpu.us.dynix.com or keru at devg.us.dynix.com ------------------------------------------------------------------------- On Sat, 31 Jul 1993, Lee Tien wrote: > > I seem to have missed this. Today's Chronicle (July 31) (SanFran) > had a blurb on E2 saying that NIST on Thursday proposed Skipjack > as a federal standard. Does anyone have the announcement and > related documentation? > > Lee Tien From warlord at MIT.EDU Fri Aug 6 14:02:09 1993 From: warlord at MIT.EDU (Derek Atkins) Date: Fri, 6 Aug 93 14:02:09 PDT Subject: MEET: Boston Area Cpunks meeting Message-ID: <9308062056.AA18148@toxicwaste.MEDIA.MIT.EDU> Announcing the August Boston Area Cypherpunks Meeting. Where: MIT Room 1-115 When: Sat, Aug 14, 1993 Time: 3-8pm Actually, I don't officially have the room until 4pm, but I figure some people will come late, and the people who have it before might decide to leave early. Agenda: well, I don't have an agenda planned, but I'm sure we will have some things to talk about. Bring your PGP key, Magazine articles, and anything else that might be of interest. If you have any questions, either send me e-mail, or give me a call at (617) 868-4469. See you then! -derek From nobody at cicada.berkeley.edu Fri Aug 6 19:28:55 1993 From: nobody at cicada.berkeley.edu (nobody at cicada.berkeley.edu) Date: Fri, 6 Aug 93 19:28:55 PDT Subject: Offshore Data Havens and Services Message-ID: <9308070225.AA05325@cicada.berkeley.edu> At 11:56 PM 8/4/93 -0700, Timothy C. May wrote: >the "900" sex >service numbers, which have mostly been subjected to call blocking and >other forms of regulatory oblivion, have been moved _offshore_. Time for the long distance providers to extend the use of personal identification numbers from calling cards to residences? One PIN per authorized user. This would have saved me from getting the shaft from one of my recent roomates! From tcmay at netcom.com Fri Aug 6 20:08:55 1993 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 6 Aug 93 20:08:55 PDT Subject: Cypherpunks in Washington and Boston: Read this Message-ID: <9308070306.AA15204@netcom5.netcom.com> Cypherpunks in Washington, Boston, Atlanta, Dallas, Seattle, (and if someone wants to forward this to the Extropians list, which I am temporarily taking a break from, I'm sure some of them would be interested) The Internet service I use, NETCOM, is expanding into these cities, offering flat-rate service for $17.50 a month (if paid by credit card). I have no connection with them except for being a satisfied user. Many hacker friends of mine have NETCOM accounts, even if they have ordinary corporate addresses as well (at a Bay Area Extropians lunch, about 8 out of the dozen folks had NETCOM accounts). After all, NETCOM can't lay you off, can't complain about what you say, and essentially can't be leaned on by the Feds (not yet tested, but likely). A useful service. Some people use it mostly for their mail, and then just telnet to NETCOM to grab it. (NETCOM provides 5 MB for your files, but charges beyond that.) NETCOM also carries every newsgroup I've ever heard of, 4560 of them at last count, and even carried the controversial group "alt.binaries.pictures.erotica.children," about which I wrote a while back (I mention this mainly to show how much of a hands-off policy NETCOM takes). So far as I know, NETCOM has only kicked people out for advertising competing Internet services blatantly, in the netcom.* locall groups. Everything else seems to be fair game. (Some of the most notorious Net bozos are NETCOM folks, indicating further the freedom we have....I can't imagine any user on NETCOM being "disciplined" for racist, sexist, homophobic, or speciesist remarks.) And a full range of editors, newsreaders, mailreaders, ftp access, telnet, etc...all the usual stuff, managed well. There are usually enough modems to allow me to get on anytime I want to. And, to repeat, there are no connect charges and no time limits. If you're within the local call range of the nearest POP, you can stay logged-on as long as you like with no charges. It changed my life, no kidding. Here's the announcement: Xref: netcom.com netcom.announce:86 netcom.internet:1191 netcom.general:10006 Newsgroups: netcom.announce,netcom.internet,netcom.general Path: netcom.com!info From: info at netcom.com (Netcom Information Account) Subject: NETCOM expands coverage Message-ID: Organization: NETCOM On-line Communication Services (408 241-9760 guest) Distribution: netcom Date: Fri, 6 Aug 1993 04:29:29 GMT Approved: Info Lines: 86 FYI: NETCOM On-line Communication Services, Incorporated is pleased to announce the expansion of the NETCOM backbone into Seattle, WA, Dallas, TX, Atlanta, GA, Washington, DC, and Boston, MA. Each of the new Points of Presence (POPs) will support a full range of network services including: o Internet Connections (T1 & 56kb dedicated and dialup) o News/Mail feeds with Domain service o Business Dial-up access (news/mail/ftp/telnet/shell) o Host dial-up (stock reports, US News, news/mail/ftp/telnet/shell) o Personal Network (SLIP/PPP) Connections (PNC) o FrameConnect Internet Services NETCOM can be your gateway to economical communications world wide. A connection to the NETCOM state-of-the-art network will deliver connectivity at very affordable prices. NETCOM offers Internet connections, news feeds, electronic mail, local access points throughout California, source archives, large discounts on communication equipment, consulting, and everything you would ex- pect from a leading communications service provider. To access the guest account, make sure that your communication settings are 8-1-N and use vt100 for a terminal emulator. After you connect, log in as "guest". Remember, you must use lower case letters. You can also log in via telnet by using netcom.netcom.com or an IP address of 192.100.81.100. The fol- lowing are a few of the local access 1200/2400/9600 V.32/V.42 numbers: o Atlanta and greater Metro area (Aug 31) ........ (404) 303-9765 o Boston and greater Metro area (Aug 31) ........ (617) 237-8600 o Washington DC, Falls Church, Arlington, Vienna, Reston, Alexandria, Fairfax, McLean (Aug 31)..... (703) 255-5951 o Dallas, TX ...................................... (214) 753-0045 o Seattle, Bellevue, Bothell, Bothell-Duval Des Moines, Halls Lake, Issaquaah, Kent, Kirkland, Renton, Richmond Beach, Maple Valley ............. (206) 547-5992 o Portland, Beaverton, Burlington, Forest Grove, Corbett, Gresham, Hillsboro, Lake Oswego, Sandy, Redland, Scholls, Stafford, Sunnyside, Tigard .... (503) 626-6833 o San Francisco, Sausalito, San Mateo, Foster City (415) 985-5650 o Sacramento, Folsom, Orangevale, Citrus Heights, Rancho Cordova, Carmichael ...................... (916) 965-1371 o Los Angeles, Inglewood, Beverly Hills, El Segundo, Santa Monica, Manhattan Beach, Van Nuys, Culver . (310) 842-8835 o Irvine, Anaheim, Fullerton, Laguna Beach, Orange, Santa Ana, Westminster ........................... (714) 708-3800 o San Diego, El Cajon, La Jolla, La Mesa, Linda Mesa, and Mira Visa ................................... (619) 234-0524 o Santa Cruz, Scotts Valley, Bolder Creek ......... (408) 459-9851 o San Francisco, Berkeley, Oakland, Albany Richmond, Alameda, Piedmont, Belvedere, Orinda, Moraga, San Pablo, Lafayette, Emeryville, & Brisbane ...................................... (510) 865-9004 o San Jose, Campbell, Almaden, Cupertino, Los Gatos, Saratoga, Sunnyvale, Santa Clara, & Milpitas .... (408) 241-9760 o Stanford, Mt View, Los Altos, Menlo Park, Palo Alto, Redwood City .................................... (415) 328-9940 o Pleasanton, Fremont, Hayward, Livermore, Bishop, San Ramon, Dublin, Newark, Danville, Sunol, and Bishop Ranch .................................... (510) 426-6610 VOICE: (408) 554-8649 FAX: (408) 241-9145 Local Access Numbers: (800) 488-2558 _____________________________________________________________________________ info at netcom.com (408)554-8649 NETCOM On-line Communication Services, Inc. -- From warlord at Athena.MIT.EDU Fri Aug 6 20:45:22 1993 From: warlord at Athena.MIT.EDU (Derek Atkins) Date: Fri, 6 Aug 93 20:45:22 PDT Subject: Skipjack proposed Thursday? In-Reply-To: Message-ID: <9308070344.AA07071@hodge> Skipjack is a secret-key encryption algorithm designed by the NSA (and NIST, supposedly) that is part of the Clipper/Capstone menagere. It is a classified algorithm, but it isof the same class of algorithms as DES (namely a multi-round permutation/bit-swap algorithm). Hope this helps. -derek From kurtww at netcom.com Fri Aug 6 21:05:22 1993 From: kurtww at netcom.com (Kurt Wiedenhoeft) Date: Fri, 6 Aug 93 21:05:22 PDT Subject: Oceania (libertarian country in the works) Message-ID: <9308070400.AA26370@netcom3.netcom.com> hey all, I just realized that I haven't seen any info on the Atlantis Project come across the list (at least that I can remember). That seems strange, since it seems to support directly or indirectly all the Cypherpunk ideals. Without going into too much detail (unless there is interest, I suppose), The Atlantis Project is working on establishing a floating city-state called Oceania in the Caribbean, based on a very laissez-faire constitution and code of laws. In my opinion, Oceania is to become what Jefferson would have wanted the US to be today. To receive periodic updates, mail your email (and snail mail) address to oceania at world.std.com . If anyone wants some more info, I've got bunches of back mail I could send out to whoever wants it. BTW, I heartily second Tim May's endorsement of Netcom as an internet provider. Kurt -- */--kurtww at netcom.com--503/297.6555---Finger-for-Public-Key--\* |.Kurt Wiedenhoeft....."What is an Epigram? a dwarfish whole,.| |.RGB Imaging, Inc..... Its body brevity, and wit its soul."..| *\--located-in-Portland-Oregon--------------S.T.-Coleridge---/* From ld231782 at longs.lance.colostate.edu Fri Aug 6 23:13:56 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Fri, 6 Aug 93 23:13:56 PDT Subject: NSA SAYS: NO LIMIT ON ENCRYPTION Message-ID: <9308070611.AA11855@longs.lance.colostate.edu> >From EFF Online V 5. No 14 8/5/93, official response on EFF Clipper questions--a MINDBOGGLER! >Because these measures may be >sufficient to make key escrow encryption the easiest and most available >privacy protection it would be imprudent to pursue the far more drastic >step of regulating private encryption. `drastic'? `imprudent'? this from the NSA? >The Administration has progressed >far enough in its review to conclude it will not propose new legislation to >limit use of encryption technology. GOOD LORD! HALLELUJA! VICTORY! (Is that a typo?! Did they mean `not far enough'? That's what I *thought* they said at first!) (uh, if this is right, can we get that in writing? with D. Denning's signature?) BTW, This paragraph is almost incoherent and has another typo. Did NSA have a hangover when they wrote this? Or were they drunk? * * * Other notes: >Enhancing the government's ability to decrypt non-key escrow encryption >used by the targets of authorized law enforcement wiretaps is another >possible strategy for coping with the effects of encryption on law >enforcement. However, since encryption appears in a number of forms and >applications, the costs are likely to be substantial and may not be either >affordable or practical given the requirement for "real time" decryption in >the course of wiretap operations. This is the `give the NSA more money for research' argument, and is infeasible not solely because of `a number of forms of encryption and applications' but because of the underlying *security* of the emerging schemes. Also in this they specifically address the question of whether Key Escrow is legal within constitutional rights. Here they are so bold as to suggest the 4th amendment is *strengthened* because only `legally lawfully authorized' (their three most favorite words) taps can be installed. Interesting, I wonder how our esteemed forefathers would react to this unique interpretation of their masterpiece. But as long as Skipjack is voluntary this begs the question. The fundamental question: is *mandatory* or *restricted* use unconstitutional? Also, we have the first official written admission that `criminals' may turn to other schemes or `double encrypt' (i.e. encrypt the data into the system). ===cut=here=== Date: Fri, 6 Aug 1993 10:34:22 +0900 From: farber at central.cis.upenn.edu (David Farber) Subject: EFFector Online 5.14 [...] **************************** Answers to Clipper Questions **************************** In a previous EFFector Online, we printed some of the 114 questions sent to President Clinton by the Digital Privacy & Security Working Group on the Clipper Chip. On July 29, we received a response to these questions from John D. Podesta, Assistant to the President and Staff Secretary. Some highlights of the response follow. The complete text of the response will be posted to EFF's ftp site. Why is key escrow being proposed? The development of key escrow encryption technology was born out of a recognition on the part of the U.S. Government of the public's growing desire for high quality encryption capability for commercial and private use. At the same time, the Government was concerned that the widespread use of this technology could make lawfully authorized electronic surveillance much more difficult. Historically, law enforcement encountered very little encryption, owing largely to the expense and difficulty in using such technology. With growing availability of lower cost, commercial encryption technology for use by U.S. industry and private citizens, it became clear that a strategy was needed that could accommodate the needs of the private sector for top notch communications security; of U.S. industry to remain competitive in the world's secure communications market; and of U.S. law enforcement to conduct lawfully-authorized electronic surveillance. Enhancing the government's ability to decrypt non-key escrow encryption used by the targets of authorized law enforcement wiretaps is another possible strategy for coping with the effects of encryption on law enforcement. However, since encryption appears in a number of forms and applications, the costs are likely to be substantial and may not be either affordable or practical given the requirement for "real time" decryption in the course of wiretap operations. Why is the algorithm classified? A classified algorithm is essential to the effectiveness of the key escrow solution. The use of a classified algorithm assures no one can use the algorithm in non-escrowed systems. Also, disclosure of the algorithm would, in effect, provide the world with an extremely secure encryption capability that could be implemented and used in systems by those whose interests are adverse to U.S. national security interests. Finally, NSA classifies all of the algorithms used for defense systems as part of its policy to take all reasonable steps to assure the security of systems it develops. The algorithm was classified in accordance with Executive Order 12356 and its implementing regulations. For all these reasons the encryption algorithm could not be chosen from those already available to the public, such as the Data Encryption Standard (DES). Similarly, the algorithm cannot be published for public review and comment. Nonetheless, in keeping with the Presidential Decision Directive of April to allow independent experts to review the integrity of the classified algorithm, five such experts have already begun a study of the algorithm. We expect their findings to be made public soon. Is the key escrow initiative compatible with constitutional rights? Questions have been raised whether the requirement of key disclosure infringes upon one's right to free speech under the First Amendment, the right against self incrimination contained in the Fifth Amendment, or the right against improper search and seizure in the Fourth Amendment. The key escrow scheme does not require the owner or user of a device equipped with the key escrow encryption chip to say or produce anything. The key escrow technique in no way addresses the issue of what people may choose to say, and the individual user of key escrow products will not be required to provide the government any information. Indeed, the individual will not know the keys. Thus, this technology or technique in no way impacts the rights available under the First or Fifth Amendments. Law enforcement organizations will not be able to decrypt communications without the device unique key and they can only obtain the key components needed to determine a device unique key after making an appropriate certification of their authority to conduct electronic surveillance to the independent key escrow agents. Thus, this technology actually strengthens the Fourth Amendment protections afforded individuals, since law enforcement cannot obtain the contents of communications without first obtaining the key component. Will use of the key escrow technology be required? One point clearly stated in the Presidential Decision Directive and emphasized several times since April is that use of key escrow encryption technology is voluntary. While the U.S. government encourages its use because of the excellent security it provides, and will promulgate standards permitting its use by government departments and agencies, there is no requirement that the public use it. No doubt some, particularly those intent on thwarting authorized wiretaps, will buy other forms of encryption or could "double encrypt" their communications suing a key escrow device in combination with a non-escrowed device. But we believe the vast majority will buy this system because it is easy to use, provides superb security, and likely will be readily available in commercial products. The Administration has chosen to encourage the widespread use of key escrow devices rather than mandating or regulating its use. Though we recognize the risks to law enforcement activities posed by the widespread use of sophisticated encryption products, we also recognize that encryption is an effective means to secure communications and computer systems. Thus far, government purchases and standards have created secure products that sere bought by private citizens "piggybacking" on the government's development effort. It makes little sense for the government to promulgate standards or to develop products that will defeat law enforcement interests if and when they spread to the private sector. Because these measures may be sufficient to make key escrow encryption the easiest and most available privacy protection it would be imprudent to pursue the far more drastic step of regulating private encryption. The Administration has progressed far enough in its review to conclude it will not propose new legislation to limit use of encryption technology. From gg at well.sf.ca.us Fri Aug 6 23:48:56 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Fri, 6 Aug 93 23:48:56 PDT Subject: Offshore Data Havens and Services Message-ID: <93Aug6.234719pdt.14247-1@well.sf.ca.us> Re your "Time for the long distance providers to extend the use of personal identification numbers from calling cards to residences? One PIN per authorized user. This would have saved me from getting the shaft from one of my recent roomates!" item. We're going to do this with Community Dialtone service. Toll calling is a separate accounting system than the local part of the bill, and each person who uses the phone can get an individual account; the person whose name it's in can require roommates to get their own toll accounts. This way no one gets stuck holding the bill. -gg From mnemonic at eff.org Sat Aug 7 02:18:59 1993 From: mnemonic at eff.org (Mike Godwin) Date: Sat, 7 Aug 93 02:18:59 PDT Subject: Cypherpunks, keep your powder dry.... In-Reply-To: <9308060729.AA14495@netcom5.netcom.com> Message-ID: <199308070919.AA22366@eff.org> Tim May writes: > Here's a post that pretty much confirms that Dorothy Denning is > leaning toward schemes that outlaw competitors to Skipjack. Dorothy said as much to me even before Clipper was announced. I think she would have no problem with my representing her here as being highly concerned that widespread powerful encryption (other than key-escrow encryption) poses a threat to the enforcement of the laws and the maintenance of public order. --Mike From khijol!erc at apple.com Sat Aug 7 04:50:31 1993 From: khijol!erc at apple.com (Ed Carp) Date: Sat, 7 Aug 93 04:50:31 PDT Subject: Cypherpunks, keep your powder dry.... In-Reply-To: <199308070919.AA22366@eff.org> Message-ID: > Tim May writes: > > > Here's a post that pretty much confirms that Dorothy Denning is > > leaning toward schemes that outlaw competitors to Skipjack. > > Dorothy said as much to me even before Clipper was announced. I think she > would have no problem with my representing her here as being highly > concerned that widespread powerful encryption (other than key-escrow encryption) > poses a threat to the enforcement of the laws and the maintenance of > public order. I think attitudes like Denning's pose a threat to the enforcement of the bill of rights and the maintenance of public freedom. People should be able to keep their business private, without the government meddling. I'll bet Jefferson and Paine are both spinning in their graves. Of course, Hamilton would probably like Denning's ideas - he always was a bit of a busy-body... -- Ed Carp, N7EKG erc at apple.com 510/659-9560 anon-2133 at twwells.com If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From khijol!erc at apple.com Sat Aug 7 05:25:31 1993 From: khijol!erc at apple.com (Ed Carp) Date: Sat, 7 Aug 93 05:25:31 PDT Subject: (fwd) Wolf's got a thing or two to say here... Message-ID: Here's something I found on another newsgroup. Any ideas what it is? It was a public posting... I've tried uudecoding it and playing with it, running it through uncompress, gunzip, and pgp (all with appropriate headers, of course - I'm not a total idiot!), but I can't make heads or tails out of it. Just curious if anyone found this familiar-looking... From: anon-2061 at twwells.com (wolf) Newsgroups: alt.sexual.abuse.recovery Subject: Wolf's got a thing or two to say here... Message-ID: Date: 7 Aug 93 05:56:31 GMT Sender: mail at twwells.com (mail system) Organization: Anonymous Posting Service at twwells.com Lines: 169 SGVsbG8gZnJpZW5kcy4NCkkgaG9wZSB5b3UgYXJlIGFsbCB3ZWxsLg0KSSBhbSBk b2luZyBiZXR0ZXIgdG9kYXkgdGhhbiBiZWZvcmUuDQpJIGdldCBhIGxpdHRsZSBt b3JlIGxpdmVsaWVyIGV2ZXJ5IGRheS4NCkkgYW0gbm90IGluIHRoZSBtb29kIHRv IHRhbGsgYWJvdXQgdGhlIHNpdHVhdGlvbiByaWdodCBub3csIHRob3VnaC4NCkkg d291bGQgbGlrZSB0byBmaXJzdCBvZiBhbGwgdGhhbmsgZWFjaCBhbiBldmVyeSBv bmUgb2YgeW91IGZvcg0KdGhlIFNDQURTIG9mIG1haWwgSSBoYXZlIHJlY2lldmVk IGluIHJlc3BvbnNlIHRvIG15IHBvc3QgYWJvdXQgd2hhdA0KaGFwcGVuZWQgbGFz dCBNb25kYXkgbmlnaHQuDQpJIGFtIG5vdCB2ZXJ5IGdvb2QgYXQgdGhvc2UgbmFt ZSB0aGluZ3MuLi53aGVyZSBldmVyeW9uZSB3aG8gd3JpdGVzIHNvbWVvbmUNCmdl dHMgbGlzdGVkIGluIGEgdGhhbmsgeW91IG5vdGUuDQpBbmQgSSBhbSBub3QgdmVy eSBnb29kIGF0IHByb21wdGx5IGFuc3dlcmluZyBtYWlsIGVpdGhlci4NCkFuZCBJ IGFtIG5vdCB2ZXJ5IGdvb2QgYXQgZXZlciBnZXR0aW5nIGFyb3VuZCB0byBhbnN3 ZXJpbmcgYWxsIG9mIHRoZSBtYWlsDQpJIHJlY2lldmUuICANCkkgd2lzaCB0aGF0 IEkgd2VyZSBiZXR0ZXIgYWJvdXQgdGhpcywgYnV0IEkgYW0gc2ltcGx5IHRvbyBi dXN5Lg0KSSBoYXZlIHRyaWVkIHRvIHNlbmQgYSB0aGFua3lvdSBub3RlIHRvIGFz IG1hbnkgb2YgeW91IGFzIEkgY2FuIHBlcnNvbmFsbHkuDQpJIGtub3cgZm9yIGEg ZmFjdCB0aGF0IHRoZXJlIGFyZSBtYW55IHJlcGxpZXMgdGhhdCBJIHJlY2lldmVk IHRoYXQgd2VudA0KdW5hbnN3ZXJlZCwgYW5kIGZvciB0aGF0IEkgaG9wZSBubyBv bmUgdGFrZXMgaXQgcGVyc29uYWxseS4NCkkgYW0gbm90IGluIGFueSB3YXkgdHJ5 aW5nIHRvIHNheSB0aGF0IGV2ZXJ5IGJpdCBvZiBpbmRpdmlkdWFsIHN1cHBvcnQg aXMgbm90DQoNCmFzIGltcG9ydGFudCBhcyBhbnkgb3RoZXIuICBJIHJlYWQgZXZl cnkgcGllY2Ugb2YgbWFpbCBJIGdldCEgIEFuZCBJIHJlc3BvbmQgDQp0byBpdCBp ZiBJIGNhbi4NCkkgd2FudCBmb3IgYWxsIG9mIGFzYXIgdG8ga25vdy4uLkkgdGhh bmsgeW91IGZvciBiZWluZyBoZXJlIGZvciBtZSBhbmQgSSBrbm93DQp3aG8gaXMg b3V0IHRoZXJlIG9uIG15IHNpZGUhDQoNCg0Kbm93Li4uSSBoYXZlIHNvbWV0aGlu ZyBlbHNlIHRoYXQgaXMgb24gbXkgbWluZC4uLg0KSSB3aWxsIGFkbWl0IHRoYXQg SSBoYXZlIG5lZ2xlY3RlZCB0byByZWFkIGV2ZXJ5IHBvc3QgaW4gdGhlIHRocmVh ZCB0aGF0IGdvdA0KaWduaXRlZCBieSBOYW5jeSdzIFJFOiBEYXZpZCBwb3N0LiAg SSBrbm93IHRoYXQgSSBoYXZlIG5vdCBiZWVuIGFibGUgdG8gbG9jYXRlDQp0aGUg cG9zdCBieSBSb3NlIHRoYXQga2VlcHMgZ2V0dGluZyByZWZmZXJlZCB0by4gIE9o IHdlbGwsIHRvbyBiYWQuLi5JIHN0aWxsDQpoYXZlIHNvbWUgdGhpbmdzIHRvIGFk ZCBvbiBteSBiZWhhbGYgYW5kIHNpbXBseSBiZWNhdXNlIHNlb20NCnNvbWV0aGlu ZyBhYm91dCB0aGlzIHRocmVhZCBpcyB2ZXJ5IGRpc3R1cmJpbmcgdG8gbWUuDQpJ IGFtIGdvaW5nIHRvIHBsYWNlIGEgc3BvaWxlciBoZXJlIGIvYyBJIGFtIGZlYXJm dWwgdGhhdCB3aGF0IEkgYW0gYWJvdXQgdG8NCnNheSBteSBiZSBmbGFtZSBiYWl0 LiAgSSB0aGluayBpdCBtaWdodCBvZmZlbmQgc29tZSBvZiB5b3UgYW5kIEkgZG8g bm90IHdhbnQNCnRvIGdldCBpbnRvIGEgc2l0dWF0aW9uIGxpa2UgdGhhdCBhZ2Fp bi4gIEkgaGF2ZSBjYXJlZnVsbHkgY29uc2lkZXJlZCB3aGF0IEkNCndvdWxkIGxp a2UgdG8gZXhwcmVzcywgYnV0IEkgZ2V0IHQNCvtoZSBmZWVsaW5nIHRoYXQgdGhl cmUgYXJlIHNvbWUgcGVvcGxlIHdobyBhcmUgbG9va2luZyBmb3IgYSBkZWJhdGUg bm8gbWF0dGVyDQp3aGF0LiAgU28gaWYgeW91IHdhbnQgdG8gc3F1YXJlIG9mZiBh bmQgaGFzaCB0aGlzIHRocmVhZCB0byBwaWVjZXMsIHRoZW4gb2YNCmNvdXJzZSB5 b3UgYXJlIGNlcnRhaW5seSBmcmVlIHRvIGRvIHNvLCBidXQgSSB3aWxsIGJlIG11 Y2ggbW9yZSBjb21mb3J0YWJsZQ0Kd2l0aCB0aGlzIGlmIG15ICQuMDIgYXJlIGlu c2VydGVkIHJpZ2h0IGhlcmUgYW5kIG5vdy4uLg0KDQoqKioqKioqKioqKioqKioq KioqKioqKioqKioqKioqKioqKipTUE9JTEVSKioqKioqKioqKioqKioqKioqKioq KioqKioqKioqKioqKioqDQp0aGlzIA0Kd2lsbA0KZGlzY3Vzcw0KbXkNCmZlZWxp bmdzDQpjb25jZXJuaW5nDQpzb21lIA0Kb2YgDQoiZGlkDQpzaGUgDQpkbw0KdGhl DQpyaWdodA0KdGhpbmciDQphbmQgDQpzb21lDQpvZg0KdGhlDQpzeW1hbnRpYw0K DQpkaXNjdXNzaW9ucw0KDQp0aGF0DQphcmUNCnRha2luZw0KcGxhY2UNCmFzDQph IA0KcmVzdWx0DQpvZg0Kc29tZQ0KcmVzcG9uc2VzDQp0bw0KbXkNCnBvc3QNCnRo YXQgaXMgbW9zdCBjZXJ0YWlubHkgZW5vdWdoIGxpbmVzLi4uDQoNCg0KSSBhZ3Jl ZSB3aXRoIHdob2V2ZXIgaW4gcmVzcG9uc2UgdG8gdGhpcyB0aHJlYWQgcG9zdGVk IHRoYXQgdGhpcyBpcyBlbW90aW9uYWxseQ0KY2hhcmdlZCBzdHVmZi4gIEkgaGF2 ZSBiZWVuIGEgbGl0dGxlIGNoYXJnZWQgYnkgaXQgbXlzZWxmLg0KU2luY2UgSSBo YXZlIG5vdCByZWFkIFJvc2UncyBwYXJ0IGluIHRoaXMgSSBjYW5ub3QgcmVsYXRl IHRvIHRoYXQgYXJlYSBvZiB0aGUNCmRpc2N1c3Npb24uICBPYnZpb3VzbHkgUm9z ZSBpcyB1cHNldCB0aGF0IHNvbWVvbmUgc2FpZCBzb21ldGhpbmcgbmVnYXRpdmUg dG8NCmhlci4gIEkgd2lsbCB0cnkgbm90IHRvIGJlIGN5bmljYWwgYWJvdXQgaXQs IGIvYyBJIGFtIGZlZWxpbmcgYSBsaXR0bGUgYml0DQp1cGl0eSBhbmQgSSBkbyBu b3Qgd2FudCB0byBiZSBydWRlLg0KSSBhbSBzaW1wbHkgYSBiaXQgZGlzdHVyYmVk IGJ5IE5hbmN5J3Mgb3JpZ2luYWwgcG9zdCBhYm91dCBteSBoYXZpbmcNCiJnb3R0 ZW4gRGF2aWQgYXJyZXN0ZWQiLg0KT24gbXkgYmVoYWxmLi4uY2FsbCBpdCBzeW1h bnRpYyBxdWliYmxlIGlmIHlvdSB3aWxsLCBidXQgaXQgaXMgd2hhdCBJIGRpZCB0 bw0KcHJvdGVjdCBteXNlbGYgYW5kIEkgYW0gYW5nZXJlZCB0aGF0IGl0IHNlZW1z IHRvIGhhdmUgYmVlbiBxdWVzdGlvbmVkIGV2ZW4NCm5vIGVzcGVjaWFsbHkgd2hl biBldmVuIERhdmlkIGRpZG4ndCBxdWVzdGlvbiBpdCBvbmNlIGhlIGhhZCBhIHBl cmlvZCB0byBjYWxtDQpoaW1zZWxmLg0KTm8gSSBoYXZlIHJlYWQgd2hlcmUgZXZl cnlvbmUgdGhpbmtzIHRoYXQgZm9yIG9uZSByZWFzb24gb3IgYW5vdGhlciBJIGRp ZCB0aGUNCnJpZ2h0IHRoaW5nIHRvIHByb3RlY3QgbXlzZWxmLiAgQnV0IGxldCdz IGZhY2UgaXQsIGd1eXMuDQpEYXZpZCBnb3QgaGltc2VsZiBhcnJlc3RlZC4NCkFz IGZvciBwb2xpY2UgYW5kIHBvbGljZSBicnV0YWxpdHkgYW5kIGZhaXJuZXNzIGFu ZCBqdXN0aWNlLCB3ZWxsLCBsb29rIGF0DQp0aGUgcGVycg0KcGVlcnMgYXJvdW5k IHlvdS4NCk1hbnkgb2YgdXMgaGF2ZSB2ZXJ5IGxpdHRsZSBmYWl0aCBpbiB0aGUg anVzdGljZSBzeXN0ZW0gb2YgdGhpcyBVU0EuDQpJZiB3ZSBoYWQgbW9yZSBtYXli ZSBtb3JlIG9mIHVzIHdvdWxkIGhhdmUgdHJpZWQgYSBsb25nIHRpbWUgYWdvIHRv IHNlZWsgb3V0DQp0aGUganVzdGljZSB3ZSBkZXNlcnZlIGZvciB0aGUgdmlvbGF0 aW9ucyB3ZSBoYXZlIHN1ZmZlcmVkLg0KSSBhbSBub3QgcXVpY2sgdG8gY2FsbCB0 aGUgcG9saWNlIGVpdGhlciwgbGV0IG1lIHRlbGwgeW91Lg0KTXkgZmlyc3QgZXhw ZXJpZW5jZSB3aXRoIHRyeWluZyB0byBnZXQgcG9saWNlIHRvIGhlbHAgbWUgd2l0 aCBiZWluZyBoYXJyYXNzZWQNCmJ5IERleiAod2hlcmUgSSB3YXMgYmVpbmcgZm9y Y2VkIHRvIHByYWN0aWNlIHByb3N0aXR1dGlvbiBhbmQgYmVpbmcgYmVhdGVuIGFu ZA0KcmF2YWdlZCByZWd1bGFybHkpIGxlZCBtZSB0byBnZXR0aW5nIHB1bmlzaGVk IGJ5IERleiBzaW5jZSBoZSBoYWQgc28gDQpjb252ZW5pZW50bHkgYm91Z2h0IG9m ZiBwYXJ0cyBvZiB0aGUgcG9saWNlIGRlcGFydG1lbnQgaW4gbXkgaG9tZSB0b3du LiAgSQ0KZ290IHRoZSBzaGl0IGJlYXQgb3V0IG9mIG1lIGZpcnN0IGJ5IHRoZSBj b3BzIHRoZW4gYnkgRGV6Lg0KU28gSSBrbm93IGhvdyBmdWNrZWQgdXAgdGhlIHBv bGljZSBhbiBiZS4NCkx1Y2tpbHkgdGhpcyBpcyBhIGRpZmZlcmVudCB0b3duIGFu ZCBhIGRpZmZlcmVudCBsaWZlICh3ZWxsIGFsbW9zdCkuDQpBcyBJIHNpdCBoZXJl IGFuZCB0aGluayBvZiB0aGUgcG9saWNlbWFuLCBvZmZpY2VyIENvb3BlciAxNzEs IGJlYXRpbmcgRGF2aWQncw0KaGVhZCBhZ2FpbnN0IHRoZSByb29mIG9mIGhpcyBz cXVhZCBjYXIgbXkgc3RvbWFjaCBpcyB0dXJuaW5nLg0KRGF2aWQgaXMgYmFkbHkg YnJ1aXNlZCBhbmQgb25lIG9mIGhpcyBleWVzIGdvdCBjdXQuDQpOb3cgSSBhbSBz b3JyeSB0aGF0IGhlIGhhcyBoYWQgdG8gZW5kdXJlIHRoaXMuDQpJIHRoaW5rIGl0 IGlzIHdyb25nLi4uYW5kIEkgYW0gYWxtb3N0IGNlcnRhaW4gdGhhdCB0aGUgZm9y Y2UgdXNlZCB0byByZXN0cmFpbg0KaGltIHdhcyBhIGJpdCBleGNlc3NpdmUuICBJ IGtub3cgRGF2aWQgYW5kIGhlIHdpbGwgbm90IGZpZ2h0IGltcG9zc2libGUgb2Rk cy4NClN0aWxsLCBJIGFtIHRoYW5rZnVsIHRoYXQgaGUgZ290IGEgbGl0dGxlIHRh c3RlIG9mIGhlbGwgdGhhdCBuaWdodCB3aXRoDQpyZXNwZWN0IHRvIHdoYXQgaGUg cHV0IG1lIHRocm91Z2guICBIZSBpcyBhIGxpdHRsZSBiaXQgc2Vuc2l0aXZlIHRv IHdoYXQgaGUNCmRpZCB0byBtZS4NCk5vbmUgb2YgdGhpcyBpcyBtZWFudCB0byBl eGN1c2Ugb3IganVzdGlmeSBoaXMgYmVoYXZpb3IsIGIvYyBJIGZpbmQgaXQgdG90 YWxseQ0KdW5hY2NlcHRhYmxlIGFuZCBhYmhvcmluZyBhdCB0aGUgdmVyeSBsZWFz dC4NCkkgYW0gc29ycnkgZm9yIHRoZSBmdWNraW5nIGluanVzdGljZXMgb2YgdGhl IHdvcmxkLg0KVGhlcmUgYXJlIGluIGZhY3QgbWFueS4NCkxpa2UgdGhlIGdpcmwg d2hvIHRyaWVkIHRvIHNlZWsganVzdGljZSBmb3IgYmVpbmcgZ2FuZyByYXBlZCBi dXQgaGFkIGEgYmFkDQpyZXB1dGF0aW9uIHNvIHRoZXkgdG9sZCBoZSB0byBnZXQg b3V0IG9mIHRoZWlyIGZhY2VzIHRoYXQgdGhleSBoYWQgbm8gdGltZQ0KZm9yIGhl ciBsaXR0bGUgY2FzZS4NClRoYXQgd2FzIG5vdCBqdXN0IGEgY2FzZSwgdGhhdCB3 YXMgaGVyIGxpZmUuDQpKdXN0IGxpa2UgTmFuY3kncyBmcmllbmQgd2hvIHNlcnZl ZCAyIHllYXJzIGZvciBhIGNyaW1lIGhlIHByb2JhYmx5IGRpZCBub3QNCmNvbW1p dC4NCkl0IGlzIGFuIGluanVzdGljZS4NCkkgdGhpbmsgd2UgYWxsIGFncmVlIHRo YXQgaW5qdXN0aWNlcyBkbyBoYXBwZW4gaW4gZXZlcnkgYXJlYSBvZiBvdXIgc29j aWV0eS4NCldoYXQgYXJlIHdlIGhlcmUgZm9yPw0KQVJlIHdlIGhlcmUgd2l0aCBo b3BlcyB0aGF0IHdlIGNhbiBwaW5wb2ludCB0aGUgZXhhY3QgcGxhY2Ugd2hlcmUg c29jaWV0eQ0Kd2VudCB3cm9uZyBhbmQgY2hhbmdlIGl0Pw0Kbm8gSSBkbyBub3Qg dGhpbmsgdGhhdCBpcyBpdCAoc3RvcCBtZSBpZiBJIGFtIHdyb25nKQ0KSSB0aGlu ayB3ZSBhcmUgaGVyZSB0byBnaXZlIGNhcmUgYW5kIHN1cHBvcnQgdG8gb25lIGFu b3RoZXIgYi9jIHdlIGhhdmUgYWxsDQpzdWZmZXJlZCBzb21lIHByZXR0eSBoYW5l b3VzIGluanVzdGljZXMgYW5kIHRoZSBjYXJlIHdlIGdldCBmcm9tIG9uZSBhbm90 aGVyDQpvZnRlbiBoZWxwcyB0byBzZXJ2ZSBzb21lIHB1cnBvc2UgdG93YXJkcyBl bmRpbmcgdGhhdCBjeWNsZS4NCkFzIGZvciBSb3NlLi4ud2FzIHNoZSBiZWluZyBt YW5pcHVsYXRpdmU/DQp3ZWxsLCBJIGRvIG5vdCBrbm93Lg0KSSBoYXZlIGZlbHQg dGhhdCB3YXkgYXQgdGltZXMsIGJ1dCBJIGhhdmUgYWxzbyBkb25lIHRoYXQgYXQg dGltZXMgbXlzZWxmLi4uDQpJIGZpcm1seSBiZWxpZXZlIGluIHRoZSBjaGlsZGhv b2QgY29tZS1iYWNrICJ0YWtlcyBvbmUgdG8ga25vdyBvbmUiDQphbmQgSSBrbm93 IHRoYXQgd2hlbiBJIHNlZSBzb21lb25lIG1hbmlwdWxhdGluZyBpdCBpcyBvbmx5 IGJlY2F1c2UgSSBoYXZlDQpkb25lIGl0IG15c2VsZiB0aGF0IEkgYW0gYWJsZSB0 byBzZWUgaXQuDQpBbmQgeWVzIGl0IHNvbWV0aW1lcyB0YWtlcyBhIGJpdCBvZiB0 b3VnaCBsb3ZlIHRvIGJyZWFrIGJlaGF2aW9ycyBsaWtlIHRoYXQuDQpJIHRoaW5r IHdlIGFsbCBsb3ZlIFJvc2UuLi5JIGtub3cgdGhhdCB3ZSBmZWVsIGZvciBoZXIu Li5zaGUgc2VlbXMgdG8gYmUgaW4NCnNvIG11Y2ggcGFpbi4uLg0KSSBkbyBub3Qg dGhpbmsgd2UgYXJlIGhlcmUgdG8gcGFzcyBqdWRnZW1lbnQgb24gaGVyLi4uDQph bmQgSSBkbyBub3QgdGhpbmsgd2UgYXJlIGhlcmUgdG8ga2VlcCBzb21lb25lIGZy b20gYmVpbmcgdGFrZW4gaW4gYnkgYSBzaXR1YXRpbw0KbiB0aGF0IHdlIG1heSBw ZXJjaWV2ZSBhcyBoYXJtZnVsIHRvIHRoZW0gKHdpdGhpbiB0aGUgaW5mcmFzdHJ1 Y3R1cmUgb2YgdGhlDQpncm91cCkuICANCldlIGhhdmUgYWxsIGhlYXJkIGF0IG9u ZSB0aW1lIG9yIGFub3RoZXIgc29tZW9uZSBvbiBoZXJlIHRlbGwgdXMgYWJvdXQg Ym91bmRhcmllDQpzIGFuZGQgaXQgaXMgc3RpbGwgdXAgdG8gdXMgYXMgaW5kaXZp ZHVhbHMgdG8gc2V0IHRoZW0uDQpJIGhvcGUgdGhhdCBmcm9tIGFzYXIgbW9yZSB0 aGFuIGFueSBvdGhlciBwbGFjZSB0aGVyZSBpcyBtb3JlIHRvbGVyYW5jZSBvZg0K cGVvcGxlIGxlYXJuaW5nIHRoYXQgYW5kIGZlZWxpbmcgb3V0IGp1c3QgaG93IHRv IGdvIGFib3V0IHRoYXQuDQpBbmQgYXQgdGhlIHNhbWUgdGltZSBJIHRoaW5rIHRo YXQgdGhpcyBpcyB0aGUgcGxhY2Ugd2hlcmUgSSBmaXJzdCBsZWFybmVkIGhvdw0K dG8gZW5mb3JjZSB0aGVtIGFzIHdlbGwsIHNvIEkgaG9wZSB0aGF0IGFsbCBvZiBh c2FyIHVuZGVyc3RhbmRzIHRoYXQgbWFueSBvZg0KdXMgYXJlIHN0aWxsIHRyeWlu ZyBvbiBzb21lICBvZiB0aGVzZSBuZXcgY2xvdGhlcy4uLi4NCmFzIGZvciB0aGUg UkU6IERhdmlkIHRocmVhZCwgd2VsbCwgSSBndWVzcyBJIGhhdmUgaGFkIG15IHNh eS4NCkkgYW0gbG9va2luZyBhdCB0aGlzIGZyb20gdGhpcyBwZXJzcGVjdGl2ZSBy aWdodCBub3csIGFuZCBteSBwZXJzcGVjdGl2ZXMgYXJlDQphbHdheXMgc3ViamVj dCB0byBjaGFuZ2UuDQpTbyBpZiBJIGhhdmVuJ3QgaHVydCBhbnlvbmUncyBmZWVs aW5ncyBvciBydW4gYW55b25lIG9mZiwgdGhlbiBnb29kLg0KSSBkbyBub3Qgc3Rl cCBvdXQgYW5kIHNwZWFrIG15IG1pbmQgbGlrZSB0aGlzIG9mdGVuIGFuZCBpdCBh bHdheXMgZmVlbHMgZ29vZA0Kd2hlbiBJIGRvLi4uDQpmbGFtZSBtZSBpZiB5b3Ug bXVzdA0KanVzdCBwdXQgYSBzcG9pbGVyIGluIGl0IHNvIHRoYXQgd2Ugd2lsbCBo YXZlIHNvbWUgd2FybmluZw0KSSBhbSB1cCBhbmQgZG93biByaWdodCBub3cNCnNv IEkgYW0gdHlyaW5nIHRvIGJlIGNhcmVmdWwgYWJvdXQgc29tZSBvZiB0aGUgc3R1 ZmZmIEkgcmVhZC4NCg0KdGhhdCBpcyBlbm91Z2ggcmFudGluZyBmb3IgdG9uaWdo dCBJIHRoaW5rLg0Kd29sZg0KDQo= -- Ed Carp, N7EKG erc at apple.com 510/659-9560 anon-2133 at twwells.com If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From anonymous at extropia.wimsey.com Sat Aug 7 05:49:02 1993 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Sat, 7 Aug 93 05:49:02 PDT Subject: Anonymous Usenet Gateway Message-ID: <199308071227.AA08709@xtropia> I have found one Usenet Gateway that works with anonymous remailers, at least for the present. group.name.usenet at decwrl.dec.com For example, to use the Cuperman wimsey remailer to post to rec.video.cable-tv send a PGP-Encrypted message to: Remailer Subject: [Encrypted message body follows] To: rec.video.cable-tv.usenet at decwrl.dec.com Subject: A Pirate Replies [message body of post] Here is how the message appears in the newsgroup: [Newsgroup rec.video.cable-tv] Post: 148 of 161 From: anonymous at extropia.wimsey.com Newsgroups: rec.video.cable-tv Subject: A Pirate Replies Date: Mon, 2 Aug 1993 18:06:21 -0700 Lines: 183 X-Received: by usenet.pa.dec.com; id AA00192; Mon, 2 Aug 93 19:10:01 -0700 X-Received: by inet-gw-2.pa.dec.com; id AA19438; Mon, 2 Aug 93 19:09:53 -0700 X-Received: by vanbc.wimsey.com (Smail3.1.28.1) X-Received: by xtropia id AA10765 X-To: rec.video.cable-tv.usenet X-Remailed-By: remail at extropia.wimsey.com X-Comments: This message was anonymously remailed. Do not reply [Message body] ========================================================================= If you want to make any anonymous posts, I would jump on this quickly, as I expect this remailer will sooner or later join utexas in blocking anonymous posts. I support Edgar Swank's call for the Cyherpunks remailers to support anonymous posting directly. From hnash at mason1.gmu.edu Sat Aug 7 09:25:59 1993 From: hnash at mason1.gmu.edu (hnash at mason1.gmu.edu) Date: Sat, 7 Aug 93 09:25:59 PDT Subject: Ayn Rand and Crypto-Anarchy Message-ID: <9308071625.AA23852@mason1.gmu.edu> -----BEGIN PGP SIGNED MESSAGE----- I recently read Atlas Shrugged by Ayne Rand. I noticed two crucial technologies that seem like good analogs for cypherpunk technology. In case your not familiar with the story, the most productive industrialists, engineers, etc. decide to remove themselves from society until the government stops interfering. They create their own little community in a secluded valley where they can work without supporting the government. The first relevant technology is a mirror that hides the valley. The industrialists have built a small town, but from the air it looks like a barren desert. The mirror conceals their transactions from everyone else. This sounds like encrypted, untraceable communications and transactions. Black markets flourish, but from outside they look like barren static. The second technology is a self-destructing laboratory. This allows an engineer to experiment with secret technology without the need for physical security. When the police break down the lab door, they find nothing but a fine powder, and they can't even guess what he's been up to. This sounds like tamperproof hardware or software. To the authorized user, it's useful equipment. To everyone else, it's nothing more than random instructions. Did Ayn Rand anticipate crypto-anarchy? --- Yours Truly, ][adon Nash --- in founding a family or a state, or acquiring fame even, we are mortal; but in dealing with truth we are immortal, and need fear no change nor accident. --- ][enry David Thoreau, 1850 --- -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLGOgRjIwr9YMSTuBAQEF9gQAuTn0qIBBg/rgJFFdpnaWZHeVQBc9BBX0 6MPz3a9FfOen4MSL00XD+dOn96Fc4gzXma6h1kXU70i8u5L/uysVJvSrBEPjQEHv Gt8JuWxgvZoQSAkrv0Q0KhKA6cI4Tv15PhGiEN2jGoBE2qHO9T1CTfrJSrF/FsZt RFYGUqK1KEo= =JvXB -----END PGP SIGNATURE----- -------------- Yours Truly, ][adon Nash -------------------------------- in founding a family or a state, or acquiring fame even, we are mortal; but in dealing with truth we are immortal, and need fear no change nor accident. --------------------------------- ][enry David Thoreau, 1850 From fergp at sytex.com Sat Aug 7 10:50:34 1993 From: fergp at sytex.com (Paul Ferguson) Date: Sat, 7 Aug 93 10:50:34 PDT Subject: On-going experimentation.... Message-ID: <8q3w8B1w165w@sytex.com> I'll try this later today to see if it makes a difference (after a couple more cups of java), but for what its worth, I think that this point Chael brought up should be mentioned again: > From: uunet!bsu-cs.bsu.edu!nowhere (Chael Hall) > Subject: Re: Anon remailer to USENET gate bogus > To: sytex.com!fergp (Paul Ferguson) > Date: Wed, 4 Aug 93 22:59:53 EST > Cc: toad.com!cypherpunks > > Paul, > > I have seen several bounces from the utexas server because there > was no Subject for the posting, you need to put a subject line in the > pasted header like so: > > :: > Request-Remailing-To: alt-test at utexas.whatever... > Subject: this is a test > Organization: there > > [body] > > Good luck, but that's what the error message said, there's nothing > about anonymity in the bounce, though. > > Chael > > -- > Chael Hall > nowhere at bsu-cs.bsu.edu, 00CCHALL at BSUVC.BSU.EDU, chall at bsu.edu > (317) 776-4000 from 8 am - 5 pm CST Paul Ferguson | "Government, even in its best state, Network Integrator | is but a necessary evil; in its worst Centreville, Virginia USA | state, an intolerable one." fergp at sytex.com | - Thomas Paine, Common Sense Type bits/keyID Date User ID pub 1024/1CC04D 1993/03/15 Paul Ferguson Key fingerprint = EE D2 93 7D 04 6D C6 05 AC 36 AD 9D 8E 4F 41 58 From nowhere at bsu-cs.bsu.edu Sat Aug 7 10:50:59 1993 From: nowhere at bsu-cs.bsu.edu (Anonymous) Date: Sat, 7 Aug 93 10:50:59 PDT Subject: Key-Escrow (black) Humor Message-ID: <9308071752.AA09964@bsu-cs.bsu.edu> Thanks to - Q. How many endangered bureacrats does it take to screw in a light bulb? A1. We're not sure, they prefer to hide in the shadows. A2. We don't know, we can't find any. Have you seen any? A3. You only need one, but each only works once because they invariably manage to electrocute themselves in the process. A4. You must fill out form KT-398930-0-3893-1z(321.31x*) in sextuplicate, "Requisition for Light Amplification and Enhancement Device Facilities and Staff Resources and Efficacy Data Measures Projections and Speculations." Invisible ink only. Reply will be shipped on punch cards by carrier pigeon after brief administrative period. Offer void where prohibited. Prohibited in this universe. Q. How many FBI agents does it take to wiretap? A1. All of them. One to hold the alligator clips and the rest to convince the Congress and American public "he's just doing his job." A2. FBI doesn't actually `wiretap,' a groundless popular myth. They only participate in wholesome law-enforcement activities at all times. A3. Two. One to do the job and one to botch it. Public relations is automatically handled by a new AI program that endlessly constructs almost-coherent sentences from keywords like `dead bodies', `airplane explosion', `innocent children', `drug dealers', `terrorists', `criminals', `law-abiding public,' `American businesses'. A4. B.C. (Before cryptography), several. After, none. (See also `endangered bureacrats.') Q. How many NSA agents does it take to spy on U.S. citizens? A. Sorry, that's classified information. Q. Why does D. Sternlight favor Clipper technology? A1. It's the kind of idea he could have come up with himself. A2. Doesn't like to be bothered by details. That's what the NSA is for. A3. No unsound idea has ever emanated from the U.S. Government. A4. Having been to many subversive foreign countries, he recognizes the necessity of spying on them. Q. Why is D. Denning promoting Clipper? A1. Peer pressure (all her friends are doing it). A2. Wanted to beat the rush. A3. Looks good on her resume. A4. Everyone needs a hobby. A5. Coincidentally got an NSA employee after signing up for the Adopt an Endangered Bureacrat program. Q. Why is D. Denning's cryptography book so successful? A1. It's cornered the lucrative NSA textbook market. A2. The NSA bureacrats love to shred their reading material, and order new copies each time they need to look something up (which is frequent). A3. People marvel at the writing by an expert endorsed by the NSA. A4. NSA afraid someone will read it so they buy all the copies. Q. Why is the Clinton administration wholeheartedly promoting Clipper? A1. The neato secret decoder rings handed out at the briefing won everyone over immediately. A2. Opportunity for another authoritative and stunning nose-tweaking at `the previous administration'. A3. First installment of the fabulous new and comprehensive `Orwell Plan'. A4. Anything to get those creepy NSA guys to go away. Q. Why did the NSA come up with the Clipper chip? A1. Job security. A2. Entertainment. A3. Scared silly of `economic espionage' monsters hiding in the closet. A4. Got bored that day. A5. Great joke on those Mykotronx bozos. - -- This is a carbon copy of a message that was sent to 4 different e-mail to USENET gatewys: 1. to alt.privacy.clipper via cs.utexas.edu via nowhere at bsu-cs.bsu.edu 2. to alt.privacy via demon.co.uk via ebrandt at jarthur.claremont.edu 3. to sci.crypt via decwrl.dec.com via elee7h5 at rosebud.ee.uh.edu 4. to misc.legal.computing via news.cs.indiana.edu via phantom at mead.u.washington.edu Let's see how they fare.... Ye olde Spooge Meister spooge /spooj/ 1. Inexplicable or arcane code or random and probably incorrect output from a computer program. From cme at ellisun.sw.stratus.com Sat Aug 7 11:34:05 1993 From: cme at ellisun.sw.stratus.com (Carl Ellison) Date: Sat, 7 Aug 93 11:34:05 PDT Subject: the real issue, re: Skipjack Message-ID: <9308071833.AA04169@ellisun.sw.stratus.com> Does one need to turn over keys in Switzerland just when encrypting over the public phone wires -- or also for encrypting files on a hard or floppy disk? If one mails an encrypted file on a floppy disk, does the government expect to have a copy of all keys? - Carl From tcmay at netcom.com Sat Aug 7 11:59:05 1993 From: tcmay at netcom.com (Timothy C. May) Date: Sat, 7 Aug 93 11:59:05 PDT Subject: Ayn Rand and Crypto-Anarchy In-Reply-To: <9308071625.AA23852@mason1.gmu.edu> Message-ID: <9308071856.AA20935@netcom5.netcom.com> hnash at mason1.gmu.edu writes: > I recently read Atlas Shrugged by Ayne Rand. I noticed two > crucial technologies that seem like good analogs for cypherpunk > technology. Yes, lots of parallels. I read Rand when I was 16, was mightily influenced, but have been unable to read her since. Just the writing style, I suppose. Other people tell me the same thing, that you basically have to read her when you're young and impressionable. (put a smiley here if you like) > Did Ayn Rand anticipate crypto-anarchy? > Rand later in her life denounced libertarians, let alone the even more extreme anarcho-capitalists. And the crypto anarchists of today are beyond even anarcho-capitalism. But her ideas were of utmost importance. In fact, in 1988, I set out to write a novel that would "update" "Atlas Shrugged." It's still languishing, but many of the ideas I developed while attending Crypto conferences, reading Vinge ("True Names") and Card ("Ender's Game"), and exploring the implications of fully anonymous communication and trade found their way into my "Crypto Anarchist Manifesto" that year. So, I would agree that Rand was one of the prime motivators of crypto anarchy. What she wanted to do with material technology (mirrors over Galt's Gulch) is _much_ more easily done with mathematical technology. Someday I'll repost my essay "Libertaria in Cyberspace" to this List. -Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From greg at ideath.goldenbear.com Sat Aug 7 14:43:54 1993 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Sat, 7 Aug 93 14:43:54 PDT Subject: Files re Inslaw Message-ID: I have uploaded three files to /pub/cypherpunks/incoming on soda.berkeley.edu - CASOLARO.Z Boston Globe article re Danny Casolaro INSLAW.Z Barron's articles re Inslaw v U.S. HAMILTON.Z Transcript of radio interview with Inslaw founder I will mail copies to folks who explicitly asked that they be mailed. If you mailed me to say you're interested, but can't FTP, please write again, and I'll mail them. -- Greg Broiles greg at goldenbear.com Golden Bear Computer Consulting +1 503 342 7982 Box 12005 Eugene OR 97440 BBS: +1 503 687 7764 From fergp at sytex.com Sat Aug 7 14:49:06 1993 From: fergp at sytex.com (Paul Ferguson) Date: Sat, 7 Aug 93 14:49:06 PDT Subject: NIST contact information Message-ID: <9TJX8B1w165w@sytex.com> For anyone interested, this text was excerpted from the Computer Systems Laboratory (CSL) Bulletin for July 1993, entitled, "Connecting to the Internet: Security Considerations." Ironically, one paragraph specifically states the admitted security concerns for unencrypted traffic: "Ease of Spying and Spoofing: The vast majority of Internet traffic is unencrypted and therefore easily readable. As a result, e-mail, passwords, and file transfers can be monitored and captured using readily available software. Intruders have been known to monitor connections to well-known Internet sites for the purpose of gaining information that would allow them to crack security or to steal valuable information. This information sometimes permits intruders to spoof legitimate connections, i.e., trick system security into permitting normally disallowed network connections." Surprisingly, the article also acknowledges the mind-boggling growth of the Internet in a statement that says, "Consequently, the Internet is now growing faster than any telecommunications system thus far, including the telephone system." With that in mind, the "key-ecrow" system is, in my opinion, just the beginning in a systemmatic approach which I believe the NSA and the Justice Department will attempt to entrench in their ever-elusive "War on Drugs" (WoD), etc. This may become even more sinister in that the RICO statutes may empower them with the ability to effectively eavesdrop at will, monitoring voice and data communications in the shadows. This file is on the NIST's publicly available system as JUL93BLT.TXT. Other reports, announcements and bulletins are available on their system which may be of interest to you. Information about how to connect to the system is included below: "NIST maintains a computer security bulletin board system (BBS) and Internet-accessible site for computer security information open to the public at all times. These resources provide information on computer security publications, CSL Bulletins, alert notices, information about viruses and anti-virus tools, a security events calendar, and sources for more information. To access the BBS, you need a computer with communications capability and a modem. For modems at 2400 bits per second (BPS) or less, dial (301) 948-5717. For 9600 BPS, dial (301) 948-5140. Modem settings for all speeds are 8 data bits, no parity, 1 stop bit. Internet users with telnet or ftp capability may telnet to the BBS at cs-bbs.nist.gov (129.6.54.30). To download files, users need to use ftp as follows: ftp to csrc.nist.gov (129.6.54.11), log into account anonymous, use your Internet address as the password, and locate files in directory pub; an index of all files is available for download. For users with Internet-accessible e-mail capability, send e-mail to docserver at csrc.nist.gov with the following message: send filename, where filename is the name of the file you wish to retrieve. send index will return an index of available files." Paul Ferguson | "Government, even in its best state, Network Integrator | is but a necessary evil; in its worst Centreville, Virginia USA | state, an intolerable one." fergp at sytex.com | - Thomas Paine, Common Sense Type bits/keyID Date User ID pub 1024/1CC04D 1993/03/15 Paul Ferguson Key fingerprint = EE D2 93 7D 04 6D C6 05 AC 36 AD 9D 8E 4F 41 58 From nowhere at bsu-cs.bsu.edu Sat Aug 7 17:49:07 1993 From: nowhere at bsu-cs.bsu.edu (Anonymous) Date: Sat, 7 Aug 93 17:49:07 PDT Subject: Anonymous remailer to USENET gateway testing continues Message-ID: <9308080050.AA26972@bsu-cs.bsu.edu> This a summary of the anonymous e-mail to USENET gateway posts that I sent earlier today (8/7/93) - All messages included: :: Request-Remailing-To: @. Subject: Key-Escrow (black) Humor Organization: Shadows 'R Us in the remail header (per suggestions of Chael Hall, thanks). ----------------------------- --------------------------------------- nowhere at bsu-cs.bsu.edu alt-privacy-clipper at cs.utexas.edu ebrandt at jarthur.claremont.edu alt-privacy at demon.co.uk elee7h5 at rosebud.ee.uh.edu sci.crypt.usenet at decwrl.dec.com phantom at mead.u.washington.edu misc.legal.computing at news.cs.indiana.edu Based upon the following e-mail to USENET gateway templates: group-name at ucbvax.berkeley.edu group-name at cs.utexas.edu group-name at pws.bull.com group-name at demon.co.uk group.name.usenet at decwrl.dec.com group.name at news.cs.indiana.edu And also based upon the following list of anonymous remailers: ebrandt at jarthur.claremont.edu elee7h5 at rosebud.ee.uh.edu hal at alumni.caltech.edu hh at soda.berkeley.edu hh at cicada.berkeley.edu hh at pmantis.berkeley.edu nowhere at bsu-cs.bsu.edu phantom at mead.u.washington.edu The message sent consisted of the following message: :: Request-remailing-To: @. Subject: Key_Escrow (black) Humor Organization: Shadows 'R Us Thanks to - Q. How many endangered bureacrats does it take to screw in a light bulb? A1. We're not sure, they prefer to hide in the shadows. A2. We don't know, we can't find any. Have you seen any? A3. You only need one, but each only works once because they invariably manage to electrocute themselves in the process. A4. You must fill out form KT-398930-0-3893-1z(321.31x*) in sextuplicate, "Requisition for Light Amplification and Enhancement Device Facilities and Staff Resources and Efficacy Data Measures Projections and Speculations." Invisible ink only. Reply will be shipped on punch cards by carrier pigeon after brief administrative period. Offer void where prohibited. Prohibited in this universe. Q. How many FBI agents does it take to wiretap? A1. All of them. One to hold the alligator clips and the rest to convince the Congress and American public "he's just doing his job." A2. FBI doesn't actually `wiretap,' a groundless popular myth. They only participate in wholesome law-enforcement activities at all times. A3. Two. One to do the job and one to botch it. Public relations is automatically handled by a new AI program that endlessly constructs almost-coherent sentences from keywords like `dead bodies', `airplane explosion', `innocent children', `drug dealers', `terrorists', `criminals', `law-abiding public,' `American businesses'. A4. B.C. (Before cryptography), several. After, none. (See also `endangered bureacrats.') Q. How many NSA agents does it take to spy on U.S. citizens? A. Sorry, that's classified information. Q. Why does D. Sternlight favor Clipper technology? A1. It's the kind of idea he could have come up with himself. A2. Doesn't like to be bothered by details. That's what the NSA is for. A3. No unsound idea has ever emanated from the U.S. Government. A4. Having been to many subversive foreign countries, he recognizes the necessity of spying on them. Q. Why is D. Denning promoting Clipper? A1. Peer pressure (all her friends are doing it). A2. Wanted to beat the rush. A3. Looks good on her resume. A4. Everyone needs a hobby. A5. Coincidentally got an NSA employee after signing up for the Adopt an Endangered Bureacrat program. Q. Why is D. Denning's cryptography book so successful? A1. It's cornered the lucrative NSA textbook market. A2. The NSA bureacrats love to shred their reading material, and order new copies each time they need to look something up (which is frequent). A3. People marvel at the writing by an expert endorsed by the NSA. A4. NSA afraid someone will read it so they buy all the copies. Q. Why is the Clinton administration wholeheartedly promoting Clipper? A1. The neato secret decoder rings handed out at the briefing won everyone over immediately. A2. Opportunity for another authoritative and stunning nose-tweaking at `the previous administration'. A3. First installment of the fabulous new and comprehensive `Orwell Plan'. A4. Anything to get those creepy NSA guys to go away. Q. Why did the NSA come up with the Clipper chip? A1. Job security. A2. Entertainment. A3. Scared silly of `economic espionage' monsters hiding in the closet. A4. Got bored that day. A5. Great joke on those Mykotronx bozos. These resulting messages have been posted thus far: Newsgroups: alt.privacy.clipper Subject: Key-Escrow (black) Humor Date: 7 Aug 1993 12:48:57 -0500 Organization: Shadows 'R Us Lines: 91 NNTP-Posting-Host: cs.utexas.edu Newsgroups: misc.legal.computing Subject: Key-Escrow (black) Humor X-Sender: phantom at mead.u.washington.edu Organization: Computer Science, Indiana University Date: Sat, 7 Aug 93 10:49:08 -0700 Remailed-By: Anon Remail Lines: 92 Further results will be posted as I receive them. Ye olde Spooge Meister spooge /spooj/ 1. Inexplicable or arcane code or random and probably incorrect output from a computer program. From fnerd at smds.com Sat Aug 7 18:29:07 1993 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Sat, 7 Aug 93 18:29:07 PDT Subject: voluntary compliance Message-ID: <9308080120.AA16598@smds.com> An interesting statement from the Skipjack proponents is that its use will be voluntary, and there's nothing that the citizen using it will be required to divulge (he doesn't even know the key and they do), and therefore no one's rights are being violated. Assume for the moment that that will remain true. They just want to encourage voluntary compliance. This is an interesting point. How much encouragement counts as coercion? Is it okay if they tax a dollar from a million people and offer the million to you for your information? Is it okay if they make it illegal to sell non-compromised phones (i.e., you don't have to use Skipjack, you can go unencrypted or roll your own)? These people are purposely, avowedly, trying to "encourage" us to do something they have no legal right to require. Why is that okay? Other than asking us as "good citizens" to do something, how is slanting the incentives okay? Do we have the right not to be nudged? -fnerd quote me From nowhere at bsu-cs.bsu.edu Sat Aug 7 18:49:07 1993 From: nowhere at bsu-cs.bsu.edu (Anonymous) Date: Sat, 7 Aug 93 18:49:07 PDT Subject: Status ongoingKey-Escrow (black) Humor Message-ID: <9308080150.AA29201@bsu-cs.bsu.edu> That makes 3 of 4 .... Ye olde Spooge Meister spooge /spooj/ 1. Inexplicable or arcane code or random and probably incorrect output from a computer program. From fergp at sytex.com Sat Aug 7 18:50:16 1993 From: fergp at sytex.com (Paul Ferguson) Date: Sat, 7 Aug 93 18:50:16 PDT Subject: How does it really work, anyway? Message-ID: As an aside, all this talk about anonymous remailers is intriguing. Does anyone know with certainty what happens at the remailer site, within the software process of stripping headers and the likes, where the original sender of the message could be tracked? SENDMAIL logs, etc.? What would be preferrable, in ideal scenario, would be that all traces of the incoming message was discarded altogether. In this fashion, the operator of the remailer would be less likely to be "persuaded" to divulge the originator(s) of messages, if found in such a precarious position. Paul Ferguson | "Government, even in its best state, Network Integrator | is but a necessary evil; in its worst Centreville, Virginia USA | state, an intolerable one." fergp at sytex.com | - Thomas Paine, Common Sense Type bits/keyID Date User ID pub 1024/1CC04D 1993/03/15 Paul Ferguson Key fingerprint = EE D2 93 7D 04 6D C6 05 AC 36 AD 9D 8E 4F 41 58 From bart at netcom.com Sun Aug 8 10:01:27 1993 From: bart at netcom.com (Harry Bartholomew) Date: Sun, 8 Aug 93 10:01:27 PDT Subject: NIST contact information (further) Message-ID: <9308080753.AA15221@netcom5.netcom.com> Forwarded message: > From: fergp at sytex.com (Paul Ferguson) > Date: Sat, 07 Aug 93 16:52:31 EDT .... > > This file is on the NIST's publicly available system as > JUL93BLT.TXT. Other reports, announcements and bulletins are available In a forest of other information. The full recursive directory of /pub is itself 78346 bytes! The file referenced above is found in /pub/nistbul, but I downloaded several megabytes of interesting stuff. From nate at VIS.ColoState.EDU Sun Aug 8 12:01:29 1993 From: nate at VIS.ColoState.EDU (CVL staff member Nate Sammons) Date: Sun, 8 Aug 93 12:01:29 PDT Subject: (fwd) Wolf's got a thing or two to say here... Message-ID: <9308081856.AA00254@vangogh.VIS.ColoState.EDU> That almost looks like a posting from "NewsGrazer" on the NeXT, but I can't confirm it. That app could post Ritch text, and it often appeared as garbage unless you use NewsGrazer to decode it, but it also had something in the header about NewsGrazer... who knows? -nate From IE63 at vaxb.acs.unt.edu Sun Aug 8 17:36:26 1993 From: IE63 at vaxb.acs.unt.edu (IE63 at vaxb.acs.unt.edu) Date: Sun, 8 Aug 93 17:36:26 PDT Subject: EXE/COM encryptions Message-ID: <01H1IIPJ64TE001JWH@vaxb.acs.unt.edu> This is a message I received for an excellent idea on the run-time encryptions. Once I finish my current project(s), I may start on it, but in the mean time... any of you out there want to try this one? BTW - the program I mentioned in the post at the beginning of this thread has been uploaded to soda.berkeley.edu - when (if) it gets posted, anyone who's interested can FTP it... it contains full source code and is titled BWFPU21S.ZIP. As of yet, It has rather poor encryption techniques, but after all the suggestions I've been receiving, I hope to change that ASAP. Thanks Everyone! Michael Ellison ie63 at vaxb.acs.unt.edu Forwarded Message: From: IN%"rarachel at ishara.poly.edu" "A1 ray arachelian" 8-AUG-1993 13:18:00.86 To: IN%"IE63 at vaxb.acs.unt.edu" CC: Subj: RE: EXE/COM encryptions.... Return-path: Received: from ishara.poly.edu by vaxb.acs.unt.edu (PMDF #3644 ) id <01H1I5P1HL3K001KB3 at vaxb.acs.unt.edu>; Sun, 8 Aug 1993 13:17:49 CDT Received: by ishara.poly.edu (5.59a/25-eef) id AA05059; Sun, 8 Aug 93 10:16:57 EDT Date: 08 Aug 1993 10:16:55 -0400 (EDT) From: A1 ray arachelian (library) Subject: RE: EXE/COM encryptions.... In-reply-to: <01H1H4U3WNYQ001JGI at vaxb.acs.unt.edu>; from "IE63 at vaxb.acs.unt.edu" at Aug 7, 93 7:42 pm To: IE63 at vaxb.acs.unt.edu Message-id: <9308081416.AA05059 at ishara.poly.edu> Content-transfer-encoding: 7BIT > That sounds like an excellent idea - I may start experiment with > that soon if I get time, if not, you might want to send the idea to the > cypherpunks list as a whole as it would be really cool to see implemented. > The program I've written attaches to already compiled .EXE and .COM files > after compiling, so it would be of little use in that application (and > it is in .ASM), but writing another one at some point would be interesting... > haveta find someone with some _really_ technical docs on a good commercial > compiler..... > I hope I'm right about this, but when you do a reply to a message coming from the cypherpunks newsgroup (from my mailbox as I subscribed to it) doesn't the reply go through toad.com rather than just as a reply to the person to whom I'm responding? (If not, then I've been needlessly posting private messages!) Anyhow, you could always go for a compiler whose sources are readily available such as GCC. Commercial grade compilers will generally not provide a way to patch the back end. >HOWEVER< you can get around this by writing your own linker, and if the linker is smart enough to know where a function call is made, you can add in your own code to do the decryption to some free memory area off the disk, execute that area, and when the code returs back out, you free that memory area. It would be a somewhat disk intesive execution, but hey, it could be done from RAM as well. :-) There are several excellent third party linkers out there such as RTLINK and Blinker in the DOS world that do all sorts of nifty things such as overlays and dynamic memory management for compilers that don't give these features. Another possiblility is to write your own assembler as for instance Borland C will produce assembly output if told to do so rather than obj code. Then the assembler does the encryption handlink and I suppose a regular linker would work too. However, with most compilers, you should be able to write an engine in C code which will open up a datbase or some other file which is encrypted then grab portions of that file, decrypt them to memory, and do a call to them as if they were functions. Then when the call is done, you free that memory block, and continue to do the same.. This would deal with the ability to load up functions in overlays or just execute functions via a pointer than a direct call to a function. So the main code of your program is a decryption engine which loads up modules from an encrypted overlay file (or from the end of the EXE file,) decrypts them in RAM, calls them, and frees the memory they took up. (This may fail with STATIC variable declarations within functions!) It would work very nicely, but instead of doing direct function calls your program's source would need to be modifyied to do a whole song and dance before it can call a protected function. With a linker or compiler that does this automatically it makes it much easier to just recompile existing code, and much much easier to write such code from the programmer's point of view. Now an interesting situation is to be found on Macs which have individual code resources which can be compressed. There is no built in decompression/compression scheme in the system software. Rather it makes use of a special code resource labeled as DCMP for decompress which of course you could replace with a decrypt code resource, though the system would think the code resources are compressed. :-) This would not require any modifications to a compiler or linker. Just encrypting resources and adding in a decryption code resource which would pop up a dialog box asking for a key the first time it runs. (IF this winds up being private just to you, please post it as public for me by forwarding it to the cypherpunks newsgroup.) From ld231782 at longs.lance.colostate.edu Sun Aug 8 21:16:26 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Sun, 8 Aug 93 21:16:26 PDT Subject: CFP '94 announcement Message-ID: <9308090415.AA17448@longs.lance.colostate.edu> There was a huge amount of interest in this last time around, so I'm posting this to the list for anyone who hasn't seen it. p.s. look who's running the `student paper competition'... ===cut=here=== From: faigin at aero.org (Daniel P. Faigin) Newsgroups: comp.security.misc,comp.org.acm Subject: Computers Freedom and Privacy 1994 Date: 4 Aug 93 11:31:10 Message-ID: Conference Announcement Computers, Freedom, and Privacy 1994 23-26 March 1994 The fourth annual conference, "Computers, Freedom, and Privacy," (CFP'94) will be held in Chicago, Il., March 23-26, 1994. The conference is hosted by The John Marshall Law School; George B. Trubow, professor of law and director of the Center for Informatics Law at John Marshall, is general chair of the conference. (E-Mail: 7trubow at jmls.edu). The program is sponsored jointly by these Association for Computing Machinery (ACM) Special Interest Groups: Communications (SIGCOMM); Computers and Society (SIGCAS); Security, Audit and Control (SIGSAC). The advance of computer and communications technologies holds great promise for individuals and society. From conveniences for consumers and efficiencies in commerce to improved public health and safety and increased participation in government and community, these technologies are fundamentally transforming our environment and our lives. At the same time, these technologies present challenges to the idea of a free and open society. Personal privacy is at risk from invasions by high-tech surveillance and monitoring; a myriad of personal information data bases expose private life to constant scrutiny; new forms of illegal activity may threaten the traditional barriers between citizen and state and present new tests of Constitutional protection; geographic boundaries of state and nation may be recast by information exchange that knows no boundaries in global data networks. CFP'94 will present an assemblage of experts, advocates and interest groups from diverse perspectives and disciplines to consider freedom and privacy in today's "information society." A series of pre-conference tutorials will be offered on March 23, 1994, with the conference program beginning on Thursday, March 24, and running through Saturday, March 26, 1994. The Palmer House, a Hilton hotel located in Chicago's "loop," and only about a block from The John Marshall Law School, is the conference headquarters. Room reservations should be made directly with the hotel after September 1, 1993, mentioning John Marshall or "CFP'94" to get the special conference rate of $99.00, plus tax. The Palmer House Hilton 17 E. Monroe., Chicago, Il., 60603 Tel: 312-726-7500; 1-800-HILTONS; Fax 312-263-2556 Communications regarding the conference should be sent to: CFP'94 The John Marshall Law School 315 S. Plymouth Ct. Chicago, IL 60604-3907 (Voice: 312-987-1419; Fax: 312-427-8307; E-mail: CFP94 at jmls.edu) CALL FOR CFP'94 PARTICIPATION AND PROGRAM SUGGESTIONS It is intended that CFP'94 programs will examine the potential benefits and burdens of new information and communications technologies and consider ways in which society can enjoy the benefits while minimizing negative implications. Proposals are requested from those who desire to present an original paper in a relevant area of technology, policy analysis or law, or to suggest a program presentation. Any proposal (1) should not exceed three typewritten double-spaced pages; (2) must state the title of the paper or program; (3) briefly describe its theme and content; and (4) set out the name, address, credentials and experience of the author or suggested speakers. If a proposed paper has already been completed a copy should be attached to the proposal. STUDENT PAPER COMPETITION Full time college or graduate students are invited to enter the student paper competition. Papers must not exceed 2500 words and should address the impact of computer and telecommunications technologies on freedom and privacy in society. Winners will receive a scholarship to attend the conference and present their papers. All papers should be submitted by November 1, 1993 (either as straight text via e-mail or 6 printed copies) to: Prof. Eugene Spafford Department of Computer Science Purdue University West Lafeyette, IN 47907-2004 E-Mail: spaf at cs.purdue.edu; Voice: 317-494-7825 REGISTRATION Registration information and fee schedules will be announced by September 1, 1993. Inquiries regarding registration should be directed to RoseMarie Knight, Registration Chair, at the JMLS address above; her voice number is 312-987-1420. -- [W]: The Aerospace Corp. M1/055 * POB 92957 * LA, CA 90009-2957 * 310/336-8228 [Email]:faigin at aero.org, faigin at acm.org [Vmail]:310/336-5454 Box#68228 "I have a spelling checker/It came with my PC/It plainly marks four my revue/ Mistakes I cannot sea/I've run this poem threw it/I'm sure your pleased too no/ Its letter perfect in it's weigh/My checker tolled me sew." Pennye Harper From gnu Mon Aug 9 00:26:29 1993 From: gnu (John Gilmore) Date: Mon, 9 Aug 93 00:26:29 PDT Subject: Key-Escrow (black) Humor In-Reply-To: <9308071752.AA09964@bsu-cs.bsu.edu> Message-ID: <9308090723.AA25039@toad.com> > Q. How many NSA agents does it take to spy on U.S. citizens? > A. Sorry, that's classified information. Actually, the line is: A. We don't comment on our interception capabilities. John From gg at well.sf.ca.us Mon Aug 9 01:56:30 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Mon, 9 Aug 93 01:56:30 PDT Subject: Key-Escrow (black) Humor Message-ID: <93Aug9.015133pdt.14000-2@well.sf.ca.us> How many government agents does it take to screw in a lightbulb? a1: None, they don't screw. a2: None, they only screw the general public. a3: That question is forbidden under Don't Ask / Don't Tell. -gg From paul at poboy.b17c.ingr.com Mon Aug 9 07:16:37 1993 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Mon, 9 Aug 93 07:16:37 PDT Subject: Secure voice software issues Message-ID: <199308091409.AA23126@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- As soon as I get the famous Intergraph Overtime Boot off my neck, I plan to start writing some crypto-phone software for the Mac. Pursuant to that, there are some issues and questions that I'd like to raise here for your perusal. There have been several calls here in the past for Sound-Blaster based cryptophones, but none have yet appeared, so I'm going ahead with this. Comments and questions, even flames, are welcome. Just don't ask me to include support for Skipjack/Capstone hardware, or I'll sic David Sternlight on you. (note: no smiley) 1. Why the Mac? Well, because I have one :) Also because all Macs for the last three years or so have integrated sound I/O, and OS support for same. This support includes choice of sampling rate, compression (none, ~2:1, ~6:1), and even a choice of input device (the built-in mike, or some more-exotic external device, like the Mac version of the PAS-16 soundcard.) 2. Some fundamental principles: a) encryption routines will be provided as drop-in "plugins", much like Photoshop or BBEdit. Easy to customize, easy to roll-your-own. Easy for non-US residents to use. Easy to separate details of encryption from messy details of Mac Sound Manager and Toolbox. b) reuse. The initial version will leverage as much existing code (cf. Outerbridge's fast 68k DES, parts of PGP, and so on.) The eventual product will be released in complete source form to encourage adaptation to other platforms. (note that if I use AppMaker for my basic design, as I am wont to do, that I won't be able to distribute their source code.) c) STU-III metaphor. Basic mechanism: caller dials callee. The phones establish a connection and negotiate speed and security- for example, the crypto ignition key you put into a STU-III may be able to handle TOP SECRET or below, but your callee may only be able to handle SECRET. I expect the s/w version to also negotiate sampling fidelity (5.5, 11, or 22 kHz) based on DCE connect speed and compression based on DCE connect speed and CPU power. (neat idea: each side can compress and encrypt one of the standard system beeps to determine a relative "power index" for negotiation) 4. The initial version will probably support single and triple DES and IDEA for encryption, with key exchange a la vat- none! Later versions may include DH key exchange and other encryption algorithms. Eventually (probably not until I get a PowerPC-based machine) I'd like to be able to use PGP keyrings as phonebooks. 5. In a few months I'll need some beta testers. In the meantime I need helpful suggestions for names, features, and designed-in expansion capabilities. - -Paul - -- Paul Robichaux, KD4JZG | "Crypto-anarchy means never having to say perobich at ingr.com | you're sorry." - Tim May (tcmay at netcom.com) Intergraph Federal Systems | Be a cryptography user- ask me how. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLGZaUiA78To+806NAQFzbwP/QcmDnDIqIxyzKyXdbWteVMDd6DUeHwQ0 is/C6yQgRNSNgf0fPTPBU8u3D8R8CWua7YM8oSwzPsR0MNYDbuMQqEKNLQNDHkGo Sq1duWBKcjy1XmGXJ0QxlC3EqB85IQMnp2tI7JxmotsAv5YLFJ3+vvfRZZkmdpUS c0Aea7baaec= =kZWx -----END PGP SIGNATURE----- From DIC1241 at cup.edu Mon Aug 9 07:51:47 1993 From: DIC1241 at cup.edu (DIC1241 at cup.edu) Date: Mon, 9 Aug 93 07:51:47 PDT Subject: NIST System's Address Message-ID: <744907861.240000.DIC1241@cup.edu> I seemed to miss it the first time, so could someone please post NIST's system address again. Thanks From still at kailua.colorado.edu Mon Aug 9 07:51:49 1993 From: still at kailua.colorado.edu (James Still) Date: Mon, 9 Aug 93 07:51:49 PDT Subject: Ayn Rand and Crypto-Anarchy Message-ID: <2C667234@kailua.colorado.edu> >So, I would agree that Rand was one of the prime motivators of crypto >anarchy. What she wanted to do with material technology (mirrors over >Galt's Gulch) is _much_ more easily done with mathematical technology. > >Someday I'll repost my essay "Libertaria in Cyberspace" to this List. I've never seen it, how about humoring me and making "someday" today? +----------------------------------+-----------------------------+ | Life is a PGP-encryted riddle, | | | and the secret key is hidden | Hieroglyphic Voodoo Machine | | on board a UFO with Elvis. | 1.303.443.2457 N-8-1 | +----------------------------------+-----------------------------+ From elee9sf at Menudo.UH.EDU Mon Aug 9 09:16:38 1993 From: elee9sf at Menudo.UH.EDU (Karl Barrus) Date: Mon, 9 Aug 93 09:16:38 PDT Subject: ANON: Re: how does it work Message-ID: <199308091614.AA19550@Menudo.UH.EDU> -----BEGIN PGP SIGNED MESSAGE----- > As an aside, all this talk about anonymous remailers is intriguing. > Does anyone know with certainty what happens at the remailer site, > within the software process of stripping headers and the likes, where > the original sender of the message could be tracked? SENDMAIL logs, > etc.? Well, I recently checked the syslog file (found in /usr/spool/mqueue) on rosebud, and it contains entries like this: Aug 7 17:40:17 rosebud sendmail[24780]: AA24780: from=elee7h5, size=6544, class=0 Aug 7 17:40:19 rosebud sendmail[24781]: AA24780: to=[deleted] delay=00 :00:02, stat=Sent, mailer=tcp, host=[deleted] Aug 8 10:19:41 rosebud sendmail[24816]: AA24816: message-id=<[deleted]> Aug 8 10:19:41 rosebud sendmail[24816]: AA24816: from=<[deleted]>, size=618, class=0 Aug 8 10:19:41 rosebud sendmail[24817]: AA24816: to="|/users/emlab/elee7h5/remail/slocal.pl", delay=00:00:01, stat=Sent, mailer=prog, host= (I deleted out the addresses that were actually there.) Unfortunately, I can't erase the syslog file or turn sendmail logging off. Some things that would help foil traffic analysis would be to file all incoming mail in a directory, and then mail it out randomly in the early hours of the morning. Or, hop your mail around a bit more. > What would be preferrable, in ideal scenario, would be that all traces > of the incoming message was discarded altogether. In this fashion, the > operator of the remailer would be less likely to be "persuaded" to > divulge the originator(s) of messages, if found in such a precarious > position. Ah, I have some bad and good news about my remailer elee7h5 at rosebud.ee.uh.edu. A friend has loaned me his account, and in the course of setting up a remailer which uses RIPEM instead of PGP (some folks have requested this - and it should be up RSN :-), I tried to log into my account to fix the sendmail invocation option to -oi and recompile perl to include flock() support. I found my password had been locked! Actually, I've been expecting this to happen - you see, I'm through with UH and am going to Rice from now on. Rosebud is a workstation in the grad group I used to be in, and since I'm no longer a student, I figured this would happen sooner or later. BUT, it is a precedent that old student's directories are kept around, with logins disabled. I've tested the remailer, and it still responds, so hopefully it will run quietly for many more months/years :-) That was the bad news: I can't log into it to fix things, or check bounced mail, etc. But this is good news as well: bounces and errors are dropped, the remailer works automatically and I can't disable it :-) In fact, I have a pretty good excuse if ever somebody "abuses" the remailer... I can't do anything about it, heh :-) -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLGZ3o4OA7OpLWtYzAQFd1AQAmOhpr0bkdEKptxmqRsCJ+5KfRacL8JFF Xq1ehVSa7Q7UPeqfoNRVpDpWljyajKiJ5DZElhUPHiDJbTD9GZzoP0w9+SPQqB6D Ar6nS1kt0BptEUoNC5aLDsFyOBx3f7pZg+7YfcBHs10hVybQUNIzGs+g9YWt+CtB GXZV17GOzlY= =BV0/ -----END PGP SIGNATURE----- From bart at netcom.com Mon Aug 9 09:51:48 1993 From: bart at netcom.com (Harry Bartholomew) Date: Mon, 9 Aug 93 09:51:48 PDT Subject: NIST System's Address Message-ID: <9308091651.AA17492@netcom5.netcom.com> > From: DIC1241 at cup.edu > Subject: NIST System's Address > > I seemed to miss it the first time, so could someone please post NIST's > system address again. Thanks > > ftp to csrc.nist.gov:/pub From karn at qualcomm.com Mon Aug 9 09:51:49 1993 From: karn at qualcomm.com (Phil Karn) Date: Mon, 9 Aug 93 09:51:49 PDT Subject: ANON: Re: how does it work In-Reply-To: <199308091614.AA19550@Menudo.UH.EDU> Message-ID: <9308091646.AA21992@servo> On most UNIX systems, nothing prevents an ordinary user (one without the root password) from writing his/her own program for sending mail to a remote site with SMTP/TCP/IP; there's no requirement to go through the normal sendmail queue. Incoming mail is a different story, but at least you can keep the outgoing half of your traffic from being logged. Phil From kinney at spot.Colorado.EDU Mon Aug 9 10:21:45 1993 From: kinney at spot.Colorado.EDU (W. Kinney) Date: Mon, 9 Aug 93 10:21:45 PDT Subject: PGP Bug? Message-ID: <199308091717.AA19879@spot.Colorado.EDU> Cypherpunks -- Looking at the code for doing conventional encryption in PGP, I've come across something that doesn't look right. It's with the 10-byte header block that PGP adds to the beginning of files -- 8 bytes of random data with the last two bytes repeated to use for key verification. Indicating omissions by "[...]", the code in crypto.c looks like this: int idea_encryptfile(char *infile, char *outfile, boolean attempt_compression) { [...] byte ideakey[16]; <------- KEEP AN EYE ON THIS BUFFER struct hashedpw *hpw; [... a call to GetHashedPassPhrase to set the key] /* Now compress the plaintext and encrypt it with IDEA... */ squish_and_idea_file( ideakey, f, g, attempt_compression ); [...] } static int squish_and_idea_file(byte *ideakey, FILE *f, FILE *g, boolean attempt_compression) { [...] idea_file( ideakey, ENCRYPT_IT, t, g, fsize(t) ); [...] } static int idea_file(byte *ideakey, boolean decryp, FILE *f, FILE *g, word32 lenfile) { [...] #define RAND_PREFIX_LENGTH 8 [...] if (!decryp) /* encrypt-- insert key check bytes */ { /* There is a random prefix followed by 2 key check bytes */ memcpy(textbuf, ideakey+IDEAKEYSIZE, RAND_PREFIX_LENGTH); ^^^^^^^^^^^^^^^^^^^^ But ideakey is only a sixteen byte buffer! Looks like we're copying junk from the stack here, instead of generating a strong random number to put in the prefix... And now a question for the crypto gurus out there. The reason I came across the above is because I'm adding conventional encryption to some Mac code I had laying around, and I wanted to support PGP-format files. I had been thinking about the problem of verifying decryption keys, and the solution I had come up with to use in my code was to MD5 hash the plaintext when I encrypted it, then encrypt the hash with the same key and store it in a resource to use as a key verification block. When the file is decrypted, so is the verification block, and all you have to do to verify the key is MD5 the plaintext again and compare the new hash to the original hash. My question is, can anyone think of any weaknesses with doing it that way? (I can still support PGP data formats if I do...) -- Will From marc at GZA.COM Mon Aug 9 10:41:46 1993 From: marc at GZA.COM (Marc Horowitz) Date: Mon, 9 Aug 93 10:41:46 PDT Subject: ANON: Re: how does it work In-Reply-To: <9308091646.AA21992@servo> Message-ID: <9308091740.AA20911@dun-dun-noodles.aktis.com> Why write your own problem? Get the sendmail sources from any number of ftp sites, modify them a little, recompile, and use your own sendmail instead of your OS's for delivery. Then, you can keep limited logs for debugging in a place you can delete them when you're done. The only catch is that running as you instead of root, you can't listen on port 25. Marc From pbreton at cs.umb.edu Mon Aug 9 11:01:46 1993 From: pbreton at cs.umb.edu (Peter Breton) Date: Mon, 9 Aug 93 11:01:46 PDT Subject: ANON: Re: how does it work In-Reply-To: <9308091740.AA20911@dun-dun-noodles.aktis.com> Message-ID: > Why write your own problem? Get the sendmail sources from any number > of ftp sites, modify them a little, recompile, and use your own > sendmail instead of your OS's for delivery. Then, you can keep > limited logs for debugging in a place you can delete them when you're > done. The only catch is that running as you instead of root, you > can't listen on port 25. Two problems: 1) Aren't telnets logged, at least at the site you telnet to? If I "telnet xxxx smtp", doesn't the site I telnet to have it in a log? I can't control that, and that could identify me. 2) Sendmail (at least on our system) drops mail into a queue owned by root, and inaccessible to anyone else. So without root privs your sendmail may not function. (I know because I've tried). I'm no UNIX guru, just a hacker, so if someone knows more by all means correct me. ------------------------------------------------------------------------- Peter Breton pbreton at cs.umb.edu PGP key by finger ========================================================================= From karn at qualcomm.com Mon Aug 9 11:11:46 1993 From: karn at qualcomm.com (Phil Karn) Date: Mon, 9 Aug 93 11:11:46 PDT Subject: ANON: Re: how does it work In-Reply-To: Message-ID: <9308091810.AA23514@servo> You don't use the system telnet, you write your own socket application. No UNIX systems I know log at this level, but it is certainly possible. Or someone could record packets off the local Ethernet. There's not much you can do about this. You could hack up a copy of sendmail, but SMTP is so trivial that you could do it yourself, especially since the functionality you need is so limited. Phil From pmetzger at lehman.com Mon Aug 9 11:46:37 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Mon, 9 Aug 93 11:46:37 PDT Subject: ANON: Re: how does it work In-Reply-To: <9308091810.AA23514@servo> Message-ID: <9308091837.AA11305@snark.shearson.com> Phil Karn says: > You don't use the system telnet, you write your own socket application. > No UNIX systems I know log at this level, but it is certainly possible. > Or someone could record packets off the local Ethernet. There's not much > you can do about this. > > You could hack up a copy of sendmail, but SMTP is so trivial that you > could do it yourself, especially since the functionality you need > is so limited. Indeed, writing an SMTP agent in Perl is quite trivial -- I've done it. Perry From tcmay at netcom.com Mon Aug 9 12:26:37 1993 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 9 Aug 93 12:26:37 PDT Subject: Libertaria in Cyberspace Message-ID: <9308091925.AA24594@netcom.netcom.com> "Libertaria in Cyberspace" I wrote, and then James Still wrote: >>So, I would agree that Rand was one of the prime motivators of crypto >>anarchy. What she wanted to do with material technology (mirrors over >>Galt's Gulch) is _much_ more easily done with mathematical technology. >> >>Someday I'll repost my essay "Libertaria in Cyberspace" to this List. > >I've never seen it, how about humoring me and making "someday" today? Your wish is my command! Originally written for the "Extropians" mailing list, nearly a year ago, there are undoubtedly things that could be changed or improved. Reaching this state of "Libertaria," if it ever happens, will take a lot more than the Cypherpunks remailers of today. Digital money, truly anonymous transactions (a la Chaum's "Dining Cryptographers Net"), digital escrow services, reputations, etc., are all needed. Here it is: To: Extropians at gnu.ai.mit.edu From: tcmay at netcom.com (Timothy C. May) X-Original-Message-Id: <9209011842.AA14649 at netcom.netcom.com> Subject: Libertaria in Cyberspace Date: Tue, 1 Sep 92 11:42:12 PDT X-Extropian-Date: Remailed on September 1, 372 P.N.O. [18:42:47 UTC] LIBERTARIA IN CYBERSPACE or CYBERSPACE MORE HOSPITABLE TO IDEAS OF LIBERTY AND CRYPTO ANARCHY Here are a few points about why "cyberspace," or a computer-mediated network, is more hospitable than physical locations for the kind of "crypto anarchy" libertarian system I've been describing. Several folks have commented recently about ocean-going libertarian havens, supertankers used as data havens, and so forth. In the 1970s, especially, there were several unsuccessful attempts to acquire islands in the Pacific for the site of what some called "Libertaria." (Some keywords: Vanuatu, Minerva, Mike Oliver, Tonga) Obtaining an entire island is problematic. Getting the consent of the residents is one issue (familiar to those on the this list who weathered the Hurrican Andrew diversion debate). Being _allowed_ to operate by the leading world powers is another....the U.S. has enforced trade embargoes and blockades against many nations in the past several decades, including Cuba, North Korea, Libya, Iran, Iraq, andothers. Further, the U.S. has invaded some countries---Panama- is a good example---whose government it disliked. How long would a supertanker "data haven" or libertarian regime last in such an environment? (Stephenson's fascinating "SnowCrash" didn't address tthe issue of why the "Raft" wasn't simply sunk by the remaining military forces.) I should note that the recent splintering of countries may provide opportunities for libertarian (or PPL, if your prefer to think of it in this way) regions. Some have speculated that Russia itself is a candidate, given that it has little vested in the previous system and may be willing to abandon statism. If several dozen new countries are formed, some opportunities exist.. The basic problem is that _physical space_ is too small, too exposed to the view of others. "Libertaria" in the form of, say, an island, is too exposed to the retaliatation of world powers. (I won't go into the "private nukes" strategy, which I need to think about further.) A floating private nation (or whatever it's called) is too vulnerable to a single well-placed torpedo. Even if it serves as a kind of Swiss bank, and thus gets some of the same protection Switzerland got (to wit, many leaders kept their loot there), it is too vulnerable to a single attacker or invader. Piracy will be just one of the problems. Finally, how many of us want to move to a South Pacific island? Or a North Sea oil rig? Or even to Russia? Cyberspace looks more promising. There is more "space" in cyberspace, thus allowing more security and more colonizable space. And this space is coterminous with our physical space, accessible with proper terminals from any place in the world (though there may be attempts in physical space to block access, to restrict access to necessay cryptographic methods, etc.). I won't go into the various cryptographic methods here (see my earlier posting on the "Dining Cryptographers" protocol and various other postings on public key systems, digital mixes, electronic cash, etc.). Interested readers have many sources. (I have just read a superb survey of these new techniques, the 1992 Ph.D. thesis of Jurgen Bos, "Practical Privacy," which deals with these various protocols in a nice little book.) Alice and Bob, our favorite cryptographic stand-ins, can communicate and transact business without ever meeting or even knowing who the other is. This can be extended to create virtual communities subject only to rules they themselves reach agreement on, much like this very Extropians list. Private law is the only law, as there is no appeal to some higher authority like the Pope or police. (This is why I said in several of my potings on the Hurricane Andrew debate that I am sympathetic to the PPL view.) And this is the most compelling advantage of "Crypto Libertaria": an arbitrarily large number of separate "nations" can simultaneously exist. This allows for rapid experimentation, self-selection, and evolution. If folks get tired of some virtual community, they can leave. The cryptographic aspects mean their membership in some community is unknown to others (vis-a-vis the physical or outside world, i.e., their "true names") and physical coercion is reduced. Communalists are free to create a communal environment, Creative Anachronists are free to create their own idea of a space, and so on. I'm not even getting into the virtual reality-photorealistic images-Jaron Lanier sort of thing, as even current text-based systems are demonstrably enough to allow the kind of virtual communities I'm describing here (and described in Vinge's "True Names," in Gibson's "Neuromancer," in Sterling's "Islands in the Net," and in Stephenson's "Snow Crash"...though all of them missed out on some of the most exciting aspects...perhaps my novel will hit the mark?). But will the government allow these sorts of things? Won't they just torpedo it, just as they'd torpedo an offshore ooirig data haven? The key is that distributed systems have no nexus which can be knocked out. Neither Usenet norFidoNet can be disabled by any single government, as they are worldwide. Shutting them down would mean banning computer-to-computer communication. And despite the talk of mandatory "trap doors" in encryption systems, encryption is fundamentally easy to do and hard to detect. (For those who doubt this, let me describe a simple system I posted to sci.crypt several years ago. An ordinary digital audio tape (DAT) carries more than a gigabyte of data. This means that thhe least significant bit (LSB) of an audio DAT recordingng carries about 8megabytes of data! So Alice is stopped by the Data Police. They ask if she's carrying illegal data. She smiles inocently and say "No. I know you'll search me." They find her Sony DATman and ask about her collection of tapes and live recordings. Alice is carrying 80 MB of data---about 3 entire days worth of Usenet feeds!---on each and every tape. The data are stored in the LSBs, completely indistinguishable from microphone and quantization noise...unless you know the key. Similar methods allow data to be undetectably packed into LSBs of the PICT and GIF pictures now flooding the Net, into sampled sounds, and even into messages like this...the "whitespace" on the right margin of this message carries a hidden message readable only to a few chosen Extropians.) I've already described using religions and role-playing games as a kind of legal cover for the development and deployment of these techniques. If a church decides to offer "digital confessionals" for its far-flung members, by what argument will the U.S. government justify insisting that encryption not be used? (I should note that psychiatrists and similar professionals have a responsibility to their clients and to their licensing agencies to ensure the privacy of patient records. Friends of mine are using encryption to protect patient records. This is just one little example of how encryption is getting woven into the fabric of our electronic society. There are many other examples.) In future discussions, I hope we can hit on some of the many approaches to deploying these methods. I've spent several years thinking about this, but I've surely missed some good ideas. The "crypto anarchy game" being planned is an attempt to get some of the best hackers in the Bay Area thinking along these lines and thinking of new wrinkles. Several have already offered to help further. Some have commented that this list is not an appropriate place to discuss these ideas. I think it is. We are not discussing anything that is actually illegal, even under the broad powers of RICO (Racketeer-Influenced and Corrupt Organizations Act, used to go after "conspiracies" of porn dealers and gun dealers, amongst others). What we are discussing are long-range implications of these ideas. In conclusion, it will be easier to form certain types of libertarian societies in cyberspace than in the real world of nations and physical locations. The electronic world is by no means complete, as we will still live much of our lives in the physical world. But economic activity is sharply increasing in the Net domain and these "crypto anarchy" ideas will further erode the power of physical states to tax and coerce residents. Libertaria will thrive in cyberspace. -Tim May -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: by arrangement Note: I put time and money into writing this posting. I hope you enjoy it. From treason at gnu.ai.mit.edu Mon Aug 9 13:16:37 1993 From: treason at gnu.ai.mit.edu (treason at gnu.ai.mit.edu) Date: Mon, 9 Aug 93 13:16:37 PDT Subject: Using a 'telserv' program to redirect mail Message-ID: <9308092013.AA07670@spiff.gnu.ai.mit.edu> I know the subject is misleading but to get into the heart of the matter. It is very simple to write a unix program to redirect a program driving a port to another port without affecting it running on the first port. The program I have seen to do this is called 'telserv' and can redirect any port daemon to operate on any other port available (above 1024 of course) without any special system access. With this program I have been able to redirect telnetd, ftpd, and smtpd to other ports with no problem. In most cases, the new port is not logged, and works 100% accurately. The only current limitation is that only one port process can be taking place at a time. This could easily be surpassed by a simple fork() statement addin. I will not post this code unless I am assured that it is not going to be a legal problem. As you can see from the above written statement, I am not a learned unix programmer, as I have taught myself everything I know (the only accessible machine our uni has is a prime 6250), so please be gentle with the flames, I have done my best to represent the code and system accurately. treason at gnu From wcs at anchor.ho.att.com Mon Aug 9 14:06:39 1993 From: wcs at anchor.ho.att.com (Bill_StewartHOY0021305) Date: Mon, 9 Aug 93 14:06:39 PDT Subject: ANON: Re: how does it work Message-ID: <9308092014.AA21402@anchor.ho.att.com> > Phil Karn says: > > You don't use the system telnet, you write your own socket application. ... > > You could hack up a copy of sendmail, but SMTP is so trivial that you > > could do it yourself, especially since the functionality you need > > is so limited. Perry says: > Indeed, writing an SMTP agent in Perl is quite trivial -- I've done it. While you're at it, another source for traffic analysis is DNS requests; you may want to cache these for the sites you commonly connect to, or at least put a DNS server on your machine to do some caching. In a mature environment, most of your anonymous traffic will go to other remailers anyway, but might as well cut down on the logging opportunities. Bill From keru at cpu.us.dynix.com Mon Aug 9 14:46:38 1993 From: keru at cpu.us.dynix.com (Warren Keith Russell) Date: Mon, 9 Aug 93 14:46:38 PDT Subject: "Village Voice" Article is Another Winner! In-Reply-To: <9308010537.AA13092@netcom.netcom.com> Message-ID: Can anyone tell me how to get a copy of Levy's "Wired" article? I have sent several messages to the editors, with no response. Kelly's Whole Earth Review articles sounds like it might be of interest, too. Thanks. ------------------------------------------------------------------------- Keith Russell Dynix Library Systems, Provo, Utah, U.S.A. keru at cpu.us.dynix.com or keru at devg.us.dynix.com ------------------------------------------------------------------------- From gnu Mon Aug 9 15:41:52 1993 From: gnu (John Gilmore) Date: Mon, 9 Aug 93 15:41:52 PDT Subject: Big Brother's New Eyes -- Economist, August 7th Message-ID: <9308092241.AA21147@toad.com> The Economist magazine has two articles on monitoring of citizens' activities in its August 7th issue, and mentions the problem on the cover. In its editorial on p. 16, it comes out in favor of anonymity: "Even if the anonymous technologies are more expensive and less convenient than the data-scooping alternative, the price will be worth paying." It also reports on road-toll charging systems starting on p. 71, with a minor mention of anonymous toll payment. The headline is "Big Brother is Clocking You" with a subheading of "The technology that promises fewer traffic jams may damage your civil liberties." The Economist is one of the truly outstanding magazines of the decade, by the way. It sounds stogdy but it is anything but, and it tends to spot trends long before the rest of the world has noticed them. John From honey at citi.umich.edu Mon Aug 9 15:46:40 1993 From: honey at citi.umich.edu (peter honeyman) Date: Mon, 9 Aug 93 15:46:40 PDT Subject: ANON: Re: how does it work Message-ID: <9308092243.AA21216@toad.com> > While you're at it, another source for traffic analysis is DNS requests; dns requests are not generally logged, so i guess you're considering a generalized net snooper in your threat model, in which case discovery of dns requests is the least of your concerns. peter From thug at phantom.com Mon Aug 9 18:16:41 1993 From: thug at phantom.com (Murdering Thug) Date: Mon, 9 Aug 93 18:16:41 PDT Subject: Secure voice software issues Message-ID: Paul, I noticed you mentioned that you will be using key rings in your cryptophones, so here's an idea I think would be great for cryptophones. This is a simple solution to the key-exchange problem. Cryptophone users would not need to exchange keys beforehand nor need to store other people's public keys on their cryptophone. - Every cryptophone user has a public and private key pair (like in RSA or PGP) - When a person calls another person, the phones automatically exchange their public keys before the voice conversation begins. Obviously the private keys are never transmitted. With this method, all one needs to initiate a secure telephone conversation is the phone number of whoever you're calling, just like using a regular telephone. I am assuming this is how Clipper/Skipjack phones would do this. I hope your cryptophone software does this as well, since I don't want to or need to keep keyrings full of public keys of everyone I might ever have to call. Thug From paul at poboy.b17c.ingr.com Mon Aug 9 18:41:52 1993 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Mon, 9 Aug 93 18:41:52 PDT Subject: Secure voice software issues In-Reply-To: Message-ID: <199308100132.AA26355@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- The problem with this is that public-key encryption is slooooow. I never thought of having a fixed key for each user; even the STU-III ignition keys get reloaded every so often. Until I implement DH key exchange, caller & callee must have some way to agree on a key. This is far from ideal, but (based on PGP's RSA implementation on my Mac) I don't think RSA would cut it. One possibility is to use a PGP-style keyring; the caller can encrypt the session key with the callee's pubkey and transmit it. I think that this is less secure than DH, though. More comments are way welcome! Thanks. - -Paul - -- Paul Robichaux, KD4JZG | "Crypto-anarchy means never having to say perobich at ingr.com | you're sorry." - Tim May (tcmay at netcom.com) Intergraph Federal Systems | Be a cryptography user- ask me how. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLGb6kCA78To+806NAQFsUgP/W2eKFBiKLzBg1Aip2VTzg6RJDAU4C/mt pW0RMx4dLK7ZRp8r3frmLHDnS2dcEwtu9weNOnzkFyK/j2056kn52O0icTX9w4gl xDLIm/ay3gNaDrqZDA81c9vYsdHAn3pQaK1dxx3VZoWA6Je62ULvNlrxGIEXrvX5 zEEsV/5dYkQ= =YFQP -----END PGP SIGNATURE----- From steven at well.sf.ca.us Mon Aug 9 18:46:40 1993 From: steven at well.sf.ca.us (Steven Levy) Date: Mon, 9 Aug 93 18:46:40 PDT Subject: getting wired #2 Message-ID: <93Aug9.184431pdt.13941-1@well.sf.ca.us> >Can anyone tell me how to get a copy of Levy's "Wired" article? If it's any comfort I can't get any myself. The issue is sold out and there are very few even in the WIRED office, so few that they won't spare 'em. What's worse, it's very hard to Xerox the article since it is printed on a weird background. If you can't get it anywhere, let me know and I'll try to get one to you, but I would appreciate it if you (and anyone else) wrote the editors at wired.com and told 'em you would like to see reprints of the story. Steven From karn at qualcomm.com Mon Aug 9 20:01:56 1993 From: karn at qualcomm.com (Phil Karn) Date: Mon, 9 Aug 93 20:01:56 PDT Subject: Secure voice software issues In-Reply-To: <199308100132.AA26355@poboy.b17c.ingr.com> Message-ID: <9308100259.AA24433@servo> I recommend a signed Diffie Hellman key exchange for a secure phone. That is, you generate a session key with Diffie Hellman, and you sign your exchanges with RSA to guard against the meet-in-the-middle attack. I agree that RSA public keys could be exchanged as needed during the call, although this might require a few iterations before a party gets a signature that it can trust. Finding a path through the PGP "web of trust" back to a trusted public key that the other party already has may be tricky. This is one thing that is much easier with a simple tree a la PEM, as you simply give the path back up to a common, shared root. I'm not sure how to do this with PGP. Perhaps the challenger could list the public key(s) it trusts (perhaps just its own) and ask the challenged party to find a (the) route through the web that connect itself with the challenger's trusted key, and to return those keys and signatures. This might be easier than having the challenger remotely "grope" through the paths in the challenged party's key database, one signature/key at a time. Of course, keys and signatures ought to be cached to speed the process the next time around. Or the users could sign each others keys directly once they're satisified with their identities. If you first do Diffie Hellman and then immediately use the session key it generates to conventionally encrypt the rest of the protocol, including any RSA public key exchanges, this has the added benefit of denying passive eavesdroppers any information that would identify the parties to the call. The best an *active* eavesdropper (conducting a man-in-the-middle attack against Diffie Hellman) could do is to trick the parties into revealing their RSA public keys, and thus their identities. But the parties would quickly discover this at the signature step, before the voice conversation actually starts. Again, the *really* nice thing about this protocol is that once the DH session key is destroyed, there's no way to recover it even if the RSA secret keys are later compromised. And nothing (other than the availability of CPU cycles) prevents you from rekeying periodically during a single call. The worst that could then happen if the phone is captured and read out before it could be zeroized would be the compromise of the conversation since the last rekey. Phil From fergp at sytex.com Mon Aug 9 21:21:56 1993 From: fergp at sytex.com (Paul Ferguson) Date: Mon, 9 Aug 93 21:21:56 PDT Subject: Cypherpunks write code Message-ID: Can I entice someone to post the Cypherpunk charter statement again? I've been looking at the FAQ that Eric Raymond started, and need to to fill in some gaps.... This has taken way too long and I thought perhaps I might toss a few free moments into adding some text. Cheers, Paul Ferguson | "Government, even in its best state, Network Integrator | is but a necessary evil; in its worst Centreville, Virginia USA | state, an intolerable one." fergp at sytex.com | - Thomas Paine, Common Sense Type bits/keyID Date User ID pub 1024/1CC04D 1993/03/15 Paul Ferguson Key fingerprint = EE D2 93 7D 04 6D C6 05 AC 36 AD 9D 8E 4F 41 58 From fergp at sytex.com Mon Aug 9 21:21:57 1993 From: fergp at sytex.com (Paul Ferguson) Date: Mon, 9 Aug 93 21:21:57 PDT Subject: Digitized for posterity Message-ID: They got me. At the DMV. Today. Yuck. Bought a new (used) car and had to do all that fun stuff -- license, tags, etc, ad nauseam and decided to get my license updated to reflect my new mailing address while I'm there. Of course, I expected it, because my wife had it done to her earlier this year, but seeing the final product leaves a knot in your throat. Digitized photographs, in the database of the state. (insert appropriate parable here) Ptheewww! At least they were quick about it. Too bad they don't have dial-in service. ,-) Cheers, Paul Ferguson | "Government, even in its best state, Network Integrator | is but a necessary evil; in its worst Centreville, Virginia USA | state, an intolerable one." fergp at sytex.com | - Thomas Paine, Common Sense Type bits/keyID Date User ID pub 1024/1CC04D 1993/03/15 Paul Ferguson Key fingerprint = EE D2 93 7D 04 6D C6 05 AC 36 AD 9D 8E 4F 41 58 From ciamac at hplms2.hpl.hp.com Mon Aug 9 22:26:43 1993 From: ciamac at hplms2.hpl.hp.com (Ciamac Moallemi) Date: Mon, 9 Aug 93 22:26:43 PDT Subject: directions to Cygnus Message-ID: <9308100525.AA13623@cello.hpl.hp.com> Could someone post directions to Cygnus for the meeting on Saturday? Thanks. From collins at newton.apple.com Mon Aug 9 22:26:56 1993 From: collins at newton.apple.com (Scott Collins) Date: Mon, 9 Aug 93 22:26:56 PDT Subject: Wolf's got a thing or two to say Message-ID: <9308091826.AA12189@newton.apple.com> Hello, The message in question was ascii armored with a missing checksum. You can trick PGP into ignoring the missing checksum by decrypting to the screen (only). It is an example of the fact that most messages are more work to decrypt than they are worth upon reading (at least to me, since I do not know or know of 'Wolf', 'Nancy', 'Rose', 'David' or 'Officer Cooper 171' or any of their interactions). Scott Collins | "Few people realize what tremendous power there | is in one of these things." -- Willy Wonka ......................|................................................ BUSINESS. voice:408.862.0540 fax:974.6094 collins at newton.apple.com Apple Computer, Inc. 1 Infinite Loop, MS 301-2C Cupertino, CA 95014 ....................................................................... PERSONAL. voice/fax:408.257.1746 1024/669687 catalyst at netcom.com What follows is the de-armored text of the message "(fwd) Wolf's got a thing or two to say": ----------cut here---------- Hello friends. I hope you are all well. I am doing better today than before. I get a little more livelier every day. I am not in the mood to talk about the situation right now, though. I would like to first of all thank each an every one of you for the SCADS of mail I have recieved in response to my post about what happened last Monday night. I am not very good at those name things...where everyone who writes someone gets listed in a thank you note. And I am not very good at promptly answering mail either. And I am not very good at ever getting around to answering all of the mail I recieve. I wish that I were better about this, but I am simply too busy. I have tried to send a thankyou note to as many of you as I can personally. I know for a fact that there are many replies that I recieved that went unanswered, and for that I hope no one takes it personally. I am not in any way trying to say that every bit of individual support is not as important as any other. I read every piece of mail I get! And I respond to it if I can. I want for all of asar to know...I thank you for being here for me and I know who is out there on my side! now...I have something else that is on my mind... I will admit that I have neglected to read every post in the thread that got ignited by Nancy's RE: David post. I know that I have not been able to locate the post by Rose that keeps getting reffered to. Oh well, too bad...I still have some things to add on my behalf and simply because seom something about this thread is very disturbing to me. I am going to place a spoiler here b/c I am fearful that what I am about to say my be flame bait. I think it might offend some of you and I do not want to get into a situation like that again. I have carefully considered what I would like to express, but I get t he feeling that there are some people who are looking for a debate no matter what. So if you want to square off and hash this thread to pieces, then of course you are certainly free to do so, but I will be much more comfortable with this if my $.02 are inserted right here and now... ************************************SPOILER************************************ this will discuss my feelings concerning some of "did she do the right thing" and some of the symantic discussions that are taking place as a result of some responses to my post that is most certainly enough lines... I agree with whoever in response to this thread posted that this is emotionally charged stuff. I have been a little charged by it myself. Since I have not read Rose's part in this I cannot relate to that area of the discussion. Obviously Rose is upset that someone said something negative to her. I will try not to be cynical about it, b/c I am feeling a little bit upity and I do not want to be rude. I am simply a bit disturbed by Nancy's original post about my having "gotten David arrested". On my behalf...call it symantic quibble if you will, but it is what I did to protect myself and I am angered that it seems to have been questioned even no especially when even David didn't question it once he had a period to calm himself. No I have read where everyone thinks that for one reason or another I did the right thing to protect myself. But let's face it, guys. David got himself arrested. As for police and police brutality and fairness and justice, well, look at the perr peers around you. Many of us have very little faith in the justice system of this USA. If we had more maybe more of us would have tried a long time ago to seek out the justice we deserve for the violations we have suffered. I am not quick to call the police either, let me tell you. My first experience with trying to get police to help me with being harrassed by Dez (where I was being forced to practice prostitution and being beaten and ravaged regularly) led me to getting punished by Dez since he had so conveniently bought off parts of the police department in my home town. I got the shit beat out of me first by the cops then by Dez. So I know how fucked up the police an be. Luckily this is a different town and a different life (well almost). As I sit here and think of the policeman, officer Cooper 171, beating David's head against the roof of his squad car my stomach is turning. David is badly bruised and one of his eyes got cut. Now I am sorry that he has had to endure this. I think it is wrong...and I am almost certain that the force used to restrain him was a bit excessive. I know David and he will not fight impossible odds. Still, I am thankful that he got a little taste of hell that night with respect to what he put me through. He is a little bit sensitive to what he did to me. None of this is meant to excuse or justify his behavior, b/c I find it totally unacceptable and abhoring at the very least. I am sorry for the fucking injustices of the world. There are in fact many. Like the girl who tried to seek justice for being gang raped but had a bad reputation so they told he to get out of their faces that they had no time for her little case. That was not just a case, that was her life. Just like Nancy's friend who served 2 years for a crime he probably did not commit. It is an injustice. I think we all agree that injustices do happen in every area of our society. What are we here for? ARe we here with hopes that we can pinpoint the exact place where society went wrong and change it? no I do not think that is it (stop me if I am wrong) I think we are here to give care and support to one another b/c we have all suffered some pretty haneous injustices and the care we get from one another often helps to serve some purpose towards ending that cycle. As for Rose...was she being manipulative? well, I do not know. I have felt that way at times, but I have also done that at times myself... I firmly believe in the childhood come-back "takes one to know one" and I know that when I see someone manipulating it is only because I have done it myself that I am able to see it. And yes it sometimes takes a bit of tough love to break behaviors like that. I think we all love Rose...I know that we feel for her...she seems to be in so much pain... I do not think we are here to pass judgement on her... and I do not think we are here to keep someone from being taken in by a situatio n that we may percieve as harmful to them (within the infrastructure of the group). We have all heard at one time or another someone on here tell us about boundarie s andd it is still up to us as individuals to set them. I hope that from asar more than any other place there is more tolerance of people learning that and feeling out just how to go about that. And at the same time I think that this is the place where I first learned how to enforce them as well, so I hope that all of asar understands that many of us are still trying on some of these new clothes.... as for the RE: David thread, well, I guess I have had my say. I am looking at this from this perspective right now, and my perspectives are always subject to change. So if I haven't hurt anyone's feelings or run anyone off, then good. I do not step out and speak my mind like this often and it always feels good when I do... flame me if you must just put a spoiler in it so that we will have some warning I am up and down right now so I am tyring to be careful about some of the stufff I read. that is enough ranting for tonight I think. wolf ----------cut here---------- From khijol!erc at apple.com Tue Aug 10 00:21:57 1993 From: khijol!erc at apple.com (Ed Carp) Date: Tue, 10 Aug 93 00:21:57 PDT Subject: getting wired #2 In-Reply-To: <93Aug9.184431pdt.13941-1@well.sf.ca.us> Message-ID: > >Can anyone tell me how to get a copy of Levy's "Wired" article? > > If it's any comfort I can't get any myself. The issue is > sold out and there are very few even in the WIRED office, > so few that they won't spare 'em. What's worse, it's > very hard to Xerox the article since it is printed on a > weird background. If you can't get it anywhere, let me > know and I'll try to get one to you, but I would appreciate > it if you (and anyone else) wrote the editors at wired.com > and told 'em you would like to see reprints of the story. If someone can tell me the title of the article, I'll see what I can do to get copies, or bring the article to the next Cypherpunks meeting. -- Ed Carp, N7EKG erc at apple.com 510/659-9560 anon-2133 at twwells.com If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From miron at extropia.wimsey.com Tue Aug 10 02:52:00 1993 From: miron at extropia.wimsey.com (Miron Cuperman) Date: Tue, 10 Aug 93 02:52:00 PDT Subject: CRYPTO'93, anyone here going? Message-ID: <199308100848.AA13015@xtropia> I will be attending CRYPTO. I was wondering if any cypherpunks will attending this conference. -- Miron Cuperman | NeXTmail/Mime ok Unix/C++/DSP, consulting/contracting | Public key avail AMIX: MCuperman | Laissez faire, laissez passer. Le monde va de lui meme. From frissell at panix.com Tue Aug 10 03:02:00 1993 From: frissell at panix.com (Duncan Frissell) Date: Tue, 10 Aug 93 03:02:00 PDT Subject: Digitized for posterity Message-ID: <199308101000.AA25954@panix.com> To: cypherpunks at toad.com F >Digitized photographs, in the database of F >the state. (insert appropriate F >parable here) Naughty, naughty. You should have a nice all paper UK license obtained without ID and a car owned by a New Hampshire-based corporation. Is it rape if you say yes? Duncan Frissell "One is not required to own any car (even the one you're driving) a driver's license from any jurisdiction on earth is acceptable for (automobile) drivers in the US." Privacy costs so little and means so much. Frissell & Associates. --- WinQwk 2.0b#0 From fergp at sytex.com Tue Aug 10 04:52:04 1993 From: fergp at sytex.com (Paul Ferguson) Date: Tue, 10 Aug 93 04:52:04 PDT Subject: Digitized for posterity Message-ID: <0aD38B2w165w@sytex.com> -----BEGIN PGP SIGNED MESSAGE----- On Tue, 10 Aug 1993 00:27:04 -0700 (PDT), "Jeremy R. Smith" wrote - > I know what you mean..out here in California, not only do they > have digitizd photos, they've also got mag stripes on the back of > the licenses. Supposedly to hold your driving record, etc. Make > me nervous though. Almost nervous enough to learn how to reprogram > mag stripes. The digitized photo doesn't really bother me that much, now that I think about it (the picture really makes me look like my name should be 'Festus" or something along those lines), but the mag stripe did. Funny how all those little magnetized electrons can get scrambled so easily. ,-) Cheers. -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBLGeGhZRLcZSdHMBNAQGV1QQArhQxmEBzG1AmngaI5BaGj7qHZ54Y0ghO Mzj7tH5Km88NFVy3F/N+vt6ckCBD6af7Hn5HSgBeU646NQTUuDdBjlmzhWK42sWp qxOHrolJSUJThZHKnJyip9Bat9t8igat7xN2xguUnmhIrllO3GegRmoBGxicZGSm 9N3ajjNQgak= =v8oM -----END PGP SIGNATURE----- Paul Ferguson | "Government, even in its best state, Network Integrator | is but a necessary evil; in its worst Centreville, Virginia USA | state, an intolerable one." fergp at sytex.com | - Thomas Paine, Common Sense Type bits/keyID Date User ID pub 1024/1CC04D 1993/03/15 Paul Ferguson Key fingerprint = EE D2 93 7D 04 6D C6 05 AC 36 AD 9D 8E 4F 41 58 From keru at cpu.us.dynix.com Tue Aug 10 08:32:02 1993 From: keru at cpu.us.dynix.com (Warren Keith Russell) Date: Tue, 10 Aug 93 08:32:02 PDT Subject: Cypherpunks write code In-Reply-To: Message-ID: On Mon, 9 Aug 1993, Paul Ferguson wrote: > Can I entice someone to post the Cypherpunk charter statement again? I've > been looking at the FAQ that Eric Raymond started, and need to to fill in > some gaps.... This has taken way too long and I thought perhaps I might > toss a few free moments into adding some text. > > Cheers, > > Paul Ferguson | "Government, even in its best state, > Network Integrator | is but a necessary evil; in its worst > Centreville, Virginia USA | state, an intolerable one." > fergp at sytex.com | - Thomas Paine, Common Sense > > Type bits/keyID Date User ID > pub 1024/1CC04D 1993/03/15 Paul Ferguson > Key fingerprint = EE D2 93 7D 04 6D C6 05 AC 36 AD 9D 8E 4F 41 58 Can someone tell me if there is an FAQ available, and if so, how I can get it? I'm having a hard time getting up to speed so I can follow the discussion threads here. Thanks. Keith ------------------------------------------------------------------------- Keith Russell Dynix Library Systems, Provo, Utah, U.S.A. keru at cpu.us.dynix.com or keru at devg.us.dynix.com ------------------------------------------------------------------------- From keru at cpu.us.dynix.com Tue Aug 10 08:42:02 1993 From: keru at cpu.us.dynix.com (Warren Keith Russell) Date: Tue, 10 Aug 93 08:42:02 PDT Subject: getting wired #2 In-Reply-To: Message-ID: On Mon, 9 Aug 1993, it was written: > If someone can tell me the title of the article, I'll see what I can do to get > copies, or bring the article to the next Cypherpunks meeting. > -- > Ed Carp, N7EKG erc at apple.com 510/659-9560 > anon-2133 at twwells.com > If you want magic, let go of your armor. Magic is so much stronger than > steel! -- Richard Bach, "The Bridge Across Forever" The title is "Crypto Rebels." It was published in the May/June issue of WIRED, page 54. See my reply to L. Detweiler for information on the response I got back from them. Keith ------------------------------------------------------------------------- Keith Russell Dynix Library Systems, Provo, Utah, U.S.A. keru at cpu.us.dynix.com or keru at devg.us.dynix.com ------------------------------------------------------------------------- From hughes at soda.berkeley.edu Tue Aug 10 08:42:07 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Tue, 10 Aug 93 08:42:07 PDT Subject: August Bay Area cypherpunks meeting Message-ID: <9308101527.AA08230@soda.berkeley.edu> ANNOUNCEMENT ============ August Bay Area cypherpunks meeting Saturday, August 14, 1993 12:00 noon - 6:00 p.m. Cygnus Support offices, Mt. View, California Topics this time include the usual assortment of mailer topics, politics, protocols, and rant. There will be a discussion of the Twain privacy service and privacy.net, among others. Meetings are the second Saturday of every month, at the same location and at the same time. There is frequently an informal dinner at a restaurant chosen by concensus at the meeting. DIRECTIONS ========== [Directions to Cygnus provided by John Gilmore. -- EH] Cygnus Support 1937 Landings Drive Mt. View, CA 94043 +1 415 903 1400 switchboard +1 415 903 1418 John Gilmore Take US 101 toward Mt. View. From San Francisco, it's about a 40-minute drive. Get off at the Rengstorff Ave/Amphitheatre Parkway exit. If you were heading south on 101, you curve around to the right, cross over the freeway, and get to a stoplight. If you were heading north on 101, you just come right off the exit to the stoplight. The light is the intersection of Amphitheatre and Charleston Rd. Take a right on Charleston; there's a right-turn-only lane. Follow Charleston for a short distance. You'll pass the Metaphor/Kaleida buildings on the right. At a clump of palm trees and a "Landmark Deli" sign, take a right into Landings Drive. At the end of the road, turn left into the complex with the big concrete "Landmark" sign. Follow the road past the deli til you are in front of the clock tower that rises out of one of the buildings, facing you. Enter through the doors immediately under the clock tower. They'll be open between noon and 1PM at least. (See below if you're late.) Once inside, take the stairs up, immediately to your right. At the top of the stairs, turn right past the treetops, and we'll be in 1937 on your left. The door is marked "Cygnus". If you are late and the door under the clock tower is locked, you can walk to the deli (which will be around the building on your left, as you face the door). Go through the gate in the fence to the right of the deli, and into the back lawns between the complex and the farm behind it. Walk forward and right around the buildings until you see a satellite dish in the lawn. Go up the stairs next to the dish, which are the back stairs into the Cygnus office space. We'll prop the door (or you can bang on it if we forget). Or, you can find the guard who's wandering around the complex, who knows there's a meeting happening and will let you in. They can be beeped at 965 5250, though you'll have trouble finding a phone. Don't forget to eat first, or bring food at noon! I recommend hitting the burrito place on Rengstorff (La Costen~a) at about 11:45. To get there, when you get off 101, take Rengstorff (toward the hills) rather than Amphitheatre (toward the bay). Follow it about ten blocks until the major intersection at Middlefield Road. La Costen~a is the store on your left at the corner. You can turn left into the narrow lane behind the store, which leads to a parking lot, and enter by the front door, which faces the intersection. To get to the meeting from there, just retrace your route on Rengstorff, go straight over the freeway, and turn right at the stoplight onto Charleston; see above. See you there! John Gilmore From claborne at ccsmtp.scrippsranchca.NCR.COM Tue Aug 10 09:02:03 1993 From: claborne at ccsmtp.scrippsranchca.NCR.COM (Claborne, Chris) Date: Tue, 10 Aug 93 09:02:03 PDT Subject: Secure voice software issues Message-ID: <9307107449.AA744997753@ccsmtp.ScrippsRanchCA.NCR.COM> >The problem with this is that public-key encryption is slooooow. I >never thought of having a fixed key for each user; even the STU-III >ignition keys get reloaded every so often. The slow part is the RSA encryption. The conversation doesn't need to be encrypted with RSA, mabe IDEA or something else. All you really need to do is create a session key for each side once with RSA then you are done (similar to PGP). 2 -- C -- From paul at poboy.b17c.ingr.com Tue Aug 10 09:12:03 1993 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Tue, 10 Aug 93 09:12:03 PDT Subject: Secure voice software issues In-Reply-To: <9308100259.AA24433@servo> Message-ID: <199308101603.AA28136@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- I may have a clouded view of the technology available here, because I confess to not understanding all of your post- namely, why the "web of trust" necessarily bears here. It feels like DH would probably be the best mechanism for key exchange. When Alice calls Bob, their two Macs can conduct a DH exchange of randomly generated, valid-for-only-one-call session keys and use those to encrypt both ends of the link. The reason behind my original proposal of a system that could use PGP keyrings is thus: let's say that I want to call you. I tell my cryptophone to call "Phil Karn", so it looks up your public key and uses it to encrypt my side's session key, then signs the encrypted version with my public key. Your cryptophone answers, de-signatures the data block to see who's calling, then decodes the encrypted session key using your secret key. If you decide to accept the call, your cryptophone can send me a key by encrypting it with my private key, then signing it with your pubkey. This protocol is obviously not secure against spoofing attacks. It does support anonymous use, though- if the caller doesn't sign the encrypted session key block, you could still accept the call! The big advantage to this scheme in my mind is that it leverages PGP's infrastructure and key distribution. I'm not sure that the web model would be terribly useful; I tend to think of most calls as being either to "indirectly trusted" keys (i.e. I can call Phil Z to ask about how the developers got permission to use IDEA in PGP) or to directly trusted keys (i.e. I can call someone whose key I've personally signed.) The presence of a hardwired telephone number, of course, adds some trustability. TCP/IP traffic can be falsified in ways that POTS traffic can't, and it's very hard to subvert The Phone Company (tm). Even if I don't completely trust your key, if I call Qualcomm's front desk and ask for your work phone #, I can probably trust that. OTOH, as I read someone post the other day, "Everyone you've ever met is working for the CIA. There's absolutely no way to prove differently." :) - -Paul -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLGfGjSA78To+806NAQEunAP+PIddYdBa57YkVGwd9uXfxwDL59LABXfS fTIC8xv7L6QC0r/9az4ToJCFqIF6c2+C5ZeVdCFlQ18mjQ8MApeJkN11gynRu3aX 5qCZOs5Nmyfg2JzS95eWe75UyCwO5GepSt1LNHAA4wi5cyFtBHTULXv2MKHRvWSj YUePz50FDLg= =IqKL -----END PGP SIGNATURE----- From plmoses at unix.cc.emory.edu Tue Aug 10 09:22:03 1993 From: plmoses at unix.cc.emory.edu (Paul L. Moses) Date: Tue, 10 Aug 93 09:22:03 PDT Subject: getting wired #2 Message-ID: <9308101620.AA28576@emoryu1.cc.emory.edu> Isn't Wired magazine available on America Online? I think AOL was promoting it as a new set of text files it was offering. Check there. From plmoses at unix.cc.emory.edu Tue Aug 10 09:42:04 1993 From: plmoses at unix.cc.emory.edu (Paul L. Moses) Date: Tue, 10 Aug 93 09:42:04 PDT Subject: August Bay Area cypherpunks meeting Message-ID: <9308101639.AA02330@emoryu1.cc.emory.edu> the directions to Cygnus remind me of something from "The Crying of Lot 49" From tcmay at netcom.com Tue Aug 10 10:32:03 1993 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 10 Aug 93 10:32:03 PDT Subject: We Await Silent Tristero's Empire In-Reply-To: <9308101639.AA02330@emoryu1.cc.emory.edu> Message-ID: <9308101729.AA15266@netcom5.netcom.com> Paul Moses writes: > > the directions to Cygnus remind me of something from "The Crying of Lot 49" > Instead of giving my entire sig, as I usually do, I will isolate just a single line of it: W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. We Await Silent Tristero's Empire! For the Pynchon-deprived, "The Crying of Lot 49" is a novella about the search by Oedipa Maas for the meaning of some strange occurrences, It takes place in California. The _real_ Yoyodyne Corporation came from "Lot 49," not from Buckaroo Banzai! The crypto connections are many, even though "Lot 49" was written in 1966. A private mail delivery system, the direct descendant of European mail systems, is in competition with the U.S. Postal System (secretly, of course, as it is illegal to use other mail systems...a lesson for Cypherpunks?). Mail is deposited in boxes marked "W.A.S.T.E." My W.A.S.T.E. address is Aptos, California, down the coast from Santa Cruz. Now you know what that means. Now I've blown the secret. For those who have found "Gravity's Rainbow" too cryptic, let me recommend "Lot 49" as both a very quick read and an excellent introduction to the world and style of Thomas Pynchon, ur-cypherpunk. -Tim May From Anonymous Tue Aug 10 08:55:57 1993 From: Anonymous (Anonymous) Date: Tue, 10 Aug 1993 11:55:57 -0400 (EDT) Subject: Software Patent Institute Message-ID: I saw this recently and thought it might be of interest to some people on the list with strong feelings about IP. -S.? Software Patent Institute c/o Industrial Tech Inst. 2901 Hubbard St./ PO Box 1485 Ann Arbor, MI 48106-1485 (313) 769-4083 Fax: 313-769-4064 spi at iti.org SPI "folklore" database The SPI is now operating, and we are asking the software community to help us build, our "folklore" database by sharing with everyone the concepts and techniques which they find so familiar, but which the US Patent and Trademark Office generally cannot identify as prior art, since they lack any specific reference to the technique in question. We must help the USPTO do its job better, so that patents are not granted for techniques that have already been invented but were lost in the "folklore" prior to the creation of our SPI folklore database. [There's more to the letter, but I just wanted to give an idea. Contact them for more information if you want. -S.] ------- End of Forwarded Message From peb at PROCASE.COM Tue Aug 10 13:06:53 1993 From: peb at PROCASE.COM (Paul Baclace) Date: Tue, 10 Aug 93 13:06:53 PDT Subject: patent on remote cash transactions? Message-ID: <9308102004.AA01064@banff.procase.com> American Public Radio reported yesterday that some company was granted a broad patent on remote cash transactions--they mentioned an article in the NYTimes recently (NYT does patent reporting on Saturday typically, but sometimes they do it in the business section on other days; I don't get NYT anymore...); anyone here more about this? Is this yet another example of bozo software patents? If anyone finds out more, please post. Paul E. Baclace peb at procase.com From keru at cpu.us.dynix.com Tue Aug 10 13:12:04 1993 From: keru at cpu.us.dynix.com (Warren Keith Russell) Date: Tue, 10 Aug 93 13:12:04 PDT Subject: ftp access to the Silk Road Paper In-Reply-To: <9308021442.AA09524@netcom2.netcom.com> Message-ID: On Mon, 2 Aug 1993, Norman Hardy wrote: > The Digital Silk road paper is now availnle in three forms at > netcom.com:pub/joule/DSR1.ps.gz, DSR1.rtf.gz and DSR1.txt > > netcom.com may sometimes be too busy and then direct you to one of > several other machines any of which can access the files. What is the Digital Silk Road paper? Keith ------------------------------------------------------------------------- Keith Russell Dynix Library Systems, Provo, Utah, U.S.A. keru at cpu.us.dynix.com or keru at devg.us.dynix.com ------------------------------------------------------------------------- From kent_hastings at qmail2.aero.org Tue Aug 10 13:26:53 1993 From: kent_hastings at qmail2.aero.org (Kent Hastings) Date: Tue, 10 Aug 93 13:26:53 PDT Subject: ADICO: Anarchist FDIC Message-ID: <199308102022.AA10924@aerospace.aero.org> ADICO: Anarchist FDIC#000# When someone objects to free banking (in gold, for example) on the grounds that unregulated banks will have fractional reserves and have no incentive to stay honest, perhaps describing an Anarchist Deposit Insurance COmpany (ADICO) will ease their fears. A new or relatively obscure offshore bank would gain the trust of potential depositors by agreeing to cooperate with surprise inspections of their gold supply. Depositors would pay a small premium to cover loss from bank failures due to theft or fraud. Cryptographic protocols would need to be developed to allow the ADICO to see a verified total amount on deposit, without revealing anything about any particular depositor. The total should match the physical amount of gold in storage, assuming 100% reserves. Does anybody know of work on this, or think it is worth researching? Kent - #000# From tcmay at netcom.com Tue Aug 10 13:52:05 1993 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 10 Aug 93 13:52:05 PDT Subject: ADICO: Anarchist FDIC In-Reply-To: <199308102022.AA10924@aerospace.aero.org> Message-ID: <9308102050.AA04016@netcom5.netcom.com> Kent Hastings writes: > ADICO: Anarchist FDIC#000# > When someone objects to free banking (in gold, for example) on > the grounds that unregulated banks will have fractional reserves > and have no incentive to stay honest, perhaps describing an > Anarchist Deposit Insurance COmpany (ADICO) will ease their fears. > > A new or relatively obscure offshore bank would gain the trust of > potential depositors by agreeing to cooperate with surprise > inspections of their gold supply. Depositors would pay a small > premium to cover loss from bank failures due to theft or fraud. > > Cryptographic protocols would need to be developed to allow the > ADICO to see a verified total amount on deposit, without revealing > anything about any particular depositor. The total should match > the physical amount of gold in storage, assuming 100% reserves. I suspect that verification that a physical quantity of gold is held is much less important than that depositors can freely get back their deposits. I suppose this means I don't see a real need for gold-backed money. (At the national monetary system level, hard assets may be a good idea, but at Joe's Bank I don't see any rationale for it having, say, 132.74 kilos of gold in its vaults!) The success of Swiss banks comes more from their reputation for scrupulous honesty than from independent verification of their gold holdings. Their "reputation capital" (a term Dean Tribble uses) is what matters. Interestingly, a future crypto system will increase security by allowing large deposits to be split into many smaller, anonymous deposits. Some of these will be "pinging" tests from deposit-rating services, some will be money being moved around, etc. A bank intent on committing fraud will have a tough job ahead of it, and will be quickly found out (thus, it is likely that people will split their deposits into many smaller pieces, at many banks...and movve them around based on the latest deposit ratings). -Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From pmetzger at lehman.com Tue Aug 10 14:06:53 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Tue, 10 Aug 93 14:06:53 PDT Subject: ADICO: Anarchist FDIC In-Reply-To: <199308102022.AA10924@aerospace.aero.org> Message-ID: <9308102059.AA22885@snark.shearson.com> "Kent Hastings" says: > ADICO: Anarchist FDIC#000# > When someone objects to free banking (in gold, for example) on > the grounds that unregulated banks will have fractional reserves > and have no incentive to stay honest, perhaps describing an > Anarchist Deposit Insurance COmpany (ADICO) will ease their fears. > > A new or relatively obscure offshore bank would gain the trust of > potential depositors by agreeing to cooperate with surprise > inspections of their gold supply. Depositors would pay a small > premium to cover loss from bank failures due to theft or fraud. > > Cryptographic protocols would need to be developed to allow the > ADICO to see a verified total amount on deposit, without revealing > anything about any particular depositor. The total should match > the physical amount of gold in storage, assuming 100% reserves. > > Does anybody know of work on this, or think it is worth researching? Good job -- you have come up with a very interesting problem indeed. A cryptographic protocol that permitted an outsider to determine the amount of (pick your favorite) on deposit without requiring that the bank reveal who owns what would be a neat trick. I suspect, based on some of the voting protocols people are coming up with, that it might in fact be possible, although it might end up involving an outside auditing agency in many of the transactions. Whether a practical protocol to permit this to be done would be possible is an extremely interesting research topic -- many of the voting protocols I've heard of are quite impractical if you have millions of voters. To my knowledge, nothing to solve what I will now dub the "Anonymous Auditing Problem" has yet been done, and this is the first time the question has been posed. Perry From pmetzger at lehman.com Tue Aug 10 15:36:53 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Tue, 10 Aug 93 15:36:53 PDT Subject: ADICO: Anarchist FDIC In-Reply-To: <9308102050.AA04016@netcom5.netcom.com> Message-ID: <9308102234.AA23328@snark.shearson.com> Timothy C. May says: > I suspect that verification that a physical quantity of gold is held > is much less important than that depositors can freely get back their > deposits. I suppose this means I don't see a real need for gold-backed > money. (At the national monetary system level, hard assets may be a > good idea, but at Joe's Bank I don't see any rationale for it having, > say, 132.74 kilos of gold in its vaults!) Although this is not the right place for discussing this topic, I can suggest a reading of "The Theory Of Free Banking" by George Selgin, which is an excellent economic treatise on why a bank might want to hold a particular physical commodity as backing for bank issued notes instead of relying on a central banking system. The book is an expansion of Selgin's PhD thesis at NYU -- its pretty good. Even barring this, however, a protocol to determine if claimed deposits correspond with what depositors think their deposits are, i.e. an audit protocol, has many uses and would be valuable. Its a genuinely good problem. Perry From kent_hastings at qmail2.aero.org Tue Aug 10 16:16:54 1993 From: kent_hastings at qmail2.aero.org (Kent Hastings) Date: Tue, 10 Aug 93 16:16:54 PDT Subject: So. Cal. Cypherpunks Message-ID: <199308102313.AA15269@aerospace.aero.org> So. Cal. Cypherpunks CYPHERPUNK-RELATED MEETINGS IN SOUTHERN CALIFORNIA: J. Kent Hastings (Hey-that's ME!) will flame on about: "CYBER CASH: FREE MARKET MONEY COMES OF AGE." Wednesday, September 22, 1993: H.L. MENCKEN FORUM At The Old Spaghetti Factory in Los Angeles 6:30 pm Libations, 7:00 Supper, 7:55 Announcements, 8:00 Speaker, 10:00 Adjournment 5939 Sunset Blvd. near the Hollywood Fwy at Gordon Los Angeles, CA 90028 Restaurant: (213) 469-7149 RESERVATION/PRICES/INFO LINE: 1-310-289-3234 Just as Christ descended into Hell (mythically-don't want any of you to get upset about theism), an anti-Party speaker, J. Kent Hastings (hmm, that guy sounds familiar), will address: LIBERTARIAN PARTY REGION 62 - LOS ANGELES WESTSIDE Thursday, September 23, 1993 at Chris's Italian Restaurant, 10105 Venice Blvd. at Clarington Ave. on the same old Digital Cash topic. Cocktails are at 6:30 pm, dinner at 7 pm, and talk is at 8:30 pm. LP info: 1-310-477-6491 The ALBERT J. NOCK FORUM and Southern California Supper Club is another club that may be of interest to you, run by the host of the H. L. Mencken Forum. Albert J. Nock wrote essays (An Anarchist's Progress) and books about government like Our Enemy, The State and Mr. Jefferson. The Nock Forum has been in operation for over 10 years, hosting speakers on engineering, scientific, financial, and political issues. Controversial figures, on and over the cutting edge of toleration and civil liberties, have also graced the forum, but nobody more outrageous than you'll see on a given day's Geraldo, Oprah, Donahue, or Montel Williams show. I DON'T remember a speaker having had a sex change from male to female, then discovering she was a lesbian, but I was in Northern California for a while and may have missed it. Past speakers at Mencken and Nock include: Max More (Extropy), LiberTech's Chuck Hammill, Wendy McElroy (Freedom, Feminism, and the State), David Justin Ross (Calera), J. Neil Schulman (author of Alongside Night and Rainbow Cadenza), Vic Koman (Jehovah Contract), Robert Anton Wilson (Illuminatus!, Natural Law), L. Neil Smith (Confederacy SF novels), Dr. Sharon Presley (Libertarian Psychology - Obedience to Authority), Samuel Edward Konkin III (New Libertarian, Agorist Institute), Brock Meeks (Computer Privacy), Burt Rutan (Voyager, FreeWing), Paul Macready (Gossamer Condor and Albatross) and many others on topics like nanotechnology, public key crypto, artificial intelligence, immortality, informal markets and other topics that look like Tim May's tag line. BTW, Tim has a standing invitation from the host to speak about "Crypto Anarchy" and get a free dinner (He's gotta be in town and schedule ahead). The latest speaker was Richard Grant, author (Incredible Bread Machine, Trashing Nuclear Power, Rent Control and the War against the Poor), on "Bring Us The Head of Michael Milken." Date/time/location of the next ALBERT J. NOCK Forum, now in its 11th year: STEVEN W. MOSHER "The Future of 1/4 of the Human Race." ACAPULCO at Cerritos Plaza 1800 West Whittier Blvd., La Habra, California, East of Beach Blvd. SAME INFO LINE AS MENCKEN: 1-310-289-3234 From edgar at spectrx.Saigon.COM Tue Aug 10 17:16:53 1993 From: edgar at spectrx.Saigon.COM (Edgar W. Swank) Date: Tue, 10 Aug 93 17:16:53 PDT Subject: (fwd) Wolf's got a thing or two to say here... Message-ID: I was able to decode the message from "wolf" posted to Newsgroup alt.sexual.abuse.recovery and then posted here by Ed Carp, who said Here's something I found on another newsgroup. Any ideas what it is? It was a public posting... I've tried uudecoding it and playing with it, running it through uncompress, gunzip, and pgp (all with appropriate headers, of course - I'm not a total idiot!), but I can't make heads or tails out of it. Just curious if anyone found this familiar-looking... Procedure for decode is: Extract message to file xxx.asc Add -----BEGIN PGP MESSAGE----- and -----END PGP MESSAGE----- to start and end of file. Change PGP's CONFIG.TXT file to de-comment KeepBinary = on # Decrypt will not delete intermediate .pgp file verbose = on # verbose diagnostic messages [this is probably the step Ed missed] Then just run PGP against the file PGP XXX.ASC The result will be found in XXX.PGP which is now not deleted. I won't repeat the long message here. It's apparently from a fag (Wolf) who was beat up by his lover (David) whom he had arrested. Here are the first few lines: Hello friends. I hope you are all well. I am doing better today than before. I get a little more livelier every day. I am not in the mood to talk about the situation right now, though. I would like to first of all thank each an every one of you for the SCADS of mail I have recieved in response to my post about what happened last Monday night. I'm not sure how this message was produced. Maybe not by PGP. I tried reversing the encoding with pgp -a xxx.pgp, but a different encoded file is produced, which PGP decodes with no problems. -- edgar at spectrx.saigon.com (Edgar W. Swank) SPECTROX SYSTEMS +1.408.252.1005 Cupertino, Ca From nobody at pmantis.berkeley.edu Tue Aug 10 18:06:53 1993 From: nobody at pmantis.berkeley.edu (nobody at pmantis.berkeley.edu) Date: Tue, 10 Aug 93 18:06:53 PDT Subject: Using a 'telserv' program to redirect mail Message-ID: <9308110106.AA21036@pmantis.berkeley.edu> >I will >not post this code unless I am assured that it is not going to be a legal >problem. As you can see from the above written statement yada yada > >treason at gnu > Why not post it anoymously? Too late now. Cypherpunks not only write code, they write code that people can use. From mark at coombs.anu.edu.au Tue Aug 10 18:42:10 1993 From: mark at coombs.anu.edu.au (Mark) Date: Tue, 10 Aug 93 18:42:10 PDT Subject: Using a 'telserv' program to redirect mail Message-ID: <9308110139.AA09329@toad.com> >>I will >>not post this code unless I am assured that it is not going to be a legal >>problem. As you can see from the above written statement >yada yada >> >>treason at gnu >> > >Why not post it anoymously? Too late now. Cypherpunks not only write code, >they write code that people can use. Um guys, it was already posted here over a year ago by myself and another person. It's a simple port bouncer and not that hard to write. treason: just post it. it's no big secret. If anyone is in a hurry it's been up for ftp as /pub/perl/telserv.c on coombs.anu.edu.au [150.203.76.2] since Nov 92. It's still there. (Note it's C code not perl, thats just the tree I maintain). Mark. From fergp at sytex.com Tue Aug 10 21:22:14 1993 From: fergp at sytex.com (Paul Ferguson) Date: Tue, 10 Aug 93 21:22:14 PDT Subject: Legal Net Newsletter mail server -- now in service Message-ID: <6mH48B4w165w@sytex.com> Legal Net News is now available via e-mail subscription. What it is - Legal Net Newsletter is dedicated to providing information on the legal issues of computing and networking in the 1990's and into the future. Legal Net News contains information which directly affects you and how you you compute. How to get it- To subscribe, send a message to , with the following text in the body of the message: SUBSCRIBE LNN To unsubscribe send the message text: UNSUBSCRIBE LNN Or subsitute "UNSUB LNN" or "SIGNOFF LNN" instead of "UNSUBSCRIBE" if you like. The mail server has no facility for requesting help at this time, however, when you join the list you will be sent a "WELCOME" message describing Legal Net News in more detail, i.e. what Legal Net News is about, and how to handle unsubscribing from the list. Please send any admin mail (problems with the mailserver, etc.) to: postmaster at tstc.edu Back issues of Legal Net News can be obtained by anonymous FTP at: tstc.edu (161.109.128.2) Directory: /pub/legal-net-news E-mail submissions, comments and editorials to: fergp at sytex.com Paul Ferguson | "Government, even in its best state, Network Integrator | is but a necessary evil; in its worst Centreville, Virginia USA | state, an intolerable one." fergp at sytex.com | - Thomas Paine, Common Sense Type bits/keyID Date User ID pub 1024/1CC04D 1993/03/15 Paul Ferguson Key fingerprint = EE D2 93 7D 04 6D C6 05 AC 36 AD 9D 8E 4F 41 58 From ld231782 at longs.lance.colostate.edu Tue Aug 10 22:12:13 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Tue, 10 Aug 93 22:12:13 PDT Subject: obtaining Wired article Message-ID: <9308110508.AA07014@longs.lance.colostate.edu> >The title is "Crypto Rebels." It was published in the May/June issue of >WIRED, page 54. See my reply to L. Detweiler for information on the >response I got back from them. Mr. W. K. Russel (a rather transparent neophyte =) posted this to the list referencing private mail he sent to me, which perhaps he meant to cc: to the list (it was both to: and cc: me, maybe a mistake). Anyway, he said the following: ===cut=here=== I finally got a note back from Jane Metcalfe (jane at wired.com) saying that the article text is available on America Online, or you can order that issue of the mag for $10. She told me WIRED is available on most newsstands, and at B Dalton, Waldenbooks, Safeway, and Egghead Software. I went right down to B Dalton and bought the current issue. It's very slick and looked interesting (not cheap, though--$6.00 an issue). You can subscribe at $29.95 for 12 issues to subscriptions at wired.com. Keith From ld231782 at longs.lance.colostate.edu Tue Aug 10 22:16:53 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Tue, 10 Aug 93 22:16:53 PDT Subject: birth of Software Patent Institute Message-ID: <9308110513.AA07049@longs.lance.colostate.edu> Don't know anything about this, but it's a definite Cypherpunk cause... the first question to ask would be whether they're in touch with LPF at all. ------- Forwarded Message From ld231782 at longs.lance.colostate.edu Tue Aug 10 22:22:13 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Tue, 10 Aug 93 22:22:13 PDT Subject: AAAS-ABA `Ethics of Computers' conference announcement Message-ID: <9308110517.AA07082@longs.lance.colostate.edu> As the forwarder writes: >I have forwarded this notice because I feel that the "cypherpunk" point of >view could profitably be presented at such a forum. Is there anyone out there >who feels up to putting the case forward in this academic setting? I hope so. > >Yours in plaintext. > >cjl "Keep on 'crypting." ===cut=here=== Date: Tue, 10 Aug 93 15:18:21 EDT From: cjl at micro.med.cornell.edu (Chris Leonard) Message-Id: <9308101918.AA12387@ micro.med.cornell.edu> Subject: for your information Reprinted from SCIENCE magazine July 30, 1993 vol.261 pg. 632 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx NETWORK ETHICS: A CALL FOR PAPERS The AAAS-ABA National Conference of Lawyers and Scientists (NCLS) invites proposals for original papers for presentation at a two-and-a-half day invitational conference on "Legal, Ethical, and Technological Aspects of Computer and Network Use and Abuse." Forty participants representing a diverse set of perspectives and areas of expertise will present papers at the conference which will be held in southern California in mid-December 1993. Up to three successful applicants will receive travel expenses and room and board at teh conference. Papers will be included in the conference proceedings and may be published subsequently in a book or journal symposium. The conference will focus on the ways in which the law, ethics, and technology can influence the bounds of the bounds of acceptable behavior and foster the development of positive human values in a shared computer environment. Participants will address handling unwanted intrusions into computer software or networks, including unauthorized entry and dissemination of viruses through networks or shared disks. Also on the agenda: access to information, privacy, security, and equity; the role of computer users, academic institutions, industry, profesional soceities, government, and the law in defining and maintaining legal and ethical standards for the use of computer networks; and a policy agenda for implementing these standards. Although participants may address any aspect of the conference theme, papers reporting empirical research, surveys of computer users, and case studies (other than those that are already well known) are especially encouraged. If you are interested in participating in the conference, please forward a summary or outline of no more than 500 words, together with a one-page resume and a brief statement detailing how your expertise or perspective would contribute to the meeting. These proposals will be reviewed by an advisory committee convened by NCLS and successful applicants will be asked to prepare papers for the meeting. Participants must submit an original previously unpublished paper, between 5000 and 8000 words (25 to 30 double-spaced pages) in length. Proposals must be received by 5 pm EST 15 Sept. 1993. Applicants selected to prepare papers will be informed by 1 October, and draft papers will be due 3 December 1993. Final versions of the papers, revised in light of conference discussions, will be due approximately two months after the conference. NCLS is an organization sponsored jointly by the American Association for the Advancement of Science and the American Bar Association, dedicated to improving communication between members of the legal and scientific/ technical professions and exploring issues at the intersection of law, science, and technology. Funding for this meeting has been providesd by the Program on Ethics and Vales Studies of the National Science Foundation. For further information or to submit paper abstracts and accompanying materials, please contact Deborah Runkle, Directorate for Science & Policy Programs, AAAS, 1333 H Street, NW, Washington, DC 20005. Phone: 202-326-660, Fax: 202-289- 4950. E-mail: values at gwuvm.gwu.edu. xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ------- End of Forwarded Message From bart at netcom.com Wed Aug 11 01:06:53 1993 From: bart at netcom.com (Harry Bartholomew) Date: Wed, 11 Aug 93 01:06:53 PDT Subject: NIST call for comments on SKIPJACK Message-ID: <9308110804.AA28714@netcom5.netcom.com> From the Clarinet.Newsbytes.Govt: Written comments (from anyone) on the proposed standard are due by September 28, 1993, to Director, Computer Systems Laboratory, Attn: Proposed FIPS for Escrowed Encryption Standard, B154 Technology Bldg., NIST, Gaithersburg, Md. 20899-0001. From guy at theporch.raider.net Wed Aug 11 01:56:52 1993 From: guy at theporch.raider.net (Jonathan Guy) Date: Wed, 11 Aug 93 01:56:52 PDT Subject: Secure voice software issues In-Reply-To: <9308100259.AA24433@servo> Message-ID: > I agree that RSA public keys could be exchanged as needed during the > call, although this might require a few iterations before a party gets > a signature that it can trust. Finding a path through the PGP "web of To me at least this seems unimportant for the application. If all you're doing is exchanging session keys over the phone, it doesn't really matter if you are sure that the public key actually belongs to who it claims it does, only that the person you're talking to (who you presumably already know) actually possesses the corresponding private key. This can be verified with a simple challenge-response system. The identity problem is removed if you use a different key pair for phone conversations than you do for signature purposes... there doesn't need to be any information actually connecting the key with you. -- Jonathan R. Guy | The opinions expressed above are not E-Mail: guy at theporch.raider.net | those of my employer. Nor are Snail: P.O. Box 158325 | they my own. Actually, I copied them Nashville, TN 37215 | from the encyclopedia. From guy at theporch.raider.net Wed Aug 11 01:57:15 1993 From: guy at theporch.raider.net (Jonathan Guy) Date: Wed, 11 Aug 93 01:57:15 PDT Subject: patent on remote cash transactions? In-Reply-To: <9308102004.AA01064@banff.procase.com> Message-ID: > American Public Radio reported yesterday that some company was granted > a broad patent on remote cash transactions--they mentioned an article > in the NYTimes recently (NYT does patent reporting on Saturday typically, but > sometimes they do it in the business section on other days; I don't get > NYT anymore...); anyone here more about this? Is this yet another > example of bozo software patents? If anyone finds out more, please post. I read the NYT article, which was on the second page of the business section in Monday's edition. Apparently the patent was granted to a Virginia company (don't recall the name, and that may be the wrong state... ) and covers virtually anything that provides ATM-like functionality from a home computer. The exact boundaries of the patent weren't discussed in the article, but I seriously doubt it would affect a digital cash system. -- Jonathan R. Guy | The opinions expressed above are not E-Mail: guy at theporch.raider.net | those of my employer. Nor are Snail: P.O. Box 158325 | they my own. Actually, I copied them Nashville, TN 37215 | from the encyclopedia. From R.Tait at bnr.co.uk Wed Aug 11 02:02:15 1993 From: R.Tait at bnr.co.uk (R.Tait at bnr.co.uk) Date: Wed, 11 Aug 93 02:02:15 PDT Subject: Any PGP utils for Emacs? Message-ID: <199308110901.25595@bnsgs200.bnr.co.uk> Does anyone have any elisp to integrate PGP into Emacs? I'm fed up of having to use VI to send/receive all my encrypted mail, and there's no point in me writing any code if someone already has. So, is there any out there? -Rick From jsc at monolith.MIT.EDU Wed Aug 11 04:56:55 1993 From: jsc at monolith.MIT.EDU (Jin S Choi) Date: Wed, 11 Aug 93 04:56:55 PDT Subject: Any PGP utils for Emacs? In-Reply-To: <199308110901.25595@bnsgs200.bnr.co.uk> Message-ID: <9308111154.AA09832@monolith.MIT.EDU> -----BEGIN PGP SIGNED MESSAGE----- Tait> Does anyone have any elisp to integrate PGP into Emacs? I'm fed up of Tait> having to use VI to send/receive all my encrypted mail, and there's no Tait> point in me writing any code if someone already has. I've released a few beta versions of my mailcrypt.el package to alt.privacy.pgp, alt.privacy.ripem, and gnu.emacs.sources recently. It's meant to provide an easy to use interface to PGP and RIPEM from within emacs. It has support for RMAIL and VM. I'm still making small changes to it, so I still consider it beta, but everything does work. I will release it to the elisp archive when I stop fiddling with it. I don't want to inundate this mailing list with continual revisions of code only a few people might be interested in, so if you'd like to play with it, you can pick up my last release to the mentioned newsgroups, or email me for the latest version. If you have afs, you can also pick up a copy at /afs/athena.mit.edu/contrib/emacs-contrib/elisp/mailcrypt.el I welcome any and all comments, suggestions, and additions. - -- Jin Choi jsc at mit.edu -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLGjdqHAdLmoLYgSRAQEBNQP/e6T4j1jaEriecjXR/OSb0mjEJRCII6qm UrODGvNpOhcx5/h4nWJ3aoUDuvdsBPePccVFMbQv77g2XhlaJsRp+taU9JzE4m0t 44TzYe03lLI9WmME+S2vsbtXbB6oI1jEC4CmOoiVInnKWCkA9LPSuwztcnyVfx6c B/97XM63IDg= =uQDK -----END PGP SIGNATURE----- From jsc at monolith.MIT.EDU Wed Aug 11 05:02:17 1993 From: jsc at monolith.MIT.EDU (Jin S Choi) Date: Wed, 11 Aug 93 05:02:17 PDT Subject: Any PGP utils for Emacs? In-Reply-To: <199308110901.25595@bnsgs200.bnr.co.uk> Message-ID: <9308111201.AA09855@monolith.MIT.EDU> I forgot to mention that mailcrypt uses a few emacs19 elisp features. It shouldn't be too hard to hack it for emacs 18 compatibility, if you know elisp. I only knowingly used two emacs 19 functions, `run-at-time' and `kill-new'. The first is used to deactivate your passphrase automatically after a time so it doesn't stayed stored in a variable. The second is used in mc-temp-display, to transfer information between buffers. From pcw at access.digex.net Wed Aug 11 06:36:55 1993 From: pcw at access.digex.net (Peter Wayner) Date: Wed, 11 Aug 93 06:36:55 PDT Subject: The New Yorker, Yes, the New Yorker Message-ID: <199308111336.AA13427@access.digex.net> From honey at citi.umich.edu Wed Aug 11 06:46:55 1993 From: honey at citi.umich.edu (peter honeyman) Date: Wed, 11 Aug 93 06:46:55 PDT Subject: birth of Software Patent Institute Message-ID: <9308111344.AA00298@toad.com> > the first question to ask would be whether they're in touch with LPF at all. the next question would be whether lpf is willing to work with them. rms has never been known to put progress ahead of politics. peter From williacw at vuse.vanderbilt.edu Wed Aug 11 07:26:57 1993 From: williacw at vuse.vanderbilt.edu (Charles Williams) Date: Wed, 11 Aug 93 07:26:57 PDT Subject: How long would it take? Message-ID: <9308111426.AA20884@necs.vuse> Could the NSA reverse PGP encryption on a message that was iencrypted with a 1264bit key? Do you think they could do this in a matter of hours? Why, or why not? How long would it take? What do you know that corroborates this? This is a genereic question, which I hope aeveryone who knows about this will attempt to answer. If this is not the right subject for the LIST, send replies via EMAIL to wesley at ctrvax.vanderbilt.edu Thanks From MAILER-DAEMON Wed Aug 11 04:58:38 1993 From: MAILER-DAEMON (Mail Delivery Subsystem) Date: Wed, 11 Aug 1993 07:58:38 -0400 Subject: Returned mail: Host unknown Message-ID: <199308111158.AA01899@access.digex.net> ----- Transcript of session follows ----- 550 toad.com (TCP)... 550 Host unknown 554 cypherpunks at toad.com... 550 Host unknown (Valid name but no data [address]) ----- Unsent message follows ----- Received: by access.digex.net id AA01895 (5.65c/IDA-1.4.4 for cypherpunks at toad.com); Wed, 11 Aug 1993 07:58:38 -0400 Date: Wed, 11 Aug 1993 07:58:38 -0400 From: Peter Wayner There is a bit of funny satire in the New Yorker this week. (This is the Aug 16th issue with the funny Bruce McCall painting of a Zeppelin park and the stories about AIDS and the Muppets.) It's aimed at the proposed "V" chip that would allow parents to protect their children from televised violence by shutting off the "violence" mode of the television. The central broadcasters would be required to include a signal saying, "Hey, we're going to be busting some heads in this show. Turn yourself off if the owners don't want you showing violent things." Given that we're talking alot about Big Bubba chips like this, I'll grab a few excerpts: "Sorry. I have a brand-new daughter and I'm already aware of the grim reality: technologically speaking it's us against them-- us the parents, against them, the kids. My kid, Gabrielle, is only five weeks old, and somehow she has already learned how to manipulate the signal from her baby monitor so as to jam my microwave and VCR when she's cranky." "Her mother and I have just hired a pediatric counter-insurgency expert from the Rand Corporation to assist us in eavesdropping on and, if necessary, interdicting some of the electronic conversation that our daughter is involved in." The piece is uneven in spots and given to a few dull jokes, but I thought I would send a blip across your radar screen. -Peter From jthomas at kolanut.mitre.org Wed Aug 11 08:06:58 1993 From: jthomas at kolanut.mitre.org (Joe Thomas) Date: Wed, 11 Aug 93 08:06:58 PDT Subject: birth of Software Patent Institute Message-ID: <9308111505.AA02818@kolanut> > > the first question to ask would be whether they're in > touch with LPF at all. > > the next question would be whether lpf is willing to work > with them. rms has never been known to put progress ahead > of politics. First, rms isn't the LPF. He's practically the FSF, and supports the LPF, but the two organizations aren't synonymous. Second, I believe the LPF has made an official statement that they will _not_ work with SPI. SPI is primarily funded by large holders of software patents, and LPF believes that this database will give patent holders an advantage in defending their patents in court (i.e. against suits by LPF to invalidate the patents). I'm not even a member of the LPF; you should write to them for their actual arguments. Third, I'm not sure this is appropriate to the list, unless someone expects to find "folklore" about public key cryptography that predates RSA, etc. Joe From O1DSH at VM1.CC.UAKRON.EDU Wed Aug 11 08:27:00 1993 From: O1DSH at VM1.CC.UAKRON.EDU (David Heck) Date: Wed, 11 Aug 93 08:27:00 PDT Subject: Numeric IP address for ftp.eff.org? Message-ID: <9308111523.AA03682@toad.com> would anyone happen to have the numeric ip address for eff.org or ftp.eff.org handy? I'd sure appreciate it.... Thanks, David From honey at citi.umich.edu Wed Aug 11 08:47:00 1993 From: honey at citi.umich.edu (peter honeyman) Date: Wed, 11 Aug 93 08:47:00 PDT Subject: birth of Software Patent Institute Message-ID: <9308111544.AA04238@toad.com> joe, thanks for setting me straight. peter From eggo at student.umass.edu Wed Aug 11 09:06:59 1993 From: eggo at student.umass.edu (Round Waffle) Date: Wed, 11 Aug 93 09:06:59 PDT Subject: Numeric IP address for ftp.eff.org? In-Reply-To: <9308111523.AA03682@toad.com> Message-ID: <9308111605.AA09461@titan.ucs.umass.edu> Possessed by The Unholy, David Heck scrawled the following in blood: > > would anyone happen to have the numeric ip address for eff.org or > ftp.eff.org handy? I'd sure appreciate it.... Both eff.org and ftp.eff.org resolve to 192.88.144.3, according to nslookup. > > Thanks, > David > +- eggo at titan.ucs.umass.edu --><-- Eat Some Paste -+ +- Yorn desh born, der ritt de gitt der gue, -+ +- Orn desh, dee born desh, de umn bork! bork! bork! -+ +----------------- The Durex Blender Corporation -----------------+ From hughes at soda.berkeley.edu Wed Aug 11 09:22:19 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Wed, 11 Aug 93 09:22:19 PDT Subject: directions to Cygnus In-Reply-To: <9308100525.AA13623@cello.hpl.hp.com> Message-ID: <9308111614.AA21277@soda.berkeley.edu> This file is on the archive site at soda.berkeley.edu:pub/cypherpunks/misc/directions.to.cygnus Eric ----------------------------------------------------------------------------- [Directions to Cygnus provided by John Gilmore. -- EH] Cygnus Support 1937 Landings Drive Mt. View, CA 94043 +1 415 903 1400 switchboard +1 415 903 1418 John Gilmore Take US 101 toward Mt. View. From San Francisco, it's about a 40-minute drive. Get off at the Rengstorff Ave/Amphitheatre Parkway exit. If you were heading south on 101, you curve around to the right, cross over the freeway, and get to a stoplight. If you were heading north on 101, you just come right off the exit to the stoplight. The light is the intersection of Amphitheatre and Charleston Rd. Take a right on Charleston; there's a right-turn-only lane. Follow Charleston for a short distance. You'll pass the Metaphor/Kaleida buildings on the right. At a clump of palm trees and a "Landmark Deli" sign, take a right into Landings Drive. At the end of the road, turn left into the complex with the big concrete "Landmark" sign. Follow the road past the deli til you are in front of the clock tower that rises out of one of the buildings, facing you. Enter through the doors immediately under the clock tower. They'll be open between noon and 1PM at least. (See below if you're late.) Once inside, take the stairs up, immediately to your right. At the top of the stairs, turn right past the treetops, and we'll be in 1937 on your left. The door is marked "Cygnus". If you are late and the door under the clock tower is locked, you can walk to the deli (which will be around the building on your left, as you face the door). Go through the gate in the fence to the right of the deli, and into the back lawns between the complex and the farm behind it. Walk forward and right around the buildings until you see a satellite dish in the lawn. Go up the stairs next to the dish, which are the back stairs into the Cygnus office space. We'll prop the door (or you can bang on it if we forget). Or, you can find the guard who's wandering around the complex, who knows there's a meeting happening and will let you in. They can be beeped at 965 5250, though you'll have trouble finding a phone. Don't forget to eat first, or bring food at noon! I recommend hitting the burrito place on Rengstorff (La Costen~a) at about 11:45. To get there, when you get off 101, take Rengstorff (toward the hills) rather than Amphitheatre (toward the bay). Follow it about ten blocks until the major intersection at Middlefield Road. La Costen~a is the store on your left at the corner. You can turn left into the narrow lane behind the store, which leads to a parking lot, and enter by the front door, which faces the intersection. To get to the meeting from there, just retrace your route on Rengstorff, go straight over the freeway, and turn right at the stoplight onto Charleston; see above. See you there! John Gilmore From jthomas at kolanut.mitre.org Wed Aug 11 09:32:19 1993 From: jthomas at kolanut.mitre.org (Joe Thomas) Date: Wed, 11 Aug 93 09:32:19 PDT Subject: Numeric IP address for ftp.eff.org? Message-ID: <9308111631.AA02889@kolanut> Round Waffle wrote: > Possessed by The Unholy, David Heck scrawled the > following in blood: > > would anyone happen to have the numeric ip address for eff.org or > > ftp.eff.org handy? > > I'd sure appreciate it.... > > Both eff.org and ftp.eff.org resolve to 192.88.144.3, > according to nslookup. > But when you actually ftp to ftp.eff.org, the hostname reported is kragar.eff.org, and a traceroute there shows the endpoint's IP address as 192.88.144.4. Creative DNS administration... mwunix> ftp ftp.eff.org Connected to kragar.eff.org. 220 kragar.eff.org FTP server (Version 2.1WU(1) Thu May 20 15:21:04 EDT 1993) ready. mwunix> traceroute ftp.eff.org traceroute to kragar.eff.org (192.88.144.4), 30 hops max, 40 byte packets 1 128.29.154.254 (128.29.154.254) 2 ms 2 ms 5 ms 2 mwgw.mitre.org (128.29.18.251) 2 ms 2 ms 2 ms 3 reston1gw.mitre.org (128.29.1.2) 4 ms 4 ms 4 ms 4 reston2gw.mitre.org (128.29.100.253) 4 ms 4 ms 4 ms 5 128.29.217.253 (128.29.217.253) 5 ms 5 ms 5 ms 6 192.80.55.254 (192.80.55.254) 5 ms 5 ms 5 ms 7 Falls-Church3.VA.ALTER.NET (137.39.61.1) 7 ms 13 ms 6 ms 8 Washington.DC.ALTER.NET (137.39.128.1) 35 ms 16 ms 41 ms 9 Boston1.MA.ALTER.NET (137.39.12.2) 22 ms 22 ms 24 ms 10 EFF-gw.ALTER.NET (137.39.25.2) 39 ms 22 ms 29 ms 11 kragar.eff.org (192.88.144.4) 26 ms 27 ms 29 ms mwunix> Joe a font of trivia today From hughes at soda.berkeley.edu Wed Aug 11 09:46:59 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Wed, 11 Aug 93 09:46:59 PDT Subject: How long would it take? In-Reply-To: <9308111426.AA20884@necs.vuse> Message-ID: <9308111639.AA22325@soda.berkeley.edu> re: a question about the security of RSA This question is better asked in sci.crypt, since it involves technicalities of number theory that are not in the purview of this list. Eric From smb at research.att.com Wed Aug 11 09:52:20 1993 From: smb at research.att.com (smb at research.att.com) Date: Wed, 11 Aug 93 09:52:20 PDT Subject: Numeric IP address for ftp.eff.org? Message-ID: <9308111649.AA06257@toad.com> Round Waffle wrote: But when you actually ftp to ftp.eff.org, the hostname reported is kragar.eff.org, and a traceroute there shows the endpoint's IP address as 192.88.144.4. Creative DNS administration... The dig output explains what's going on. $ dig ftp.eff.org ; <<>> DiG 2.0 <<>> ftp.eff.org ;; ->>HEADER<<- opcode: QUERY , status: NOERROR, id: 6 ;; flags: qr aa rd ra ; Ques: 1, Ans: 2, Auth: 0, Addit: 0 ;; QUESTIONS: ;; ftp.eff.org, type = A, class = IN ;; ANSWERS: ftp.eff.org. 86400 CNAME kragar.eff.org. kragar.eff.org. 86400 A 192.88.144.4 ;; Sent 1 pkts, answer found in time: 158 msec ;; FROM: inet to SERVER: default -- 0.0.0.0 ;; WHEN: Wed Aug 11 11:44:15 1993 ;; MSG SIZE sent: 29 rcvd: 73 In other words, ftp.eff.org is an alias for the official name of the host. Quite properly, the inverse map lists the official name for the host: $ dig -x 192.88.144.4 ; <<>> DiG 2.0 <<>> -x ;; ->>HEADER<<- opcode: QUERY , status: NOERROR, id: 6 ;; flags: qr aa rd ra ; Ques: 1, Ans: 1, Auth: 0, Addit: 0 ;; QUESTIONS: ;; 4.144.88.192.in-addr.arpa, type = ANY, class = IN ;; ANSWERS: 4.144.88.192.in-addr.arpa. 86400 PTR kragar.eff.org. ;; Sent 1 pkts, answer found in time: 329 msec ;; FROM: inet to SERVER: default -- 0.0.0.0 ;; WHEN: Wed Aug 11 12:45:52 1993 ;; MSG SIZE sent: 43 rcvd: 71 But by advertising the name ``ftp.eff.org'', instead of ``kragar.eff.org'', the administrator gains the flexibility to move the archive to some other machine if necessary/desirable. That's exactly the right way to run such a service. From collins at newton.apple.com Wed Aug 11 09:56:59 1993 From: collins at newton.apple.com (Scott Collins) Date: Wed, 11 Aug 93 09:56:59 PDT Subject: How long would it take? Message-ID: <9308111649.AA17888@newton.apple.com> Hello, When you encrypt a message M with PGP, you are really doing several things: 1. Generating a random IDEA key K 2. Encrypting M with K yielding IDEA(K,M) 3. Encrypting K with the public key of the recipient, Rpub yielding RSA(Rpub,K) (note that if YOUR key is 1256 bits, but THEIR key is only 512 bits, you only get 512 bits of 'security' because you are encrypting to them, not to yourself) 4. Sending (essentially) the message {RSA(Rpub,K)+IDEA(K,M)} Someone who wants to read the message (e.g., the recipient or some interceptor) must either know Rpri (Rpub's corresponding private key) to extract K, or must be able to break RSA, or must know K a priori, or must be able to break IDEA. This is a lot of ways to get in. Most of them prohibitive, except for the recipient who can be expected to know Rpri. > Could the NSA reverse PGP encryption on a message that was encrypted with a > 1264 bit key? Yes. Although, I think it would be more likely through cryptanalysis of the IDEA cypher than of the RSA encrypted IDEA key. > Do you think they could do this in a matter of hours? I don't think so. > Why or why not Cracking RSA is presumed to be as hard as factoring one of the components of the key. Although this has not been proven, I think it likely that no better attack is currently known. I have no figures yet on the complexity of the IDEA cypher. I do not know if it is susceptible to differential cryptanalysis. To my knowledge, exhaustive search is the only attack. With a random 128 bit key, search is prohibitive. Sorry I didn't include more numbers, Scott Collins | "Few people realize what tremendous power there | is in one of these things." -- Willy Wonka ......................|................................................ BUSINESS. voice:408.862.0540 fax:974.6094 collins at newton.apple.com Apple Computer, Inc. 1 Infinite Loop, MS 301-2C Cupertino, CA 95014 ....................................................................... PERSONAL. voice/fax:408.257.1746 1024/669687 catalyst at netcom.com From gnu Wed Aug 11 10:26:59 1993 From: gnu (John Gilmore) Date: Wed, 11 Aug 93 10:26:59 PDT Subject: Chaos harnessed for encryption / Fluctuations and Order research Message-ID: <9308111723.AA07380@toad.com> EE Times, Aug 9, 1993, p. 31 reports that "MIT's Research Lab of Electronics is creating new signal processor designs, based on chaos theory, that could open up a simple route to secure communications. The new designs use a recent discovery called synchronized chaos to transform a meaningful signal into what only seems to be random noise., A similarly constructed receiver responds to the noisy signal, sychronizing its own chaotic behaviour to extract the message. The MIT design requires only eight op-amps and is based on the Lorenz attractor, which generates a simple three-dimensional chaotic system." There's more, this is just a pointer. Their current encryption system is analog, not digital, and encrypts analog signals like audio; I don't know if this is a fundamental design property or not. They claim it's not super-great encryption, just cheap and interesting. Wired Sep/Oct 93 also reports (p.118) a Sep 9-12 conference on "Fluctuations and Order" at Los Alamos National Labs' Center for Nonlinear Studies. "The labs are gathering a couple dozen researchers who have realized they can induce order into systems by using noise and randomness. As one abstract says, `The addition of noise to certain types of driven systems can paradoxically cause a signal to become clearer.'" These seem related, to me. John From pcw at access.digex.net Wed Aug 11 10:57:00 1993 From: pcw at access.digex.net (Peter Wayner) Date: Wed, 11 Aug 93 10:57:00 PDT Subject: Chaos harnessed for encryption / Fluctuations and Order research Message-ID: <199308111755.AA03541@access.digex.net> There was a paper several years back in Cryptologia that came to the conclusion that many of the chaotic functions were unsuitable for encryption. By this, they mean the "classic" chaotic functions like the Lorentz attractor. DES is obviously a very nice chaotic generator. The problem with the systems has its basis in the philosophical foundations of the field. Mathematicians have been basically saying, "Like Wow. These very simple equations just generate stuff that is totally out of whack." The equations are just simple differential equations that go kablooie. In many cases, though, the kablooie only means that a small pertubation in the system causes large changes in the outcome. While this is a necessary effect for solid encryption, it is not sufficient for a good system. What we really want to know is whether you can recover x from f(x) where f is the encryption function. if f(x+small value) is wildly different from f(x), then this is good, but not good enough. Now, think a minute about the "synchronization" of these two chaotic generators. This means that both ends of the conversation have set their scramblers to the same "key". But since this is analog, things might not be _exactly_ the same on both ends. If this was a really chaotic system then the tiny differences in the two systems should make things go kablooie. My guess is that they figured out some way to use a feedback mechanism to fix small pertubations and keep things from going kablooie in a small range. I would guess that this could lead to a hole for attacking the system. Just a guess, though. This insight is similar to the holes that people found in linear feedback shift registers. These systems are pretty good random number generators, but they're not secure if the user can guess a few bits of your message. Why? Because the equations are simple enough to be inverted. The only question is whether the chaotic equations can be inverted. I think that the Cryptologia paper came to the conclusion that it could be done. I'm sorry I don't have a complete reference to the Cryptologia paper. Perhaps my memory is a bit flawed here as well. It would be interesting, though, to study the EE times article in depth. I think John is right that there is a certain amount of philosophical convergence between the work at MIT and the work at Los Alamos. -Peter From paul at poboy.b17c.ingr.com Wed Aug 11 11:16:59 1993 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Wed, 11 Aug 93 11:16:59 PDT Subject: Chaos harnessed for encryption / Fluctuations and Order research In-Reply-To: <9308111723.AA07380@toad.com> Message-ID: <199308111810.AA02594@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- A recent _Scientific American_ had a brief piece on inducing order in chaotic systems; I don't have it handy, but apparently it's fairly simple to induce order in some nonlinear systems. I'm no chaotician, but it seems that if you want to synchronize two chaos generators at different sites, you must a) use the same initial values and b) use the same mechanism to induce order. Granted that small changes in a) or b) can change the system greatly, this doesn't seem all that different from conventional synchronized encryption systems. (I'm happy to note that much of this work is being done at Georgia Tech, my alma mater. It's great to be a fuzzy bee!) - -Paul - -- Paul Robichaux, KD4JZG | "Crypto-anarchy means never having to say perobich at ingr.com | you're sorry." - Tim May (tcmay at netcom.com) Intergraph Federal Systems | Be a cryptography user- ask me how. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLGk15SA78To+806NAQFLyQQAoZkg0VNeLCpfyqBtIDOsXcZQtBt0lo/Z gOSS8p1Q2hSYAaO6NgGAgZ3dsVBSaGVpoGxMoIGlzbjNbJ72BEIRxiz2Itt3ul/s DGbCIvqU8omph0msq8s2a3FBAnwE/yHfCbSHBPqmqRL29Bif7SpNh5qAc5JpEXBT IjrsgcVa83I= =4Mbz -----END PGP SIGNATURE----- From kent_hastings at qmail2.aero.org Wed Aug 11 11:22:21 1993 From: kent_hastings at qmail2.aero.org (Kent Hastings) Date: Wed, 11 Aug 93 11:22:21 PDT Subject: New Chaos? Message-ID: <199308111819.AA04314@aerospace.aero.org> New Chaos? John Gilmore wrote: >EE Times, Aug 9, 1993, p. 31 reports that "MIT's Research Lab of >Electronics is creating new signal processor designs, based on chaos >theory, that could open up a simple route to secure communications. ... >The new designs use a recent discovery called synchronized chaos to >transform a meaningful signal into what only seems to be random >noise... I saw something like this in the latest Scientific American, but is it new?? >From my survey of spread-spectrum techniques, this 1950's approach to signal hiding is called a "Transmitted Reference." Random thermal noise in a resistor was transmitted in one band, and the same noise mixed with a message was sent in another. The receiver would take the the difference between the two noisy signals to get the message. Although casual snoopers would be thwarted, the key is broadcast openly, therefore this should not be considered secure. Mix it with modern Stored Reference techniques like frequency-hopping, direct- sequence, and time-hopping and you might get a great hybrid system. Are there any freeware spread-spectrum designs, analogous to PGP, to solve the physical data communications problem? Encryption is great, but the phone company is enemy territory. bypass. Bypass. BYPASS!!!! Kent From henrik at stat.tamu.edu Wed Aug 11 11:37:21 1993 From: henrik at stat.tamu.edu (Henrik Schmiediche) Date: Wed, 11 Aug 93 11:37:21 PDT Subject: Cryptographics Journals Message-ID: <9308111837.AA06985@picard.tamu.edu> Hi, could anyone mail me info on the Cryptology oriented journals like Cryptologia and Journal of Cryptology? Specifically, how do I subscribe to them? Thanks. - Henrik From tk at reagan.ai.mit.edu Wed Aug 11 11:56:59 1993 From: tk at reagan.ai.mit.edu (Tom Knight) Date: Wed, 11 Aug 93 11:56:59 PDT Subject: Chaos harnessed for encryption / Fluctuations and Order research In-Reply-To: <199308111810.AA02594@poboy.b17c.ingr.com> Message-ID: <19930811185438.1.TK@ROCKY.AI.MIT.EDU> This is how I see the situation: Neural Nets : Computers :: Chaotic analog encryption : DES The chaotic encryption work depends on a secret algorithm, no less. If you want a system which works, do it digitally. If you want to play and get papers accepted to the next hot-topic-of-the-day conference, go play with some op amps. If you want to play, there's an article in SciAm this month on building a chaotic "encryption" machine. It probably provides acceptable security if you use triple DES on signals prior to sending them. From warlord at MIT.EDU Wed Aug 11 11:57:22 1993 From: warlord at MIT.EDU (Derek Atkins) Date: Wed, 11 Aug 93 11:57:22 PDT Subject: How long would it take? In-Reply-To: <9308111426.AA20884@necs.vuse> Message-ID: <9308111854.AA00246@toxicwaste.MEDIA.MIT.EDU> There are a number of ways to attack a PGP (or PEM) encrypted document. The first, and most likely easiest, is to try to get someone's private key. Other attacks include attacks on IDEA (128-bit keys) or RSA. Its unclear what any of these attacks require, at this point. Breaking IDEA would take a brute force attack (2^128 keys) unless something better comes up. Breaking RSA requires factoring the modulus, unless something easier comes up. I would expect that the time to factor a 1200bit modulus would be on the order of a million years or more, even given technology upgreades of the near-future. I've seen a number-of-addition-bits to amount-of-extra-time-to-factor ratio, but I don't remember what it is. (order of magnitude per 10 decimal digits, maybe????) Comments, suggestions, corrections, all welcome. -derek From collins at newton.apple.com Wed Aug 11 12:02:22 1993 From: collins at newton.apple.com (Scott Collins) Date: Wed, 11 Aug 93 12:02:22 PDT Subject: How long would it take? Message-ID: <9308111856.AA22501@newton.apple.com> >How does your "Yes" wash with the next paragraph of your note? I'm sorry. My answer was misleading (read 'wrong'). What I was trying to say was: "Yes, but not in a reasonable amount of time." My implication was that an attack against RSA with a 1264 bit key and an attack against IDEA with a 128 bit key are both prohibitive, but that my _guess_ is that cryptanalysis of the IDEA cypher would be the more fruitful attack. If the real question is: "Am I safe from the NSA when I use PGP and encrypt with a 1264 bit key?" Then I must answer: "In my opinion, you are reasonably safe." If the question is: > Could the NSA reverse PGP encryption on a message that was encrypted with a > 1264 bit key? Then I must answer: "Yes, it is mathematically possible; although unlikely in the extreme." I apologize. >Sorry I didn't include more numbers, ...really sorry. They said what I meant. >And IDEA is not susceptible to diff.cryptan - that's the way >it was *designed* (actually the designer proved mathematically >the invinsibility of IDEA to this attack). Thanks for this info. I have been trying to get the IDEA papers: "Detailed Description and a Software Implementation of the IPES Cipher" "Markov Ciphers and Differential Cryptanalysis" without success, as yet. Perhaps you have them or know of an ftp site? Thanks, Scott Collins | "Few people realize what tremendous power there | is in one of these things." -- Willy Wonka ......................|................................................ BUSINESS. voice:408.862.0540 fax:974.6094 collins at newton.apple.com Apple Computer, Inc. 1 Infinite Loop, MS 301-2C Cupertino, CA 95014 ....................................................................... PERSONAL. voice/fax:408.257.1746 1024/669687 catalyst at netcom.com From karn at qualcomm.com Wed Aug 11 12:16:59 1993 From: karn at qualcomm.com (Phil Karn) Date: Wed, 11 Aug 93 12:16:59 PDT Subject: Secure voice software issues In-Reply-To: <199308101603.AA28136@poboy.b17c.ingr.com> Message-ID: <9308111916.AA03336@servo> >The reason behind my original proposal of a system that could use PGP >keyrings is thus: let's say that I want to call you. I tell my >cryptophone to call "Phil Karn", so it looks up your public key and >uses it to encrypt my side's session key, then signs the encrypted >version with my public key. You're creating an unnecessary vulnerability here. By using RSA to encrypt the session key, all of your past conversations would be compromised if your RSA secret key were ever revealed. True, this is already the case for PGP-encrypted messages which are usually sent over unidirectional mail channels. There you can't really do much better. Voice calls are different, as the availability of a two-way path lets you do things much more securely. If you generate a session key with DH and use PGP/RSA *only to sign the exchanges*, not to encrypt the session key, then even if your RSA secret key is later compromised, it would not compromise those session keys that had already been created, used and destroyed. This is a very powerful feature! Consider the profound effect it would have on the whole topic of "rubber hose cryptanalysis", either in its pure unadulterated form (blackmail, torture, death threats) or in its "legal" form (being compelled to divulge an encryption key that could be used against you, despite the 5th amendment). Session keys could be created, authenticated, used and destroyed without the user ever having to know them, or even having any way to recreate them after the fact despite knowledge of the RSA secret key that was used to authenticate them. Phil From pmetzger at lehman.com Wed Aug 11 12:27:00 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Wed, 11 Aug 93 12:27:00 PDT Subject: How long would it take? In-Reply-To: <9308111854.AA00246@toxicwaste.MEDIA.MIT.EDU> Message-ID: <9308111925.AA03024@snark.shearson.com> Derek Atkins says: > Breaking IDEA would take a brute force attack (2^128 keys) unless > something better comes up. Its generally unwise to make the assumption that the only possible attack on your conventional scheme is a brute force attack. Certainly the attacks used on many previous generations of cryptosystems were never brute force -- and certainly every generation of naive cryptographer has said "well, using brute force it would take N years to break my cypher". A simple vingenere cypher with a 12 letter key would seem to be very strong indeed (stronger than DES), and yet we know you can break one in a few moments because there are better attacks than brute force. We have suprisingly little in the way of general theory on what would or would not make a conventional cryptosystem strong. Certainly differential cryptanalysis will not be the last thing people come up with. Until we know everything the NSA knows, I will be hesitant to say "unless something better comes up" and more comfortable saying "until something better comes up." Perry From hfinney at shell.portal.com Wed Aug 11 12:47:23 1993 From: hfinney at shell.portal.com (hfinney at shell.portal.com) Date: Wed, 11 Aug 93 12:47:23 PDT Subject: Secure voice software issues Message-ID: <9308110421.AA29116@jobe.shell.portal.com> A couple of comments on the cryptophone idea. First, there has seemed to be general agreement in our earlier discussions of this concept that the hard part is compressing the voice to the point where it can go over commonly-available modems. The government-standard CELP algorithm is too slow for general-purpose home computers. You need an algorithm that can operate in real time and compress intelligibly down to about 13K bits per second. It has to be either able to compress and decompress simultaneously or else you need some switching logic to decide which person is talking and which is listening at each moment, with both sides reversing roles in synchrony. Second, Diffie-Hellman key exchange will probably take about as long as an RSA decryption with similar modulus sizes. So speed would not seem to be a reason to choose DH over RSA for key exchange. If PGP is slow on your machine, DH will be, too. Hal Finney hfinney at shell.portal.com From smb at research.att.com Wed Aug 11 12:52:22 1993 From: smb at research.att.com (smb at research.att.com) Date: Wed, 11 Aug 93 12:52:22 PDT Subject: How long would it take? Message-ID: <9308111952.AA11810@toad.com> Its generally unwise to make the assumption that the only possible attack on your conventional scheme is a brute force attack. Certainly the attacks used on many previous generations of cryptosystems were never brute force -- and certainly every generation of naive cryptographer has said "well, using brute force it would take N years to break my cypher". A simple vingenere cypher with a 12 letter key would seem to be very strong indeed (stronger than DES), and yet we know you can break one in a few moments because there are better attacks than brute force. We have suprisingly little in the way of general theory on what would or would not make a conventional cryptosystem strong. Certainly differential cryptanalysis will not be the last thing people come up with. Until we know everything the NSA knows, I will be hesitant to say "unless something better comes up" and more comfortable saying "until something better comes up." Indeed. The key length is a worst-case analysis for the cryptanalyst; they can do no worse than that. We can be confident that NSA has cracked DES because an exhaustive search engine is within their means, but we don't know how much better they can do. A while back, Shamir gave a talk on differential cryptanalysis here at Murray Hill. He mentioned Coppersmith's letter, which said that IBM knew about differential cryptanalysis back when they built DES, and they designed it to resist the attack. That's obviously the case -- so Shamir said that he asked Coppersmith to state that in the intervening 18 years, IBM had not come up with a stronger attack on DES. Coppersmith was silent, from which you can draw any conclusions you wish. From norm at netcom.com Wed Aug 11 13:07:22 1993 From: norm at netcom.com (Norman Hardy) Date: Wed, 11 Aug 93 13:07:22 PDT Subject: Software Patent Institute Message-ID: <9308112006.AA10806@netcom2.netcom.com> I am interested in the issue of patenting ideas that have already been put into practice or that would be obvious to any of many practitioners. I have a patent and my patent attorney included in the ideas that were not new. We were not motivated to spend the time and money to revise the patent to avoid this. The patent examiner had little experience in programming and missed the old ideas. I would be curious to know what software patents exist and the outcome of any court fights to overturn patents on ideas that were indeed not new. I am not good a keeping track of publications where I have learned of ideas but I often do know people who were using various ideas going back to 1955 when I began programming professionally. I do not know very much about patent law but I understand that IBM, for instance, regularly publishes "Technical Disclosures" which is mostly comprised of the work products of IBM patent attorneys when they have decided that it is not worth the expense of patenting some particular idea. It would be good to have a public repository of programming ideas that are good but not worth patenting. Let me know how I can help. From karn at qualcomm.com Wed Aug 11 14:22:05 1993 From: karn at qualcomm.com (Phil Karn) Date: Wed, 11 Aug 93 14:22:05 PDT Subject: Secure voice software issues In-Reply-To: Message-ID: <9308112117.AA03868@servo> >To me at least this seems unimportant for the application. If all you're >doing is exchanging session keys over the phone, it doesn't really matter if >you are sure that the public key actually belongs to who it claims it does, Well...yes. *If* you know the person you are talking to, then you can read off your session key (or preferably its hash) to guard against the man in the middle. But let's say you are being referred to someone who you don't already know (or you know them only by email, and have no idea what they sound like). You trust this person, but you can't depend on an oral challenge-response. The existing PGP web should be handy here. Phil From dsobel at washofc.cpsr.org Wed Aug 11 14:32:06 1993 From: dsobel at washofc.cpsr.org (David Sobel) Date: Wed, 11 Aug 93 14:32:06 PDT Subject: Clipper trapdoor? Message-ID: <00541.2827923432.4658@washofc.cpsr.org> Clipper trapdoor? Peter Wayner writes: >My general impression is that the system is secure. Many people >have played paranoid and expressed concerns that the classified >algorithm might be hiding a trapdoor. It became clear to me that >these concerns were really silly. There is a built-in trapdoor >to be used by the government when it is "legal authorized" to >intercept messages. The NSA has rarely had trouble in the past >exercising either its explicitly granted legal authority or >its implied authority. The phrase "national security" is a >powerful pass phrase around Washington and there is no reason >for me to believe that the NSA wouldn't get all of the access >to the escrow database that it needs to do its job. Building in >a backdoor would only leave a weakness for an opponent to exploit >and that is something that is almost as sacrilidgeous at the NSA >as just putting the classified secrets in a Fed Ex package to >Saddam Hussein. This raises an interesting question and I draw a totally different conclusion. If, as we have been told, the only way for an agency to obtain the escrow keys is to present a court order, than NSA needs to obtain such an order to decrypt *any* communication it intercepts. I don't really understand what Peter means when he says that "NSA has rarely had trouble in the past exercising either its explicitly granted legal authority or its implied authority. The phrase 'national security' is a powerful pass phrase around Washington and there is no reason for me to believe that the NSA wouldn't get all of the access to the escrow database that it needs to do its job." Does this mean NSA would, in fact, obtain a warrant in order to "get all of the access to the escrow database that it needs to do its job"? If so, this would represent an unprecedented change in the way NSA does "its job." NSA has no domestic law enforcement authority, so it would obviously never be in a position to obtain a law enforcement wiretap warrant under Title III. The only possible way for NSA to obtain a warrant would be under the Foreign Intelligence Surveillance Act (FISA). But the Foreign Intelligence Surveillance Court, which issues warrants under FISA, has ruled that FISA's provisions limit the authority to conduct electronic surveillances to the U.S. in a geographic sense as defined in sec. 101(i). The drafters left to another day the matter of "broadening this legislation to apply overseas ... because the problems and circumstances of overseas surveillance demand separate treatment." In the Matter of the Application of the United States for an Order Authorizing the Physical Search of Nonresidential Premises and Personal Property (1981), footnote 1 (citations omitted). Consider the following hypothetical: Iraqi agents smuggle Clipper phones out of the U.S. Saddam Hussein uses them to communicate with his military commander in Basra. NSA intercepts the communications. Question: How does NSA decrypt the messages? Note that neither Title III (law enforcement) nor FISA (U.S.-based) apply to this situation, so we have to assume that NSA will not have a court order to obtain the escrow keys. I have to conclude that NSA would not be putting this technology out into the world *unless* it did, in fact, have some way to decrypt messages *without* access to the escrow keys. Am I missing something? David Sobel CPSR Legal Counsel From norm at netcom.com Wed Aug 11 14:37:23 1993 From: norm at netcom.com (Norman Hardy) Date: Wed, 11 Aug 93 14:37:23 PDT Subject: Secure voice software issues Message-ID: <9308112136.AA16886@netcom3.netcom.com> Can someone tell me how fast CELP is when written in C? (On some particular machine.) From paul at poboy.b17c.ingr.com Wed Aug 11 15:02:06 1993 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Wed, 11 Aug 93 15:02:06 PDT Subject: Secure voice software issues In-Reply-To: <9308112136.AA16886@netcom3.netcom.com> Message-ID: <199308112153.AA04326@poboy.b17c.ingr.com> This was discussed a while back in the context of secure voice hardware, but I don't remember whether anyone had been able to get real-time CELP performance with any particular implementation. I do know that ZyXEL's modems are able to do real-time CELP using a 68000 processor. The low-end models can do CELP encoding at 9600 baud, and the faster ones do better-quality encoding (ACELP, I think they call it) at 19200 baud. The Mac OS also includes Apple's sound compression routines, which aren't CELP (i.e. they're not optimized for voice) but allegedly can do real-time compression. -Paul -- Paul Robichaux, KD4JZG | "Crypto-anarchy means never having to say perobich at ingr.com | you're sorry." - Tim May (tcmay at netcom.com) Intergraph Federal Systems | Be a cryptography user- ask me how. From tk at reagan.ai.mit.edu Wed Aug 11 15:12:06 1993 From: tk at reagan.ai.mit.edu (Tom Knight) Date: Wed, 11 Aug 93 15:12:06 PDT Subject: Clipper trapdoor? In-Reply-To: <00541.2827923432.4658@washofc.cpsr.org> Message-ID: <19930811220825.2.TK@ROCKY.AI.MIT.EDU> You didn't read the original clipper announcement carefully. It never said that all access to the escrowed keys was to be handled through warrants. Clearly the other weasel word access techniques envisioned included requests from the Agencies. My paranoid fantasy, actually, is that we are really seeing phase I of a longer term plan, which will result in outlawing non-escrowed keys. The way it works is this: Skipjack is distributed. A clever group of nameless individuals obtains some components. Through significant effort, they determine the algorithm and family key, and they are published. Phase II: mock Agency uproar ensues, NSA claims it tried to be "reasonable" about escrowed keys, but obviously the bad guys have demonstrated that they can't be trusted. The only way to solve the "problem" is to outlaw non-escrowed key cryptography. From peb at PROCASE.COM Wed Aug 11 15:17:24 1993 From: peb at PROCASE.COM (Paul Baclace) Date: Wed, 11 Aug 93 15:17:24 PDT Subject: Clipper trapdoor? Message-ID: <9308112213.AA01510@banff.procase.com> >Note that neither Title III (law enforcement) nor FISA (U.S.-based) apply >to this situation, [...] >I have to conclude that NSA would not be putting >this technology out into the world *unless* it did, in fact, have some way >to decrypt messages *without* access to the escrow keys. Which is why they probably already have a draft for a bill to get escrowed keys without a warrant for national security reasons. They would want the whole escrow process set up before they announce this, of course. If they can't get this kind of bill passed, then they probably will not approve the technology for export. Alternatively, the escrow process may be written with specific wording that it applies only to US citizens leaving a convenient escrow process trap-door. This makes the Privacy Clipper difficult to sell overseas, but specially made chips for export might be compromised anyway with weak random seeds. Paul E. Baclace peb at procase.com From pmetzger at lehman.com Wed Aug 11 15:17:31 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Wed, 11 Aug 93 15:17:31 PDT Subject: Secure voice software issues In-Reply-To: <9308112117.AA03868@servo> Message-ID: <9308112213.AA03961@snark.shearson.com> Phil Karn says: > >To me at least this seems unimportant for the application. If all you're > >doing is exchanging session keys over the phone, it doesn't really matter if > >you are sure that the public key actually belongs to who it claims it does, > > Well...yes. *If* you know the person you are talking to, then you can > read off your session key (or preferably its hash) to guard against the > man in the middle. But let's say you are being referred to someone who > you don't already know (or you know them only by email, and have no idea > what they sound like). You trust this person, but you can't depend on > an oral challenge-response. The existing PGP web should be handy here. I think that we are too casual about this -- Rich Little or someone similar could easily impersonate your voice over a vocoder well enough that unless I decided to do a "so, tell me about what we had for lunch last week" routine you couldn't tell the difference. I think that even if you DO know the other person verification is valuable -- especially given the distortionary effects of vocoders. Perry From marc at GZA.COM Wed Aug 11 15:22:05 1993 From: marc at GZA.COM (Marc Horowitz) Date: Wed, 11 Aug 93 15:22:05 PDT Subject: Clipper trapdoor? In-Reply-To: <00541.2827923432.4658@washofc.cpsr.org> Message-ID: <9308112220.AA22120@dun-dun-noodles.aktis.com> >> Note that neither Title III (law enforcement) nor FISA (U.S.-based) >> apply to this situation, so we have to assume that NSA will not have a >> court order to obtain the escrow keys. I have to conclude that NSA >> would not be putting this technology out into the world *unless* it >> did, in fact, have some way to decrypt messages *without* access to >> the escrow keys. >> >> Am I missing something? Yes. Quoting the original Presidential release: >> Access to these keys will be limited to government officials with >> legal authorization to conduct a wiretap. "legal authorization to conduct a wiretap" != "court order". I've seen lots of people slip into that habit. Today, it requires a court order to wiretap domestic conversations between US citizens. Presumably, the same conditions apply to Skipjack. However, that could change. As for the example of snooping on Hussein and his officers, you know exactly how much legal authorization the NSA needs to conduct that wiretap. Exactly none. Hence, it needs no paperwork to get the key to Hussein's phone. How the escrow agents make the NSA prove that the keyid in question belongs to Hussen's phone is an exercise left to the legislature :-/ Marc From karn at qualcomm.com Wed Aug 11 15:42:05 1993 From: karn at qualcomm.com (Phil Karn) Date: Wed, 11 Aug 93 15:42:05 PDT Subject: voluntary compliance In-Reply-To: <9308080120.AA16598@smds.com> Message-ID: <9308100715.AA26199@servo> >They just want to encourage voluntary compliance. Hmm...I have this strong feeling of deja vu. Where else have I heard this expression before? Oh, right, the IRS! They always like to talk about how our tax system is based on "voluntary compliance"... Phil From fnerd at smds.com Wed Aug 11 15:47:27 1993 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Wed, 11 Aug 93 15:47:27 PDT Subject: Secure voice software issues Message-ID: <9308112238.AA05820@smds.com> karn at qualcomm.com (Phil Karn) sez- > ...Finding a path through the PGP "web of > trust" back to a trusted public key that the other party already has > may be tricky. This is one thing that is much easier with a simple > tree a la PEM, as you simply give the path back up to a common, shared > root. > > I'm not sure how to do this with PGP. ... Maybe this is a good service for a key server to perform. Are there cases where you would want to endorse a key *privately*? I.e., tell certain people only that you've met someone? > If you first do Diffie Hellman and then immediately use the session > key it generates to conventionally encrypt the rest of the protocol, > including any RSA public key exchanges, this has the added benefit of > denying passive eavesdroppers any information that would identify the > parties to the call. The best an *active* eavesdropper (conducting a > man-in-the-middle attack against Diffie Hellman) could do is to trick > the parties into revealing their RSA public keys, and thus their > identities. But the parties would quickly discover this at the > signature step, before the voice conversation actually starts. What if you prepare RSA key pairs in advance in your computer's (phone's) spare time, then use one per conversation (at least for the initializing)? You would encode your public key with the session private key, and a conventional key with your private key, in advance. That would save time at the start of the conversation (although, to decode his keys would take two regular RSA steps.) Am I wrong, or is Diffie-Helman only useful when you *don't* have a way of verifying who each other are? -fnerd at smds.com quote me From warlord at MIT.EDU Wed Aug 11 16:02:06 1993 From: warlord at MIT.EDU (Derek Atkins) Date: Wed, 11 Aug 93 16:02:06 PDT Subject: Secure voice software issues In-Reply-To: <9308112238.AA05820@smds.com> Message-ID: <9308112259.AA01362@toxicwaste.MEDIA.MIT.EDU> > Am I wrong, or is Diffie-Helman only useful when you *don't* have > a way of verifying who each other are? No, DH is useful whenever you want to generate a session key between two entities, and its even more useful because it doesn't require any prior knowledge. This means that you don't *need* to verify the identity of the other person. However, without some way of verifying the key of the other party, there is no easy way to detect a monkey-in-the-middle attack. As was put forward, a combination of DH to key exchange and RSA to detect monkey-in-the-middle will protect you, but you lose your anonymity at that point. So, to return to your question, DH is useful even when you have a method of verification. So the answer to your question is yes, you are wrong. -derek From kent_hastings at qmail2.aero.org Wed Aug 11 16:12:06 1993 From: kent_hastings at qmail2.aero.org (Kent Hastings) Date: Wed, 11 Aug 93 16:12:06 PDT Subject: CryptoStacker Message-ID: <199308112308.AA11676@aerospace.aero.org> CryptoStacker#000# Whatever happened to CryptoStacker(s) research? Please voluntarily comply with my request for a status report, or I'll padlock your business, throw you in jail, arrest all your friends, and firebomb your compound. It is your choice. Kent - #000# From eb at srlr14.sr.hp.com Wed Aug 11 16:12:28 1993 From: eb at srlr14.sr.hp.com (Eric Blossom) Date: Wed, 11 Aug 93 16:12:28 PDT Subject: Secure voice software issues In-Reply-To: <199308112153.AA04326@poboy.b17c.ingr.com> Message-ID: <9308112309.AA07559@srlr14.sr.hp.com> > I do know that ZyXEL's modems are able to do real-time CELP using a > 68000 processor. The low-end models can do CELP encoding at 9600 baud, > and the faster ones do better-quality encoding (ACELP, I think they > call it) at 19200 baud. I believe that there is a DSP of some kind in there in addition to the 68000. Also, only their high end modems do CELP. The regular 14.4/16.8 one doesnt't. From keru at cpu.us.dynix.com Wed Aug 11 16:42:05 1993 From: keru at cpu.us.dynix.com (Warren Keith Russell) Date: Wed, 11 Aug 93 16:42:05 PDT Subject: cypher punks (fwd) Message-ID: ---------- Forwarded message ---------- Date: Tue, 10 Aug 1993 17:16:21 -0700 From: Kevin Kelly To: keru at cpu.us.dynix.com Subject: cypher punks I heard you were asking about online versions of Levy's WIRED article. I'm the editor of WIRED. It's available in an e-text version in the WIRED folder on American Online, but not elsewhere at the moment. In a few months WIREDs' gopher site will be up. My own article in WER is not yet ready for ftp world. I'm finishing a book of which that is one chapter, and I need to focus on that before geting stuff up on the net. -- Kevin Kelly kk at well.sf.ca.us From TO1SITTLER at APSICC.APS.EDU Wed Aug 11 16:47:28 1993 From: TO1SITTLER at APSICC.APS.EDU (Kragen Sittler) Date: Wed, 11 Aug 93 16:47:28 PDT Subject: final post Message-ID: <930811174124.1c47@APSICC.APS.EDU> Looks like the sands of time are running out on my account. If there is someone here who can inform me of a service provider for internet access in Albuquerque, NM, tell me about it. It's been nice being here and listening to the discussion, even contributing occasionally. Hopefully I wasn't too shy or too mouthy. See y'all in my next account. Kragen Xentrac finger me for other contact points. From smb at research.att.com Wed Aug 11 17:12:05 1993 From: smb at research.att.com (smb at research.att.com) Date: Wed, 11 Aug 93 17:12:05 PDT Subject: Clipper trapdoor? Message-ID: <9308120007.AA19082@toad.com> Consider the following hypothetical: Iraqi agents smuggle Clipper phones out of the U.S. Saddam Hussein uses them to communicate with his military commander in Basra. NSA intercepts the communications. Question: How does NSA decrypt the messages? You raise a valid point. I think there are several possible answers. First, of course, since the key escrow mechanism has not yet been established, an exception could be written into the procedures. (And whether they would be established by law or executive order remains to be seen.) There might be some clause saying, ``NSA may have access to escrowed keys, provided that they certify that the targets of their surveillance are foreign powers, as defined in the FISA. If, upon decryption, it is determined that a U.S. citizen's conversations have been intercepted, the procedures of the FISA for such eventualities will apply.'' Yes, they could abuse such a clause -- but by that logic, they could be listening in to cleartext domestic phone calls today. (And of course, there have been such abuses.) A second possible answer is for export phones to come from a separate production run, using a different family key. These would be export-only, and you'd never get a license to export a ``secure'' model. For U.S. residents to make an encrypted phone call to such a site, either they, too, would need such a phone, or they need some way to interoperate with a phone with a different family key. The obstacle there is the verification procedures such phones have, to guard against bogus narc headers being inserted. I'm not certain whether or not such a solution can be found. --Steve Bellovin From strick at versant.com Wed Aug 11 17:17:28 1993 From: strick at versant.com (menya zavoot cmpuk) Date: Wed, 11 Aug 93 17:17:28 PDT Subject: CryptoStacker In-Reply-To: <199308112308.AA11676@aerospace.aero.org> Message-ID: <9308120015.AA07981@versant.com> THUS SPAKE "Kent Hastings" : # Whatever happened to CryptoStacker(s) research? Ryan "CryptoStacker" Porter has been travelling in (supposedly) Belgium & Sweden for the last month, and I haven't heard from him since the beginning of July. He did *not* meet me in Budapest two weeks ago. # Please voluntarily comply with my request for a status report, # or I'll padlock your business, throw you in jail, arrest all # your friends, and firebomb your compound. Please! Spare his friends!!! # It is your choice. If it were my choice, I'd choose the vacation. strick From szabo at netcom.com Wed Aug 11 17:37:28 1993 From: szabo at netcom.com (Nick Szabo) Date: Wed, 11 Aug 93 17:37:28 PDT Subject: Privacy-friendly auditing In-Reply-To: <9308112300.AA40559@frc060> Message-ID: <9308120037.AA06256@netcom.netcom.com> Tony Hamilton: > It is nearly impossible to acquire statistics > on the %ROI and %STDEV on individual investment strategies. This can be > for a number of reasons. Some people, such as yourself, are not willing > do publicly divulge specifics. More often, in all likelihood, those figures > divulged are inaccurate or biased in some way. Sounds like another use for the hypothetical Auditing Protocol recently mentioned on the cypherpunks list. The problem is to figure out a way to audit the accounts of a bank, to determine if there are sufficient reserves, without divulging information on the accounts therein, or having to trust an outside auditing agency with the accounts' privacy. If such a protocol could be discovered it might also apply to this problem (or vice versa), how to audit the returns of an investment fund or strategy, without revealing information on the participants in such a fund, or revealing the specific strategy. One approach might be to express the strategy as a unique string which hashes to a unique digital signature, which can then be published along with the returns. Has anybody thought of a more formal way to express this problem? Ways to audit a bank without divulging customer privacy were also discussed at that July Bay Area cypherpunks meeting, and I'll bring up the question again this Saturday. >[figures from govn't & schools relatively unbiased] Governments are quite biased by political concerns, eg the desire to raise taxes and spending, to make themselves look good for elections, etc. Schools have to worry about their government and corporate sponsors, and both worry about political popularity & correctness, which is hardly unbiased. For example the Luddite reaction against program trading after the '87 crash, the reaction against corporate takeovers by "uppity Jews" like Milken in the 80s, etc. along with the biased statistics used to make cases for arguments against "junk" bonds, program trading, etc. Most importantly, these government and university people have no incentive to get it right, while S&P et. al. make their business on their reputation of getting it right. If it was discovered somebody was bribing S&P to cook the books you could be sure their competitors would make a Big Deal about it. In cases where there is no long-standing reputation on the line (and no trustworthy auditors, whether agencies or algorithms) I join you in being dubious about investment claims. Nick Szabo szabo at netcom.com From keru at cpu.us.dynix.com Wed Aug 11 17:47:28 1993 From: keru at cpu.us.dynix.com (Warren Keith Russell) Date: Wed, 11 Aug 93 17:47:28 PDT Subject: ANONYMOUS CONTACT SERVICE Message-ID: I received a message from System Daemon telling me that I had sent a message using the anonymous contact service, allocating a code name, and explaining how I can be reached anonymously. What does this mean? Sounds great, but I have no idea how I managed to send such a message! ------------------------------------------------------------------------- Keith Russell Dynix Library Systems, Provo, Utah, U.S.A. keru at cpu.us.dynix.com or keru at devg.us.dynix.com ------------------------------------------------------------------------- From phantom at u.washington.edu Wed Aug 11 17:47:34 1993 From: phantom at u.washington.edu (The Phantom) Date: Wed, 11 Aug 93 17:47:34 PDT Subject: under pressure from University Computing svcs, Message-ID: I'm going to have to shut down the phantom remailer. Seems someone complained about a remailed message. I got a copy of the message, and it didn't seem to bad to me, but I've gotta go with what UCS says. As of today, the phantom remailer (phantom at mead) is hereby out of service. Matt Matt Thomlinson Say no to the Wiretap Chip! University of Washington, Seattle, Washington. Internet: phantom at u.washington.edu phone: (206) 528-5732 PGP 2.2 key available via email or finger phantom at hardy.u.washington.edu From szabo at netcom.com Wed Aug 11 18:07:34 1993 From: szabo at netcom.com (Nick Szabo) Date: Wed, 11 Aug 93 18:07:34 PDT Subject: Anonymous code name allocated. (fwd) Message-ID: <9308120108.AA10357@netcom.netcom.com> Looks like everybody who sent mail to cypherpunks lately (T=?) got signed up by anon.penent.fi. Forwarded message: > From daemon at anon.penet.fi Wed Aug 11 17:54:43 1993 > [you've been signed up, blah blah] > If you want to use a nickname, please send a message to > nick at anon.penet.fi, with a Subject: field containing your nickname. But "nick" is already my name! (insert Marx Bros. routine here) szabo at netcom.com From plmoses at unix.cc.emory.edu Wed Aug 11 18:47:28 1993 From: plmoses at unix.cc.emory.edu (Paul L. Moses) Date: Wed, 11 Aug 93 18:47:28 PDT Subject: Secure voice software issues Message-ID: <9308120144.AA07430@emoryu1.cc.emory.edu> what about the DSP in the new macs? could this be used for encoding? From karn at qualcomm.com Wed Aug 11 19:07:35 1993 From: karn at qualcomm.com (Phil Karn) Date: Wed, 11 Aug 93 19:07:35 PDT Subject: Secure voice software issues In-Reply-To: <9308112238.AA05820@smds.com> Message-ID: <9308120203.AA04871@servo> >Maybe this is a good service for a key server to perform. Yeah, but that kind of assumes connectivity to the net. It's rather inconvenient for a pair of phones who only have dialup modems connected to each other to do this on every call. >What if you prepare RSA key pairs in advance in your computer's >(phone's) spare time, then use one per conversation (at least for the >initializing)? You would encode your public key with the session You could probably use temporary RSA key-pairs for each call, but RSA key generation is notoriously slow. A lot slower than a Diffie-Hellman key exchange. >Am I wrong, or is Diffie-Helman only useful when you *don't* have >a way of verifying who each other are? Eh? No, as I've been saying, you can produce a very strong hybrid in which both Diffie-Hellman and RSA each play an important part. Diffie-Hellman generates the session keys, while RSA signs them. Phil From wcs at anchor.ho.att.com Wed Aug 11 19:27:28 1993 From: wcs at anchor.ho.att.com (Bill_StewartHOY0021305) Date: Wed, 11 Aug 93 19:27:28 PDT Subject: Secure voice software issues Message-ID: <9308112126.AA25524@anchor.ho.att.com> > First, there has seemed to be general agreement in our earlier discussions > of this concept that the hard part is compressing the voice to the point > where it can go over commonly-available modems. The government-standard > CELP algorithm is too slow for general-purpose home computers. You need > an algorithm that can operate in real time and compress intelligibly down > to about 13K bits per second. I downloaded a copy of the GSM 06.10 software (gsm-1.0) from some machine at Technische Universitat Berlin, tub.cs.tu-berlin.de, which does a 13.3 kb/s voice coding, and has conversion for Sun, linear, mu-law, and A-law. (Jutta Degener and Carsten Bormann, Copyright 1992.) It runs in two different modes - a strictly-follow-the-standards mode and a cheat-a-little-using-floating-point mode. In standard mode, piping the compressor into the decompressor ran epsilon faster than real time on a Sparcstation 2, and epsilon slower on a Sun ELC. Cheating mode took about 2/3 as long as standard mode. Looked like it was fairly portable. I compiled it with GCC. One of the readmes says that compression and decompression run faster than realtime on Sparcs, but I assume that means doing just one at a time, not both simultaneously. As is typical, the decompression is about twice as fast as the compression. I assume it won't be quite fast enough on a 486 box, but a "Version 1.0" of anything can often be made faster; I haven't looked at the algorithm to see how much optimizing can be done, but the code's cleanly written and has a bunch of medium-sized tables and unrolled loops suggesting they've at least done some work on speed. Both of these were on samples that were a little fancier than /dev/tty voice; one was /usr/demo/SOUND/sounds/sample.au, and one was the 106.au "It's 106 miles to Chicago, we've got a full tank of gas...." Blues Brothers sound-byte from the net. Haven't tried it on other samples yet, and I need to try running it across the net. I also don't have two 14.4kbs external modems to play with on Sparcs, so I haven't been able to verify which V.42/V.42bis/MNP options will let you squeeze out the start/stop bits to let you fit 13.3 kbps of data over it, but people tell me it should work ok. Bill Stewart From karn at qualcomm.com Wed Aug 11 19:52:05 1993 From: karn at qualcomm.com (Phil Karn) Date: Wed, 11 Aug 93 19:52:05 PDT Subject: Secure voice software issues In-Reply-To: <9308112126.AA25524@anchor.ho.att.com> Message-ID: <9308120249.AA05022@servo> >so I haven't been able to verify which V.42/V.42bis/MNP options will let >you squeeze out the start/stop bits to let you fit 13.3 kbps of data over it, Whenever V.42 error correction (LAPM) is enabled, synchronous HDLC frames are what actually pass over the link. So the start/stop bits are already removed. Unfortunately, the packetizing done by LAPM adds delay we don't want for a real time voice application. And if you turn off LAPM, you return to sending the start/stop bits over the wire. Most V.32 and V.32bis modems provide for direct synchronous operation, which would let us have our cake and eat it too, except that few PCs can speak synchronously to a modem. This may require some extra hardware (sigh). Phil From marc at Athena.MIT.EDU Wed Aug 11 20:38:06 1993 From: marc at Athena.MIT.EDU (Marc Horowitz) Date: Wed, 11 Aug 93 20:38:06 PDT Subject: ANONYMOUS CONTACT SERVICE In-Reply-To: Message-ID: <9308120336.AA00927@podge.MIT.EDU> This has happened before. Last time, it was because a penet address had found its way onto the cypherpunks list. Again, I'd like to find out who it is, have them removed, and have my new penet id cancelled. After all, this person now has email from me, with my penet id on it, with my name signed at the bottom. If I decide to use the penet remailer in the future, I don't want this person to have a binding between my penet id and my real name. MArc From fergp at sytex.com Wed Aug 11 21:22:41 1993 From: fergp at sytex.com (Paul Ferguson) Date: Wed, 11 Aug 93 21:22:41 PDT Subject: CuD mailserver barfed -- privacy enhancement? Message-ID: Am I the only shmuck who noticed that when the CuD server hiccupped yesterday -- (Date: Mon, 9 Aug 1993 01:14:21 CDT) (From: Cu-Digest ) (Subject: TEST MAIL FROM CuD RE CuD #5.59) -- it "accidently" sent out to each subscriber the entire mail list? Funny how things like that happen... BTW, did I hear correctly? WIRED for Sept.Oct is out? Paul Ferguson | "Government, even in its best state, Network Integrator | is but a necessary evil; in its worst Centreville, Virginia USA | state, an intolerable one." fergp at sytex.com | - Thomas Paine, Common Sense Type bits/keyID Date User ID pub 1024/1CC04D 1993/03/15 Paul Ferguson Key fingerprint = EE D2 93 7D 04 6D C6 05 AC 36 AD 9D 8E 4F 41 58 From wce at hogbbs.scol.pa.us Wed Aug 11 21:32:41 1993 From: wce at hogbbs.scol.pa.us (Bill Eichman) Date: Wed, 11 Aug 93 21:32:41 PDT Subject: Privacy and mail-lists Message-ID: >From: Duncan Frissell >Naughty, naughty. You should have a nice all paper UK license obtained >without ID and a car owned by a New Hampshire-based corporation. Is it >rape if you say yes? > >Duncan Frissell > >"One is not required to own any car (even the one you're driving) a >driver's license from any jurisdiction on earth is acceptable for >(automobile) drivers in the US." Privacy costs so little and means so >much. Frissell & Associates. This might be a step away from 'cypher' topics, but, Duncan, I was curious as to wether you publish any manuals on privacy, and/or can suggest books or sources for privacy and financial privacy info. Ideally of a hard-headed type, not the "If we could only start an offshore digital Free Bank" genre. Back to 'cypher' topics; I've not seen anything mentioned here about anonymous and secure mail-lists-- probably I missed the discussion. Can anyone suggest any files in soda.berkeley.edu or other archives that tackle this topic? Later, Bill From JAW7254 at ACFcluster.NYU.EDU Wed Aug 11 21:48:12 1993 From: JAW7254 at ACFcluster.NYU.EDU (JAW7254 at ACFcluster.NYU.EDU) Date: Wed, 11 Aug 93 21:48:12 PDT Subject: (fwd) Wolf's got a thing or two to say here... Message-ID: <01H1MGBIEXFAVSZSU3@ACFcluster.NYU.EDU> -----BEGIN PGP SIGNED MESSAGE----- >>It's apparently from a fag (Wolf) who was beat up by his lover (David) ^^^ >>whom he had arrested Watch it honey. Intolerance ain't cool on or off net. Just my 0.02. Jim Wise JAW7254 at ACF.NYU.EDU -----BEGIN PGP SIGNATURE----- Version: 2.3 iQBVAgUBLGoOYwgFW+TtMfolAQHN2QH/Zlux4YbF4xBcZr/H7CC3v9TeuYfIE6HR rU+WhDnQxLjpLZN2p2UeyE7ZlAKHEo7rsl4mCEO/WOnxP6MRy9I21A== =zpNE -----END PGP SIGNATURE----- From ld231782 at longs.lance.colostate.edu Wed Aug 11 22:22:42 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Wed, 11 Aug 93 22:22:42 PDT Subject: more on Software Patent Institute by LPF Message-ID: <9308120521.AA04411@longs.lance.colostate.edu> (Someone wondered whether this was relevant to the list. The software patent issue goes back a long ways with the cypherpunks and is pre-eminent in `our' role of software development and the use of PGP and other cryptographic and general algorithms.) With that aside, here is some more info that should help cypherpunks decide whether SPI is friend or foe, and I'd like to see reactions. They are either an obstacle or a useful tool in the eradication of past and future software patents. I used the subject `birth of the SPI' in the first message because (ahem) I'd never heard of this organization or seen it mentioned here, which is somewhat surprising given its goal. They may be fairly new but Richard Stallman of FSF (Free Software Foundation) has forwarded a paper by LPF (League of Programming Freedom) as early as April, so they've been around at least that long, at least in theory. The LPF paper is a bit speculative and clearly doesn't know what to make of SPI except taking a rather pessimistic view--it probably came out around the time of its inception. The SPI acc. to the statement is going to be a professional, searchable database in the style of Westlaw and Lexus with a charge for access, `which suggests that in practice it may be available primarily to larger companies'. This is probably the most damaging claim: >The SPI is supported by large companies such as IBM, Apple and DEC >that can expect to have many software patents, and by patent law >firms. It is not likely these sponsors would support the SPI if they >expected it to prevent most software patents. Here are the other assertions: - the database will tend to help companies strengthen their future patents by eliminating the weak aspects by searching through the database of `prior art' - the SPI `cannot prevent all patents that harm the software field but prevent a certain kind of Patent Office mistake: overlooking prior art whose prior publication can be proved', `only a fraction of the patents that cause trouble for programmers'. But the LPF paper is very unsatisfying. It closes by simply suggesting not to bother with SPI but >Instead, >spend it telling our lawmakers that software patents are harmful and >should be abolished. Definitely a valid approach, but seemingly a bit innocuous and ineffectual. *If* SPI is a professional organization, well-backed, and dedicated to the goal of abolishing software patents, it would be a much more influential and dynamical force in the cause than a letter-writing campaign. I just wrote a message to R. Stallman pointing out the potential advantages of this database in the cause of eradicating software patents, and am listening for more info on SPI. I pointed out: - Ultimately, the goal of constraining software patents *seems* to be common to both the SPI and LPF, we just have the case that LPF is a little more extreme in asking for complete abolution. To address this, consider that SPI would be a useful stepping stone to a world with no software patents. - The database has the support of very major companies such as Apple, IBM and DEC. This is the kind of thing that gets press coverage and public attention and *pressure*. - The database could actually be used as a tool to thwart new patents. Potentially programmers could send all techniques not covered by past patents to the list to prevent future patents regarding the art, accompanied by notices `releasing the technique to the public domain'. I don't know the legal force of this, but the patent office has been tiptoeing on tenuous law for software patents in the first place, and perhaps might be encouraged to tiptoe in the opposite direction. In other words, while the current patent situation is like a bunch of landmines strewn by lawyers for programmers & developers, the archive could hold a bunch of landmines strewn by programmers for the lawyers. Anyway, I hope to hear more about this agency. If all that LPF advocates is `writing letters to congressmen' and demeaning more organized efforts (note I'm definitely reserving judgement on whether SPI is a cypherpunk ally, current signs are not promising) then I'd say they aren't going to meet with a lot of success. Here's the complete paper from LPF, feel free to frame it or cover the bit bucket with it. While we may not know what to make of SPI currently, it is likely to play a very prominent future role in this arena if not disbanded. I would really like to hear from representatives of Apple, DEC, IBM, et. al. on how their participation & support of the project should be construed. ===cut=here=== What Can The Software Patent Institute Accomplish? by the League for Programming Freedom (14 April 1993) Software patents are patents which can apply to (and thus prohibit) writing a program. Any software patent can cause trouble for people who want to develop software. Some software patents are Patent Office mistakes which cover things that are already known. In some cases (but not all), these mistakes can be proved based on published prior art. Other software patents do not result from errors of the system, but are still disadvantageous to software development. How much trouble a software patent causes is independent of whether it violates the patent system's own rules. And the sheer number of software patents causes trouble regardless of their details. The Software Patent Institute is a new organization that aims to produce a data base of "prior art"--published and known software ideas--to make it easier for the Patent Office and others to find out which software techniques and features are already known and thus supposed to be unpatentable. The SPI cannot prevent all patents which harm the software field. It can only prevent a certain kind of Patent Office mistake: overlooking prior art whose prior publication can be proved. Thus, the SPI can address only a fraction of the software patents that cause trouble for programmers. Even perfect knowledge of prior art would not prevent all absurd software patents. Some software patents cover such trivial matters that a description of the idea would be reject by any professional technical journal. For example, patent number 5,049,881, issued in 1991, covers modifying the way a data compression program uses a hash table to look up the strings that have assigned encodings: specifically, when it has found the hash bucket for a string being looked up, it considers only the first string in the bucket as a possible match, rather than all of them. Patent number 5,140,321, issued in 1992, covers checking just the first N strings in the hash bucket as possible matches. (Both of these modifications apply to a particular data compression algorithm, and similar modifications could probably be patented for any other algorithm.) To ask whether those particular variations were published before, is to miss the point---it is a mistake for patent system decisions to depend on such questions. But those questions are the only ones that the SPI can help answer. No matter how well the published prior art is known, it cannot include all variations, and under current policy, many of these can be patented. What's more, you cannot effectively challenge decisions about obviousness in court, because the courts presume that the Patent Office has exercised good judgement when deciding what is obvious. But suppose that the Patent Office learns how to judge obviousness better; then how much good can the SPI do? Even if this prevents a sizable fraction of future software patents, that will not appreciably reduce the problem that software patents cause for programmers. Even cutting the number of software patents in half (which would be great success for the SPI!) will not cut the problem in half. This is because a large software system is likely in the future to infringe a large number of patents--easily dozens. Even if half of them were eliminated, the remaining half could still create prohibitive problems. There is no official figure for the number of software patents we have today, but 5000 or 6000 is a likely estimate given past numbers and trends. (To find them all would be a mammoth task.) At the beginning of 1992 there were 9000 pending patent applications in a category which contains many software patents, which suggests there will be many more software patents in the future. To make software development a safe activity again, we must do more than cut the number of patents in half. Eliminating 90% of the software patents that exist today would just reach the level where further reduction starts to help matters. (See the LPF's position paper, "Against Software Patents," for more explanation of why software patents in general cause mainly trouble, even those that are not trivial.) While the SPI may prevent some software patents from being issued, ironically it may also make some patents more dangerous by helping the patent applicant design the patent to withstand legal challenges. Even the holders of existing patents can use this information to rewrite the patents and make them harder to overturn. For more information, see the companion paper, "What Should You Do With Prior Art?" The SPI is supported by large companies such as IBM, Apple and DEC that can expect to have many software patents, and by patent law firms. It is not likely these sponsors would support the SPI if they expected it to prevent most software patents. The interface proposed for the SPI's database will resemble those of Westlaw and Lexis; it seems to be aimed at use by lawyers, not software developers. The SPI plans to raise revenue by charging for access to the data base, which suggests that in practice it may available primarily to larger companies. The operation of the SPI will not alter the overall software patent problem. So wish the SPI good luck in preventing a few absurd software patents; but don't spend your time on the SPI. Instead, spend it telling our lawmakers that software patents are harmful and should be abolished. From ld231782 at longs.lance.colostate.edu Wed Aug 11 22:38:06 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Wed, 11 Aug 93 22:38:06 PDT Subject: MCI PC Connect service Message-ID: <9308120533.AA04698@longs.lance.colostate.edu> BBS access & PC pursuit were a topic here. New PC connection service by MCI. I wonder if they use the PC Pursuit `call back' technique to ensure no voice communication. ------- Forwarded Message Date: Tue, 10 Aug 1993 11:12:38 -0500 From: farber at central.cis.upenn.edu (David Farber) Subject: Interesting service Press Release 07/26/93 09:00 EDT Systems Solutions, the owner and operator of The Virginia Connection bulletin board system, the Washington, DC area's premier PCBoard BBS system located in Reston, VA announced today that The Virginia Connection is one of the first bulletin boards in the United States selected by MCI Telecommunications, Inc. to participate as an official startup BBS member of the MCI PC CONNECT computer telephone network. MCI PC CONNECT is an exciting new program being offered by MCI which provides computer modem users with low long distance rates for telephone calls made to bulletin boards from both intrastate and interstate calls. MCI PC Connect(sm) FEE/RATES: ============================= - $3.00 monthly fee (does not apply towards usage) - Includes calling to continental U.S. in addition to Alaska, Hawaii, Puerto Rico and the U.S. Virgin Islands. PC Connect Customer to NON-PC Connect Customer: ----------------------------------------------- $0.22 during Day (Mon-Fri: 8am - 5pm) $0.10 during E/N/W (Mon-Fri: 5pm-8am: Sat/Sun: 24 hours) PC Connect Customer to PC Connect Customer: ------------------------------------------- $.176 during Day $.08 during E/N/W Friends & Family discount does not apply to fee For an additional $1.50 per month, MCI PC Connect customers can include in-state calls at the same MCI PC Connect plan rates as above. Available in the following states: ================================== Alabama, Arkansas, Arizona, California, Colorado, Florida, Georgia, Idaho, Illinois, Indiana, Iowa, Kansas, Kentucky, Louisiana, Massachusetts, Maryland, Michigan, Missouri, Mississippi, Montana, North Carolina, North Dakota, Nebraska, New York, Ohio, Oklahoma, Oregon, Pennsylvania, South Carolina, South Dakota, Tennessee, Texas, Utah, Virginia, Washington, Wisconsin Not Available in the following states: ====================================== Alaska, Connecticut, Delaware, District of Columbia, Hawaii, Maine, Minnesota, Nevada, New Hampshire, New Jersey, New Mexico, Rhode Island, Vermont, West Virginia, Wyoming It is important to remember that you must be a member of MCI PC CONNECT in order to receive these rates! The thousands of computer bulletin board users should immediately contact MCI and become members of this low cost calling service to take advantage of the low rate structure and the ability to reach the best bulletin boards in the country at the best long distance rates. The Virginia Connection BBS has been in operation since 1985 and serves thousands of users. This BBS supports most computers with features which include: 50,000 programs available for downloading, National and International E-Mail via FidoNet, SmartNet, MetroLink, and RelayNet International Message Exchange, 20 incoming telephone lines connected to computer modems capable of operating from 1200 to 14400 baud, and on-line games for individual and team players. This BBS is a member of The Capital Area SysOps Association, a group of over 200 metropolitan Washington, DC area bulletin board operators. MCI PC CONNECT will allow computer users from most of the United States to participate on these bulletin boards for very reasonable long distance rates. Now long distance callers will be able to utilize the quality and depth of this exceptional BBS as local computer bulletin board users have done for years. Modem users can reach The Virginia Connection BBS by dialing (703) 648-1841. In order to receive all information regarding this MCI PC CONNECT service, call 1-800-333-2511 and MCI operators will provide you with more details. Call now! Do not delay! Don't be satisfied with less! Take advantage of the service -- save money! The Virginia Connection BBS c/o Systems Solutions 11088 Thrush Ridge Road Reston, VA 22091-4722 Contact: Tony McClenny Voice: (703) 758-7984 Modem: (703) 648-1841 ------- End of Forwarded Message From ld231782 at longs.lance.colostate.edu Wed Aug 11 22:48:12 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Wed, 11 Aug 93 22:48:12 PDT Subject: CA online legislative database access Message-ID: <9308120543.AA04755@longs.lance.colostate.edu> Letter writers needed ASAP! This is the bill that will open up legislative databases to the masses and serve as a model for other states and even the country! cypherfolks, do you have any idea what these efforts are the faint glimmers of? Imagine a future society where *anyone* can propose laws, not just the elite few called Legislators and identified in an exceedingly time-consuming, tedious, and troublesome process. Imagine that everyone has complete access and full understanding of all the laws that affect one's life, and the ability to propose and *pass* superior modifications. It would be a sort of Legislative Free Enterprise, a competition in the marketplace of laws such that superior ones would prosper and inferior, archaic, and absurd laws would be rooted out and expunged by the citizenry itself, in a very dynamic, interactive, and responsive process! Far from this bureacratic nightmare we lumber in daily! Write that small letter to set in motion this grandiose cyberspatial karma! ------- Forwarded Message >Date: Tue, 10 Aug 93 17:14:01 -0500 >Newsgroups: austin.eff >From: jwarren at well.sf.ca.us (Jim Warren) >Subject: UPDATE #21-AB1624: *ACTION ALERT*: END-GAME APPROACHING (& misc notes) > >[MODERATOR'S NOTE: This is a California bill, but its outcome could set >a precedent which would help or hurt similar efforts in other states, >including Texas. If you've got friends in California, you might want >to pass this along to them. -- Prentiss Riddle, riddle at tic.com] > >August 9, 1993 > >*** PLEASE WRITE, NOW!*** PLEASE, DON'T STOP NOW! > > Assembly Bill 1624, mandating online public access to public legislative >information via the public networks (i.e., the Internet and all the nets >connected to it - including wherever you are receiving this msg), will either >pass the Legislature by Sept. 10th, or will die - and we have to re-fight the >whole battle, year after year. > LETTERS & FAXES ARE *NEEDED*!. THEY *WILL* DETERMINE THE OUTCOME. > >REMAINING 1993 LEGISLATION SCHEDULE > Jul 16th, the Legislature went into remission - uh, recess. > Aug 16th, the Legislature reconvenes to diddle remaining 1993 business. > Sep 10th, the Legislature quits working in Sacramento for the year. > Oct 10th, the Governor must veto legislatively-approved bills he opposes. >On AUGUST 18TH, the Senate Rules Committee run by Sen. Dave Roberti >(D-Van Nuys area) will hear AB1624. If Roberti doesn't like it, he can and >will kill it. If Roberti passes it, it will almost-certainly pass the >Senate. Then we need for the Assembly to "concur in amendments" and the >Governor to not veto it. > > > Address letters/faxes to "State Capitol, Sacremanto CA 95814." > >AS SOON AS POSSIBLE, send a one-page letter supporting AB1624 to the >Senate Rules Committee - who have seen essentially *no* support for it: >Sen. David Roberti, Chair, Room 400; fax/916-323-7224; voice/916-445-8390. > and to the other four members (tiny, *powerful* committee!): >Sen. Ruben Ayala (D-Chino area), Room 5108; f/916-445-0128; v/916-445-6868. >Sen. Robert Beverly (R-Long Bch), Room 5082; f/not avail.; v/916-445-6447. >Sen. William Craven (R-Oceanside), Room 3070; f/not avail.; v/916-445-3731. >Sen. Nick Petris (D-Alameda), Room 5080; fax/916-327-1997; v/916-445-6577. > >Important: Please send COPIES of ALL letters to the AB1624 author: >Hon. Debra Bowen, Room 3126; voice/916-445-8528; fax/916-327-2201. > > >CAN EMAIL VIA ME, IF YA CAN'T FIND TIME FOR SNAIL-MAIL > If you don't have time to send snail-mail, you can email your message via >jwarren at well.sf.ca.us. > Write it exactly as you would snail-mail, but be SURE TO INCLUDE your name, >address and phone #s for legislators' independent verification. Upon receipt >by email, I will print and/or fax the entire message to Bowen and to the >legislator(s) to whom you address it. (Please allow for that delay.) > > >LEGI-TECH'S OLDER BROTHER DONE GOOD! > The McClatchy organization is the owner of Legi-Tech, one of the two >largest online distributors of California legislative information. They are >also owner of a number of newspapers - their flagship being the powerful >Sacramento Bee. > On Jul 26th, the Bee ran an editorial *strongly* supportive of AB1624 - >laudible, principled action by The Bee, McClatchy, and presumably by >Legi-Tech in the face of a difficult trade-off between the public's >interests versus their business interests. > Applause! Applause! > > >CALIFORNIA LEGISPEAK: "AUTHOR" VS. "SPONSOR" VS. "SUPPORTER" > In California legislative circles: >A bill's AUTHOR is a legislator who introduced the bill. >A bill's SPONSOR(S) is a person or organization, if any, that requested that >the bill be introduced by the bill's author. >A bill's SUPPORTER(S) is a person or organization that is officially listed >as being in favor of the bill, usually including its sponsor(s), if any. > All bills have one or more authors. Some bills do NOT have sponsors. > AB1624's author was Assembly Member Debra Bowen. It had no sponsors, but >has a growing number of supporters. > > >PROGRAMMERS: SAMPLE LEGISLATIVE DATA-FILES ALSO AVAILABLE AT CPSR.ORG > AB1624 Update #19 detailed a set of sample data-files for review and >test-programming, available from Tim Pozar's KUMR.LNS.COM by anonymous ftp. > As of Jul 22nd, those Legislative Data Center sample files were/are also >online at cpsr.org in /ftp/cpsr/states/california/ab1624/sample_data >for binary ftp access. For questions about accessing them there, contact: >Al Whaley al at sunnyside.com +1-415 322-5411(Tel), -6481 (Fax) >Sunnyside Computing, Inc., PO Box 60, Palo Alto, CA 94302 > > >We have a voice. Use it or loose it. >--jim >Jim Warren, columnist for MicroTimes, Government Technology & BoardWatch >jwarren at well.sf.ca.us -or- jwarren at autodesk.com >345 Swett Rd., Woodside CA 94062; voice/415-851-7075; fax/415-851-2814 > > > ------- End of Forwarded Message From tcmay at netcom.com Wed Aug 11 22:58:06 1993 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 11 Aug 93 22:58:06 PDT Subject: (fwd) Wolf's got a thing or two to say here... In-Reply-To: <01H1MGBIEXFAVSZSU3@ACFcluster.NYU.EDU> Message-ID: <9308120554.AA24745@netcom5.netcom.com> Cypherdenizens, I have been trying to decode this message which found its way into our group: > >>It's apparently from a fag (Wolf) who was beat up by his lover (David) > ^^^ > >>whom he had arrested > Watch it honey. Intolerance ain't cool on or off net. Just my 0.02. > Jim Wise > JAW7254 at ACF.NYU.EDU I've tried all the usual tricks: analyzing the whitespace, looking for meaning in the names, etc. But it still doesn't turn into anything meaningful. Oh well, maybe the boys in the NSA just got their wires crossed (ac to dc, so to speak) and piped GayNet into our list. If _we're_ confused, imagine how Wolf and Jim and their pals must feel reading about Clipper and CELP and chaotic compression! -Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From norm at netcom.com Wed Aug 11 23:32:44 1993 From: norm at netcom.com (Norman Hardy) Date: Wed, 11 Aug 93 23:32:44 PDT Subject: Secure voice software issues Message-ID: <9308120629.AA17113@netcom4.netcom.com> Eric Blossom says: > I have seen estimates that a straight forward implementation requires > about 13.5 million Mulitply+Accumulates / second. Most of the time is > burned up using a brute force search for the best excitation vector to > use. There is a fixed 512 entry code book, and a dynamic code book > with 256 entries (it may be 128). Each code book entry is an > excitation vector that is 60 samples long. Therefore, to evalute each one, > you have to run a 60 element vector through a 10 pole filter to get > the predicted output, then compute some measure of error. This > requires an additional difference operation that is implemented as > some kind of "perception weighting filter" (I don't remember the > details). I have been reading the PowerPC 601 manual (MPC601, The Macs of early 1994). It is dangerous to believe performance figures. They give you the world in one chapter and then take it back here and there in bits and pieces. Here is what I see however. Simple single precision floating point operations can issue one per cycle. The book mentions several floating point ops that take more than one clock in a pipeline stage. They don't mention floating multiply-add. I think one can issue each clock. I-unit instructions can issue in the same clock as floating point ops. If you do the block trick used to multiply matrices then one load is required per multiply add. All this leads to the optimistic estimate that the 50MHz machine can sustain nearly 50 fmadd's per microsecond on a 50MHz chip. Inner products are much like matrix multiply which is a benchmark where the RS/6000 (The MPC601's father) achieved nearly one fmadd per clock, and that was double precision! 128 excitation vectors each of 60 single precision loats fit in the on chip cache, but it is tight. There may be enough margin here for it to work with no special DSP. I'll be in Yosemite for a few days so I won't be able to respond immediately to comments. From tcmay at netcom.com Wed Aug 11 23:33:06 1993 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 11 Aug 93 23:33:06 PDT Subject: CA online legislative database access In-Reply-To: <9308120543.AA04755@longs.lance.colostate.edu> Message-ID: <9308120630.AA29140@netcom5.netcom.com> Lance Dettweiler writes: > cypherfolks, do you have any idea what these efforts are the faint > glimmers of? Imagine a future society where *anyone* can propose laws, > not just the elite few called Legislators and identified in an Actually, this is my worst nightmare of what this country could become: a direct democracy of the most populist sort. Prices too high at the grocery store? Quick, pass a law lowering them. Too many bums downtown? I'm sure a majority can be quickly gotten together to pass a new law. Much of what we are seeing in America today is the result not of venal and corrupt government folks, but of them simply doing what they perceive the people want. The people want drugs outlawed, so they are. The people want jobs, so imports are restricted. And so on, just as de Tocqueville warned 150 years ago (something like: "America's grand experiment in democracy will last only until its citizens discover they can use the democracy to pick the pockets of their neighbors"...he said it more elegantly!). I certainly am not implying that Lance is in favor of this. But there are some mighty good reasons, outlined in "The Federalist Papers," why a direct democracy is undesirable. In today's terms, we might speak of it as having undesirable feedback relationships, with too much tendency toward wild oscillations (mirroring the oscillations of public opinion). The Founders wisely adopted a _representative_ democracy, with more dampers on the results a direct democracy often gives. (I would be less fearful if fewer things came up for voting, if a Constitution truly protected basic property rights. This would eliminate things like most drug laws, the motorcycle helmet laws, "No smoking" laws (which, naturally, are wildly popular to the "majority," even if the rights of airlines and restaurants to set whatever policies they wish are completely trampled), minimum wage laws, and so on. I won't cite the usual libertarian points here. > exceedingly time-consuming, tedious, and troublesome process. Imagine > that everyone has complete access and full understanding of all the > laws that affect one's life, and the ability to propose and *pass* > superior modifications. It would be a sort of Legislative Free > Enterprise, a competition in the marketplace of laws such that superior > ones would prosper and inferior, archaic, and absurd laws would be > rooted out and expunged by the citizenry itself, in a very dynamic, > interactive, and responsive process! Far from this bureacratic > nightmare we lumber in daily! Write that small letter to set in motion > this grandiose cyberspatial karma! I am not as hopeful as Lance is. "Electronic democracy" could easily be the most totalitarian thing the planet has ever seen. Imagine this on CNN: "This just in to CNN. Todays's popular vote on whether citizens can use strong cryptography has gone 72% to 16% in favor of the ban , with 12% either abstaining or generally clueless. To remind our listeners, under this new law, effective tomorrow, unauthorized use of a cryptographic system can result in forfeiture of all assets, plus a 5-year jail sentance. People we interviewed expressed the opinion that only drug dealers and tax cheats would want to use these hacker systems. President Reno expressed satisfaction, saying "This plebiscite will make America free."" We certainly don't need more laws, more restrictions, however popular they may be. Besides, as Milton Friedman points out so cogently, in a free market we are in fact free to choose. Anything that makes even more laws possible is _not_ a good thing, in my opinion. Having said this, the proposal Jim Warren is pushing sounds fair enough. But not because it'll turn ordinary citizens into proposers of new laws. Rather, it will allow groups to spot legislation early on (this is one of the main motivations, the NRA tells me--yes, "I am the NRA," to no one's surprise) and then marshal their forces to defeat the legislation. Things like tax increases, new regulations, etc. Just this Cypherpunk's opinion. -Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From ld231782 at longs.lance.colostate.edu Wed Aug 11 23:42:45 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Wed, 11 Aug 93 23:42:45 PDT Subject: Anonymity Warning! ID stored in TAR files Message-ID: <9308120640.AA05507@longs.lance.colostate.edu> >From Risks 14.81 Aug 11 93 ===cut=here=== From: olaf at bigred.ka.sub.org (Olaf Titz) Subject: Surprise! contained in tar file The RISK of trusting in software to save confidentiality has recently been exposed in a German newsgroup. On a debate whether DES is illegal in Germany (it is not, by the way) someone posted a tarred, compressed, uuencoded archive of DES code via an anonymizing service. (No discussion on the topic of anonymization, please.) Not only that he forgot to delete the object code before tarring (thus giving an indication which kind of hardware he uses). The next day someone else posted an explanation why this action was stupid, giving the anonymous poster's full real name and address. He found it out because the tar he used leaves user names (not only UIDs, which would suffice to restore file permission settings) in the tar file. Of course, this fact is not mentioned explicitly in the man page rsp. info file (but the average user wouldn't expect it in the first place...) where an explicit warning could be considered appropriate. Olaf Titz - olaf at bigred.ka.sub.org - s_titz at ira.uka.de From miron at extropia.wimsey.com Thu Aug 12 01:12:49 1993 From: miron at extropia.wimsey.com (Miron Cuperman) Date: Thu, 12 Aug 93 01:12:49 PDT Subject: Secure voice software issues In-Reply-To: <9308112136.AA16886@netcom3.netcom.com> Message-ID: <1993Aug12.071243.4241@extropia.wimsey.com> norm at netcom.com (Norman Hardy) writes: >Can someone tell me how fast CELP is when written in C? >(On some particular machine.) Our CELP codec should run real-time in C on the Pentium and PowerPC. By the way, note that GSM will not run with v.32bis asynchronously, because of the start and stop bits. Miron From miron at extropia.wimsey.com Thu Aug 12 01:32:48 1993 From: miron at extropia.wimsey.com (Miron Cuperman) Date: Thu, 12 Aug 93 01:32:48 PDT Subject: Secure voice software issues In-Reply-To: <9308120629.AA17113@netcom4.netcom.com> Message-ID: <1993Aug12.075614.4423@extropia.wimsey.com> norm at netcom.com (Norman Hardy) writes: >128 excitation vectors each of 60 single precision loads fit in the on >chip cache, but it is tight. The codebooks are overlapped. The whole thing (program + data) should fit in 32K. Reduced complexity CELP can be done in less than 10Meg operations per sec, including everything. Of course, multiply-accumulate is considered one operation. Sincerely, Miron Cuperman, Software Consulting TCP/IP,UNIX,C++,DSP Voice: (604) 987 1719 Fax : (604) 986 8139 Email: miron at extropia.wimsey.com From ld231782 at longs.lance.colostate.edu Thu Aug 12 01:48:08 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Thu, 12 Aug 93 01:48:08 PDT Subject: On The Inherent Evil of Electronic Democracy In-Reply-To: <9308120630.AA29140@netcom5.netcom.com> Message-ID: <9308120846.AA06905@longs.lance.colostate.edu> tcmay at netcom.com (Timothy C. May) on `electronic democracy': >Actually, this is my worst nightmare of what this country could >become: a direct democracy of the most populist sort. [...] >"Electronic democracy" could easily >be the most totalitarian thing the planet has ever seen. I'm delighted that Mr. May has come out against my vision for the future based on all the tired cliches and entrenched blind spots of the status quo of two milleniums. It is extremely dischordant and eerie to hear someone who advocates `CryptoAnarchy', black markets, drug legalization, digital pornography, digital cash (tax evasion?) and the Collapse of Governments to suddenly decide that Representative Democracy is a Good Thing (tm) because of a quotes by the snobbish elitist De Tocqueville, Milton Friedman, and a 200 year old experiment called the Federal System of America that is far from perfect and could stand some serious adjustments and fine-tuning. His beautiful statements nicely capture all the stereotypical knee-jerk reactions and objections of a prosaic minds, dulled by centuries of history's mediocre mundanities and brainless propaganda inflicted by their rulers, all who wouldn't recognize salvation if it was nailed to a cross, to the true potential of future Cyberspace! We stand at the threshhold of a new era in human interaction and social systems with the onslaught of cyberspace, but when I propose a new kind of *government* Mr. May is too uncomfortable and beats a hasty retreat to `representative democracy', an elaborate and complex system that purports to protect people from their own stupidity by diluting their demands through blundering elected officials. Perhaps what I am advocating is truly new, and deserves a new name: Responsive Democracy. If anyone would care to look up `representative' in the dictionary, Mr. May's comments will be rendered nonsensical. To paraphrase: ``Our government doesn't actually represent the people. That's why it is stable. There are unresponsive elements and obstacles to social change called `legislators' that dampen the tendency toward `wild oscillations in public opinion'. If our government truly represented public opinion we would easily have the Most Totalitarian Thing the World Has Ever Seen. People want drugs to be illegal, restricted imports, and banned cryptography. Of course, I'm certainly not implying that Lance is in favor of Apocalypse!'' (It sounds more like anarchy as Mr. May describes it, so I wonder why he's coming out against this scenario.) Mr. May, are you saying you *don't* want a responsive government? one that is an inspiration instead of a degradation? do you *prefer* to complain about injustice and wretchedness to the point you would rather wallow in it than be lifted from it? I find it exceedingly difficult to rebut Mr. May on specific points because his whole position, when I try to grasp it, comes out to be a tangle of convoluted and ephemeral contradictions, speculations, and emotional quasi-fictional references to e.g. the War on Drugs or Janet Reno. Do you like our current `representative' government or don't you? What, exactly, is the Representative Democratic Government's role in `cryptoanarchy', and why are you in favor of it? * * * Anyway, I would like to elaborate on a few of the misconceptions that are raised by his statements. 1) the world has not really ever seen a true `direct democracy' or had the technology to support one -- until now. Not even the Greeks, renowned as the inventors of democracy, had one. It seems to be every civilized person's worst nightmare, yet it has never been implemented. How do we know it would be so terrible? Does anyone even know what it is? 2) consider that our current government represents the *imbalance* of popular opinions. A vocal, powerful, or wealthy minority is able to distract attention from issues or manipulate the process to the point of influencing law. e.g., the NSA can derail cryptography exports because no one has any influence on the other side, despite plenty of supporters for loosened restrictions! e.g., some Widget Manufacturer gets favorable tax breaks or import restrictions! What if everyone could have an equal influence on *all* laws irrespective of their wealth & illegitimate influence? 3) consider that dampening mechanisms can be built in to a `responsive democracy' system. To paint a picture of `direct democracy' as people voting instantly on CNN is an ignorant insult. Conservative, deliberative, stable structures, with the formality of court proceedings and similar protocol, can be developed. What is a court but an elaborate mechanism to uncover truth, resolve conflict, and pass judgement, through presentations of evidence, opinion, and voting by a nation's citizens? Held to the utmost ideal of impartiality and fairness? Impacting every plane of human interaction? 4) I believe `representative democracy' is essentially a mask for the idea of saying `some people should have more influence than others in voting and influencing social conventions, because they are leaders, they know more about the subject, they are more affected by it, they are recognized experts, they have everyone's best interest in mind' etc. Now, consider that this `influence' could be *formalized* into a system such that people `own' it and trade it and grant it to others like a *currency system*, and that voting systems automatically weight votes in different areas based on it. 5) Mr. May says `we don't need more laws & restrictions however popular they may be' and completely missed my specific point that the citizens would have the capability to *retract* ineffective, useless, obsolete laws just as easily as creating them. He completely ignores the aspect of `competition of superior laws by selection' that is central to the idea. If laws have disastrous, outrageous, or terrible effects, the citizen-populace and collective social psyche will quickly learn and *evolve* to *avoid* them. 6) Finally, the bizarre Urban Legend that Order would Collapse or Utter Totalitarianism would Ensue if everyone could vote on issues directly without the tedious formalities of legislators, or that a government unresponsive to true citizen desires to `protect them from their stupidity' is preferrable or even existent, I simply all dismiss as utterly ridiculous. As Mr. May says, the population gets what it wants. The whole idea is far too multifaceted to explore in one essay, of course--it requires an entire Movement, a Revolution, to advance to the point that even Joe Sixpack grasps its basics and will not insult and ridicule it upon first sight. Fortunately, this is all automatic, inevitable, and underway. Cypherpunks, you will be soon seeing dynamic & interactive voting systems, `reputation currency' and all these other fantastic social mechanisms that will formalize all your vague longings for order and sensibility in the universe! I certainly don't claim that Paradise is at hand, but a new form of government, that combines elements of all previous models but unequivocally surpasses and transcends them all, *is*! From kelly at netcom.com Thu Aug 12 02:28:07 1993 From: kelly at netcom.com (Kelly Goen) Date: Thu, 12 Aug 93 02:28:07 PDT Subject: On The Inherent Evil of Electronic Democracy In-Reply-To: <9308120846.AA06905@longs.lance.colostate.edu> Message-ID: <9308120926.AA15971@netcom.netcom.com> Actually I believe the answer is neither electronic democracy nor representative government...I will settle for making government so inefficient and bumbling to as have no 'real' effects on its victims, ah, I meant to say "citizens". I believe that my so called brother will always seek to pick my pocket so I will settle for simply strait jacketing my govermental opposition by increasing the rate of change in street tech available till shock sets in...I ma far more practical I suspect then most in this discussion... cheers kelly -- From gtoal at an-teallach.com Thu Aug 12 03:18:08 1993 From: gtoal at an-teallach.com (Graham Toal) Date: Thu, 12 Aug 93 03:18:08 PDT Subject: Secure voice software issues Message-ID: <4731@an-teallach.com> In article <9308110421.AA29116 at jobe.shell.portal.com> hfinney at shell.portal.com writes: > A couple of comments on the cryptophone idea. > > First, there has seemed to be general agreement in our earlier discussions > of this concept that the hard part is compressing the voice to the point > where it can go over commonly-available modems. The government-standard > CELP algorithm is too slow for general-purpose home computers. You need > an algorithm that can operate in real time and compress intelligibly down > to about 13K bits per second. It has to be either able to compress and > decompress simultaneously or else you need some switching logic to decide > which person is talking and which is listening at each moment, with both > sides reversing roles in synchrony. Tony Robinson (who some of you might know already) - the author of the lossless 'shorten' sound compression program - is working on an ADPCM version. Currently compresses at 3 bits per (8 bit) sample. This plus a sampling rate of 4000hz instead of 8000hz (keeping it easy, on a sun) just squeezes in under the bandwidth limitation of v32bis, with a little left over for protocol overhead. Graham PS Has the 'netphone' list died or did I just drop off when I moved house like I lost my cypherpunks subscription? I remember there was talk of letting it drop because the situation seemed to be in control, but I haven't seen much progress since on vat et al, and the underground effort to do something on soundblasters that everyone said 'shut up about' has had more than enough time to come up with the goods... === Personal mail to gtoal at gtoal.com (I read it in the evenings) Business mail to gtoal at an-teallach.com (Be careful with the spelling!) Faxes to An Teallach Limited: 031 662 4678 Voice: 031 668 1550 x212 From gtoal at an-teallach.com Thu Aug 12 03:22:50 1993 From: gtoal at an-teallach.com (Graham Toal) Date: Thu, 12 Aug 93 03:22:50 PDT Subject: Secure voice software issues Message-ID: <4732@an-teallach.com> In article <9308111916.AA03336 at servo> karn at qualcomm.com writes: > Voice calls are different, as the availability of a two-way path lets > you do things much more securely. If you generate a session key with > DH and use PGP/RSA *only to sign the exchanges*, not to encrypt the > session key, then even if your RSA secret key is later compromised, it > would not compromise those session keys that had already been created, > used and destroyed. Thanks for that explanation, that bit hadn't sunk in with me! This makes me think... something similar would be a good extension to SMTP wouldn't it? DH exchange of keys before sending point to point mail? With the user's public keys being picked up via their .mailrc or .pgpkey or something... (It would only happen if both SMTP's supported it and both users had made their public key available to the mail system) I'm thinking of ways of automatically and easily encoding all traffic by default, to avoid line snooping. I'm not suggesting this as an alternative to explicitly encrypting things you want to keep private. You could still do that too. G === Personal mail to gtoal at gtoal.com (I read it in the evenings) Business mail to gtoal at an-teallach.com (Be careful with the spelling!) Faxes to An Teallach Limited: 031 662 4678 Voice: 031 668 1550 x212 From gtoal at an-teallach.com Thu Aug 12 03:28:07 1993 From: gtoal at an-teallach.com (Graham Toal) Date: Thu, 12 Aug 93 03:28:07 PDT Subject: Chaos harnessed for encryption / Fluctuations and Or Message-ID: <4733@an-teallach.com> In article <19930811185438.1.TK at ROCKY.AI.MIT.EDU> tk at reagan.ai.mit.edu writes: > with some op amps. If you want to play, there's an article in SciAm > this month on building a chaotic "encryption" machine. It probably > provides acceptable security if you use triple DES on signals prior to > sending them. That was smoke and mirrors by people who understand chaos better than they understand encryption. All it boils down to is a synchronised pair of (not very good) PRNGs. It's not a substitute for a one-time pad by a long chalk, which is how they seem to be using it. Basically they've just reinvented every schoolboy's exor encryption program all over again, this time with the latest 'chaos' buzzword thrown in to make it sound hip. Forget it. It's a dead end. G === Personal mail to gtoal at gtoal.com (I read it in the evenings) Business mail to gtoal at an-teallach.com (Be careful with the spelling!) Faxes to An Teallach Limited: 031 662 4678 Voice: 031 668 1550 x212 From frissell at panix.com Thu Aug 12 03:28:15 1993 From: frissell at panix.com (Duncan Frissell) Date: Thu, 12 Aug 93 03:28:15 PDT Subject: Privacy and mail-lists Message-ID: <199308121026.AA11898@panix.com> To: cypherpunks at toad.com W >This might be a step away from 'cypher' W >topics, but, Duncan, I was W >curious as to wether you publish any manuals W >on privacy, and/or can W >suggest books or sources for privacy and W >financial privacy info. Cypherpunks is dedicated to digital privacy. One cannot practice digital privacy without an understanding of physical privacy techniques (and vice-versa these days). Shameless marketing propoaganda will be sent by Email. Duncan Frissell "Privacy is a type of information that has its polarity reversed; I imagine it as anti-information. In a world where everything is connected to everything -- where connection and information and knowledge are dirt cheap -- then disconnection and anti-information and no-knowledge become expensive." -- Kevin Kelly But not *too* expensive. Frissell & Associates, custom crafted legal regimes since 1969. --- WinQwk 2.0b#0 From kelly at netcom.com Thu Aug 12 03:48:08 1993 From: kelly at netcom.com (Kelly Goen) Date: Thu, 12 Aug 93 03:48:08 PDT Subject: Key-Escrow (black) Humor In-Reply-To: <93Aug9.015133pdt.14000-2@well.sf.ca.us> Message-ID: <9308121047.AA18838@netcom.netcom.com> > > > How many government agents does it take to screw in a lightbulb? (intelligence) a[deleted for reasons of National Security]: if [deleted for reasons of National Security] told [deleted for reasons of National Security], [deleted for reasons of National Security] would have to [deleted for reasons of National Security] [deleted for reasons of National Security] . cheers [deleted for reasons of National Security] From frissell at panix.com Thu Aug 12 05:33:18 1993 From: frissell at panix.com (Duncan Frissell) Date: Thu, 12 Aug 93 05:33:18 PDT Subject: Physical Privacy Message-ID: <199308121233.AA17229@panix.com> To: cypherpunks at toad.com W >This might be a step away from 'cypher' W >topics, but, Duncan, I was W >curious as to wether you publish any manuals W >on privacy, and/or can W >suggest books or sources for privacy and W >financial privacy info. Cypherpunks is dedicated to digital privacy. One cannot practice digital privacy without an understanding of physical privacy techniques (and vice-versa these days). Shameless marketing propoaganda will be sent by Email. Duncan Frissell "Privacy is a type of information that has its polarity reversed; I imagine it as anti-information. In a world where everything is connected to everything -- where connection and information and knowledge are dirt cheap -- then disconnection and anti-information and no-knowledge become expensive." -- Kevin Kelly But not *too* expensive. Frissell & Associates, custom crafted legal regimes since 1969. --- ~ WinQwk 2.0b#0 ~ Unregistered Evaluation Copy From R.Tait at bnr.co.uk Thu Aug 12 06:38:10 1993 From: R.Tait at bnr.co.uk (R.Tait at bnr.co.uk) Date: Thu, 12 Aug 93 06:38:10 PDT Subject: [uk.transport] Speed Camera with OCR Message-ID: <199308121337.5465@bnsgs200.bnr.co.uk> I thought this might be of interest to fellow cypherpunks, especially to those of us in the UK. Has anything like this been done in the US or Canada? -Rick ------- Start of forwarded message ------- Newsgroups: uk.transport From: mreyno at sound.demon.co.uk (Marcus Reynolds) Subject: Speed Camera with OCR Reply-To: mreyno at sound.demon.co.uk Distribution: world X-Mailer: cppnews $Revision: 1.20 $ Organization: Sound & Vision BBS +44 (0)932 252323 Date: Wed, 11 Aug 1993 20:34:43 +0000 I have just seen an item on the the BBC South East News about a new speed trap in Kent. Apparently the radar clocks your speed, a TV camera records your number plate & then a real time OCR system picks out the actual number & flashes it up on a digital display a short distance further up the road. The idea is to embarrass drivers by letting them & others see their speed & registration. I don't know what type of equipment they are using, but it sounds like a really neat trick. The ability to read a car's plate & decypher the number in real time without any human intervention must take a bit of work. Has anybody heard how reliable this system really is ? I can see a few more uses for such a system than merely embarrassing speeding motorists, if it can work reliably & cheaply. How's this for starters:- City centre entry control & road pricing without the fancy toll booths, just an itemised bill at the end of the month. Tracking stolen vehicles, check every plate against the DVLC wanted list. Tracking any vehicle the State wants to track. Hello Big Brother. -- Marcus Reynolds (Bandwidth saving sig) ------- End of forwarded message ------- From dmandl at lehman.com Thu Aug 12 07:02:53 1993 From: dmandl at lehman.com (David Mandl) Date: Thu, 12 Aug 93 07:02:53 PDT Subject: [uk.transport] Speed Camera with OCR Message-ID: <9308121401.AA21989@disvnm2.shearson.com> > From: R.Tait at bnr.co.uk > I have just seen an item on the the BBC South East News about a new > speed trap in Kent. Apparently the radar clocks your speed, a TV camera > records your number plate & then a real time OCR system picks out the > actual number & flashes it up on a digital display a short distance > further up the road. The idea is to embarrass drivers by letting them > & others see their speed & registration. I don't know what type of > equipment they are using, but it sounds like a really neat trick. > The ability to read a car's plate & decypher the number in real time > without any human intervention must take a bit of work. Has anybody > heard how reliable this system really is ? Hmmm...most drivers I've known would be thrilled to get off with just "embarrassment." In fact, they'd probably be proud to have it broadcast to everyone else on the road (except the lawmen, naturally) that they'd just been clocked at 110 MPH or whatever. But somehow, I doubt that this data is used only for embarrassment, don't you? --Dave. From jthomas at kolanut.mitre.org Thu Aug 12 08:08:12 1993 From: jthomas at kolanut.mitre.org (Joe Thomas) Date: Thu, 12 Aug 93 08:08:12 PDT Subject: Secure voice software issues Message-ID: <9308121503.AA00397@kolanut> Phil Karn wrote: [Re: squeezing 13.3 kbps data w/o start&stop bits over modem] > Whenever V.42 error correction (LAPM) is enabled, > synchronous HDLC frames are what actually pass over the > link. So the start/stop bits are already removed. > Unfortunately, the packetizing done by LAPM adds delay > we don't want for a real time voice application. And if you > turn off LAPM, you return to sending the start/stop bits > over the wire. Well... How much latency does LAPM really add? Little enough that full duplex keystrokes echo back nearly instantly on my connections. People talk over satellite links with more delay than that all the time. Since we're not going to get toll quality voice out of the vocoders anyway, and the error correcting stuff is especially useful for encrypted data streams... I think V.42 is probably a good idea for a cryptophone project. > Most V.32 and V.32bis modems provide for direct > synchronous operation, which would let us have our cake > and eat it too, except that few PCs can speak > synchronously to a modem. This may require some extra > hardware (sigh). I'm in favor of getting a minimal version that will run on the lowest common denominator hardware first. (Might have something to do with the fact that I just spent a couple hundred dollars on an internal V.32bis modem that doesn't do synchronous :^) Joe From lstanton at lehman.com Thu Aug 12 08:28:12 1993 From: lstanton at lehman.com (Linn Stanton) Date: Thu, 12 Aug 93 08:28:12 PDT Subject: [uk.transport] Speed Camera with OCR In-Reply-To: <9308121401.AA21989@disvnm2.shearson.com> Message-ID: <9308121524.AA15878@cfdev1.shearson.com> dmandl at lehman.com (David Mandl) says > Hmmm...most drivers I've known would be thrilled to get off with just > "embarrassment." In fact, they'd probably be proud to have it broadcast > to everyone else on the road (except the lawmen, naturally) that they'd > just been clocked at 110 MPH or whatever. But somehow, I doubt that this > data is used only for embarrassment, don't you? In practice, it can be hard to use this system for more than embarrassment, since it works by identifying the car, not the driver. Fortunately, we have not quite reached the point yet where my license gets the points if I loan you my car, and you speed. Soon though... Linn H. Stanton The above opinions are exclusively my own. If anyone else wants them, they can buy them from me. Easy terms can be arranged. -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.2 mQBNAitK8+EAAAECALzK83DH79m7DLKBmZA2h9U33fBE80EwT4xRY05K7WRfxpO3 BmhPVBmes9h97odVZ0RxAFvinOl4wZGOb8pDclMABRG0IUxpbm4gSC4gU3RhbnRv biA8c3RhbnRvbkBhY20ub3JnPrQnTGlubiBILiBTdGFudG9uIDxsc3RhbnRvbkBz aGVhcnNvbi5jb20+ =oCru -----END PGP PUBLIC KEY BLOCK----- From wcs at anchor.ho.att.com Thu Aug 12 08:28:20 1993 From: wcs at anchor.ho.att.com (Bill_StewartHOY0021305) Date: Thu, 12 Aug 93 08:28:20 PDT Subject: [uk.transport] Speed Camera with OCR Message-ID: <9308121516.AA05238@anchor.ho.att.com> Rick Tait, R.Tait at bnr.co.uk, reports Marcus Reynold's note that there's a new > > speed trap in Kent. Apparently the radar clocks your speed, a TV camera > > records your number plate & then a real time OCR system picks out the > > actual number & flashes it up on a digital display a short distance > > further up the road. [...] > > The ability to read a car's plate & decypher the number in real time > > without any human intervention must take a bit of work. There's a lot of automated-highway research going on; most of it has been oriented towards radio+smartcards, which are easy to make accurate, and while they're not totally cheap, you can palm off much of the cost on the car-owner and use cheap equipment in the tollbooth. License-plate reading in real time is tough, if you're trying to get both speed and accuracy from a video image of a moving car; our neural-net folks were looking into it about three years ago, and it seemed like they'd be pretty good at it if they could get a bit more funding:-) ; they've mainly been concentrating on envelope-readers for Post Offices and railroad-car identifiers. Embarrassing speeders is a special case, because the accuracy doesn't really have to be 100% - you catch the cars on video, so if you decide to prosecute anybody, you can have a human read the picture and verify that you had the right license plate number. Meanwhile, back on the road, if your computer misidentifies the speeding driver half the time, he may assume the speed trap was nicking the other fast car next to him, and you've scared a lot of other drivers into slowing down because it *looks* like you've could have nicked them; so you've accomplished the safety objective. It's scary stuff, because the technology is mostly there, and a government that wanted to pay for development could get it done by a number of research companies. If it's too expensive for widespread use now, computer horsepower keeps getting cheaper every year, especially when what you need is DSP-crunchers and gate-arrays for neural nets, rather than general-purpose systems. Meanwhile, the smartcard people are mostly not using digicash, they're using no-privacy systems and appealing to the convenience for the commercial driver, whose company probably doesn't object. Dave Mandl comments: > Hmmm...most drivers I've known would be thrilled to get off with just > "embarrassment." In fact, they'd probably be proud to have it broadcast > to everyone else on the road (except the lawmen, naturally) that they'd > just been clocked at 110 MPH or whatever. A number of years ago, Ohio tried a system that displayed your speed (but not your license plate) as you went by - they quickly discovered that they had to cut off the display at something like 80 or 85 MPH to prevent just that effect (though adding the license plate number would cut down on the exhibitionism a bit.) Bill Stewart From sneal at muskwa.ucs.ualberta.ca Thu Aug 12 08:38:11 1993 From: sneal at muskwa.ucs.ualberta.ca (Sneal) Date: Thu, 12 Aug 93 08:38:11 PDT Subject: ONE BBSCON Message-ID: <9308121536.AA21970@muskwa.ucs.ualberta.ca> Stanton McCandlish writes: >I'm off to ONE BBSCON, this month. Anyone else going? If so, and >you will be passing thru Albuquerque, I'm looking for a carpool >situation, so I don't have to drive this crappy Hyundai up there... Unfortunately, I'm coming from the north, so I can't offer you a lift. However, while we're on the subject, I'm wondering if any arrangements have been made to distribute anti-Clipper material at the con. I'd be happy to distribute flyers or what-have-you, but they'd have to reach the show by other means; I'm not willing to carry such seditious material across the US/Canada border. I hope that EFF will have a presence at the show* as they did last year, and can sow some further seeds of discontent among the non-Internet online world, many parts of which don't seem aware of the Clipper debacle. Any comments from the EFF folks hereabouts? -- Steve sneal at muskwa.ucs.ualberta.ca * I had a great time arguing with Shari Steele and accusing her of "dancing with the Devil" w/ reference to backing then-Senator Gore's Data Superhighway proposal. Very libertarially-incorrect position to take, Shari. :-) From jim at tadpole.com Thu Aug 12 08:42:51 1993 From: jim at tadpole.com (Jim Thompson) Date: Thu, 12 Aug 93 08:42:51 PDT Subject: Secure voice software issues Message-ID: <9308121534.AA11536@chiba.tadpole.com> V.42 adds about 200ms to my slip link. I'd rather do without it, thanks. From nobody at alumni.cco.caltech.edu Thu Aug 12 08:43:11 1993 From: nobody at alumni.cco.caltech.edu (nobody at alumni.cco.caltech.edu) Date: Thu, 12 Aug 93 08:43:11 PDT Subject: patent on remote cash transactions? Message-ID: <9308121538.AA14710@alumni.cco.caltech.edu> THE MOUSE THAT ROARED. A small company has received a big patent covering financial transactions from home computers. While industry giants have bickered over who's on first in home banking, shopping, entertainment, etc., Online Resources & Communications Corporation of Fairfax, Va., has received what appears to be an enormously broad patent covering financial transactions made from home computers. "The patented payment process potentially applies to a wide range of nonbanking services, from pay-per-view television to stock trading done from home terminals." (New York Times 8/9/93 C2) From fnerd at smds.com Thu Aug 12 08:48:12 1993 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Thu, 12 Aug 93 08:48:12 PDT Subject: Chaos harnessed for encryption / Fluctuations and Or Message-ID: <9308121539.AA10228@smds.com> gtoal at gtoal.com sez- > That was smoke and mirrors by people who understand chaos better than > they understand encryption. All it boils down to is a synchronised > pair of (not very good) PRNGs. > ... > Forget it. It's a dead end. What it is is PRNGs that can synchronize without publishing their states. If this could be done with strong PRNGs, you'd have something. -fnerd quote me From hfinney at shell.portal.com Thu Aug 12 09:18:12 1993 From: hfinney at shell.portal.com (hfinney at shell.portal.com) Date: Thu, 12 Aug 93 09:18:12 PDT Subject: ANONYMOUS CONTACT SERVICE Message-ID: <9308121608.AA03468@jobe.shell.portal.com> From: Warren Keith Russell > I received a message from System Daemon telling me that I had sent a > message using the anonymous contact service, allocating a code name, and > explaining how I can be reached anonymously. A few months ago, someone subscribed to the list through the Penet service, and it ended up revealing the Penet aliases of everyone who posted. Each post was delivered to that subscriber marked as being from the Penet alias corresponding to the poster. All it took was a parallel non-Penet subscription to break the anonymity provided by Penet. Has this now happened again? At the time, there was some discussion about using "an..." versus "na..." forms of the Penet aliases, one of which would avoid this revelation. Has that been taken care of? Hal Finney hfinney at shell.portal.com From hfinney at shell.portal.com Thu Aug 12 09:18:20 1993 From: hfinney at shell.portal.com (hfinney at shell.portal.com) Date: Thu, 12 Aug 93 09:18:20 PDT Subject: under pressure from University Computing svcs, Message-ID: <9308121608.AA03472@jobe.shell.portal.com> From: The Phantom > I'm going to have to shut down the phantom remailer. > > Seems someone complained about a remailed message. I got a copy of the > message, and it didn't seem to bad to me, but I've gotta go with what UCS > says. > > As of today, the phantom remailer (phantom at mead) is hereby out of service. > > Matt It's too bad that this remailer is being shut down. I posted a few days ago about this problem, and someone asked if there had been any specific examples of shutdowns. Here is one; I know Matt's is not the first. If it would help, Matt, I could provide you with code to act as a "second- tier" remailer, one which would only forward to one of the other Cypherpunks remailers. No person would receive messages from your remailer, hence there would be no complaints to your administration. Your remailer would just be an extra "entry port" into the Cypherpunks remailer system. I don't know whether the terms of the shutdown of your remailer would allow you to experiment with what is arguably a different piece of code, one which would not lead to complaints. Hal Finney hfinney at shell.portal.com From nobody at shell.portal.com Thu Aug 12 09:18:27 1993 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Thu, 12 Aug 93 09:18:27 PDT Subject: No Subject Message-ID: <9308121545.AA02901@jobe.shell.portal.com> At 12:25 PM 8/9/93 -0700, Timothy C. May wrote: >despite the talk of >mandatory "trap doors" in encryption systems, encryption is >fundamentally easy to do and hard to detect. (For those who doubt >this, let me describe a simple system I posted to sci.crypt several >years ago. An ordinary digital audio tape (DAT) carries more than a >gigabyte of data. This means that thhe least significant bit (LSB) of >an audio DAT recordingng carries about 8megabytes of data! So Alice is >stopped by the Data Police. They ask if she's carrying illegal data. >She smiles inocently and say "No. I know you'll search me." They find >her Sony DATman and ask about her collection of tapes and live >recordings. Alice is carrying 80 MB of data---about 3 entire days >worth of Usenet feeds!---on each and every tape. The data are stored >in the LSBs, completely indistinguishable from microphone and >quantization noise...unless you know the key. Similar methods allow >data to be undetectably packed into LSBs of the PICT and GIF pictures >now flooding the Net, into sampled sounds, and even into messages like >this... Alice better not be carrying any software that could retrieve that data. The cynic in me suggests that this scenario is just an excuse for the data police to seize any equipment or data it feels like. Besides, Alice won't be stopped by the data police, Alice will have her door kicked in by the data police and they'll take everything electronic she has, including harmless music and video. And anything electronic they find in her residence, whether it belongs to her or not. From gnu Thu Aug 12 09:58:12 1993 From: gnu (John Gilmore) Date: Thu, 12 Aug 93 09:58:12 PDT Subject: Secure voice software issues In-Reply-To: <9308120629.AA17113@netcom4.netcom.com> Message-ID: <9308121657.AA20346@toad.com> My proposal is that we get some software working that produces poor quality speech in realtime on fast hardware that most people don't have. Then, improved search algorithms will bring higher quality.* The natural evolution of faster hardware will make it available to all. I think that we as cypherpunks have been thrown off a bit by the policy issues and the publicity we've received. It's time to get back into active development. Remember, architecture *is* policy! John * The way these algorithms work is that the sender goes through a laborious process to find the best "encoding" (literally -- out of a code book) that matches the sounds it is trying to communicate. Typically the quality depends on how much time it has to do this; spending more time looking at more possibilities, makes it more likely that you find one with a very small difference between the real signal and the encoded signal. We can start off with stupid algorithms that just give up and use the best-so-far when they run out of time, and gradually improve them to be more intelligent about the *order* in which they search. This requires no change to receivers; it's backward compatible. From charles at loki.ksc.nasa.gov Thu Aug 12 10:12:52 1993 From: charles at loki.ksc.nasa.gov (Charles Edward Patisaul) Date: Thu, 12 Aug 93 10:12:52 PDT Subject: CryptoStacker In-Reply-To: <9308120015.AA07981@versant.com> Message-ID: <9308121711.AA01422@loki.ksc.nasa.gov> When last we heard, menya zavoot cmpuk wrote: > THUS SPAKE "Kent Hastings" : > # Whatever happened to CryptoStacker(s) research? > > Ryan "CryptoStacker" Porter has been > travelling in (supposedly) Belgium & Sweden for the last month, > and I haven't heard from him since the beginning of July. Ryan has returned from his trip (also included some of Germany and France) and has not gotten much net access since then. He's been busy on some other consulting projects, and has had some recovery to do. Almost immediately after returning to the United States he was a passenger in a vehicle that was hit in a head on collision of about 50 MPH a piece. The vehicle was a Volvo station wagon and true to it's reputation the outside crumpled beyond recognition but the passenger compartment was untouched. Ryan escaped with 'only' internal bruising and general pain, while the passengers in the other two vehicles were also treated for cuts, loss of blood, massive smashedness and the like. Despite the realization that the superior armament of the Volvo behemoth is what protected him from the other crazies on the road (the oncoming vehicle was piloted by two guys who were watching the aluminum in the back of their truck, instead of the which part of US Highway 1 they were on), we are still going to West Palm beach this weekend to pick up the motorcycle he just bought. You'd think he'd learn from experience... > He did *not* meet me in Budapest two weeks ago. One could say that *you* did not meet him... > # Please voluntarily comply with my request for a status report, > # or I'll padlock your business, throw you in jail, arrest all > # your friends, and firebomb your compound. > > Please! Spare his friends!!! I guess that would include me! Yikes! If you are going to firebomb our secret computing complex, at least let us be there so we can be made into post toasties as the great ShorDurPerSav from Waco has done. > > # It is your choice. > > If it were my choice, I'd choose the vacation. "Peace, or annihilation" -charles -- Charles E. Patisaul charles at loki.ksc.nasa.gov Kennedy Space Center FL USA From 72114.1712 at CompuServe.COM Thu Aug 12 10:18:12 1993 From: 72114.1712 at CompuServe.COM (Sandy) Date: Thu, 12 Aug 93 10:18:12 PDT Subject: WIRED #4 Message-ID: <930812171006_72114.1712_FHF92-1@CompuServe.COM> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT Reply to: ssandfort at attmail.com . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Punksters, Paul Ferguson asks if the new WIRED is out yet. The answer is "yes and no." Complimentary copies were given away at a couple of recent conferences. Also, subscription copies are going out now or in a few days. Newsstand copies should be available in three weeks or so. I would appreciate any Cypherpunk thoughts, opinions, questions or raves on my article, "Intelligent Island?" which appears in this issue. It and William Gibson's "Disneyland with the Death Penalty" are the lead articles in WIRED #4. Hope you like it. S a n d y >>>>>> Please send e-mail to: ssandfort at attmail.com <<<<<< ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From phantom at u.washington.edu Thu Aug 12 10:22:51 1993 From: phantom at u.washington.edu (The Phantom) Date: Thu, 12 Aug 93 10:22:51 PDT Subject: Real time OCR Message-ID: --------------- cypherpunks-list #4087 (54 lines) --------------- Date: Thu Aug 12 08:40:56 1993 From: wcs at anchor.ho.att.com (Bill_Stewart(HOY002)1305) Subject: Re: [uk.transport] Speed Camera with OCR > > The ability to read a car's plate & decypher the number in real time > > without any human intervention must take a bit of work. > There's a lot of automated-highway research going on; most of it has > been oriented towards radio+smartcards, which are easy to make accurate, > and while they're not totally cheap, you can palm off much of the cost > on the car-owner and use cheap equipment in the tollbooth. > Bill Stewart If anyone can dig out the April issue of 'Advanced Imaging' (I seem to have given mine away), there was an article about imaging license plates for use at border crossings. The bugs looked like they were worked out and the system was ready for action. I don't remember where it was going to be put into effect, but.. mt Matt Thomlinson Say no to the Wiretap Chip! University of Washington, Seattle, Washington. Internet: phantom at u.washington.edu phone: (206) 548-9804 PGP 2.2 key available via email or finger phantom at hardy.u.washington.edu From hughes at soda.berkeley.edu Thu Aug 12 10:28:12 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Thu, 12 Aug 93 10:28:12 PDT Subject: No Subject In-Reply-To: <9308121545.AA02901@jobe.shell.portal.com> Message-ID: <9308121724.AA10093@soda.berkeley.edu> >Alice better not be carrying any software that could retrieve that >data. Q: What do you call a store that sells 'cryptographic paraphernilia?' A: A mind shop. If crypto is outlawed, then random numbers will be probable cause for search for illegal cryptographic devices, software or hardware. Q: What is a random number? A: Anything I don't understand. Eric From klaus at mail.lds.loral.com Thu Aug 12 10:32:52 1993 From: klaus at mail.lds.loral.com (Christopher Klaus) Date: Thu, 12 Aug 93 10:32:52 PDT Subject: chaos harnessed for encryption Message-ID: <9308121731.AA09087@mail.lds.loral.com> There is an article in some paper magazine (Technology) about some research at MIT for creating a signal-processing designs that use chaos to encrypt information. Voice telephone would be an excellent use of this technology. Anyone have more info on it? -- Christopher Klaus klaus at mail.lds.loral.com cklaus at hotsun.nersc.gov From dsobel at washofc.cpsr.org Thu Aug 12 11:12:51 1993 From: dsobel at washofc.cpsr.org (David Sobel) Date: Thu, 12 Aug 93 11:12:51 PDT Subject: >Clipper trapdoor? Message-ID: <00541.2828009147.4718@washofc.cpsr.org> RE>>Clipper trapdoor? Marc - You wrote: >As for the example of snooping on Hussein and his officers, you know >exactly how much legal authorization the NSA needs to conduct that >wiretap. Exactly none. Hence, it needs no paperwork to get the key >to Hussein's phone. > >How the escrow agents make the NSA prove that the keyid in question >belongs to Hussen's phone is an exercise left to the legislature :-/ As you (and others) noted in response to my posting, there is either a trapdoor *or* a "national security exception" to the warrant/escrow arrangement. As your comment suggests, NSA has heretofore been able to act unilaterally in exercising its "legal authorization" to intercept communications overseas, but with the Clipper scheme must obtain assistance from a third (and fourth?) party -- the escrow agents. I think the question you raise is a critical one -- under what guidelines will the escrow agents determine the validity of an NSA request for the key without a FISA warrant? - David From frissell at panix.com Thu Aug 12 11:13:11 1993 From: frissell at panix.com (Duncan Frissell) Date: Thu, 12 Aug 93 11:13:11 PDT Subject: ANONYMOUS CONTACT SERVICE Message-ID: <199308121808.AA23068@panix.com> To: cypherpunks at toad.com H>A few months ago, someone subscribed to H>the list through the Penet service, H>and it ended up revealing the Penet H>aliases of everyone who posted. Each H>post was delivered to that subscriber H>marked as being from the Penet alias H>corresponding to the poster. All it took H>was a parallel non-Penet subscription H>to break the anonymity provided by Penet. H> H>Has this now happened again? Funny you should mention this. Maybe someone else just subscribed via penet since my morning post to cypherpunks was bounced back to *me* from penet (as well as being posted normally). The bounce was caused because penet was reading the originating address as *my* address (not cypherpunks) and since I have been using a penet password and my message did not contain the password, it was not forwarded. I have noticed that some postings show up here from cypherpunks and some from the address of the original poster. I suppose different mailing situations cause different results. Maybe all penet users on the list should activate passwords on penet.fi. Penet may search back along the chain of addresses for any familiar address to check against it's list of password-enabled addresses. Duncan Frissell H> H>At the time, there was some discussion H>about using "an..." versus "na..." H>forms of the Penet aliases, one of which H>would avoid this revelation. Has H>that been taken care of? H> H>Hal Finney H>hfinney at shell.portal.com H> H> --- ~ WinQwk 2.0b#0 ~ Unregistered Evaluation Copy From pcw at access.digex.net Thu Aug 12 11:48:12 1993 From: pcw at access.digex.net (Peter Wayner) Date: Thu, 12 Aug 93 11:48:12 PDT Subject: >Clipper trapdoor? Message-ID: <199308121845.AA12068@access.digex.net> Dave Sobel has been wondering just how the Escrow Agency will check up on the requests for keys that it gets from the NSA. The procedures aren't decided yet, but from my understanding of the presentation given at the last CSSAB meeting in Washington, the Escrow agencies won't have a person/phone to escrow id number mapping that would allow them to check if a request for a key is valid. There are two reasons for this. 1) It would be pretty useless because people could sell their phones at garage sales or give them as Christmas gifts and screw up the list. 2) This is also a "feature". If two of the escrow agents (from different agencies) decided to go bad, then they wouldn't be able to look up their enemy Bob's escrow key by name. They would need some of the real-time hardware and access to the family key. Presumably, this would be handled by a third party. -Peter From ferguson at fiber.sprintlink.net Thu Aug 12 11:58:12 1993 From: ferguson at fiber.sprintlink.net (Paul Ferguson x2044) Date: Thu, 12 Aug 93 11:58:12 PDT Subject: Cypherpunk FTP site -- where is it? Message-ID: <9308121953.AA07413@fiber.sprintlink.net> Could I entice someone to remind me of where the anon FTP site (and directory) is located? I seem to recall that it was on soda.berkeley.edu but beyond that, my memory fails me.... From tcmay at netcom.com Thu Aug 12 12:08:12 1993 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 12 Aug 93 12:08:12 PDT Subject: Making the World Safe for Steganography Message-ID: <9308121908.AA10732@netcom.netcom.com> How do we make steganography safer to use? An anonymous comentator wrote about my point (in the essay "Libertaria in Cyberspace"), and then Eric Hughes responded: >>Alice better not be carrying any software that could retrieve that >>data. > >Q: What do you call a store that sells 'cryptographic paraphernilia?' > >A: A mind shop. > >If crypto is outlawed, then random numbers will be probable cause for >search for illegal cryptographic devices, software or hardware. > >Q: What is a random number? > >A: Anything I don't understand. With steganographic (data-hiding) schemes, how is the "unhiding" scheme to be stored? If the user has a diskette labelled "Steganography" sitting prominently near his computer, for example, and this diskette has just a single algorithm on it--perhaps for stripping the LSBs out of GIFs--then it is fairly obvious which algorithm is being used, and that steganography is in fact being used in the first place. (However, what comes out of the de-stegging, to coin a phrase, should still be meaningless without the actual decryption, so I'm not sure what the authorities can or will try to do. During wartime, or in many countries, I'm sure that possessing such steganographic software would be a serious matter, but the U.S. has not (yet) reached this point. And there's enough bits to play with on a DAT to make the data bits look almost exactly like audio/microphone noise, with the same statistics, spectrum, etc.) One good way to further confuse the issue is to make certain steganographic schemes *widely available* by wide distribution on CD-ROMs (to ensure that nearly everyone can feign innocense when the Data Patrol asks them some questions) or by easy access by ftp-type approaches (though this has limits which are discussed later). In other words, there is no obvious "smoking gun" pointing to the use of steganography. Or encryption, for that matter, as PGP-like crypto programs could be similary distributed, someday, and only the secret key/passphrase would be "incriminating" to the user. I'll leave it for another time to discuss ways to hide the secret key/passphrase (perhaps in things like Newton PDAs which implement "digital flash paper" in their flash memories, or are carried with the person at all times, etc.). A Cypherpunks CD-ROM? Perhaps the Cypherpunks could someday even make such a CD-ROM widely available, along with rants, source code, whatever. (*Very* speculatively, someday "Wired" may even distribute a CD-ROM in one of their issues.) Remember, the point about steganography schemes, like hiding message bits in the LSBs of music tapes or images, is *not* to make the bits "undetectable," but only to hide them sufficiently to make a case for "plausible deniability." Thus, if the Data Patrol uses "Algorithm A6" (one of many on the CD-ROM) on a DAT you are carrying, and the sequence "1 0 1 1 1 0 1 0 ...." emerges, you just shrug and claim ignorance. "Sounds like noise to me." However, when the Patrol is not around, you apply, say, "Algorithm Z1" to the DAT and then use your private key to decrypt the bits. (How you secure your private key is another issue, of course, as mentioned above.) Some may quibble that this is a kind of low-level encryption...after all, the CD-ROM may contain only a few dozen algorithms for stripping bits out of DATs and images, so the NSA or FBI can simply apply them all, trivially. This method would indeed be low-level (nonexistent, actually) security if the resulting bits were a plaintext message. But the resulting bits are in fact meaningless noise without the private key. I suspect that such wide distribution of steganographic schemes will be enough to ensure that users can safely retrieve "their" bits (using one of the algorithms) without the authorities being able to prove anything. If this analysis is correct, then getting various steganographic schemes out in the public domain is important. Executable code--to allow users to run the programs right off the CD-ROM and thus not have the code copied (incriminatingly) to their hard disks--would be best. This code could be tucked away in a small part of CD-ROMs. What I envision is a CD-ROM (or whatever other distribution modes are popular) containing this steganogrophic and cryptographic software and lots of other stuff, in other domains. That is, the crypto/stego part could just be a tiny fraction of this "Hackers Disc." Speculatively, we could do this ourselves, or work with "Wired," EFF, the Gnu folks, etc., to get these programs tucked in someplace amongst their files. (There are issues of platform compatitibility, which systems can read which CD-ROMs, etc. Details.) Making the algorithms available by ftp is of course already common practice. The reason I don't emphasize this is that users must download the programs to their systems, thus decreasing plausible deniability. (However, if the programs are just part of a larger collection of files, like a "News Magazine" of a bunch of files, then these algorithms will be just some of the _many_ files downloaded, and the user can once again feign ignorance. This would be a kind of "stego stego," where the stegonographic algorithms are themselves hidden amongst a bunch of unrelated files.) I realize all this may be too complicated, that the stego programs themselves are barely starting to appear (I know of a couple of efforts going on), and that the problem of how to claim ignorance may not be important for a few years yet, if ever. On the other hand, there may be value in getting these stego schemes distributed long in advance of their being needed. Comments? -Tim May -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: by arrangement Note: I put time and money into writing this posting. I hope you enjoy it. From plmoses at unix.cc.emory.edu Thu Aug 12 12:08:28 1993 From: plmoses at unix.cc.emory.edu (Paul L. Moses) Date: Thu, 12 Aug 93 12:08:28 PDT Subject: On The Inherent Evil of Electronic Democracy Message-ID: <9308121908.AA06721@emoryu1.cc.emory.edu> Regarding the Electronic Democracy idea, I vote with Tim May. Look at the way public opinion is molded today through CNN, Tom Brokaw, Connie Chung, Oprah Winfrey, etc. One could even say that Clinton is the "Phil Donahue president" (he 'cares') - just look at the second candidate debate last fall. A talk show if ever there was one. No, erasing procedural safeguards in the name of access by the masses is an *EXTREMELY* bad idea, because a lot of these archaic procedures still have use and serve a filtering function, albeit one that may not be recognized fully until they are removed and drastic, undesirable, unwanted,and unintended consequences follow. What we should be doing instead is focusing our analytic powers on the present bottlenecks and distortions in the system and resolving those rather than opening ENTIRELY NEW "runoff channels". For at the end of the day, the only beneficiaries of innovation are the ones poised to exploit it. And that certainly is not the "enlightened citizen" today. What am I saying? If we allow direct legislating power to go to everyone, we will eliminate the concern with PLURALITY that the Constitution protects. If not sooner, then later. From mab at vax135.att.com Thu Aug 12 12:18:12 1993 From: mab at vax135.att.com (mab at vax135.att.com) Date: Thu, 12 Aug 93 12:18:12 PDT Subject: Cryptographic File System paper available for ftp. Message-ID: <9308121905.AA07550@vax135.UUCP> Hi, A PostScript pre-print of the final version of my paper "A Cryptographic File System for Unix" is available for anonymous ftp from research.att.com in the file dist/mab/cfs.ps . The paper will be presented at the 1st ACM Conference on Communications and Computing Security, November 3-5, Fairfax, VA. A number of people on this list have seen an early draft; this is the final version. Some of the techniques in the paper may be of general interest to people contemplating file system-level encryption in other systems (e.g., the cryptostacker project). -matt From karn at qualcomm.com Thu Aug 12 12:42:54 1993 From: karn at qualcomm.com (Phil Karn) Date: Thu, 12 Aug 93 12:42:54 PDT Subject: Secure voice software issues In-Reply-To: <9308121503.AA00397@kolanut> Message-ID: <9308121939.AA12734@servo> I see 160ms round trip times on my SLIP link from home to work, and I can't account for all of this time by just adding up transmission times and store-and-forward delays for the data rates and packet sizes I'm using. And I don't think it can be explained by the trellis decoding in V.32 bis, as that should account for only a few bits of delay. I've since heard of very similar figures for other modems, so It's not just my modem. I'm beginning to suspect the V.42bis packetizing algorithms. Although they're not described in the spec, I suspect that real V.42bis implementations use timers to determine when to send the the currently queued data as a frame. Or maybe there's a Nagle-like algorithm like the one in TCP: immediately send the first byte of data on an idle link, but keep additional traffic pending until the first byte is acknowledged in order to aggregate stream traffic into larger frames. This is all speculation so far, but it does explain the long RTTs I see with packet traffic even though raw character-at-a-time traffic seems to be fast. Stream traffic would see the worst delays of all, which is ordinarily okay for a file transfer, but death to a real time stream like voice. That's why we may be forced to turn off V.42 entirely and speak synchronously to the modem. Time to haul out a protocol analyzer and do some timing measurements. Phil From julf at penet.FI Thu Aug 12 12:52:53 1993 From: julf at penet.FI (Johan Helsingius) Date: Thu, 12 Aug 93 12:52:53 PDT Subject: ANONYMOUS CONTACT SERVICE In-Reply-To: <9308121608.AA03468@jobe.shell.portal.com> Message-ID: <9308122020.aa01932@penet.penet.FI> > A few months ago, someone subscribed to the list through the Penet service, > and it ended up revealing the Penet aliases of everyone who posted. Each > post was delivered to that subscriber marked as being from the Penet alias > corresponding to the poster. All it took was a parallel non-Penet subscripti > on > to break the anonymity provided by Penet. > > Has this now happened again? Yes. I was contacted by the user who was the cause of this. He didn't reaalize what would happen. He has now send an unsubscribe request. > At the time, there was some discussion about using "an..." versus "na..." > forms of the Penet aliases, one of which would avoid this revelation. Has > that been taken care of? Evidently not. :-( Julf From yerazunis at aidev.enet.dec.com Thu Aug 12 12:58:13 1993 From: yerazunis at aidev.enet.dec.com (This is _intense_! 12-Aug-1993 1536) Date: Thu, 12 Aug 93 12:58:13 PDT Subject: Subliminal channels in signature functions may be unavoidable. Message-ID: <9308121955.AA20556@enet-gw.pa.dec.com> I was considering the subliminal-channel-in-the-digital-signature question in the shower, and came to an interesting handwaving proof of the following statement: All signature systems (public key and otherwise) that allow timestamped messages contain subliminal channels of bandwidth proportional to the timestamp resolution. Fortunately, this mailing list is wide enough to contain the essence of the proof. 1) Hypothesize an arbitrary signature system that simply provides authentication via a randomish-looking bitstream that is a function only of the input document and (possibly) a secret or public key known to the sender and intended recipient, and that an "external monitor" exists who will verify that each message is indeed signed appropriately; 2) The job of the monitor is to censor communications between the sender and recipient; hie does this by examining the contents of the messages and if 1) their visible contents are innoucuous 2) their signatures do verify he passes the message; otherwise he refuses the message back to the sender. 3) Assume the signature-generating algorithm is published, and is a strongly random function of the input stream. 4) Assume any number of messages may be passed. 5) Assume that the sender and intended recipient have previously arranged for an unknown-to-the-censor second signature and bit count. 6) To send a subliminal-channel message, the sender generates an innocuous message, time-stamps it, and signs it, then signs the signature with the "secret second signature". If the [bit-count] low-order bits of the second secret signature match the desired first N bits of the desired subliminal channel message, then the message plus first (authenticating) signature is handed off to the censor to examine and transport. If the bits don't match, the time-stamp of the original message is updated, and the process repeated until the bits _do_ match. The loop of innoucuous-message/first-signature/second-signature/compare is then repeated again until all the bits of the desired subliminal channel message have been sent. Since for any good signature scheme all bits in the output bitstream are strongly random functions of all bits in the input stream, changing one bit (in the timestamp) has a chance of 1 in 2^bitcount bits of giving the desired secret-signature bitset. Proof of the bandwidth of such a scheme is proportional to 1/2 the resolution in bits of the time-stamp is left to the student. (I just _had_ to say that. :-) ). Extension: If the number of messages per unit time allowed by the censor is limited, then the bandwidth becomes MIN ( [1/2 timestamp resolution] , [bitcount * allowed-message-frequency] -Bill From collins at newton.apple.com Thu Aug 12 13:22:53 1993 From: collins at newton.apple.com (Scott Collins) Date: Thu, 12 Aug 93 13:22:53 PDT Subject: Chaos harnessed for encryption / Fluctuations and Or Message-ID: <9308121728.AA25115@newton.apple.com> >[...] that can synchronize without publishing their states. >If this could be done with strong PRNGs, you'd have something. Here is a related article Article = "Secret Key Agreement by Public Discussion from Common Information" Author = Ueli M. Maurer Publication = IEEE Transactions on Information Theory, Vol 39, No. 3 Date = May 1993 --Abstract-- The problem of generating a shared secret key S by two parties knowing dependent random variables X and Y, respectively, but not sharing a secret key initially, is considered. An enemy who knows the random variable Z, jointly distributed with X and Y according to some probability distribution Pxyz, can also receive all messages exchanged by the two parties over a public channel. The goal of a protocol is that the enemy obtains at most a negligible amount of information about S. Upper bounds on H(S) as a function of Pxyz are presented. Lower bounds on the rate H(S)/N (as N-->infinity) are derived for the case where X = [X1, ..., Xn], Y = [Y1, ..., Yn], and Z = [Z1, ..., Zn] result from N independent executions of a random experiment generating Xi, Yi and Zi for i=1, ..., N. In particular, it is shown that such secret key agreement is possible for a scenario where all three parties receive the output of a binary symmetric source over independent binary symmetric channels, even when the enemy's channel is superior to the other two channels. The results suggest how to build cryptographic systems that are provably secure against enemies with unlimited computing power under realistic assumptions about the partial independence of the noise on the involved communications channels. --end of Abstract-- Hope you like it, Scott Collins | "Few people realize what tremendous power there | is in one of these things." -- Willy Wonka ......................|................................................ BUSINESS. voice:408.862.0540 fax:974.6094 collins at newton.apple.com Apple Computer, Inc. 1 Infinite Loop, MS 301-2C Cupertino, CA 95014 ....................................................................... PERSONAL. voice/fax:408.257.1746 1024/669687 catalyst at netcom.com From smb at research.att.com Thu Aug 12 13:58:13 1993 From: smb at research.att.com (smb at research.att.com) Date: Thu, 12 Aug 93 13:58:13 PDT Subject: Secure voice software issues Message-ID: <9308122055.AA27140@toad.com> I see 160ms round trip times on my SLIP link from home to work, and I can't account for all of this time by just adding up transmission times and store-and-forward delays for the data rates and packet sizes I'm using. And I don't think it can be explained by the trellis decoding in V.32 bis, as that should account for only a few bits of delay. I've since heard of very similar figures for other modems, so It's not just my modem. I'm beginning to suspect the V.42bis packetizing algorithms. Although they're not described in the spec, I suspect that real V.42bis implementations use timers to determine when to send the the currently queued data as a frame. Or maybe there's a Nagle-like algorithm like the one in TCP: immediately send the first byte of data on an idle link, but keep additional traffic pending until the first byte is acknowledged in order to aggregate stream traffic into larger frames. This is all speculation so far, but it does explain the long RTTs I see with packet traffic even though raw character-at-a-time traffic seems to be fast. Stream traffic would see the worst delays of all, which is ordinarily okay for a file transfer, but death to a real time stream like voice. That's why we may be forced to turn off V.42 entirely and speak synchronously to the modem. Time to haul out a protocol analyzer and do some timing measurements. Real timing measurements would help, but it's not just the V.42bis algorithms. A year or two ago, I did some measurements on a number of different modems. I saw large -- and sometimes unacceptable -- delays even without V.42 or MNP in use. My methodology was to enable loopback at various points -- hardware loopback plugs, local loopback on my modem, remote loopback or a plug at the far end, etc. I sent single characters, and timed how long they took to show up. The modems seem to either buffer up several characters, or have to wait a while before sending the first one, but the delays appeared to be for the first character in a ``bunch'' (``packet'' is too strong a word). From nobody at shell.portal.com Thu Aug 12 14:18:14 1993 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Thu, 12 Aug 93 14:18:14 PDT Subject: Real time OCR Message-ID: <9308122038.AA11660@jobe.shell.portal.com> Neural network hardware is currently being trained to recognize the serial numbers on US$. This is being done by a company that has successfully applied its nn hardware to read the numbers off of checks and distinguish between real/fake while obtaining the numbers too. From shipley at tfs.COM Thu Aug 12 14:58:13 1993 From: shipley at tfs.COM (Peter Shipley) Date: Thu, 12 Aug 93 14:58:13 PDT Subject: Secure voice software issues In-Reply-To: <9308122055.AA27140@toad.com> Message-ID: <9308122154.AA18473@edev0.tfs.com.TFS> > I see 160ms round trip times on my SLIP link from home to work, and I > can't account for all of this time by just adding up transmission > times and store-and-forward delays for the data rates and packet sizes > I'm using. And I don't think it can be explained by the trellis > decoding in V.32 bis, as that should account for only a few bits of > delay. > > I've since heard of very similar figures for other modems, so It's not > just my modem. I'm beginning to suspect the V.42bis packetizing > algorithms. Although they're not described in the spec, I suspect that > real V.42bis implementations use timers to determine when to send the > the currently queued data as a frame. Or maybe there's a Nagle-like > algorithm like the one in TCP: immediately send the first byte of data > on an idle link, but keep additional traffic pending until the first > byte is acknowledged in order to aggregate stream traffic into larger do not use error correction or compression. (they will slow you down) and tcp does it's own error correction. as for 160ms round trip times that is acceptable for slip. From remail at tamsun.tamu.edu Thu Aug 12 15:28:14 1993 From: remail at tamsun.tamu.edu (remail at tamsun.tamu.edu) Date: Thu, 12 Aug 93 15:28:14 PDT Subject: neural nets Message-ID: <9308122227.AA22138@tamsun.tamu.edu> Speaking of neural nets and image recognition, my former employers landed a contract with "various law enforcement agencies" although the project manager I spoke to said primarily the FBI and CIA - to develop neural network hardware and software to do face recognition, to be used to identify criminals at the airports. Indeed, I recall being photographed twice when I hired on - normal lighting for my regular id, and low lighting. At the time, I wondered why but didn't think anything of it. The project manager said they were amassing a database of pictures to use as training sets. Pretty interesting... From still at kailua.colorado.edu Thu Aug 12 15:42:55 1993 From: still at kailua.colorado.edu (James Still) Date: Thu, 12 Aug 93 15:42:55 PDT Subject: On The Inherent Evil of Electronic Democracy Message-ID: <2C6AD4C4@kailua.colorado.edu> >Regarding the Electronic Democracy idea, I vote with Tim May. Look at the >way public opinion is molded today through CNN, Tom Brokaw, Connie Chung, >Oprah Winfrey, etc. One could even say that Clinton is the "Phil Donahue >president" (he 'cares') - just look at the second candidate debate last fall. I don't think public opinion is 'molded' so much, just that it's fancies are entertained too much. (Info-tained?) I dropped by a local bookstore last night to hear Jim Lehrer (McNeil/Lehrer Newhour on PBS) speak about his new book. He brought up this topic, saying that "mainstream news," (never mind the dribble of Donahue or Oprah) has been remiss in *reporting the news* for years, instead sensationalizing news and entertaining the masses. According to Lehrer, T.V. news (and newspapers who must now compete with them) have stopped asking their reporters to "get the facts" instead encouraging them to "get the dirt," or else. Look what has happened: the three major networks have lost over 30% market-share to other outlets like NPR and PBS or from people that just plain turn it off. Extreme voter apathy. Twentynothings from hell :-) The good side to this according to Lehrer is that one day soon a bunch of balding men will sit around the NBC board-room table and say, "We need more viewers, what do we do?" One particularly bright young man will finally say, "I know, let's report the news!," and everyone will bust out in applause. Lehrer's been doing it for 18 years. The info-tainment stuff is a small blip on the Neilson charts and nothing more. Maybe I'm a bit too optimistic for my own good though :^) - Jim From tcmay at netcom.com Thu Aug 12 15:53:24 1993 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 12 Aug 93 15:53:24 PDT Subject: Spooking of neural nets and image recognition... In-Reply-To: <9308122227.AA22138@tamsun.tamu.edu> Message-ID: <9308122254.AA18262@netcom5.netcom.com> > > Speaking of neural nets and image recognition, my former employers > landed a contract with "various law enforcement agencies" although > the project manager I spoke to said primarily the FBI and CIA - to > develop neural network hardware and software to do face recognition, > to be used to identify criminals at the airports. > > Indeed, I recall being photographed twice when I hired on - normal > lighting for my regular id, and low lighting. At the time, I > wondered why but didn't think anything of it. The project manager > said they were amassing a database of pictures to use as training > sets. I think you mean "Spooking of neural nets and image recognition..." This technology is supposedly being deployed at Customs offices and especially at airports. Long hair may come back, as I hear that the _ear_ is one of the main identifying points...ears are fairly characteristic of individuals (not as much as fingerprints, but enough for a rough sort) and edge-tracing algorithms can be run quickly. So, keep those ears covered! Of course, only criminals fear such security monitoring. Remember, the policement is your _friend_. -Tim May -- From karn at qualcomm.com Thu Aug 12 16:12:57 1993 From: karn at qualcomm.com (Phil Karn) Date: Thu, 12 Aug 93 16:12:57 PDT Subject: Secure voice software issues In-Reply-To: <9308122154.AA18473@edev0.tfs.com.TFS> Message-ID: <9308122309.AA13742@servo> >do not use error correction or compression. (they will slow you down) >and tcp does it's own error correction. as for 160ms round trip times >that is acceptable for slip. Well, in theory turning off V.42bis entirely should get rid of these delays, but in my exerience with Motorola Codex 3260 modems, it doesn't. Don't know why. Also, if you turn off LAPM you are back to sending start/stop bits again. Phil From karn at qualcomm.com Thu Aug 12 16:38:15 1993 From: karn at qualcomm.com (Phil Karn) Date: Thu, 12 Aug 93 16:38:15 PDT Subject: Secure voice software issues In-Reply-To: <9308122154.AA18473@edev0.tfs.com.TFS> Message-ID: <9308122337.AA13799@servo> >do not use error correction or compression. (they will slow you down) >and tcp does it's own error correction. as for 160ms round trip times >that is acceptable for slip. I don't know about you, but 160ms *is* objectionable to me when typing on a character-at-a-time telnet connection. And several people I've tried to introduce to demand-dialed SLIP (instead of hogging annex ports for hours with idle dumb terminals) have also complained about the delay. BTW, there's another problem with V.42bis compression that I haven't mentioned yet. When you enable compression, most modems suck in several seconds' worth of transmit data before they drop CTS to flow control the host (this assumes the DTE speed is considerably faster than the line speed, as it needs to be to get the most out of the compression). This is no problem if you're sending a large file with, say, ZMODEM; presumably the modem buffers up all this data so it can figure out whether to compress it or not. But this creates nasty delay problems for SLIP/PPP when you try to mix bulk and interactive traffic streams. Even if your router gives interactive (e.g., Telnet) packets priority over bulk (e.g., FTP) traffic in its own interface send queues, it can't do anything about the data that's already gone to the modem. So if the modem buffers up 2 seconds of FTP data, then your telnet packets will see 2 second delays even if it they have unconditional priority in the router over your big background FTP transfer. Worse still, some modems seem to buffer up all this data even when you disable V.42bis compression. Sigh. I point this out because many people would like to multiplex secure voice with IP data over their SLIP links. This lets you use a single phone line for voice and data simultaneously (especially if you have a variable rate vocoder), and it lets you use the Internet for voice. Not only does this let you bypass the long distance network, but it would make a pen register on your modem line almost useless. It would just show that you frequently call a local SLIP server to which you presumably have legitimate access. :-) But there are some problems yet to be solved. I'm rapidly coming to the conclusion that the only way around the SLIP/PPP modem buffer/delay problems is to speak raw synchronous data to the modems, even to the point of implementing V.42bis and HDLC in the host computer instead of using the modem's implementation. Phil From an26436 at anon.penet.fi Thu Aug 12 17:18:16 1993 From: an26436 at anon.penet.fi (an26436 at anon.penet.fi) Date: Thu, 12 Aug 93 17:18:16 PDT Subject: ANONYMOUS CONTACT SERVICE Message-ID: <9308130016.AA15644@anon.penet.fi> At 6:44 PM 8/11/93 -0700, Warren Keith Russell wrote: >I received a message from System Daemon telling me that I had sent a >message using the anonymous contact service, allocating a code name, and >explaining how I can be reached anonymously. > >What does this mean? Sounds great, but I have no idea how I managed to >send such a message! Probably means someone sent a message to cypherpunks at toad.com using that service. The service then allocated an id to cypherpunks at toad.com and sent it mail. At 9:08 AM 8/12/93 -0700, hfinney at shell.portal.com wrote: > >A few months ago, someone subscribed to the list through the Penet service, >and it ended up revealing the Penet aliases of everyone who posted. Each >post was delivered to that subscriber marked as being from the Penet alias >corresponding to the poster. All it took was a parallel non-Penet subscription >to break the anonymity provided by Penet. > >Has this now happened again? > >At the time, there was some discussion about using "an..." versus "na..." >forms of the Penet aliases, one of which would avoid this revelation. Has >that been taken care of? Now the service requires a password, so we're safe (I hope). Stuff sent by an unsuspecting user through the list to penet will cause a bounce at penet saying something like 'are you new? set your password.' However, the way Julf set up the password setting/using is not totally secure. There is an option where you can set no password which an attacker would find useful. It wouldn't work for a mass disclosure though. The attacker would have to pick and impersonate each of his targets, and unless the attacker can intercept his victims' mail they will get stuff from penet giving them a clue that something's amiss. I suppose this is a worthy topic for this list: How do you have anonymity that allows replies and psuedonyms that can't be hacked by impersonation? One cheap way would be to not automatically include the poster's pseudonym in the recipient's copy - have it be totally anonymous like the cypherpunks remailers. Pseudonyms would be only for replies/return addresses. Actually, Julf's solution isn't too bad. Having your password in plain text on its way to the remailer is insecure, but Julf's remailer doesn't allow encryption, so you're vulnerable to a truly determined attack anyhow. Maybe Julf needs to bite the bullet and start using PGP. > >Again, I'd like to find out who it is, have them removed, and have my >new penet id cancelled. After all, this person now has email from me, >with my penet id on it, with my name signed at the bottom. If I >decide to use the penet remailer in the future, I don't want this >person to have a binding between my penet id and my real name. > > MArc If you'd set a password you'd have no problem. If you got a bounce, you're OK. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From szabo at netcom.com Thu Aug 12 18:02:55 1993 From: szabo at netcom.com (Nick Szabo) Date: Thu, 12 Aug 93 18:02:55 PDT Subject: Spooking of neural nets and image recognition... In-Reply-To: <9308122254.AA18262@netcom5.netcom.com> Message-ID: <9308130102.AA22344@netcom4.netcom.com> Are the pictures taken by ATMs good enough for automated recognition? Nick Szabo szabo at netcom.com From M..Stirner at f0.n0.z1.FIDONET.ORG Thu Aug 12 18:18:16 1993 From: M..Stirner at f0.n0.z1.FIDONET.ORG (M. Stirner) Date: Thu, 12 Aug 93 18:18:16 PDT Subject: Anonymous contact service Message-ID: <1771.2C6AD490@shelter.FIDONET.ORG> Uu> Maybe all penet users on the list should activate passwords on Uu> penet.fi. Penet may search back along the chain of addresses for any Uu> familiar address to check against it's list of password-enabled Uu> addresses. Something is way screwy with Penet lately. I have found that I have had passwords required when I had no recollection of installing them. On top of this, I am unable to use the password provision due to header grunging at the UUCP gate, in any case. . I have requested to admin at anon.penet.fi that the accounts by number be deleted in order that I can start over with fresh accounts, & despite three requests, this has not been done. Bloody annoying, but I suppose when we give Julf a big raise, _then_ I can start bitching, huh? 8-) . Speaking of related remailers, what is the status of Charcoal? ********************************************************************* * - PGP Key D30909 via servers * * > What country can preserve its liberties if its rulers are not <* * > warned from time to time that their people preserve the spirit <* * > of resistance? Let them take arms!" - Thomas Jefferson, 1787 <* ********************************************************************* ___ Blue Wave/QWK v2.12 -- M. Stirner - via FidoNet node 1:125/1 UUCP: ...!uunet!kumr!shelter!0!0!M..Stirner INTERNET: M..Stirner at f0.n0.z1.FIDONET.ORG From M..Stirner at f0.n0.z1.FIDONET.ORG Thu Aug 12 18:18:26 1993 From: M..Stirner at f0.n0.z1.FIDONET.ORG (M. Stirner) Date: Thu, 12 Aug 93 18:18:26 PDT Subject: on the inherent evil Message-ID: <1772.2C6AD491@shelter.FIDONET.ORG> Uu> From: plmoses at unix.cc.emory.edu (Paul L. Moses) Uu> Regarding the Electronic Democracy idea, I vote with Tim May. Look at Uu> the way public opinion is molded today through CNN, Tom Brokaw, Connie Uu> Chung, Oprah Winfrey, etc. One could even say that Clinton is the Uu> "Phil Donahue president" (he 'cares') - just look at the second Uu> candidate debate last fall. A talk show if ever there was one. As a Second Amendment activist, I am particularly aware of the dangers of an instant-input viewer poll bearing the weight of law following a particularly disgusting piece of BooHoo/Advocacy Broadcast Journalism. . Though I don't see how this is directly relevant to the cypherpunks thang, I do know that I am horrified at the potential for abuse inherent in the "electronic Town Hall" concept. I also find that most computer folk have wild enthusiasm for this idea while bearing no inkling of the ease with which the process could be subverted. ********************************************************************* * - PGP Key D30909 via servers * * > What country can preserve its liberties if its rulers are not <* * > warned from time to time that their people preserve the spirit <* * > of resistance? Let them take arms!" - Thomas Jefferson, 1787 <* ********************************************************************* ___ Blue Wave/QWK v2.12 -- M. Stirner - via FidoNet node 1:125/1 UUCP: ...!uunet!kumr!shelter!0!0!M..Stirner INTERNET: M..Stirner at f0.n0.z1.FIDONET.ORG From fnerd at smds.com Thu Aug 12 18:48:17 1993 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Thu, 12 Aug 93 18:48:17 PDT Subject: Democracy Message-ID: <9308130131.AA12501@smds.com> A procedural point about this democracy debate, and then a substantive (hah! didn't think I knew that word, did you?) one. It's in line with the idea of this list to keep up with possibilities and developments like electronic direct democracy ideas, and to serve as a way for people who are into things like that to get in touch with each other. But at some point the purely political aspect of the disagreement isn't especially a cypherpunk issue. I hope everybody cools off or takes it elsewhere (I don't know where) before that point. Robin Hanson's Alternative Institutions list seems like a good place for that. That said, I want to throw in my bic lighter... Democracy is bad; smarter democracy would be worse. The system we have is ravenous and stupid, but we're adapted to it. There's nothing "good" about representative democracy except that it's relatively slow-changing and we know some ways of dealing with it. If we made democracy able to respond to events more quickly, it might be smarter and better at what it does best-- prey on us. It might break past our defenses. I feel the same way about calls for efficient government. No-o-o-o-o thanks! This has nothing to do with respect for the common man. I think people are basically decent and reasonably smart. But no one has a right to take part in the crime called government, including the parts people are playing right now, much less more active parts. I think democracy evolved from standoffs in multi-way wars. Wars used to be won by body count, and at some point someone said, "Okay, we'll compromise and make peace for now, but I'm still keeping track of who's on my side, just so you don't get out of line." Voting is a way of predicting who would win a war. Which is nicer than real war, and all respect and rights are ultimately based on what other people can do, but there's nothing inherently right about democracy, and it keeps people in a sort of tense standoff, unable to trust each other. Nothing in democracy itself lets the sides make agreements and structurally keeps them from changing their minds the next day. Cumbersome, procedure-bound setups like we have actually allow those sorts of things somewhat, but not in an up-front and reliable way. Democracy doesn't hold individual voters responsible for the effects and costs of their votes. Even in our "unresponsive" democracy there's little reason for the statistical will of the people not to be flighty and untrustworthy. Technology can help somewhat in replacing the systems we have with better systems. Better would be anarchic. To me, anarchy means shifting from overarching systems for regulating and taking care of people, to ways for people to take care of their own interests. Democracy sounds like the latter, but instead of taking care of your own life, you have a sort of metaphorical surrogate--a minute influence on what happens to everybody. As usual, I would have stopped, but I thought some things I hadn't before. I'll post the body of this to AltInst and then shut up about it on this list. -fnerd quote me From mrose at stsci.edu Thu Aug 12 19:02:55 1993 From: mrose at stsci.edu (Mike Rose) Date: Thu, 12 Aug 93 19:02:55 PDT Subject: Spooking of neural nets and image recognition... In-Reply-To: <9308130102.AA22344@netcom4.netcom.com> Message-ID: <9308130201.AA15462@MARIAN.STSCI.EDU> On Thu, 12 Aug 93 18:02:06 PDT, szabo at netcom.com (Nick Szabo) said: >Are the pictures taken by ATMs good enough for automated >recognition? >Nick Szabo szabo at netcom.com Do atm's usually have real cameras? I always figured most of them were fakes. Mike From smb at research.att.com Thu Aug 12 19:08:16 1993 From: smb at research.att.com (smb at research.att.com) Date: Thu, 12 Aug 93 19:08:16 PDT Subject: CA online legislative database access Message-ID: <9308130205.AA04602@toad.com> Lance Dettweiler writes: > cypherfolks, do you have any idea what these efforts are the faint > glimmers of? Imagine a future society where *anyone* can propose law s, > not just the elite few called Legislators and identified in an Actually, this is my worst nightmare of what this country could become: a direct democracy of the most populist sort. Agreed. Let me put the issue in technical terms: you want a government with hysteresis. Call hysteresis the antidote to hysteria. The concept, if not the word, was well known to Jefferson et al. In fact, that was the reason that Senators serve six-year terms, and are elected at staggered intervals. Why? Well, there was an Op-Ed column in the NY Times recently that explained it quite well -- the instantaneous reaction of the public to certain kinds of events (like shooting up Iraqi missle batteries, or starting a war) is quite noticeable. Was George Bush really doing a much better job the day after Desert Storm started than the day before? A substantial portion of the American people seemed to think so. No, I'll pass. Our current system of government is far from perfect. But a switch to direct democracy (the technical term for what you Lance Dettweiler proposes) is not the answer. (Want more evidence -- look at the effects of the referendum and initiative process, especially in California. While it can -- and has -- acted as a check on government, a vast number of propositions have been passed that reflect either well-financed advertising campaigns or a desire to decree magic.) --Steve Bellovin From szabo at netcom.com Thu Aug 12 19:08:26 1993 From: szabo at netcom.com (Nick Szabo) Date: Thu, 12 Aug 93 19:08:26 PDT Subject: On The Inherent Evil of Electronic Democracy In-Reply-To: <9308121908.AA06721@emoryu1.cc.emory.edu> Message-ID: <9308130207.AA27537@netcom4.netcom.com> Some aspects of Electronic Democracy (like Communism, Catholicism, etc. a religion, and thus the capital letters): * We have quite a lot of it now. The mass media (CNN, newspapers, call-in radio, etc.) is "the fourth branch of government". We can send billions of pieces of junk e-mail, faxes, or voice messages to the White House and Congresscritters if we like, and they can send junk mail back. * As long as we have it, it's a good idea to at least try to provide information to the voter, so I support this bill. Cypherpunks might find some of this information useful. However, I am under no illusions that a significant fraction of voters will bother to access or read the information to any significant degree. * A basic problem with E.D. is that nobody has an incentive to vote correctly. People's political opinions can be as stupid and wrong as can be and it won't have any negative impact on their own lives, or at least none that is disproportionate or easily recognized to be a result decisions based on that opinion. Other people might have great opinions, which if implemented would solve world hunger, clean up the environment, grow the economy, etc. etc. but there is no special benefit to these people for having done their altruistic homework and arrived at effective solutions to these problems. This is not only reflected in the fact that less than half the people vote in many elections, but also in the fact that only a miniscule fraction of those who do vote know what the hell they are voting on. Including me, BTW: this isn't an elitist issue of "the masses are asses", but the fact that most of the important problems and decisions require in-depth knowledge based on years of experience, not the flipping of levers based on a few minutes per week of video clips. Contrast to the much more effective tools we have to make social decisions in a free market: what to make, what to use, what to buy, what to sell, how to be of service to other people what services to choose, etc. Good decisionmaking processes have negative feedback loops so that good opinions or decisions tend to clearly and quickly reward the decisionaker, and vice versa, and tend to benefit or harm the decisionmaker disproportionately to innocent bystanders (people making decisions about other aspects of society). The market's feedback is by no means perfect! That is why I am hyped about systems to make the feedback more effective, like the recently discussed auditing protocol, and the cypherpunks movement which I hope will free some people and markets from abusive, coercive control by those who (a) do not have our best interests at heart, and (b) have no incentive to do the homework needed to make good decisions. Regardless of how cypherpunks feel about this issue, E.D. is one of the most powerful memes making its way thru current society, and we have to deal with it. Nick Szabo szabo at netcom.com From nowhere at bsu-cs.bsu.edu Thu Aug 12 19:22:55 1993 From: nowhere at bsu-cs.bsu.edu (Anonymous) Date: Thu, 12 Aug 93 19:22:55 PDT Subject: No Subject Message-ID: <9308130131.AA14438@bsu-cs.bsu.edu> Is there any reason why a single mail address should have only one pseudonym? Along with declaring a private password, why not declare any number of public names? One password per name would be nice. Another plus - then penet could be chained between cypherpunk remailers. Now this is not possible because it identifies users with their 'From:' field. From marc at Athena.MIT.EDU Thu Aug 12 19:38:17 1993 From: marc at Athena.MIT.EDU (Marc Horowitz) Date: Thu, 12 Aug 93 19:38:17 PDT Subject: ANONYMOUS CONTACT SERVICE In-Reply-To: <9308130016.AA15644@anon.penet.fi> Message-ID: <9308130236.AA02668@hodge> >> >Again, I'd like to find out who it is, have them removed, and have my >> >new penet id cancelled. After all, this person now has email from me, >> >with my penet id on it, with my name signed at the bottom. If I >> >decide to use the penet remailer in the future, I don't want this >> >person to have a binding between my penet id and my real name. >> > >> > Marc >> >> If you'd set a password you'd have no problem. If you got a bounce, >> you're OK. I *never* had a penet account. I sent mail to cypherpunks, and I was magically allocated an ID. When was I supposed to set my password? BTW, this has happened for both accounts I use regularly, immediately after I sent mail to the lists from those accounts. The two occurrences were days apart. I think the only solution for this problem is to make id allocation *not* be automatic. I should have to explicitly request an id to send through the remailer. Marc From tcmay at netcom.com Thu Aug 12 20:12:55 1993 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 12 Aug 93 20:12:55 PDT Subject: Spooking of neural nets and image recognition... Message-ID: <9308130311.AA11786@netcom.netcom.com> >On Thu, 12 Aug 93 18:02:06 PDT, szabo at netcom.com (Nick Szabo) said: > >>Are the pictures taken by ATMs good enough for automated >>recognition? >>Nick Szabo szabo at netcom.com > >Do atm's usually have real cameras? I always figured most of them >were fakes. > >Mike I'll comment on both questions. First, Nick's question. Yes, the resolution is sufficient, especially since the faces are right in front of the camera. They're black-and-white (so far, but this will change, and the costs of small surveillance cameras will drop further), and of limited res (probably not full NTSC). But adequate for image recognition (though I've not heard of this being done, just archiving of videotapes for some time period....see the movie "Rising Sun" for some insights). Second, Mike's question. I have no idea what fraction are real cameras, but I suspect many if not most are real. Robberies and killings near ATMs are often accompanied with video footage from the ATMs, shown on television. Some of the cameras may now be dummies, but this will likely change as the costs drop further and as local communities push for more surveillance. (Speculatively, I would not be very surprised to see private companies--banks, convenience stores, daycare centers--forced to install surveillance cameras. Big Brother arrives throught the corporate liability laws? Orwell missed this one, though he got so much of it right.) Comment: The case of banks having cameras doesn't bother me much at all, as the bank already knows exactly who its customers are. That is, the surveillance is not used to gather any information the bank does not already have immediate and complete access to. A much more serious situation will arise when convenience stores, gas stations, and the like adopt the same camera systems--maybe they already are--and begin to compile customer dossiers, purchasing preferences, etc. (Credit card and check purchases are already being used, according to a CNN report I recently saw, to compile such dossiers, so that customers can be sent "customized" advertisements reminding them or making special offers. Cypherpunks can avoid using checks and credit cards, for the time being.) Understand that I don't support bans on such surveillance cameras--it is always my choice to patronize a store--but I do object to situations where the State mandates that stores have cameras or outlaws masks and other efforts to hide one's features. -Tim -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: by arrangement Note: I put time and money into writing this posting. I hope you enjoy it. From amb at cs.columbia.edu Thu Aug 12 20:38:17 1993 From: amb at cs.columbia.edu (andrew m. boardman) Date: Thu, 12 Aug 93 20:38:17 PDT Subject: Spooking of neural nets and image recognition... In-Reply-To: <9308130311.AA11786@netcom.netcom.com> Message-ID: <199308130333.AA17414@ground.cs.columbia.edu> A much more serious situation will arise when convenience stores, gas stations, and the like adopt the same camera systems--maybe they already are--and begin to compile customer dossiers, purchasing preferences, etc. Insofar as monitoring passage of people, I noted a few hours ago a new installation of cameras at the tollbooths on the George Washington Bridge, positioned to be under a meter from people's faces when they stop to fork over their $4.00. The police density at this toll plaza makes additional surveillance of would-be toll booth robbers unnecessary; while traffic analysis on the matching of facial patterns is probably out of their scope right now, it *is* a precedent, and food for thought... (Cameras in concenience stores, BTW, are entirely normal around here. FYI, the George Washington Bridge carries much, probably most, of the traffic into Manhattan and New York City...) andrew m. boardman amb at cs.columbia.edu From fergp at sytex.com Thu Aug 12 21:22:55 1993 From: fergp at sytex.com (Paul Ferguson) Date: Thu, 12 Aug 93 21:22:55 PDT Subject: Today's Quotable Notes Message-ID: <6Da88B1w165w@sytex.com> Today's "Notable quote" - "... I have to say up front I don't speak for the CIA and this is just me. I can tell you I did my doctoral work studying Soviet-East European personal computing. I have seen export controls and all that close at hand, and actually kicked the tires and things and all that. I can say I agreed nearly 100% with what Mr. Diffie said, up until he said something that surprised me, in that this room didn't shout it down. That was when he said information is less dangerous than physical things. Good God! If you believe that, I'll give you a choice. I can go to your school district and give out one hit of PCP, or I can cover the area with instructions on how to make it. All I'd ask you to keep in mind is to have some sympathy for the foreign policy-niks who know that, in a sort of frustrated air, when it's hard to move information around, it's unlikely that someone can even get an atomic bomb plan, despite the fact that we've got tens of thousands in both the former Soviet Union and in the United States. But I would fear someone giving out the Princeton dissertation and broadcasting it over the nets to all and sundry in that form -- now, given plutonium, we can make a bomb. So, information is a dangerous thing, in the right hands. I think we're all selling ourselves short if we think information is an unempowered commodity. All that said, I have to agree with everything else. Cryptography is not magic, it's math, and DES is not only here, it's on a server in Helsinki, so we have to live with the fact that information moves around. We may want to be sympathetic to the fact that there are people, in fact people without the tools that we all have here, trying to enact the current and past foreign policy. Help educate them, help tell them why these things are happening, but realize that we're disrupting a lot of things real fast." -- Ross Stapleton, Central Intelligence Agency "WHO HOLDS THE KEYS?" Friday, March 20, 1992 Chair: Dorothy Denning, Georgetown University Panel: Jim Bidzos, RSA Data Security David Bellin, Pratt Institute John Gilmore, Cygnus Support Whitfield Diffie, SunSoft, Inc. John Perry Barlow, Electronic Frontier Foundation Paul Ferguson | "Government, even in its best state, Network Integrator | is but a necessary evil; in its worst Centreville, Virginia USA | state, an intolerable one." fergp at sytex.com | - Thomas Paine, Common Sense Type bits/keyID Date User ID pub 1024/1CC04D 1993/03/15 Paul Ferguson Key fingerprint = EE D2 93 7D 04 6D C6 05 AC 36 AD 9D 8E 4F 41 58 From 72114.1712 at CompuServe.COM Thu Aug 12 21:23:40 1993 From: 72114.1712 at CompuServe.COM (Sandy) Date: Thu, 12 Aug 93 21:23:40 PDT Subject: ATM AND IMAGE RECONGITION Message-ID: <930813041951_72114.1712_FHF23-1@CompuServe.COM> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT Reply to: ssandfort at attmail.com . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Just a minor quibble to Tim May's otherwise excellent post on ATM cameras and image recognition. Tim said: Comment: The case of banks having cameras doesn't bother me much at all, as the bank already knows exactly who its customers are. That is, the surveillance is not used to gather any information the bank does not already have immediate and complete access to. Not quite true. One very good privacy technique is to use an ATM or credit card issued to someone else. How can this be done? Well, a friend (preferably a visiting foreigner) could do it for you. Or you could hire a bum (pardon; "hygienically challenged person") to do the honors. At any rate, you wouldn't want to get busted by an image recognizing ATM, now would you? S a n d y "Privacy Consultation and Services since 1978" (Sorry Duncan, got you beat by a mile) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From szabo at netcom.com Thu Aug 12 21:58:18 1993 From: szabo at netcom.com (Nick Szabo) Date: Thu, 12 Aug 93 21:58:18 PDT Subject: Spooking of neural nets and image recognition... In-Reply-To: <9308130311.AA11786@netcom.netcom.com> Message-ID: <9308130458.AA13627@netcom4.netcom.com> Here are some general ideas for "encrypting" one's image: Ear muffs, long hair, etc. (Tim May mentioned ears are good for recognition) Makeup variety Beard variety (mustache, full beard, beatnik, sideburns, etc.) False scars, moles, etc. Variety of hats & eyeglasses Realistic looking masks (available from film or theatre prop/makeup companies?) Gloves (if they start looking at hands, unique jewelry, etc.) Scarves Anything too obvious (ski mask, sunglasses at night, the masks used for the "Wired" cover, etc.) might trigger smart algorithms to red-flag the image. As usual these techniques are popularly reputed to be the special province of criminals. Only a criminal would want to avoid giving the world a dossier on where they shop, travel, withdraw money, etc. right? Alas, that may be right: I suspect only smart criminals and secret agents will go to the expense of doing this stuff; innocent trusting citizens will be the ones building their dossiers for the Security of the State. Nick Szabo szabo at netcom.com From julf at penet.FI Thu Aug 12 22:03:40 1993 From: julf at penet.FI (Johan Helsingius) Date: Thu, 12 Aug 93 22:03:40 PDT Subject: Anonymous contact service In-Reply-To: <1771.2C6AD490@shelter.FIDONET.ORG> Message-ID: <9308130542.aa12829@penet.penet.FI> Apologies for replying on the list.... > Something is way screwy with Penet lately. I have found that I have had > passwords required when I had no recollection of installing them. On > top of this, I am unable to use the password provision due to header > grunging at the UUCP gate, in any case. > . I have requested to admin at anon.penet.fi that the accounts by number > be deleted in order that I can start over with fresh accounts, & despite > three requests, this has not been done. Bloody annoying, but I suppose > when we give Julf a big raise, _then_ I can start bitching, huh? 8-) Here's why. I can't reply directly to your message, as some gateway on the way barfs on the ".." in your name. This seems to come and go. This is probably also what screws up anon.penet.fi. > repl: bad addresses: > "M. Stirner" -- no mailbox in > local-part (.) Another problem is that your address keeps changing. Thus you have several ID's on anon.penet.fi, some with passwords, some without. Your message was from m..stirner at f0.n0.z1.fidonet.org, but in your sinature you claim you are also m..stirner at f28.n125.z1.fidonet.org (or ...!uunet!kumr!shelter!0!0!M..Stirner). Julf From hfinney at shell.portal.com Thu Aug 12 22:18:18 1993 From: hfinney at shell.portal.com (hfinney at shell.portal.com) Date: Thu, 12 Aug 93 22:18:18 PDT Subject: Making the World Safe for Steganography Message-ID: <9308130514.AA26082@jobe.shell.portal.com> I agree with Tim's suggestion that it would be good if steganography and cryptography tools were widely available, especially in light of the government's obvious hostility towards cryptography. But I can't agree that these tools will be sufficient to bring about Tim's concept of "crypto anarchy", of "libertaria in cyberspace". If we really want to achieve these goals I think it will be necessary to take political action. Technology alone will not be enough. After all, even today techniques exist which would in principle allow a digital cash system to develop. Yet no such system exists. There needs to be an infrastructure, a network of bankers, sellers, users, and other participants. All this will take time to develop even in the best of cases. But if the government is actively fighting such technology, I don't see how Tim's proposed subterfuges with DAT's and CD's are going to be enough to overcome this additional barrier. Without the ability to publically negotiate the tricky issues of standards and contracts, I don't see how a financial infrastructure of the sophistication needed for digital cash could arise. As another example, suppose the government banned non-Clipper cryptography. Despite the brave comments of some, I think it would be very hard to overcome such a ban. Look at the problems PGP has had, faced merely with the relatively weak threat of patent suits (patents which have not, to my knowledge, been tested in court). PGP is constantly being taken off FTP sites based just on letters from the patent holders. Even Tim himself suggested some time back that Cypherpunks should rethink support for PGP given the patent situation. Imagine how much worse it would be if the government actually could put people in jail for using PGP. My main point is that we cannot rely on the technology to save us. A concerted government effort could, in my opinion, stifle the growth of individual liberties that cryptography may offer. Clipper is just one battle in this longer war. We can't afford to fall victim to a smug confidence that victory will inevitably be ours. If we get to the point that steganography is the only way to communicate privately, we will have lost. Hal Finney hfinney at shell.portal.com From tcmay at netcom.com Thu Aug 12 22:38:40 1993 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 12 Aug 93 22:38:40 PDT Subject: ATM AND IMAGE RECONGITION In-Reply-To: <930813041951_72114.1712_FHF23-1@CompuServe.COM> Message-ID: <9308130539.AA26767@netcom5.netcom.com> Sandy Sandfort writes: > Not quite true. One very good privacy technique is to use an ATM > or credit card issued to someone else. How can this be done? > Well, a friend (preferably a visiting foreigner) could do it for > you. Or you could hire a bum (pardon; "hygienically challenged > person") to do the honors. At any rate, you wouldn't want to get > busted by an image recognizing ATM, now would you? OK, you got me here. I wasn't thinking of cases where you might want to deceive your own bank! By the way, the folks you referred to as bums no longer like to be called the "hygienically challenged." Now in vogue is "differently odored." Only a few days ago in sci.astro I had to correct someone who was using the unacceptable term "brown dwarf." My Politically Correct Online Dictionary automatically corrected that to the more sensitive term "differently-sized star of color." (To non-U.S. residents to whom this joke may be puzzling, "cripples" became "handicapped," then "disabled," then "physically challenged," and are now, last time I heard, to be called "differently abled.") The only real Cypherpunks links are the general political aspects and the very important issue that in cyherspace we'll be able to be as politically incorrect and oafish as we wish. The anonyomous remailers are just the start. Of course, the easily offended will also have the easy option of tuning out speech they don't want to hear. I'll take the "technology of disconnection" (Kevin Kelly, "Whole Earth Review") over "electronic democracy" any day. -Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From tcmay at netcom.com Thu Aug 12 23:58:19 1993 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 12 Aug 93 23:58:19 PDT Subject: Cypherpunks, Politics, and Deployment In-Reply-To: <9308130514.AA26082@jobe.shell.portal.com> Message-ID: <9308130655.AA05100@netcom5.netcom.com> Cypherpunks, Politics, and Deployment I'll begin by addressing Hal's points about my latest comments on steganography, move on to some comments about the niche that Cypherpunks occupy contrasted with those occupied by such political action groups as the EFF and CPSR, and close by mentioning some exciting possible developments in using digital money and crypto methods for developing actual, legal banks and for moving data packets around in a new kind of network (called "Digital Silk Road" by its inventors). This to show my version of Eric's "Cypherpunks write code" (even if some of us mostly just write words!). Hal Finney writes: > I agree with Tim's suggestion that it would be good if steganography > and cryptography tools were widely available, especially in light of > the government's obvious hostility towards cryptography. > > But I can't agree that these tools will be sufficient to bring about > Tim's concept of "crypto anarchy", of "libertaria in cyberspace". If > we really want to achieve these goals I think it will be necessary to > take political action. Technology alone will not be enough. Oh, I agree with you! I've never believed it will be easy, or will happen naturally, or will even happen as I, and others, think it may. The real future will have a lot of surprises in store for us. But we can speculate, help to flesh out visions, and look at possibilities. Orwell did this with "1984," Vinge did it with "True Names," and Stephenson did it recently with "Snow Crash," to name just a few of the "futurology" novels that have influenced some of us a lot. > After all, even today techniques exist which would in principle allow > a digital cash system to develop. Yet no such system exists. There > needs to be an infrastructure, a network of bankers, sellers, users, and > other participants. All this will take time to develop even in the best > of cases. Agreed, and how it develops may surprise us. Maybe movie rentals will be the first use, because of the politically correct issue of rental privacy. Maybe toll roads in Europe will use digital money, as Chaum has been negotiating for. Implementing digital money deep inside the world of software and data may be even more promising. Smart objects, agoric payment for storage, for security, and for transmission, may be some early areas of application, as the last section of this posting will report. And this area will not require much political action at all...in fact, it's probably best that we simply avoid telling the bureaucrats what's going on at all. Present them with a fait accompli, as we (the "technological we") did with personal computers, Xerox machines, VCRs, and even the Internet itself. > But if the government is actively fighting such technology, I don't > see how Tim's proposed subterfuges with DAT's and CD's are going to be > enough to overcome this additional barrier. Without the ability to The steganography stuff is truly minor compared to other stuff. Please don't let my one big post on this ("Making the World Safe..."), or the quotes by Kelly about me holding up a DAT tape, lead you to believe I think this is central. For the articles in "WER" and the "Village Voice" it just made for a good, easily understandable image of the point that bits are essentially uncontrollable, that if the Soviets couldn't stop samizdats, then the governments of the West are surely not going to be able to halt bits at the border, or control what bits are on the screens of millions of computers. > My main point is that we cannot rely on the technology to save us. A > concerted government effort could, in my opinion, stifle the growth of > individual liberties that cryptography may offer. Clipper is just one > battle in this longer war. We can't afford to fall victim to a smug > confidence that victory will inevitably be ours. If we get to the point > that steganography is the only way to communicate privately, we will have > lost. Well said, Hal. Certainly political activism is important. But so is demonstration of actual technological paths. The political side has been fairly well-covered, with EFF, CPSR, the ACLU, and other groups fighing various battles (and missing others, or even taking the "wrong" side on some issues...but such is life). The niche I think our group fills (and many members of EFF, CPSR, the ACLU, and such, are in our group, too) is that of being a group that is actually playing around with these various technologies. There are groups of amateur cryptanalysts, of which we do very little or none, and there are groups of ham radio enthusiasts, and so on. These groups are similar to us in some respects, except that none of them are investigating the same set of things we are. Who else is attempting to actually _implement_ the ideas we are, at least as an entire set? (I'm not suggesting we Cypherpunks take the credit for PGP, which was already out (in Version 2.0, no less) just as our first meeting was happening, nor can we claim to have invented anonymous remailers, as Julf, Kleinpaste, and others were already doing this--and Chaum wrote his "mix" paper in 1981. But we were and are "involved" in various ways, as Hal himself was/is so prominently.) No other group, so far as I know, has the same self-chosen charter we have, to build and deploy systems involving "modern" cryptology in all its many forms and to develop workable approaches to using these technologies--public key crypto, digital money, dining cryptographers nets, anonymous remailers, reputation markets, digital escrow services, data havens, etc.--in new ways. My point is that Cypherpunks fill an important ecological niche, that the lawyers and political activists cannot completely fill themselves. Nor do their interests lie in this area. We complement each other. And let me give fair warning: I don't think digital money and "crypto anarchy" will ever happen in this country via the political process. Rather, it'll happen through surprising, sudden shifts in the way people do business, such as the way the Internet developed without real legislative sanction (I'll grant it was never completely ignored, and was subject to some kinds of laws. But mostly it just grew. This is certainly not to say digital money will grow in an analogous way. But anonymous reputation markets might, for example. Or offshore data havens. Unless and until international phone lines are cut, it's hard to imagine any law stopping such things. An outright ban on non-Clipjacked encryption would of course be a major obstacle. Hence the need to fight that with every weapon at our disposal.) In any case, I personally am lousy as a political organizer and have no interest in this. Personally speaking, to repeat. For those who do have the skills, great! Let me also remind readers that one mostly "political" achievement was the creation of the alt.whistleblowers group. Though time will tell whether this really changes things or not, it has the potential to. This is just one example. Let me close by citing some interesting developments which have not gotten much discussion here on the main list. While the "CryptoStacker" debate was raging a while back on the List, other developments were continuing. At the last Cypherpunks meeting, there was an excellent discussion of how to to use existing laws to set up a form of bank that would do business with digital money and that could use various crypto techniques to enhance its business. (I expect this is a cryptic enough summary!) I won't comment further, as the originator and developers can comment on what they feel can be said on a public list. (They spoke at the meeting without getting Nondisclosure Agreements, and the Cypherpunks meetings are explicitly public, but it's still best if I let the developers themselves do the talking.) At the same meeting, Dean Tribble and Norm Hardy described their work on "Digital Silk Road," a system for paying for packet transmissions using digital money. (Their documents are available in the ftp site netcom/pub/joule in PostScript, RTF, and text formats.) This proposed system uses digital money and yet would require almost no legislative approval (I can't see how _any_ legal approval would be needed initially, though when real transactions get big enough, the Tax Man and his FTC/FCC brothers may stick their noses in). This system could revolutionize the way packets of data are moved around and could be the fait accompli I cited earlier. If this succeeds (long odds of course against any specific idea hitting big), then this could introduce digital money and "Cypherpunks-style" ideas ubiquitously and uncontrollably. These developments could shape the future of cyberspace significantly. Cypherpunks, we are making progress slowly but surely. -Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From ld231782 at longs.lance.colostate.edu Fri Aug 13 00:08:19 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Fri, 13 Aug 93 00:08:19 PDT Subject: Electracy: Evil Revisited Message-ID: <9308130703.AA01369@longs.lance.colostate.edu> Buried in my latest delirious rant were multiple *pragmatic* descriptions of Electronic Democracy, and to my great chagrin all have been virtually completely ignored, save one thoughtful soul responding to me in email, who I've exhorted to post to the list. Where is the picking apart of the pieces? I expected the highly suggestive details to be pounced on like scrumptious food for further thought or (more likely) carrion for vultures, but instead get the standard vague marshmallow-philosophical Libertarian and Anarchic Promotional Literature. I'm really quite amazed at all the deathly pessimism and antipathy herein toward genuinely improving our governmental system. It seems that many believe that the natural state of `their' government is oppression, and that the goal is only to minimize it. The perverted Majority is fundamentally and invariably Untrustworthy, Capricious, and Painfully Stupid. It is always stated in terms of Us and They. But *we* *are* our government. How can it not be more obvious? What does it say about our character if we are resigned to deprivation? As I've already stated, the future will hold many developments that will gradually shift opinion, and give working models that won't be subject to immediate ridicule and vague philosophical ramblings about Inherent Evil. It seems everyone here is interested in debating the issue in terms of how they see government, how it has functioned in the past, *irrespective* of any novel mechanisms presented (which I took great pains to put on the table, to specifically address virtually all objections, with the same dramatic effect of shouting at a chasm). I've written about this in the past, and will write about it in the future, but for now I'm going to focus on a comment by N. Szabo , to elaborate on an earlier item everyone conveniently ignores: [electronic democracy (electrocracy? electracy?)] >* A basic problem with E.D. is that nobody has an >incentive to vote correctly. People's political opinions >can be as stupid and wrong as can be and it won't have any >negative impact on their own lives, or at least none that >is disproportionate or easily recognized to be a result decisions >based on that opinion. Other people might have great opinions, which >if implemented would solve world hunger, clean up the environment, >grow the economy, etc. etc. but there is no special benefit to these >people for having done their altruistic homework and arrived at effective >solutions to these problems. Here are some ideas that my lone anonymous respondent picked up on, but that I've been taking as obvious and given, perhaps because I've thought about it for a long time, and overestimated the imagination of the reader (quite unexpected in this crowd). To make this more specific and tangible, consider a system where people can choose to vote non-anonymously (choosing to vote anonymously is of course always permitted). Now suppose that a `vote' is not something static but rather a pledge of support for a proposal that can vary over time. That is, one can revoke or increase support of a proposal over its entire lifetime, not at an instantaneous blip in a curtained booth. Further, imagine that people can propose different categories for bills such as National, Local, Environmental, Law Enforcement, Infrastructure Maintenance, National Information Infrastructure, Unemployed Programmers, etc. ad infinitum ad nauseam. When a bill is created the creator suggests the category. Categories are created and deleted by anyone. Others can propose the same bill in a different category if they think it merits it. People can refuse to vote on bills or against them based on the classification. Now imagine that everone has Status or Credit associated with their votes in any category. Under certain circumstances, with a certain amount of global support or combination of support based on tabulation of votes and the status (weight) associated with each, a bill becomes Law. The requirements for a bill to become National Law are themselves subject to modification but of course eventually stabilize (a bill to modify the current voting system itself can be introduced under the system). However, a whole set of different characteristics can be associated with bills that become Laws in each category (again subject to modification), and many less `formal' laws can be passed with less constriction in smaller spheres. When a new category is proposed under the system itself, the presenter also indicates that `status formula' associated with it. The status or `credit' is such that it can be impacted in various ways. If one consistently voted for bills in a category who declined in support, one's status in that realm would be diminished by intrinsic mechanisms (remember, a `vote' is dynamic and can change over time based on the owner's `maintenance'). Note that this can be done even with an anonymous voting record by an automated but concealed system. Also, there might be a way that people can trade their status to others whom they admire or respect in that category, based on past experience or their non-anonymous voting record. The status of people might become closely associated with not just their proposals of bills but their successful *real* implementation of them. Under this system, the status becomes very much like a currency system! The `status' itself of people may be advertised or hidden for further effect. (``How much is he worth, anyway?'') In fact, it is not really the case that this system sounds like today's currency, it is the case that our monetary system is actually a very small microcosm of this future Electronic Democracy. Look at all the synonyms associated with money: Power. Status. Influence. Money is the economy's built-in `voting mechanism'. It is an abstraction that, when implemented, causes a competition for improvement and superiority, an *incentive* for *evolution* and *success*. Similarly, under the new system sensible classifications, status formulas, and bills will prosper and persist, while nonsensical, inferior, and obsolete ones will die out. These ideas are all very cypherpunkesque in their allusions to digital cash, reputations, social upheaval, `anarchy' in the sense of a government so unobtrusive and natural it is virtually invisible yet omnipresent (sort of like God, eh? ah, well, a good role model.) I call on patriotic and guerilla cypherpunks to implement this system, to be a model for the world! all the critical features of technology are already in place -- methods of providing universal communication called `email', guaranteeing accurate voting via authenication called PGP, a widespead `proposal dissemination and discussion system' called Usenet, a library for past proposals and bills and resolutions called FTP. I guarantee that by *far* this will be the most important of all cypherpunk projects, if in the amazing odds it were actually adopted by one (considering the recent formidably frosty reception, currently all that is left of my attempt at a burgeoning snowball is a Dissolving Drip in Hell). In fact, the sheer dischordant cacophony on this group might be ameliorated through such a system. Imagine that we as a group (the most disorderly and uncooperative group ever to be called one) could vote and stabilize Cypherpunk Resolutions. (Nah -- some things are just fundamentally impossible.) From ld231782 at longs.lance.colostate.edu Fri Aug 13 00:22:56 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Fri, 13 Aug 93 00:22:56 PDT Subject: NSA Requests Delay in CPSR Clipper Lawsuit Message-ID: <9308130722.AA01574@longs.lance.colostate.edu> Tidbits: NSA has classified an `entire Federal program in substantial part' surrounding Clipper. Also, CPSR filed similar suit over NSA secrecy & classification of DES. Note: This is a standard NSA tactic, evasion by delay. They don't respond to FOIA requests in the legislated time frame (1-2 weeks) using the same delay technique. Maybe if we send nasty email to the laywers all will be well =) ===cut=here=== From: Dave Banisar Organization: CPSR, Washington Office Subject: NSA Asks For One Year Delay in Clipper Case NSA Seeks Delay in Clipper Case The National Security Agency (NSA) has asked a federal court for a one-year delay in a lawsuit challenging the secrecy of the government's "Clipper Chip" encryption proposal. The suit was filed by Computer Professionals for Social Responsibility (CPSR) on May 28 and seeks the disclosure of all information concerning the controversial plan. In an affidavit submitted to the United States District Court for the District of Columbia on August 9, NSA Director of Policy Michael A. Smith states that NSA's search for records responsive to [CPSR's] request is under way, but is not yet complete. Because the Clipper Chip program is a significant one involving the participation of organizations in four of NSA's five Directorates and the Director's staff, the volume of responsive documents is likely to be quite large. Moreover, because the Clipper Chip program is highly complex and technical and is, in substantial part, classified for national security purposes, the review process cannot be accomplished quickly. CPSR called for the disclosure of all relevant information and full public debate on the proposal on April 16, the day it was announced. While NSA has insisted from the outset that the "Skipjack" encryption algorithm, which underlies the Clipper proposal, must remain secret, the Smith affidavit contains the first suggestion that the entire federal program is classified "in substantial part." In the interest of obtaining timely judicial review of the agency's broad classification claim, CPSR intends to oppose NSA's request for delay in the court proceedings. In another case involving government cryptography policy, CPSR has challenged NSA's classification of information concerning the development of the Digital Signature Standard (DSS). The court is currently considering the issue and a decision is expected soon. CPSR is a national public-interest alliance of computer industry professionals dedicated to examining the impact of technology on society. CPSR has 21 chapters in the U.S. and maintains offices in Palo Alto, California, and Washington, DC. For additional information on CPSR, call (415) 322-3778 or e-mail . From jonb at isltd.insignia.com Fri Aug 13 00:32:57 1993 From: jonb at isltd.insignia.com (jon barber) Date: Fri, 13 Aug 93 00:32:57 PDT Subject: [uk.transport] Speed Camera with OCR Message-ID: <3877.9308130728@panacea.insignia.co.uk> The Oxfordshire police force here in the UK have introduced speed cameras. The way they work is to use radar to check oncoming cars speeds, and if its over the limit the camera takes a picture of the cars number plate. I guess a human back at police HQ has to do the bit about reading the plate, and then a fixed fine is sent through the post. They admit that there's a lot of dummy speed camera warning signs, as they only have 3 to cover the whole of the county. What they do is move the cameras around every now and then. Most regular motorists know where they are, as they're easy to see - big grey boxes in the middle of the road. Apparently ( I have no figures ) they've been a great success and police are amazed at how much speeding goes on ( I'm not ). Jon. From szabo at netcom.com Fri Aug 13 00:58:20 1993 From: szabo at netcom.com (Nick Szabo) Date: Fri, 13 Aug 93 00:58:20 PDT Subject: Electracy: Evil Revisited In-Reply-To: <9308130703.AA01369@longs.lance.colostate.edu> Message-ID: <9308130756.AA00697@netcom4.netcom.com> While I'm dubious about the trend towards E.D. with our current physically-bounded, coercive governments, I'm quite interested in this proposal which seems to (embedded within the hoopla :-) be for starting an E.D. system outside the boundaries of normal government, a virtual area of what Extropians call "Privately Practiced Law" (PPL) within the anarchy of the Internet. The Extropian list (extropians-request at gnu.ai.mit.edu) has been experimenting with a kind of mini-totalitarian justice system for a while, and we are now experimenting with the Hawthorne Exchange reputation market. Both experiments have revealed much room for improvement, but they are valuable as tentative first steps towards virtual PPLs, an important part of the cypherpunks vision. It would be quite interesting to set up an E.D.-based PPL, with both public reputation-based and anonymous voting. Especially interesting, but seemingly difficult, would be mechanisms for evauluating the consequences of specific laws being enacted, so those benefits or penalties could be fed back and added/deducted from accounts of those who voted for for/against the law. Quite interesting! I look forward to more specifics, perhaps I'll think of some myself. Nick Szabo szabo at netcom.com From szabo at netcom.com Fri Aug 13 01:08:20 1993 From: szabo at netcom.com (Nick Szabo) Date: Fri, 13 Aug 93 01:08:20 PDT Subject: [uk.transport] Speed Camera with OCR In-Reply-To: <3877.9308130728@panacea.insignia.co.uk> Message-ID: <9308130806.AA01571@netcom4.netcom.com> They tried robot-photo speeding tickets in Pasadena, California a few years ago, but I understand the judge threw out all the challenged tickets and they discontinued the practice. We might see automatic tickets reincarnated a few years hence when the highway starts reading bar codes on our cars. Then you'll get a ticket if you arrive at your destination sooner than is deemed proper! Bar code forgery might become popular (and necessary for those of us who don't want government dossiers of every trip we make). Nick Szabo szabo at netcom.com From karn at qualcomm.com Fri Aug 13 01:08:26 1993 From: karn at qualcomm.com (Phil Karn) Date: Fri, 13 Aug 93 01:08:26 PDT Subject: [uk.transport] Speed Camera with OCR In-Reply-To: <3877.9308130728@panacea.insignia.co.uk> Message-ID: <9308130806.AA17560@servo> Speaking of dummy speed traps, there's a great one on the road to Aspen, Colorado (don't remember offhand the town name or the route, but it's east of Aspen on the only road there). Driving toward Aspen on a two lane road, we suddenly saw the classic small-town speed trap: a cruiser parked off the other side of the road, facing us with a radar gun pointed out the window and a cop in the front seat. Only as we went by did it become obvious (to me at least) that it was a fake! I stopped and went back with my camera to get a closer look. The car was just an empty shell that had been rescued from the junkyard, and the dummy in the front seat wasn't exactly up to Disney AudioAnimatronics standards, if you know what I mean. But seen from a distance in a moving car, it had the desired effect... Don't forget low-tech! Of course, for those towns more interested in collecting money than in getting people to slow down, this particular approach may not appeal to them. Phil From tcmay at netcom.com Fri Aug 13 01:32:56 1993 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 13 Aug 93 01:32:56 PDT Subject: T R A F F I C C I T A T I O N In-Reply-To: <9308130806.AA01571@netcom4.netcom.com> Message-ID: <9308130831.AA12898@netcom5.netcom.com> > They tried robot-photo speeding tickets in Pasadena, California a > few years ago, but I understand the judge threw out all the > challenged tickets and they discontinued the practice. We might > see automatic tickets reincarnated a few years hence when the highway > starts reading bar codes on our cars. Then you'll get a ticket > if you arrive at your destination sooner than is deemed > proper! Bar code forgery might become popular (and necessary > for those of us who don't want government dossiers of every trip > we make). > > Nick Szabo szabo at netcom.com T R A F F I C C I T A T I O N Distance travelled: 14.31 miles. Time elapsed: 13.86 minutes. Average speed: 61.95 MPH Speed Limit: 55 MPH Excess Speed: 6.95 MPH Penalty: 6.95 x $50 = $347.50 This is your 8th speeding ticket in the past 23.17 months. Your accumulated excess speed penalty is 81.03 MPH, resulting in an additional $519 surcharge for abusing the National Health Care Plan through dangerous driving. Your insurance rates have also been automatically increased $125 per year for each ticket. If you wish to contest this, pay the fee, pay a $425 court fee, and bring your own evidence. We estimate your court date will be 7.23 years from now. Have a nice day. From kelly at netcom.com Fri Aug 13 02:53:28 1993 From: kelly at netcom.com (Kelly Goen) Date: Fri, 13 Aug 93 02:53:28 PDT Subject: Second Tier remailers ... Message-ID: <9308130954.AA08659@netcom.netcom.com> To All, The idea of second tier remailers may be MUCH more palatable to all to run as they add more hops in the chain... as they dont introduce such a visible liability to the operator they could possibly be a LOT easier to propagate than first tier remailers. One additional facility neede is the ability to recognize a signed and/or encrypted control message to update their remailer maps from a periodic posting...maybe this last needs a lot of thought. cheers kelly -- From jsc at monolith.MIT.EDU Fri Aug 13 04:22:57 1993 From: jsc at monolith.MIT.EDU (Jin S Choi) Date: Fri, 13 Aug 93 04:22:57 PDT Subject: Home Banking Patent Message-ID: <9308131120.AA06925@monolith.MIT.EDU> I'm surprised I haven't seen any discussion of this at all. Is anyone else just a little surprised at this patent? I was using a home banking system in the early 80s; when did this Online Resources & Communications Corp. file for their patent? Does anyone know where I can find more info on this patent? What it covers, and so forth? Is anyone gearing up to fight this? From M..Stirner at f0.n0.z1.FIDONET.ORG Fri Aug 13 04:48:24 1993 From: M..Stirner at f0.n0.z1.FIDONET.ORG (M. Stirner) Date: Fri, 13 Aug 93 04:48:24 PDT Subject: anonymous contact ser Message-ID: <1791.2C6B7915@shelter.FIDONET.ORG> -=> Quoting Uucp to All <=- Uu> Apologies for replying on the list.... That's OK with me. This probably answers some questions for a few others, too. Uu> Here's why. I can't reply directly to your message, as some gateway on Uu> the way barfs on the ".." in your name. This seems to come and go. Uu> This is probably also what screws up anon.penet.fi. This is extremely interesting! This "problem" was supposedly fixed some time ago, but this is why I have alternate accounts elsewhere with more common names. In any event, I will pass this information along to the proper persons. > repl: bad addresses: > "M. Stirner" -- no mailbox in > local-part (.) This is yet another problem that was supposedly repaired - it should read m..stirner at f28.n125.z1.fidonet.org, but a curious glitch in the BBS reply software that handles conversions of mailings to conferences & automatic routing of replies periodically enters all zeroes in the "f" & "n" fields. I will pass this along, also. Uu> Another problem is that your address keeps changing. Thus you have Uu> several ID's on anon.penet.fi, some with passwords, some without. Your Uu> message was from m..stirner at f0.n0.z1.fidonet.org, but in your sinature Uu> you claim you are also m..stirner at f28.n125.z1.fidonet.org (or Uu> ...!uunet!kumr!shelter!0!0!M..Stirner). Yes, the zeros are wrong & were inserted by software out of my control. I also have different addresses, true enough, but there is no f0.n0.z1 in fido; that address is a software error. I suspect it'll be on this message, too. STILL....the problem I have is not addressed: I cannot make a multi-line header (as in the required "X-Anon-Password: password" line) work through this UUCP gate, as far as I can tell. I have been attempting to route my mail to the penet remailer via other cypherpunks remailers with the syntax: :: Request-Remailing-To: anon at anon.penet.fi From: anXXXXXX at anon.penet.fi X-Anon-Password: password X-Anon-To: alt.foolishness But I am not sure if the cypherpunk remailer's address conflicts with my From: field or not - I _think_ it does. If so, I cannot use password header lines unless anon.penet.fi can handle having blank lines between the header fields: To: anon at anon.penet.fi From: anXXXXX at anon.penet.fi X-Anon-Password: password X-Anon-To: alt.foolishness The above header will pass the UUCP gate here. Without the blank lines, the header gets grunged after the To: anon at anon.penet.fi line. . Thank you for your personal attention to this vexing problem. . ~ . M. ___ Blue Wave/QWK v2.12 -- M. Stirner - via FidoNet node 1:125/1 UUCP: ...!uunet!kumr!shelter!0!0!M..Stirner INTERNET: M..Stirner at f0.n0.z1.FIDONET.ORG From honey at citi.umich.edu Fri Aug 13 05:58:25 1993 From: honey at citi.umich.edu (peter honeyman) Date: Fri, 13 Aug 93 05:58:25 PDT Subject: Secure voice software issues Message-ID: <9308131255.AA23722@toad.com> > do not use error correction or compression. (they will slow you down) huh?!? my file transfer times would *double* if i turned off v.42bis (modem compression). *that* would slow me down. and you can't run v.42bis without running the error handling protocol (v.42), for obvious reasons. what's more, v.42 gives an immediate 20% (or so) increase in throughput, by eliminating start and stop bits. arguably, i could (and should) be running compression in my slip or ppp driver, but certainly it is false to say that v.42bis and v.42 slow me down -- the opposite is true. > and tcp does it's own error correction. as for 160ms round trip times > that is acceptable for slip. i don't much care about round-trip times, as i use my slip line principally for afs, which runs as a data stream. round-trip delays are amortized over file transfers. phil karn's points about modem buffering interfering with type-of-service queueing are the strongest condemnations of modern modems, in my view. i wish someone would build a modem that recognized ip packet framing. peter From cme at ellisun.sw.stratus.com Fri Aug 13 07:02:58 1993 From: cme at ellisun.sw.stratus.com (Carl Ellison) Date: Fri, 13 Aug 93 07:02:58 PDT Subject: >Clipper trapdoor? Message-ID: <9308131359.AA16791@ellisun.sw.stratus.com> >Message-Id: <00541.2828009147.4718 at washofc.cpsr.org> >From: David Sobel >Date: Thu, 12 Aug 1993 14:01:54 EST >Subject: Re: >Clipper trapdoor? David, You wrote: >[...] I think the question you raise is a critical one -- under what >guidelines will the escrow agents determine the validity of an NSA >request for the key without a FISA warrant? If I were the NSA, I would *never* permit a key request to leave the building at Ft. Meade. The fact that it wanted a given key is, itself, intelligence. I am one person who believes that the gov't would never be able to establish a key escrow agency secure enough even for my customers (Stratus customers: already extra-careful purchasers of high priced fault tolerant equipment: banks, large funds transfer people, stock brokers, hospitals, ...). It's too cheap for organized crime to bribe or break in at the escrow agencies. Therefore, I'm on record as a commercial crypto consultant recommending against any customer of ours using any escrowed-key mechanism, no matter how strong the algorithm or how trustworthy the key generation process. If the agency is too flaky for me, they're bound to be too flaky to be trusted with a paper trail of NSA's eavesdropping targets. The traffic analysis of that trail would be worth an absolute fortune. I'd give it a week before it was compromised. So: I wouldn't go to the escrow agencies in any way at all. ---------- Now, there was an interesting thing from DERD the other day -- that the original key generation mechanism is out, replaced by one which is classified (for nat'l security reasons, I assume). ---------- As I mentioned in alt.privacy.clipper the other day, if I were the NSA I would: 1. pick a *very* secure block cryptosystem (secure enough for them to use to send top secret crypto keys around the world, where the enemy is sure to intercept the message) 2. encrypt the chip's serial number in that algorithm, using a single key which only the agency knows 3. use the output of that encryption as the chip's key [that output will look totally random to the outside observer, because the encryption algorithm is so good] 4. make the two escrow copies, as before, and deliver them to the escrow agencies 5. keep the key generation process secret, for fear of inciting rebellion among civil liberties groups ----------- - Carl P.S. One of my questions for CSSPAB was why the key generation procedure didn't just use a hardware random number generator. That's the accepted practice and there's no reason to classify it. P.P.S. Is there any way to get NIST to answer my list of 22 questions? From smb at research.att.com Fri Aug 13 07:12:58 1993 From: smb at research.att.com (smb at research.att.com) Date: Fri, 13 Aug 93 07:12:58 PDT Subject: Spooking of neural nets and image recognition... Message-ID: <9308131408.AA25592@toad.com> Insofar as monitoring passage of people, I noted a few hours ago a new installation of cameras at the tollbooths on the George Washington Bridge, positioned to be under a meter from people's faces when they stop to fork over their $4.00. The police density at this toll plaza makes additional surveillance of would-be toll booth robbers unnecessary; while traffic analysis on the matching of facial patterns is probably out of their scope right now, it *is* a precedent, and food for thought... Well -- the cameras may have been prompted by the fact that the toll booths at the GWB have been the targets of armed robberies several times of late... FYI, the George Washington Bridge carries much, probably most, of the traffic into Manhattan and New York City...) Most? Hardly. Don't forget the bridges and tunnels from Brooklyn and Queens, and the two tunnels from New Jersey, and... From rarachel at ishara.poly.edu Fri Aug 13 07:52:58 1993 From: rarachel at ishara.poly.edu (A1 ray arachelian (library)) Date: Fri, 13 Aug 93 07:52:58 PDT Subject: Beepers can also be used to track you down! In-Reply-To: <9308130806.AA01571@netcom4.netcom.com> Message-ID: <9308131050.AA28463@ishara.poly.edu> While you're at it, don't forget to mention that beepers have a "ping" option in them. If you were a crook on the run, and you were stupid enough to not have ditched your beeper you can easily be tracked down. The beeper ping command can be used (supposedly) to track down stolen or lost beepers. The Ping itself also disables the beeper from that point on. Basically, they'd send pings to your beeper throughout the city they expected you in, then they'd find out which cell you were in. After that, they can use a small radar-like gun to actually find your beeper, also by pings. There's probably a way to disable the transmitter in the beeper, but I wouldn't want to mess with a device that tiny. Right now, this is all fine and great, but what would happen when your company pays for the beeper and decides to track you down and see if you actually did have your beeper off when you said it was off so you wouldn't be bothered at home??? I'd say that's a major privacy tresspass right there. Of course there's always the "button" technology which basically tracks down employees.... From pmetzger at lehman.com Fri Aug 13 07:53:26 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Fri, 13 Aug 93 07:53:26 PDT Subject: Electracy: Evil Revisited In-Reply-To: <9308130703.AA01369@longs.lance.colostate.edu> Message-ID: <9308131451.AA13358@snark.lehman.com> "L. Detweiler" says: > Buried in my latest delirious rant were multiple *pragmatic* > descriptions of Electronic Democracy, and to my great chagrin all have > been virtually completely ignored, save one thoughtful soul responding > to me in email, who I've exhorted to post to the list. Where is the > picking apart of the pieces? I expected the highly suggestive details > to be pounced on like scrumptious food for further thought or (more > likely) carrion for vultures, but instead get the standard vague > marshmallow-philosophical Libertarian and Anarchic Promotional Literature. Look, people on this list have many different political views. Political views qua political views do not belong on this list. However, you seem to insist. I will therefore indulge you. > I'm really quite amazed at all the deathly pessimism and antipathy > herein toward genuinely improving our governmental system. It seems > that many believe that the natural state of `their' government is > oppression, and that the goal is only to minimize it. The perverted > Majority is fundamentally and invariably Untrustworthy, Capricious, and > Painfully Stupid. It is always stated in terms of Us and They. But > *we* *are* our government. How can it not be more obvious? What does it > say about our character if we are resigned to deprivation? WE ARE NOT OUR GOVERNMENT. I have an interesting fact for you, Mr. Detweiler. I did not choose the government I live under. I chose none of its parts, agreed to none of its actions, selected none of its members (not one person I've ever voted for has been elected, and I only vote in self defense, not as an endorsement of the system), and I agree with virtually none of its actions. Sadly, this is the best country I know of to live in, so leaving is not an option. However, don't for one minute claim that this is *my* government. It is the government that rules me, to be sure, but it is my master, not my servant. I would not choose to have it operate as it does were I given the choice. It is not mine. Perhaps you are in control of the government, in which case I would ask that you explain to your servants in Washington that I am not undertaxed, am old enough to choose my own lifestyle and decide for myself whether I should ingest any chemicals I happen to find, can fend for myself in negotiating with employers and shopkeepers, and in general have no desire for their protection or, as I view it, opression. So far as I can tell, government is run Of the Bureaucrats, By the Bureaucrats, For the Bureaucrats. It is an oozing flatulent behemoth that eats everything in sight and then blames the state of its victims on the fact that it doesn't have enough to eat. The very notion of voting on issues makes no sense. From whence does the majority gain the right to rule me? If five people are sitting in a room, and three of them vote to rape the other two, that does not make it right. If one hundred people are sitting on a desert island, and 70 of them vote to enslave the other 30, that does not make it right. If a gang of 15 people comes upon a couple sitting in a park, and they decide to hold an "election" to decide whether or not to beat up the other two, that does not lend legitimacy to the actions of the 15. Why, then, should the whims of 100 million people sitting in their living rooms with video game consoles decide the fate of those who find themselves on the losing end of the vote? In ancient Athens, they had a direct democracy. Allow me to describe to you what they did with it. Among other fun practices, like enslaving half the population because they felt like it, the Athenians would periodically get together and decide they wanted to kick someone out of town, so they would get together Ostracons, meaning pottery shards, and write down the names of the folks they didn't like on them. The guy who got the most Ostracons was Ostracized. Fun folks, eh? Well, thats what you want to do, but on a national scale. Athens would periodically get a charismatic leader, like Pericles, who would manage by demagoguery to take control and impose nearly dictatorial rule. (The word demagogue comes from the same greek roots as the word democracy, by the way). Imagine if every year only one company was allowed to make cars, and we picked the company by vote. One year we would get Chryslers, and one year Fords, and we could never compare them or choose a car of our own desiring. We would just get this massive campaign every year for the franchise. Well, everything government does is like that -- no chance for comparison, no efficiency, choices made on the basis of short and massive campaigns, and no sense. I will be happiest when all that is forbidden is initiating force against others or their property. I will be reasonably happy when the government is crippled enough that it can make no decisions -- the founding fathers tried that, and sadly it didn't work for long, but it did last for a while. It is often said that no man's life, liberty or property are safe when the legislature is in session. In an Electronic Direct Democracy the legislature will never be out of session. It will rule people's lives like the most iron-fisted dictatorship you can imagine. People often confound liberty and democracy. The one means freedom -- the other is merely a form of government. Democracy does not necessarily generate liberty, and more democracy does not mean more liberty. Perry From rarachel at ishara.poly.edu Fri Aug 13 07:58:26 1993 From: rarachel at ishara.poly.edu (A1 ray arachelian (library)) Date: Fri, 13 Aug 93 07:58:26 PDT Subject: [uk.transport] Speed Camera with OCR In-Reply-To: <3877.9308130728@panacea.insignia.co.uk> Message-ID: <9308131054.AA28483@ishara.poly.edu> > The Oxfordshire police force here in the UK have introduced speed > cameras. The way they work is to use radar to check oncoming cars > speeds, and if its over the limit the camera takes a picture of the > cars number plate. I guess a human back at police HQ has to do the > bit about reading the plate, and then a fixed fine is sent through There's a cure for this. Get neon license plate lights instead. This will work at night at least. Have you ever seen a car with them pass you by? It makes the license plate illuminated, but almost impossible to see! (Although, they might resort to IR cameras to take your picture as well!) From frissell at panix.com Fri Aug 13 09:08:27 1993 From: frissell at panix.com (Duncan Frissell) Date: Fri, 13 Aug 93 09:08:27 PDT Subject: On The Inherent Evil Message-ID: <199308131603.AA27010@panix.com> To: cypherpunks at toad.com S >Regardless of how cypherpunks feel about this issue, E.D. is one S >of the most powerful memes making its way thru current society, and S >we have to deal with it. S > S >Nick Szabo szabo at netcom.com By ignoring it like all other forms of "others" government (tyranny). How anyone can think that more efficiently allowing others to rule them (whether one man or many) is a good idea is beyond me. Tyrrany is tyrrany is tyranny. Maybe with ED we'll be benefitted by the fact that the government itself which is carrying out the orders of the populace will be so busy with system volitility that it won't have time to do much real harm. Duncan Frissell (Net Prime - 01000001st Fiberborne) "A Machine Age army can no more defeat an Information Age army than a Muscle Age army can defeat a Machine Age army." Join in the fun as Slick Willie and the other spearcarriers of the New World Order charge the machine guns of the Info Army. Cyberspace Wants You. Join the 01000001st Fiberborne - recruiting depot open at this address. Phase One guerilla operations have alredy begun... --- WinQwk 2.0b#0 From frissell at panix.com Fri Aug 13 09:08:31 1993 From: frissell at panix.com (Duncan Frissell) Date: Fri, 13 Aug 93 09:08:31 PDT Subject: ATM AND IMAGE RECONGI Message-ID: <199308131603.AA27045@panix.com> To: cypherpunks at toad.com T >OK, you got me here. I wasn't thinking of cases where you might want T >to deceive your own bank! T >Tim May One tends to forget that an ATM card is a bearer instrument. Ive always thought it ironic that the first manifestation of the Orwellian technology of electronic payments that was supposed to strip us of our liberties was a *bearer* instrument. There are many circumstances where you might want to have someone other than the account holder use ATM or other Credit or Debit cards. Spouses, children, and employees might be given the card. If you want to make cheap instant overseas transfers you might give a trusted person an ATM card. If you want to make regular anonymous payments to someone you might open an account for that purpose, give them the card, and then just deposit whatever you want to transmit to them. If you've opened an account in a nome de guerre, it might be convenient not to have your image recorded. There are many more circumstances. For me the more significant concern is not getting my picture taken but the possibility that card use might be limited to the account holder only. I like the bearer instrument aspect of ATMs. Of course, as long as some banks on the net don't use pictures or other personal measurments as a replacement for pins, one can always use these institutions. Duncan Frissell As for the PC parts of Tim's post: How to handle fanatic evironmentalists/animal rightists/commies: "What's the matter; don't you believe in cultural diversity? Look, these days *I* have to put up with whether I like them or not. If *I* have to put up with whether I want to or not, then you have to put up with perverts like me." --- WinQwk 2.0b#0 From dsobel at washofc.cpsr.org Fri Aug 13 09:08:49 1993 From: dsobel at washofc.cpsr.org (David Sobel) Date: Fri, 13 Aug 93 09:08:49 PDT Subject: NSA Seeks Delay in Clipper Message-ID: <00541.2828087154.4728@washofc.cpsr.org> NSA Seeks Delay in Clipper Case The National Security Agency (NSA) has asked a federal court for a one-year delay in a lawsuit challenging the secrecy of the government's "Clipper Chip" encryption proposal. The suit was filed by Computer Professionals for Social Responsibility (CPSR) on May 28 and seeks the disclosure of all information concerning the controversial plan. In an affidavit submitted to the United States District Court for the District of Columbia on August 9, NSA Director of Policy Michael A. Smith states that NSA's search for records responsive to [CPSR's] request is under way, but is not yet complete. Because the Clipper Chip program is a significant one involving the participation of organizations in four of NSA's five Directorates and the Director's staff, the volume of responsive documents is likely to be quite large. Moreover, because the Clipper Chip program is highly complex and technical and is, in substantial part, classified for national security purposes, the review process cannot be accomplished quickly. CPSR called for the disclosure of all relevant information and full public debate on the proposal on April 16, the day it was announced. While NSA has insisted from the outset that the "Skipjack" encryption algorithm, which underlies the Clipper proposal, must remain secret, the Smith affidavit contains the first suggestion that the entire federal program is classified "in substantial part." In the interest of obtaining timely judicial review of the agency's broad classification claim, CPSR intends to oppose NSA's request for delay in the court proceedings. In another case involving government cryptography policy, CPSR has challenged NSA's classification of information concerning the development of the Digital Signature Standard (DSS). The court is currently considering the issue and a decision is expected soon. CPSR is a national public-interest alliance of computer industry professionals dedicated to examining the impact of technology on society. CPSR has 21 chapters in the U.S. and maintains offices in Palo Alto, California, and Washington, DC. For additional information on CPSR, call (415) 322-3778 or e-mail . David L. Sobel CPSR Legal Counsel From frissell at panix.com Fri Aug 13 09:12:09 1993 From: frissell at panix.com (Duncan Frissell) Date: Fri, 13 Aug 93 09:12:09 PDT Subject: Making the World Safe for Message-ID: <199308131603.AA27038@panix.com> To: cypherpunks at toad.com H>As another example, suppose the government banned non-Clipper H>cryptography. H>Despite the brave comments of some, I think it would be very hard H>to overcome such a ban. H>My main point is that we cannot rely on the technology to save us. A H>concerted government effort could, in my opinion, stifle the growth of H>individual liberties that cryptography may offer. Clipper is just one H>battle in this longer war. We can't afford to fall victim to a smug H>confidence that victory will inevitably be ours. If we get to the H>point H>that steganography is the only way to communicate privately, we will H>have H>lost. H> H>Hal Finney H>hfinney at shell.portal.com H> Hal, the point is that the government actions you fear are politically unlikely and would be limited to one nation in any case. Par example - humorous letter to the editor in today's NYT from someone I'll call "Clueless in New Jersey." He promotes the idea of a 1% tax on the markets for currencies and derivatives (because they are volitile, unproductive and hurt governments). Even before the passage of such a tax, the currency traders would have relocated themselves (physically or virtually) to an untaxed location. They nice thing about the modern communications environment is not strong crypto, steganography, or anonymous networks (though these are fun) it is the ability to randomie your physical location while still living as full and productive life as you used to live when tied down to one spot. The multiplying power of the new technologies also llows you to "run a Fortune 500 corporation" from your back pocket as informal work groups form and disband as needed. Crackdowns by a single government will just speed up the process of people becoming Permanent Tourists (PTs). The control problems experienced by modern States do not grow out strong crypto (which is not yet deployed) but out of the growing relative power of individuals. Power=Choice=Control. If we have power (the ability to jet anywhere on earth at the speed of sound for 1 or 3 week's average salary) we can make choices and control ourselves. If we control ourselves others lose control over us. The individual's natural organiational superiority over larger entities (my right hand rarely wheels on in to federal court to force me to file an environmental impact statement before defecation) when enhanced by modern technology weakens those less organied institutions. Remember laws are *not* self-enforcing. The success of their legal regime depends upon obedience by the populace. Does anyone out there see obedience and deference *increasing*? I don't. If disobedience keeps increasing, at some point the rules will be meaningless. Duncan Frissell November 10th 1989 - Berlin Wall - Death for unauthorized crossing November 11th 1989 - No Berlin Wall Sic semper tyrannis - "What a Difference a Day Makes" --- WinQwk 2.0b#0 From nfe at scf.nmsu.edu Fri Aug 13 09:18:31 1993 From: nfe at scf.nmsu.edu (nfe at scf.nmsu.edu) Date: Fri, 13 Aug 93 09:18:31 PDT Subject: Spooking of neural nets and image recognition... Message-ID: <9308131618.AA16347@NMSU.Edu> Nick Szabo writes: >[...]some general ideas for "encrypting" (sic) one's image: Some idea's are good, other's are abit off base. Major points of recognition are: jaw, cranium, nose, eyes, ears, age, and facial hair. Secondary points include: health, weight, optics, scars, etc. jaw: presence or lack of beards, highlighting skeletal lines, and hollows (aging) with makeup, or cigarette ash, plastic inserts in the cheeks, building up areas of the face with liquid latex, or morticians wax. (note that some of these techniques can be used on other areas of the face). cranium: hats, sudden changes in hair length/style, wigs (possably with padding). nose: highlighting/latex/wax - as with jaw, inserting a pair of small nuts/ buttons in the nose (drill for adequate airflow) will give the nose an appearence of having a "squashed/flattened" tip. 1/4 inch sections of stiff plastic tubing may also work. eyes: appear "sunken" w/ makup, altering eyebrows can misdirect eyesocket shape, pull back (oriental), or buldge out by pulling/gluing skin with spirit gum, or liquid latex. change color with tinted contacts. (note: sunken = old age, malnutrician, or sickness - pulling skin can also highlight cheekbones, etc.) ears: glue to the side of the head w/ rubber cement, spirit gum, or latex. age: 1) younger: very close shave, hot towles, alum, and talcum powder will tighten the skin, giving a youthfull appearence. 2) older: Max Factor hair whitener to grey temples, highlight lines and hollows of face (STUDY a stage makeup book, and prectice this before trying to fool anyone. Subtlety is the key with any realistic makeup, there is a tendency to over do it most of the time. As a rule of thumb cosmetic, and theatrical makeup is mostly worthless for disguise, and will not stand up to examination at close distances, unless well done, subtlely, and with extreme moderation.) facial hair: presence/absence, drastic changes in length, style and color can significantly alter ones appearence. Remember that neural nets, or a trained observer is going to be looking for the underlying skeletal shape, and building on top of that. health: depressed eye sockets, hollow cheeks, flush or jaundus (beta-kerotine) skin color. contra: exercise/good skin tone. Gaining or loosing weight, "sudden tan" type products... optics: glasses can hide features, and in some cases slightly alter the shape of the face. If unusual, they can be used as misdirection for an untrained observer (just like buttons, "loud" clothing, etc - as people tend to remember the unusual aspects, and not concentrate on usual features. Tinted contact lenses can change eye color. scars: hard to do right - use liquid latex, burns, cuts, etc. Probably best avoided, though very memoral to the observer, esp. if on the face. Misc: teath can be altered w/ iodine(stained), or blocked out with black wax. Have different "classes" of clothes (clergy, blue collar, white collar, "bum", etc - but stay in character. Remember that a construction worker isn't going to have an accountants hands, or imaculate tools, a bum will probably have dirt under their fingernails, etc. horizontal stripes make you look shorter/fatter, vertical ones taller/ skinnier. loud clothing, or pollitical buttons, a "funky" hat, etc will act as misdirection. skin acn also be bleached. consider: weight, muscle tone, stance, gait, etc. hair gell, and a curling iron are your friends :-) From paul at poboy.b17c.ingr.com Fri Aug 13 09:42:57 1993 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Fri, 13 Aug 93 09:42:57 PDT Subject: Software patents Message-ID: <199308131637.AA11354@poboy.b17c.ingr.com> I want to bring this up in the context of the PGP vs PKP thread from a while back. I am personally interested, since my cryptophone software could conceivable infringe on several varied patents simply by using excerpted code from PGP. Background: the Association for Computing Machinery is the computer science equivalent of the ABA or the AMA. They are in the process of revising their code of ethics for ACM members. Several lumiaries (Guy L. Steele, Jr., Danny Hillis, Richard Stallman, Gerald J. Sussman, Marvin Minsky, John McCarthy, John Backus, and Fernando J. Corbato) wrote a letter objecting to the new clause. I have excerpted Turing Award winner, 1990 The original was posted to gnu.misc.discuss by jhawk at panix.com (John Hawkinson); he had RMS' permission, but I am reposting here without permission. Comments in {} are mine. begin included text The ACM recently adopted a "moral imperative" for its members to "Honor property rights including copyrights and patents." This is clause 1.5 of a new ethics code for ACM members, adopted in October 1992. ... ACM surveys suggest that most ACM members disapprove of having patents in software at all; yet the ACM moral imperative calls on members to honor what they may regard as a disaster for their field. [... spirit vs. letter of law ...] But the word "honor" has other implications. The spirit and practical effect of the ACM code is to endorse the current intellectual property system and discourage independent judgement about it. This directly opposes the views of many, perhaps most, ACM members. Not only that; it also distorts the patent system, by telling people not to exercise their rights in the system. After all, what does it mean to "honor" a patent? Whether a particular patent is valid and applicable is always an open question until decided by a court case. And it is never a crime to infringe a patent. If you think a patent is invalid, the legal system encourages you to disregard it; if you are not sued, then your actions are legitimate. If you are sued, then you are welcome to fight the case and see if you can overturn the patent. (This is so expensive that the possibility is purely theoretical for most of us, and it cannot solve more than a tiny fraction of the software patent problem, but some of the readers may work for companies that can afford to do so occasionally.) If you can do all that and still be "honoring" the patent, then "honoring" is an empty requirement which there is no way to violate. The reader is likely to dismiss this interpretation, based on the heuristic that every clause in the ACM code must have some practical import or it would have been deleted. If "honoring" a patent does not permit challenging it in that way, then the ACM is directing its members to treat all patents as valid and not exercise their legal right to challenge patents! [... remainder deleted ...] Now, IANAL, but the preceding is new to me. By the argument presented above PGP is legal w.r.t. patent infringment. Infringement is _not_ an unlawful act, and the question of whether or not PGP is infringing can only be settled by a court encounter between PKP and someone else. Theoretically, then, we are all safe unless PKP decides to take us individually to court. We are likewise safe should any of us- collectively or individually- write, distribute, or aid/abet thereof any code which might potentially infringe a patent. Sounds like innocent until proven guilty. Sounds like Schnorr and digital cash are fair game. -Paul "quote me" -- Paul Robichaux, KD4JZG | "Change the world for a better tomorrow. But perobich at ingr.com | watch your ass today." - aaron at halcyon.com Intergraph Federal Systems | Be a cryptography user- ask me how. From nfe at scf.nmsu.edu Fri Aug 13 09:48:27 1993 From: nfe at scf.nmsu.edu (nfe at scf.nmsu.edu) Date: Fri, 13 Aug 93 09:48:27 PDT Subject: Spooking of neural nets and image recognition... Message-ID: <9308131644.AA16850@NMSU.Edu> As to serveilence cameras, is anyone familiar with methods of not getting photographed in the first place? Some methods I've heard of: 1) spray paint or vasoline on the lens (kinda obvious :) 2) putting a pin or finnishing nail in it's coaxial cable (umbilical if you will) - how good of a job of scrabbling the image will this do? 3) mounting a "test pattern" in front of the lens. 4) placing a magnet on the side of the camera (does this work?) 5) timing the pan, and taking advantage of "dead areas" (areas not covered for brief periods). Anyone familiar with the general range/resolution ratio, and how wide an area will get covered? Any other methods? From plmoses at unix.cc.emory.edu Fri Aug 13 09:48:32 1993 From: plmoses at unix.cc.emory.edu (Paul L. Moses) Date: Fri, 13 Aug 93 09:48:32 PDT Subject: Electracy: Evil Revisited Message-ID: <9308131644.AA21417@emoryu1.cc.emory.edu> Sorry, but today's currency system is anything but a democracy. Thank God. It works because it is entrusted to a COMPETENT elite. The "global approval" of bills that you suggest seems to be to inevitably lead to the worst sort of populist rhetoric and pandering becoming law. You don't seem to recognize that in an age of irrationalism, opening the doors to mass participation any further will simply de-legitimize the system even more. (I suppose if you liked Motor Voter, you dont understand why I am saying this.) But look at the Constitution. Its paradigm is for a federal government of limited powers to function as the "glue" to hold together otherwise disparate political entities. The point is that majority rule is only *half* the story in American democracy; the other half is checks and balances to ensure that those who do not fit into the mainstream can pursue life, liberty,and happiness. Since you think I am blathering on in vague generalities, let me put it another way: Colorado's Amendment 2 is EXACTLY the kind of bill one would expect out of "Elektracy". From amb at cs.columbia.edu Fri Aug 13 10:12:57 1993 From: amb at cs.columbia.edu (andrew m. boardman) Date: Fri, 13 Aug 93 10:12:57 PDT Subject: Spooking of neural nets and image recognition... In-Reply-To: <199308131408.AB13144@cs.columbia.edu> Message-ID: <199308131710.AA07902@ground.cs.columbia.edu> With regard to the scope of surveillance cameras, the elevators in the GM building have cameras pointed down at an off angle; I thought they would be mostly useless until I was shown the (probably computer-modeled) contoured shell over the lens; on the far and, it produces a suprisingly broad and non-"fisheyed" view of anyone facing the front of the car. Image recognition is currently limited to a book of photos of people they (security) don't want in the building, though... When the real cost of such recognition systems is low enough that such run-of-the-mill rent-a-cops are looking to buy them, we've really got something to worry about. (How nice that Citibank credit card holders are all getting their faces digitized, for their security of course.) [cypherpunks content ends about here...] FYI, the George Washington Bridge carries much, probably most, of the traffic into Manhattan and New York City...) Most? Hardly. Don't forget the bridges and tunnels from Brooklyn and Queens, and the two tunnels from New Jersey, and... Someone I knew in grad school (they, not I) was doing surveys of Manhattan-NJ traffic, and measured some amazing throughput on the GWB, compared with the tunnels. I *was* being incredibly NJ-centric, though... andrew From julf at penet.FI Fri Aug 13 10:18:27 1993 From: julf at penet.FI (Johan Helsingius) Date: Fri, 13 Aug 93 10:18:27 PDT Subject: anonymous contact ser Message-ID: <9308131937.aa01023@penet.penet.FI> "M. Stirner" : > Uu> Here's why. I can't reply directly to your message, as some gateway on > Uu> the way barfs on the ".." in your name. This seems to come and go. > Uu> This is probably also what screws up anon.penet.fi. > > This is extremely interesting! This "problem" was supposedly fixed some > time ago, but this is why I have alternate accounts elsewhere with more > common names. In any event, I will pass this information along to the > proper persons. Well, having ".." in your username is *not* a good idea for most mail systems! > Yes, the zeros are wrong & were inserted by software out of my control. > I also have different addresses, true enough, but there is no f0.n0.z1 > in fido; that address is a software error. I suspect it'll be on this > message, too. Yeah. This is one of my pet peeves. PEOPLE WHO SEND OUT STUFF ON THE NET WITH NON-REPLYABLE FROM ADDRESSES SHOULD BE FORCED TO READ REC.HUMOR FOR A MONTH! So there! > STILL....the problem I have is not addressed: I cannot make a > multi-line header (as in the required "X-Anon-Password: password" line) > work through this UUCP gate, as far as I can tell. > I cannot use password > header lines unless anon.penet.fi can handle having blank lines between > the header fields: It can handle empty lines betwen the header proper and the X-Anon stuff, but not in between the X-Anon lines. > The above header will pass the UUCP gate here. Without the blank lines, > the header gets grunged after the To: anon at anon.penet.fi line. What brain-damaged (excuse the expression) gateway software are you using? Julf From karn at qualcomm.com Fri Aug 13 10:22:57 1993 From: karn at qualcomm.com (Phil Karn) Date: Fri, 13 Aug 93 10:22:57 PDT Subject: Secure voice software issues In-Reply-To: <9308131255.AA23722@toad.com> Message-ID: <9308131721.AA21363@servo> >> do not use error correction or compression. (they will slow you down) >huh?!? my file transfer times would *double* if i turned off v.42bis >(modem compression). *that* would slow me down. and you can't run >v.42bis without running the error handling protocol (v.42), for obvious >reasons. what's more, v.42 gives an immediate 20% (or so) increase in >throughput, by eliminating start and stop bits. I think there's a confusion here between the conflicting goals of low delay and high throughput. Depending on which is more important to your application, V.42bis will either "slow you down" or "speed you up". Unfortunately, most modems don't give the user any way to say whether delay or throughput is more important to you at the moment; the modems themselves try to infer this automatically from the data streams you send them. And they bias the decision in favor of greater throughput. This is right for most computer applications, but not so for real time voice. Phil From peb at PROCASE.COM Fri Aug 13 10:32:57 1993 From: peb at PROCASE.COM (Paul Baclace) Date: Fri, 13 Aug 93 10:32:57 PDT Subject: Spooking of neural nets and image recognition... Message-ID: <9308131731.AA02173@banff.procase.com> >4) placing a magnet on the side of the camera (does this work?) Not with CCD cameras. All the other methods you mentioned require special physical access-- it won't work if one gets photographed while placing post-its on the camera window... The high error rates of image recognition make this whole scenario a future issue. One FAA funded experiment used mice to detect excessive adeneline (the mice go nuts or their heart rates increase just by smelling the excitement); the idea was to catch hijackers who would generally be a bit excited. This sounds obvious boneheaded because of all the people who fear flying...but the stated reason for abandoning the research was that mice don't rate too well as anonymous tipsters! Anyway, the error rate was very high too. However, the whole "profile" thing used by the WoD is essentially a conscious application of generalization that neural networks do. This may expand if "suspicion detection" is socially acceptable--my guess is that it would not be accepted given the speeding ticket automation systems that have been widely rejected (they probably could have gotten it accepted if the reduced a speeding ticket cost by a magnitude and considered it like a parking ticket--but these are legal changes, not technological changes, so they are much more difficult to do). The OCR of cash serial numbers would be highly probabilistic--that is, too many transactions would not be tracked so the knowledge of the flow would be partial. More likely would be that all large cash deposits would be scanned for general analysis just as large cash transactions require that a bank fill out a special form and send to the State. Paul E. Baclace peb at procase.com From karn at qualcomm.com Fri Aug 13 10:48:27 1993 From: karn at qualcomm.com (Phil Karn) Date: Fri, 13 Aug 93 10:48:27 PDT Subject: Beepers can also be used to track you down! In-Reply-To: <9308131050.AA28463@ishara.poly.edu> Message-ID: <9308131744.AA21446@servo> Eh? Conventional pocket pagers are receive only. This is well known. Oh, they probably do emit tiny amounts of RF from their local oscillators, but I doubt much could be done with that. Cell phones, on the other hand, *do* tell the system which cell you are in, and they can do this even when you're not in a call. It's called "registration". The usual purpose is benign: directing pages (land-to-mobile call requests) only to the cell you're in, instead of having to "flood" them all over the system. But it *could* be used to keep track of your location. I carry both a pager and a cell phone. Normally I keep the cell phone turned off to save its batteries. When I get a page, I can turn the phone on and return the call. The pager/cellphone combination is very nice, as I effectively get "caller ID" functionality. Even better, *I* get to choose when, how or even if to answer a particular page. And since pagers are unidirectional (no acks) I can always lie about not having gotten a page from somebody I don't want to talk to! :-) Phil From koontzd at lrcs.loral.com Fri Aug 13 10:52:58 1993 From: koontzd at lrcs.loral.com (David Koontz ) Date: Fri, 13 Aug 93 10:52:58 PDT Subject: Beepers can also be used to track you down! Message-ID: <9308131749.AA12091@nebula.lrcs.loral.com> >Basically, they'd send pings to your beeper throughout the city they expected >you in, then they'd find out which cell you were in. After that, they can >use a small radar-like gun to actually find your beeper, also by pings. >There's probably a way to disable the transmitter in the beeper, but I All you need is a faraday cage, an all metal enclosure with metal to metal contacts between all its surfaces. A Copper brillo type scrub pad, expanded out to make a pocket big enough for the pager. From jet at netcom.com Fri Aug 13 11:12:57 1993 From: jet at netcom.com (J. Eric Townsend) Date: Fri, 13 Aug 93 11:12:57 PDT Subject: Beepers can also be used to track you down! In-Reply-To: <9308131050.AA28463@ishara.poly.edu> Message-ID: <9308131809.AA17666@netcom.netcom.com> A1 ray arachelian (library) writes: >While you're at it, don't forget to mention that beepers have a "ping" option >in them. If you were a crook on the run, and you were stupid enough to not Documentation, please. Or a reference. Having opened up more than one of my pagers, I have yet to find evidence of a transmitter. From Hastings at courier8.aero.org Fri Aug 13 11:33:27 1993 From: Hastings at courier8.aero.org (Hastings at courier8.aero.org) Date: Fri, 13 Aug 93 11:33:27 PDT Subject: Electric Fooling Machine Message-ID: <0006ECF1.MAI*Hastings@courier8.aero.org> Homer: "You couldn't fool your own mother on the foolingest day of the year, even if you had an electric fooling machine." > *pragmatic* descriptions of Electronic Democracy ... You're walking down the street, and a gang of thugs jumps out from behind some bushes. Their leader approaches you and says: "Don't be alarmed, we're your very local community - we believe in the noble principle of Democracy, majority rule, and you have an equal vote with each of us." You say, "Whew. I guess my marshmallow-philosophical Libertarianism clouded my vision of the great ideal that is our American way of life. What should we vote on first?" The gang leader says, "Glad to hear someone with confidence in the system. A concerned member of our community, upset at the unfair distribution of wealth in our society, has proposed an equal sharing of whatever cash we have on hand at the moment. Since none of us have any cash, the implementation would require you to give an equal share to each of us. Now, that seems reasonable, doesn't it?" You say, "Oh no, my worst nightmare come true, even while I am awake! But, the essence of Democracy is my right to vote, and if I'm unhappy that I'm completely ruined this election, why I have a chance to get screwed every couple of years forever! But, wait, if this process were AUTOMATED, ELECTRONICALLY, why, I could be ripped off continuously every single nanosecond!" > and to my great chagrin all have been virtually completely > ignored... Could anyone really BELIEVE that high school civics class garbage? >I'm really quite amazed at all the deathly pessimism and antipathy >herein toward genuinely improving our governmental system. On this list, we've all probably experienced firsthand, the joys of "our" government in the person of an IRS (or state tax) agent, and after that enlightening encounter, have sworn uncompromising revenge on THEM, THE ENEMY. Maybe someone had their kid taken from them to die in some stinking jungle or desert. Or maybe someone owns a gun for protection, or has an unapproved hygienic practice (smoking, drugs, booze, midwife, health food) and isn't thrilled with the zero-tolerance, no-conviction-needed asset forfeiture revenue-enhancing scam, or the threats on privacy because of "money-laundering" or "terrorism". Can you stand to watch the "cleared by military censors" media prattle on about how government needs to stick everyone in a hamster cage for their own good without getting totally pissed? If so, I'm jealous. Now, what is the most effective tactic to achieve a universal respect for rights? Oops. Nobody has any rights, that would support Natural Law. We'd have to shovel heretics into the fire according to religious revelation if we accept NL/NR. Begging for our "rights" from the Secret Masters' puppets, or buying "our own" politicians into office, may bring temporary relief, but a lasting victory will come by cutting the supply lines (taxes and inflation) and their brainwashing stranglehold on the media (and "public" education). Digital cash might "nuke" tax collection, as Tim May puts it. Anything other than Federal Reserve Units as the unit of account removes the enemy's benefit from any inflation that occurs. Unlicensed broadcasts (perhaps starting with wireless spread-sprectrum internet extensions) muscles in on media territory and can cause reader/viewers to question the absurd establishment interpretations of current and historic events. >It seems everyone here is interested in debating the issue in >terms of how they see government, how it has functioned in the >past, *irrespective* of any novel mechanisms presented... Gee, if only the Nazis would have an e-mail address, everything would be wonderful. Email: hitler at nazi.edu or stalin at commie.org. >N. Szabo [said:] >>* A basic problem with E.D. is that nobody has an >>incentive to vote correctly. A Nobel Prize was awarded to the Public Choice school for just this insight. The selfless, dedicated public servants have the same motivations as the most ruthless wolves on Wall Street. I think David Friedman covers this, and you could do worse than to read The Machinery of Freedom. (This is NOT a direct quote): A political victory is winner-take-all, completely shutting out the desires of a minority. In a free market, if a good or service is favored by the majority, guess what: The majority rules! You'll see whatever they want just about everywhere. But minority tastes will be catered to as well, perhaps not at the supermarket, but in a little boutique somewhere. >suppose that a `vote' is not something static but rather a >pledge of support for a proposal that can vary over time... If this is what you have in mind for political decisions, then you've reinvented proprietary communities, described in Spencer Heath McCallum's (sp?) The Art of Community (1970), which provides agreeable structures to the signatories of their covenants. But you would NOT be talking about the coercive, tax-and-draft, master-and-subject relationships which define a "government." Kent - From mab at crypto.com Fri Aug 13 11:52:56 1993 From: mab at crypto.com (Matt Blaze) Date: Fri, 13 Aug 93 11:52:56 PDT Subject: Beepers can also be used to track you down! In-Reply-To: <9308131749.AA12091@nebula.lrcs.loral.com> Message-ID: <9308131837.AA11141@crypto.com> >>Basically, they'd send pings to your beeper throughout the city they expected >>you in, then they'd find out which cell you were in. After that, they can >>use a small radar-like gun to actually find your beeper, also by pings. > >>There's probably a way to disable the transmitter in the beeper, but I > >All you need is a faraday cage, an all metal enclosure with metal to metal >contacts between all its surfaces. A Copper brillo type scrub pad, expanded >out to make a pocket big enough for the pager. No, that won't work - the pager won't be able to receive the signals for paging you. You need a one-way faraday cage (OWFC). You can get these from a good electronic supply house, but they're rather expensive and specialized so they don't usually list them in their catalogs. You have to call and ask. Law enforcement and the military are the main users of OWFC's, so they may refuse to sell you one without proper authorization, or they may deny knowing about them at all. Expect to pay at least $500 bucks for a pager- sized one, much more for a room size model. Use a fake name when buying, or expect extra attention from the authorities. If you have no luck finding someone willing to sell you one, you can make your own, but it's a bit of a tedious process. A brillo pad is a good starting point, but you have to insert diodes at least every 1/64th wavelength to allow the RF energy to flow into the cage but not out. For a 450mhz pager, every centimeter or so will do. Surface-mount diodes are a good choice because of their small size. Basically, expand out the brillo pad as described in the previous post, then mark 1cm size squares around its entire outer surface. At each intersection point, cut throw the mesh and solder in a diode, making sure that the emitter side is pointing either in or out for all the diodes. (I don't remember which side the diodes are supposed to point, but you can easily turn the mesh inside out when you're done. Whichever way lets you receive pages is the right way.). Be warned that buying a large number of surface mount diodes is considered somewhat suspicious, so to play it safe and order them with a fake name and in small quantities from several suppliers. It's been over a year since I made an OWFC for my pager and the results have been astounding - I am certain that the authorities are no longer using my pager to track my location. Be warned, though, that those so-called holographic images on Visa and MasterCards can easily be used for much the same purpose, although I've been unable to prove that they are actually using this technology to track people on any kind of large scale. Safest bet is to carry your credit cards along with your pager in your OWFC. From csvcjld at nomvst.lsumc.edu Fri Aug 13 11:53:27 1993 From: csvcjld at nomvst.lsumc.edu (csvcjld at nomvst.lsumc.edu) Date: Fri, 13 Aug 93 11:53:27 PDT Subject: Beepers can also be used to track you down! In-Reply-To: <9308131749.AA12091@nebula.lrcs.loral.com> Message-ID: <19930813134754397@nomvst.lsumc.edu> >>There's probably a way to disable the transmitter in the beeper, but > >All you need is a faraday cage, an all metal enclosure with metal to >metal contacts between all its surfaces. A Copper brillo type scrub >pad, expanded out to make a pocket big enough for the pager. How about a microwave oven? From gtoal at an-teallach.com Fri Aug 13 11:58:27 1993 From: gtoal at an-teallach.com (Graham Toal) Date: Fri, 13 Aug 93 11:58:27 PDT Subject: how does it work Message-ID: <5028@an-teallach.com> In article pbreton at cs.umb.edu writes: > 1) Aren't telnets logged, at least at the site you telnet to? If I "telnet > xxxx smtp", doesn't the site I telnet to have it in a log? I can't control > that, and that could identify me. *All* connections to any port can be logged. And if your site isn't entirely under your own control, your site can collude with the called site using the ident protocol to tell the other site the name of the user that the tcp/ip connection belongs to. If the other end has a smart SMTP, it can put this info in the received: headers. I do stuff like this myself using the LOG_TCP wrappers. G === Personal mail to gtoal at gtoal.com (I read it in the evenings) Business mail to gtoal at an-teallach.com (Be careful with the spelling!) Faxes to An Teallach Limited: +44 31 662 4678 Voice: +44 31 668 1550 x212 From pmetzger at lehman.com Fri Aug 13 11:58:32 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Fri, 13 Aug 93 11:58:32 PDT Subject: Making the World Safe for In-Reply-To: <199308131603.AA27038@panix.com> Message-ID: <9308131853.AA13780@snark.lehman.com> Duncan Frissell says: > Hal, the point is that the government actions you fear are politically > unlikely and would be limited to one nation in any case. Par example - > humorous letter to the editor in today's NYT from someone I'll call > "Clueless in New Jersey." He promotes the idea of a 1% tax on the markets > for currencies and derivatives (because they are volitile, unproductive > and hurt governments). Even before the passage of such a tax, the > currency traders would have relocated themselves (physically or virtually) > to an untaxed location. Indeed, virtually all Swedish stocks are now traded in London for much the same reason. Perry Metzger From amb at cs.columbia.edu Fri Aug 13 12:02:57 1993 From: amb at cs.columbia.edu (andrew m. boardman) Date: Fri, 13 Aug 93 12:02:57 PDT Subject: one person's speculation is another's insurance hike In-Reply-To: <9308130831.AA12898@netcom5.netcom.com> Message-ID: <199308131900.AA11607@ground.cs.columbia.edu> Distance travelled: 14.31 miles. Time elapsed: 13.86 minutes. Average speed: 61.95 MPH Speed Limit: 55 MPH Excess Speed: 6.95 MPH Penalty: 6.95 x $50 = $347.50 Hmm, driving the KS turnpike again? (Its fines are a bit cheaper, though.) From honey at citi.umich.edu Fri Aug 13 12:12:58 1993 From: honey at citi.umich.edu (peter honeyman) Date: Fri, 13 Aug 93 12:12:58 PDT Subject: Beepers can also be used to track you down! Message-ID: <9308131911.AA02718@toad.com> > I carry both a pager and a cell phone. phil, i've known you a long time, so i'm used to the fact that you carry a slide rule and a calculator, a walkman and a transistor radio, wear a belt and suspenders, a ski hat and earmuffs, but with this, you've gone too far my friend. peter From honey at citi.umich.edu Fri Aug 13 12:13:27 1993 From: honey at citi.umich.edu (peter honeyman) Date: Fri, 13 Aug 93 12:13:27 PDT Subject: Beepers can also be used to track you down! Message-ID: <9308131913.AA02733@toad.com> >There's probably a way to disable the transmitter in the beeper, ... i should think that all the second amendment enthusiasts on this list could come up with something ... peter From koontzd at lrcs.loral.com Fri Aug 13 12:18:27 1993 From: koontzd at lrcs.loral.com (David Koontz ) Date: Fri, 13 Aug 93 12:18:27 PDT Subject: No Subject Message-ID: <9308131915.AA12203@nebula.lrcs.loral.com> Subject:Beepers can also be used to track you down! I had heard that Motorola was talking about pagers based on the cellular phone system, with hand off between cells, etc. That would imply XMIT. As far as local detection, I understand that in Britain vans go around with sniffing gear looking for IF freqs to find unlicensed TVs. When in the Air Force, we used to leave our pagers in Faraday cages when going into some of the SCFs, which were built with the copper mesh in the walls etc. The idea being that you didn't want any being carried on IF from the pager. As far as the microwave oven, fine you can hide in there, but watch out for them.. one of THEM may come by and turn it on... From eb at srlr14.sr.hp.com Fri Aug 13 12:18:32 1993 From: eb at srlr14.sr.hp.com (Eric Blossom) Date: Fri, 13 Aug 93 12:18:32 PDT Subject: Secure voice software issues In-Reply-To: <9308120203.AA04871@servo> Message-ID: <9308131914.AA15560@srlr14.sr.hp.com> > Eh? No, as I've been saying, you can produce a very strong hybrid in > which both Diffie-Hellman and RSA each play an important part. > Diffie-Hellman generates the session keys, while RSA signs them. Does anybody *know* how existing secure phones do authentication? I'm familiar with the AT&T 3600, but I was wondering about a STU-III, perhaps a Motorola SECTEL-1500, or equivalent Cylink. I assume that they use Diffie-Hellman to exchange session keys, but what public/private key info is stored in the phones (if any), and how do you load it in? Do you contact some kind of certifying authority to download key info? Is it stored in some kind of NVRAM, or EEPROM? How many keys will the phone store? I assume, given the presense of a "zeroize" button that something useful is stored in the phone. Also, what is the "cryptographic ignition key"? It is some kind of FLASH or EEPROM? What's on it? The key pair? Thanks, Eric Blossom From Hastings at courier8.aero.org Fri Aug 13 12:22:59 1993 From: Hastings at courier8.aero.org (Hastings at courier8.aero.org) Date: Fri, 13 Aug 93 12:22:59 PDT Subject: Privacy-Friendly Auditing Message-ID: <0006ED08.MAI*Hastings@courier8.aero.org> I sent messages pertaining to the anonymous auditing problem to Neils Ferguson, and like someone who hopes the property owner forgives the trespass that occurs when someone walks up and rings the doorbell, I hope he doesn't "have a cow" that I'm sharing some of his remarks. >The anonymous auditing problem is, as far as I have understood, not >well defined. Duh!!! Ahem... >The purpose is to allow an external auditor compute the sum of all >the banks commitments without revealing the individual commitments >to the auditor. The problem is: who is going to provide the data to >the auditor? >The simplest answer would be that the customers are going to provide >the data. In this case the voting protocols described in literature >are a good start. It should even be possible to have the bank provide >signed account statements for a specific date to all clients which are >then used in the protocol to prevent clients from cheating and thereby >generating a false result in the audit. But any such scheme is not >practical as ALL customers have to cooperate. >If the bank is going to supply the information to the auditors, then >there must be some way to stop the bank from creating an entire >`shadow' bookkeeping. That is, the data must include some kind of >customers signature on the balance of each bankaccount, and the public >key of this customer must somehow be verified to belong to a real >person (to ensure that it was not generated by the bank itself). The >authentication of a public key and linking it to an actual person >requires another institution (government?) which keeps track of people >and authenticates that they are actual living persons. >Note that all this information does not have to be revealed to the >auditor, but it is necessary as input to the cryptographic protocol. >In general a cryptographic protocol cannot achieve anything that a >computer which is trusted by all parties cannot achieve. If someone >could give a description of the required functionality of this virtual >trusted computer, then the cryptographers can try to make it into a >protocol (and then try to make it practical). >Did I miss something when I quickly read your mail or is the notion of >an anonymous auditing still vague? >I havn't studied voting schemes but most of them have serious flaws. >Many of them have difficulty handling a dishonest minority, or require >too much resources to be practical. One requirement for voting schemes >which I have not seen in literature is the unprovability. After voting >a voter should not be able to prove what she voted to another party. >If this were possible, then buying votes (or blackmailing people to >vote a certain way) becomes possible. The old Italian voting system >had so many possibilities to cast your vote that this was used by the >Mafia in certain areas. They would approach a person and basically >state: "You'd better make sure that there is a ballot with exactly >these choices in the result or else....". >I don't read the cypherpunk mailing list. If it were a newsgroup I >would find it quite interesting, but as a mailing list it is much >harder for me to selectively read the articles. Also, my mail handler >doesn't support a kill file. When I tried a subscription I found the >signal to noise ration to be too low to read it as a mailing list. The >volume was also so high that it drowned out my other e-mail. With a >newsgroup you can safely ignore it for a while. Maybe I should get a >better mail handler, but when I mentioned this problem to Eric Hughes, >he said that they could have created a newsgroup but decided not to. A >clear mistake in my opinion. Anyways, maybe someone will create an >alt.cypherpunk newsgroup and put up a gateway from the mailing list to >the newsgroup. Niels Ferguson can be reached at niels at cwi.nl, and I'm sure one of you finks will rat on me and tell him I'm betraying confidentiality. Well, go ahead, you'll see what I do to you. Kent - From JAW7254 at ACFcluster.NYU.EDU Fri Aug 13 12:28:27 1993 From: JAW7254 at ACFcluster.NYU.EDU (JAW7254 at ACFcluster.NYU.EDU) Date: Fri, 13 Aug 93 12:28:27 PDT Subject: customer tracking, et al... Message-ID: <01H1P8AGPYAQVSZQUE@ACFcluster.NYU.EDU> -----BEGIN PGP SIGNED MESSAGE----- I don't know about the camera's/recognition in retail stores that were mentioned, but at least here in NY, record stores are pushing something called the I-Card. The unit is a simple terminal in Tower Records(tho I think they've dropped it now), some Sam Goody Records', J&R, etc. When you 'apply' for a card, you fill out a customer survey, name/address/ etc. They then take two copies of a bar code, and put one on the survey, and one on a card they give you. The terminal allows you to see music and video previews and things of the sort, but to use it, you must slot your bar code. The result--a database somewhere with a profile on you including all participating record stores you've been to , and what music you've previewed. Perhaps that should be the Eye-Card, eh? Jim Wise JAW7254 at ACF.NYU.EDU -----BEGIN PGP SIGNATURE----- Version: 2.3 iQBVAgUBLGvvaAgFW+TtMfolAQHuSQH/dMXZx2OVJRJEJNqdUxyoAUW4/yoBUioH BkvWD2zT2M43AL+JaE69mMhE1LSN4GpyZuTcFX9j++gy4IRfi9lBow== =DeTs -----END PGP SIGNATURE----- From rarachel at photon.poly.edu Fri Aug 13 12:52:59 1993 From: rarachel at photon.poly.edu (Aarsen Ray Arachelian) Date: Fri, 13 Aug 93 12:52:59 PDT Subject: Beepers can also be used to track you down! In-Reply-To: <9308131809.AA17666@netcom.netcom.com> Message-ID: <9308131951.AA02119@photon.poly.edu> > >While you're at it, don't forget to mention that beepers have a "ping" option > >in them. If you were a crook on the run, and you were stupid enough to not > > Documentation, please. Or a reference. Having opened up more than > one of my pagers, I have yet to find evidence of a transmitter. This came from a conversation I had with a friend of mine. This guy is usually on the ball when it comes to technology, so I'll ask him for a refrence. He's fairly reliable when it comes to discovering weaknesses in systems, and is particularly knowledgeable in unix and OS/2, so this sort of thing is something that is of concern to him as well. He's worked with a lot of comm stuff as well. However, it could wind up as a rumor, so let me ask him and find out where he found out. From pmetzger at lehman.com Fri Aug 13 13:08:27 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Fri, 13 Aug 93 13:08:27 PDT Subject: No Subject In-Reply-To: <9308131915.AA12203@nebula.lrcs.loral.com> Message-ID: <9308132006.AA13908@snark.lehman.com> David Koontz says: > When in the Air Force, we used to leave our pagers in Faraday cages when > going into some of the SCFs, which were built with the copper mesh in the > walls etc. The idea being that you didn't want any being carried on > IF from the pager. I wonder if they noticed that they never got any pages... Perry From hkhenson at cup.portal.com Fri Aug 13 13:18:27 1993 From: hkhenson at cup.portal.com (hkhenson at cup.portal.com) Date: Fri, 13 Aug 93 13:18:27 PDT Subject: Beepers can also be used to track you down! Message-ID: <9308131316.13.6838@cup.portal.com> I may be out of date on beepers, but the ones I know about are recievers only, no transmitters. Cell phones *can* be used to track, though. Keith From paul at poboy.b17c.ingr.com Fri Aug 13 13:22:59 1993 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Fri, 13 Aug 93 13:22:59 PDT Subject: Electracy: Evil Revisited Message-ID: <199308132016.AA12660@poboy.b17c.ingr.com> -----BEGIN PGP SIGNED MESSAGE----- Fully participative electronic democracy is what you get when you cross cable TV with mob rule. I'm a little suprised no one has brought up Brunner's Oracle from _The Shockwave Rider_. For those of you who haven't read it, imagine a sort of Nintendo-meets-OTB system where you can vote- and *bet* - on the probability of certain events. Of course, the government has the means to effect the outcome of many such events (money supply, availability of crypto, who wins the Miss Teen USA pageant), but it's an interesting concept. The problem with Lance's positive reputation, et al system is that having power, money, status, influence, or a stout reputation doesn't automatically mean you're _right_. (cf. Armand Hammer, J. Edgar Hoover, Lani Guinier), and the lack thereof doesn't necessarily mean you're wrong or that your ideas shouldn't be heard (cf. Alger Hiss, the guy-who-invented-variable-delay-wipers, early Martin Luther King Jr.) -Paul - -- Paul Robichaux, KD4JZG | "Change the world for a better tomorrow. But perobich at ingr.com | watch your ass today." - aaron at halcyon.com Intergraph Federal Systems | Be a cryptography user- ask me how. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLGv2eyA78To+806NAQGeVgQAoHyolj84XGw5vIwl4+SxUCEGrdk7oKwo YQ+1qmI5bYcc8ldNDBxawg5vlLpfcBa1mMydazS8grJznos8SwkAz0xsh0rqxEy7 7QpOGXFFPj+z7fInK8yNmh5X58ZVAxC7VRrfyrXP4KUc+779N3VL/dTgsz9ct9MF BjejuvMxMp4= =vloB -----END PGP SIGNATURE----- From koontzd at lrcs.loral.com Fri Aug 13 13:28:27 1993 From: koontzd at lrcs.loral.com (David Koontz ) Date: Fri, 13 Aug 93 13:28:27 PDT Subject: pagers Message-ID: <9308132026.AA12426@nebula.lrcs.loral.com> >I wonder if they noticed that they never got any pages... Geez, you would have thought they were bank tellers, too. Seems silly they wouldn't trust us to just turn them off. They would certify coffee pots going into the SCFs too, once in they can't come back out. From eb at srlr14.sr.hp.com Fri Aug 13 13:28:33 1993 From: eb at srlr14.sr.hp.com (Eric Blossom) Date: Fri, 13 Aug 93 13:28:33 PDT Subject: Secure voice software issues In-Reply-To: <9308131255.AA23722@toad.com> Message-ID: <9308132028.AA17610@srlr14.sr.hp.com> > phil karn's points about modem buffering interfering with type-of-service > queueing are the strongest condemnations of modern modems, in my view. > i wish someone would build a modem that recognized ip packet framing. This is why you'd really want to run your modems synchronously. You'd just send HDLC frames that encapsulated IP packets (fragmentation may be required). This is how most IP routers work over serial links. From karn at qualcomm.com Fri Aug 13 14:23:00 1993 From: karn at qualcomm.com (Phil Karn) Date: Fri, 13 Aug 93 14:23:00 PDT Subject: Secure voice software issues In-Reply-To: <9308132028.AA17610@srlr14.sr.hp.com> Message-ID: <9308132119.AA21953@servo> >This is why you'd really want to run your modems synchronously. You'd >just send HDLC frames that encapsulated IP packets (fragmentation may >be required). This is how most IP routers work over serial links. Indeed. And because LAPM uses HDLC framing over the modem, you could be completely compatible with a regular (asynch DTE interface) V.42bis modem on the other end of the call. But by implementing V.42bis yourself, you would have complete control over when frames get sent, and how large they are. Phil From wcs at anchor.ho.att.com Fri Aug 13 14:38:29 1993 From: wcs at anchor.ho.att.com (Bill_StewartHOY0021305) Date: Fri, 13 Aug 93 14:38:29 PDT Subject: Beepers can also be used to track you down! Message-ID: <9308132123.AA26208@anchor.ho.att.com> There is one way to track someone with a beeper - you call them, leave your number, and trace the call if they call back. It doesn't work for people who only accept calls from certain numbers (mid-level drug dealers, for instance) or use other authentication (voice pagers, or codes you dial along with the number), and it's worth calling them from a pay phone in case they recognize the usual pay-phone numbers (if you live in an area where you can still call back to a pay-phone.) It's not generally possible to locate specific beepers from the miniscule amount of IF that they generate, especially since many of them work by listening to a standard frequency and only beeping if there's a specific message sent to alert that user; at most you could find someone using that beeper company. As an extreme case, consider Skypage, which is satellite-based :-) On the other hand, if you're trying to figure out which of the hanging around on the street corner is the drug dealer, and you know the popular local beeper companies' frequencies and addressing, you _could_ set up a transmitter that loops through the addresses and see who pulls out a beeper and heads for the pay phone.... It may take a while if the beepers support 10,000 or 4 billion addresses, but you can limit your search a bit if the beeper company or stool pigeons have provided you the numbers of the usual suspects... Sounds like a good reason to design a paging system with a large sparse address space to prevent brute-force searches, and not to key the address directly off your home phone number or anything obvious like that. Bill, who doesn't carry a beeper and whose sales of dangerous addictive drugs are normally limited to caffeine... From warlord at MIT.EDU Fri Aug 13 14:43:00 1993 From: warlord at MIT.EDU (Derek Atkins) Date: Fri, 13 Aug 93 14:43:00 PDT Subject: MEET: Reminder: Boston Area Cypherpunks Message-ID: <9308132140.AA06766@toxicwaste.MEDIA.MIT.EDU> This is a final reminder that there will be a Boston Area Cypherpunks meeting this Saturday, August 14, 1993, from 4-8 pm in MIT room 1-115. Directions: Get to MIT. By T: you can get off at Kendall Sq., off the red line. By BUS: route #1 stops right in front of MIT's main entrance at 77 Mass. Ave. By Car: Have fun parking!! ;-) Room 1-115 is on the first floor of building 1. Building one is just a little south of the Main MIT entrance at 77 Mass. Ave, close to Mass. Ave. If you take the T, you will have to cross campus to get to Mass Ave. There will be signs (hopefully) to point the way once you get close to the main entrance. If you need more detailed directions, please call me at home: 868-4469, or send me email. See you Saturday at 4! -derek From nobody at rosebud.ee.uh.edu Fri Aug 13 16:53:04 1993 From: nobody at rosebud.ee.uh.edu (nobody at rosebud.ee.uh.edu) Date: Fri, 13 Aug 93 16:53:04 PDT Subject: encrypting viruses Message-ID: <9308132350.AA07169@toad.com> -----BEGIN PGP SIGNED MESSAGE----- Fellow cypherpunks, Speaking of cryptostacker and beneficial viruses that encrypt files for you in the background, I just got a copy of one in the mail! I think this may be of interest to the group, so I am posting. Here's a section from the documentation: - ---begin excerpt Wouldn't it make sense to have a virus that encrypts your system for you? It can work in the background, and just encrypt every floppy you make, and put a copy of itself on that disk too, if there's room, so when you take it somewhere, you can still decrypt. And best of all, the encryption is public domain and free. Well, now you have just the virus you need. The Potassium Hydroxide Virus is a friendly virus, desinged specifically to solve the problems of the average computer user who attaches some value to the privacy of what he has on his computer - either because he doesn't agree with the strictest interpretation of copyright law, or for any other reason. I say it is "friendly" because it doesn't just go in and infect your system without your knowledge, and use some unknown key for encryption so you can't recover. Rather, the Potassium Hydroxide politely asks if you want to infect (yes, it even uses the word "please"), and it asks you for a password to use for encrypting. As far as encryption goes, the Potassium Hydroxide uses two different algorithms. One is slow-but-good, the other fast-but-easy to break. And it allows you to choose which one will be used on your hard disk. That way you can choose the level of security and performance you like. Floppy disks are always encrypted with the slow-but-good algorithm, since they are already slow. The slow-but-good algorithm used is state-of-the-art. It is the International Data Encryption Algorithm (known as IDEA), which was developed by someone besides the government , (for those of you who do not trust the government to keep you data safe) and has been the subject of intense public scrutiny for several years. Although cryptographers admit that IDEA is fairly new, and someone may find a way to crack it in the future, no one has done so yet. [skipping a few sentences] Using the Potassium Hydroxide Installing the Potassium Hydroxide on your computer is fairly easy. However, as with installing any cryptographic system, I'd highly recommend you back up everything on your hard disk first. After all, if the power fails after your FAT has been encrypted, but nothing else, it's going to be tought to recover without a backup Step 1: Format a floppy and put the system files on it so it can boot to the DOS prompt. Pull the disk out and put it back in. (You must do this or the virus won't infect it) Step 2: Execute the KOH.COM file included on the disk with this issue. This will encrypt the diskette in the A: drive and install the Potassium Hydroxide on it live. Enter a password when it requests one. This password is only temporary. Do a directory on this disk, and you will see only gibberish. That will prove to you it has been properly encrypted. Step 3: Boot from the disk you just infected. The virus will then request permission to infect your hard disk. Tell it yes. Step 4: Reboot your computer from the hard disk. Now the virus will ask you if you want to encrypt your hard disk. If you do, enter "Y". If you don't, all floppies will still be encrypted, and you must enter the floppy encryption password at boot-up. I recommend you attempt to boot at least once without encrypting just to make sure the virus installed properly on the hard disk. Step 5: After booting once without encrypting, reboot and encrypt this time. You will be asked if you want casual (fast) encryption or strong (slow) encryption. Make your choice. Next you'll be asked for a password for floppies and for the hard disk. The floppy password is stored on your hard disk in (strong) encrypted form, and the hard disk password must be entered every time you boot. Enter them both at this time. The initial encryption process then begins. It is admittedly very slow. Just allocate and hour or so for strong encryption and be patient. The virus does not use a very large buffer for encrypting because it doesn't want to take up too much memory. Step 6: After the encryption is done, you should reboot your computer and test it. With any luck it will work just fine. A good test to make sure everything worked OK is to run CHKDSK, and test out some of your favorite programs. If you experience problems, you may have to use your backup to restore everything. That's no different than any encryption program, though. Compatibility [been tested with DOS 4,5,6 and Windows 3.1. So far, the only problem is with the 32-bit disk driver for Windows 3.1] Incidentally, the Potassium Hydroxide has been donated to the PUBLIC DOMAIN. - ---end excerpt I can't seem to find mention of what the fast/casual encryption algorithm is. Instead of source code, a hex listing is provided. According to further notes, there is a hot-key for toggling floppy encrypt, and another hot key to uninstall from the hard drive. All the same, if I get a chance this weekend I'll probably try it out! -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLGwl24OA7OpLWtYzAQExMwQAv2d/CJA+qq/1CcRWR/IH2kDPlqqMMw2J W5WWLz1ngaNSWYddY1c29mrRlgKKdLdt+ijLNo6iP2/YbFzS3x66Y7c14dvmtfZP J1S0yvc70eWu/gZPNQLpyYwvYJjYL8jWMtdLWROlXk9UYQSolxTETRugRo02eApt tO5ZPIs+iYw= =beMR -----END PGP SIGNATURE----- From keru at cpu.us.dynix.com Fri Aug 13 17:08:39 1993 From: keru at cpu.us.dynix.com (Warren Keith Russell) Date: Fri, 13 Aug 93 17:08:39 PDT Subject: Pine Message-ID: R. Tait wrote the following: >Does anyone have elisp to integrate PGP into Emacs? I'm fed up of >having to use VI to send/receive all my encrypted mail, and there's no >point in me writing any code if someone already has. Which prompts me to ask: Is anyone out there using the Pine email software? If so, do you know of any way to integrate PGP into Pine? If not, any other ideas? I see a lot of signed messages out there, but the only way for me to send one is to shell out to AIX, use vi to create a message, run pgp to create the signed message, then run Pine and read the message in, at which point I can finally send it. Notice that this message isn't signed. It's just too much hassle! Thanks for any advice anyone can give me. Keith ------------------------------------------------------------------------- Keith Russell Dynix Library Systems, Provo, Utah, U.S.A. keru at cpu.us.dynix.com or keru at devg.us.dynix.com ------------------------------------------------------------------------- From bbyer at BIX.com Fri Aug 13 17:48:42 1993 From: bbyer at BIX.com (bbyer at BIX.com) Date: Fri, 13 Aug 93 17:48:42 PDT Subject: Spooking of neural nets and image recognition... In-Reply-To: <9308131644.AA16850@NMSU.Edu> Message-ID: <9308132042.memo.45489@BIX.com> How about radio-frequency interference? I've heard that this works quite well for video camera and other electronic monitoring equipment. Ben Byer From ee at lever.com Fri Aug 13 17:48:48 1993 From: ee at lever.com (Edward Elhauge) Date: Fri, 13 Aug 93 17:48:48 PDT Subject: On The Inherent Evil of Electronic Democracy In-Reply-To: <9308120846.AA06905@longs.lance.colostate.edu> Message-ID: In message <9308120846.AA06905 at longs.lance.colostate.edu>, "L. Detweiler" writes: >3) consider that dampening mechanisms can be built in to a `responsive >democracy' system. To paint a picture of `direct democracy' as people >voting instantly on CNN is an ignorant insult. Conservative, >deliberative, stable structures, with the formality of court >proceedings and similar protocol, can be developed. What is a court but >an elaborate mechanism to uncover truth, resolve conflict, and pass >judgement, through presentations of evidence, opinion, and voting by a >nation's citizens? Held to the utmost ideal of impartiality and >fairness? Impacting every plane of human interaction? An alternative to courts would be the using the concept of free association so that if a decision you couldn't agree with was made in a group you participated in, you could withdraw from the group and join another whose decisions were more to your liking. Certainly there would be some actions like dumping toxic wastes that are of society wide concern, but many other questions such as how much money to spend (taxes) on roads and infrastructure could be handled on a group commitment basis. Computers could be used to implement the voting and keep track of accounting procedures that would otherwise be impractical. Such as, how many people voted (bought shares in) the space shuttle project and the corresponding benefits; access to the information, status reports, etc. >4) I believe `representative democracy' is essentially a mask for the >idea of saying `some people should have more influence than others in >voting and influencing social conventions, because they are leaders, >they know more about the subject, they are more affected by it, they >are recognized experts, they have everyone's best interest in mind' >etc. Now, consider that this `influence' could be *formalized* into a >system such that people `own' it and trade it and grant it to others >like a *currency system*, and that voting systems automatically weight >votes in different areas based on it. I agree totally about the elitist assumptions of representative democracy. I would prefer a combination of direct voting and an issue by issue proxy system. For instance I have no problem giving Barbara Boxer my proxy on health care, but am totally unwilling to give her my proxy on gun control. This proxy system would also eliminate the winner take all system that disenfranchises minorities. For instance blacks who are 10% of the population in a district often get no representation; then there are gerry mandered districts where a black is guaranteed to win. But you might have a conservative black businessman representing a district where 30% of the blacks are more radical. The winner take all system is just a way of diluting and ignoring non-mainstream ideas and groups. PS. I wish the From: or Reply-To: header came from the cypherpunk list. I had meant to reply to this post to the group but accidently sent it to L. Detweiler instead, only. -- Edward Elhauge -- ee at lever.com -- Lever Industries, San Francisco "The goal of the working class is liberation from exploitation. This goal is not reached and cannot be reached by a new directing and governing class substituting itself for the bourgeoisie. It is only realized by the workers themselves being master over production." -- Anton Pannekoek From gnu Fri Aug 13 17:49:11 1993 From: gnu (John Gilmore) Date: Fri, 13 Aug 93 17:49:11 PDT Subject: Requesting all records of the Clipper review panel Message-ID: <9308140044.AA08293@toad.com> This is a draft, which will be sent out within a day or two. John Karl Bell Deputy Director of Administration Freedom of Information Act Officer National Institute of Standards and Technology Building 101, Room A-110 Gaithersburg, MD 20899 Dear Mr. Bell: This is a request under the Freedom of Information Act ("FOIA"), 5 U.S.C. $ 552, on behalf of Mr. John Gilmore for all agency records pertaining to and utilized by the Skipjack review panel ("Panel"). This request also requests access to records which must be made available under the Federal Advisory Committee Act ("FACA"), 5 U.S.C. App. II (1972). Section 8(b)(2) of the FACA requires that the supervising agency for an advisory committee must assemble and maintain records for the committee; Section 8(b)(3) of the FACA provides that such records are subject to the FOIA. The Panel's review is being performed pursuant to the President's direction that "respected experts from outside the government [] be offered access to the confidential details of the algorithm to assess its capabilities and publicly report their finding." The Acting Director of the National Institute of Standards and Technology sent letters of invitation to potential reviewers. This request for records includes, but is not limited to: all records relating to the selection of the Panel members; all records of the Panel's activities and use of funds [FACA $ 12(a)]; the charter of the Panel [FACA $ 9(c)]; all notices of Panel meetings [FACA $ 10(a)(2)]; all written determinations to close any part of a Panel meeting [FACA $ 10(d)]; all records, reports, transcripts, minutes, appendices, working papers, drafts, studies, agenda or other documents which were made available to or prepared by the committee [FACA $$10(b) & (c)]. For instance, the Panel's interim report states that: We attended an initial meeting at the Institute for Defense Analyses Supercomputing Research Center (SRC) from June 21-23. At that meeting, the designer of SKIPJACK provided a complete, detailed description of the algorithm, the rationale for each feature, and the history of the design. The head of the NSA evaluation team described the evaluation process and its results. Other NSA staff briefed us on the LEAF structure and protocols for use, generation of device keys, protection of the devices against reverse engineering, and NSA's history in the design and evaluation of encryption methods contained in SKIPJACK. Additional NSA and NIST staff were present at the meeting to answer our questions and provide assistance. All staff members were forthcoming in providing us with requested information. All records pertaining to this and other meetings of the Panel are included within the scope of this FOIA/FACA request. If the requested records are not in the possession of your agency, I ask that you forward this request to any agency that you believe may have records that are responsive to this request. In the alternative, I ask that you inform me of other agencies that might have such records. As you know, the FOIA provides that even if some requested material is properly exempted from mandatory disclosure, all segregable portions must be released. [5 U.S.C. $ 552(b)] If any or all material covered by this request is withheld, please inform me of the specific exemptions that are being claimed. If any of the requested material is released with deletions, I ask that each deletion be marked to indicate the exemption(s) being claimed to authorize each particular withholding. In addition, I ask that your agency exercise its discretion to release information that may be technically exempt but where withholding would serve no important public interest. As you know, the FOIA provides that agencies may reduce or waive fees if it would be "in the public interest because furnishing the information can be considered as primarily benefiting the public." [5 U.S.C. $ 552(a)(4)(A)] Release of this material would be of benefit to the public because of the importance of public discussion of technology which can enhance personal privacy. Moreover, in previous FOIA requests to NIST, Mr. Gilmore has amply demonstrated his ability and willingness to disseminate such information to the general public. I therefore ask that you waive any fees relating to this request. Mr. Gilmore promises to pay up to $1000 in processing costs should this fee waiver be denied, so that NIST can begin processing this request while you rule on the propriety of this fee waiver. If you have any questions regarding this request, please telephone me at the above number. I would be happy to discuss ways in which this request could be clarified or somewhat redesigned to reflect the agency's filing system and speed the search for records. As provided under the FOIA, I will expect a reply within 10 working days. Sincerely yours, Lee Tien On behalf of Mr. John Gilmore From peb at PROCASE.COM Fri Aug 13 18:13:06 1993 From: peb at PROCASE.COM (Paul Baclace) Date: Fri, 13 Aug 93 18:13:06 PDT Subject: CA online legislative database access Message-ID: <9308140110.AA02254@banff.procase.com> I agree with sentiments against a direct democracy for all the reasons given and some extra reasons: laws should have expiration dates and a better feedback process is needed to determine whether particular laws are beneficial (hmm, sounds like PPL.) The real problem seems to be a general lack of education and wealth, but there is always the bell curve--such things will always be unevenly distributed. However, tracking proposed laws via the net creates the possibility of anyone being able to have a cheap lobbyist--the stuff can be posted and filtered, etc. This has nothing to do with people proposing stupid laws whenever they feel like it (this would require more significant legal changes). Paul E. Baclace peb at procase.com From koontzd at lrcs.loral.com Fri Aug 13 20:33:45 1993 From: koontzd at lrcs.loral.com (David Koontz ) Date: Fri, 13 Aug 93 20:33:45 PDT Subject: No Subject Message-ID: <9308140332.AA13545@nebula.lrcs.loral.com> I used to have a collection of COMSEC posters, which were at best inane. Sort of in the same vein as a T shirt, how about: CRIPPLED PRIVACY: [ Artwork of MYK-78A ] / (or replace with Uncle SAM pointing finger) N ever S ay A nything you DON'T want overheard. or [ Artwork of MYK-78A ] (identifying legend) Cryptographically Secure from all but Government TYRANNY or Does PRIVACY have to be a choice between being eavesdropped on by anybody OR the U.S. GOVERNMENT? SECURE CRYPTO is the ultimate FREE SPEECH! or [ Artwork of Robot Cop, from THX 1138 ] [ speech bubble "Are you now, or have you ever been ... ? ] A country that can have the McCarthy Era has no business allowing its government to spy on its Citizens. BAN MANDATORY PHONE BUGS! or [ Artwork of SPY with headphones ] PRIVACY is not having to worry about being overheard by the government. FREE SPEECH doesn't end at the your phone handset. Unfortunately George Orwells 'Animal Farm' isn't widely enough read to us quotes for making the point. Its probably only applicable after the other shoe drops anyway. Did you notice that the artwork in Dorthy Dennings 'American Scientist' article showed a minority member with headsets listening to a decoded clipper phone conversation? One wonders if this was intended as a propoganda ploy to disarm as being Politically unCorrect (PUNC) critizism of the action? What we need is a national talk show host/comedian belittling the governments plan. From tcmay at netcom.com Fri Aug 13 22:33:09 1993 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 13 Aug 93 22:33:09 PDT Subject: Anyone have the Gus Simmons paper? Message-ID: <9308140532.AA24598@netcom5.netcom.com> I recently scanned and OCRed the first part of the Gus Simmons preprint on subliminal channels in the Digital Signature System, then I posted this to the Cypherpunks list. Eric Hughes has asked me to scan in the whole paper and upload it the soda archives. (I cannot agree to OCR it all, however, as even my excellent OCR package cannot handle the many equations, subscripts, superscripts, etc. Eric proposes that I upload the raw TIFF file and then Cypherpunk volunteers can, if they wish, open the images and work on parts. Well, that's the theory.) But I can't find my copy anywhere! Also, a couple of people said a more recent revision is now circulating. So, could anyone who has a version--any version will do in a pinch, but the more recent the better--get in touch with me? Even better would be to bring it to the Cypherpunks meeting tomorrow (the Mountain View one). Thanks, -Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From plmoses at unix.cc.emory.edu Fri Aug 13 22:48:46 1993 From: plmoses at unix.cc.emory.edu (Paul L. Moses) Date: Fri, 13 Aug 93 22:48:46 PDT Subject: Get Rush Limbaugh to mock Clipper phonez Message-ID: <9308140544.AA15784@emoryu1.cc.emory.edu> David Koontz sez, get some national figure to belittle the government. Well, Limbaugh does it for a living..... From tcmay at netcom.com Fri Aug 13 23:33:09 1993 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 13 Aug 93 23:33:09 PDT Subject: Solicitation of Tax Evasion--An Example Message-ID: <9308140630.AA17518@netcom5.netcom.com> What could anonymous systems be used for? Besides allowing anonymity in posting embarrassing or otherwise "questionable" messages, is there any _commercial_ use? These are questions I hear a lot. Yes, there are commercial uses. Here's a case that just came wafting across the Net: a woman who wants to evade taxes--she states this explicitly--by bartering her labor for some software. (I have no problem with this, being against taxes and all, and knowing that various kinds of untaxable barter exchanges are going on everywhere.) Here's her post (no names have been changed, as she posted publicly): Newsgroups: misc.forsale.computers.mac From: vanous at mdd.comm.mot.com (Brendan K. Vanous) Subject: BARTER: graphic design for s/w Message-ID: <1993Aug14.040010.141 at mdd.comm.mot.com> Summary: would like to barter services for Mac software Date: Sat, 14 Aug 1993 04:00:10 GMT POSTING FROM MY HUSBAND'S ACCOUNT (mine's temporarily inaccessable): Hi. I'm a freelance forms/graphics designer who would like to expand her software library in an inexpensive (& non-taxable :-) manner. Therefore, I would like to propose the following: I will trade any of my design services (business forms, business cards, illustrations, manual formatting, brochures, newsletters, any sort of desktop publishing task that can be performed on a Mac ...) for an equivalent amount of Mac software (got an extra copy of PageMaker 4.1 lying around that you don't need?) All software must be original, with documentation and letter of transferral. NO PIRATED COPIES, PLEASE! If interested, please reply to cyphrkt at eskimo.com and I'll reply to you as soon as I possibly can (probably another 1 or 2 days before I get my account back up and running), or contact me at (206) 778-3362 by voice. Thanks! - Cindy Vanous ................. Chances are no IRS types are watching the Net for such solicitations--and the act of making such an offer is probably not itself illegal. The IRS would have to investigate, call an audit, prove taxes were evaded, etc. The existence of her solicitation might or might not be considered. But in an era in which every Usenet utterance is recorde in perpetuity and is available on CD-ROMs for browsing and compilation of databases and dossiers (you all *do* know this, don't you? Don't bother applying for certain jobs if you posted too many times, or even once, to "alt.sex.perversion.whatever"). Furthermore, anyone _reading_ this kind of post can, for example, call an anonymous (semi-anonymous?) tip line run by the IRS. Last I heard, tipsters can get 25% of any taxes collected as the result of their good citizenship. So, what can anonymity of the sort we discuss do here? After all, if she's anonymous, how can a tranaction ever be consummated? (I'll leave aside purely electronic transactions, which could in principle be done fully anonymously, using a combination of "pools" (the "digital democracy walls" I have cited before) and anonymous remailers.) If Cindy were to use an anonymous remailer to post her offer, and then offer a public key that could be used by anyone who wished to respond to her offer, a response could then be posted in the same group. Something like this: "Alice" (really Cindy): "Want to trade consulting for a used Macintosh. If you are interested, use this public key to respond: 3$1k8dRW4..." Bob (really Jack) sees this, decides to offer a deal, encrypts it with her public key (a one-time public key, used just for this deal), and used anonymous remailers to post it in place she is sure to see it (the same newsgroup, for example, or in one of Miron Cuperman's "pools," or in "alt.w.a.s.t.e," etc.). Bob also includes a public key she can use to communicate with him. If they like the general deal, they can then agree (using only their encrypted channel, readable only to themselves, even though they have never met and have no idea who the other is or where they live) on the next step. In a purely electronic transaction, this process can continue digitally and fully securely. If physical goods or money need to change hands, they can agree to meet, to use phones, etc. The risk to Cindy is still there--Bob (Jack) could of course be a government agent, etc.--but at least she is no longer broadcasting her intentions for all Usenet readers, present and future, to potentially see. And no future readers, such as government computer programs set to scan all postings for evidence of such illegalities, can retroactively detect and compromise her. (If no actual physical contact is needed--such as for software sales and consulting--then of course the contact can in principle remain fully anonymous. Even the transfer of physical goods can be done with moderately good security against tracing...smugglers, drug dealers, and hijackers do it all the time. "Fences," they are called. And so on.) This is just one example of how "the little people" can benefit from the schemes we are exploring. Understand that I have no illusions that our friend Cindy will soon be using such methods...but maybe in 5 years. -Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From mimir at u.washington.edu Fri Aug 13 23:53:09 1993 From: mimir at u.washington.edu (Al Billings) Date: Fri, 13 Aug 93 23:53:09 PDT Subject: Pine In-Reply-To: Message-ID: On Fri, 13 Aug 1993, Warren Keith Russell wrote: > Which prompts me to ask: > > Is anyone out there using the Pine email software? If so, do you know of > any way to integrate PGP into Pine? If not, any other ideas? I see a lot > of signed messages out there, but the only way for me to send one is to > shell out to AIX, use vi to create a message, run pgp to create the signed > message, then run Pine and read the message in, at which point I can > finally send it. Well, I can't help you directly but why are you using vi? The editor you use inside of pine can also be used as a full screen editor. It is pico. From khijol!erc at apple.com Sat Aug 14 00:38:47 1993 From: khijol!erc at apple.com (Ed Carp) Date: Sat, 14 Aug 93 00:38:47 PDT Subject: Solicitation of Tax Evasion--An Example In-Reply-To: <9308140630.AA17518@netcom5.netcom.com> Message-ID: > Bob (really Jack) sees this, decides to offer a deal, encrypts it with > her public key (a one-time public key, used just for this deal), and > used anonymous remailers to post it in place she is sure to see it > (the same newsgroup, for example, or in one of Miron Cuperman's > "pools," or in "alt.w.a.s.t.e," etc.). Bob also includes a public key > she can use to communicate with him. The problem is, unless you're very careful about distributions and such, you can easily clog the net with zillions of public-key-encryptions to alt.security.pgp.messages . But then again, I suppose it's not any more traffic than alt.sex.pictures.erotica.* generates. :) It would be trivial to write a script to be put in your .login to automatically skim that newsgroup for anything encrypted with your public key. Hmmm... -- Ed Carp, N7EKG erc at apple.com 510/659-9560 anon-2133 at twwells.com If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From tcmay at netcom.com Sat Aug 14 01:13:08 1993 From: tcmay at netcom.com (Timothy C. May) Date: Sat, 14 Aug 93 01:13:08 PDT Subject: Solicitation of Tax Evasion--An Example In-Reply-To: Message-ID: <9308140811.AA16134@netcom5.netcom.com> Ed Carp writes: ... > The problem is, unless you're very careful about distributions and such, > you can easily clog the net with zillions of public-key-encryptions to > alt.security.pgp.messages . But then again, I suppose it's not > any more traffic than alt.sex.pictures.erotica.* generates. :) > > It would be trivial to write a script to be put in your .login to > automatically skim that newsgroup for anything encrypted with your public > key. Hmmm... Yes, Ed is right. Easy to spot messages intended for you. And the volumes involved in this "crypto classfieds" are not unreasonable. Several comments: 1. As Ed points out, not such a large volume compared to the GIFs and JPEGs (and now even MPEGs) being posted. A "classifed ad" is small for what it carries (in terms of commercial information). That is, all the ads we could write as individuals in a year would be less than a single large JPEG image. And of course the ads could be packed in the bits of such images, but I digress. And as Hal Finney notes, steganography is not the main issue. Ironically, though, these "crypto classifieds" represent a kind of steganography, in that the authorities may _suspect_ the meaningless bits are related to tax evasion, or solicitation of murders (untraceable!), or sales of Stealth bomber plans, but they can't prove this. The cyphertext could just as easily be love letters, encrypted notes to lawyers (attorney-client privilege), psychiatric records (the law now requires due diligence in keeping them secure, so encryption is increasing here), or the "digital confessionals" of networked churches! (These "legal covers" for crypto will be _very_ hard to stop, even if the Administration wants to ban strong crypto. Telling a priest or a lawyer that his communications with his client must be wire-tappable will not go over well, and may be ipso facto thrown out.) 2. By analogy with publishing real classified ads in real newspapers, imagine a "pool" site, reachable by ftp, that could contain gigabytes of such encrypted "junk." (Incrimination of those who use such a site can be eliminated by having it used for all kinds of things, and encouraging everyone who retrieves something that's actually of interest to them to randomly take a bunch of other stuff. This could be cumbersome, I'll grant you.) (Probably easier to just use UseNet, unless and until the volumes get really large. When we last discussed this in a major way, probably around last November or so, Miron Cuperman proposed "pools" that people would subscribe to, automatically getting _all_ messages sent to the pool. Incrimination is avoided, as above. However, using idle UseNet groups ("alt.fan.chaum"?) will work just about as well, modulo some concerns that who reads what newsgroups is theoretically observable.) 3. Satellite distribution, as with all kinds of feeds. (These various alternative distribution systems--satellite, pool, newsgroup, ftp site--are all just variations on the idea that nobody knows who's reading what ads in a newspaper-type system, a batched transmission system.) 4. How does the target of a message know where to look? Must he scan through all messages? Obviously not, as many indexing schemes can be used which do not compromise the security. For example, he may know that messages he can read will start with "BARTER FOR SOFTWARE." The sender's security is still maintained (remailers) and so is the recipient's (he takes many messages, or downloads a large chunk of them to his local machine, where he can extract the message meant for him). (And the messages may also be apparently meaningless junk, readable only to the intended recipient. So that he won't have to decrypt each and every message to see which ones he can open--and he may have multiple transactions in the pipeline, all with their own unique keys to use!--there can be simple headers which are very quickly decrypted Or the two communicants, once a channel is established, can agree to put keywords in their messages, outside the cypertext. Again, this is exactly what those communicating with newspaper ads do: they use codes.) Enough for now. -Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From khijol!erc at apple.com Sat Aug 14 01:53:09 1993 From: khijol!erc at apple.com (Ed Carp) Date: Sat, 14 Aug 93 01:53:09 PDT Subject: Solicitation of Tax Evasion--An Example In-Reply-To: <9308140811.AA16134@netcom5.netcom.com> Message-ID: > > The problem is, unless you're very careful about distributions and such, > > you can easily clog the net with zillions of public-key-encryptions to > > alt.security.pgp.messages . But then again, I suppose it's not > > any more traffic than alt.sex.pictures.erotica.* generates. :) > > > > It would be trivial to write a script to be put in your .login to > > automatically skim that newsgroup for anything encrypted with your public > > key. Hmmm... > > Yes, Ed is right. Easy to spot messages intended for you. And the > volumes involved in this "crypto classfieds" are not unreasonable. > > 4. How does the target of a message know where to look? Must he scan > through all messages? PGP will fail if signed with a key that it doesn't know about - that makes it easy... So, one doesn't need to decrypt all the messages (or try to), nor does one have to agree on a subject header or anything else. -- Ed Carp, N7EKG erc at apple.com 510/659-9560 anon-2133 at twwells.com If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From szabo at netcom.com Sat Aug 14 01:58:47 1993 From: szabo at netcom.com (Nick Szabo) Date: Sat, 14 Aug 93 01:58:47 PDT Subject: Preempting net.archive.blacklist In-Reply-To: <9308140630.AA17518@netcom5.netcom.com> Message-ID: <9308140858.AA26459@netcom5.netcom.com> Tim May: > This is just one example of how "the little people" can benefit from > the schemes we are exploring. Understand that I have no illusions that > our friend Cindy will soon be using such methods...but maybe in 5 years. Did you forward her a copy of your excellent ariticle? That would be a start. More generally, we can explain how Usenet can be archived and used for these kinds of purposes, posting to newsgroups far & wide (esp. alt.drugs, *.activists, soc.motss, support newsgroups, flame-prone political newsgroups, etc.) until net.users have been made aware of the consequences of their posting. Alas, mere explanation and exhortation might indeed take five years. Illustration could be far more effective. Perhaps we should do some dossier accumulation ourselves, blatantly. Interesting replies could be sent via anon remailer to people who post on controversial political topics. For example, a hit on '/black/ && /welfare queen/' might trigger the following: ---------------------- From: multicult at nowhere.com (Racism Tracking Project) Organization: Multicultural Unity Activists To: redneck_poster at deep.south.edu Your recent post to soc.culture.usa, enclosed below, has been archived as part of an exciting new experiment to stamp out racism worldwide. Our first step is the Racism Tracking Project is to track racist hate speech in order that society may never again be caught unaware of those promoting hate. Our database will be made available to selected scholars, journalists, and law enforcement officials upon request. Your posting has been recorded as follows: Please let us know if this is in error. Have a good day. -------------------- A more sophisticated version would respond to intercepted private e-mail in addition to grepping netnews. Such "Tracking Projects" might, if net.users continue scrawling their private thoughts on the public archives, accumulate detailed blacklists on homophobes, homosexuals, satan-worshipers, Aryan Nationalists, Communists, anarchists, Scientologists, atheists, pagans, promoters of illegal drug use and tax evasion, etc. Preemptive, blatant Net.Blacklists may be the only way to effectively raise awareness of the issue before the real blacklists start up -- if they haven't already. Nick Szabo szabo at netcom.com From bwp at mindvox.phantom.com Sat Aug 14 08:56:42 1993 From: bwp at mindvox.phantom.com (Jane Doe) Date: Sat, 14 Aug 93 08:56:42 PDT Subject: User suggestion on MacPGP Message-ID: One of the best improvements implemented in MacPGP 2.3 was the ability for the user to enable an option that let PGP keep the key passphrase in memory so you don't have to re-type it each message. However, I have ran up against two problems with its implementation. 1). if you mis-type the passphrase, the incorrect phrase goes into memory and MacPGP takes it instead of putting back up a dialog box for you to re-try. The result of any mis-typed passphrase is therfore a bad passphrase error that you cannot recover from except by quitting and re-starting MacPGP. 2). if you try to generate another key pair after typing (or mis-typing) a passphrase, MacPGP takes the passphrase from memory and automatically applies it to the new secret key. This is inconvenient especially if the mis-typed phrase is so badly munged that the user cannot remember what she typed ;-). -bwp From danodom at matt.ksu.ksu.edu Sat Aug 14 09:31:42 1993 From: danodom at matt.ksu.ksu.edu (Dan Odom) Date: Sat, 14 Aug 93 09:31:42 PDT Subject: birth of Software Patent Institute In-Reply-To: <9308110513.AA07049@longs.lance.colostate.edu> Message-ID: <9308141628.AA12770@matt.ksu.ksu.edu> L. Detweiler Said: > Don't know anything about this, but it's a definite Cypherpunk cause... > the first question to ask would be whether they're in touch with LPF at all. I don't know if this is what you were asking, but: The LPF is very strongly against the SPI, and requests that people refrain from providing it with ANY information that might assist it in building a database containing software patent information. This database, whatever its intended use may be, can assist leeches^H^H^H^H^H^H^Hlawyers in building bulletproof software patents by making information on prior art available to them. It will have a user interface in the same style as LEXIS/NEXUS (sp?), and that suggests that it is inteded for the lawyers rather than for us (no offense intended to Mike). -- Dan Odom danodom at matt.ksu.ksu.edu -- Kansas State University, Manhattan, KS Support the League for Programming Freedom. Mail lpf at uunet.uu.net From anonymous at extropia.wimsey.com Sat Aug 14 11:51:44 1993 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Sat, 14 Aug 93 11:51:44 PDT Subject: No Subject Message-ID: <199308141827.AA26394@xtropia> > *pragmatic* descriptions of Electronic Democracy ... Uu> Uu> You're walking down the street, and a gang of thugs jumps out Uu> from behind some bushes. Their leader approaches you and says: Uu> Uu> "Don't be alarmed, we're your very local community - we believe Uu> in the noble principle of Democracy, majority rule, and you Uu> have an equal vote with each of us." Et cetera, und so weiter... More succinctly, "Democracy is four wolves and a sheep voting on lunch." Up the republic! From jet at netcom.com Sat Aug 14 12:21:44 1993 From: jet at netcom.com (J. Eric Townsend) Date: Sat, 14 Aug 93 12:21:44 PDT Subject: Beepers can also be used to track you down! In-Reply-To: <9308132123.AA26208@anchor.ho.att.com> Message-ID: <9308141917.AA00520@netcom2.netcom.com> HOY002 writes: > There is one way to track someone with a beeper - you call them, > leave your number, and trace the call if they call back. > It doesn't work for people who only accept calls from certain numbers true. I don't return pages from wierd or unknown numbers because of the rash of pay-service fraud incidents. (Get a 900-type number in an area that doesn't use '900' or '976'. Make your number a $20 or so charge. Page lots of people with the number.) > loops through the addresses and see who pulls out a beeper and heads Or you can find out the user->id mapping by bribing/breaking into the paging company, and look for certain numbers being sent as page-strings to certain people. From geoffw at nexsys.net Sat Aug 14 13:21:43 1993 From: geoffw at nexsys.net (Geoff White) Date: Sat, 14 Aug 93 13:21:43 PDT Subject: Media Wars Message-ID: <9308141944.AA19533@nexsys.nexsys.net> > > What we need is a national talk show host/comedian belittling the > governments plan. > Good Idea, someone like george carlin, maybe we can get frank zappa to speak out on it, It would reach a section of the population that would normally not be reached, he has challenged Big Government before on free speack issues (in the music industry), he's not a comedian but he would be effective. A real good person to get would be Lilly Tomlin!! She could definately get exposure with her Ernestine the Operator charecter. I think her political orientation would support our cause. Although, if you really want to be effective, you should win over Bob Hope; a few wise cracks from him on some tv special and the Clipper would be dead before morning :) From wcs at anchor.ho.att.com Sat Aug 14 13:46:43 1993 From: wcs at anchor.ho.att.com (Bill_StewartHOY0021305) Date: Sat, 14 Aug 93 13:46:43 PDT Subject: Electronic Democracy Message-ID: <9308142042.AA21896@anchor.ho.att.com> An anonymous personage writes > More succinctly, "Democracy is four wolves and a sheep voting on lunch." > Up the republic! Yeah, though representative government is four wolves voting on _which_ sheep to have for lunch. Any time power is available, it can be abused; it's nice to be working on systems that allow people to do transactions without providing additional information which can be abused. From ld231782 at longs.lance.colostate.edu Sat Aug 14 15:36:46 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Sat, 14 Aug 93 15:36:46 PDT Subject: few bits of info on Mycotronx Message-ID: <9308142231.AA03733@longs.lance.colostate.edu> here are a few bits of info on Mycotronx. IBM's `supplier of the year' and heavy into `satellite encryption systems'. p.s. rumor has it a reporter out there picked up on the Mycotronx `dumpster' postings here and the pointer in alt.whistleblowing to it for a mainstream news article to appear ~Sep.-Oct. ltr. ------- Forwarded Message [...] I pulled this from the Business Wire, it's not copyrighted was was distributed on BW for inclusion in Business Editor's files... it's the "approved" company profile of the folks making the Cliper Chip. =-=-=-=-=-=-= CORPORATE PROFILE FOR MYKOTRONX INC., DATED FRIDAY, AUG. 13 Published date: Friday, Aug. 13 Company name: Mykotronx Inc. Address: 357 Van Ness Way, Suite 200 Torrance, Calif., 90501 Telephone No.: 310/533-8100 Chairman of the Board: Leonard J. Baker Secretary/ Treasurer: Kikuo Ogawa President: Theodore S. Bettwy Public Relations Contact: Sheila R. Coon Business number: 310/533-8100 ext. 13 Home number: 310/548-7061 Company description: Mykotronx Inc., a small Torrance, Calif. business (42 employees) is fast becoming recognized as a leader in the Information Security (INFOSEC) field. The company has received numerous commendations for its quality program. Mykotronx was named "supplier of the year" by IBM's Federal Systems Co. of Boulder, Colo., for both 1992 and 1993. The Mykotronx staff is composed of experienced authorities in cryptology, telecommunications and the digital design of electronic equipment and microcircuits (chips). It also has excellent facilities for performing R & D engineering, prototype, production and testing. The small company atmosphere provides for personalized service and quick-react capability. Low overhead and operating expenses contribute to Mykotronx's price competitive capability. Since 1987 Mykotronx has gained a steadily increasing market share of the Space Communications Security (COMSEC) business through its COMSEC equipment design and production. Bookings through June 1993 have exceeded $7.5 million. Mykotronx is a major supplier of satellite-to-ground encryption equipment and the developer of the U.S. Government's proposed new standard ("Clipper") for encryption of electronic communications such as voice and computer transmissions via telephone, fax machine, modem, etc. Whether for high-volume or one-of-a-kind custom units, Mykotronx has the technology and capability to meet customer's INFOSEC needs. CONTACT: Mykotronx Inc., Torrance Sheila R. Coon, 310/533-8100 (phone) 310/533-0527 (fax) ------- End of Forwarded Message From leemartt at utu.fi Sat Aug 14 16:26:47 1993 From: leemartt at utu.fi (Leevi Marttila) Date: Sat, 14 Aug 93 16:26:47 PDT Subject: lookin' for a slogan for Tshirts Message-ID: -----BEGIN PGP SIGNED MESSAGE----- >Message-Id: <199308021828.AA12198 at flubber.cc.utexas.edu> >Subject: Re: lookin' for a slogan for Tshirts >Date: Mon, 2 Aug 1993 13:28:36 -0500 (CDT) >From: Jim McCoy >A nice thought, but it is not quite true now, is it? Cryptography has been >a tool for specialists, scholars, and governments for those 4000 years, but >to claim that "the masses" have had access to it is clearly untrue. In >fact, it seems that the current friction between groups such as this one >and the U.S. governement is caused mostly because private citizens are >beginning to get access to this strong cryptography and this is something >"those who watch" do not like... > >jim *The masses* have easy access to cryptography *and* the goverment has easy access to messages of *the masses*. Leevi Marttila leemartt at polaris.utu.fi "leevi.marttila/o=elisa-turku/"@elisa.fi -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBLG097TUMRj48GHK9AQH8fQP/ZmHmwEYejsXvFGRHkeSymTB8kuRfjQRy vPCaFs6NSqC4Sl65ezx4ujEztGBcNHy7h4XwErYXj+KBD4HB6pMJr/jYtLnwHUhi L6rHDgF9JY4rawIRO7xVyCYl23Wa3aYNM1beFj7S8tw0QUYR4JOK8zslIQtv9vm5 7AOQurPKYXE= =JTmd -----END PGP SIGNATURE----- From IE63 at vaxb.acs.unt.edu Sat Aug 14 17:56:47 1993 From: IE63 at vaxb.acs.unt.edu (IE63 at vaxb.acs.unt.edu) Date: Sat, 14 Aug 93 17:56:47 PDT Subject: Encrypting Viruses.... good idea? Message-ID: <01H1QX6LHQPE0029G2@vaxb.acs.unt.edu> -----BEGIN PGP SIGNED MESSAGE----- >Speaking of cryptostacker and beneficial viruses that encrypt files for you >in the background, I just got a copy of one in the mail! I think this may >be of interest to the group, so I am posting. ......... >I can't seem to find mention of what the fast/casual encryption algorithm >is. Instead of source code, a hex listing is provided. According to >further notes, there is a hot-key for toggling floppy encrypt, and another >hot key to uninstall from the hard drive. > >All the same, if I get a chance this weekend I'll probably try it >out! Well, good luck with it. I'd personally like to see/do a disassembly of the _entire_ virus before I would install it - security systems are great for back doors, and a virus would be GREAT for such. There are a few things anyone using this program might want to watch for (I have yet to see it, though I'd be VERY interested in disassembling it.... anyone out there with a copy that wouldn't mind sending it _ENCRYPTED_ through E-mail? Full commented disassembly returned to sender ASAP!): 1.) Some anti-virus programs with heuristics are going to have a cow, most likely - CES, F-PROT, TBSCAN are a few that are likely (especially VIRSTOP from F-Prot - if I'm wrong, tell me...) and these are some of the best out there for personal protection (sorry SCAN & CPAV). 2.) I'd recommend NOT using it if you have a special master boot record, like Windows NT or some boot-based security systems or multiple boot choices. There are 9 sectors free at the beginning of most IBM hard drives, I assume this virus uses the first sector and 1/more of the others..... if another program wants to use these as well - I'd bet the virus doesn't notice until too late. 3.) Watch where the virus puts itself on floppies. If it is larger than 512 bytes (almost have to be for its functionality) then there are only three ways I know of to put additional code in: a.) Mark sectors bad, and place code there. Problem: DON'T "FIX" BAD SECTORS ON YOUR DISK WITH NORTON! b.) Use space after root directory entry and FAT to put virus in, just like the Stoned virus. Problem: Trashes data if there are more than 80 files in the root directory. Also sometimes causes other problems with High-Density disks.... And, if a new format of disk comes out - WATCH OUT! c.) Format extra tracks on the floppy - these tracks are rarely very reliable - you might loose information if these tracks give out, depending on the setup of the virus you might loose the disk. d.) This method I haven't seen, but I guess it could happen - create an actual file and allocate it from the FAT.... this might actually be safe, as long as the virus didn't let anyone delete it or write over it. 4.) Watch where it locates itself in memory: most likely it will lower the memory in BIOS before DOS gets loaded (CHKDSK will inform you that you have <640k low memory rather than the usual 65536 bytes....) which is generally relatively safe if the computer has a standard config. It may cause problems depending on where/how/when it allocates memory, though. 5.) What happens when you bypass Int 13h (which is presumably what it hooks) and use absolute disk I/O by directly using the driver? Careful with Norton and other diskfix programs that _might_ do this at times..... 6.) Don't press 'DISINFECT' from your favorite AV program without decrypting your disks first........... My bottome line is this: the virus may be cool, but why a virus? Viruses may work for attacking things, wiping stuff out, hacking stuff, whatever (although they always tend to hit more than the intended target, funny thing about that), but when the only user of a machine WANTS to do something with their machine, why a virus? I mean, honestly...... although I must admit, it solves the problem of distribution of software in the most interesting way - I want to see what happens if a commercial company writes one of these and COPYRIGHTS it...... "This program may only be used by the original purchaser. Any unauthorized copying, lending, or any other method of distribution is STRICTLY PROHIBITED! Violators will be prosecuted to the full extent of the law! You want I should infect this here hard drive? huh? huh? (Y/n)?" "BTW - if you're reading this message and did not buy this software, then we'll be sueing you in two weeks, your modem just dialed our mainframe." I suppose I may be being a bit judgemental, as I am speaking simply from the letter quoted above, but still...... it sounds very reminiscent of Fred Cohen's compression virus..... My Public Key: - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAixUuYYAAAEEAKNllAee26qGqxJck3Bftdkrz0MUQLABGMZqVem9UW9kjjS+ rMAafauqYTE5/Kdnx+4Asj0Wgfon0YBtRMT0crMcBYNqVp4//RUh7wrxQNvKFeeO ZGuQp2hyHQqh1FDfWsHG4ldGqIV1YuOXq6oeIDkmbwgf8BRgPcZkwUqsF4b1AAUR tCpNaWNoYWVsIEEuIEVsbGlzb24gPGllNjNAdmF4Yi5hY3MudW50LmVkdT4= =0rss - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLG2BMcZkwUqsF4b1AQGe+wP+OeEKZd71ObybB4RuWa6rg761g0sNIqza L733m6EJkuxTzy0c9TwVO+S1+QXiI44O85QOA7dc84YQ0Y65Y6yEzudSSlFAN6UB CpjOQkia18ruY1CXY6mXsCAiNotWHzm2hcXASWLXXXkJi37jnfAOp3N+xWSk2+g6 Zm+0zgWa6hg= =YSOp -----END PGP SIGNATURE----- From rarachel at ishara.poly.edu Sat Aug 14 20:41:52 1993 From: rarachel at ishara.poly.edu (A1 ray arachelian (library)) Date: Sat, 14 Aug 93 20:41:52 PDT Subject: Beepers can also be used to track you down! In-Reply-To: <9308141917.AA00520@netcom2.netcom.com> Message-ID: <9308142338.AA05358@ishara.poly.edu> Okay guys, I called up my friend and this is what he had to say about it: 1. The company he works for is for one thing involved in selling beepers and beeper service. 2. Beepers respond to something called a "CAP" code. Each individual beeper has a unique CAP code. This code is what is used to transmit a beep to that particular beeper (as well as the ping.) 3. The FCC supposedly has information on how to track down beepers (without the obvious way of placing a beep and seeing if they return the call.) Obviously, someone that is higher up in the tech dept. of a beeper co. might provide confirmation of this if the FCC does not (and would they if such a feature did exist?) 4. This "ping" signal is used to disable the beeper incase it gets stolen. What's not too clear to me is whether there is one type of ping that responds or two, with the second one that also disables the beeper incase of loss of theft. 5. Supposedly, the ping is a broad band signal that has 1/4 mile acuracy per cell, then after that a tracking gun of some sort can be used, which looks pretty much like a radar speed gun, but has a shoulder strap or something. Again, this description isn't mine, and I'm not familiar with any of these, so any questions you have will take a few answers to clear up. Also, this could just be a case of bad info. My friend is fairly trustworthy in his info in general, however, it is also possible that he got faulty info from someone else in the company. I won't metion his name or his company for obvious reasons, but will forward questions. However, I did notice one message from an individual who mentioned that in Britain, some sort of scanners were used to track down unlicensed TV's and that his buddies used to keep their beepers in Faraday cages. Since I stored this message on a machine which seems to be down, I don't have his name or quotes yet, however this was posted a few days ago (forgive me for not remembering your name.) Also, (again this too is unconfirmed) another friend of mine who is slightly familiar with electronics and who wanted to become a piolot mentioned that AM receivers can cause troubles in airplane sensors. (Again, I'm not confusing this with laptops or CD players, etc, but specifically AM receivers. This too is unconfirmed, so take it with or without several grains of salt.) :-) From nobody at alumni.cco.caltech.edu Sat Aug 14 21:31:52 1993 From: nobody at alumni.cco.caltech.edu (nobody at alumni.cco.caltech.edu) Date: Sat, 14 Aug 93 21:31:52 PDT Subject: No Subject Message-ID: <9308150424.AA19004@alumni.cco.caltech.edu> >From: honey at citi.umich.edu (peter honeyman) > To: cypherpunks at toad.com > Date: Fri, 13 Aug 1993 15:12:31 -0400 >There's probably a way to disable the transmitter in the beeper, ... > i should think that all the second amendment enthusiasts on this list > could come up with something ... > peter Well, the immediate solution is an application of 230-grain hardball, but you probably had something more sophisticated in mind, huh? From anton at hydra.unm.edu Sat Aug 14 23:46:53 1993 From: anton at hydra.unm.edu (Stanton McCandlish) Date: Sat, 14 Aug 93 23:46:53 PDT Subject: ONE BBSCON In-Reply-To: <9308121536.AA21970@muskwa.ucs.ualberta.ca> Message-ID: <9308150646.AA18284@hydra.unm.edu> Quoth Sneal, verily I say unto thee: -=>lift. However, while we're on the subject, I'm wondering if any -=>arrangements have been made to distribute anti-Clipper material at [ONE BBSCON] -=>I'd be happy to distribute flyers or what-have-you, but -=>they'd have to reach the show by other means; I'm not willing to -=>carry such seditious material across the US/Canada border. Well, quick someone draft something that will fit onto one page. I'll be happy to xerox several hundred of them. -=> I hope that EFF will have a presence at the show* They will. One of the strongest presences at the whole show. Reminds me, I think we (meaning libertarianistically minded sysops and users) should organize another con, to compete with ONE BBSCON. ONE BBSCON (Online Networking Exposition & BBS Convention) will apparently be held in the same place every year, costs $325 just to get in the door, and it 100% controlled by the corporate interests that are screwing up the BBS scene. We need a new con that is run by, and caters to, the hobbyist and shareware BBS scene. Still lots of room for vendors, but for the non- and semi-commercial software authors, who are left behind by ONE BBSCON's outrageous prices for display booth space. [back to EFF] -=>as they did last -=>year, and can sow some further seeds of discontent among the -=>non-Internet online world, many parts of which don't seem aware of -=>the Clipper debacle. Any comments from the EFF folks hereabouts? I certainly don't speak for them, but from what I've seen of the list of conferences and seminars, they will be covering a very wide variety of material. -=>* I had a great time arguing with Shari Steele and accusing her of -=>"dancing with the Devil" w/ reference to backing then-Senator Gore's -=>Data Superhighway proposal. Very libertarially-incorrect position to -=>take, Shari. :-) Back then it sounded cool. I was all for it too, until he got to be VP and then the view darkened considerably. Hell, I never should've trusted the husband of the Wicked Witch that came up with the PMRC! Seriously, as originally announced, it didn't sound all that bad, and I think many of us figured we could activize enough to get it to be what we wanted. This did not happen however. -- Stanton McCandlish * Space Migration * Networking * ChaOrder * NO GOV'T. * anton at hydra.unm.edu * Intelligence Increase * Nano * Crypto * NO RELIGION * FidoNet: 1:301/2 * Life Extension * Ethics * VR * Now! * NO MORE LIES! * Noise in the Void BBS * +1-505-246-8515 (24hr, 1200-14400, v32bis, N-8-1) * From greg at ideath.goldenbear.com Sun Aug 15 00:41:52 1993 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Sun, 15 Aug 93 00:41:52 PDT Subject: Pagers Message-ID: For what it's worth, my pager (a Motorola Bravo (Plus?) using a frequency of 152.240 MHz) cheerfully receives pages while inside my microwave. (No, I didn't turn the microwave on. :) What that implies about the shielding capabilites of my microwave (and the safety of its continued use) is beyond my knowledge of RF and microwaves. I have some idea (please correct me if I'm wrong here) that shielding effective for energy at one frequency (like that of my pager) may be ineffective or less effective at another (like the frequency of microwaves). I'm intrigued (and alarmed) at the idea that it's possible to disable pagers via remote control. While I'll admit that there's some wee utility in being able to make sure nobody can use my pager if it's lost/stolen, it's sounding, from the posts to the list, like it'd be possible to disable many folks' pagers, were some miscreant so inclined. I know of pagers being used by police, fire department, search & rescue, private/campus security, and medical folks; if someone put some time into the "kill all the pagers" thing, it could be pretty damaging. Then again, knowing that, if I swiped somebody's pager, I'd probably just remove the battery for a few days, and hopefully miss the "stop working now" signal. I'm curious, though, how long the battery would last - my pager has a single AA battery, which lasts about a month. On average, a pager in the "find this pager" mode would have a single half-discharged AA battery to power its transmitter; and that transmitter would be sending its signal without benefit of any sort of external antenna. My very limited knowledge of RF propagation makes me think it'd be hard to get much range or duration under those circumstances. I'd be interested to see this thread move over to comp.dcom.telecom - there might be more folks who know about pagers who could comment. This is interesting, but frankly I'm still pretty skeptical. -- Greg Broiles greg at goldenbear.com Golden Bear Computer Consulting +1 503 342 7982 Box 12005 Eugene OR 97440 BBS: +1 503 687 7764 From karn at qualcomm.com Sun Aug 15 01:31:52 1993 From: karn at qualcomm.com (Phil Karn) Date: Sun, 15 Aug 93 01:31:52 PDT Subject: Pagers In-Reply-To: Message-ID: <9308150828.AA03881@servo> Yes, the microwave oven is designed to be especially effective at one particular frequency. Look at the gasket on the inside surface of the door. Underneath is what is called a "quarter-wave choke". It looks like a short circuit at the surface of the door, but only at 2450 Mhz, the operating frequency of a microwave oven. You probably still got a lot of shielding, it just wasn't enough. Remember that modern communication receivers (even pocket pagers) are capable of working with incredibly small amounts of signal energy by human standards. And paging systems are designed to blanket their coverage areas with a *lot* of RF from multiple synchronized transmitters, each running several hundred watts. This seeming overkill is necessary to handle the very wide dynamic range in propagation losses that terrestrial communication links can encounter due to fading, multipath, terrain blockage, changing distances, etc. Even a properly operating microwave oven that is well within all radiation safety limits is *easily* detectable with a communications receiver or spectrum analyzer (the latter is preferable because the frequency is so unstable). I think I saw about -8dbm an inch from the door seal of the oven I had back in NJ when I checked it. As I said, this is well within biological safety limits but it is, by radio communication standards, an *extremely* strong signal. Amusing anecdote: recently I took one of our CDMA cellular phones into a supposedly NSA-certified RF screen room at work (though it's not used for government work). The cell antennas are on the roof of the same building. I closed the room door and latched it, and the phone still worked! I then put the phone into a conventional metal cabinet in the room and my call finally dropped. It's conceivable that the room still met specs (something like 100 dB), but that just wasn't enough until I added a few more dB with the metal cabinet. Like I said, mobile radio systems have to deal with some *very* wide dynamic ranges. Phil From szabo at netcom.com Sun Aug 15 01:56:49 1993 From: szabo at netcom.com (Nick Szabo) Date: Sun, 15 Aug 93 01:56:49 PDT Subject: Cypherpunk trends & visions Message-ID: <9308150855.AA24359@netcom4.netcom.com> At today's Silly Valley cypherpunks meeting (Tim May, John Gilmore, Eric Hughes, Sandy Sandfort, Whit Diffie, Romana "Cypherella" Machado, etc. etc.) there was a lot of hand-wringing about the cypherpunks movement "stalling". Ever the pessimist, Tim May drew a chart showing cypherpunks starting out with a bang (publicizing PGP, starting up anon remailers, etc.) and seeming to stall out (even as we've gotten major publicity in Mondo, Wired, Village Voice, etc.). Much of the rancor and pessimism may reflect the fact that cypherpunks are more distributed now. For example, the stuff on this list is very disconnected from the Bay Area meetings. Do any non-Californians know or care about Digital Silk Road, electronic credit unions, Twain, etc? How hip are Bay Area cypherpunks to the various projects re: user-friendly PGP, CryptoStacker, securely private BBS's, secure phones, etc? (The main motivation for me typing in this message is to try to open up the lines of communication more, let people know what Bay Area cypherpunks are doing, and encourage replies from folks in other regions who are holding meetings & doing projects). Besides, we haven't stalled; we're just on a more mature part of the learning curve. Much of the "low hanging fruit" has been picked (as Tim May pointed out: PGP was already here, remailers were ripe, etc. when cypherpunks crystallized). We seem to have played a major role in delaying Clipper just with our big mouths (and fat fingers :-). More concretely, just today Romana and Geoff Dale unveiled a slick steganography tool for the Mac that, if distributed widely and ported to the PC, would make it practically impossible to outlaw strong crypto. We also have a variety of goals. We all share a commitment to spreading crypto beyond the elites, but for a wide variety of reasons. Some of us (Tim May, myself, etc.) are libertarians who want government out of our lives, others are liberals fighting the NSA, others find it great fun to ding people in power with cool hacks, and still others are in it for the variety of opportunities crypto-anarchy opens up for making "filthy lucre". I don't think it's productive to do too much breastbeating over this, to try to define "cypherpunk correct" politics, or insist that everybody work towards the same goals. The only stuff we really need to agree on is the practical stuff: the general "web of trust" model of cryptography, and the development of common tools and standards on that basis. Beyond that I hope there's room for a wide variety of opinions and projects. My own vision of cypherpunks evolution runs along the following lines. Some of these may be commercial opportunities, but so far cypherpunks have been most effective with freeware like anon remailers, PGP add-ons, etc.: * Digital coupons: S&H greenstamps for online services (netcom/Well/Compuserve net connection services, AMIX, NEXIS/LEXIS, Dow Jones, commercial MUDs, metered e-mail, anon services, network and computing resources, reputation ratings, etc.) Greenstamps are like frequent-flyer miles, you accumulate them with heavy patronage of some service. But greenstamps can be used to purchase a wide variety of services, not just more of the same service. Service providers and coupon vendor(s) work out arrangements for awarding and honoring greenstamps. Implemented with Chaum-style protocol to prevent forgery and assure privacy. * Digital cash: accumulating credits/debits for use of on-line services (including travel services, concert tickets, etc. purchased on-line), eventually paid for by some "real" currency: FRNs, yen, etc. Implemented with Chaum-style protocol to prevent forgery and assure privacy. * On-line markets: Internet video poker, election outcome markets, satellite track betting, etc. Investments[1] can be made & paid out by greenstamps, natch. On-line advertising. * Securely private BBS's * etc. [1] Hey, if Clinton can call government spending "investment" I can do the same for wagers on his reelection! Nick Szabo szabo at netcom.com From khijol!erc at apple.com Sun Aug 15 02:11:53 1993 From: khijol!erc at apple.com (Ed Carp) Date: Sun, 15 Aug 93 02:11:53 PDT Subject: Summary: Denning's report on SKIPJACK Message-ID: I hadn't seen this posted anywhere else, so I took the liberty of posting it here. Sorry if this creates unnecessary bandwidth, but flames can be sent to /dev/null. :) From: risks at CSL.SRI.COM (RISKS Forum) Newsgroups: comp.risks Subject: RISKS DIGEST 14.80 Message-ID: Date: 11 Aug 93 04:18:24 GMT Sender: daemon at ucbvax.BERKELEY.EDU Reply-To: risks at csl.sri.com Distribution: world Organization: The Internet Lines: 689 Approved: risks at csl.sri.com RISKS-LIST: RISKS-FORUM Digest Wednesday 11 August 1993 Volume 14 : Issue 80 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ---------------------------------------------------------------------- Date: Wed, 4 Aug 93 10:35:05 PDT From: forags at nature.berkeley.edu (Al Stangenberger) Subject: Article by Dorothy Denning on Clipper Chip The July-August issue of American Scientist (Amer. Scientist 81:319-323) has a column by Dorothy Denning describing the Clipper Encryption System. It is written from the Administration and law enforcement viewpoint and does not discuss the serious privacy issues which have been raised in RISKS. However, it does present a clear discussion of the system and might be useful in explaining the system to colleagues. Al Stangenberger Dept. of Env. Sci., Policy, & Mgt. forags at nature.berkeley.edu 145 Mulford Hall, Univ. of Calif. Berkeley CA 94720 ------------------------------ Date: Sun, 01 Aug 1993 21:16:56 -0400 (EDT) From: Dorothy Denning Subject: SKIPJACK Review SKIPJACK Review Interim Report The SKIPJACK Algorithm Ernest F. Brickell, Sandia National Laboratories Dorothy E. Denning, Georgetown University Stephen T. Kent, BBN Communications Corporation David P. Maher, AT&T Walter Tuchman, Amperif Corporation July 28, 1993 (copyright 1993) Executive Summary The objective of the SKIPJACK review was to provide a mechanism whereby persons outside the government could evaluate the strength of the classified encryption algorithm used in the escrowed encryption devices and publicly report their findings. Because SKIPJACK is but one component of a large, complex system, and because the security of communications encrypted with SKIPJACK depends on the security of the system as a whole, the review was extended to encompass other components of the system. The purpose of this Interim Report is to report on our evaluation of the SKIPJACK algorithm. A later Final Report will address the broader system issues. The results of our evaluation of the SKIPJACK algorithm are as follows: 1. Under an assumption that the cost of processing power is halved every eighteen months, it will be 36 years before the cost of breaking SKIPJACK by exhaustive search will be equal to the cost of breaking DES today. Thus, there is no significant risk that SKIPJACK will be broken by exhaustive search in the next 30-40 years. 2. There is no significant risk that SKIPJACK can be broken through a shortcut method of attack. 3. While the internal structure of SKIPJACK must be classified in order to protect law enforcement and national security objectives, the strength of SKIPJACK against a cryptanalytic attack does not depend on the secrecy of the algorithm. 1. Background On April 16, the President announced a new technology initiative aimed at providing a high level of security for sensitive, unclassified communications, while enabling lawfully authorized intercepts of telecommunications by law enforcement officials for criminal investigations. The initiative includes several components: A classified encryption/decryption algorithm called "SKIPJACK." Tamper-resistant cryptographic devices (e.g., electronic chips), each of which contains SKIPJACK, classified control software, a device identification number, a family key used by law enforcement, and a device unique key that unlocks the session key used to encrypt a particular communication. A secure facility for generating device unique keys and programming the devices with the classified algorithms, identifiers, and keys. Two escrow agents that each hold a component of every device unique key. When combined, those two components form the device unique key. A law enforcement access field (LEAF), which enables an authorized law enforcement official to recover the session key. The LEAF is created by a device at the start of an encrypted communication and contains the session key encrypted under the device unique key together with the device identifier, all encrypted under the family key. LEAF decoders that allow an authorized law enforcement official to extract the device identifier and encrypted session key from an intercepted LEAF. The identifier is then sent to the escrow agents, who return the components of the corresponding device unique key. Once obtained, the components are used to reconstruct the device unique key, which is then used to decrypt the session key. This report reviews the security provided by the first component, namely the SKIPJACK algorithm. The review was performed pursuant to the President's direction that "respected experts from outside the government will be offered access to the confidential details of the algorithm to assess its capabilities and publicly report their finding." The Acting Director of the National Institute of Standards and Technology (NIST) sent letters of invitation to potential reviewers. The authors of this report accepted that invitation. We attended an initial meeting at the Institute for Defense Analyses Supercomputing Research Center (SRC) from June 21-23. At that meeting, the designer of SKIPJACK provided a complete, detailed description of the algorithm, the rationale for each feature, and the history of the design. The head of the NSA evaluation team described the evaluation process and its results. Other NSA staff briefed us on the LEAF structure and protocols for use, generation of device keys, protection of the devices against reverse engineering, and NSA's history in the design and evaluation of encryption methods contained in SKIPJACK. Additional NSA and NIST staff were present at the meeting to answer our questions and provide assistance. All staff members were forthcoming in providing us with requested information. At the June meeting, we agreed to integrate our individual evaluations into this joint report. We also agreed to reconvene at SRC from July 19-21 for further discussions and to complete a draft of the report. In the interim, we undertook independent tasks according to our individual interests and availability. Ernest Brickell specified a suite of tests for evaluating SKIPJACK. Dorothy Denning worked at NSA on the refinement and execution of these and other tests that took into account suggestions solicited from Professor Martin Hellman at Stanford University. NSA staff assisted with the programming and execution of these tests. Denning also analyzed the structure of SKIPJACK and its susceptibility to differential cryptanalysis. Stephen Kent visited NSA to explore in more detail how SKIPJACK compared with NSA encryption algorithms that he already knew and that were used to protect classified data. David Maher developed a risk assessment approach while continuing his ongoing work on the use of the encryption chip in the AT&T Telephone Security Device. Walter Tuchman investigated the anti-reverse engineering properties of the chips. We investigated more than just SKIPJACK because the security of communications encrypted with the escrowed encryption technology depends on the security provided by all the components of the initiative, including protection of the keys stored on the devices, protection of the key components stored with the escrow agents, the security provided by the LEAF and LEAF decoder, protection of keys after they have been transmitted to law enforcement under court order, and the resistance of the devices to reverse engineering. In addition, the success of the technology initiative depends on factors besides security, for example, performance of the chips. Because some components of the escrowed encryption system, particularly the key escrow system, are still under design, we decided to issue this Interim Report on the security of the SKIPJACK algorithm and to defer our Final Report until we could complete our evaluation of the system as a whole. 2. Overview of the SKIPJACK Algorithm SKIPJACK is a 64-bit "electronic codebook" algorithm that transforms a 64-bit input block into a 64-bit output block. The transformation is parameterized by an 80-bit key, and involves performing 32 steps or iterations of a complex, nonlinear function. The algorithm can be used in any one of the four operating modes defined in FIPS 81 for use with the Data Encryption Standard (DES). The SKIPJACK algorithm was developed by NSA and is classified SECRET. It is representative of a family of encryption algorithms developed in 1980 as part of the NSA suite of "Type I" algorithms, suitable for protecting all levels of classified data. The specific algorithm, SKIPJACK, is intended to be used with sensitive but unclassified information. The strength of any encryption algorithm depends on its ability to withstand an attack aimed at determining either the key or the unencrypted ("plaintext") communications. There are basically two types of attack, brute-force and shortcut. 3. Susceptibility to Brute Force Attack by Exhaustive Search In a brute-force attack (also called "exhaustive search"), the adversary essentially tries all possible keys until one is found that decrypts the intercepted communications into a known or meaningful plaintext message. The resources required to perform an exhaustive search depend on the length of the keys, since the number of possible keys is directly related to key length. In particular, a key of length N bits has 2^N possibilities. SKIPJACK uses 80-bit keys, which means there are 2^80 (approximately 10^24) or more than 1 trillion trillion possible keys. An implementation of SKIPJACK optimized for a single processor on the 8-processor Cray YMP performs about 89,000 encryptions per second. At that rate, it would take more than 400 billion years to try all keys. Assuming the use of all 8 processors and aggressive vectorization, the time would be reduced to about a billion years. A more speculative attack using a future, hypothetical, massively parallel machine with 100,000 RISC processors, each of which was capable of 100,000 encryptions per second, would still take about 4 million years. The cost of such a machine might be on the order of $50 million. In an even more speculative attack, a special purpose machine might be built using 1.2 billion $1 chips with a 1 GHz clock. If the algorithm could be pipelined so that one encryption step were performed per clock cycle, then the $1.2 billion machine could exhaust the key space in 1 year. Another way of looking at the problem is by comparing a brute force attack on SKIPJACK with one on DES, which uses 56-bit keys. Given that no one has demonstrated a capability for breaking DES, DES offers a reasonable benchmark. Since SKIPJACK keys are 24 bits longer than DES keys, there are 2^24 times more possibilities. Assuming that the cost of processing power is halved every eighteen months, then it will not be for another 24 * 1.5 = 36 years before the cost of breaking SKIPJACK is equal to the cost of breaking DES today. Given the lack of demonstrated capability for breaking DES, and the expectation that the situation will continue for at least several more years, one can reasonably expect that SKIPJACK will not be broken within the next 30-40 years. Conclusion 1: Under an assumption that the cost of processing power is halved every eighteen months, it will be 36 years before the cost of breaking SKIPJACK by exhaustive search will be equal to the cost of breaking DES today. Thus, there is no significant risk that SKIPJACK will be broken by exhaustive search in the next 30-40 years. 4. Susceptibility to Shortcut Attacks In a shortcut attack, the adversary exploits some property of the encryption algorithm that enables the key or plaintext to be determined in much less time than by exhaustive search. For example, the RSA public-key encryption method is attacked by factoring a public value that is the product of two secret primes into its primes. Most shortcut attacks use probabilistic or statistical methods that exploit a structural weakness, unintentional or intentional (i.e., a "trapdoor"), in the encryption algorithm. In order to determine whether such attacks are possible, it is necessary to thoroughly examine the structure of the algorithm and its statistical properties. In the time available for this review, it was not feasible to conduct an evaluation on the scale that NSA has conducted or that has been conducted on the DES. Such review would require many man-years of effort over a considerable time interval. Instead, we concentrated on reviewing NSA's design and evaluation process. In addition, we conducted several of our own tests. 4.1 NSA's Design and Evaluation Process SKIPJACK was designed using building blocks and techniques that date back more than forty years. Many of the techniques are related to work that was evaluated by some of the world's most accomplished and famous experts in combinatorics and abstract algebra. SKIPJACK's more immediate heritage dates to around 1980, and its initial design to 1987. SKIPJACK was designed to be evaluatable, and the design and evaluation approach was the same used with algorithms that protect the country's most sensitive classified information. The specific structures included in SKIPJACK have a long evaluation history, and the cryptographic properties of those structures had many prior years of intense study before the formal process began in 1987. Thus, an arsenal of tools and data was available. This arsenal was used by dozens of adversarial evaluators whose job was to break SKIPJACK. Many spent at least a full year working on the algorithm. Besides highly experienced evaluators, SKIPJACK was subjected to cryptanalysis by less experienced evaluators who were untainted by past approaches. All known methods of attacks were explored, including differential cryptanalysis. The goal was a design that did not allow a shortcut attack. The design underwent a sequence of iterations based on feedback from the evaluation process. These iterations eliminated properties which, even though they might not allow successful attack, were related to properties that could be indicative of vulnerabilities. The head of the NSA evaluation team confidently concluded "I believe that SKIPJACK can only be broken by brute force; there is no better way." In summary, SKIPJACK is based on some of NSA's best technology. Considerable care went into its design and evaluation in accordance with the care given to algorithms that protect classified data. 4.2 Independent Analysis and Testing Our own analysis and testing increased our confidence in the strength of SKIPJACK and its resistance to attack. 4.2.1 Randomness and Correlation Tests A strong encryption algorithm will behave like a random function of the key and plaintext so that it is impossible to determine any of the key bits or plaintext bits from the ciphertext bits (except by exhaustive search). We ran two sets of tests aimed at determining whether SKIPJACK is a good pseudo random number generator. These tests were run on a Cray YMP at NSA. The results showed that SKIPJACK behaves like a random function and that ciphertext bits are not correlated with either key bits or plaintext bits. Appendix A gives more details. 4.2.2 Differential Cryptanalysis Differential cryptanalysis is a powerful method of attack that exploits structural properties in an encryption algorithm. The method involves analyzing the structure of the algorithm in order to determine the effect of particular differences in plaintext pairs on the differences of their corresponding ciphertext pairs, where the differences are represented by the exclusive-or of the pair. If it is possible to exploit these differential effects in order to determine a key in less time than with exhaustive search, an encryption algorithm is said to be susceptible to differential cryptanalysis. However, an actual attack using differential cryptanalysis may require substantially more chosen plaintext than can be practically acquired. We examined the internal structure of SKIPJACK to determine its susceptibility to differential cryptanalysis. We concluded it was not possible to perform an attack based on differential cryptanalysis in less time than with exhaustive search. 4.2.3 Weak Key Test Some algorithms have "weak keys" that might permit a shortcut solution. DES has a few weak keys, which follow from a pattern of symmetry in the algorithm. We saw no pattern of symmetry in the SKIPJACK algorithm which could lead to weak keys. We also experimentally tested the all "0" key (all 80 bits are "0") and the all "1" key to see if they were weak and found they were not. 4.2.4 Symmetry Under Complementation Test The DES satisfies the property that for a given plaintext-ciphertext pair and associated key, encryption of the one's complement of the plaintext with the one's complement of the key yields the one's complement of the ciphertext. This "complementation property" shortens an attack by exhaustive search by a factor of two since half the keys can be tested by computing complements in lieu of performing a more costly encryption. We tested SKIPJACK for this property and found that it did not hold. 4.2.5 Comparison with Classified Algorithms We compared the structure of SKIPJACK to that of NSA Type I algorithms used in current and near-future devices designed to protect classified data. This analysis was conducted with the close assistance of the cryptographer who developed SKIPJACK and included an in-depth discussion of design rationale for all of the algorithms involved. Based on this comparative, structural analysis of SKIPJACK against these other algorithms, and a detailed discussion of the similarities and differences between these algorithms, our confidence in the basic soundness of SKIPJACK was further increased. Conclusion 2: There is no significant risk that SKIPJACK can be broken through a shortcut method of attack. 5. Secrecy of the Algorithm The SKIPJACK algorithm is sensitive for several reasons. Disclosure of the algorithm would permit the construction of devices that fail to properly implement the LEAF, while still interoperating with legitimate SKIPJACK devices. Such devices would provide high quality cryptographic security without preserving the law enforcement access capability that distinguishes this cryptographic initiative. Additionally, the SKIPJACK algorithm is classified SECRET NOT RELEASABLE TO FOREIGN NATIONALS. This classification reflects the high quality of the algorithm, i.e., it incorporates design techniques that are representative of algorithms used to protect classified information. Disclosure of the algorithm would permit analysis that could result in discovery of these classified design techniques, and this would be detrimental to national security. However, while full exposure of the internal details of SKIPJACK would jeopardize law enforcement and national security objectives, it would not jeopardize the security of encrypted communications. This is because a shortcut attack is not feasible even with full knowledge of the algorithm. Indeed, our analysis of the susceptibility of SKIPJACK to a brute force or shortcut attack was based on the assumption that the algorithm was known. Conclusion 3: While the internal structure of SKIPJACK must be classified in order to protect law enforcement and national security objectives, the strength of SKIPJACK against a cryptanalytic attack does not depend on the secrecy of the algorithm. [The appendix in LaTeX form is available from Dorothy. PGN] -- Ed Carp, N7EKG erc at apple.com 510/659-9560 anon-2133 at twwells.com If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From anton at hydra.unm.edu Sun Aug 15 03:46:51 1993 From: anton at hydra.unm.edu (Stanton McCandlish) Date: Sun, 15 Aug 93 03:46:51 PDT Subject: e-voting Message-ID: <9308151045.AA23060@hydra.unm.edu> You know, the first thing that comes to mind when I hear all these slams against the idea of electronic democracy is that the tone and content of the objections are all but identical to those opposing any new tech, most notably the prospect of nanotechnology. I mean, give me a break. Of course the idea is dangerous. But movement at least somewhat in that direction is totally inevitable. Only by recognizing that it, or something like it, will occur, and planning for it, will head off the possible abuses. I personally think it highly unlikely that the whole govt would just roll over and die, but in time people will outright DEMAND more control over the govt. It IS coming whether any of you like it or not. If you doubt this, ask yourself why FOIA appeared. The govt certainly didn't come up with that idea. Nor did they come up with and promote the idea of govt. info available via computer and networking tech to the general populace. Nor FIJA. -- Stanton McCandlish * Space Migration * Networking * ChaOrder * NO GOV'T. * anton at hydra.unm.edu * Intelligence Increase * Nano * Crypto * NO RELIGION * FidoNet: 1:301/2 * Life Extension * Ethics * VR * Now! * NO MORE LIES! * Noise in the Void BBS * +1-505-246-8515 (24hr, 1200-14400, v32bis, N-8-1) * From R.Tait at bnr.co.uk Sun Aug 15 05:56:53 1993 From: R.Tait at bnr.co.uk (R.Tait at bnr.co.uk) Date: Sun, 15 Aug 93 05:56:53 PDT Subject: Which remailers are up & working? Message-ID: <199308151253.23965@bnsgs200.bnr.co.uk> Does anyone have an up to date of the anonymous remailers which are up and running? I used the Entropy and Hal's the other day, and on both cases I got bounced mail back. What gives? -Rick From hfinney at shell.portal.com Sun Aug 15 11:21:56 1993 From: hfinney at shell.portal.com (Hal Finney) Date: Sun, 15 Aug 93 11:21:56 PDT Subject: Electronic Democracy Message-ID: <9308151736.AA29973@jobe.shell.portal.com> The one comment I'd make on the wolves vs sheep analogy is this. In the real world, there *are* wolves and sheep. Violence and coercion are part of life. Democracy, in a sense, recognizes the power implicit in large numbers of people. If they can't vote, they may revolt. No libertarian government will survive without the acceptance of the masses. A populace willing to countenance a Libertarian society would perhaps be wise enough to be entrusted with democracy, anyway. Hal Finney hfinney at shell.portal.com From hfinney at shell.portal.com Sun Aug 15 11:22:00 1993 From: hfinney at shell.portal.com (Hal Finney) Date: Sun, 15 Aug 93 11:22:00 PDT Subject: Which remailers are up & working? Message-ID: <9308151752.AA00444@jobe.shell.portal.com> I just updated the version of PGP on my remailers at Caltech and Portal to use version 2.3a. It turns out that, starting with version 2.3, PGP by default creates messages that are not readable by versions before 2.2. 2.2 can read the 2.3 messages, but 2.0 and 2.1 cannot. I was running 2.1 so I wasn't able to process messages created with 2.3. If anyone else is running PGP versions before 2.2 on their remailers they should upgrade them. I just did a non-encrypted ping test to a list of remailers, and heard back from the following remailers within 2 minutes: From hfinney at shell.portal.com Sun Aug 15 11:22:01 1993 From: hfinney at shell.portal.com (Hal Finney) Date: Sun, 15 Aug 93 11:22:01 PDT Subject: Cypherpunk trends & visions Message-ID: <9308151808.AA00769@jobe.shell.portal.com> I have a shorter-term focus than Nick's proposals for digital coupons and cash. Here's what would be on my cypherpunks wish list: Improved remailers: The ability to handle reply messages; the ability to register pseudonyms of the user's choice, which get mapped to a user-supplied encrypted remailing block (this is Eric Hughes' model); true Chaumian "mix" functionality, with message batching so that in-to-out mapping is lost, including message padding so all messages are the same size. Remailer standards: An ad hoc assertion of standard remailer commands which all our different implementations will support. We could have a SIG just to discuss this. I don't think it would take long. Remailer proliferation: Build remailer software into some widely used mail packages like elm, metamail (which provides MIME support), emacs, etc. Digital cash: We badly need some implementation to start playing with; some net-based game which uses the digital cash. Digital postage stamps for the remailers. DH: I'd like to see more DH-based comm software so I can log in from home to my work or school computer and have an encrypted link. I know we have a version for the Amiga; I'd like to see it for PC. I'd also like to see an email program which used DH so that there would be no danger of coerced key exposure. Cryptophones: PC/Soundblaster or Mac based encrypted comm software using 14.4 Kbaud modems. This is a fairly daunting list, of course, but perhaps we should re-orient ourselves to be a working group more than a debating group. Split off sub-groups, get people to volunteer for each one, put one person in charge, have him make weekly or monthly reports to the main group. Hal Finney hfinney at shell.portal.com From jet at netcom.com Sun Aug 15 12:06:56 1993 From: jet at netcom.com (J. Eric Townsend) Date: Sun, 15 Aug 93 12:06:56 PDT Subject: Beepers can also be used to track you down! In-Reply-To: <9308142338.AA05358@ishara.poly.edu> Message-ID: <9308151905.AA18939@netcom2.netcom.com> A1 ray arachelian (library) writes: > However, I did notice one message from an individual who mentioned that > in Britain, some sort of scanners were used to track down unlicensed TV's That's merely a matter of passively picking up the frequencies put off by a tv tube. Drive down a street with a receiver/display and a list of who paid their tv tax. That simple. (My dad used that sort of gear when he was a spook in the bay area in the early 70s.) From jsc at monolith.MIT.EDU Sun Aug 15 14:06:58 1993 From: jsc at monolith.MIT.EDU (Jin S Choi) Date: Sun, 15 Aug 93 14:06:58 PDT Subject: elisp for PGP encryption and remailing Message-ID: <9308152104.AA19194@monolith.MIT.EDU> I submitted my mailcrypt package to the elisp archive a few days ago, but it doesn't seem to have been put up yet, and people have been asking me for it, so I'll put it up here. As a bonus, I've hacked up a little function which lets you easily set up a mail message for encrypted, chained remailing through any number of cypherpunk remailers. I hope someone finds this useful. Comments and suggestions appreciated. -----------------------cut here---------------------------------- #! /bin/sh # This is a shell archive, meaning: # 1. Remove everything above the #! /bin/sh line. # 2. Save the resulting text in a file. # 3. Execute the file with /bin/sh (not csh) to create the files: # mailcrypt.el # remail.el # This archive created: Sun Aug 15 17:02:07 1993 export PATH; PATH=/bin:$PATH if test -f 'mailcrypt.el' then echo shar: will not over-write existing file "'mailcrypt.el'" else cat << \SHAR_EOF > 'mailcrypt.el' ;; mailcrypt.el v1.2, mail encryption with RIPEM and PGP ;; Copyright (C) 1993 Jin Choi ;; Any comments or suggestions welcome. ;; Inspired by pgp.el, by Gray Watson . ;; LCD Archive Entry: ;; mailcrypt|Jin S Choi|jsc at mit.edu| ;; Encryption/decryption for mail using RIPEM or PGP. Supports RMAIL and VM.| ;; 15-Aug-93|Version 1.2| *archive path* | ;;{{{ Licensing ;; This file is intended to be used with GNU Emacs. ;; This program is free software; you can redistribute it and/or modify ;; it under the terms of the GNU General Public License as published by ;; the Free Software Foundation; either version 2, or (at your option) ;; any later version. ;; This program is distributed in the hope that it will be useful, ;; but WITHOUT ANY WARRANTY; without even the implied warranty of ;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;; GNU General Public License for more details. ;; You should have received a copy of the GNU General Public License ;; along with GNU Emacs; see the file COPYING. If not, write to ;; the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA. ;;}}} ;;{{{ Change Log ;;{{{ Changes from 1.1: ;; * Added recipients field to mc-encrypt-message. ;;}}} ;;{{{ Changes from 1.0: ;; * Fixed batchmode bug in decryption, where unsigned messages would return ;; with exit code of 1. ;;}}} ;;{{{ Changes from 0.3b: ;; * Only set PGPPASSFD when needed, so PGP won't break when used ;; in shell mode. ;; * Use call-process-region instead of shell-command-on-region in order ;; to detect exit codes. ;; * Changed mc-temp-display to not use the kill ring. ;; * Bug fixes. ;;}}} ;;{{{ Changes from 0.2b: ;; * Prompts for replacement in mc-rmail-decrypt-message. ;; * Bug fixes. ;;}}} ;;{{{ Changes from 0.1b: ;; * Several bug fixes. ;; Contributed by Jason Merrill : ;; * VM mailreader support ;; * Support for addresses with spaces and <>'s in them ;; * Support for using an explicit path for the pgp executable ;; * Key management functions ;; * The ability to avoid some of the prompts when encrypting ;; * Assumes mc-default-scheme unless prefixed ;;}}} ;;}}} ;;{{{ Usage: ;;{{{ Installation: ;; To use, put the following elisp into your .emacs file. ;; You may want to set some of the user variables there as well, ;; particularly mc-default-scheme. ;;(autoload 'mc-encrypt-message "mailcrypt" nil t) ;;(autoload 'mc-sign-message "mailcrypt" nil t) ;;(autoload 'mc-insert-public-key "mailcrypt" nil t) ;;(add-hook 'mail-mode-hook ;; '(lambda () ;; (require 'mailcrypt) ;; (define-key mail-mode-map "\C-ce" 'mc-encrypt-message) ;; (define-key mail-mode-map "\C-cs" 'mc-sign-message) ;; (define-key mail-mode-map "\C-ca" 'mc-insert-public-key))) ;;(autoload 'mc-rmail-decrypt-message "mailcrypt" nil t) ;;(autoload 'mc-rmail-verify-signature "mailcrypt" nil t) ;;(autoload 'mc-snarf-keys "mailcrypt" nil t) ;;(add-hook 'rmail-mode-hook ;; '(lambda () ;; (require 'mailcrypt) ;; (define-key rmail-mode-map "\C-cd" 'mc-rmail-decrypt-message) ;; (define-key rmail-mode-map "\C-cv" 'mc-rmail-verify-signature) ;; (define-key rmail-mode-map "\C-cs" 'mc-snarf-keys))) ;;(autoload 'mc-vm-decrypt-message "mailcrypt" nil t) ;;(autoload 'mc-vm-verify-signature "mailcrypt" nil t) ;;(add-hook 'vm-mode-hooks ;; '(lambda () ;; (require 'mailcrypt) ;; (define-key vm-mode-map "\C-cd" 'mc-vm-decrypt-message) ;; (define-key vm-mode-map "\C-cv" 'mc-vm-verify-signature) ;; (define-key vm-mode-map "\C-cs" 'mc-snarf-keys))) ;;}}} ;;{{{ Security Considerations ;; I've tried to write this with security in mind, especially in ;; regard to the passphrase used to encrypt the private key. ;; No passphrase is ever passed by command line or environment ;; variable. The passphrase may be temporarily stored into an elisp ;; variable to allow multiple encryptions/decryptions within a short ;; period of time without having to type it in each time. It will ;; deactivate automatically some time after its last use (default one ;; minute; see `mc-passwd-timeout') if you are running emacs 19. This ;; is to prevent someone from walking up to your computer while you're ;; gone and looking up your passphrase. If you are using an older ;; version of emacs, you can either set mc-passwd-timeout to nil, ;; which disables passphrase cacheing, or manually deactivate your ;; passphrase when you are done with it by typing `M-x mc-deactivate-passwd'. ;; The passphrase may still be visible shortly after entry as lossage ;; (the last 100 characters entered can be displayed by typing ;; `C-h l'). I've taken no steps to deal with this, as I don't think ;; anything *can* be done. If you are the paranoid type, make sure you ;; type at least a hundred keys after entering your passphrase before ;; you leave your emacs unattended. ;; If you are truly security conscious, you should, of course, never ;; leave your computer unattended while you're logged in.... ;;}}} ;;{{{ CAVEAT: ;; This code breaks if you have "Verbose=0" in your config.txt for PGP. ;; Thanks to Ciamac Moallemi (ciamac at hplms2.hpl.hp.com) for pointing this out. ;; This was written under emacs v19. Its behavior under older versions ;; of emacs is untested. If something breaks under emacs 18, please ;; feel free to fix it and send me patches. ;;}}} ;;{{{ Note: ;; The funny triple braces you see are used by `folding-mode', a minor ;; mode by Jamie Lokier, available from the elisp archive. ;;}}} ;;}}} (require 'comint) (require 'mail-utils) ;;{{{ User variables. (defvar mc-default-scheme 'pgp "*Default encryption scheme to use.") (defvar mc-passwd-timeout "1 min" "*Time to deactivate password in after a use, or nil for immediately.") (defvar mc-pgp-user-id (user-login-name) "*Your PGP user ID.") (defvar mc-ripem-user-id (or (getenv "RIPEM_USER_NAME") (user-full-name) "*Your RIPEM user ID.")) (defvar mc-pgp-always-sign nil "*Always sign encrypted PGP messages.") (defvar mc-always-replace nil "*Decrypt messages in place without prompting.") (defvar mc-use-default-recipients nil "*Assume that the message should be encoded for everyone listed in the To: and Cc: fields.") (defvar mc-encrypt-for-me nil "*Encrypt all outgoing messages with user's public key.") ;;}}} ;;{{{ Program variables and constants. (defvar mc-timer nil "Timer object for password deactivation.") (defvar mc-pgp-passwd nil "Your PGP passphrase.") (defvar mc-ripem-passwd nil "Your RIPEM passphrase.") (defvar mc-pgp-path "pgp" "*The PGP executable.") (defvar mc-ripem-path "ripem" "*The RIPEM executable.") (defvar mc-ripem-pubkeyfile (getenv "RIPEM_PUBLIC_KEY_FILE") "*Location of RIPEM public key file.") (defconst mc-pgp-msg-begin-line "-----BEGIN PGP MESSAGE-----" "Text for start of PGP message delimiter.") (defconst mc-pgp-msg-end-line "-----END PGP MESSAGE-----" "Text for end of PGP message delimiter.") (defconst mc-pgp-signed-begin-line "-----BEGIN PGP SIGNED MESSAGE-----" "Text for start of PGP signed messages.") (defconst mc-pgp-signed-end-line "-----END PGP SIGNATURE-----" "Text for end of PGP signed messages.") (defconst mc-pgp-key-begin-line "-----BEGIN PGP PUBLIC KEY BLOCK-----" "Text for start of PGP public key.") (defconst mc-pgp-key-end-line "-----END PGP PUBLIC KEY BLOCK-----" "Text for end of PGP public key.") (defconst mc-ripem-key-begin-line "-----BEGIN PUBLIC KEY-----" "Text for start of RIPEM public key.") (defconst mc-ripem-key-end-line "-----END PUBLIC KEY-----" "Text for end of RIPEM public key.") (defconst mc-ripem-msg-begin-line "-----BEGIN PRIVACY-ENHANCED MESSAGE-----" "Text for start of RIPEM message delimiter.") (defconst mc-ripem-msg-end-line "-----END PRIVACY-ENHANCED MESSAGE-----" "Text for end of RIPEM message delimiter.") ;;}}} ;;{{{ Utility functions. (defun mc-split (regexp str) "Splits STR into a list of elements which were separated by REGEXP, stripping initial and trailing whitespace." (let ((data (match-data)) beg end retval) (string-match "[ \t\n]*" str) ; Will always match at 0 (setq beg (match-end 0)) ;; This will break if there are newlines in str XXX (setq end (string-match "[ \t\n]*$" str)) (while (string-match regexp str beg) (setq retval (append retval (list (substring str beg (match-beginning 0))))) (setq beg (match-end 0))) (if (not (= (length str) beg)) ; Not end (setq retval (append retval (list (substring str beg end))))) (store-match-data data) retval)) (defun mc-temp-display (beg end &optional name) (let (tmp) (if (not name) (setq name "*Mailcrypt Temp*")) (setq tmp (buffer-substring beg end)) (delete-region beg end) (save-excursion (set-buffer (generate-new-buffer name)) (insert tmp) (goto-char (point-min)) (save-window-excursion (shrink-window-if-larger-than-buffer (display-buffer (current-buffer))) (message "Press any key to remove the %s window." name) (read-char) (kill-buffer (current-buffer)))))) ;;}}} ;;{{{ Passphrase management (defun mc-activate-passwd (scheme) (if (fboundp 'run-at-time) (progn (if mc-timer (cancel-timer mc-timer)) (setq mc-timer (if mc-passwd-timeout (run-at-time mc-passwd-timeout nil 'mc-deactivate-passwd) nil)))) (cond ((eq scheme 'pgp) (if (not mc-pgp-passwd) (setq mc-pgp-passwd (comint-read-noecho "PGP Password: ")))) ((eq scheme 'ripem) (if (not mc-ripem-passwd) (setq mc-ripem-passwd (comint-read-noecho "RIPEM Password: ")))) (t (error "Encryption scheme %s not recognized" scheme)))) (defun mc-deactivate-passwd () "*Deactivates both PGP and RIPEM passwords." (interactive) (and mc-timer (fboundp 'cancel-timer) (cancel-timer mc-timer)) (setq mc-pgp-passwd nil mc-ripem-passwd nil) (message "password deactivated")) ;;}}} ;;{{{ Encryption (defun mc-encrypt-message (&optional recipients scheme) "*Encrypt the message to RECIPIENTS using the given encryption SCHEME. If SCHEME is nil, use the value of `mc-default-scheme'." (interactive (if current-prefix-arg (list nil (read-from-minibuffer "Encryption Scheme: " nil nil t)))) (let (args start signed-p retval) (or scheme (setq scheme mc-default-scheme)) (setq recipients (cond (recipients ; given as function argument recipients) (mc-use-default-recipients (concat (mail-fetch-field "to" nil t) ", " (mail-fetch-field "cc" nil t))) (t ; prompt for it (read-from-minibuffer "Recipients: " (concat (mail-fetch-field "to" nil t) ", " (mail-fetch-field "cc" nil t)))))) (setq recipients (mc-split "\\([ \t\n]*,[ \t\n]*\\)+" recipients)) (or recipients (error "No recipients!")) (cond ((eq scheme 'pgp) (and mc-encrypt-for-me (setq recipients (cons mc-pgp-user-id recipients))) (setq args (list "+batchmode" "-feat")) (if (or mc-pgp-always-sign (y-or-n-p "Sign the message? ")) (setq signed-p t args (append args (list "-su" mc-pgp-user-id)))) (setq args (append args recipients)) (goto-char (point-min)) (search-forward (concat "\n" mail-header-separator "\n")) (setq start (point)) (let ((process-environment process-environment)) ;; Don't need to ask for the passphrase if not signing. (if signed-p (progn (mc-activate-passwd 'pgp) (insert mc-pgp-passwd "\n") (setq process-environment (cons "PGPPASSFD=0" process-environment)))) (message "Encrypting...") ;; Use call-process-region rather than shell-command-on-region ;; to get the exit code. (setq retval (apply 'call-process-region (append (list start (point-max) mc-pgp-path t t nil) args))) (or mc-passwd-timeout (mc-deactivate-passwd)) (if (= retval 0) (progn (goto-char start) (search-forward mc-pgp-msg-begin-line) (search-backward mc-pgp-msg-begin-line) (mc-temp-display start (point) "*Encryption*")) (error "Error while encrypting. Hit C-x u to undo.")))) ((eq scheme 'ripem) (and mc-encrypt-for-me (setq recipients (cons mc-ripem-user-id recipients))) ;; Anyone know any better way to do the following? (setq args (append (list "-e" "-m" "encrypted" "-T" "a" "-k" "-") (apply 'append (mapcar (lambda (x) (list "-r" x)) recipients)))) (goto-char (point-min)) (search-forward (concat "\n" mail-header-separator "\n")) (setq start (point)) (mc-activate-passwd 'ripem) (insert mc-ripem-passwd "\n") (message "Encrypting...") (setq retval (apply 'call-process-region (append (list start (point-max) mc-ripem-path t t nil) args))) (or mc-passwd-timeout (mc-deactivate-passwd)) (if (/= retval 0) (error "Error while encrypting. Hit C-x u to undo."))) (t (error "Encryption scheme %s not recognized" scheme))))) ;;}}} ;;{{{ Decryption (defun mc-decrypt-message () "*Decrypt whatever message is in the current buffer. Return t on success." (interactive) (let (start msg retval) (goto-char (point-min)) (cond ((search-forward mc-pgp-msg-begin-line nil t) (search-backward mc-pgp-msg-begin-line) (setq start (point)) (mc-activate-passwd 'pgp) (or buffer-read-only (insert mc-pgp-passwd "\n")) (re-search-forward (concat "^" mc-pgp-msg-end-line)) (cond (buffer-read-only (setq msg (buffer-substring start (point))) (pop-to-buffer (get-buffer-create "*Decrypted Message*")) (erase-buffer) (insert mc-pgp-passwd "\n" msg) (setq start (point-min)))) (let ((process-environment (cons "PGPPASSFD=0" process-environment))) (message "Decrypting...") (setq retval (call-process-region start (point) mc-pgp-path t t nil "-f")) (or mc-passwd-timeout (mc-deactivate-passwd)) (if (= retval 0) (prog1 t (goto-char start) (or (re-search-forward "^Signature made.*\n" nil t) (search-forward "Just a moment......")) (mc-temp-display start (point) "*Decryption*")) (mc-temp-display start (point) "*ERROR*") nil))) ((search-forward mc-ripem-msg-begin-line nil t) (search-backward mc-ripem-msg-begin-line) (setq start (point)) (mc-activate-passwd 'ripem) (insert mc-ripem-passwd "\n") (re-search-forward (concat "^" mc-ripem-msg-end-line)) (message "Decrypting...") (setq retval (call-process-region start (point) mc-ripem-path t t nil "-d" "-k" "-")) (or mc-passwd-timeout (mc-deactivate-passwd)) (if (= retval 0) t (mc-temp-display start (point) "*ERROR*") nil)) (t (message "Found no encrypted message in this buffer.") nil)))) (defun mc-rmail-decrypt-message () "*Decrypt the contents of this message" (interactive) (if (not (equal mode-name "RMAIL")) (error "mc-rmail-decrypt-message called in a non-RMAIL buffer")) (rmail-edit-current-message) (cond ((not (mc-decrypt-message)) (rmail-abort-edit)) ((or mc-always-replace (y-or-n-p "Replace encrypted message with decrypted? ")) (rmail-cease-edit) (rmail-kill-label "edited") (rmail-add-label "decrypted")) (t (rmail-abort-edit)))) (defun mc-vm-decrypt-message () "*Decrypt the contents of the current VM message" (interactive) (if (interactive-p) (vm-follow-summary-cursor)) (vm-select-folder-buffer) (vm-check-for-killed-summary) (vm-error-if-folder-read-only) (vm-error-if-folder-empty) (vm-edit-message) (cond ((not (mc-decrypt-message)) (progn (message "Decryption failed.") (vm-edit-message-abort))) ((or mc-always-replace (y-or-n-p "Replace encrypted message with decrypted? ")) (vm-edit-message-end)) (t (vm-edit-message-abort)))) ;;}}} ;;{{{ Signing (defun mc-sign-message (&optional scheme) "*Clear sign the message using the given encryption SCHEME." (interactive (if current-prefix-arg (list (read-from-minibuffer "Encryption Scheme: " nil nil t)))) (or scheme (setq scheme mc-default-scheme)) (let (start retval) (cond ((eq scheme 'pgp) (goto-char (point-min)) (search-forward (concat "\n" mail-header-separator "\n")) (setq start (point)) (mc-activate-passwd 'pgp) (insert mc-pgp-passwd "\n") (let ((process-environment (cons "PGPPASSFD=0" process-environment))) (setq retval (call-process-region start (point-max) mc-pgp-path t t nil "-fast" "+clearsig=on" "+batchmode" "-u" mc-pgp-user-id))) (or mc-passwd-timeout (mc-deactivate-passwd)) (cond ((= 0 retval) (goto-char start) (search-forward "\nJust a moment....") (mc-temp-display start (point))) (t (error "PGP signing failed. Use C-x u to undo.")))) ((eq scheme 'ripem) (setq command (concat mc-ripem-path " -e -m mic-clear -k -")) (goto-char (point-min)) (search-forward (concat "\n" mail-header-separator "\n")) (setq start (point)) (mc-activate-passwd 'ripem) (insert mc-ripem-passwd "\n") (setq retval (call-process-region start (point-max) mc-ripem-path t t nil "-e" "-m" "mic-clear" "-k" "-")) (or mc-passwd-timeout (mc-deactivate-passwd)) (if (/= 0 retval) (error "RIPEM signing failed. Use C-x u to undo."))) (t (error "Encryption scheme %s not recognized" scheme))))) ;;}}} ;;{{{ Signature verification ;;{{{ mc-verify-signature (defun mc-verify-signature () "*Verify the signature of whatever signed message is in the current buffer, and give the result as a message in the minibuffer. Returns t if the signature is verified." (interactive) (let (start buf msg retval) (goto-char (point-min)) (cond ((re-search-forward (concat "^" mc-pgp-signed-begin-line) nil t) (beginning-of-line) (setq start (point)) (search-forward mc-pgp-signed-end-line) (setq msg (buffer-substring start (point))) (save-excursion (set-buffer (generate-new-buffer "*Verification*")) (insert msg) (setq retval (call-process-region (point-min) (point-max) mc-pgp-path t t nil "+batchmode" "-f")) (if (/= retval 0) (progn (mc-temp-display (point-min) (point-max) "*ERROR*") (kill-buffer (current-buffer)) nil) (goto-char (point-min)) (search-forward "Good signature") (beginning-of-line) (setq start (point)) (end-of-line) (message (buffer-substring start (point))) (kill-buffer (current-buffer)) t))) ((re-search-forward (concat "^" mc-ripem-msg-begin-line) nil t) (beginning-of-line) (setq start (point)) (search-forward mc-ripem-msg-end-line) (setq msg (buffer-substring start (point))) (save-excursion (set-buffer (generate-new-buffer "*Verification*")) (insert msg) (setq retval (call-process-region (point-min) (point-max) mc-ripem-path t t nil "-d")) ;; Theoretically, at this point retval should hold a 0 if ;; the signature was correct, and a 1 if it wasn't. In ;; practice, it holds whatever it feels like holding. I ;; believe this is a bug in call-process-region, but have ;; not been able to figure out why it works everywhere ;; else but not here. For now, I'm just going to display ;; the output. (mc-temp-display (point-min) (point-max)) (kill-buffer (current-buffer)))) ; (if (/= 0 retval) ; (progn (goto-char (point-min)) ; (message (buffer-substring (point) (progn ; (end-of-line) ; (point)))) ; (kill-buffer (current-buffer)) ; nil) ; (message "RIPEM signature verified") ; (kill-buffer (current-buffer)) ; t))) (t (error "No signed message found."))))) ;;}}} ;;{{{ mc-rmail-verify-signature (defun mc-rmail-verify-signature () "*Verify the signature in the current message." (interactive) (if (not (equal mode-name "RMAIL")) (error "mc-rmail-verify-signature called in a non-RMAIL buffer")) (if (mc-verify-signature) (rmail-add-label "verified"))) ;;}}} ;;{{{ mc-vm-verify-signature (defun mc-vm-verify-signature () "*Verify the signature in the current VM message" (interactive) (if (interactive-p) (vm-follow-summary-cursor)) (vm-select-folder-buffer) (vm-check-for-killed-summary) (vm-error-if-folder-empty) (mc-verify-signature)) ;;}}} ;;}}} ;;{{{ Key management ;;{{{ mc-insert-public-key (defun mc-insert-public-key (&optional scheme) "*Insert your public key at the end of the current buffer." (interactive (if current-prefix-arg (list (read-from-minibuffer "Encryption Scheme: " nil nil t)))) (or scheme (setq scheme mc-default-scheme)) (let (command start pubkey) (goto-char (point-max)) (if (not (bolp)) (insert "\n")) (cond ((eq scheme 'pgp) (setq command (concat mc-pgp-path " +batchmode -kxaf '" mc-pgp-user-id "'")) (setq start (point)) (shell-command command t) (goto-char start) (search-forward mc-pgp-key-begin-line) (beginning-of-line) (mc-temp-display start (point))) ((eq scheme 'ripem) (if (file-readable-p mc-ripem-pubkeyfile) (save-excursion (set-buffer (find-file-noselect mc-ripem-pubkeyfile)) (goto-char (point-min)) (if (search-forward mc-ripem-user-id nil t) (progn (search-backward mc-ripem-key-begin-line) (setq start (point)) (search-forward mc-ripem-key-end-line) (setq pubkey (buffer-substring start (point)))) (message "Couldn't find key for `%s' in file %s" mc-ripem-user-id mc-ripem-pubkeyfile)) (kill-buffer (current-buffer))) (error "Cannot read file %s for public key" mc-ripem-pubkeyfile)) (if pubkey (insert pubkey))) (t (error "Encryption scheme %s not recognized" scheme))))) ;;}}} ;;{{{ mc-snarf-keys (defun mc-snarf-keys () "*Add any public keys in the buffer to your keyring." (interactive) (let (start buf user exists) (goto-char (point-min)) (cond ((search-forward mc-pgp-key-begin-line nil t) (setq buf (generate-new-buffer " *Key Temp*")) (goto-char (match-beginning 0)) (call-process-region (point) (point-max) mc-pgp-path nil buf nil "+batchmode" "-kaf") (save-excursion (set-buffer buf) (mc-temp-display (point-min) (point-max) "*Key Management*")) (kill-buffer buf)) ((search-forward mc-ripem-key-begin-line nil t) (goto-char (match-beginning 0)) (setq start (point)) ;; Get the user ID of the key being added. (re-search-forward "^User:\s-*.*$" nil t) (setq user (buffer-substring (match-beginning 0) (match-end 0))) (search-forward mc-ripem-key-end-line) (if (file-writable-p mc-ripem-pubkeyfile) (progn (save-excursion (set-buffer (find-file-noselect mc-ripem-pubkeyfile)) (goto-char (point-min)) (if (search-forward user nil t) (setq exists t)) (kill-buffer (current-buffer))) (if (not exists) (append-to-file start (point) mc-ripem-pubkeyfile) (message "RIPEM public key for this user already exists."))) (error "Can't write to file %s" mc-ripem-pubkeyfile)))))) ;;}}} ;;}}} (provide 'mailcrypt) ;; Local Variables: ;; folded-file: t ;; End: SHAR_EOF fi # end of overwriting check if test -f 'remail.el' then echo shar: will not over-write existing file "'remail.el'" else cat << \SHAR_EOF > 'remail.el' ;; remail.el, by Jin S. Choi ;; Quick hack to allow easy use of cypherpunk remailers. ;; Requires mailcrypt v1.2 or higher. ;; Always encrypts. If you don't want to use encryption, it's simple ;; enough to set up by hand.... ;; Assumes that you have the public keys of the remailers you want to ;; use in your keyring already. (require 'mailcrypt) (defvar remailer-list (list "hfinney at shell.portal.com" "hal at alumni.caltech.edu") "*A list of remailers to mail through.") (defun remail-message () "*Munge the current message to go through the remailers listed in remailer-list and end up at the address listed in the To: field." (interactive) (goto-char (point-min)) (re-search-forward (concat "^" mail-header-separator)) (beginning-of-line) (narrow-to-region (point-min) (point)) (let ((recipients (mail-fetch-field "to" nil t)) (remailer-list remailer-list) from to) (delete-region (point-min) (point-max)) (goto-char (point-min)) (insert "To: " (car remailer-list) "\n") (setq remailer-list (reverse remailer-list)) (widen) (forward-line) (setq to recipients) (setq from (car remailer-list)) (while remailer-list (if to (insert "::\nRequest-Remailing-To: " to "\n\n")) (mc-encrypt-message from 'pgp) (save-excursion (insert "::\nEncrypted: PGP\n\n")) (setq remailer-list (cdr remailer-list)) (setq to from) (setq from (car remailer-list))))) SHAR_EOF fi # end of overwriting check # End of shell archive exit 0 From fergp at sytex.com Sun Aug 15 14:52:02 1993 From: fergp at sytex.com (Paul Ferguson) Date: Sun, 15 Aug 93 14:52:02 PDT Subject: Cellular tracing (Done all the time.) Message-ID: -----BEGIN PGP SIGNED MESSAGE----- A bit off-topic, but: Authorities in Fayetteville, North Carolina arrested two juveniles yesterday, in the death of James Jordan, father of basketball superstar Michael Jordan. Charles Kuralt, on CBS's "Sunday Morning," reported that authorities believe that Jordan was a victim of random violence. Authorities were able to locate the suspects because they allegedly used the cellular phone in Jordan's car before they dumped it. -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBLG5MEpRLcZSdHMBNAQGCWwP/SZOkRSDjmFopxngHzcREsqY68PTQHC4N Y5oxmbK7V+MK88MjRdzTizq2298qndu50a170J8NT/KFrNbVUkiOTNhxtu6V3+SU mH2nyTUWs4oapQyYjPGGYyRqQbkbR/Z+aDGc0zWwZ5cfHztbesEpgoUot19pLsxu /TzNJL/PWVI= =1etK -----END PGP SIGNATURE----- Paul Ferguson | "Government, even in its best state, Network Integrator | is but a necessary evil; in its worst Centreville, Virginia USA | state, an intolerable one." fergp at sytex.com | - Thomas Paine, Common Sense Type bits/keyID Date User ID pub 1024/1CC04D 1993/03/15 Paul Ferguson Key fingerprint = EE D2 93 7D 04 6D C6 05 AC 36 AD 9D 8E 4F 41 58 ser's knowledge. In doing this, it violates the integrity of the system and furthermore, it does it surreptitiously. Personally, I like to be intamately aware of every byte on each of my systems (I am) and know _exactly_ what every executable which resides on my system does (again, I do). For users who cannot know this, then a virus is a breech of their privacy, in a matter of speaking. Finally, distributed computing need not be accomplished by something as brain-damaged as a virus. Anything a virus could beneficially do, a legitimate, non-replicating program can do better. In fact, there have been viruses designed and coded which were supposed to perform beneficial activities (see historical notes about the Denzuko, Ohio, etc. viruses). Also, every virus harbors the potential for damage. No programmer (read: virus author) can possibly know each and every environment where the code will be introduced. An example which I frequently use to illustrate this point is the Stoned virus; it is mostly an innocuous virus, however with several spoofing disk partitioning schemes (such as Disk Mangler), it can devastating. And with the advent of the Microsoft Doublspace shit, alot of other potholes in the road are introduced into the possible scenarios. A final note: There is a virus called "Cruncher" which compresses executables in much the same way as PKLite or LZEXE. Is this a "good" virus? This ia an exercise left to the reader... Cheers from Washington, DC -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBLG57NZRLcZSdHMBNAQEHygQAhER6mpzGIctOx6sHpndNsv9EdoO++DBq x32h5Q4b5ylGDJWEcbC3RMqpkbDrzzYJOaBtRiqW+XTfpTagAKI0CbBWknxJcF3T W8hdDxu0kN2K0TVPbinkUUM+bvXLAdhYdv9GqixoWJx+Y/mkW2XtQLKbxRSFt/Uv ZC/YC+YVb18= =Mq8P -----END PGP SIGNATURE----- Paul Ferguson | "Government, even in its best state, Network Integrator | is but a necessary evil; in its worst Centreville, Virginia USA | state, an intolerable one." fergp at sytex.com | - Thomas Paine, Common Sense Type bits/keyID Date User ID pub 1024/1CC04D 1993/03/15 Paul Ferguson Key fingerprint = EE D2 93 7D 04 6D C6 05 AC 36 AD 9D 8E 4F 41 58 From elee9sf at Menudo.UH.EDU Sun Aug 15 15:42:00 1993 From: elee9sf at Menudo.UH.EDU (Karl Barrus) Date: Sun, 15 Aug 93 15:42:00 PDT Subject: encrypting virus (KOH) Message-ID: <199308152240.AA11446@Menudo.UH.EDU> -----BEGIN PGP SIGNED MESSAGE----- Well, perhaps any discussion of viruses tends to cause feelings to run high, so perhaps the author of potassium hydroxide shouldn't have termed his program a virus. I don't see any difference between Stacker 3.0 and its stacked disk option that compresses files on a floppy and inserts a small decompression routine there as well, and the encrypting "program" I posted information on. Well, besides the fact the Stacker compresses and potassium hydroxide encrypts. > Anything a virus could beneficially do, a legitimate, > non-replicating program can do better. Well, if I were more proficient in assembly I might code an encrypting Stacker program. Perhaps you will take the public domain code, disassemble it and improve it, elevating it from "virus" status. > Also, every virus harbors the potential for damage. No programmer > (read: virus author) can possibly know each and every environment > where the code will be introduced. Yes, this may be true, and applied to every program ever written, not just "viruses". Not to insult anybody, but if memory serves PGP had a bug which destroyed files on hard drives.... why, even Microsoft's CHKDSK program had a bug which could destroy a hard drive. Modern software is complex and configurations uncountable. Now I do not advocate spreading viruses and damaging computer systems, but to imply the only viruses harbor potential for damage is surely ridiculous. I posted this because the purpose of the "virus" is to automatically encrypt files, a goal that I understand some people on this list are working on. If anybody is interested in a copy, I can send it. A disassembly would be instructive, and would allow people to fine tune the program, improve it, incorporate it into other projects, etc. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLG67HYOA7OpLWtYzAQF5IAP/VFEqemlG8ntyyqikQie1eFR+61D2JX8k 3k5oc5pU2LdYqFPKDFyNQ/Rn/Sw9LAB2+NFfc4X1J1+nWcGTPxZ1Njb5n9tYrC8D WQUMD6O8NxgKQhfJMsBJQqmbrXKcCnLOfAYyzDlrEszmKzg3xp0uqRqvsh2rHyIb YDK6HYk3B08= =f6WE -----END PGP SIGNATURE----- From Seth.Morris at lambada.oit.unc.edu Sun Aug 15 15:57:00 1993 From: Seth.Morris at lambada.oit.unc.edu (Seth Morris) Date: Sun, 15 Aug 93 15:57:00 PDT Subject: Back on track(s)... Message-ID: <9308152256.AA01403@lambada.oit.unc.edu> Hi... I haven't posted much here, but I've been lurking for quite some time. On the issue of "lost focus" and a return to projects, I'd like to ask about some of the projects that were/are underway from a while ago. Some months back, there was a push to get kits together for different non-technical persons needing access to privacy, anonymity, digital signatures, crypto, etc... such as journalists, political activists, religious groups, terro^H^H^H^H^Hetc. This is an idea I am very interested in, and I'm wondering if it's still ongoing. It seems to gel well with the proposed cd-rom collection (I think some shareware/PD distributors might be talked into a multi-disk privacy distribution set, perhaps with some basic utils like antiviruses/text-editors/defraggers as a "must have" basic start-up kit). Could one of the major FTP sites be persuaded to maintain a privacy/anonymity section that didn't put them in a legally tenuous position? No PGP, perhaps but articles (with sample code?), steganographic utils, etc. Maybe some front ends for popular remailers/encryption utils. What about digital cash? I thought some ongoing experiments testing ease- of-use/speed etc. started up (or were announced) about six months ago? (I lost net access for about three months a while back, so I may have missed preliminary results.) I think that this is a fertile area for trial balloons based on games. Set up a server with several games being managed (possibly as either lists or CC-groups or with human moderators) and use secure digital cash protocals(sp?) both within a game and between games... sounds like the FBI (Flying Buffalo, Inc) Illuminati PBM and other PBM's with requirements to progress from one game to another would serve as a useful model.... Gnomic or Elusius(sp? the research-based cardgame from one of the Penrose books, I believe) would serve as an excellent test for popular secure anonymous voting by non-programmers. All in all, gamers are excellent sources of guinea pigs, and usually quite willing (hmmm... how about handing out disk packs at SF/Gamer cons?... MANY gamers are computer users and they can be counted on the use the programs in their PBEM games, spreading them on to other BBSing Gamers while they're at it... maybe I can test this here in Tucson). I think that just getting dialog generated will spark most of us to get work done. I feel, personally, that the cypherpunks remailers need some spec-work done and the specs published more openly, and similar work done with steganographic tools, etc. We need more active, reputation-building anonymous Usenetters, people who want to create such identities need to feel that THEY can control the tools they will be using. Are the pools still active? Can a set of games be developed that model crypto/anonymity/steg? rec.games.abstract is a wonderful source of ideas and shows what can be done with an abstract idea (play both gnomic and elesius sometime!). What we need is a list of projects that people are interested in/working on, with some communication about how they're going. We have no dearth of ideas, or people, or interest. It's the assumption that either, someone else is already doing it (a bad attitude among the hacker-types that abound here, reminds me of a SF story where a bunch of ship captians are put in a simulator to see who gets a big promotion. The simulator is wretched, has too many little (useless) lights, the AC blows in your eyes, the sound is WAY too loud, etc. Everyone fails, all making the same complaints and telling them how to redesign the simulator. The promotion goes to the guy who tapes up the redundant lights, puts cardboard over the AC and turns the speakers to face outward... the wanted a commander who would actually FIX things, not make orders) Cypherpunks aren't bery organised, nor should we be, but having some lists of what some of us want to do, who's doing what, and what some of us are thinking/worried about might be very helpful. Hmmm. maybe someone should see if a regular digest of what's ACTUALLY being said/done on the list, for reference, would go over well... This week we discussed: a) pagers and ping... most think it's a myth b) T-Shirts (list of popular ideas for shirts) c) Digital democracy debates d) meetings e) focus F) Someone is installing and will probably be reporting on an encryption virus in the PD... there's some talk of a commented dis-assembly being made. g) the Phantom mailer when down (am I remembering this right? This is off-the-cuff) h) California law being decided NOW about online access to current legislative agenda. Get your viewpoint in before the 18th. i) NSA asked for one year on the FOIA request about MYK78/80 (again, pardonany misinformation, take NONE of this as gospel... check the archives). j) with any reports on ongoing games/projects/running gags,etc. Hmmm... some comments on this idea. a) We've done a lot more this week than I'd noticed. b) it may be more bandwidth than many want (but a CC list is easy to maintain for those that want it, or it could be dropped in to archives and left to rot until someone cares enough to retieve it). c) it's pretty easy to make. d) it will be, to some extent, subjective. e) I make too many lists... probably a sign of something about my poddy training, I suppose. f) I'm rambling. When the kits idea was first kicked around, I expressed support (I think... the message may have been lost by my mailer before it reached the list... that happens here at launchpad), but offered no other help or support, a I was just starting a new job. Well, now I'm about to be fired, so I have a bit of free time (oh well, never set out to write Nintendo games, anyway.... sigh). I suspect that we're not actually being stagnant at all. Maybe not even taking a breather. Seth Morris (Seth.Morris at launchpad.unc.edu) PS. T-shirt ideas: "We watch the Watchmen" and "Wiretapping is Privacy; Censorship is Freedom; Publicity is Anonymity: 1994 -- the eight was a typo." "We do not believe any group of men adequate enough or wise enough to operate without scrutiny or without criticism. We know that the only way to avoid error is to detect it, that the only way to detect it is to be free to inquire. We know that in secrecy error undetected will flourish and subvert." -- J. Robert Oppenheimer From an12070 at anon.penet.fi Sun Aug 15 19:42:02 1993 From: an12070 at anon.penet.fi (an12070 at anon.penet.fi) Date: Sun, 15 Aug 93 19:42:02 PDT Subject: `Stalled' Progress Message-ID: <9308160236.AA02030@anon.penet.fi> we've accomplished a great deal as cypherpunks so far, but major obstacles are in place of our ambitious goals. here are some critical factors: * it is extremely difficult find sites willing to donate computer cycles, space, and management despite that it is rather abundant in the world. virtually every cypherpunk idea requires some cycles & space somewhere. building up all these things on student accounts is commendable but a foundation of quicksand in the long run. rumor has it even soda.berkeley.edu ftp site (perhaps the most critical cypherpunk element other than the mailing list) is being run off a student account. ideally a list of volunteering sites could be created and individual cypherpunks could contact the sites independently. * the internet itself is very hostile in general to most cypherpunk ideas, including digital cash, anonymous remailing, etc. because of nonuniform policies and general resentment and taboos on anything commercial. to some degree only prototypes can be created in this atmosphere, but even prototypes of our most critical ideas are lacking. great attention should be placed on identifying and cultivating emerging networks where commercialism is officially sanctioned and encouraged. * the `i thought you were doing that' factor. with no organization and coordination, the effort and energy of the group is needlessly dissipated and tragically wasted. in fact, many cypherpunks have philosophies that are exceedingly antagonistic toward and distrustful of any oversight or coordination, and frequently assume that others are making progress in some area when in fact no one is. * to a large degree, despite the commandment `cypherpunks write code', the `cypherpunks' have always gained their cohesion more from political ideology than implementing tangible systems. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From jjl at panix.com Sun Aug 15 20:17:01 1993 From: jjl at panix.com (J. J. Larrea) Date: Sun, 15 Aug 93 20:17:01 PDT Subject: encrypting virus (KOH) In-Reply-To: <199308152240.AA11446@Menudo.UH.EDU> Message-ID: <199308160315.AA07140@panix.com> Karl Barrus writes: > I don't see any difference between Stacker 3.0 and its stacked disk > option that compresses files on a floppy and inserts a small > decompression routine there as well, and the encrypting "program" I > posted information on. Well, besides the fact the Stacker compresses > and potassium hydroxide encrypts. I did not save the original potassium hydroxide posting, so I am not sure whether it truly constitutes a "virus", but I can't let any defense of "benign" infection mechanisms go unchallenged. If someone gives me a floppy, and, by running a program contained on it or booting off of it, some algorithm contained therein is permanently incorporated into my system *without my explicit desire and command*, to me that constitutes a viral ATTACK on my system, by compromising the sanctity of my data, whether or not the author's intent was benign. Even if a question like "Compress [Encrypt] drive C: ?" were presented, I'd be rather perturbed (especially since I use a Mac :-), since the question would probably be completely outside of the context of what I was trying to do (eg. run a GIF viewer, checkbook balancer, compiler, whatever), and would not provide sufficient notification of potential ramifications from answering in either the negative or the affirmative. Should that happen to *me*, I'd immediately go for the reboot switch and never use that floppy again; but most non-hacker computer users I know would be pretty lost, and feel rather violated if they chose the wrong option and something bad happened. Now, if a smart compressor/encryptor wrote itself along with the files it was treating, and then wrote a nice README file which explained that files on the floppy were compressed/encrypted, would be automatically decompressed/decrypted, and that the treatment could, if you wished, be performed on your hard drives and/or other floppies by making a backup and then executing the following command, that would be perfectly fine. Low-pressure sales techniques are far more humane than high-pressure: one gets time to scratch one's head, think about alternative strategies, reconsider one's intent. And a decision to reformat possibly years of data from a universally-accessible native format to a proprietary format certainly should not be made in an ad hoc manner. If a compressor/encryptor has a mode whereby it can automatically compress/ encrypt native-mode floppies when they are first mounted, that's quite a useful feature. But in this case I would have first had to have made a pro-active decision to install the software on my system, and thus been apprised of the ramifications. I would certainly still want and expect at least a minimal query like the above before anything is changed, otherwise it would be too easy to forget the mechanism is in place, get a floppy from a friend, and without knowing it return to them an altered and possibly unuseable disk. Not good. I thought Cypherpunks were all for self-determination? If there's anything in the computer world which strips us of that it's a virus or trojan horse, no? - JJ From ld231782 at longs.lance.colostate.edu Sun Aug 15 21:02:02 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Sun, 15 Aug 93 21:02:02 PDT Subject: cyberspace & cybercycles donations! Message-ID: <9308160358.AA20381@longs.lance.colostate.edu> From: an12070 at anon.penet.fi >* it is extremely difficult find sites willing to donate computer >cycles, space, and management despite that it is rather abundant in the >world. virtually every cypherpunk idea requires some cycles & space >somewhere. [...] > ideally a list of volunteering sites could be created and >individual cypherpunks could contact the sites independently. Hey, I think this is a great idea. The only problem is that the list would probably be empty =) I personally have many pet projects that might see the light of day if they could find the inside of a computer on the internet. I volunteer to maintain this list. If anyone would like to donate cycles or space for pet cypherpunk projects such as digital cash, anonymity servers, archives, etc. please send me your name and availability and I'll stick it in the list. Unfortunately, the people most likely to be in charge of these resources are coincidentally the most paranoid about restricting them and least likely to hear this--and once they hear the word `cypherpunk' their mind will slam shut in a nanosecond. We may be able to get more `outside support' if such a list was posted into Usenet. In fact, if the list kept track of all the current projects and the status, it might really encourage volunteers out there in the world. Maybe the problem is that the list is just too high noise for important people to pay attention, but that a summary like this might get results. ltr. From ld231782 at longs.lance.colostate.edu Sun Aug 15 21:12:02 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Sun, 15 Aug 93 21:12:02 PDT Subject: CPSR Oct. 16 Meeting Announcement Message-ID: <9308160409.AA20506@longs.lance.colostate.edu> Items of interest to (some) cpunks: - (ahem) COMPUTERS AND DEMOCRACY - Nat'l Info Infrastructure policy - Public access to Internet & major networks - local municipal and community network development - - - ************************************************************************ COMPUTER PROFESSIONALS FOR SOCIAL RESPONSIBILITY ANNUAL MEETING October 16 - 17, 1993 University of Washington, South Campus Center Seattle, Washington, USA Envisioning the Future: A National Forum on the National Information Infrastructure and Community Access Co-sponsored by the American Society for Information Science Pacific Northwest Chapter (ASIS-PNC) ************************************************************************ Saturday, October 16th 8:00 - 9:00 Registration/Coffee & Tea 9:00 - 9:15 Welcome to the CPSR Annual Meeting - Aki Namioka 9:15 - 10:15 Keynote Address - Bruce McConnell, Office of Management and Budget "Shaping National Information Infrastructure Policy" Bruce McConnell, Chief of Information Policy at the Office of Information and Regulatory Affairs in the Office of Management and Budget (OMB), will present his views on the major NII issues now facing the administration. He has been with OMB since 1985 and became head of Information Policy in 1992. He now chairs the inter-agency task force responsible for developing federal information policy for the Information Infrastructure Task Force. 10:15 - 10:45 Break 10:45 - 12:15 Panel Discussion - Moderated by Eric Roberts "Public Access to Internetworks" Public access to the Internet (and other major networks) is a critical issue in any discussion about an "electronic highway". Panelists representing a wide variety of perspectives, including representatives from the Pacific Northwest, will present their views. Panelists: Phil Bereano Craig Buthod, Deputy City Librarian and Chief Operating Officer, Seattle Public Library Kenneth Kay, Computer Science Policy Program Laura Breeden, FARnet 12:15 - 1:45 Lunch break 1:45 - 3:00 Panel Discussion - Moderated by Andrew Gordon "Municipal Information Infrastructure" City and other government agencies are exploring possibilities for developing municipal networks. In this panel a city official as well as a representative from the state regulatory agency and a representative of commercial interests will offer their insights and interests. Panelists: Joe Hommel - Washington Utilities and Transportation Commission Jane Noland - Seattle City Council 3:00 - 4:30 Panel Discussion - Moderated by Douglas Schuler "Networking in the Community" Community networks exist and are being developed all over the U.S. Panelists from various community networks will present their perspectives on the state of community networking now and in the future. Panelists: Tom Grundner, National Public Telecomputing Network Parker Lindner, New Media Matters Evelyn Pine, CPSR/Berkeley member and former Executive Director of the Community Memory Project Roy Sahali, CLAMDYP (Computing Literacy and Access Making a Difference for Youth Projects) 4:30 - 4:45 Break 4:45 - 6:15 Panel Discussion - Moderated by Marc Rotenberg "Computers and Democracy - What's the Connection?" What aspects of democracy might be improved with computers? Which ones probably wouldn't. This is a concept that is in the public eye, and an idea that will probably be tested soon. What can be done to promote wise uses of computers in this critical area? Panelists: Jeff Chester, Center for Media Education Jamie Love, Taxpayers Assets Project Leah Lievrouw, Department of Telecommunication and Film, University of Alabama 6:15 - 6:30 Closing Remarks - Jeff Johnson ************************************************************************ 7:00 - 7:30 No host bar at banquet site 7:30 CPSR Banquet - Fundraiser (Vegetarian food will be available) + Presentation of the 1993 Norbert Wiener Award to The Institute for Global Communications (IGC) Presenter: Eric Roberts The CPSR Board of Directors unamiously award the 1993 Wiener Award to IGC to recognize the work the organization has done to use network technology to empower previously disenfranchised individuals and groups working for progressive change. Geoff Sears, IGC's Executive Director, will be present to accept the award. + Banquet Address and Interactive Event - Kit Galloway, Electronic Cafe International Kit Galloway of Electronic Cafe International in Santa Monica, California will present his innovative approach to electronic communication using phone lines, slow-scan television, and other technology. Using videotapes and a live demonstration with CPSR chapters in Los Angeles and other locations, Kit will discus how the Electronic Cafe concept has been used in a variety of settings. Electronic Cafe International has staged global events with poets, children, and communities in France, Nicaragua, Japan, as well as a variety of American cities. Be sure to attend the banquet and participate in this provocative encounter with multimedia community networks !! ************************************************************************ Sunday, October 17th (preliminary schedule) 8:30 - 9:30 Coffee & Tea 9:30 - 11:30 Workshop sessions I 11:30 - 1:00 Lunch break 1:00 - 3:00 Workshop sessions II 3:00 - 3:30 Break 3:30 - 5:00 CPSR NII vision document discussion - Moderated by Todd Newman 5:00 - 5:30 Closing Remarks - CPSR NII program future - Marc Rotenberg ************************************************************************ ABOUT CPSR Computer Professionals for Social Responsibility stands alone as the only national, non-partisan, public-interest organization dedicated to understanding and directing the impact of computers on society. Decisions regarding the use of this technology have far-reaching consequences that necessarily reflect the basic values and priorities of the people who govern their use. Founded in 1981, CPSR has 2000 members from all over the world and 22 chapters across the country. Each of our members is an important participant in the dialogue that is helping to shape the future use of computers in the United States. Our National Advisory Board includes one Nobel laureate and three winners of the Turing Award, the highest honor in computer science. We believe that as the influence of computers continues to permeate every aspect of our society, it is important that professionals become active participants in formulating the policy that governs computer use and access. CPSR welcomes any and all who share our convictions. - ------------------------------------------------------------------------------- Registration Form Please pre-register by September 24 to guarantee seating. Registrations at the door will be accepted pending space. Name _________________________________________________________________ Address ______________________________________________________________ City _______________________________ State _____________ Zip _________ Telephone __________________________ E-mail_____________________________ CPSR member $55 _______ Non member $75 _______ 1 year CPSR membership & registration $100 _______ Low income/student $25 _______ Banquet ticket $40 X ___ = _______ Additional donation to further CPSR's work _______ Total enclosed _______ For more information contact CPSR, 415-322-3778, draper at csli.stanford.edu, or Aki Namioka, 206-865-3249, aki at cpsr.org. Send completed registration form with check to: CPSR, P.O. Box 717, Palo Alto, CA 94301 - -- David Friedlander df at iochom.com voice 212-942-1156 fax 212-569-8680 ------- End of Forwarded Message From elee9sf at Menudo.UH.EDU Sun Aug 15 21:37:02 1993 From: elee9sf at Menudo.UH.EDU (Karl Barrus) Date: Sun, 15 Aug 93 21:37:02 PDT Subject: encrypting virus (KOH) Message-ID: <199308160433.AA01390@Menudo.UH.EDU> -----BEGIN PGP SIGNED MESSAGE----- Since this doesn't have much to do with encryption or cypherpunks per se, I am hesitant to respond. Interested people may obtain the software from me. Perhaps I should have doctored the text included with the program I received and termed it an automatic encryption program, which encrypts your hard drive and floppies with your permission. We would possibly be spared some of the fears of viruses. 1) the program asks for permission before performing any action > I'd be rather perturbed (especially since I use a Mac :-), since the > question would probably be completely outside of the context of what I > was trying to do (eg. run a GIF viewer, checkbook balancer, compiler, > whatever), and would not provide sufficient notification of potential > ramifications from answering in either the negative or the affirmative. 2) perhaps the program should include the standard disclaimer that ALL SOFTWARE INCLUDING COMMERCIAL SOFTWARE includes, usually in the beginning of the documentation, or on a separate card. You know, the one that says essentially that the the authors are not omniscient, cannot predict all circumstances the software shall be used under, and thus disclaim any damages. This warning is included in all the commercial software I own. Actually, the disclaimers simply say that you use the software at your own risk, damages are disclaimed. I have yet to see software which attempts to explain all potential ramifications of its use. I very much doubt I would be using software at all if I were to wait for such packages to appear. > Now, if a smart compressor/encryptor wrote itself along with the files > it was treating, and then wrote a nice README file which explained that > files on the floppy were compressed/encrypted, would be automatically > decompressed/decrypted, and that the treatment could, if you wished, be > performed on your hard drives and/or other floppies by making a backup > and then executing the following command, that would be perfectly fine. 3) the program does not do this, much like Stacker does not create README files which explain that your disks are now compressed. This is left to the documentation that comes with the program, some appearing in a booklet, some as a text file (this practice occurs in every single commercial package I own) Now, I realize that since the author chose to call his program the "potassium hydroxide virus" that alarm bells sound. Maybe he should have posted the source to this list, describing it as a CryptoStacker program, which after installation encrypts floppy disks after prompting. Why, the whole thing would be so much better if MSDOS could run background processes - he could have written it to work like a unix daemon. As I said before, I posted this since I know some people are working on a similar program and may be interested in one which purports to do all this. Interested people may obtain the program, hex debug, and read.me file from me. I don't have the source code but maybe I can contact the author and ask for it. I don't have the tools or expertise in assembly to do the disassembly myself. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLG8N8IOA7OpLWtYzAQFk5AP/TDib1SwkADkfk1D/WDwIk4gwpYLOIax/ sZ6WqrwDIl+Wpu9cO6sfIpxlO5iOqLVGhHeGxYfgaIKKr+IrS3x/t9HwWOV3vo7F 8zu5gPObI3J8yJ7C1xAgyKZ3kJ0ZfCX3fMYEK/zUt47W61qbfAp6QqGoo1jlE4D4 4HDp8uF3wzg= =BDLa -----END PGP SIGNATURE----- From plmoses at unix.cc.emory.edu Sun Aug 15 21:47:02 1993 From: plmoses at unix.cc.emory.edu (Paul L. Moses) Date: Sun, 15 Aug 93 21:47:02 PDT Subject: e-voting Message-ID: <9308160442.AA26674@emoryu1.cc.emory.edu> instead of promoting another "magic bullet" (ie electronic democracy), why dont we just take a stand against the tide of ignorance and violence that has engulfed us? new technology handed down from on high will serve only to amplify the underlying instabilities unless these are addressed first. or at least simultaneously. of course there are short term profit opportunities in innovation, fortunes to be made. but then again no one is safe from the growing instability. just ask Michael Jordan no matter how much money u have ur still in the same boat with everyone else From wmo at rebma.rebma.mn.org Sun Aug 15 22:02:02 1993 From: wmo at rebma.rebma.mn.org (Bill O'Hanlon) Date: Sun, 15 Aug 93 22:02:02 PDT Subject: Remailer bug... Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I just noticed a potential problem with the current Cypherpunks remailers. If someone uses the -m option when they encrypt for the remailer, the pgp session will hang, waiting for input to the "For your eyes only. Display now? (Y/n)?" message. (Yeah, if you're wondering, someone did this to the remailer on Rebma.) - -Bill -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLG8mLRiQVHeOVJ+HAQEqaQP/YFFiNpR9qsZ39sTNccAsxeYegeuTEh1+ 0Xf/B2XylQtyNnJ0PQnJ5FQdQa79DTNoI2pwbh4N1pVDYPAF5KkZiXf9m5MLhhbi UqXrFGiaGRTLI1JcssgvqvvodM+9EtrDf5eBw/M3k/iEnYEjKiIPkSx4DCLCuGId exjqwL6lgqM= =aHty -----END PGP SIGNATURE----- From nobody at pmantis.berkeley.edu Mon Aug 16 05:27:06 1993 From: nobody at pmantis.berkeley.edu (nobody at pmantis.berkeley.edu) Date: Mon, 16 Aug 93 05:27:06 PDT Subject: Electronic Democracy Message-ID: <9308161227.AA19906@pmantis.berkeley.edu> > From: wcs at anchor.ho.att.com (Bill_Stewart(HOY002)1305) > > An anonymous personage writes > > More succinctly, "Democracy is four wolves and a sheep voting on lunch." > > Up the republic! > > Yeah, though representative government is four wolves voting on _which_ sheep > to have for lunch. Actually, elections are more like four sheep voting on which wolf they want to be eaten by. .snail From gtoal at an-teallach.com Mon Aug 16 06:12:09 1993 From: gtoal at an-teallach.com (Graham Toal) Date: Mon, 16 Aug 93 06:12:09 PDT Subject: Mail problems Message-ID: <5145@an-teallach.com> In article <9308121657.AA20346 at toad.com> gnu at toad.com writes: > My proposal is that we get some software working that produces poor > quality speech in realtime on fast hardware that most people don't > have. Then, improved search algorithms will bring higher quality.* > The natural evolution of faster hardware will make it available to all. It exists. It's called 'nevot'. The improved faster compression algorithm is also on the way very shortly (the one by ajr that I mentioned the other day); with 4000byte/sec samples and 8:3 compression, it fits in 14.4kb with enough to spare for packet encapsulation. G === Personal mail to gtoal at gtoal.com (I read it in the evenings) Business mail to gtoal at an-teallach.com (Be careful with the spelling!) Faxes to An Teallach Limited: +44 31 662 4678 Voice: +44 31 668 1550 x212 From cyphrkt at eskimo.com Mon Aug 16 10:07:07 1993 From: cyphrkt at eskimo.com (Cindy Vanous) Date: Mon, 16 Aug 93 10:07:07 PDT Subject: A Follow-up Message-ID: To the lady or chap who arbitrates this mailing list: I am sending along a message which I would like to have forwarded to your mailing list. A colleague of mine found my name mentioned somewhat out of context in a letter posted to your list, and I would like a chance to address the issues mentioned therein. Let me start out by saying that I do fully support the perpetuation of encryption and anonymous posting; however, there are some circumstances in which it is neither appropriate nor desirable. My situation represents one of these circumstances. Let me explain: There are certain transactions which the IRS has allowed to be non-taxable. For example, in Washington state, as in several other states, non-luxury food items are tax-exempt. Another tax-exempt transaction is barter. Barter is one of the mainstays of struggling small-farm owners, a method of support between startup businesses, and an excellent way to obtain needed goods and services without the exchange of money, which might not always be available. In my case, I am a startup business owner with limited funds and a need for better software than I currently possess. Therefore, I post to the Internet that I am willing to trade my services for an equivalent value in software. Therefore, I get my copy of Word or PageMaker, and some other cash-low company receives a professional business form or other graphic design project. All perfectly legal, all tax-exempt, according to the IRS' own laws. This is not tax evasion, merely good business sense. This brings me to the following conclusion: even if anonymous posting was available to me (which it very well might be; I haven't pursued information about it), I would have no need or desire to use it. My clients are not interested in playing some sort of spy game, they are interested in making a business arrangement with me. They would very likely not be willing to trust me if I was merely a phantom name from a nonexistant site. Finally, I would like to point out that there is currently a movement on the Internet, pushing for the greater utilization and availability of barter. The IRS left a loophole in their rules, it is up to us to take advantage of it. For more information on barter through the Internet, subscribe to the Fringeware mailing list at the following address: fringeware-request at wixer.bga.com Thank you for your time and bandwidth, - Cindy L Vanous --------------- * cyphrkt at eskimo.com * --------------- Cindy Vanous, the Cypherkat, graphic artist at large ------------------------------------------------------ Disclaimer: even though I work for myself, my opinions STILL don't seem to be the opinions of my employer. From szabo at netcom.com Mon Aug 16 10:32:12 1993 From: szabo at netcom.com (Nick Szabo) Date: Mon, 16 Aug 93 10:32:12 PDT Subject: Electronic Democracy In-Reply-To: <9308161227.AA19906@pmantis.berkeley.edu> Message-ID: <9308161732.AA10330@netcom4.netcom.com> This is a great example of a issue we don't need to agree on. The underlying cryptographic tools needed for private voting and digital cash are practically the same. Once the common tools are written, each side can go finish off their own user interfaces, one labelled "cash market" and the other "voting booth". So let's quit bickering and write those tools! Nick Szabo szabo at netcom.com From hughes at soda.berkeley.edu Mon Aug 16 10:47:07 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Mon, 16 Aug 93 10:47:07 PDT Subject: CRYPTO'93, anyone here going? In-Reply-To: <199308100848.AA13015@xtropia> Message-ID: <9308161745.AA22457@soda.berkeley.edu> I may show up for a day, for the Tuesday evening rump session, in particular. I won't be attending the whole conference. There are a few I do know are going: John Gilmore, Whit Diffie (who shows up for every other monthly meeting, even though he doesn't participate much on the list), Phil Zimmerman (who's not on the list, but ...). Phil called me yesterday to talk about what to do to promote PGP etc. at the conference. You might want to get in touch with him as well: prz at acm.org. As to your other question, about a cypherpunks meeting the weekend of the 28, we won't be holding one. As it is, our 2nd annual meeting will be only two weeks later. I'd not mind having an informal cypherpunks party, but I don't know where we would hold such an event. Eric From greg at ideath.goldenbear.com Mon Aug 16 11:17:07 1993 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Mon, 16 Aug 93 11:17:07 PDT Subject: Inslaw files Message-ID: Eric Hughes says he's uninterested in making the Inslaw files available on soda, so I'll be happy to mail copies of them to interested parties. -- Greg Broiles greg at goldenbear.com Golden Bear Computer Consulting +1 503 342 7982 Box 12005 Eugene OR 97440 BBS: +1 503 687 7764 From hughes at soda.berkeley.edu Mon Aug 16 14:02:16 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Mon, 16 Aug 93 14:02:16 PDT Subject: PROTOCOL: Encrypted Open Books In-Reply-To: <9308102059.AA22885@snark.shearson.com> Message-ID: <9308162057.AA05059@soda.berkeley.edu> Kent Hastings wondered how an offshore bank could provide assurances to depositors. I wondered the same thing a few months ago, and started working on what Perry calls the anonymous auditing problem. I have what I consider to be the core of a solution. All the following protocols and ideas are in the public domain. The following is long. My notation here will also be much less formal than I am capable of; I don't want to make the uninitiated read TeX. The basic idea is that summation can be performed encrypted by using exponentiation in a finite field. That is, if I represent an amount x by g^x and an amount y by g^y, then I can compute the sum of x and y by multiplying g^x and g^y, getting g^(x+y). Very basic. So let us take a very simple version of this protocol, which leaves out many desiderata. If a shared funds account, say, has a bunch of transactions made on it, then we can publish each of those amounts x_i (for the non-TeX'd, underscore means subscript) encrypted as g^(x_i). I know what my transaction number, i, is, and what the amount was, so I can verify that my transaction appeared in the public list. We also publish the beginning and ending balances, givings use a total difference X. Now anyone can verify that g^X equals g^(Sum_i x_i). That is, everyone can verify that the aggregate effect of the transactions is what is claimed without revealing the amounts of any of them. What does this protocol reveal? It reveals the number of transactions on each account and thus the total number of transactions. It is also subject to known plaintext attack. If I get an account on this system and make one transaction in each amount, I can decrypt by table lookup the whole transaction flow. The total number of transaction accounts is also revealed, or, for a bank, the number of customers. We can easily solve the known plaintext attack by blinding each transaction. Instead of publishing pairs , we have for each transaction a blinding factor r_i and publish triples The notation has grown. g is a generator of a finite field G, and h is a generator of a different finite field H. We also publish R = Sum_i r_i in addition to X = Sum_i x_i. What is the public verification procedure? Basically the same as the first case, but in addition taking into account the blinding factors. Step 1. Calculate Product_i h^(r_i) and make sure that it equals h^R. This validates the blinding factors. Step 2. Calculate Product_i g^(x_i + r_i) and make sure that it equals g^(X+R). This, given the validity of the blinding factors, validates the actual transactions. How does this resist known plaintext attack? Since the blinding factors r_i are flatly distributed over their range (caveat! you pick the order of G smaller than of H to assure this), the x_i + r_i sum acts exactly as a one-time pad to encrypt the amount. In summary, what is going on here is that both the messages (amounts) and the keys (the blinding factors) are being sent out as images of one-way functions (exponentiations) that preserve exactly the relationships that we want. There's more. For a real business, we want to keep double entry books and not just single entry accounts as above. By extending the number of terms in the transaction, we can do that too. In double entry bookkeeping, the total amounts for each transaction must sum to zero over the various accounts being transacted upon; I say this knowing that when you print out the information for an accountant you'll have to do some sign twiddling for the asset and liability/equity halves of the books. Also, a single transaction may involve more than two accounts, even if in practice most involve only two. The basic idea here is that each transaction is a set of the above transactions whose sum must be zero. So for a transaction i, we publish a set of triples, indexed by j, < T_i,j, g^( m_i,j + r_i,j ), h^( r_i,j ) > where the subscripts are doubly indexed and where T_i,j represents the account that amount m_i,j is changing. Now we can perform, on each transaction, the following very similar verification procedure for each fixed i. Step 1. Verify that Product_j h^( r_i,j ) = 1. This verifies that the blinding factors sum to zero. Step 2. Verify that Product_j g^( m_i,j + r_i,j ) = 1. Since the blinding factors sum to zero, this ensures that the transaction amounts sum to zero. Not that both of these sums are done over j, not i. In other words, we validate each transaction individually. Now we also publish aggregate changes in the public accounts just as before. The holders of private accounts know what how their accounts have changed. Then we can use the the single account verification method as above to verify that the totals match. Everyone can verify that the public accounts match, and the holders of private accounts can verify that they match. To summarize: The transactions are doubly indexed. If you group by transaction, then you verify that each transaction sums to zero. If you group by account, then you verify that the change in that account is as expected, be it public or private. In the scenario that Kent originally proposed, one of the public accounts would be a gold account, which through independent public auditing would be verified to be accurate. I personally would not use gold but rather denominate certain accounts in shares of mutual funds, which are resistant to the currency inflations of mining and stockpile sales. What information is still being disclosed? The most worrisome to me is that the total number of transactions per account is revealed, that is, aggregate activity, but not total money flux. I have an insight that may allow the _account_ to be blinded as well as the amounts, and be revealed in aggregate just as the amounts are, but I have not worked out the details because I am not fully up to speed on the relevant math. BEGIN BIG MATH I only expect a few people to follow the next paragraphs, so if you don't understand it, skip it. Here's the idea. The modular exponentiation is performed in a finite ring. We choose a ring that has lots of distinct prime ideals of sufficiently large order. To each account we assign one ideal. We represent dollar amounts as elements of this ideal; since the ideal is prime, this is straightforward. The property of the ideal we use is that the sum of any two elements of the ideal is also in the ideal. Hence by partitioning the ring, we also partition the computation of the accounts. We are blinding the transcations by account because we rely on the fact that blinding is not an intra-ideal operation, and thus does not preserve that invariant, which would otherwise be public. We must be careful not to allow operations that would result in an element which was in the intersection of two ideals. This requires upper bounds both on the transaction amount and on the number of transactions per cycle. There might be rings of order p^n+1 which would be suitable for this operations, but I am not sure of the security of the discrete log in such cases, except for p=2, in which case it is bad. END OF BIG MATH The protocol as specified, though, is useful as it stands. I have not specified all the details. For example the blinding factors should likely be created in a cooperative protocol at the point of transaction; blinding factors for intra-bank transactions should not contain subliminal channels. Certificates of deposit and withdrawal should be tied to the published transaction information. Etc. Remember, this is the core of an idea. One criticism I do wish to address now. I don't think it matters if the bank manufactures fake transactions. The customer can reveal the sum of all the blinding factors for transactions on that account, in public, and can thus prove what should have been there. Since the blinding factors were committed to in public, there is a strong assurance that these blinding factors are what they are claimed to be. This in itself can be made into an actual proof of liability. Note that even this revelantion does not compromise individual transactions. It only reveals the aggregate value change, which is exactly what is at issue with the bank. On the other hand, all of the bank assets that are held external to that organization can be externally audited in the same way. The other institutions that hold money might be persuaded to undertake a legal obligation to honor what the encrypted open books say they should have; this may not be difficult because they can verify that their record of the transactions matches what has been published. If we use the contents of the encrypted books at the organizational boundary points to create suitable legal opbligations, we can mostly ignore what goes on inside of the mess of random numbers. That is, even if double books were being kept, the legal obligations created should suffice to ensure that everything can be unwound if needed. This doesn't prevent networks of corrupt businesses from going down all at once, but it does allow networks of honest businesses to operate with more assurance of honesty. Eric From eric at Synopsys.COM Mon Aug 16 15:17:08 1993 From: eric at Synopsys.COM (eric at Synopsys.COM) Date: Mon, 16 Aug 93 15:17:08 PDT Subject: Solicitation of Tax Evasion--An Example In-Reply-To: <9308140811.AA16134@netcom5.netcom.com> Message-ID: <199308162216.AA07154@gaea.synopsys.com> The example given (someone soliciting an act of questionable legality) is a perfect application for the SASE remailer that I've been developing. I presented it at a phys-meeting a few months back, and have been working on coding it sporadically since then. The idea is that you have an address block that encodes the information on how to get a message to you. This is like a self addressed envelope. The envelope can specify multiple hops through remailers, but is encrypted in layers so only the next hop is revealed at each remailer. The difficulty comes in allowing the message to be re-encrypted at each stage (to keep a remailer from recognizing a message it has passed through itself on an earlier hop), but still allow it to be reconstructed at the final destination. The protocol also allows postage stamps to be securely delivered to each hop along the way, and yet be provided by the sender (who doesn't know the identity, or public key, of the remailers). You could use this by paying someone to forward messages to you via your SASE address. This way, you can publish an address by which messages can be sent to you, but without leaving yourself easily trackable. -eric messick From fergp at sytex.com Mon Aug 16 16:52:20 1993 From: fergp at sytex.com (Paul Ferguson) Date: Mon, 16 Aug 93 16:52:20 PDT Subject: Inslaw info (bitte) Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Mon, 16 Aug 93 11:06:28 PDT, Greg Broiles wrote - > Eric Hughes says he's uninterested in making the Inslaw files > available on soda, so I'll be happy to mail copies of them to > interested parties. Send any info you have to me at either: or Danke. -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBLHARI5RLcZSdHMBNAQGs1gQAplGq1DnDIvK4auaDKK6HA1uwxPV/Hf1c Z5btYCIQAvkDviLhAVMuzzTB0SymmIvyubnFy7luEVUKJfrNSeGdx3bWUm0icB63 82mgcZBEYZQnDRv9f76Y20qdeZ/R89Nm/BUNx1mFhzjzQGbmlOVlkYdkJdhvRNXi PlpGZpFuzuk= =aMAi -----END PGP SIGNATURE----- Paul Ferguson | "Government, even in its best state, Network Integrator | is but a necessary evil; in its worst Centreville, Virginia USA | state, an intolerable one." fergp at sytex.com | - Thomas Paine, Common Sense Type bits/keyID Date User ID pub 1024/1CC04D 1993/03/15 Paul Ferguson Key fingerprint = EE D2 93 7D 04 6D C6 05 AC 36 AD 9D 8E 4F 41 58 From gtoal at an-teallach.com Mon Aug 16 17:12:19 1993 From: gtoal at an-teallach.com (Graham Toal) Date: Mon, 16 Aug 93 17:12:19 PDT Subject: nevot README (by popular request) Message-ID: <9308170006.AA18694@an-teallach.com> NEVOT - A network voice terminal (BETA RELEASE 1.3 03/25/93) (c) Henning Schulzrinne ============================================================= NOTE: The .nevotinit files from versions prior to 1.3 are incompatible with the current command language and should be deleted. DESCRIPTION: The network voice terminal (NEVOT) allows audio-capable workstations to participate in audio conferences across local and wide area networks. Features: - real-time protocols: - NVP (network voice protocol), as used by 'vat' (LBL) and VT (isi) - 'vat' native packet format and session protocol - RTP draft - versions for: - Sun SPARCstation (SunOS 4.1.x and Solaris 5.x) - SGI Indigo (4D Series) and - Personal DECstations [as soon as we can get the DEC audio library to work] - GUIs: - XView - Tk [in progress] - curses - dumb terminal - fully controllable by Tcl-based command language - can serve as gateway for protocol and encoding translation - network transport protocols: - TCP - unicast/multicast UDP - ST-II [currently inoperative] - several independent concurrent conferences, each with different encoding and compression - DES-based voice encryption (U.S. only) - audio encodings: - 64 kb/s (mu-law PCM) - 32 kb/s G.721 ADPCM (Sun only) - 32 kb/s Intel DVI - 24 kb/s G.723 APDCM (Sun only) - 13 kb/s GSM - 4.8 kb/s LPC codec - each site can use different audio encodings - playback and recording of AIFC and .snd audio files - extensive statistics and tracing facilities - arbitrary voice packet length, which may differ for each site - lost packet and silence substitution - setable audio buffer occupancy - configurable adjustment mechanisms for playout delay, VU meter, silence detector and automatic gain control - redefinable session identifier string with variable substitution DOCUMENTATION: A compressed PostScript file describing Nevot is available for anonymous ftp from gaia.cs.umass.edu, as file ~ftp/pub/nevot.ps.Z. INSTALLATION: The sources are available by anonymous ftp from gaia.cs.umass.edu, as file ~ftp/pub/nevot/nevot.tar.Z (compressed tar file). The platform- specific external libraries are contained in the directory pub/nevot/lib.$ARCH. These typically change rarely. ARCH can be either dec, sgi, or sun4. Precompiled binaries are available as well: nevot/bin.$ARCH/nevot.tar.Z For the precompiled binaries, you also need to retrieve the initialization file ~ftp/pub/nevot/nevotinit and rename it to .nevotinit in the directory from which you plan to start Nevot. Unpack the compressed tar files, then execute the shell script compile You may have to adjust parameters within the shell script to your local needs, e.g., the compiler name. You also have to install the tcl library (version 6.7 or later), either the binary version as mentioned above, or from sources to be found in sprite.berkeley.edu:tcl. In order to use the UDP multicast and/or ST-II facilities, you have to install the appropriate kernel modifications. Due to export restrictions, the DES encryption code is available only by e-mail from the author. If you do have the DES code, change the value of the symbol DES in the Makefiles to 1. To enable on-line help for the OpenWindows version, the environment variable HELPPATH should be set to include the source directory where the .info files are located (here, assumed to be /usr/local/nevot/xview): setenv HELPPATH ${HELPPATH}:/usr/local/nevot/xview OPERATION WITH SD: ------------------ sd is a session directory written by Van Jacobson, LBL, available for anonymous ftp at ftp.ee.lbl.gov. The nevot/sd directory contains a replacement for the sd start_audio procedure, which you can insert into your ~/.sd.tcl startup file. Make sure that the directory containing the Nevot binary is in your path. Use at your own risk (i.e., don't blame VJ if it doesn't work...). DIFFICULTIES: ------------- If you experience difficulties, check the problems.tex file in the doc directory. BUG REPORTS: This is a beta release. Please send all bug reports and suggestions to the author at hgschulz at cs.umass.edu. New releases will be announced through the rem-conf mailing list (to join the list, send a request to rem-conf-request at es.net). I would appreciate if you could let me know how you are using the software. [A version for the Personal DECstation and DECstations with the DEC audio hardware is currently under development.] COPYRIGHT: All sources and documentation (except those listed in the acknowledgements or otherwise identified) are (c) Henning Schulzrinne 1992, University of Massachusetts and AT&T Bell Laboratories. Do not redistribute this software, or integrate with other software, without preserving the copyright notice. All changes have to be clearly marked. You may modify the code as long as you provide me with a copy. ACKNOWLEDGEMENTS: The DES encryption module was developed by Steve Kent and John Linn of BBN Communications Corporation, Cambridge, MA and provided by Karen Seo of BBN. The audio library incorporating G.721 and G.723 audio compression was provided by Daniel Steinberg of Sun Microsystems. It may at some point be integrated into the regular Sun OS. The Intel/DVI ADPCM codec was slightly modified from sources by Jack Kansen (CWI) and is copyrighted 1992 by Stichting Mathematisch Centrum, Amsterdam, The Netherlands (used by permission). The ST-II API and kernel support was developed by Charlie Lynn at BBN. The ST-II API (\C{st2_api.h}) is copyrighted (c) 1991 by BBN Systems and Technologies, a division of Bolt Beranek and Newman, Inc. and used by permission. The UDP multicast kernel support was written by Steve Deering, Xerox Parc. Charlie Lynn (BBN) was helpful with some of the fine points of the ST-II API. The Tcl interpreter was developed by John Osterhout, University of California at Berkeley. The sources are copyright University of California and used by permission. Advice on porting \nevot\ to the Silicon Graphics platform and numerous bug fixes were provided by Andrew Cherenson (SGI). Michael Halle (MIT) figured out how to get Xview applications to display fonts at the design sizes. The VU meter is based on discussions with Gints Klimanis (SGI). The audio mixing (mix.c) and checksum code (checksum.c) was taken from the ISI voice terminal (VT), copyright June 1991 by the University of Southern California, by permission. The silence detector and the ST-II code are modified versions of the respective parts of VT. The \vat\ session and audio protocol were implemented based on descriptions provided by Van Jacobsen. The I/O flags interpreter (flags.c) is a modified version of software contributed to Berkeley by Chris Torek. Copyright (c) 1990 by the Regents of the University of California; used by permission. From fergp at sytex.com Mon Aug 16 21:20:22 1993 From: fergp at sytex.com (Paul Ferguson) Date: Mon, 16 Aug 93 21:20:22 PDT Subject: PGP 2.3a Message-ID: Uh, just a quick and dirty request: I have a few net.friends who want a copy of this latest version. Where is a quick and reliable anon FTP site (no kidding).... I don't care to upgrade, but I certainly won'y stand in the way ... Paul Ferguson | "Government, even in its best state, Network Integrator | is but a necessary evil; in its worst Centreville, Virginia USA | state, an intolerable one." fergp at sytex.com | - Thomas Paine, Common Sense Type bits/keyID Date User ID pub 1024/1CC04D 1993/03/15 Paul Ferguson Key fingerprint = EE D2 93 7D 04 6D C6 05 AC 36 AD 9D 8E 4F 41 58 From chaos at aql.gatech.edu Mon Aug 16 22:05:08 1993 From: chaos at aql.gatech.edu (Paul Goggin) Date: Mon, 16 Aug 93 22:05:08 PDT Subject: PGP 2.3a In-Reply-To: Message-ID: <9308170501.AA06723@toad.com> -----BEGIN PGP SIGNED MESSAGE----- Paul Ferguson said: >I have a few net.friends who want a copy of this latest version. Where is >a quick and reliable anon FTP site (no kidding).... >I don't care to upgrade, but I certainly won'y stand in the way ... Why not soda.berkley.edu or aql.gatech.edu? Paul - -- R O All Comments Copyright by | Technofetisht A N Paul S. Goggin (1993) | Cypher, Cyber, Chaos V Information Broker | Ergoflux, Interzone E chaos at aql.gatech.edu | Carpe Diem: Stop the Clipper wiretap chip Finger account for latest _Phrack_ | Public Key: PGP and RIPEM available For anonymous communication:---> anonymus+4744 at charcoal.com - ------------------------------------------------------------------------------ Title 18 USC 2511 and 18 USC 2703 Protected -- Monitoring Absolutely Forbidden -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBLHBls8jh5TPwiWbBAQF83QP+Lk4jvHivlr4DPiHZxnlwGJ84AalMEZZl zzfBXuC1JoPZ0zqepFDzjK6dtJOznckSLg+1v4JfUdK4EPoj1GVmW3ym4r3bSVYs yJ0oqDLMmwLCzxu42Uq9pCYxw5WHE2oB6iERMzyHdIY4Mg/sgS1u6BL4731mhc41 F/ofjNZ1D/E= =6Wuk -----END PGP SIGNATURE----- From ld231782 at longs.lance.colostate.edu Mon Aug 16 22:30:08 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Mon, 16 Aug 93 22:30:08 PDT Subject: FBI Credit Search bill update (CPSR) Message-ID: <9308170509.AA18329@longs.lance.colostate.edu> >From the CPSR newsletter v.6 #6 Aug 12, 93 ===cut=here=== [a 2] FBI Seeks Power for Credit Search Without Warrant In early July, the Senate Intelligence Committee approved a provision that allows for FBI access to credit reports using only a letter instead of a judicial warrant in cases that they say involved national security. There is concern that this will be subject to abuse and that the necessity has not been proven. A national security letter gives the FBI the authority to obtain records without judicial approval and without providing notice to the individual that his or her records have been obtained by the Bureau. Similar FBI proposals were rejected in previous years after Congressional leaders expressed concern over the civil liberties issues raised. Although the current draft proposal is more comprehensive than those circulated in previous years, the changes and additions do not alter significantly the central character of the proposal. The Administration's 1993 proposal includes explicit limits to dissemination of obtained information within the government, penalties for violations including punitive damages, and reporting requirements. These provisions are positive changes from the legislation put forward in previous years, but they do not save the proposal from its intrinsic flaws. From hfinney at shell.portal.com Mon Aug 16 23:20:09 1993 From: hfinney at shell.portal.com (hfinney at shell.portal.com) Date: Mon, 16 Aug 93 23:20:09 PDT Subject: CRYPTO'93, anyone here going? In-Reply-To: <199308100848.AA13015@xtropia> Message-ID: <9308170525.AA22560@jobe.shell.portal.com> I happen to live in Santa Barbara, and although I am not signed up for the conference (too busy at work) I am hoping to drop by and crash a session or two. Hopefully I'll be able to meet some other list members while they are there. Hal Finney hfinney at shell.portal.com From hfinney at shell.portal.com Mon Aug 16 23:20:25 1993 From: hfinney at shell.portal.com (hfinney at shell.portal.com) Date: Mon, 16 Aug 93 23:20:25 PDT Subject: PROTOCOL: Encrypted Open Books Message-ID: <9308170525.AA22568@jobe.shell.portal.com> Eric had some good ideas in his protocol for verifying anonymous bank deposits. One thing wasn't clear to me: what if the bank creates a fake account? It would seem that the bank could explain away a sudden decrease in its asset reserves (money that the bank officers actually spent on mistresses and drugs) by creating a fake anonymous account which made a large with- drawal. The books would still balance. It wasn't clear to me in Eric's protocol whether it would be expected that the identity of accounts which made such withdrawals would be revealed. Doing so would seem to go against the purpose of the digital bank. But without that ability it would seem that fake accounts could cover up any amount of mismanagement. Hal From XXCLARK at indst.indstate.edu Mon Aug 16 23:25:09 1993 From: XXCLARK at indst.indstate.edu (XXCLARK at indst.indstate.edu) Date: Mon, 16 Aug 93 23:25:09 PDT Subject: Smaller PGP source archives Message-ID: <9308170623.AA09127@toad.com> Anyone know of an ftp site with the latest PGP source in two smaller files, rather than one large one? No Unix account and insufficient disk space on this end at the moment. Any help appreciated. From s.summers1 at genie.geis.com Tue Aug 17 01:00:09 1993 From: s.summers1 at genie.geis.com (s.summers1 at genie.geis.com) Date: Tue, 17 Aug 93 01:00:09 PDT Subject: encrypting virus (KOH) Message-ID: <9308170755.AA19760@relay2.geis.com> >> Now, if a smart compressor/encryptor wrote itself along with the files >> it was treating, and then wrote a nice README file which explained that >> files on the floppy were compressed/encrypted, would be automatically >> decompressed/decrypted, and that the treatment could, if you wished, be >> performed on your hard drives and/or other floppies by making a backup >> and then executing the following command, that would be perfectly fine. >3) the program does not do this, much like Stacker does not create >README files which explain that your disks are now compressed. This As a matter of fact, when you Stac a floppy, a README file *IS* generated, and the stacker.com tsr kindly gives you the 1-800 number you can call to order stacker if you received the disk from someone and do not have stacker now, but would like to have such a nifty utility on your hard drive... Sean From amb at cs.columbia.edu Tue Aug 17 01:00:25 1993 From: amb at cs.columbia.edu (andrew m. boardman) Date: Tue, 17 Aug 93 01:00:25 PDT Subject: [brown@psi.com: PSI, MORNING STAR TEAM UP TO PROVIDE SECURE INTERNET CONNECTIONS] Message-ID: <199308170759.AA11814@shiva.cs.columbia.edu> Haven't seen news of this here. Apologies if my mail is lagged. FYI. Return-Path: Date: Mon, 16 Aug 93 16:02:09 EDT From: brown at psi.com (Kimberly Brown) Subject: PSI, MORNING STAR TEAM UP TO PROVIDE SECURE INTERNET CONNECTIONS FOR IMMEDIATE RELEASE PSI, MORNING STAR TEAM UP TO PROVIDE SECURE INTERNET CONNECTIONS HERNDON, VA., August 16, 1993 -- Performance Systems International, Inc. (PSI), the largest provider of corporate Internet access, today announced a service using an encryption technique that promises unparalleled security for data transmissions at an affordable cost. Combining forces with Morning Star Technologies of Columbus, Ohio, and its brand new Morning Star Express Router which includes MST's unique DES encryption facility, PSI has developed a service called SecureStream. Utilizing an Express Router at both ends of a data link, the service will encrypt data from transmission to receipt. It can be de-encrypted only by a special key possessed by the SecureStream user. PSI will offer SecureStream as an option to users of its InterFrame Standard internetwork service, the company's premier product for Frame Relay access to the Internet. The cost will be $400 per month, according to Martin Schoffstall, PSI's vice president and chief technical officer. "This price is a fraction of the cost of competing Internet service providers," said Kimberly Brown, manager of marketing communications for PSI. "By offering high-level encryption at reasonable cost, we feel SecureStream will provide medium-sized companies security in their Internet transmissions that was previously beyond their reach," Schoffstall said. He added that the product will be demonstrated at next week's INTEROP West in San Francisco. "We are pleased to offer our Express Router in conjunction with PSI's SecureStream service," said K. James Laskey, Morning Star's director of sales. "The Express Router is a high-performance, cost-effective solution for the most demanding TCP/IP networking applications. Providing encryption in the router meets the need of many Internet users to protect sensitive transmissions from interception." As a reseller, PSI offers the Express Router for $1,995, the company said. Laskey and Schoffstall noted that the Express Router is based on Morning Star's PPP (Point-to-Point Protocol) software, designed as a replacement for the Serial Line IP (SLIP) protocol. It has been adopted as an Internet standard, correcting many of the deficiencies in SLIP, including address negotiation, link level error correction and synchronous support for high speed communications. In addition, it supports Frame Relay and the Internet standard RFC-1294. PSI offers a variety of services and products to provide corporate and individual computer users with access to the Internet. In addition to leased-line services, it offers a number of dial-up services and a wireless e-mail service over the RAM Mobile Data network. # # # # All brands, products and service names mentioned are trademarks or registered service marks of their respective owners. __________________ For further information, contact Kimberly Brown at PSI at 703.904.7187 (phone), 703.904.7195 (fax) or info at psi.com (e-mail); K. James Laskey at Morning Star Technologies at 614.451.1883 (phone), 614.459.5054 (fax) or sales at morningstar.com (e-mail); or Michael Vernetti at Kaufman Public Relations at 202.333.0700 (phone), 202.337.0449 (fax) or vernetti at psilink.com (e-mail). From julf at penet.FI Tue Aug 17 01:20:09 1993 From: julf at penet.FI (Johan Helsingius) Date: Tue, 17 Aug 93 01:20:09 PDT Subject: ANON: alt.sexual.abuse.recovery Message-ID: <9308171047.ab22248@penet.penet.FI> Here is a snippet of conversation you might find interesting.... Julf Subject: passing through encryption To: postmaster at charcoal.com, postmaster at penet.fi Date: Thu, 5 Aug 93 5:27:23 EDT >From: "T. William Wells" X-Mailer: ELM [version 2.3 PL11] Message-Id: <9308050527.AA12334 at twwells.com> I just posted the following article. You may wish to consider the subject and post your own conclusions. If you post to asar, please set followups to asard so that the discussion doesn't bother the other folks on asar. Newsgroups: alt.sexual.abuse.recovery >From: anon-admin at twwells.com Subject: encryption through twwells.com Date: Thu, 5 Aug 1993 09:12:12 GMT Message-ID: Sender: bill at twwells.com (T. William Wells) Followup-To: alt.sexual.abuse.recovery.d Organization: None, Mt. Laurel, NJ I know this will make some people unhappy but I will not allow the passing of encrypted data through the twwells anonymous server. Responsible running of an APS requires the ability to audit what passes through and encryption defeats that. Some time in the future, I may consider how one may use encryption with my server; such a system will retain the possibility of decryption at the server. Followups have been directed to asar.d. -------------------------------------------------- Subject: Re: passing through encryption In-Reply-To: Your message of Thu, 5 Aug 93 5:27:23 EDT To: "T. William Wells" Date: Mon, 09 Aug 93 11:49:21 +0300 >From: Johan Helsingius > I just posted the following article. You may wish to consider the > subject and post your own conclusions. If you post to asar, please > set followups to asard so that the discussion doesn't bother the > other folks on asar. > > Newsgroups: alt.sexual.abuse.recovery > From: anon-admin at twwells.com > Subject: encryption through twwells.com > Organization: None, Mt. Laurel, NJ > > I know this will make some people unhappy but I will not allow the > passing of encrypted data through the twwells anonymous server. > Responsible running of an APS requires the ability to audit what > passes through and encryption defeats that. I have to say I disagree strongly with your position. Responsible running of an anonymous service requires that the administrator *DOES* *NOT* audit what passes through. I feel that any anonymous service operator has no business looking at the contents of other people's messages, and any attempt at doing so is a gross violation of the trust of his/her users. Your statement seems to indicate that you find it morally acceptable to monitor the messages your users send using your server. How would you feel if US Mail would get into the habit of peeking at the letters you send "to ensure responsible running of the US Mail System"? Please respond by e-mail, as I don't read a.s.a.r. Julf (admin at anon.penet.fi) -------------------------------------------------- To: Johan Helsingius Date: Mon, 9 Aug 93 16:27:08 EDT >From: "T. William Wells" In-Reply-To: <9308091125.aa28990 at penet.penet.FI>; from "Johan Helsingius" at Aug 9, 93 11:49 am X-Mailer: ELM [version 2.3 PL11] Message-Id: <9308091627.AA28573 at twwells.com> Johan Helsingius writes: : I have to say I disagree strongly with your position. Responsible : running of an anonymous service requires that the administrator *DOES* : *NOT* audit what passes through. I replied publicly (to reassure the people on asar); here's the substance of my reply: I want to address a possible misconception here. I do not read what goes through the server on any regular basis. I do so only when and to the extent my responsibilities to the service and its users require it. I believe that I, being the main server for and being a member of the asar community, have an obligation to try to prevent the use of the server as an aid in perping. It is my opinion that the simple fact that I *can* read whatever goes through the service, even if I never do, is the strongest defense we have against someone using the cloak of anonymity to further their perping. One thing I want to avoid here is a discussion of whether these views of mine are correct or not. The first is a moral judgement and so is completely outside the bounds of discussion in this forum. The second is a subjective judgement and is based on my observation that abuse thrives on secrecy; it, too, isn't likely up for discussion since I doubt anyone can offer more than opinion. : How would you : feel if US Mail would get into the habit of peeking at the letters you : send "to ensure responsible running of the US Mail System"? Well, analogies are always slippery, but let me change the analogy a little to illustrate. Let's speak of UPS (or whatever your parcel post is called). How would if feel if UPS would open my parcels? That depends. If they did it for gratuitous reasons, I'd pick another postal service. If, on the other hand, I was worried about terrorists posting bombs, I would thank them. ASAR is a different place than most on the net and there are a lot of people worried about bombs in their parcels. As far as I'm concerned, it's a matter of choice. Some people will worry and so be thankful that I have the policies I do; others will be upset and use the other services. -------------------------------------------------- To: alt.sexual.abuse.recovery,alt.sexual.abuse.recovery.d Subject: "T. William Wells": Re: passing through encryption Date: Tue, 10 Aug 93 20:37:30 +0300 >From: Johan Helsingius "T. William Wells" writes: > Johan Helsingius writes: > : I have to say I disagree strongly with your position. Responsible > : running of an anonymous service requires that the administrator *DOES* > : *NOT* audit what passes through. > > I replied publicly (to reassure the people on asar); here's the > substance of my reply: > > I want to address a possible misconception here. I do not > read what goes through the server on any regular basis. I > do so only when and to the extent my responsibilities to > the service and its users require it. And you decide when that is, right? > I believe that I, being the main server for and being a > member of the asar community, have an obligation to try to > prevent the use of the server as an aid in perping. And *you*, in your infinite wisdom, will know what is perping and what is not? And who to watch and who not to? > One thing I want to avoid here is a discussion of whether > these views of mine are correct or not. The first is a > moral judgement and so is completely outside the bounds of > discussion in this forum. Why? Why should such a discussion be avoided at all costs? Why is moral judgement outside the bounds of discussion? > The second is a subjective > judgement and is based on my observation that abuse > thrives on secrecy; it, too, isn't likely up for > discussion since I doubt anyone can offer more than > opinion. I would not use the word "secrecy". I would use the word "privacy". That's why users use your service! But you are saying they *don't* have a right to privacy! > : How would you > : feel if US Mail would get into the habit of peeking at the letters you > : send "to ensure responsible running of the US Mail System"? > > Well, analogies are always slippery, but let me change the analogy > a little to illustrate. Let's speak of UPS (or whatever your > parcel post is called). How would if feel if UPS would open my > parcels? That depends. If they did it for gratuitous reasons, I'd > pick another postal service. If, on the other hand, I was worried > about terrorists posting bombs, I would thank them. If I'm worried about bombs, I might ask UPS or somebody else to check my parcels. But I don't want them to rummage through all my parcels on the pretense of looking for bombs, especially without asking me first. > ASAR is a different place than most on the net and there are a lot > of people worried about bombs in their parcels. As far as I'm > concerned, it's a matter of choice. Some people will worry and so > be thankful that I have the policies I do; others will be upset > and use the other services. True. Some people might actually want you to pre-check their messages. Others might want to use other servers. Fair enough, as long as you *tell* your users that's what happening! Julf (admin at anon.penet.fi) From anton at hydra.unm.edu Tue Aug 17 03:20:11 1993 From: anton at hydra.unm.edu (Stanton McCandlish) Date: Tue, 17 Aug 93 03:20:11 PDT Subject: DigiCoupons & DigiCash Message-ID: <9308171016.AA21841@hydra.unm.edu> * Digital coupons: S&H greenstamps for online services (netcom/Well/Compuserve net connection services, AMIX, NEXIS/LEXIS, Dow Jones, commercial MUDs, metered e-mail, anon services, network and computing resources, reputation ratings, etc.) Greenstamps are like frequent-flyer miles, you accumulate them with heavy patronage of some service. But greenstamps can be used to purchase a wide variety of services, not just more of the same service. Service providers and coupon vendor(s) work out arrangements for awarding and honoring greenstamps. Implemented with Chaum-style protocol to prevent forgery and assure privacy. * Digital cash: accumulating credits/debits for use of on-line services (including travel services, concert tickets, etc. purchased on-line), eventually paid for by some "real" currency: FRNs, yen, etc. Implemented with Chaum-style protocol to prevent forgery and assure privacy. * On-line markets: Internet video poker, election outcome markets, satellite track betting, etc. Investments[1] can be made & paid out by greenstamps, natch. On-line advertising. Count me in. You code-grinders come up with some way to do this stuff, and I'll be happy to implement what of it I can on NitV-BBS. Coupons [the term greenstamps is probably trademarked] could work: those of you that wish to make use of the BBS could upload (as a file or directly into the message base) these coupons and get time/download credit on the board for them, provided I have some way to spend them for something useful to me. Eventually if I can get IndraNetters into the idea, this could expand into a user-to-user thing too, perhaps even in online door games (for those not hip to BBS jargon, doors are programs run from the BBS, such as games, doors, credit-card ordering applications for commercial stuff, etc etc.) I can picture a high-stakes version of Barren Realms Elite, where the "credits" in the game are real DigiCoupons that can be spent on other boards, or at various Internetted sites, etc etc. I don't actually see much use in separating DigiCash and DigiCoupons. They both would appear to me to be almost identical in form and funtion. Whoever works on this sort of thing will hopefully work with Chaum to ensure that our DigiCash is "compatible" as it were. No sense getting such a system going only to have it eclipsed later, and all our DigiCash become worthless. * Securely private BBS's I'll pass on that one for now, my board's multi-user, open, and networked; going the crypto route would reduce my user base to about 3 people, including me! Anyway, those of you not aware of it, NitV-BBS is still stocking a certain fave crypto program of ours, legal threats be damned. I'd also encrouge any of you running BBSs or participating in them to contact mine and get in on IndraNet. Just due to a few Extropians and Cypherpunks doing this, the net has grown quite a bit, and is taking on a decidedly libertarian flavour, with many spirited debates. Sadly the CRYPTO conference is very slow, so we need more participants. More info on the net: IndraNet was founded by me, and oddly enough, a staunch republican that enjoyed arguing with me. I guess we just wanted our own entire net to argue in. He dropped out of it due to some personal things to deal with, leaving a net of one. SO, I promoted it, and within just a few month it was not only national but international, now with nodes in 4 countries and about 6 or so states. There are over 30 conferences [UseNetters will chuckle, but for a BBS-based OtherNet this is not bad; most BBSs don't have more than 30 conferences total, many much less; there's just not enough traffic on most boards to support that much chatter.] Possibly uniquely among BBS networks, there are: NO POLICY DOCS (rules) NO MODERATORS or COORDINATORS (dictators) NO CENSORSHIP It's a working, growing anarchy. There have been some problems, namely nodes that are "family" BBSs getting upset at the occasional swearing, but oh well, not much to be done for it. But all in all it appears to be working. Currently we support QWK and Fido-tech mail formats, though those who are also using some other format, such as MegaMail, PostLink, or PCRelay are encouraged to make IndraNet available via those formats as well. Some time in the not-too-distant-future, I hope to get NitV hooked up to Internet/UseNet via UUCP, and make IndraNet conferences available as Internet mailing lists and "virtual local newgroups" (i.e. set up just like local groups, but actually available to any node intending to participate, but certainly not as a public alt.whatever series of newsgroups; you know what I mean.) To get into this, and to get more info, contact me by any means suggested in the .sig below. PS NOTE: I am not currently receiving the list, just for the time being until I reconfigure elm to sort it into a separate folder, so any replies should go directly to me by some means or other. I'll be back on the list soon enough I guess. -- Stanton McCandlish * Space Migration * Networking * ChaOrder * NO GOV'T. * anton at hydra.unm.edu * Intelligence Increase * Nano * Crypto * NO RELIGION * FidoNet: 1:301/2 * Life Extension * Ethics * VR * Now! * NO MORE LIES! * Noise in the Void BBS * +1-505-246-8515 (24hr, 1200-14400, v32bis, N-8-1) * From gtoal at an-teallach.com Tue Aug 17 06:05:18 1993 From: gtoal at an-teallach.com (Graham Toal) Date: Tue, 17 Aug 93 06:05:18 PDT Subject: Beepers can also be used to track you down! Message-ID: <5558@an-teallach.com> In article <9308131915.AA12203 at nebula.lrcs.loral.com> koontzd at lrcs.loral.com writes: > As far as local detection, I understand that in Britain vans go around > with sniffing gear looking for IF freqs to find unlicensed TVs. Errr... yes, and they have about 4 vans for the whole country - the rest are dummies, accompanied by high-profile advertising campaigns to scare people into paying for a licence before they're caught. G (Not folklore; fact - and I saw one of the real vans at the BBC Research Centre at Kingswood Warren when I worked there on a contract once. *Very* expensive equipment.) === Personal mail to gtoal at gtoal.com (I read it in the evenings) Business mail to gtoal at an-teallach.com (Be careful with the spelling!) Faxes to An Teallach Limited: +44 31 662 4678 Voice: +44 31 668 1550 x212 From elee9sf at Menudo.UH.EDU Tue Aug 17 07:00:18 1993 From: elee9sf at Menudo.UH.EDU (elee9sf at Menudo.UH.EDU) Date: Tue, 17 Aug 93 07:00:18 PDT Subject: encrypting virus (KOH) In-Reply-To: <9308170755.AA19760@relay2.geis.com> Message-ID: <199308171359.AA04711@Menudo.UH.EDU> > As a matter of fact, when you Stac a floppy, a README file *IS* > generated, and the stacker.com tsr kindly gives you the 1-800 number you can > call to order stacker if you received the disk from someone and do not have > stacker now, but would like to have such a nifty utility on your hard > drive... > Well maybe things were updated since I bought my copy of Stacker 2.0. A stacker.log file is created, but it only logs errors during the screate process. No mention of compression is made. If everything went well, the log file contains no information, except headers and empty lists. But then I never stack floppies because I want to be able to use them wherever I go, something Stacker 2.0 can't do, but Stacker 3.0 does. I wonder if the author of KOH made this same decision: to insert decrypting code on the floppy so you aren't tied to using one computer, or to not "invade" a floppy so you are stuck using one computer. /-----------------------------------\ | Karl L. Barrus | | elee9sf at menudo.uh.edu | <- preferred address | barrus at tree.egr.uh.edu (NeXTMail) | \-----------------------------------/ From pat at tstc.edu Tue Aug 17 07:30:18 1993 From: pat at tstc.edu (Patrick E. Hykkonen) Date: Tue, 17 Aug 93 07:30:18 PDT Subject: Tax Evasion and SASE. Message-ID: <9308171425.AA05425@tstc.edu> > The example given (someone soliciting an act of questionable legality) > is a perfect application for the SASE remailer that I've been > developing. I presented it at a phys-meeting a few months back, and > have been working on coding it sporadically since then. I was thinking about this just yesterday... > The idea is that you have an address block that encodes the > information on how to get a message to you. This is like a self > addressed envelope. The envelope can specify multiple hops through > remailers, but is encrypted in layers so only the next hop is revealed > at each remailer. However, rather than rewrite an entire mailer system from scratch, might I propose that we ad an extra command to the cypherpunks remailers that would allow a person to tell the remailer NOT to throw away the the header information. This would allow a person to create an encrypted block to put at the top of their message telling the remailer to pass all header information through to the recipient. Example: :: Remailer-Command: Header-Intact :: Request-Remailing-To: pat at tstc.edu The user encrypts this whole block and tells the remote user to put this at the header of thier reply message. Example: == place at the top of your message text and remove this line == :: Encrypted: PGP -----BEGIN PGP MESSAGE----- Version: 2.2 hEwCKlkQ745WINUBAf0f5D1bOXX333w08UAU5jVP5WeDblGnlD7Cwx9Q0fxwZcG6 sm+8f1S4zU8AIn0j6Dfmt8i7+BOcdFfjXmscU+oXpgAAAFse+dms+6BMBntqJh56 q4DBpHq6aMTJH1AT0nolOOnAOTxtPmSpolkKFYyXVbwKk0W8q9PpmX0PDBeodoGY hi2BtkXRMTW9bzbzRLE6Q0YoOsWVOxLKx8FM2M/T =ciKz -----END PGP MESSAGE----- == place message text below this line and remove this line == In effect, a self-addressed envelope. Half of the functionality is available in the remailers currently. -- "I'm not being irrational, I just know to much." - Tim Allen -- Pat Hykkonen, N5NPL Texas State Technical College at Waco Internet: {pat,postmaster,root}@tstc.edu Instructional Network Services Packet: N5NPL at WD5KAL.#CENTX.TX.USA.NA 3801 Campus Dr. Waco, Tx 76705 Public keys available! ** 1984 + 10 ** V:(817) 867-4830 F:(817) 799-2843 From ssteele at eff.org Tue Aug 17 09:20:20 1993 From: ssteele at eff.org (ssteele at eff.org) Date: Tue, 17 Aug 93 09:20:20 PDT Subject: One BBScon presence question Message-ID: <199308171618.AA12776@eff.org> Hi 'punks! Steve writes: >lift. However, while we're on the subject, I'm wondering if any >arrangements have been made to distribute anti-Clipper material at >the con. I'd be happy to distribute flyers or what-have-you, but >they'd have to reach the show by other means; I'm not willing to >carry such seditious material across the US/Canada border. > > I hope that EFF will have a presence at the show* as they did last >year, and can sow some further seeds of discontent among the >non-Internet online world, many parts of which don't seem aware of >the Clipper debacle. Any comments from the EFF folks hereabouts? EFF will be well-represented at ONE BBSCon. Mike Godwin, Cliff Figallo, Sarah Simpson (our new membership coordinator) and I will be there speaking and coordinating an EFF booth, which will boast all sorts of documentation, floppies, and, yes, you asked for it, t-shirts (new design)! We will certainly have some Clipper stuff. >* I had a great time arguing with Shari Steele and accusing her of >"dancing with the Devil" w/ reference to backing then-Senator Gore's >Data Superhighway proposal. Very libertarially-incorrect position to >take, Shari. :-) Yeah, yeah, I know. It was really strange for me to be looked at as supporting the government over individuals! Maybe we can continue the debate this year. See you in a week! :) Shari ****************************************************************************** Shari Steele Director of Legal Services Electronic Frontier Foundation 1001 G Street, NW Suite 950 East Washington, DC 20001 202/347-5400 (voice), 202/393-5509 (fax) ssteele at eff.org From karn at qualcomm.com Tue Aug 17 09:30:20 1993 From: karn at qualcomm.com (Phil Karn) Date: Tue, 17 Aug 93 09:30:20 PDT Subject: ANON: alt.sexual.abuse.recovery In-Reply-To: <9308171047.ab22248@penet.penet.FI> Message-ID: <9308171628.AA20551@servo> One question is how he will enforce his ban on encryption if he only rarely reads the messages passing through. He could probably write a shell script that looks for PGP headers, but these could be stripped off. He could probably look for ascii-encoded files with a flat character distribution, but these could be uuencoded or binhexed. Perhaps it's time to integrate one of the steganographic techniques into the remailers as a configuration option. By inflating the size of the messages it hides, that will increase the load through the machines that don't like encrypted messages, but that's life. Phil From warlord at MIT.EDU Tue Aug 17 09:40:20 1993 From: warlord at MIT.EDU (Derek Atkins) Date: Tue, 17 Aug 93 09:40:20 PDT Subject: [ari@ISI.EDU: New paper on electronic currency] Message-ID: <9308171636.AA13653@toxicwaste.MEDIA.MIT.EDU> I thought people would be interested in this.... Hope not too many copies get forwarded here.. ;-) -derek ------- Forwarded Message Date: Tue, 17 Aug 93 09:21:20 PDT From: ari at ISI.EDU Posted-Date: Tue, 17 Aug 93 09:21:20 PDT To: ietf-aac at ISI.EDU, imp-interest at thumper.bellcore.com, kerberos at MIT.EDU Subject: New paper on electronic currency A new paper on electronic currency to appear in the 1st ACM Conference on Computer and Communications Security, Nov. 93 is now available via anonymous FTP from PROSPERO.ISI.EDU as /pub/papers/security/netcash-cccs93.ps.Z NetCash: A design for practical electronic currency on the Internet Gennady Medvinsky and Clifford Neuman NetCash is a framework that supports realtime electronic payments with provision of anonymity over an unsecure network. It is designed to enable new types of services on the Internet which have not been practical to date because of the absence of a secure, scalable, potentially anonymous payment method. NetCash strikes a balance between unconditionally anonymous electronic currency, and signed instruments analogous to checks that are more scalable but identify the principals in a transaction. It does this by providing the framework within which proposed electronic currency protocols can be integrated with the scalable, but non-anonymous, electronic banking infrastructure that has been proposed for routine transactions. ------- End of Forwarded Message From frissell at panix.com Tue Aug 17 09:50:20 1993 From: frissell at panix.com (Duncan Frissell) Date: Tue, 17 Aug 93 09:50:20 PDT Subject: National ID Cards!? Message-ID: <199308171649.AA26609@panix.com> The "Fear of Foreigners" and the "Health Care Crisis" have come together nicely to make a new (forge-resistant *not* forge-proof) national identity card much more likely. This will, BTW, be the first major piece of ID introduced since the new individualist movements came into existence from 1960 to the present. It will be interesting to see what the reaction of those movements will be to this major attack. I will be posting a lot on this subject over the next few months. My first thought was to form a non-profit 501c3 corporation to raise funds to pay for the reverse engineering of the beast (if it turns out to be a smart card). Since its design and algorithims will be a public document that we paid for, and no national security issues are involved, it can arguably be reverse engineered legally. It could be legally done in other countries in any case. In fact, of course, it will be simple for any individual who cares to to resist the thing. Some approaches (Health): 1) "I'm an anarchist and I don't believe in such things. Send me a bill." 2) "I'm a foreign tourist. Send me a bill." 3) "I'm an illegal alien. Send me a bill." -- Not recommended for real illegal aliens. 4) "Here is my Health Security Smart Card, I puddled it with a welding torch. You're welcome to have it." 5) When they send you a bill (above) don't pay it say this: "You have established that the separation of the provision of medical services and the payment for those services is a moral imperative. I am taking you at your word by maintaining a *rigid* separation between the provision of services and payment for them." 6) Or: "You have used deadly force to maintain an oligopoly on the provision of medical services through licensing and immigration restrictions. You have prohibited me from purchasing such services on an open competitive market, therefore, I don't owe you a dime." Some approaches (employment): 1) Open a contract services firm (temp agency) that places illegal aliens with other companies and acts as a cutout for the enhanced worker's ID requirements. 2) Open any kind of a business. No ID requirements for self employment. 3) Convert your job to a virtual one and move overseas. 61% of US expats don't even file US tax returns though almost all are required to do so. Much more to come. Duncan Frissell - Have that Privacy Ckeckup in advance of need. No ID required. ************************************************************************* ATMs, Contracting Out, Digital Switching, Downsizing, EDI, Fax, Fedex, Home Workers, Internet, Just In Time, Leasing, Quants, Securitization, Temps - Not as sexy as Tim May's signature line but just as important. --- WinQwk 2.0b#0 From nobody at cicada.berkeley.edu Tue Aug 17 10:35:22 1993 From: nobody at cicada.berkeley.edu (nobody at cicada.berkeley.edu) Date: Tue, 17 Aug 93 10:35:22 PDT Subject: "Clinton Considering National ID Card" Message-ID: <9308171729.AA16581@cicada.berkeley.edu> A forward from libernet - >From: ddeming at geohub.gcn.uoknor.edu (David Deming) >To: libernet at dartmouth.edu > >Subject: "Clinton Considering National ID Card" > >Following appeared in Saturday, August 14, front page >of Oklahoma City newspaper. > >Clinton scares the shit out of me. His administration >is turning out to a nightmare -- the secular version of >the AntiChrist. > >****************************************************** > >LOS ANGELES (Reuter) -- President Clinton said in an interview >published Friday that his administration is studying the >feasibility of creating a tamper-proof national identity card >aimed in part at preventing illegal immigrants from using >government benefit programs. > >Though civil liberties groups have strongly opposed similar >plans in the past, Clinton told the Los Angeles Times he now >believes the idea "ought to be examined". > >Clinton said he disagreed with a proposal presented earlier >this week by California Gov. Pete Wilson for constitutional >changes that would deny citzenship to the U.S.-born children >of illegal immigrants. He said he was also against Wilson's >recommendation that emergency medical treatment should be shut >off to undocumented residents. > >"None of us would tolerate just letting people die on the >streets if it came to that," Clinton was quoted as saying. > >In the midst of a growing anti-immigrant backlash nationwide, >Wilson on Monday called for sweeping reforms in federal laws >to help stem the flow of illegal immigrants into the United >States. > >Wilson's package also included a proposed tamper-proof >identity card. > >Civil libertarians and some conservatives have joined forces >over the years to block the development of such a card, argueing >that it would give the government too much control over >individuals. > >Clinton acknowledged that "a lot of immigration groups and >advocates have said that any kind of identification card like >that sort of smacks of Big Brotherism". > >But he said the idea should be studied and that it is under >discussion as part of the health care reform effort headed >by first lady Hillary Clinton. > >*************************************************************** > From ssteele at eff.org Tue Aug 17 11:35:22 1993 From: ssteele at eff.org (ssteele at eff.org) Date: Tue, 17 Aug 93 11:35:22 PDT Subject: One BBScon presence question Message-ID: <199308171834.AA13699@eff.org> Hi Carl. You ask: > what kind of T-shirts? Can we non-attendees get a crack at them? Absolutely. They're kinda hard to describe, since they're graphical, but I'll do my best. They're white. On the front, above where the pocket would be (if they had pockets) is the EFF logo. The back is divided into four large squares with the header "Famous Frontiers in History." In the first square is the picture of a cowboy on a horse looking at a sunset on the prairie with the label "The Western Frontier." The second square has a picture of John F. Kennedy at a podium with the label "The New Frontier." The third square has a picture of the U.S.S. Enterprise with the label "The Final Frontier." And finally, the fourth square has the EFF logo with the label "The Electronic Frontier." Shirts are $10 and are available in small (for little people and children) and extra large (for everyone else). Should I get a stash to John Gilmore for cypherpunk distribution? Shari From banisar at washofc.cpsr.org Tue Aug 17 12:30:22 1993 From: banisar at washofc.cpsr.org (Dave Banisar) Date: Tue, 17 Aug 93 12:30:22 PDT Subject: Call for Clipper Comments Message-ID: <00541.2828442468.4792@washofc.cpsr.org> Call for Clipper Comments The National Institute of Standards and Technology (NIST) has issued a request for public comments on its proposal to establish the "Skipjack" key-escrow system as a Federal Information Processing Standard (FIPS). The deadline for the submission of comments is September 28, 1993. The full text of the NIST notice follows. CPSR is urging all interested individuals and organizations to express their views on the proposal and to submit comments directly to NIST. Comments need not be lengthy or very detailed; all thoughtful statements addressing a particular concern will likely contribute to NIST's evaluation of the key-escrow proposal. The following points could be raised about the NIST proposal (additional materials on Clipper and the key escrow proposal may be found at the CPSR ftp site, cpsr.org): * The potential risks of the proposal have not been assessed and many questions about the implementation remain unanswered. The NIST notice states that the current proposal "does not include identification of key escrow agents who will hold the keys for the key escrow microcircuits or the procedures for access to the keys." The key escrow configuration may also create a dangerous vulnerability in a communications network. The risks of misuse of this feature should be weighed against any perceived benefit. * The classification of the Skipjack algorithm as a "national security" matter is inappropriate for technology that will be used primarily in civilian and commercial applications. Classification of technical information also limits the computing community's ability to evaluate fully the proposal and the general public's right to know about the activities of government. * The proposal was not developed in response to a public concern or a business request. It was put forward by the National Security Agency and the Federal Bureau of Investigation so that these two agencies could continue surveillance of electronic communications. It has not been established that is necessary for crime prevention. The number of arrests resulting from wiretaps has remained essentially unchanged since the federal wiretap law was enacted in 1968. * The NIST proposal states that the escrow agents will provide the key components to a government agency that "properly demonstrates legal authorization to conduct electronic surveillance of communications which are encrypted." The crucial term "legal authorization" has not been defined. The vagueness of the term "legal authorization" leaves open the possibility that court- issued warrants may not be required in some circumstances. This issue must be squarely addressed and clarified. * Adoption of the proposed key escrow standard may have an adverse impact upon the ability of U.S. manufacturers to market cryptographic products abroad. It is unlikely that non-U.S. users would purchase communication security products to which the U.S. government holds keys. Comments on the NIST proposal should be sent to: Director, Computer Systems Laboratory ATTN: Proposed FIPS for Escrowed Encryption Standard Technology Building, Room B-154 National Institute of Standards and Technology Gaithersburg, MD 20899 Submissions must be received by September 28, 1993. CPSR has asked NIST that provisions be made to allow for electronic submission of comments. Please also send copies of your comments on the key escrow proposal to CPSR for inclusion in the CPSR Internet Library, our ftp site. Copies should be sent to . ================================================================= FEDERAL REGISTER VOL. 58, No. 145 DEPARTMENT OF COMMERCE (DOC) National Institute of Standards and Technology (NIST) Docket No. 930659-3159 RIN 0693-AB19 A Proposed Federal Information Processing Standard for an Escrowed Encryption Standard (EES) 58 FR 40791 Friday, July 30, 1993 Notice; request for comments. SUMMARY: A Federal Information Processing Standard (FIPS) for an Escrowed Encryption Standard (EES) is being proposed. This proposed standard specifies use of a symmetric-key encryption/decryption algorithm and a key escrowing method which are to be implemented in electronic devices and used for protecting certain unclassified government communications when such protection is required. The algorithm and the key escrowing method are classified and are referenced, but not specified, in the standard. This proposed standard adopts encryption technology developed by the Federal government to provide strong protection for unclassified information and to enable the keys used in the encryption and decryption processes to be escrowed. This latter feature will assist law enforcement and other government agencies, under the proper legal authority, in the collection and decryption of electronically transmitted information. This proposed standard does not include identification of key escrow agents who will hold the keys for the key escrow microcircuits or the procedures for access to the keys. These issues will be addressed by the Department of Justice. The purpose of this notice is to solicit views from the public, manufacturers, and Federal, state, and local government users so that their needs can be considered prior to submission of this proposed standard to the Secretary of Commerce for review and approval. The proposed standard contains two sections: (1) An announcement section, which provides information concerning the applicability, implementation, and maintenance of the standard; and (2) a specifications section which deals with the technical aspects of the standard. Both sections are provided in this notice. DATES: Comments on this proposed standard must be received on or before September 28, 1993. ADDRESSES: Written comments concerning the proposed standard should be sent to: Director, Computer Systems Laboratory, ATTN: Proposed FIPS for Escrowed Encryption Standard, Technology Building, room B-154, National Institute of Standards and Technology, Gaithersburg, MD 20899. Written comments received in response to this notice will be made part of the public record and will be made available for inspection and copying in the Central Reference and Records Inspection Facility, room 6020, Herbert C. Hoover Building, 14th Street between Pennsylvania and Constitution Avenues, NW., Washington, DC 20230. FOR FURTHER INFORMATION CONTACT: Dr. Dennis Branstad, National Institute of Standards and Technology, Gaithersburg, MD 20899, telephone (301) 975-2913. SUPPLEMENTARY INFORMATION: This proposed FIPS implements the initiative announced by the White House Office of the Press Secretary on April 16, 1993. The President of the U.S. approved a Public Encryption Management directive, which among other actions, called for standards to facilitate the procurement and use of encryption devices fitted with key-escrow microcircuits in Federal communication systems that process sensitive, but unclassified information. Dated: July 26, 1993. Arati Prabhakar, Director.(NIST) ---------------------------------------------------- Federal Information Processing Standards Publication XX 1993 XX Announcing the Escrowed Encryption Standard (EES) Federal Information Processing Standards Publications (FIPS PUBS) are issued by the National Institute of Standards and Technology (NIST) after approval by the Secretary of Commerce pursuant to section 111(d) of the Federal Property and Administrative Services Act of 1949 as amended by the Computer Security Act of 1987, Public Law 100-235. Name of Standard: Escrowed Encryption Standard (EES). Category of Standard: Telecommunications Security. Explanation: This Standard specifies use of a symmetric-key encryption (and decryption) algorithm and a Law Enforcement Access Field (LEAF) creation method (one part of a key escrow system) which provide for decryption of encrypted telecommunications when interception of the telecommunications is lawfully authorized. Both the algorithm and the LEAF creation method are to be implemented in electronic devices (e.g., very large scale integration chips). The devices may be incorporated in security equipment used to encrypt (and decrypt) sensitive unclassified telecommunications data. Decryption of lawfully intercepted telecommunications may be achieved through the acquisition and use of the LEAF, the decryption algorithm and escrowed key components. To escrow something (e.g., a document, an encryption key) means that it is "delivered to a third person to be given to the grantee only upon the fulfillment of a condition" (Webster's Seventh New Collegiate Dictionary). A key escrow system is one that entrusts components of a key used to encrypt telecommunications to third persons, called key component escrow agents. In accordance with the common definition of "escrow", the key component escrow agents provide the key components to a "grantee" (i.e., a government agency) only upon fulfillment of the condition that the grantee properly demonstrates legal authorization to conduct electronic surveillance of communications which are encrypted using the specific device whose key component is requested. The key components obtained through this process are then used by the grantee to reconstruct the device unique key and obtain the session key (contained in the LEAF) which is used to decrypt the telecommunications that are encrypted with that device. The term, "escrow", for purposes of this standard, is restricted to the dictionary definition. The encryption/decryption algorithm has been approved for government applications requiring encryption of sensitive unclassified telecommunications of data as defined herein. The specific operations of the algorithm and the LEAF creation method are classified and hence are referenced, but not specified, in this standard. Data, for purposes of this standard, includes voice, facsimile and computer information communicated in a telephone system. Telephone system, for purposes of this standard, is limited to systems circuit-switched up to no more than 14.4 kbs or which use basic-rate ISDN, or to a similar grade wireless service. Data that is considered sensitive by a responsible authority should be encrypted if it is vulnerable to unauthorized disclosure during telecommunications. A risk analysis should be performed under the direction of a responsible authority to determine potential threats and risks. The costs of providing encryption using this standard as well as alternative methods and their respective costs should be projected. A responsible authority should then make a decision, based on the risk and cost analyses, whether or not to use encryption and then whether or not to use this standard. Approving Authority: Secretary of Commerce. Maintenance Agency: Department of Commerce, National Institute of Standards and Technology. Applicability: This standard is applicable to all Federal departments and agencies and their contractors under the conditions specified below. This standard may be used in designing and implementing security products and systems which Federal departments and agencies use or operate or which are operated for them under contract. These products may be used when replacing Type II and Type III (DES) encryption devices and products owned by the government and government contractors. This standard may be used when the following conditions apply: 1. An authorized official or manager responsible for data security or the security of a computer system decides that encryption is required and cost justified as per OMB Circular A- 130; and 2. The data is not classified according to the National Security Act of 1947, as amended, or the Atomic Energy Act of 1954, as amended. However, Federal departments or agencies which use encryption devices for protecting data that is classified according to either of these acts may use those devices also for protecting unclassified data in lieu of this standard. In addition, this standard may be adopted and used by non- Federal Government organizations. Such use is encouraged when it provides the desired security. Applications: Devices conforming to this standard may be used for protecting unclassified communications. Implementations: The encryption/decryption algorithm and the LEAF creation method shall be implemented in electronic devices (e.g., electronic chip packages) that can be physically protected against unauthorized entry, modification and reverse engineering. Implementations which are tested and validated by NIST will be considered as complying with this standard. An electronic device shall be incorporated into a cyptographic module in accordance with FIPS 140-1. NIST will test for conformance with FIPS 140-1. Cryptographic modules can then be integrated into security equipment for sale and use in an application. Information about devices that have been validated, procedures for testing equipment for conformance with NIST standards, and information about obtaining approval of security equipment are available from the Computer Systems Laboratory, NIST, Gaithersburg, MD 20899. Export Control: Implementations of this standard are subject to Federal Government export controls as specified in title 22, Code of Federal Regulations, parts 120 through 131 (International Traffic of Arms Regulations -ITAR). Exporters of encryption devices, equipment and technical data are advised to contact the U.S. Department of State, Office of Defense Trade Controls for more information. Patents: Implementations of this standard may be covered by U.S. and foreign patents. Implementation Schedule: This standard becomes effective thirty days following publication of this FIPS PUB. Specifications: Federal Information Processing Standard (FIPS XXX)(affixed). Cross Index: a. FIPS PUB 46-2, Data Encryption Standard. b. FIPS PUB 81, Modes of Operation of the DES c. FIPS PUB 140-1, Security Requirements for Cryptographic Modules. Glossary: The following terms are used as defined below for purposes of this standard: Data-Voice, facsimile and computer information communicated in a telephone system. Decryption-Conversion of ciphertext to plaintext through the use of a cryptographic algorithm. Device (cryptographic)-An electronic implementation of the encryption/decryption algorithm and the LEAF creation method as specified in this standard. Digital data-Data that have been converted to a binary representation. Encryption-Conversion of plaintext to ciphertext through the use of a cryptographic algorithm. Key components-The values from which a key can be derived (e.g., KU sub 1 + KU sub 2). Key escrow -A process involving transferring one or more components of a cryptographic key to one or more trusted key component escrow agents for storage and later use by government agencies to decrypt ciphertext if access to the plaintext is lawfully authorized. LEAF Creation Method 1-A part of a key escrow system that is implemented in a cryptographic device and creates a Law Enforcement Access Field. Type I cryptography-A cryptographic algorithm or device approved by the National Security Agency for protecting classified information. Type II cryptography-A cryptographic algorithm or device approved by the National Security Agency for protecting sensitive unclassified information in systems as specified in section 2315 of Title 10 United State Code, or section 3502(2) of Title 44, United States Code. Type III cryptography-A cryptographic algorithm or device approved as a Federal Information Processing Standard. Type III(E) cryptography-A Type III algorithm or device that is approved for export from the United States. Qualifications. The protection provided by a security product or system is dependent on several factors. The protection provided by this standard against key search attacks is greater than that provided by the DES (e.g., the cryptographic key is longer). However, provisions of this standard are intended to ensure that information encrypted through use of devices implementing this standard can be decrypted by a legally authorized entity. Where to Obtain Copies of the Standard: Copies of this publication are for sale by the National Technical Information Service, U.S. Department of Commerce, Springfield, VA 22161. When ordering, refer to Federal Information Processing Standards Publication XX (FIPS PUB XX), and identify the title. When microfiche is desired, this should be specified. Prices are published by NTIS in current catalogs and other issuances. Payment may be made by check, money order, deposit account or charged to a credit card accepted by NTIS. Specifications for the Escrowed Encryption Standard 1. Introduction This publication specifies Escrowed Encryption Standard (EES) functions and parameters. 2. General This standard specifies use of the SKIPJACK cryptographic algorithm and the LEAF Creation Method 1 (LCM-1) to be implemented in an approved electronic device (e.g., a very large scale integration electronic chip). The device is contained in a logical cryptographic module which is then integrated in a security product for encrypting and decrypting telecommunications. Approved implementations may be procured by authorized organizations for integration into security equipment. Devices must be tested and validated by NIST for conformance to this standard. Cryptographic modules must be tested and validated by NIST for conformance to FIPS 140-1. 3. Algorithm Specifications The specifications of the encryption/decryption algorithm (SKIPJACK) and the LEAF Creation Method 1 (LCM-1) are classified. The National Security Agency maintains these classified specifications and approves the manufacture of devices which implement the specifications. NIST tests for conformance of the devices implementing this standard in cryptographic modules to FIPS 140-1 and FIPS 81. 4. Functions and Parameters 4.1 Functions The following functions, at a minimum, shall be implemented: 1. Data Encryption: A session key (80 bits) shall be used to encrypt plaintext information in one or more of the following modes of operation as specified in FIPS 81: ECB, CBC, OFB (64) CFB (1, 8, 16, 32, 64). 2. Data Decryption: The session key (80 bits) used to encrypt the data shall be used to decrypt resulting ciphertext to obtain the data. 3. Key Escrow: The Family Key (KF) shall be used to create the Law Enforcement Access Field (LEAF) in accordance with the LEAF Creation Method 1 (LCM-1). The Session Key shall be encrypted with the Device Unique Key and transmitted as part of the LEAF. The security equipment shall ensure that the LEAF is transmitted in such a manner that the LEAF and ciphertext may be decrypted with legal authorization. No additional encryption or modification of the LEAF is permitted. 4.2 Parameters The following parameters shall be used in performing the prescribed functions: 1. Device Identifier (DID): The identifier unique to a particular device and used by the Key Escrow System. 2. Device Unique Key (KU): The cryptographic key unique to a particular device and used by the Key Escrow System. 3. Cryptographic Protocol Field (CPF): The field identifying the registered cryptographic protocol used by a particular application and used by the Key Escrow System (reserved for future specification and use). 4. Escrow Authenticator (EA): A binary pattern that is inserted in the LEAF to ensure that the LEAF is transmitted and received properly and has not been modified, deleted or replaced in an unauthorized manner. 5. Initialization Vector (IV): A mode and application dependent vector of bytes used to initialize, synchronize and verify the encryption, decryption and key escrow functions. 6. Family Key (KF): The cryptographic key stored in all devices designated as a family that is used to create the LEAF. 7. Session Key (KS): The cryptographic key used by a device to encrypt and decrypt data during a session. 8. Law Enforcement Access Field (LEAF): The field containing the encrypted session key and the device identifier and the escrow authenticator. 5. Implementation The Cryptographic Algorithm and the LEAF Creation Method shall be implemented in an electronic device (e.g., VLSI chip) which is highly resistant to reverse engineering (destructive or non- destructive) to obtain or modify the cryptographic algorithms, the DID, the KF, the KU, the EA, the CPF, the operational KS, or any other security or Key Escrow System relevant information. The device shall be able to be programmed/personalized (i.e., made unique) after mass production in such a manner that the DID, KU (or its components), KF (or its components) and EA fixed pattern can be entered once (and only once) and maintained without external electrical power. The LEAF and the IV shall be transmitted with the ciphertext. The specifics of the protocols used to create and transmit the LEAF, IV, and encrypted data shall be registered and a CPF assigned. The CPF shall then be transmitted in accordance with the registered specifications. The specific electric, physical and logical interface will vary with the implementation. Each approved, registered implementation shall have an unclassified electrical, physical and logical interface specification sufficient for an equipment manufacturer to understand the general requirements for using the device. Some of the requirements may be classified and therefore would not be specified in the unclassified interface specification. From klbarrus at owlnet.rice.edu Tue Aug 17 13:45:23 1993 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Tue, 17 Aug 93 13:45:23 PDT Subject: ANON: remailer list Message-ID: <9308172042.AA23682@arcadien.owlnet.rice.edu> Sorry about the delay getting this out but I was waiting for my new account. Script updates will be made soon... The only change is the shut down of phantom, unless it became a secondary remailer and I missed it. -----BEGIN PGP SIGNED MESSAGE----- Q1: What cypherpunk remailers exist? A1: 1: nowhere at bsu-cs.bsu.edu 2: hh at cicada.berkeley.edu 3: hh at pmantis.berkeley.edu 4: hh at soda.berkeley.edu 5: 00x at uclink.berkeley.edu 6: hal at alumni.caltech.edu 7: ebrandt at jarthur.claremont.edu 8: remailer at rebma.mn.org 9: elee7h5 at rosebud.ee.uh.edu 10: hfinney at shell.portal.com 11: remail at tamsun.tamu.edu 12: remail at tamaix.tamu.edu 13: remailer at utter.dis.org 14: remailer at entropy.linet.org 15: remail at extropia.wimsey.com NOTES: #1-#5 no encryption of remailing requests #6-#14 support encrypted remailing requests #15 special - header and message must be encrypted together #8,#13,#14,#15 introduce larger than average delay (not direct connect) #8,#13,#15 running on privately owned machines ====================================================================== Q2: What help is available? A2: Check out the pub/cypherpunks directory at soda.berkeley.edu (128.32.149.19). Instructions on how to use the remailers are in the remailer directory, along with some unix scripts and dos batch files. The public keys for the remailers which support encrypted remailing requests is also available in the same directory. Mail to me (klbarrus at owlnet.rice.edu) for further help and/or questions. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLHFCLYOA7OpLWtYzAQFjrAQAi7M8xbny9CCnsvVbBR8lVtjvARxbgBiJ qIqCCzYoIal2N1qTHB6SpItknLGWphayxpTLAe4QVZhF7MUndzvAZLGwur2FhMV8 ChWAPauleWUXbItaPtKZvbvGsDi4DEaf5OT643YVUc0xHNCD4kEe6trld7J5A03K otP4hRDmC0Y= =w4us -----END PGP SIGNATURE----- From banisar at washofc.cpsr.org Tue Aug 17 14:10:23 1993 From: banisar at washofc.cpsr.org (Dave Banisar) Date: Tue, 17 Aug 93 14:10:23 PDT Subject: FWD>Clinton and National ID Message-ID: <00541.2828451318.4840@washofc.cpsr.org> FWD>Clinton and National ID Copyright 1993 The Times Mirror Company Los Angeles Times August 15, 1993, Sunday, Home Edition SECTION: Business; Part D; Page 1; Column 2; Financial Desk LENGTH: 1025 words HEADLINE: JAMES FLANIGAN: BLAMING IMMIGRANTS WON'T SOLVE ECONOMIC WOES BYLINE: By JAMES FLANIGAN BODY: Immigration is a burning issue once again, with answers to perceived problems coming thick and fast from public officials -- notably the governor of California. But emotions outrun reason, and most people aren't even asking the right questions. Gov. Pete Wilson sent an open letter to President Clinton last week demanding that the federal government control U.S. borders because California is suffering the burden of illegal immigration. Wilson also proposed tamper-proof identity cards for immigrants, denial of health care, education and even citizenship to children of illegal immigrants, and that Mexican soldiers join the U.S. Border Patrol in forcing people back from the border at gunpoint. Much of what he said, unfortunately, was demagoguery -- changing laws on citizenship requires a Constitutional amendment, so lawyer Wilson's call was political rhetoric. But not everything Wilson said was grandstanding; on some matters, he had a point, although like almost everybody involved in the new debate on immigration, his complaints were misdirected. There are problems and social changes occurring in the U.S. economy, but immigrants, legal and illegal, are not the cause of them. Yet illegal immigration -- however great or small its actual numbers -- is a problem simply because it breaks the law. So we should solve our problems, not avoid them by making scapegoats of immigrants. To begin with, estimates vary incredibly about how big a "problem" illegal immigration is. The U.S. Immigration and Naturalization Service estimates that 300,000 people enter the country illegally each year, but don't remain here. Illegal aliens go back and forth between Mexico and the United States, says the INS. The Clinton White House recently estimated that 3 million people live here illegally, from many nations -- China, Mexico, Ireland, Nigeria, India -- and in many parts of the country. That's less than half the widespread estimates, used by immigration critics, that more than 6 million illegals live in America. h Legal immigration has risen in recent years thanks to a change in federal law, but at 1.5 million immigrants a year, the rate is only half that of the 1900-1910 historic peak. In California, however, immigration is at peak rates, which helps account for this state's anxious reactions. The charge is that immigrants cost more in social services than they contribute in economic benefit. But that's more an argument about taxation than immigration. A study by Los Angeles County found that immigrants pay billions annually to the federal and state governments but little to the county, which provides hospital care and social services. The county's point, and one reason for Wilson's outburst last week, is that the federal government should pay more. "The federal government gets a free ride," says Georges Vernez, an immigration expert at Rand Corp. the research firm. Which is true, but that's not the immigrants' fault. The fact is, immigration answers needs in American society. If you don't believe that, ask yourself why immigrants keep coming to a slow U.S. economy -- and particularly to recession-bound California. The answer is they come for work. Skilled people the world over have an open invitation. American hospitals are still recruiting nurses from the Philippines, England and Ireland; draftsmen are brought from Europe, software programmers from India. Unskilled people too find work. Consider the growing number of elder care facilities in the United States, particularly those for elderly people disabled by Alzheimer's and other afflictions. They are staffed heavily by recent immigrants who owe their unglamorous jobs to social changes in American life. "We do not live in extended families, three generations in one house, as people in poorer countries do," explains Professor Leo Chavez of UC Irvine. We may be close as families but geographically separate, and so there is a growing need for elder care facilities and staff to work in them. Couldn't low-skilled people from America's inner cities do such jobs? Sure they could, so why doesn't U.S. society train and educate people in its inner cities and make sure they get such jobs? The answer is America's inner-city problem is a complex one of social neglect. But making scapegoats of immigrants won't solve it. Make no mistake, "America should control its borders, because lawlessness is always a problem," says Julian Simon, of the University of Maryland, a leading authority on immigration. Trouble is, most suggestions for controlling the border are unacceptable. Guns won't do it -- can you imagine the public outcry the first time U.S. or Mexican troops shoot down defenseless migrants? We could try an identity card, but surely our laws would demand that everyone carry such a card. And a country that has a hard time imposing minimal gun control won't soon have a national ID card. One way to gain border control and economic benefit would be to set up a system of flexible legal immigration that could bring people in when needed for a variety of jobs. Immigration experts say this might be along the lines of the bracero program that brought agricultural laborers from Mexico from wartime 1942 to 1964. The bracero program had faults and was criticized as a cheap-labor scheme, but a new system would have the advantage of being legal and less exploitative. Another solution, for our southern border, would be to work through the North American Free Trade Agreement to improve Mexico's economy and ease at least the economic pressures driving Mexico's people north. The ultimate point, though, is we'll get nowhere blaming our problems on immigrants, who have always come to this country just because it offers more opportunity for individual development than any other nation on earth. "Only in America," President Clinton said last week as he nominated Army Gen. John M. Shalikashvili, who came from Poland as a child, to be chairman of the Joint Chiefs of Staff. Shalikashvili will succeed Colin Powell, the son of immigrants from Jamaica. Only in America -- still true, and hopefully always true. Copyright 1993 Reuters, Limited August 13, 1993, Friday, AM cycle LENGTH: 329 words HEADLINE: CLINTON REPORTED LOOKING AT NATIONAL ID CARD DATELINE: LOS ANGELES BODY: President Clinton said in an interview published Friday that his administration is studying the feasibility of creating a tamper-proof national identity card aimed in part at preventing illegal immigrants from using government benefit programs. Though civil liberties groups have strongly opposed similar plans in the past, Clinton told the Los Angeles Times he now believed the idea "ought to be examined." But Clinton said he disagreed with a proposal presented earlier this week by California Gov. Pete Wilson for constitutional changes that would deny citizenship to the U.S.-born children of illegal immigrants. He said he was also against Wilson's recommendation that emergency medical treatment should be shut off to undocumented residents. Such a policy, he suggested, would create more problems than it solves. "None of us would tolerate just letting people die on the streets if it came to that," Clinton was quoted as saying. In the midst of a growing anti-immigrant backlash nationwide, Wilson Monday called for sweeping reforms in federal laws to help stem the flow of illegal immigrants into the United States. But immigrant rights advocates accused him of trying to make Mexican immigrants a scapegoat for his own failure to solve the state's crushing economic problems. Wilson's package included a proposed tamper-proof identity card, and Clinton's disclosure was the first indication that it was under consideration. Civil libertarians and even some conservatives have joined forces over the years to block the development of such a card, arguing that it would give the government too much control over individuals. Clinton acknowledged that "a lot of immigration groups and advocates have said that any kind of identification card like that sort of smacks of Big Brotherism." But he said the idea should be studied and that it is under discussion as part of the health care reform effort being headed by First Lady Hillary Rodham Clinton. Copyright 1993 The Times Mirror Company Los Angeles Times August 13, 1993, Friday, Home Edition SECTION: Part A; Page 1; Column 5; National Desk LENGTH: 1013 words HEADLINE: CLINTON DIFFERS WITH WILSON IDEAS ON IMMIGRATION; POLICY: PRESIDENT SAYS HE 'SYMPATHIZES' WITH GOVERNOR BUT THAT HE FAVORS A 'DIFFERENT TACK.' HOWEVER, HE REVEALS THAT ADMINISTRATION IS LOOKING AT THE USE OF ID CARDS. BYLINE: By DAVID LAUTER and JOHN BRODER, TIMES STAFF WRITERS DATELINE: OAKLAND BODY: Making his first public comments on Gov. Pete Wilson's calls for fundamental changes in the nation's immigration policies, President Clinton said Thursday that he "sympathizes" with Wilson's concerns about the impact illegal immigration is having on California "but I believe we ought to take a different tack." The federal government must toughen its enforcement of immigration laws, Clinton said, adding that his Administration is examining the feasibility of creating a tamper-proof national identity card which would be aimed, in part, at preventing illegal immigrants from taking advantage of government benefit programs, something Wilson also has advocated. Civil liberties groups have strongly opposed similar plans in the past. Clinton said, however, that he now believes the idea "ought to be examined." But, he said, "I don't think we should change the Constitution," as Wilson has suggested, to deny citizenship for children born here to parents who are in the country illegally. In addition, Clinton said, he disagrees with Wilson's suggestions to shut off emergency medical treatment for illegal immigrants. Such a policy, he suggested, would create more problems than it solves. He noted, for example, that "it is probably very much in everyone else's interest" to provide medical care to treat people who have communicable diseases. Moreover, he added, "none of us would tolerate just letting people die on the street if it came to that." Clinton's statements, in an interview with The Times on Air Force One as he traveled here after meeting with Pope John Paul II in Denver, marked his most extensive public discussion so far of future policy options on immigration -- an issue that White House advisers say they believe could become one of the most politically difficult for his presidency. His mention of a tamper-proof identification card was the first suggestion of a potentially far-reaching policy change. Groups advocating greater control of illegal immigration long have argued that the flourishing market in phony documents allows widespread fraudulent access to welfare and other government benefit programs. But civil liberties groups, along with many conservatives, have joined forces over the years to block any action toward developing a tamper-proof identification card, arguing that it potentially would give the government far too much control over individuals and likening such cards to the internal passports once required in the former Soviet Union. Clinton acknowledged those arguments. "I know that a lot of the immigration groups and advocates have said that any kind of identification card like that sort of smacks of Big Brotherism," he said. But, he continued, he believes that the idea should be examined and that it is under discussion as part of the health care reform effort being headed by First Lady Hillary Rodham Clinton. Health care task force aides have discussed the likelihood that a reform program would provide all Americans with "health security" cards that would guarantee health benefits to all. But so far, they have not widely discussed the possibility that such a concept would be linked with the more controversial issue of a tamper-proof identification card. Both in the interview and in his past statements on immigration, Clinton has tried to toe a careful line -- advocating a tougher set of policies to handle illegal immigration while assuring the Democratic Party's base of voters in minority communities that he remains committed to continuing legal immigration and the cultural diversity it brings. Over the long term, Clinton said, he continues to hope that the proposed North American Free Trade Agreement with Mexico and Canada will reduce immigration pressure by improving the standard of living in Mexico and by improving development in that country so that fewer people feel compelled to migrate to the maquiladora zone near the U.S. border, where American-owned factories offer employment. In the shorter term, the only way to avoid having the immigration debate damage the nation's social fabric, Clinton argued, is for the government to begin demonstrating to citizens that it is taking real action to enforce the nation's immigration laws. If the government can achieve that, he said, politicians will find that "the rhetoric of calling for more extreme solutions may be of limited usefulness" to them. On the other hand, he warned, if the government is unable to "show some more discipline" in its control of illegal immigration, "I'm afraid the genie out of the bottle will be passion to shut off legal immigration. "This country has greatly benefited from its immigrants for 200 years," Clinton said, and should not allow "aversion to illegal immigration" to create an "aversion to legal immigration." California, in particular, will continue to benefit from its large immigrant population, he predicted. "There's no question that California will have a rebound," he said, once the state's huge defense and aerospace industries complete the economically painful shrinkage brought on by the end of the Cold War. Once that rebound begins, the President argued, the state will benefit by "being able to interface with more societies" in Asia and Latin America by virtue of its immigrant population. But while he has been careful to praise legal immigration, Clinton has been eager to portray his Administration as having "taken a much more aggressive posture on (illegal immigration)" than his predecessors did. Clinton noted, for example, that his budget included additional money to strengthen the Border Patrol and to help California cope with the impact of large numbers of illegal immigrants. Although several border states are facing major immigration-related problems, California clearly "is getting the biggest hit," he said. The President also pointed to his announcement earlier this summer of steps to control smuggling of illegal immigrants into the country by boat and to revamp the nation's troubled system for judging requests for asylum. From nobody at alumni.cco.caltech.edu Tue Aug 17 15:10:25 1993 From: nobody at alumni.cco.caltech.edu (nobody at alumni.cco.caltech.edu) Date: Tue, 17 Aug 93 15:10:25 PDT Subject: Private, legal-tender billing & refunding for online services Message-ID: <9308172203.AA29532@alumni.cco.caltech.edu> In "Twain" and other Internet business concepts there is a big problem with establishing methods of payments and refunds that is convenient for both the customer and the business, while insuring the privacy of the customer. AMIX, netcom, et. al. ask for credit card number, keep names and addresses of customers online, probably keep dossiers of services customers have bought, etc. (Even if not purposefully, they frequently do system backups). Just about every business has to have a way of recieving payment and distributing refunds to customers, in legal tender. I'm interested in how to set up a physical mail drop/ATM protocol to allow customers to exchange legal tender for digital postage (or coupons, or greenstamps, or cash, or whatever we want to call it. Digicash is ideal, but the nomenclature might have to depend on what is legal in various jurisdictions). Here's my first cut: Customer signs up by sending legal tender (physical cash or money order) in mail, with anon physical mail drop to which the stamp vendor replies with a floppy containing: * N digital stamps * other tools to connect to vendor (eg software to handle digital stamps, e-mail utilities, client software, etc.) Vendor also sets up a "bearer" offshore bank account or credit union account with ATM card. A PIN and password are sent to customer, needed to activate the card and digital stamps respectively. Customer pays up front for N digital stamps and the sign-up fee. Digistamps obtained from various vendors (in the S&H greenstamp scenario) can be deposited at will. For refunds, these stamps can be removed from the account, digitally converting to legal tender in the bearer bank account, where customer can remove at a max rate of (typically) $300/day via ATM. Some problems: mail drops and bearer bank accounts may be a major hassle for customers of most service businesses. Also for "normal" businesses many customers will be turned off by the "shady" nature of the billing scheme. (Cf. Cindy's recent response to Tim May's post on her bartering scheme). There are major legal issues here: is a formal "bearer bank account" legal? Are digital S&H greenstamps legal? In what jurisdictions? From remail at tamsun.tamu.edu Tue Aug 17 15:15:24 1993 From: remail at tamsun.tamu.edu (remail at tamsun.tamu.edu) Date: Tue, 17 Aug 93 15:15:24 PDT Subject: `Stalled' Progress Message-ID: <9308172215.AA18632@tamsun.tamu.edu> At 2:36 AM 8/16/93 +0000, an12070 at anon.penet.fi wrote: >building up all these things on student accounts is >commendable but a foundation of quicksand in the long run. Quicksand is fine if you use pontoons. We *are* a guerrilla operation, aren't we? Let me pay homage to those who have endured the risk of offering their student accounts for use as remailers, etc. We need more like you. I could get some bootleg student accounts, but I think the annoyance factor might outweigh the benefit of more resouces. And, as my anonymous posting implies, I'm not entirely sure I want to be out of the closet as a cypherpunk yet. >rumor has it >even soda.berkeley.edu ftp site (perhaps the most critical cypherpunk >element other than the mailing list) is being run off a student >account. This is indeed our great vulnerable point. We should attempt to decentralize it (at least have more backup). UNIX gurus- if I put PGP in my home directory, how do I make it available netwide? Does my sysadmin Another possibility - spring some real cash and get cycles and ftp support on netcom or something like it. How much would it cost? Is it cycles, space and access we need, money, or just someone to take charge? Once we got digital cash working, things have a better chance to become self-supporting and less at the mercy of university system administrators. How difficult would it be to get some resources (cycles, disk space, code) from Chaum's company Digicash? We could do an academic research project studying the feasibility of trade over internet, funded primarily by in-kind donations. Can we piggy-back on the netcash effort? >* the `i thought you were doing that' factor. Is this really a problem? I'm always pleasantly surprised when something gets done, even if I'm working on it. > >* to a large degree, despite the commandment `cypherpunks write code', >the `cypherpunks' have always gained their cohesion more from political >ideology than implementing tangible systems. I don't know about anyone else, but the tangibility did it for me. I used to be fatalistic about privacy etc. The tangible achievements of the cypherpunks have given me hope that there *is* a soft underbelly on that beast. Not that ideology isn't fun! From cme at ellisun.sw.stratus.com Tue Aug 17 15:30:25 1993 From: cme at ellisun.sw.stratus.com (Carl Ellison) Date: Tue, 17 Aug 93 15:30:25 PDT Subject: Call for Clipper Comments In-Reply-To: <00541.2828442468.4792@washofc.cpsr.org> Message-ID: <9308171826.ZM27196@ellisun.sw.stratus.com> I would/will add to your list of things to cite: 1. the gov't has never had a right to citizens' keys and citizens have always had strong cryptography -- so this sets a terrible precedent, even if it's voluntary; 2. cyberspace should benefit from the same rights as physical space -- i.e., the right to assemble and converse in private; 3. secrecy around the key generation procedure is totally unnecessary. Keys should be generated as totally random numbers. The secrecy strongly suggests that the NSA intends to bypass the escrow mechanism, for example by having a secret function map from chip serial number to its secret key; 4. the justification for this effort was citizens' need for security in cellular and wireless calls while retaining the FBI's ability to wiretap. A superior engineering solution exists and doesn't carry the civil liberties infringements: to encrypt normally (e.g., with double DES) the broadcast portion of a cellular or wireless call, but leave the call in the clear over phone lines. Why did the government not encourage this solution? - Carl From pmetzger at lehman.com Tue Aug 17 16:05:27 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Tue, 17 Aug 93 16:05:27 PDT Subject: `Stalled' Progress In-Reply-To: <9308172215.AA18632@tamsun.tamu.edu> Message-ID: <9308172302.AA14826@snark.lehman.com> remail at tamsun.tamu.edu says: > At 2:36 AM 8/16/93 +0000, an12070 at anon.penet.fi wrote: > >building up all these things on student accounts is > >commendable but a foundation of quicksand in the long run. > > Quicksand is fine if you use pontoons. We *are* a guerrilla operation, > aren't we? I dunno about you, but I'm mainstream. Privacy is for everyone. The more we treat ourselves as people doing things that are shady, the more we will be treated as shady. Nothing we are doing is illegal -- why must we then slink in shadows? This list includes some of the world's foremost experts in cryptography, as well as lots of perfectly solid citizens. I say we wait until we are driven underground to pretend that we are underground. If we act as though we are shady, we will only make it easier to repress us. Perry From ld231782 at longs.lance.colostate.edu Tue Aug 17 17:20:28 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Tue, 17 Aug 93 17:20:28 PDT Subject: encrypted anonymous traffic Message-ID: <9308180018.AA08773@longs.lance.colostate.edu> Mr. Wells: I strongly am against your policy of prohibiting encrypted traffic through your server, and your apparent monitoring of existing plaintext information. I believe you should make this severe & oppressive restriction (the former) and breach of privacy, confidentiality, and trust (the latter) clear in your introductory statements to your server. While providing this service of anonymity is commendable, it is worthless without minimum levels of functionality and assurance, and IMHO outlawing encrypted traffic is bordering on that line. You `defuse' J. Helsingius's suggestion of comparing your service with the post office by comparing it with the exchange of bombs in parcels, saying that `analogies are slippery'. Indeed, you have slipped out of this one and away from the crucial point. No one can send any `bomb' through mere text, and to compare harassing mail (which is definitely not to be condoned) to it is to expose your naive and self-serving view of the matter. I have a theory that one major motivation toward running such a server is a somewhat paternalistic desire to `monitor' traffic through one's server to one's `family'. Far better to do this with your own family than through a public service, where it is inappropriate, deplorable, and voyeristic. That you arbitrarily restrict traffic to that which you can read is a rather embarrassing indictment of your intentions, despite your lame protestations that just the `capability' is relevant. Anonymity and encryption are as interlinked as two sides of a hand. Who are you to shear one half away? Sincerely, L. Detweiler From jet at netcom.com Tue Aug 17 18:30:28 1993 From: jet at netcom.com (J. Eric Townsend) Date: Tue, 17 Aug 93 18:30:28 PDT Subject: Why cypherpunks are 'stalled', IMHO Message-ID: <9308180128.AA22934@netcom.netcom.com> I just got a 15k mail message from one Dave Banisar that consisted of wire news clippings, only one of which had anything even vaguely related to cryptogrophy. *This* is why pepole drop off the list so often. (Or don't show up at meetings, thinking they'll be as noisy?). If it's just more of the general computer geek/privacy/libertarian stuff all over again, the same crud that flows in such volumes on the libertarian list, and a couple of other lists I've had the misfortune to be on, people will go away. (In particular, evoting, pranks to prove points, general ranting.) Let's try a little self-restraint, perhaps? Or take discussions off-list, or to the appropriate list? Maybe if the list were more hard-core crypto (and less noisy), more people would be on the list, and more research types might be willing to be on the list. mp-render, the massively parallel rendering list, has high content, low volume, and some of the top folks in the biz on the list available for discussion. I'm sure if myself and a few other starting going on at length about how cool Pixar's juice-box commercial was, there'd be a lot of people unsubscribing... Luckly, I have a mailer that supports 'kill', so I can easily blast through multiple rounds of whether evoting is the End of the World. :-) But I've worked with plenty of researchers (and been in the position myself) where getting more than a few email messages a day is a big pain in the ass. Lots of people *doing* things don't put the effort into making 'the net' as much a part of their lives as some of the people here. Hell, my boss at NASA was still reading their mail with /bin/mail until I pointed them at elm. Can you imagine getting 30-40 messages a day, and having to wade through them with /bin/mail? (I watch my gf do this, I think she's nutz and on about a dozen too many mailing lists.) Granted, I've only made on c-punk meeting (travel and illness have interfered with my other attempts), and the code I'm working on will only be able to run on a machine with limited numbers (only 50 or so built), so maybe I'm in the 'not doing so much' part. (I'm not immune to Off-Topic disease, either. :-) -- jet at netcom.com -- J. Eric Townsend -- '92 R100R: "CLACKER" "Either what you've said is so vague that it's meaningless or I disagreee with you completely." -- Tom Maddox From lazylion at netcom.com Tue Aug 17 18:35:28 1993 From: lazylion at netcom.com (Ben Weiss) Date: Tue, 17 Aug 93 18:35:28 PDT Subject: encrypted anonymous traffic Message-ID: <9308180134.AA23404@netcom.netcom.com> Hmm. Very interesting. I observe two not completely diametrically opposed viewpoints here. Consider: On one hand, there has been a lot of (IMHO government generated) hype lately about the very real possibility of justice department "legal" reprisals against individuals running what I consider to be common carrier messaging services (BBS's, remailers, hosts, etc.) based on the content of messages passing through those services (porn GIF's, etc). While it is clear to me that in this environment of obvious government oppression of expression through terror tactics against common carriers, it is certainly true that a responsible indvidual in this environment must do what they think is appropriate to protect themselves from government harassment. We are not all in situations where we can be arrested and thrown in jail (even for an appropriate cause) and simply ignore responsibilities to loved ones and employees (or even customers) who may be relying on us to provide for them. Each of us must make an individual choice weather and how much to fight the oppressive atmosphere by refusing to subscribe to the justice department's hillarious misreading of the Bill of Rights. It behooves us all to respect the positions of those who for whatever reason do not wish to put themselves in further danger by taking the firm stand that we all know is appropriate against these government hoodlums. I support and respect the right of any concered operator of a BBS, host or anonomous remailer to responsibly (and concentually!) refraim from entering this battle. While it is true that I believe that it does further slightly damage our cause, it is a necessary evil to support the wishes of others. It is, of course, necessary, to completely disclose policies like this to all perspective users (within reason) and it would be most convinient for those users if an actual policy were developped and published, but I can see that since we are in a state of controversy about this very issue, any attempt to define what is or is not appropriate will always be met with great discontent (probably on both sides :)) Live & Let Live (but INFORM!) "Just Say KNno!" --- Ben D. Weiss --- Packet Radio: WB5QAL at N6EEG.#NOCAL.CA.US Internet: LazyLion at Netcom.com Telephone: (510) 841-5709 --------------------------------------- From gnu Tue Aug 17 18:45:28 1993 From: gnu (John Gilmore) Date: Tue, 17 Aug 93 18:45:28 PDT Subject: [DEC] U.S. Computer May Have Violated Export Regulations Message-ID: <9308180142.AA11306@toad.com> a0600 r abx ^U.S. Computer May Have Violated Export Regulations< ^By PAUL RAEBURN= ^AP Science Editor= NEW YORK (AP) _ The Digital Equipment Corp. abruptly pulled two powerful new computers off a global computer network out of concerns about possible export violations, even though the computers never left the country. The result of Digital's action was to deny U.S. computer users access to U.S. computers operating in the United States. Critics said the episode demonstrates how export laws intended to regulate weapons technology are not only infringing on American civil liberties but also stifling innovation and hurting American businesses. Digital said its concern was that foreigners could connect to the computers from abroad, generate data, and illegally export it over the Internet computer network, which carries data and electronic mail around the world. The computers were reconnected to the computer network on July 7, but access is now limited to people who are screened by the company, Mark Fredrickson, a Digital spokesman, said Friday. The computers are not what industry would call supercomputers, but they do fit the government definition of a supercomputer. A former Commerce Department official who is now a trade consultant in Washington said the connection of a supercomputer to a global network could lead to violations of federal export regulations. ``If it was available overseas and they allowed people overseas to use it, then technically they were allowing access to a supercomputer to people they didn't know,'' said Paul Freedenberg, who was the Commerce Department's undersecretary for export administration at the end of the Reagan administration. Freedenberg is an international trade consultant at Baker and Botts in Washington, the law firm of former Secretary of State James Baker. He emphasized that he had no personal knowledge of the Digital computer hookup and that he was speaking of the regulations generally. ``I can't say Digital violated the law, because I don't know what Digital did,'' he said. Lee Mercer, Digital's corporate export manager, said making the computer available was not a violation. A Commerce Department official, speaking on condition his name not be used, agreed that making the computer available was not a violation, but that export of data generated on the computer would be a violation of regulations. The computer hookup was in place for five weeks in April and May, said Fredrickson. It was intended to give potential customers the opportunity to test-drive the computers. It was terminated by company executives who wanted to avoid any appearance of violating export regulations, he said. ``None of this has been motivated by anyone from the government suggesting that we do anything here,'' said Fredrickson. ``This was simply our own internal people raising the possibility of concern.'' In a separate incident last year, a Digital computer ``bulletin board,'' offered access to programs for encoding computer data. Exporting such software is a violation of federal regulations, Freedenberg said. ``It's a technical data transfer'' that falls under the State Department's control of munitions export, he said. Frederickson said the company shut the bulletin board down to ensure that the software would not be exported illegally. ``Nothing was found that was thought to be a concern even meriting informing the government about it,'' he said. Digital, the nation's No. 2 computer maker after IBM, said that 65 percent of its $14 billion in annual sales are overseas. In December 1991, the Commerce Department charged the company with 62 violations of export laws and fined it $2.4 million. It was the largest fine the department had imposed for export violations. Digital agreed to pay it without admitting or denying guilt. The Digital computers connected to the network were two of Digital's new AXP 4000 computers, operating in a Digital laboratory in Palo Alto, Calif. The computers, which cost from $77,000 to $100,000, are considered midsized computers by industry standards. Freedenberg said that the government would probably soon revise its outmoded standards that define those models as supercomputers and bring them under export regulations. Robert Kaylor, a spokesman for the Commerce Department, said the department was prohibited by law from discussing the details of a specific case. Critics called for speedy revision of the export laws, which date from the Cold War. ``Export control policies are shutting us directly out of certain markets,'' costing U.S. businesses at least $10 billion a year in lost exports, said Howard Lewis, vice president of the National Association of Manufacturers. ``It's harmful to innovation, but we think it's also very harmful to the privacy interests of American citizens,'' said Daniel Weitzner, an attorney with the Electronic Frontier Foundation, a group concerned with computers and civil-liberties issues. From fergp at sytex.com Tue Aug 17 18:55:28 1993 From: fergp at sytex.com (Paul Ferguson) Date: Tue, 17 Aug 93 18:55:28 PDT Subject: NIST call for Comments on "Key-Escrow" (fwd) Message-ID: From: Dave Banisar Date: Tue, 17 Aug 1993 14:23:16 EST Subject: Call for Clipper Comments Call for Clipper Comments The National Institute of Standards and Technology (NIST) has issued a request for public comments on its proposal to establish the "Skipjack" key-escrow system as a Federal Information Processing Standard (FIPS). The deadline for the submission of comments is September 28, 1993. The full text of the NIST notice follows. CPSR is urging all interested individuals and organizations to express their views on the proposal and to submit comments directly to NIST. Comments need not be lengthy or very detailed; all thoughtful statements addressing a particular concern will likely contribute to NIST's evaluation of the key-escrow proposal. The following points could be raised about the NIST proposal (additional materials on Clipper and the key escrow proposal may be found at the CPSR ftp site, cpsr.org): * The potential risks of the proposal have not been assessed and many questions about the implementation remain unanswered. The NIST notice states that the current proposal "does not include identification of key escrow agents who will hold the keys for the key escrow microcircuits or the procedures for access to the keys." The key escrow configuration may also create a dangerous vulnerability in a communications network. The risks of misuse of this feature should be weighed against any perceived benefit. * The classification of the Skipjack algorithm as a "national security" matter is inappropriate for technology that will be used primarily in civilian and commercial applications. Classification of technical information also limits the computing community's ability to evaluate fully the proposal and the general public's right to know about the activities of government. * The proposal was not developed in response to a public concern or a business request. It was put forward by the National Security Agency and the Federal Bureau of Investigation so that these two agencies could continue surveillance of electronic communications. It has not been established that is necessary for crime prevention. The number of arrests resulting from wiretaps has remained essentially unchanged since the federal wiretap law was enacted in 1968. * The NIST proposal states that the escrow agents will provide the key components to a government agency that "properly demonstrates legal authorization to conduct electronic surveillance of communications which are encrypted." The crucial term "legal authorization" has not been defined. The vagueness of the term "legal authorization" leaves open the possibility that court- issued warrants may not be required in some circumstances. This issue must be squarely addressed and clarified. * Adoption of the proposed key escrow standard may have an adverse impact upon the ability of U.S. manufacturers to market cryptographic products abroad. It is unlikely that non-U.S. users would purchase communication security products to which the U.S. government holds keys. Comments on the NIST proposal should be sent to: Director, Computer Systems Laboratory ATTN: Proposed FIPS for Escrowed Encryption Standard Technology Building, Room B-154 National Institute of Standards and Technology Gaithersburg, MD 20899 Submissions must be received by September 28, 1993. CPSR has asked NIST that provisions be made to allow for electronic submission of comments. Please also send copies of your comments on the key escrow proposal to CPSR for inclusion in the CPSR Internet Library, our ftp site. Copies should be sent to . ================================================================= FEDERAL REGISTER VOL. 58, No. 145 DEPARTMENT OF COMMERCE (DOC) National Institute of Standards and Technology (NIST) Docket No. 930659-3159 RIN 0693-AB19 A Proposed Federal Information Processing Standard for an Escrowed Encryption Standard (EES) 58 FR 40791 Friday, July 30, 1993 Notice; request for comments. SUMMARY: A Federal Information Processing Standard (FIPS) for an Escrowed Encryption Standard (EES) is being proposed. This proposed standard specifies use of a symmetric-key encryption/decryption algorithm and a key escrowing method which are to be implemented in electronic devices and used for protecting certain unclassified government communications when such protection is required. The algorithm and the key escrowing method are classified and are referenced, but not specified, in the standard. This proposed standard adopts encryption technology developed by the Federal government to provide strong protection for unclassified information and to enable the keys used in the encryption and decryption processes to be escrowed. This latter feature will assist law enforcement and other government agencies, under the proper legal authority, in the collection and decryption of electronically transmitted information. This proposed standard does not include identification of key escrow agents who will hold the keys for the key escrow microcircuits or the procedures for access to the keys. These issues will be addressed by the Department of Justice. The purpose of this notice is to solicit views from the public, manufacturers, and Federal, state, and local government users so that their needs can be considered prior to submission of this proposed standard to the Secretary of Commerce for review and approval. The proposed standard contains two sections: (1) An announcement section, which provides information concerning the applicability, implementation, and maintenance of the standard; and (2) a specifications section which deals with the technical aspects of the standard. Both sections are provided in this notice. DATES: Comments on this proposed standard must be received on or before September 28, 1993. ADDRESSES: Written comments concerning the proposed standard should be sent to: Director, Computer Systems Laboratory, ATTN: Proposed FIPS for Escrowed Encryption Standard, Technology Building, room B-154, National Institute of Standards and Technology, Gaithersburg, MD 20899. Written comments received in response to this notice will be made part of the public record and will be made available for inspection and copying in the Central Reference and Records Inspection Facility, room 6020, Herbert C. Hoover Building, 14th Street between Pennsylvania and Constitution Avenues, NW., Washington, DC 20230. FOR FURTHER INFORMATION CONTACT: Dr. Dennis Branstad, National Institute of Standards and Technology, Gaithersburg, MD 20899, telephone (301) 975-2913. SUPPLEMENTARY INFORMATION: This proposed FIPS implements the initiative announced by the White House Office of the Press Secretary on April 16, 1993. The President of the U.S. approved a Public Encryption Management directive, which among other actions, called for standards to facilitate the procurement and use of encryption devices fitted with key-escrow microcircuits in Federal communication systems that process sensitive, but unclassified information. Dated: July 26, 1993. Arati Prabhakar, Director.(NIST) ---------------------------------------------------- Federal Information Processing Standards Publication XX 1993 XX Announcing the Escrowed Encryption Standard (EES) Federal Information Processing Standards Publications (FIPS PUBS) are issued by the National Institute of Standards and Technology (NIST) after approval by the Secretary of Commerce pursuant to section 111(d) of the Federal Property and Administrative Services Act of 1949 as amended by the Computer Security Act of 1987, Public Law 100-235. Name of Standard: Escrowed Encryption Standard (EES). Category of Standard: Telecommunications Security. Explanation: This Standard specifies use of a symmetric-key encryption (and decryption) algorithm and a Law Enforcement Access Field (LEAF) creation method (one part of a key escrow system) which provide for decryption of encrypted telecommunications when interception of the telecommunications is lawfully authorized. Both the algorithm and the LEAF creation method are to be implemented in electronic devices (e.g., very large scale integration chips). The devices may be incorporated in security equipment used to encrypt (and decrypt) sensitive unclassified telecommunications data. Decryption of lawfully intercepted telecommunications may be achieved through the acquisition and use of the LEAF, the decryption algorithm and escrowed key components. To escrow something (e.g., a document, an encryption key) means that it is "delivered to a third person to be given to the grantee only upon the fulfillment of a condition" (Webster's Seventh New Collegiate Dictionary). A key escrow system is one that entrusts components of a key used to encrypt telecommunications to third persons, called key component escrow agents. In accordance with the common definition of "escrow", the key component escrow agents provide the key components to a "grantee" (i.e., a government agency) only upon fulfillment of the condition that the grantee properly demonstrates legal authorization to conduct electronic surveillance of communications which are encrypted using the specific device whose key component is requested. The key components obtained through this process are then used by the grantee to reconstruct the device unique key and obtain the session key (contained in the LEAF) which is used to decrypt the telecommunications that are encrypted with that device. The term, "escrow", for purposes of this standard, is restricted to the dictionary definition. The encryption/decryption algorithm has been approved for government applications requiring encryption of sensitive unclassified telecommunications of data as defined herein. The specific operations of the algorithm and the LEAF creation method are classified and hence are referenced, but not specified, in this standard. Data, for purposes of this standard, includes voice, facsimile and computer information communicated in a telephone system. Telephone system, for purposes of this standard, is limited to systems circuit-switched up to no more than 14.4 kbs or which use basic-rate ISDN, or to a similar grade wireless service. Data that is considered sensitive by a responsible authority should be encrypted if it is vulnerable to unauthorized disclosure during telecommunications. A risk analysis should be performed under the direction of a responsible authority to determine potential threats and risks. The costs of providing encryption using this standard as well as alternative methods and their respective costs should be projected. A responsible authority should then make a decision, based on the risk and cost analyses, whether or not to use encryption and then whether or not to use this standard. Approving Authority: Secretary of Commerce. Maintenance Agency: Department of Commerce, National Institute of Standards and Technology. Applicability: This standard is applicable to all Federal departments and agencies and their contractors under the conditions specified below. This standard may be used in designing and implementing security products and systems which Federal departments and agencies use or operate or which are operated for them under contract. These products may be used when replacing Type II and Type III (DES) encryption devices and products owned by the government and government contractors. This standard may be used when the following conditions apply: 1. An authorized official or manager responsible for data security or the security of a computer system decides that encryption is required and cost justified as per OMB Circular A- 130; and 2. The data is not classified according to the National Security Act of 1947, as amended, or the Atomic Energy Act of 1954, as amended. However, Federal departments or agencies which use encryption devices for protecting data that is classified according to either of these acts may use those devices also for protecting unclassified data in lieu of this standard. In addition, this standard may be adopted and used by non- Federal Government organizations. Such use is encouraged when it provides the desired security. Applications: Devices conforming to this standard may be used for protecting unclassified communications. Implementations: The encryption/decryption algorithm and the LEAF creation method shall be implemented in electronic devices (e.g., electronic chip packages) that can be physically protected against unauthorized entry, modification and reverse engineering. Implementations which are tested and validated by NIST will be considered as complying with this standard. An electronic device shall be incorporated into a cyptographic module in accordance with FIPS 140-1. NIST will test for conformance with FIPS 140-1. Cryptographic modules can then be integrated into security equipment for sale and use in an application. Information about devices that have been validated, procedures for testing equipment for conformance with NIST standards, and information about obtaining approval of security equipment are available from the Computer Systems Laboratory, NIST, Gaithersburg, MD 20899. Export Control: Implementations of this standard are subject to Federal Government export controls as specified in title 22, Code of Federal Regulations, parts 120 through 131 (International Traffic of Arms Regulations -ITAR). Exporters of encryption devices, equipment and technical data are advised to contact the U.S. Department of State, Office of Defense Trade Controls for more information. Patents: Implementations of this standard may be covered by U.S. and foreign patents. Implementation Schedule: This standard becomes effective thirty days following publication of this FIPS PUB. Specifications: Federal Information Processing Standard (FIPS XXX)(affixed). Cross Index: a. FIPS PUB 46-2, Data Encryption Standard. b. FIPS PUB 81, Modes of Operation of the DES c. FIPS PUB 140-1, Security Requirements for Cryptographic Modules. Glossary: The following terms are used as defined below for purposes of this standard: Data-Voice, facsimile and computer information communicated in a telephone system. Decryption-Conversion of ciphertext to plaintext through the use of a cryptographic algorithm. Device (cryptographic)-An electronic implementation of the encryption/decryption algorithm and the LEAF creation method as specified in this standard. Digital data-Data that have been converted to a binary representation. Encryption-Conversion of plaintext to ciphertext through the use of a cryptographic algorithm. Key components-The values from which a key can be derived (e.g., KU sub 1 + KU sub 2). Key escrow -A process involving transferring one or more components of a cryptographic key to one or more trusted key component escrow agents for storage and later use by government agencies to decrypt ciphertext if access to the plaintext is lawfully authorized. LEAF Creation Method 1-A part of a key escrow system that is implemented in a cryptographic device and creates a Law Enforcement Access Field. Type I cryptography-A cryptographic algorithm or device approved by the National Security Agency for protecting classified information. Type II cryptography-A cryptographic algorithm or device approved by the National Security Agency for protecting sensitive unclassified information in systems as specified in section 2315 of Title 10 United State Code, or section 3502(2) of Title 44, United States Code. Type III cryptography-A cryptographic algorithm or device approved as a Federal Information Processing Standard. Type III(E) cryptography-A Type III algorithm or device that is approved for export from the United States. Qualifications. The protection provided by a security product or system is dependent on several factors. The protection provided by this standard against key search attacks is greater than that provided by the DES (e.g., the cryptographic key is longer). However, provisions of this standard are intended to ensure that information encrypted through use of devices implementing this standard can be decrypted by a legally authorized entity. Where to Obtain Copies of the Standard: Copies of this publication are for sale by the National Technical Information Service, U.S. Department of Commerce, Springfield, VA 22161. When ordering, refer to Federal Information Processing Standards Publication XX (FIPS PUB XX), and identify the title. When microfiche is desired, this should be specified. Prices are published by NTIS in current catalogs and other issuances. Payment may be made by check, money order, deposit account or charged to a credit card accepted by NTIS. Specifications for the Escrowed Encryption Standard 1. Introduction This publication specifies Escrowed Encryption Standard (EES) functions and parameters. 2. General This standard specifies use of the SKIPJACK cryptographic algorithm and the LEAF Creation Method 1 (LCM-1) to be implemented in an approved electronic device (e.g., a very large scale integration electronic chip). The device is contained in a logical cryptographic module which is then integrated in a security product for encrypting and decrypting telecommunications. Approved implementations may be procured by authorized organizations for integration into security equipment. Devices must be tested and validated by NIST for conformance to this standard. Cryptographic modules must be tested and validated by NIST for conformance to FIPS 140-1. 3. Algorithm Specifications The specifications of the encryption/decryption algorithm (SKIPJACK) and the LEAF Creation Method 1 (LCM-1) are classified. The National Security Agency maintains these classified specifications and approves the manufacture of devices which implement the specifications. NIST tests for conformance of the devices implementing this standard in cryptographic modules to FIPS 140-1 and FIPS 81. 4. Functions and Parameters 4.1 Functions The following functions, at a minimum, shall be implemented: 1. Data Encryption: A session key (80 bits) shall be used to encrypt plaintext information in one or more of the following modes of operation as specified in FIPS 81: ECB, CBC, OFB (64) CFB (1, 8, 16, 32, 64). 2. Data Decryption: The session key (80 bits) used to encrypt the data shall be used to decrypt resulting ciphertext to obtain the data. 3. Key Escrow: The Family Key (KF) shall be used to create the Law Enforcement Access Field (LEAF) in accordance with the LEAF Creation Method 1 (LCM-1). The Session Key shall be encrypted with the Device Unique Key and transmitted as part of the LEAF. The security equipment shall ensure that the LEAF is transmitted in such a manner that the LEAF and ciphertext may be decrypted with legal authorization. No additional encryption or modification of the LEAF is permitted. 4.2 Parameters The following parameters shall be used in performing the prescribed functions: 1. Device Identifier (DID): The identifier unique to a particular device and used by the Key Escrow System. 2. Device Unique Key (KU): The cryptographic key unique to a particular device and used by the Key Escrow System. 3. Cryptographic Protocol Field (CPF): The field identifying the registered cryptographic protocol used by a particular application and used by the Key Escrow System (reserved for future specification and use). 4. Escrow Authenticator (EA): A binary pattern that is inserted in the LEAF to ensure that the LEAF is transmitted and received properly and has not been modified, deleted or replaced in an unauthorized manner. 5. Initialization Vector (IV): A mode and application dependent vector of bytes used to initialize, synchronize and verify the encryption, decryption and key escrow functions. 6. Family Key (KF): The cryptographic key stored in all devices designated as a family that is used to create the LEAF. 7. Session Key (KS): The cryptographic key used by a device to encrypt and decrypt data during a session. 8. Law Enforcement Access Field (LEAF): The field containing the encrypted session key and the device identifier and the escrow authenticator. 5. Implementation The Cryptographic Algorithm and the LEAF Creation Method shall be implemented in an electronic device (e.g., VLSI chip) which is highly resistant to reverse engineering (destructive or non- destructive) to obtain or modify the cryptographic algorithms, the DID, the KF, the KU, the EA, the CPF, the operational KS, or any other security or Key Escrow System relevant information. The device shall be able to be programmed/personalized (i.e., made unique) after mass production in such a manner that the DID, KU (or its components), KF (or its components) and EA fixed pattern can be entered once (and only once) and maintained without external electrical power. The LEAF and the IV shall be transmitted with the ciphertext. The specifics of the protocols used to create and transmit the LEAF, IV, and encrypted data shall be registered and a CPF assigned. The CPF shall then be transmitted in accordance with the registered specifications. The specific electric, physical and logical interface will vary with the implementation. Each approved, registered implementation shall have an unclassified electrical, physical and logical interface specification sufficient for an equipment manufacturer to understand the general requirements for using the device. Some of the requirements may be classified and therefore would not be specified in the unclassified interface specification. Paul Ferguson | "Government, even in its best state, Network Integrator | is but a necessary evil; in its worst Centreville, Virginia USA | state, an intolerable one." fergp at sytex.com | - Thomas Paine, Common Sense Type bits/keyID Date User ID pub 1024/1CC04D 1993/03/15 Paul Ferguson Key fingerprint = EE D2 93 7D 04 6D C6 05 AC 36 AD 9D 8E 4F 41 58 From bill at twwells.com Tue Aug 17 19:05:29 1993 From: bill at twwells.com (T. William Wells) Date: Tue, 17 Aug 93 19:05:29 PDT Subject: encrypted anonymous traffic In-Reply-To: <9308180018.AA08773@longs.lance.colostate.edu> Message-ID: <9308172101.AA16930@twwells.com> I have better things to do with my time than deal with abusive messages. If you have something you would like me to consider, you will, first, remove all personal remarks from your message, and, second, you will refrain from rhetoric and give me reasons. From marc at Athena.MIT.EDU Tue Aug 17 19:15:28 1993 From: marc at Athena.MIT.EDU (Marc Horowitz) Date: Tue, 17 Aug 93 19:15:28 PDT Subject: encrypted anonymous traffic In-Reply-To: <9308180018.AA08773@longs.lance.colostate.edu> Message-ID: <9308180211.AA20152@snorkelwacker.MIT.EDU> I have to disagree with Lance here. >> No one can send any `bomb' through mere text, and to compare harassing >> mail (which is definitely not to be condoned) to it is to expose your >> naive and self-serving view of the matter. I know people who would probably rather receive an explosive in the mail than receive email from certain individuals, or about certain subjects. Physical damage can be easier to heal. Your requirements are not everyone's. Although I believe myself that encryption and anonymity go hand-in-hand, I can understand that some members of the community Mr. Wells serves might not quite agree with me. As long as he makes the fact that he audits posts absolutely clear, beforehand, to his users, I have no problem with what he does. I am free to find a remailer operator with less restrictive policies, and will do so. Cypherpunks have been talking about a free market where users choose the anonymity services they like best. I see no reason to berate Mr. Wells about his policies. Make sure he discloses his policies, and let the users vote with their packets. Enforcing a standard, any standard, is a Very Bad Thing. Marc From remailer at merde.dis.org Tue Aug 17 20:30:28 1993 From: remailer at merde.dis.org (remailer bogus account) Date: Tue, 17 Aug 93 20:30:28 PDT Subject: No Subject Message-ID: <9308171014.AA11136@merde.dis.org> > From: pmetzger at lehman.com ("Perry E. Metzger") > To: "L. Detweiler" > *we* *are* our government. How can it not be more obvious? What does it > say about our character if we are resigned to deprivation? > WE ARE NOT OUR GOVERNMENT. > I have an interesting fact for you, Mr. Detweiler. I did not choose > the government I live under. I chose none of its parts, agreed to none > of its actions, selected none of its members (not one person I've ever > voted for has been elected, and I only vote in self defense, not as an > endorsement of the system), and I agree with virtually none of its > actions. Sadly, this is the best country I know of to live in, so > leaving is not an option. However, don't for one minute claim that > this is *my* government. It is the government that rules me, to be > sure, but it is my master, not my servant. I would not choose to have > it operate as it does were I given the choice. It is not mine. Yes, absolutely. This discussion may be considered tangential, but the issue here is at the core of the cypherpunks raison d'etre. Detweiller seems to be tremendously confused about the source of government and unaware of the emergence of the American State. I personally feel that I have zero representation in what passes for our "democratic" government for the reasons you mention, exactly. I find myself amazed to encounter the numbers of "mainstream Americans" who have gradually come to the same conclusion, independent of outside prompting. My only hope, personally, is to fight vigorously (perhaps literally, in due course) for the maintenance of the Bill of Rights as protection against the tyranny of _both_ the mob and the State. I personally see the prospect of an electronic so-called democracy to be terrifying, a mechanism whose technical subversion would be trivial for the State's assets, say the NSA. Simple manipulation by propaganda would be even easier. Read Orwell. Read Zamyatin. Cypherpunks are providing the basis for long-range, (relatively) secure communication between those activists and thinkers who may have the power to bring down the State and restore the individual autonomy this nation was originally devised to foster. In the past year I have had the privilege to see a de facto cadre of brilliant men and women develop from formerly isolated individuals, all thanks to computer networks and the emergence of secure communication. I have found answers to questions I have been asking for twenty-five years, and provided information that answered similar questions for others. I have seen the product of these private communications develop into public statements that have demonstrably influenced the political outlooks of hundreds, perhaps thousands, of casual computer network users. The ability of computer networks and secure communication has in itself empowered and radicalized an otherwise disenfranchised body of valuable and vital Americans. Really, this is heady stuff. It gives me reason to stick around and watch this country for a few more years. From nobody at eli-remailer Tue Aug 17 22:10:30 1993 From: nobody at eli-remailer (nobody at eli-remailer) Date: Tue, 17 Aug 93 22:10:30 PDT Subject: Private legal tender Message-ID: <9308180509.AA16775@toad.com> A simpler variation on what was suggested would go like this: Customer sends cash or money order to digital bank, along with a floppy with an anonymous email address (via a remailer) and a public key. The bank emails the customer encrypted digital cash corresponding to the amount he sent in (minus any service charges). If Chaum blinding is used, the needed data can be included on the floppy. Alternatives to sending a floppy would be for the customer to email the same information when he mailed his money, including some secret information with both which would tie them together. Customers spend money using the appropriate protocols. When a customer wants, he can send his digital cash to the bank to get it exchanged for new digital cash; or he can include with the digital cash instructions to tell the bank to mail a check or money order to a specified address. Here is where he could use a postal mail drop if he doesn't want to reveal his own identity (assuming he is mailing to himself); or he may request mailing to some other business which doesn't accept digital cash but from which he wants to purchase something. --------- Sugarplum --------- From hfinney at shell.portal.com Tue Aug 17 22:20:29 1993 From: hfinney at shell.portal.com (hfinney at shell.portal.com) Date: Tue, 17 Aug 93 22:20:29 PDT Subject: Digital cash references Message-ID: <9308180434.AA05658@jobe.shell.portal.com> I got asked what would be good survey articles on digital cash. Two good ones that are widely available are both by David Chaum: Scientific American, August 1992, p. 96; and Communications of the ACM, October 1985, p. 1030. Unfortunately, neither of these really describes the mathematics, instead discussing things in terms of analogies. To get more details you have to read the conference proceedings. Many of the recent Eurocrypt and Crypto conferences have discussed implementations of digital cash. Hal Finney hfinney at shell.portal.com From hfinney at shell.portal.com Tue Aug 17 22:20:35 1993 From: hfinney at shell.portal.com (hfinney at shell.portal.com) Date: Tue, 17 Aug 93 22:20:35 PDT Subject: [ari@ISI.EDU: New paper on electronic currency] Message-ID: <9308180434.AA05641@jobe.shell.portal.com> I just ftp'd, printed, and read the paper which Derek mentioned: NetCash: A design for practical electronic currency on the Internet by Gennady Medvinsky and Clifford Neuman I didn't think it was any good. They have an incredibly simplistic model, and their "protocols" are of the order, A sends the bank some paper money, and B sends A some electronic cash in return. They don't even do blinding of the cash. Each piece of cash has a unique serial number which is known to the currency provider. This would of course allow matching of withdrawn and deposited coins. "In particular, at the point that a client purchases coins from a currency server by check, or cashes in coins, it is possible for the currency server to record which coins have been issued to a particular client. It is expected that currency servers will not do so, and it is likely that the agreement with clients will specifically preclude it." Right. It is expected that they will not do so. I feel so much better now. These guys seem to have read the work in the field (they reference it) but they don't appear to have understood it. Hal Finney hfinney at shell.portal.com From nobody at indirect.com Tue Aug 17 23:10:30 1993 From: nobody at indirect.com (nobody at indirect.com) Date: Tue, 17 Aug 93 23:10:30 PDT Subject: NEW CP REMAILER Message-ID: <9308180606.AA21851@indirect.com> Well, after two days or so of missed mail and a lot of headache and missed sleep, I think I've got this working ok. The remailer address is , and so far it is a vanilla remailer, nothing special at all. I have not tested it with encrypted messages yet, the public key, however, is below. Consider the remailer in 'test mode' for the next few days, and if all goes well I'll turn off the logging etc. by the 25th. Until then the remailer should be considered unsecured and all messages are subject to being inadvertantly read by myself in the process of debugging. If it works as well as it looks like it works, at that point I will turn off all logging, debugging, and archiveing, and generaly keep my nose out of it. Send any questions to me at cdodhner at indirect.com. Happy Hunting, -Chris -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAixwXwsAAAEEAMMN+Y9tRX5V/cYEroALiE/2pW1289kK9NCpPjaG+ExuNn0E lJOX4l0Yy6wqNCW7J4ZJEeZ7OQPUaZ6Ig4KUm2O3D8stg+YEuGPvO3TCrEpQ4faf lCZB6+qaalOyuyfGXIcgjQRl026KeYmMJkOGCcc4dFgKfp2tvJJSqYY5uHDxAAUR tClpbmRpcmVjdCByZW1haWxlciA8Y2RvZGhuZXJAaW5kaXJlY3QuY29tPg== =77gB -----END PGP PUBLIC KEY BLOCK----- From nobody at rosebud.ee.uh.edu Wed Aug 18 00:00:53 1993 From: nobody at rosebud.ee.uh.edu (nobody at rosebud.ee.uh.edu) Date: Wed, 18 Aug 93 00:00:53 PDT Subject: Physical to digital cash, and back again Message-ID: <9308180700.AA20607@toad.com> > A simpler variation... > Customer sends cash or money order to digital bank, along with a floppy > with an anonymous email address (via a remailer) and a public key. For any real business, the customer comes from the 99.99% of the population that are not hacker/cypherpunks, not the one or two dozen people who are. These protocols aren't at all simple for the customer, unless the vendor (the same or another vendor) provides some free software on the net or by mail to automate the process (eg PGP with a user-freindly shell for generating the key, and a script for creating an anon e-mail address). But then we have several steps: (1) customer reads ad about cool net.service (a) they contact directly (but this ruins privacy) (b) they contact independent distributor of PGP key and anon-remail address generating software. (but how does customer trust _them_?) (2) vendor sends key & address generators (via e-mail or floppy), and physical-mail-security instructions (3) customer sends in money order (from mail drop or without return address!) along with chosen anon e-mail address and public key. (4) vendor sets up account and e-mails the d-cash. (5) we still need a physical mail drop or bearer bank account for withdrawals, refunds, etc. of physical cash. Pretty exhausting for the typical service industry. Most customers will pick the service that's easier to sign up for, even if some ivory-tower critics criticize its security. Security and privacy are very easy to hype, but often difficult to prove to the layman, who doesn't know or care about the math. Digressing a bit, we could use some sort of independent (not government-run please!) certification company, which takes (perhaps in alliance with liability insurance providers) responsibility for examining the service's computer programs and protocols and giving out "privacy ratings". Secure vendors could then use "Whit Diffie certified, top privacy rating" in their ads. Also, the issue of which parts of these schemes are *legal* is critical, but being completely overlooked. Any lawyers out there with comments on this? The best protocols for legal and illegal operations may be very different, legality of digital cash will vary between jurisdictions, etc. And what about certifying agencies that call a protocol "insecure" simply because it supports activities illegal in their jurisdiction, not for any reasons of physical or software privacy? The cases of illegality and physical/software security are both important risk factors for the vendor, customers, and liability insurers to consider, but ratings for each should be quite distinct. But this discussion is too abstract. We need a real, visceral example. The enclosure below illustrates some of the some legal and privacy issues of a Mom & Pop BBS operation in the pre-d-cash era. This service could use some privacy -- it's an on-line football game with a $35 sign-up fee and cash "prizes." I don't know whether or not it's legal for the vendor, but it's certainly illegal for a significant subset of potential net.customers. There will be thousands of these little on-line services springing up in the near future, if there aren't already. The BBS# is area code (802), but I've lost the rest of it, sorry. You can call their voice# toll-free for more info. Sports Spectrum Ltd. (800) 639-3719 (voice) ----------------------------- P R I V A C Y N O T I C E ----------------------------- Pursuant to the Electronic and Communications Privacy Act of 1986, 18 USC 2510 et. seq., Notice is Hereby Given that There are NO FACILITIES PROVIDED BY THIS SYSTEM for SENDING or RECEIVING PRIVATE OR CONFIDENTIAL ELECTRONIC COMMUNICATIONS. ALL Messages Shall be Deemed to be Readily Accessible to the General Public. Do NOT Use this System for ANY Communication for Which the SENDER Intends ONLY the Sender and the Intended Recipient(s) to read. Notice is Herby Given that ALL Messages Entered into this System CAN and MAY Be READ by the Operators of this System, WHETHER OR NOT they are the Intended Recipient(s). By Your Use of this System, You Agree to HOLD HARMLESS the Operators Thereof Against ANY and ALL CLAIMS Arising Out of Said Use NO MATTER THE CAUSE OR FAULT. ] .... Please remember that this password is protecting yourself against the unauthorized use of YOUR credit card. Please take all necessary precautions to guard it. Since all communications between customers and Sports Spectrum Ltd. occur via computer-to-computer, the password is the only way for Sports Spectrum Ltd. to verify that it is actually you on the other end of the phone connection. Gaining access to Sports Spectrum Ltd.'s service by invoking your password at logon time implicitly authorizes the use of your credit card to pay for any subsequent purchases during that particular session. ----------------------- From ld231782 at longs.lance.colostate.edu Wed Aug 18 00:35:46 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Wed, 18 Aug 93 00:35:46 PDT Subject: The Zen of Anonymity Message-ID: <9308180735.AA14083@longs.lance.colostate.edu> Given: Some graffiti is on the wall. Question: who is `responsible' or `liable' for graffiti? the `vandal' (or `artist')? the owner of the wall? society? What if no means exists whatsoever to identify the originator? or the owner of the wall actually *encourages* people to use it for whatever purpose? And socially beneficial uses ensue? Given: something `illegal' in country A but not in B has been written on a piece of paper. The paper now resides precisely between, exactly on the border, of A and B. Question: Who is the criminal? What is the crime? the writer for treason? the paper transporter for violating export laws? the border guards for not shooting? Again, what if the writer is unidentifiable, the transportation automatic, guarding impossible? What if there is actually a great deal of utility in the transportation of paper-scrawl across borders, for everyone involved? (Note that answers like `it behooves us all to ...prevent the spread of graffiti' or `...prevent the spread of illegal papers to borders' would be worthy of the NSA but pathetically beg the questions.) * * * IMHO, anonymous postings and email have the same legal status of graffiti or the paper on the border. No one is `responsible' or `liable' for the content of graffiti, no laws apply to the paper. Precautions can be taken to limit `offensive' or `illegal' graffiti (whatever that is!) and contrain the transport of writing on paper, but nothing can be done to completely eradicate either, save erecting the most totalitarian system the world has ever seen (a phrase coined by T.C. May, my respect). Perhaps we should have licensing laws for graffiti `vandals' or paper carriers? registers next to all the walls and streets so they can sign in? `Scrawling implement' or `communicable media' bans? Or panning cameras mounted in every 10 foot square area of space in the world? Human identification tags and tracking systems? We have this thing called `cyberspace' that has nothing to do with the laws of any country and comprises nothing but innocuous electrical or light streams coursing through wires and fibers, and trying to impose some system of `accountability' or `responsibility' or `liability' on every last element is an archaic, horrifying, but thankfully obsolete and conceptually impossible artifact from the `dark' ages. Yes, people can choose to become agitated by the *perceived* contents, but people can also choose to starve for a cause. There is no limit to the persecutions invented by the imagination of humanity. Offense is in the lie of the beholder. Libel, slander, sedition, thought crimes: what do these words mean? Whatever meaning they once had is completely dissolved upon the advent of true anonymity. Perhaps if others quiet their minds, they too will hear the sound of one hand clapping. From khijol!erc at apple.com Wed Aug 18 02:10:35 1993 From: khijol!erc at apple.com (Ed Carp) Date: Wed, 18 Aug 93 02:10:35 PDT Subject: The Zen of Anonymity In-Reply-To: <9308180735.AA14083@longs.lance.colostate.edu> Message-ID: > Given: Some graffiti is on the wall. > > Question: who is `responsible' or `liable' for graffiti? > > the `vandal' (or `artist')? the owner of the wall? society? What if no > means exists whatsoever to identify the originator? or the owner of the > wall actually *encourages* people to use it for whatever purpose? And > socially beneficial uses ensue? How about "A credit card number is on the wall..."? Interesting discussion... -- Ed Carp, N7EKG erc at apple.com 510/659-9560 anon-2133 at twwells.com If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From anonymous at extropia.wimsey.com Wed Aug 18 02:50:36 1993 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Wed, 18 Aug 93 02:50:36 PDT Subject: No Subject Message-ID: <199308180906.AA10085@xtropia> Uu> Actually, Julf's solution isn't too bad. It is if your gate won't process the password header line. Uu> Maybe Julf needs to bite the bullet and start using PGP. That would be nice. I particularly enjoy using the PGPed remailer at remail at extropia.wimsey.com, which is not only private, but reliable and damn near grunge-proof. From anonymous at extropia.wimsey.com Wed Aug 18 02:55:36 1993 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Wed, 18 Aug 93 02:55:36 PDT Subject: No Subject Message-ID: <199308180906.AA10093@xtropia> > From: pmetzger at lehman.com ("Perry E. Metzger") > To: "L. Detweiler" > *we* *are* our government. How can it not be more obvious? What does it > say about our character if we are resigned to deprivation? > WE ARE NOT OUR GOVERNMENT. > I have an interesting fact for you, Mr. Detweiler. I did not choose > the government I live under. I chose none of its parts, agreed to none > of its actions, selected none of its members (not one person I've ever > voted for has been elected, and I only vote in self defense, not as an > endorsement of the system), and I agree with virtually none of its > actions. Sadly, this is the best country I know of to live in, so > leaving is not an option. However, don't for one minute claim that > this is *my* government. It is the government that rules me, to be > sure, but it is my master, not my servant. I would not choose to have > it operate as it does were I given the choice. It is not mine. Yes, absolutely. This discussion may be considered tangential, but the issue here is at the core of the cypherpunks raison d'etre. Detweiller seems to be tremendously confused about the source of government and unaware of the emergence of the American State. I personally feel that I have zero representation in what passes for our "democratic" government for the reasons you mention, exactly. I find myself amazed to encounter the numbers of "mainstream Americans" who have gradually come to the same conclusion, independent of outside prompting. My only hope, personally, is to fight vigorously (perhaps literally, in due course) for the maintenance of the Bill of Rights as protection against the tyranny of _both_ the mob and the State. I personally see the prospect of an electronic so-called democracy to be terrifying, a mechanism whose technical subversion would be trivial for the State's assets, say the NSA. Simple manipulation by propaganda would be even easier. Read Orwell. Read Zamyatin. Cypherpunks are providing the basis for long-range, (relatively) secure communication between those activists and thinkers who may have the power to bring down the State and restore the individual autonomy this nation was originally devised to foster. In the past year I have had the privilege to see a de facto cadre of brilliant men and women develop from formerly isolated individuals, all thanks to computer networks and the emergence of secure communication. I have found answers to questions I have been asking for twenty-five years, and provided information that answered similar questions for others. I have seen the product of these private communications develop into public statements that have demonstrably influenced the political outlooks of hundreds, perhaps thousands, of casual computer network users. The ability of computer networks and secure communication has in itself empowered and radicalized an otherwise disenfranchised body of valuable and vital Americans. Really, this is heady stuff. It gives me reason to stick around and watch this country for a few more years. From hughes at soda.berkeley.edu Wed Aug 18 07:50:38 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Wed, 18 Aug 93 07:50:38 PDT Subject: The Zen of Anonymity In-Reply-To: <9308180735.AA14083@longs.lance.colostate.edu> Message-ID: <9308181448.AA22436@soda.berkeley.edu> >Given: Some graffiti is on the wall. >Question: who is `responsible' or `liable' for graffiti? This question already has a known answer. The author of the words is the one that is liable for them. No other parties are liable unless they had prior knowledge; this would make them conspirators. In libel cases specifically, if you can prove who the author was, you can sue. If you can't, too bad. Heh, heh, heh. I asked Mike Godwin about this specifically a few months ago. I mention him here to give him to opportunity to correct or elaborate. Eric From wcs at anchor.ho.att.com Wed Aug 18 08:05:44 1993 From: wcs at anchor.ho.att.com (Bill_Stewart_HOY002_1305) Date: Wed, 18 Aug 93 08:05:44 PDT Subject: Private legal tender Message-ID: <9308181501.AA05875@anchor.ho.att.com> Writing anonymously, Sugarplum suggests: > Customer sends cash or money order to digital bank, along with a floppy > with an anonymous email address (via a remailer) and a public key. > The bank emails the customer encrypted digital cash corresponding to the > amount he sent in (minus any service charges). The problem with this is that the bank or clerks aren't accountable - they can pocket the snail-cash and not send the digicash "Oh, darn, the floppy's blank" or "Oh, darn, the email bounced" "Guess there's nothing I can do, what a shame" just as they could if you snailmailed cash to a conventional account. If you're sending non-accountable-by-sender cash, you need some way to get a receipt. If you're mailing a check or digicash, you have a way to repudiate the transaction or at least make a claim against them, or if you can go in to the bank in person for the transactions with cash. Bill # Bill Stewart wcs at anchor.ho.att.com +1-908-949-0705 Fax-4876 # AT&T Bell Labs, Room 4M-312, Crawfords Corner Rd, Holmdel, NJ 07733-3030 From csvcjld at nomvst.lsumc.edu Wed Aug 18 08:10:55 1993 From: csvcjld at nomvst.lsumc.edu (csvcjld at nomvst.lsumc.edu) Date: Wed, 18 Aug 93 08:10:55 PDT Subject: Differential Cryptanalysis of the DES In-Reply-To: <9308181448.AA22436@soda.berkeley.edu> Message-ID: <19930818100931791@nomvst.lsumc.edu> An earlier posting described Differential Cryptanalysis of the Data Encryption Standard by E. Biham et al. (ISBN 0-387-97930-1) It can be ordered from Springer-Verlag (1-800-777-4643) for $39. From smb at research.att.com Wed Aug 18 08:35:42 1993 From: smb at research.att.com (smb at research.att.com) Date: Wed, 18 Aug 93 08:35:42 PDT Subject: The Zen of Anonymity Message-ID: <9308181531.AA04787@toad.com> >Given: Some graffiti is on the wall. >Question: who is `responsible' or `liable' for graffiti? This question already has a known answer. The author of the words is the one that is liable for them. No other parties are liable unless they had prior knowledge; this would make them conspirators. However, under certain circumstances the owner of a facility can be held liable for not removing libelous graffiti. I picked up a paper from the net some time back (/telecom-archives/sysops.libel.liability on ftp.lcs.mit.edu, ``Defamation Liability of Computerized BBS Operators & Problems of Proof'', by John R. Kahn) which discusses that point. The judgement is context-dependent -- one court noted that different standards apply to a New York subway car [sic] than to the interior of a manufacturing plant -- but the general rule is that if you know of some defamatory graffiti on your property, you're obligated to remove it. From koontzd at lrcs.loral.com Wed Aug 18 08:45:42 1993 From: koontzd at lrcs.loral.com (David Koontz ) Date: Wed, 18 Aug 93 08:45:42 PDT Subject: No Subject Message-ID: <9308181544.AA17115@nebula.lrcs.loral.com> >From: remailer at merde.dis.org (remailer bogus account) >My only hope, personally, is to fight vigorously (perhaps literally, in ^^^^^^^^^^^^^^^^^ >due course) for the maintenance of the Bill of Rights as protection >against the tyranny of _both_ the mob and the State. I personally see >the prospect of an electronic so-called democracy to be terrifying, a >mechanism whose technical subversion would be trivial for the State's >assets, say the NSA. Simple manipulation by propaganda would be even >easier. Read Orwell. Read Zamyatin. >Cypherpunks are providing the basis for long-range, (relatively) secure >communication between those activists and thinkers who may have the >power to bring down the State and restore the individual autonomy this >nation was originally devised to foster. As I understand it the Libertarian Party qualifies membership to exclude any endorsement of violent overthrow of government. While some portion of those affected by this policy may well have gone underground, I don't believe that cypherpunks as a committee of the whole are willing or ready to do so. Then again as someone pointed out yesterday, cypherpunks aren't just libertarians and/or may be unwilling to accept this sentiment. Some portion, however large of those receiving this mailing list, may not agree with this political leaning and may not consider it germaine to their participation. Avoiding the appearance of endorsing the violent overthrow of government is prudent policy for any organization. From pmetzger at lehman.com Wed Aug 18 09:25:42 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Wed, 18 Aug 93 09:25:42 PDT Subject: encrypted anonymous traffic In-Reply-To: <9308180211.AA20152@snorkelwacker.MIT.EDU> Message-ID: <9308181620.AA20911@snark.lehman.com> Marc Horowitz says: > I have to disagree with Lance here. > > >> No one can send any `bomb' through mere text, and to compare harassing > >> mail (which is definitely not to be condoned) to it is to expose your > >> naive and self-serving view of the matter. > > I know people who would probably rather receive an explosive in the > mail than receive email from certain individuals, or about certain > subjects. To begin with, the ban on encrypted messages makes no sense because people who do not have the key to read the messages can obviously not receive them, and even people who do have the key must make an active effort to read the messages. I will ignore that for the moment, however, and address this pervasive notion that words can cause more harm than letter bombs. I'm sorry, but its completely irrational to prefer to be killed by an explosive over getting email from someone you hate. This insane notion that words are somehow worse than physical blows has to stop. It leads to insane conclusions, among others, the conclusion that we must all be restricted in our speech at all times lest we offend other's feelings. This is the same argument that fundamentalist christians who would like to ban certain books from our libraries would use -- that harm can be caused by people accidently reading the books. This is no speculative notion -- the argument was once actually used regularly in our country. The real world contains lots of harmful things. People who are so incapable of handling a threatening letter or an insulting piece of mail that they would prefer to die from a letter bomb are unlikely to be able to deal with the sights and sounds they will see on an ordinary street in a big city. They are too fragile for this world and likely should be locked up for their own good until psychiatrists can manage to heal them, as the preference of death to being offended is suicidal and the incapacity to deal with the real world will obviously cripple them. The rest of the world should not be constrained to handle the needs of these obviously very mentally unbalanced individuals. Perry Metzger From plmoses at unix.cc.emory.edu Wed Aug 18 09:30:37 1993 From: plmoses at unix.cc.emory.edu (Paul L. Moses) Date: Wed, 18 Aug 93 09:30:37 PDT Subject: Violent overthrow? Message-ID: <9308181629.AA16838@emoryu1.cc.emory.edu> This may be a semantic point, but it should be made.... David Koontz sez: "Avoiding the appearance of endorsing the violent overthrow of government is prudent policy..." Um...I think I know what you mean, but isn't it better to just say outright that violence really is not the way to reform government at all, save in truly historical, exceptional cases (American Revolution, French Revolution...) I am no code cruncher but it seems to me that the relevant "precedents" for a "Cypherpunk Revolution" would be the Russian democracy movement, where the power of ideas toppled the oppressive regime with a minimum of bloodshed, while the world watched.... The way Mr Koontz puts it is awfully ambiguous and open to be read as a *very* cynical and disingenuous kind of "waffle". Point: Violence is abhorrent to civilized conduct, undermines social cohesion, and is generally justifiable only as a defensive measure. Arent we concerned with the state of affairs today precisely because individuals no longer have a sense of these kind of boundaries? So it is important to emphasis that violence is part of the problem, and not to be sloppy and suggest (inferentially) that it could be part of the solution. IMHO. From allan at elvis.tamu.edu Wed Aug 18 09:50:39 1993 From: allan at elvis.tamu.edu (Allan Bailey) Date: Wed, 18 Aug 93 09:50:39 PDT Subject: encrypted anonymous traffic In-Reply-To: <9308180211.AA20152@snorkelwacker.MIT.EDU> Message-ID: <9308181650.AA03366@elvis.tamu.edu> "Perry E. Metzger" writes: > >To begin with, the ban on encrypted messages makes no sense because >people who do not have the key to read the messages can obviously not >receive them, and even people who do have the key must make an active >effort to read the messages. I will ignore that for the moment, >however, and address this pervasive notion that words can cause more >harm than letter bombs. > Stupidity is it's own virtue. If people, who are afraid of fat electrons crowding their email-box, don't bother to _read_the_manual_ that's their fault. There's a wonderful tool called the "filter", that can protect these virtual innocents from themselves. Unfortunately, no such device exists for _real_mail_. If they don't want email from certain individuals, then they can put those people into the filter and ignore them as blissfully as they ignore reality itself. Just my $0.02 worth. -- Allan Bailey, UNIX programmer, CSC | "Freedom is not free." Infinite Diversity in Infinite Combinations | allan.bailey at tamu.edu GCS -d+ p--- c++++ l+++ u++ e++ m++ s n+ h+ f g+ w+ t+ r y+ From mab at crypto.com Wed Aug 18 09:55:42 1993 From: mab at crypto.com (Matt Blaze) Date: Wed, 18 Aug 93 09:55:42 PDT Subject: The Zen of Anonymity In-Reply-To: <9308181448.AA22436@soda.berkeley.edu> Message-ID: <9308181645.AA01889@crypto.com> > >In libel cases specifically, if you can prove who the author was, you >can sue. If you can't, too bad. Heh, heh, heh. > Be careful here - this does not allow third parties a blanket escape from liability simply by disclaiming authorship. As I understand the law of defamation, who *wrote* the words is not all important; the issue is who is publishing or otherwise causing them to be published (which would ordinarily include, but not be limited to, their author). For example, in NY Times v. Sullivan (the case that established a different standard of defamation for public figures), the NY Times didn't write a story, they simply carried an ad that claimed abuse of power by some officials (in Georgia, I think). Although it is often easier to show that the author of defamatory words knew or should have known them to be false (part of what you need to prove to win a libel case), liability does not end there. Knowingly repeating words you should know to be defamatory is still defamation. >I asked Mike Godwin about this specifically a few months ago. I >mention him here to give him to opportunity to correct or elaborate. > >Eric -matt From pmetzger at lehman.com Wed Aug 18 09:55:56 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Wed, 18 Aug 93 09:55:56 PDT Subject: Violent overthrow? In-Reply-To: <9308181629.AA16838@emoryu1.cc.emory.edu> Message-ID: <9308181653.AA20990@snark.lehman.com> Paul L. Moses says: > > This may be a semantic point, but it should be made.... David > Koontz sez: "Avoiding the appearance of endorsing the violent > overthrow of government is prudent policy..." Um...I think I know > what you mean, but isn't it better to just say outright that > violence really is not the way to reform government at all, save in > truly historical, exceptional cases (American Revolution, French > Revolution...) I'm not sure either of those cases truly succeeded, either. Myself, I feel that no good can be accomplished by initiating force against others, no matter what the cause. Violent revolutions go completely against my grain. Any sorts of reforms that will stick are going to have to arise peacefully. This is not to say, of course, that they will necessarily arise via the "democratic process". The government may simply find itself outflanked, for instance. (Imagine as an example if the government realized tomorrow that allowing citizens to know how to read would be dangerous -- its a little late to stop it, so they will never do anything about that.) Perry From frissell at panix.com Wed Aug 18 10:00:40 1993 From: frissell at panix.com (Duncan Frissell) Date: Wed, 18 Aug 93 10:00:40 PDT Subject: Physical to digital cash, Message-ID: <199308181657.AA16974@panix.com> To: cypherpunks at toad.com N>Pretty exhausting for the typical service industry. Most customers N>will pick the service that's easier to sign up for, They used to think this about PCs in general but we now have a hard core of fairly sophisticated PC users that support sophisticated software/hardware. Crypto will be a niche market for a while but there are enough "motivated buyers" out there to support a large market. These buyers would include the retail pharmacutical trade, deadbeat dads, wagering, the 10 million tax non-filers and the other 10 million filers who practice tax evasion, upscale illegal aliens, the politically motivated, a portion of the financial services industry. Obviously, people won't buy until they see a "must have" application. What will be the "Visicalc" of digital anarchy? Offshore debit VISA cards linked to anonymous accounts? If I knew of an institution offering same, I could "sell" thousands of such accounts tomorrow even with an unfriendly user interface. N>Also, the issue of which parts of these schemes are *legal* N>is critical, but being completely overlooked. Any lawyers N>out there with comments on this? As long as the phyical part of the institution is in a tax haven jurisdiction, digital cash should be legal. Most haven jurisdictions allow bank accounts in the names of businesses owned by the holders of bearer shares. Those haven jurisdictions that are in what is now the European Free Trade Area (or whatever they're calling it this month) such as Austria, Gibraltar, The Channel Islands, and Isle of Man may lose their ability to offer anonymous accounts as EEC rules tighten but there are many other jurisdictions. Also, not enough work has been done in the area of non-anonymous anonymous accounts. If an account is in the name of an institution (company, etc) beneficial ownership may be just as difficult to determine as with a genuine anonymous account. A haven-based cutout which holds accounts in ordinary jurisdictions can do many usefull things. The proliferation of non-bank banks like money market funds also provide other opportunities. "No Truce with Kings" Duncan Frissell Teaching individuals the technology of liberty since 1969 - Frissell & Associates Privacy Consulting. --- WinQwk 2.0b#0 From mrose at stsci.edu Wed Aug 18 10:10:41 1993 From: mrose at stsci.edu (Mike Rose) Date: Wed, 18 Aug 93 10:10:41 PDT Subject: encrypted anonymous traffic In-Reply-To: <9308181620.AA20911@snark.lehman.com> Message-ID: <9308181709.AA25457@MARIAN.STSCI.EDU> On Wed, 18 Aug 1993 12:20:51 -0400, "Perry E. Metzger" said: >I'm sorry, but its completely irrational to prefer to be killed by an >explosive over getting email from someone you hate. This insane notion >that words are somehow worse than physical blows has to stop. I'm sure glad you wrote this. It's about time some common sense got injected into this thread. >It leads to insane conclusions, among others, the conclusion that we >must all be restricted in our speech at all times lest we offend >other's feelings. And I'm glad you pointed this out. I hadn't looked at it this way, but I see now it's a clear extension from the "words are worse than bombs" philosophy. Mike From Hastings at courier8.aero.org Wed Aug 18 10:25:44 1993 From: Hastings at courier8.aero.org (Hastings at courier8.aero.org) Date: Wed, 18 Aug 93 10:25:44 PDT Subject: ADICO: Privacy-Friendly Anon Auditing Message-ID: <000705A0.MAI*Hastings@courier8.aero.org> Niels Ferguson sent some e-mail to me, which I managed to delete because I'm using this new MS-Mail package. But I STILL prefer it to QuickMail, mainly because it doesn't cause the system to freeze up with a stupid TSR notifier. It also is designed for Windows. But anyway ... To the question Hal Finney raised about Eric Hughes protocols, Niels also continues to have the same worries. He gave an example of a bogus depositor being compensated for interest for parking $1 million, and also thought the amount of data needed by Eric's protocol was excessive. It seems the fraud works if a depositor can be left out of the accounting. A way to insure that anyone with a signed bank statement is included might be to certify each statement by an auditor registered with the Department of Anarchy (some private association). A similar approach for digital cash might be that when you hand over an amount of gold (or whatever) to a "Notary Private," you get a receipt you can verify from an Association. Kent - From koontzd at lrcs.loral.com Wed Aug 18 10:50:42 1993 From: koontzd at lrcs.loral.com (David Koontz ) Date: Wed, 18 Aug 93 10:50:42 PDT Subject: No Subject Message-ID: <9308181747.AA17279@nebula.lrcs.loral.com> >From: "Perry E. Metzger" >>From: plmoses at emoryu1.cc.emory.edu >Paul L. Moses says: >> >> This may be a semantic point, but it should be made.... David >> Koontz sez: "Avoiding the appearance of endorsing the violent >> overthrow of government is prudent policy..." Um...I think I know >> what you mean, but isn't it better to just say outright that >> violence really is not the way to reform government at all, save in >> truly historical, exceptional cases (American Revolution, French >> Revolution...) >I'm not sure either of those cases truly succeeded, either. >Myself, I feel that no good can be accomplished by initiating force >against others, no matter what the cause. Violent revolutions go >completely against my grain. Any sorts of reforms that will stick are >going to have to arise peacefully. This is not to say, of course, that >they will necessarily arise via the "democratic process". The >government may simply find itself outflanked, for instance. (Imagine >as an example if the government realized tomorrow that allowing >citizens to know how to read would be dangerous -- its a little late >to stop it, so they will never do anything about that.) Two points of clarification: 1) I do not now, nor have I in the past advocated the violent overthrow of any domestic government. I am also opposed to the overthrow of foreign governments on moral grounds. 2) The necessity to distance ones self or organization (as may have occured in the case of the Libertarian Party) from what should be in effect an expression of free speech, smacks of McCarthyistic opression. (this was what was hidden beneath the cynicism and 'waffle') Thanks for rising to the occasion. ---- A country that can have a McCarthy Era has no business giving more power to its government. From julf at penet.FI Wed Aug 18 10:55:44 1993 From: julf at penet.FI (Johan Helsingius) Date: Wed, 18 Aug 93 10:55:44 PDT Subject: No Subject Message-ID: <9308182003.aa19556@penet.penet.FI> anonymous at extropia.wimsey.com writes: > Uu> Actually, Julf's solution isn't too bad. > > It is if your gate won't process the password header line. How many times do I have to repeat that anon.penet.fi can pick up the X-Anon lines from the message body, as long as they are the first non-empty message lines? > Uu> Maybe Julf needs to bite the bullet and start using PGP. > > That would be nice. I particularly enjoy using the PGPed remailer at > remail at extropia.wimsey.com, which is not only private, but reliable and > damn near grunge-proof. Unfortunately it has the disadvantage that I can't reply to your messages. Yes, I need to bite the bullet. I want to support PGP. But I have to pay my rent, too... Julf From khijol!erc at apple.com Wed Aug 18 11:45:45 1993 From: khijol!erc at apple.com (Ed Carp) Date: Wed, 18 Aug 93 11:45:45 PDT Subject: your mail In-Reply-To: <9308181747.AA17279@nebula.lrcs.loral.com> Message-ID: > 1) I do not now, nor have I in the past advocated the violent overthrow > of any domestic government. I am also opposed to the overthrow of > foreign governments on moral grounds. I find it interesting that the United States was formed via the venue of armed rebellion, but disqualifies anyone from public service who advocates the same. As a friend says, "the first thing the revolutionary government does when they get in power is to ... ban all revolutions!" It is also interesting to note that Jefferson, Paine, and others of the era advocated, even supported, the right of the people to overthrow an oppressive government, even their own. -- Ed Carp, N7EKG erc at apple.com 510/659-9560 anon-2133 at twwells.com If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From khijol!erc at apple.com Wed Aug 18 11:45:58 1993 From: khijol!erc at apple.com (Ed Carp) Date: Wed, 18 Aug 93 11:45:58 PDT Subject: Violent overthrow? In-Reply-To: <9308181653.AA20990@snark.lehman.com> Message-ID: > Myself, I feel that no good can be accomplished by initiating force > against others, no matter what the cause. Violent revolutions go > completely against my grain. Any sorts of reforms that will stick are > going to have to arise peacefully. This is not to say, of course, that > they will necessarily arise via the "democratic process". The > government may simply find itself outflanked, for instance. (Imagine > as an example if the government realized tomorrow that allowing > citizens to know how to read would be dangerous -- its a little late > to stop it, so they will never do anything about that.) I believe it was Jefferson who said, "The tree of liberty must from time to time be refreshed by the blood of patriots." -- Ed Carp, N7EKG erc at apple.com 510/659-9560 anon-2133 at twwells.com If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From tcmay at netcom.com Wed Aug 18 11:45:58 1993 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 18 Aug 93 11:45:58 PDT Subject: OK to advocate overthrow of the government In-Reply-To: <9308181544.AA17115@nebula.lrcs.loral.com> Message-ID: <9308181843.AA04066@netcom5.netcom.com> David Koontz writes: > As I understand it the Libertarian Party qualifies membership to exclude > any endorsement of violent overthrow of government. While some portion > of those affected by this policy may well have gone underground, I don't > believe that cypherpunks as a committee of the whole are willing or ready > to do so. The (contentious) Libertarian Party "pledge" has to do with the "initiation of force" in general. Most of us interpret this liberally, or as we wish, and certainly few feel it constrains our agenda. > Avoiding the appearance of endorsing the violent overthrow of government > is prudent policy for any organization. In any case, my understanding of U.S. law is that it's legal to advocate the overthrow of the government, it's legal to advocate the use of violence, it's just not legal to combine the two and advocate the _violent overthrow_ of the government. (I'm sure there are subtleties lost here. Certainly advocating violence that then _leads_ to violence may expose one to conspiracy, solicitation of a crime, etc., charges. But generally, neo-Nazis are relatively free to say "Kill all the Jews," provided they don't actually commit violence---things are changing with the new standards for "hurtful" and "discriminatory" speech, though. And rap musicians are free to chant about killing cops and so forth.) Overthrowing the government by force has never been a mainstream Cypherpunk position. Use of strong crypto to protect privacy has, and this may have some longterm implications for the form of government, however. (Things like enforceability of tax laws, of export laws, and speech laws. These will all be affected radically.) As others have noted, Cypherpunks have a range of political beliefs, from libertarian to socialist to ravist. -Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From newsham at wiliki.eng.hawaii.edu Wed Aug 18 11:50:42 1993 From: newsham at wiliki.eng.hawaii.edu (Timothy Newsham) Date: Wed, 18 Aug 93 11:50:42 PDT Subject: mailing list <-> newsgroup ? Message-ID: <9308181850.AA10702@toad.com> Hi, How many people are subscribed to this list right now? How many people have read it before and dropped off only due to bandwidth problems? This list easily generates more traffic than any of the newsgroups I read. If the number of people on this list is big why dont we set it up as a newsgroup (gatewayed to a list so that people without newsfeeds can still read it) ? Probably alot more people would read and participate. Newsgroups have the advantage that you can read them when you have the time and let them go when you dont, without hassles of joining and unjoining. The audience would probably be bigger as as well. Any counter arguments? Tim N. From khijol!erc at apple.com Wed Aug 18 11:55:45 1993 From: khijol!erc at apple.com (Ed Carp) Date: Wed, 18 Aug 93 11:55:45 PDT Subject: Violent overthrow? In-Reply-To: <9308181629.AA16838@emoryu1.cc.emory.edu> Message-ID: > This may be a semantic point, but it should be made.... > David Koontz sez: "Avoiding the appearance of endorsing the violent > overthrow of government is prudent policy..." Perhaps. If the founding fathers were here today, they'd probably all be in jail. > Um...I think I know what you mean, but isn't it better to just say outright > that violence really is not the way to reform government at all, save in > truly historical, exceptional cases (American Revolution, French Revolution...) I don't understand. Are you saying that oppressive governments are in the past, and that we have no need for the option to overthrow one's own government? The Chinese at Tienimen Square might disagree. Besides, no matter what the government say, "we, the people" have a right to advocate the overthrow of our own government if we so choose - the Declaration of Independence says so. Not that I think it's necessary or desirable to do so, but I have always maintained that the options *is* there... > I am no code cruncher but it seems to me that the relevant "precedents" > for a "Cypherpunk Revolution" would be the Russian democracy movement, where > the power of ideas toppled the oppressive regime with a minimum of bloodshed, > while the world watched.... If the United States government was ever "overthrown", this is probably how it would be done - via computers and high-tech, rather than guns. I don't think that the "violent overthrow" of the United States government is possible, save by an external force, and I'm not sure that another government's army would be strong enough to do so. > Point: Violence is abhorrent to civilized conduct, undermines social cohesion, > and is generally justifiable only as a defensive measure. Arent we concerned > with the state of affairs today precisely because individuals no longer > have a sense of these kind of boundaries? So it is important to emphasis > that violence is part of the problem, and not to be sloppy and suggest > (inferentially) that it could be part of the solution. Again, I don't think it's realistic to believe that the overthrow of a government such as the United States, the PRC, or even the CIS can be accomplished by violence. The American and French revolutions were justified (and successful) in part because the central authoritarian government was unresponsive to the needs and desires of the people, harsh and heavy-handed in its enforcement of arbitrary laws, and ruthless in its suppression of any sort of opposition. On the other hand, the United States allows (but no longer encourages) opposition - the very fact that we have the freedom to discuss topics like this in a free and open arena says that (at least) we still have the freedom to express the opinion that the government is full of it, and not be dragged out into our respective front yards and shot in front of our neighbors. Other societies haven't been as lucky. -- Ed Carp, N7EKG erc at apple.com 510/659-9560 anon-2133 at twwells.com If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From warlord at MIT.EDU Wed Aug 18 12:05:44 1993 From: warlord at MIT.EDU (Derek Atkins) Date: Wed, 18 Aug 93 12:05:44 PDT Subject: mailing list <-> newsgroup ? In-Reply-To: <9308181850.AA10702@toad.com> Message-ID: <9308181904.AA17099@toxicwaste.MEDIA.MIT.EDU> > Any counter arguments? Newsgroups tend to have a lot smaller S/N ratio, in general, than mailing lists. Granted, the S/N ration of this list varies, but I think its always been a lot better than many of the better newsgroups. Making cypherpunks a newsgroup will just lower the S/N ratio without helping increase anything else (other than readership). If you think there is too much traffic, have the mail go to some other account that you only log into when you have the time. Hitting the "d" key in mh-rmail isn't that much overhead! ;-) Cypherpunks should stay in e-mail. my $.02 -derek From strick at versant.com Wed Aug 18 12:35:45 1993 From: strick at versant.com (strick -- henry strickland) Date: Wed, 18 Aug 93 12:35:45 PDT Subject: mailing list <-> newsgroup ? In-Reply-To: <9308181850.AA10702@toad.com> Message-ID: <9308181936.AA19123@versant.com> THUS SPAKE Timothy Newsham : # The audience would probably be bigger as as well. and quality would degrade. News and mail may look the same, but the social effects are quite different. # Any counter arguments? Yeah. Gene Spafford often says that newsgroups are no way to get things done. However I think that mailing lists can be rather effective. I think you're saying that your problem is that your newsreader is a lot better than your mailreader. Perhaps you can fix the problem... strick From honey at citi.umich.edu Wed Aug 18 12:55:46 1993 From: honey at citi.umich.edu (peter honeyman) Date: Wed, 18 Aug 93 12:55:46 PDT Subject: mailing list <-> newsgroup ? Message-ID: <9308181951.AA12678@toad.com> > Yeah. Gene Spafford often says ... it is odd that you quote gene spafford in a group that is anathema to his avowed goals. peter From jet at nas.nasa.gov Wed Aug 18 12:55:59 1993 From: jet at nas.nasa.gov (J. Eric Townsend) Date: Wed, 18 Aug 93 12:55:59 PDT Subject: World record in password checking Message-ID: <9308181953.AA05020@boxer.nas.nasa.gov> [forwarded for your enjoyment --eric] A NEW WORLD RECORD IN PASSWORD CHECKING HAS BEEN SET: ----------------------------------------------------- Roch Bourbonnais, a Thinking Machines Corporation engineer, has ported and optimized the CM/2 port of the UFC-crypt to a CM/5 system. The UFC-crypt (Ultra Fast Crypt) implementation on the CM/2 Connection Machine (parallel computer) is a UNIX password checking routine (crypt()) ported by Michael Glad at UNI-C. The port, that is written in CM-fortran, utilizes the CM/5 vector units and is partly programmed in cdpeac (vector unit assembly language). The package achieves 1560 encryptions/second/vector unit. This scales to 6,4 million encryptions per second on a large 1024 node machine. 800,000 - - - - - small 128 - - With this impressive performance, all combinations of 6 letters can be tried in less than an hour and all combinations of 6 lower-case letters can be tried in less than one minute. Congratulations, Jorgen Bo Madsen +-----------------------------------------------------------------------+ ! Jorgen Bo Madsen, Security Consultant ! ! UNI-C Lyngby, Danish Computing Centre for Research and Education ! ! DTH, Building 305, DK - 2800 Lyngby, ! ! Phone : +45-45-938355 ! ! Telefax: +45-45-930220 ! ! E-Mail : Jorgen.Bo.Madsen at uni-c.dk ! +-----------------------------------------------------------------------+ ------- End of forwarded message ------- From cme at ellisun.sw.stratus.com Wed Aug 18 13:00:42 1993 From: cme at ellisun.sw.stratus.com (Carl Ellison) Date: Wed, 18 Aug 93 13:00:42 PDT Subject: `Stalled' Progress In-Reply-To: <9308172302.AA14826@snark.lehman.com> Message-ID: <9308181557.ZM29483@ellisun.sw.stratus.com> On Aug 17, 7:02pm, "Perry E. Metzger" wrote: > Subject: Re: `Stalled' Progress > > If we act as though we are shady, we will only make it easier to > repress us. > Amen! I enjoy being shady at times - and certainly did in my youth (something I cling to with my fingernails, now :-). However, the giverment is trying to do something here which is an affront to perfectly dull, ordinary people (like the Republicans for whom I work) and Cypherpunks are doing something to fight against such reprehensible behavior. For this fight against Skipjack, Clipper and ITAR, I see no reason to act like an underground organization. In the above-ground fight, of course, it's interesting to speculate about what the underground would do if Clinton's Cops were to try to clamp down. That can be good information to bring to the public. Then again, if it's scary enough (like the V.Voice article, perhaps), maybe it could drive the voting public into the loving arms of the FBI. - Carl From cme at ellisun.sw.stratus.com Wed Aug 18 13:05:46 1993 From: cme at ellisun.sw.stratus.com (Carl Ellison) Date: Wed, 18 Aug 93 13:05:46 PDT Subject: encrypted anonymous traffic In-Reply-To: <9308181709.AA25457@MARIAN.STSCI.EDU> Message-ID: <9308181603.ZM29489@ellisun.sw.stratus.com> On Aug 18, 1:09pm, Mike Rose wrote: > > >It leads to insane conclusions, among others, the conclusion that we > >must all be restricted in our speech at all times lest we offend > >other's feelings. > > And I'm glad you pointed this out. I hadn't looked at it this way, > but I see now it's a clear extension from the "words are worse than > bombs" philosophy. It also leads to talk about strong crypto as if it were assault rifles. From shipley at merde.dis.org Wed Aug 18 13:25:46 1993 From: shipley at merde.dis.org (Peter shipley) Date: Wed, 18 Aug 93 13:25:46 PDT Subject: fyi: forward from cert-tools-request mailing list. Message-ID: <9308182019.AA16210@merde.dis.org> ------- Forwarded Message >From cert-tools-request at cert.org Wed Aug 18 13:05:55 1993 To: cert-tools at cert.org Originally-From: Jorgen Bo Madsen Subject: World record in password checking A NEW WORLD RECORD IN PASSWORD CHECKING HAS BEEN SET: - - - - ----------------------------------------------------- Roch Bourbonnais, a Thinking Machines Corporation engineer, has ported and optimized the CM/2 port of the UFC-crypt to a CM/5 system. The UFC-crypt (Ultra Fast Crypt) implementation on the CM/2 Connection Machine (parallel computer) is a UNIX password checking routine (crypt()) ported by Michael Glad at UNI-C. The port, that is written in CM-fortran, utilizes the CM/5 vector units and is partly programmed in cdpeac (vector unit assembly language). The package achieves 1560 encryptions/second/vector unit. This scales to 6,4 million encryptions per second on a large 1024 node machine. 800,000 - - - - - small 128 - - With this impressive performance, all combinations of 6 letters can be tried in less than an hour and all combinations of 6 lower-case letters can be tried in less than one minute. Congratulations, Jorgen Bo Madsen +-----------------------------------------------------------------------+ ! Jorgen Bo Madsen, Security Consultant ! ! UNI-C Lyngby, Danish Computing Centre for Research and Education ! ! DTH, Building 305, DK - 2800 Lyngby, ! ! Phone : +45-45-938355 ! ! Telefax: +45-45-930220 ! ! E-Mail : Jorgen.Bo.Madsen at uni-c.dk ! +-----------------------------------------------------------------------+ ------- End of Forwarded Message From bill at twwells.com Wed Aug 18 13:36:00 1993 From: bill at twwells.com (T. William Wells) Date: Wed, 18 Aug 93 13:36:00 PDT Subject: my aps Message-ID: <9308181539.AA28939@twwells.com> There are several issues I want to address in this message. One is communication style, another is the nature of my anonymous service, and finally, what I think about the whole thing. On communication style: some people have this delusion that they can write to others and expect or even demand a reply. Well, it isn't so. If someone writes to me, I'm under no a priori obligation to read, to try to understand, or to spend effort replying. This is irrespective of the style *or* the content of their message. In general, the only thing that obligates one to answer another is the prior respect that one should have for others -- which has to be lived up to in *their* actions. Mr. Detweiler simply blew it. His original message was full of insults and insinuations and, quite frankly, he should consider himself honored that I bothered to tell him where he went wrong. _Of course_, any legitimate issues he brought up in the same message weren't addressed. He demanded of me that I address those issues -- and that I deal with hus abusiveness. As you may guess, I really have no interest in addressing Mr. Detweiler directly; I figure he's got a few years of mental development to go through before I'll consider him fit for carrying out any sort of rational conversation with. However, others have been more reasonable and I'll try to address some of their concerns and to point out some of the relevant circumstances surrounding my service. The first thing you need to understand is that my anonymous service is integral to a specific community of people who have suffered through childhood abuse and adult sexual abuse. (In fact, essentially everyone on the group who is dealing with adult sexual abuse is also dealing with childhood abuse.) It is intended only for the users of a specific set of newsgroups, alt.sexual.abuse.recovery and its .d group. On the newsgroup, there are usually several individuals who are "that close" to committing suicide. Some will be shortly, or have been recently, in psychiatric wards. Most have been in, or are contemplating, psychological therapy of one sort or another. Quite a few are taking medication for various psychiatric conditions. This is neither the time nor the place to discuss the wherefors and whys of abuse recovery; you'll just have to take it as a given that the rules used for understanding people in general won't work so well when applied to this newsgroup, or to my anonymous service. I provide a service to people who, at least in specific areas, are not rational, who are definitely irrational. I know of, for example, one person who went into convulsions simply because they received e-mail from a person who, many years ago, had abused a child. In line with that, my service differs from the standard anonymous services. One is that it *is* integrated into the community. I am a survivor myself, I offer personal assistance (in computer matters) to people in the group, I forward the newsgroup via e-mail to those who can't get it otherwise, and so on. These are all part of what I do, not just running the anonymous service. (In fact, I have to occasionally correct the erroneous belief that I am responsible for the newsgroup; not surprising when you realize that over half the newsgroup goes through my server.) My service has things like being able to turn on and off e-mail forwarding. People can remove themselves from the server automatically. Shortly, people will be able to specify by id who they do or do not get e-mail from. The other area where my service differs is that the others provide two distinct functions, confidentiality and privacy, but there is no attempt, or reason, to protect their users from any sort of e-mail. It's enough to deal with harassment claims when they arise. In mine, I've chosen a different direction. I've decided to make the attempt to keep out specific types of e-mail, with the cost that I cannot guarantee privacy from me. Also, I probably have a higher standard of confidentiality than the other two services. (This is not intending to suggest that there's anything wrong with their standards, just that I suspect mine are a bit tighter.) People on the newsgroup post their innermost secrets and fears and many have a need to believe that those won't then be used against them. (And, for that reason, the default for e-mail forwarding is "off".) Public posting is one thing but it is quite easy for one skilled in the art of abusing (and, yes, there are such people and they do read the newsgroup, getting a kick out of the pain of others) to manipulate people behind the scenes into abusive situations and in such a way as to keep the victim from being able to speak of what is going on. *That*, and similar things, are what this is all about. As to my thoughts on the relevant principles. As I mentioned, I am an Objectivist. That may clue you as to where I'm coming from. But in case not, the primary fact is that I'm offering a *private* service. I run it out of my home, using my phone lines, and paid for with my money. While I offer it to all on the newsgroup, it *is* *not* intended for the general public. Only survivors and their supporters are legitimate users. (Though I tend to be lax on that. Just as I am with my encryption proscription. There are users who send encrypted e-mail through my service but they have recieved my prior permission to do so.) No one, other than myself, has any right to specify what I do with this, beyond the minimum of respecting their rights. Their rights do not extend to arbitrary protection of their confidentiality or privacy. Those who use my anonymous service have an implicit right to protection of their anonymity *and that is all*. (And even that is only up to a point.) Any other protections I offer beyond that are mine to choose; they are not implicit in an anonymous server. In addition to confidentiality, I offer privacy in two ways: from others, because it is necessary to protect confidentiality, and from myself, because no one likes their innermost thoughts gratuitously pawed over by one who is essentially a complete stranger. But that latter privacy is only with respect to *gratuitous* invasion by myself. Beyond that, I offer a watchful eye to keep abuses in hand. The bottom line is this: I provide a useful service to over half of the newsgroup. Most of its users are happy with it. Most people who have communicated with me, who are or are potentially legitimate users of my service, have been either neutral or positive about my policies. (Yes, most people who have expressed dislike for my policies are outsiders.) As things are, they work well. No change is *necessary* though some may be *desirable*. Careful thought and respectful dialog may convince me of desirable changes. Logicless rhetoric and verbal abuse, however, will, at best, cause me to ignore both the speaker and his message. From tcmay at netcom.com Wed Aug 18 13:40:43 1993 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 18 Aug 93 13:40:43 PDT Subject: Crypto Protocols are Hard to Analyze Message-ID: <9308182038.AA05720@netcom.netcom.com> Fellow Cypherdroids, Crypto protocols are _hard_ to analyze! Speaking for myself, keeping the many combinations and permutations of crypto terms, channels, spoofing scenarios, and whatnot, straight is very confusing. This should be no great revelation to any of you who've tried to closely follow the protocols for digital cash (coins, coupons, certificates of deposit, blinded notes, and even "S&H Green Stamps"). Analyzing and finding flaws (often subtle) in cryptographic and digital money protocols is time-consuming. I'm currently trying to analyze a digital cash "coupon" system proposed by Nick Szabo, and Hal Finney last night posted his initial analysis of the "NetCash" scheme proposed recently. And the physical Cypherpunks meetings have recently been dominated by fairly gory details ("gory" means highly detailed and potentially confusing) of such new proposed systems as "Twain (tm)," an anonymous remailer (and its associated pieces, like "Clemens (tm)"...don't ask me to explain, as I got lost in the process!), and "Digital Silk Road (tm)" (and its own associated pieces, "Joule (tm)," "INDRA (tm)," etc.). (Sidenote: I get worried when so many new protocols are already being given names and being, to various degrees, "productized." Could this be a case of "premature productization"?) And anyone who looks at the "Advances in Cryptology-CRYPTO 'xx" books, the books where the main crypto results are published (along with "EuroCrypt," "AusCrypt," and "AsiaCrypt"...mostly all published by Springer-Verlag in their silver-grey paperback series), will quickly see the explosion of complex protocols. What's the connection with Cypherpunks? After all, we all know this stuff is complex, so what's the big deal? I argue that a group such as ours, devoted to actually exploring and perhaps deploying modern crypto ideas, should try to *do something* about the combinatorial explosion of concepts, terms, and confusing protocols. It has been said about AI that 90% of the work is currently just reinvention of terms of yore, with new ideas mainly being rehashes of things invented 10 or 20 years earlier. My fear is that "digital money," to name just one example, is showing the same sort of thing, with lots of new terms for basic ideas, lots of complicated protocols which are (admittedly) hard to analyze (to try to break, to try to spoof, to "game against"). Many of these complex protocols simply _won't_ get analyzed in enough detail, if only because there aren't enough of us to do the analyses. (The obvious danger of _not_ analyzing a digital money scheme in enough detail, with enough paranoid motivation, is that it gets deployed and then broken by someone who knows how to break it--someone who has studied a similar problem and knows the points of weakness, someone who is just lucky, whatever. This could wipe out the developers, sow mistrust amongst the Cypherpunks/crypto community, etc.) Evidence that "protocols are hard to analyze" lies in the fact that only recently has basic public-key crypto begun to spread...and there are still lots of folks looking for weaknesses in PGP, for example. Almost nothing using more recent protocols has shown up....no "Pretty Good Digital Cash," not "Pretty Good Digital Timestamping," etc. (Though our own remailers, while very far from even Chaum's 1981 system, are interesting. Let's just not think of them as "cryptographic" in any sense...they rely almost totally on simple trust, a major cryptographic no-no.) More complicated protocols, like the "Dining Cryptographers Problem" (Chaum's paper on this should still be in the "soda" archives), are just a _piece_ of what's needed for our longterm Cypherpunks future (which I choose to call "crypto anarchy"), and yet analysis of it consumes _hundreds_ of pages (see, for example, the Jurgen Bos Ph.D. thesis I distributed a year ago at the first Cypherpunks meeting.) Am I proposing anything constructive here? First, I am not proposing limiting the universe of discourse on this List in any way. Folks will always be free to say whatever they like, to use whatever terms they wish. Second, I'm not pushing a particular agenda...at least I hope I am not. Here are some suggestions, some things to mull over. 1. Our archive site of papers and books is not available to many of the folks attempting to develop new protocols. To pick one example: digital money in all its various forms. The several proposals for digital cash (digital postage, NetCash, S&H green stamps, Cayman Islands deposits, etc.) are sometimes repeats of work done years ago--and shown to be flawed in major ways. Workers in this field should of course plan to acquire _all_ of the relevant papers, and probably should be at this year's "Crypto" conference (too late now). There just is no excuse for trying to "reinvent the wheel" when folks who are working full-time on something have already tilled the field (to mix some metaphors). It may be true that gifted amateurs can sometimes discover something the experts have not (after all, our fellow Cypherpunk Whit Diffie was in some sense a "gifted amateur" in the mid-70s, when nearly all "serious" cryptologists worked for the NSA), but it happens fairly rarely. We need to encourage serious workers to obtain and read all of the previously published material (the "Information Liberation Front," from which little has been heard lately, can only scan and OCR a tiny fraction of the papers that are relevant, and even then can't reasonably handle equations and mathematical arguments). 2. We should agree on some terms, somehow, so that we're using a *common language* and not wasting huge amounts of time trying to deduce what Alice means by "return receipt" versus what Bob means when he uses the same term. (For example, Eric Messick calls his things "onions," suggesting multiple layers of "return postage guaranteed" envelopes. This may be a great idea, and even a great name (which we may all be using in 5 years), but it is potentially confusing, I think you'll agree.) (Formal crypto papers often use their own terminology, and those of us who read the papers have to convert from, say, "blobs" (a Chaum/Brassard term), to the terms favored by others. A few "Schelling points" for terms have appeared, usually with some groundbreaking or widely read paper, but cryptologists continue to reinvent their own terms, sometimes because they haven't understood the work of others, sometimes because of "NIH.") 3. The lack of a FAQ is not really the issue, as the issues I'm talking about here go somewhat deeper than nearly any FAQ will ever go. Possibly a much-expanded "Glossary" (also in the "soda" archives) could be used to ensure more of us are using the standard terms. 4. I recommend we _not_ spend a lot of time at Cypherpunks meetings on detailed protocols, as these are notoriously hard for people to follow, except in broad outlines. People "space out" on the details and teh devil's in the details. Rather, more detailed written papers are the best way, I think, to convey complicated ideas. Written papers force the writers to more carefully state their assumptions, their reliance on previous works, and to then more carefully work through their line of reasoning. Readers who are interested can then work through the papers in as much detail as they wish. Sometimes it takes many hours to work through a protocol. For example, I must've spent 10 hours going through Chaum's DC-Net paper, drawing pictures, going back to his 1981 paper on "mixes," and generally reading and rereading. (Then I spent even more time explaining it in a series of essays to the Extropians mailing list, before this list existed.) 5. Eric Hughes and I toyed with the idea of creating a "protocol analysis language," or at least a toolkit for describing and diagramming protocols (inspired by the Chaum-school "triangle" diagrams, which place the "Customer," the "Shop," and the "Bank" in a triangle and then analyze who knows what, where the bits flow, who can prove what, etc.). Here's just the most basic and initial look at such a diagram: Customer / \ / \ (I won't add all the other stuff) / \ Shop---------Bank (The "nouns" then have channels, actions ("verbs"), etc. associated with them. The digital money protocols are themselves complicated, involving "bit commitment," "blinding," and the like. And then there are the complications of any of these entities attempting to "break" the system, to steal money, to spend a digital token more than is authorized, to trace the flow of money, etc. Collusion, spoofing, etc. It gets confusing very fast.) Nothing has so far come of this idea, but it seems to me to be a shame that we're just drawing chicken marks on paper or on whiteboards (and losing most of the audience along the way, at least in terms of the all-important details). Complicated protocols--and the digital money constellation of ideas is just one--demand more powerful tools. (Speculatively, what I would someday hope to see is a kind of "Protocol Compiler," with functional specs (possibly written in a very higl-level language) transformed/rewritten to the best set of protocols available. The building blocks would be various forms of encryption, of reputations, of blinding, and so on. Each of the building blocks could be analyzed separately and improved upon....and probably bought from specialized developers. I know of no work along these lines, though. But I would not be at all surprised to find that some groups are doing something like this--the combinatorial explosion of possibilities makes hand-analysis problematic.) Well, enough for now. Let me know what you think. With lots of new ideas for digital cash, remailers, mixes, digital betting schemes, coupons, postage, data havens, digital voting, and all the rest, we'll soon be drowning in protocols none of us have the time--or specific expertise--to analyze. Right now the crypto enthusiasts and amateurs are still stuck at the "Here's my idea for a new cipher...can you break it?" level, not even having reached the level of proposing new public key systems. We are beginning to see proposals on the Net for new digital money systems (NetCash being the most recent example). Over the next several years, there may be an explosion of these new proposals. Analyzing and quickly debunking them (when they need debunking, as most do...I am not saying this in a disdainful way, just noting reality....nothing is gained by the adoption of weak schemes) will be a challenge. Perhaps one Cypherpunks goal could be to maintain a publicly accessible database (in hypertext, even, using the World Wide Web or similar) of published techniques, of how to break or spoof them, of tips and tricks, and so on. (Yes, I am interested in working on something like this.) Best wishes, -Tim May -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: by arrangement Note: I put time and money into writing this posting. I hope you enjoy it. From honey at citi.umich.edu Wed Aug 18 14:20:42 1993 From: honey at citi.umich.edu (peter honeyman) Date: Wed, 18 Aug 93 14:20:42 PDT Subject: World record in password checking Message-ID: <9308182116.AA14986@toad.com> why doesn't this impress me? i'll tell you why. with o a stock version of des (dennis ferguson's), which is written in c, and not optimized for any particular chip or vector hardware o a no-name 50 Mhz 486, which you can buy for under $1,000 at fry's o netbsd, a freely available general purpose operating system i have measured 29,000 des crypts per second. now give me a "1,024 node" machine made of of these -- admittedly unwieldy, but no doubt a hell of a lot cheaper than a 1,024 node CM/5 (and a hell of a lot more useful, imho) -- and i can run at three times the "world record" rate. peter, inveterate iconoclast From tcmay at netcom.com Wed Aug 18 14:25:48 1993 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 18 Aug 93 14:25:48 PDT Subject: my aps In-Reply-To: <9308181539.AA28939@twwells.com> Message-ID: <9308182123.AA18807@netcom5.netcom.com> T. William Wells has written us a polite and nice summary of his position, and his points are very helpful to us in understanding the issues of anonymity. > There are several issues I want to address in this message. One > is communication style, another is the nature of my anonymous > service, and finally, what I think about the whole thing. > > On communication style: some people have this delusion that they > can write to others and expect or even demand a reply. Well, it > isn't so. If someone writes to me, I'm under no a priori > obligation to read, to try to understand, or to spend effort > replying. This is irrespective of the style *or* the content of > their message. He is right that insulting remarks will seldom produce good debate. > The first thing you need to understand is that my anonymous > service is integral to a specific community of people who have > suffered through childhood abuse and adult sexual abuse. (In .... > On the newsgroup, there are usually several individuals who are > "that close" to committing suicide. Some will be shortly, or have > been recently, in psychiatric wards. Most have been in, or are I can readily see why Bill would like to have some limits (imposed by _him_...a pure marketplace decision!) on anonymity. After all, some sickos might literally post "Jump!" messages to those on the verge of suicide. (I am not being facetious or sarcastic here...I mean this quite seriously.) Other services should be free, of course, to have different policies. Those who want anonymity in anything they may say, including "Jump!," are free to patronize such services. > I provide a service to people who, at least in specific areas, > are not rational, who are definitely irrational. I know of, for > example, one person who went into convulsions simply because they > received e-mail from a person who, many years ago, had abused a > child. An excellent example of why and how specialized cyberspace services (like remailers) will develop various strategies. In a sense, Bill is acting as a filter, or a paternal figure (not meant pejoratively), for his clients. This is completely and fully consistent with Cypherpunks goals. (To avoid flames about me presuming to speak for Cypherpunks, I mean "in my opinion.") > In line with that, my service differs from the standard anonymous > services. One is that it *is* integrated into the community. I am > a survivor myself, I offer personal assistance (in computer > matters) to people in the group, I forward the newsgroup via ... > automatically. Shortly, people will be able to specify by id who > they do or do not get e-mail from. This is exciting! Specialized "agents," the wave of the future. > As to my thoughts on the relevant principles. As I mentioned, I > am an Objectivist. That may clue you as to where I'm coming from. > But in case not, the primary fact is that I'm offering a > *private* service. I run it out of my home, using my phone lines, > and paid for with my money. While I offer it to all on the Many of us were strongly influenced by Rand (and even those who hate Rand, including some of my closest friends and Cypherpunks colleagues, understand the importance of freedom in market dealings). > No one, other than myself, has any right to specify what I do > with this, beyond the minimum of respecting their rights. Their > rights do not extend to arbitrary protection of their > confidentiality or privacy. Those who use my anonymous service > have an implicit right to protection of their anonymity *and that ...rest of good points elided to save space.... > As things are, they work well. No change is *necessary* though > some may be *desirable*. Careful thought and respectful dialog > may convince me of desirable changes. Logicless rhetoric and > verbal abuse, however, will, at best, cause me to ignore both the > speaker and his message. Bill, I agree with all your points. And if I was running one of these abuse-related remailers (something about "ASAR," I recall), I suspect I'd have the same policy you have. Anonymity should not be forbidden by law, but it can (and sometimes should be) filtered by agents of the subscribers. If they don't like the way the filtering is done, they can try another service. I hope you continue to contribute your ideas to our list. -Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From kurt at grogatch.seaslug.org Wed Aug 18 14:45:47 1993 From: kurt at grogatch.seaslug.org (Kurt Cockrum) Date: Wed, 18 Aug 93 14:45:47 PDT Subject: Call for Clipper Comments In-Reply-To: <00541.2828442468.4792@washofc.cpsr.org> Message-ID: <9308181622.AA00050@grogatch.seaslug.org> [...] >* The potential risks of the proposal have not been assessed and >many questions about the implementation remain unanswered. The >NIST notice states that the current proposal "does not include >identification of key escrow agents who will hold the keys for the >key escrow microcircuits or the procedures for access to the >keys." The key escrow configuration may also create a dangerous >vulnerability in a communications network. The risks of misuse of >this feature should be weighed against any perceived benefit. o Escrow agents will certainly be subject to attacks, especially by other foreign powers with national-level budgets (for example, Britain, France, Israel, Japan, Russia, etc., or multi-nationals), *and/or* by talented crackers, or cracker-consortia, such as might found be on the cypher-punks mailing list :) :) . At best, publishing the results of successful attacks (say, on alt.whistleblowers) might have the positive benefit of eventually dooming the system as a bad idea from the start, at the expense of those who chose to use the system (evolution in action, I guess), and the taxpayers (who pay for implentation & deployment). That's doing it the hard way, though. o Social/political-change organizations using the Clipper system for their internal communications would be especially vulnerable to COINTELPRO-style attacks. [...] >* The NIST proposal states that the escrow agents will provide the >key components to a government agency that "properly demonstrates >legal authorization to conduct electronic surveillance of >communications which are encrypted." The crucial term "legal >authorization" has not been defined. The vagueness of the term >"legal authorization" leaves open the possibility that court- >issued warrants may not be required in some circumstances. This >issue must be squarely addressed and clarified. o Typically, "legal authorizations" operate over a constrained period of time. Once that time period is over, the authorization is supposed to go away. However, there's no provision for the released key components to go away. In effect, once key components are released, the corresponding user hardware is *permanently* compromised. It's pretty likely that released key components would find their way to such private cop-agencies as Wackenhut, or LEIU (Law Enforcement Intelligence Unit), which has branches right in the police departments of most major cities. [typically, when "red squads" are ordered to "destroy" their accumulated files, the files generally get transferred to LEIU]. o What guarantees the "duopoly" of the 2 escrow agencies? It's almost certain that somebody will attempt to "mirror" them, whether "legitimately" (CIA, say) or illegitimately, overtly or covertly. Again, look for LEIU here. >* Adoption of the proposed key escrow standard may have an adverse >impact upon the ability of U.S. manufacturers to market >cryptographic products abroad. It is unlikely that non-U.S. users >would purchase communication security products to which the U.S. >government holds keys. Maybe they can get the UN in on the deal: UNESCROW-A and UNESCROW-B! hee, hee --kurt at grogatch.seaslug.org (Kurt Cockrum) From pmetzger at lehman.com Wed Aug 18 14:55:47 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Wed, 18 Aug 93 14:55:47 PDT Subject: World record in password checking In-Reply-To: <9308182116.AA14986@toad.com> Message-ID: <9308182154.AA21533@snark.lehman.com> peter honeyman says: > why doesn't this impress me? i'll tell you why. with > > o a stock version of des (dennis ferguson's), which is written in c, > and not optimized for any particular chip or vector hardware > > o a no-name 50 Mhz 486, which you can buy for under $1,000 at fry's > > o netbsd, a freely available general purpose operating system > > i have measured 29,000 des crypts per second. > > now give me a "1,024 node" machine made of of these -- admittedly > unwieldy, but no doubt a hell of a lot cheaper than a 1,024 node CM/5 > (and a hell of a lot more useful, imho) -- and i can run at three times > the "world record" rate. You can do even better if you happen to have 2000 sparcstations which are idle for 16 hours a day. Myself, I wonder how many machines we would need for a net parallel DES crack. Perry From mccoy at ccwf.cc.utexas.edu Wed Aug 18 15:30:43 1993 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Wed, 18 Aug 93 15:30:43 PDT Subject: World record in password checking In-Reply-To: <9308182116.AA14986@toad.com> Message-ID: <199308182228.AA22350@tramp.cc.utexas.edu> > why doesn't this impress me? i'll tell you why. with [use a bunch of PCs running some freenix to do it] > > now give me a "1,024 node" machine made of of these -- admittedly > unwieldy, but no doubt a hell of a lot cheaper than a 1,024 node CM/5 > (and a hell of a lot more useful, imho) -- and i can run at three times > the "world record" rate. Perhaps because internal communication between those 1024 machines will be significantly more difficult than running on a machine that is optimized for parallel operations, RPC just doesn't cut it. You would probably lose a number of your hosts off the top just to coordinate the activity of the remaining machines. Besides, if you really want to do this spend your one or two million (approx cost of your 1000PC site) on seriously dedicated DES-cracking parallel hardware. Do the cracking in hardware, not software. Either way, I could think of more fun things to do with those 1024 PCs :) jim From cme at ellisun.sw.stratus.com Wed Aug 18 15:45:50 1993 From: cme at ellisun.sw.stratus.com (Carl Ellison) Date: Wed, 18 Aug 93 15:45:50 PDT Subject: Call for Clipper Comments In-Reply-To: <9308181622.AA00050@grogatch.seaslug.org> Message-ID: <9308181842.ZM29957@ellisun.sw.stratus.com> On Aug 18, 4:22pm, Kurt Cockrum wrote: > Subject: Re: Call for Clipper Comments > > Maybe they can get the UN in on the deal: > UNESCROW-A and UNESCROW-B! hee, hee > Not bad...but I'm going to put in the bid for being one of the escrow agencies. I'm certainly more trustworthy than any federal agency. Besides, why should the government get all the bribe money? I think private citizens should get to share in that revenue stream. - Carl From tcmay at netcom.com Wed Aug 18 15:46:09 1993 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 18 Aug 93 15:46:09 PDT Subject: World record in password checking In-Reply-To: <9308182154.AA21533@snark.lehman.com> Message-ID: <9308182243.AA27924@netcom5.netcom.com> Perry Metzger, pmetzger at lehman.com, writes: > You can do even better if you happen to have 2000 sparcstations which > are idle for 16 hours a day. Myself, I wonder how many machines we > would need for a net parallel DES crack. I think this is Perry's way of telling us how Lehman Brothers (or Shearson-Lehman, or American Can, or Primerica, or Kuhn-Loeb, etc.) is _really_ making its money! Put those unused CPU cycles to use! -Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From strick at versant.com Wed Aug 18 16:30:43 1993 From: strick at versant.com (strick -- henry strickland) Date: Wed, 18 Aug 93 16:30:43 PDT Subject: mailing list <-> newsgroup ? In-Reply-To: <9308181951.AA12678@toad.com> Message-ID: <9308182331.AA20656@versant.com> THUS SPAKE peter honeyman : # it is odd that you quote gene spafford in a group that is anathema # to his avowed goals. Whether I speak to the 'punks, the spooks, or the 700 Club, if I repeat something that you said first or said best, I'll credit you, peter. Spaf does have some experience with netnews, so I don't think it's that odd. strick From bill at twwells.com Wed Aug 18 16:40:43 1993 From: bill at twwells.com (T. William Wells) Date: Wed, 18 Aug 93 16:40:43 PDT Subject: my aps In-Reply-To: <9308182123.AA18807@netcom5.netcom.com> Message-ID: <9308181846.AA01552@twwells.com> Timothy C. May writes: : I can readily see why Bill would like to have some limits (imposed by : _him_...a pure marketplace decision!) on anonymity. After all, some : sickos might literally post "Jump!" messages to those on the verge of : suicide. (I am not being facetious or sarcastic here...I mean this : quite seriously.) They have. That, unfortunately, is outside of what I can do, since that would require continuous monitoring and would simply be impracticable. Yesterday's e-mail flow, for example, containe 161 messages and came to 433283 bytes. Even allowing for 1K for each header, that's 272K of data. We're talking a small novel here! And it would slow things down tremendously; I have to sleep some time! Some examples of what I do: One woman posted a message saying that she was afraid that she might be killed by her step-father. At that time, I grabbed her e-mail address from the database and put it elsewhere so that if she disappeared without saying farewell, I could initiate inquiries (thankfully, she didn't). More recently, someone posted a very strange message that either came from an abuser or from someone in a very scary and confused place. I checked out the e-mail address and discovered that it was the latter (that person also using a different id on my service). Then, I added a trap into the service to see if anyone would send e-mail to the new id because, almost certainly, anyone responding to that message in e-mail would have to be an abuser. (No one did.) More ambiguously, I know of one person who is playing some serious mind games with the group. That's the sort of thing that's a real test because it's next to impossible to say what the motive is behind the games. He might be an abuser or he might be just making a play for sympathy. So far, the only action I've taken has been to explain some of the facts to a couple of others and ask them whether I should begin monitoring this person. (So far, they've said no.) : Other services should be free, of course, to have different policies. : Those who want anonymity in anything they may say, including "Jump!," : are free to patronize such services. Yup. I'm actually glad that there are other services. I can tell people where the limits are and not feel like I'm excluding them thereby. : An excellent example of why and how specialized cyberspace services : (like remailers) will develop various strategies. In a sense, Bill is : acting as a filter, or a paternal figure (not meant pejoratively), for : his clients. Sorta. I can't guarantee safety but I can be a lot more sympathetic to the needs of this specific community. : > automatically. Shortly, people will be able to specify by id who : > they do or do not get e-mail from. : : This is exciting! Specialized "agents," the wave of the future. I guess so, though I don't think of it that way. What I do is listen to the needs of the community and respond to them when I can. What I described is something people have been wanting to do for a long time. : > As to my thoughts on the relevant principles. As I mentioned, I : > am an Objectivist. That may clue you as to where I'm coming from. : > But in case not, the primary fact is that I'm offering a : > *private* service. I run it out of my home, using my phone lines, : > and paid for with my money. While I offer it to all on the : : Many of us were strongly influenced by Rand (and even those who hate : Rand, including some of my closest friends and Cypherpunks colleagues, : understand the importance of freedom in market dealings). Those who have been turned off by Rand and the Randroids may want to check out the Bitnet Ayn Rand list. It's polite, arguments from authority are not allowed, serious disagreement with Objectivist dogma occurs, and there are a number of professional philosophers, not to mention a new member, Dr. Branden (yes, that one), to make life interesting. : And if I was running one of these : abuse-related remailers (something about "ASAR," I recall), I suspect : I'd have the same policy you have. The group my server for is ASAR, for alt.sexual.abuse.recovery. : Anonymity should not be forbidden by law, but it can (and sometimes : should be) filtered by agents of the subscribers. If they don't like : the way the filtering is done, they can try another service. Exactly. And I have two competitors to keep me honest already, not to mention any number of potential competitors. : I hope you continue to contribute your ideas to our list. Well, I didn't know the list existed until someone cc'd a message to me into the list. What is this list and why would I want to subscribe? From smb at research.att.com Wed Aug 18 16:55:50 1993 From: smb at research.att.com (smb at research.att.com) Date: Wed, 18 Aug 93 16:55:50 PDT Subject: World record in password checking Message-ID: <9308182351.AA19699@toad.com> Perhaps because internal communication between those 1024 machines will be significantly more difficult than running on a machine that is optimized for parallel operations, RPC just doesn't cut it. You would probably lose a number of your hosts off the top just to coordinate the activity of the remaining machines. But DES-cracking and password-cracking are almost completely decomposable; no co-ordination is necessary after you've sent the ciphertext string and the starting point for the search. Besides, if you really want to do this spend your one or two million (approx cost of your 1000PC site) on seriously dedicated DES-cracking parallel hardware. Do the cracking in hardware, not software. Sure -- if you want a machine that does nothing but. Either way, I could think of more fun things to do with those 1024 PCs:) Well, there's been an interesting thread on rec.woodworking about hurling strange things with medieval siege engines... From dsinclai at acs.ucalgary.ca Wed Aug 18 17:10:44 1993 From: dsinclai at acs.ucalgary.ca (Douglas Sinclair) Date: Wed, 18 Aug 93 17:10:44 PDT Subject: your mail In-Reply-To: Message-ID: <9308190008.AA15077@acs1.acs.ucalgary.ca> Having a revolution and then banning revolutions is nothing new. Read Machiaveli's (sp) _The Prince_. After winning a revolution, his first instruction is to kill the general that won it, because he has the power to win one again. -- PGP 2.3 Key by finger From newsham at wiliki.eng.hawaii.edu Wed Aug 18 17:35:51 1993 From: newsham at wiliki.eng.hawaii.edu (Timothy Newsham) Date: Wed, 18 Aug 93 17:35:51 PDT Subject: World record in password checking In-Reply-To: <199308182228.AA22350@tramp.cc.utexas.edu> Message-ID: <9308190031.AA20910@toad.com> > > Perhaps because internal communication between those 1024 machines will be > significantly more difficult than running on a machine that is optimized > for parallel operations, RPC just doesn't cut it. You would probably lose > a number of your hosts off the top just to coordinate the activity of the > remaining machines. Besides, if you really want to do this spend your > one or two million (approx cost of your 1000PC site) on seriously dedicated > DES-cracking parallel hardware. Do the cracking in hardware, not software. If you have the pc's aranged nicely there are very few packets that need be sent. You can use broadcasts on each net, or multicasting (broadcasting to a group). You simply need to send out the password entry to crack. You could break up the job space by networks, and on each network have the machines negotiate for portions of the sub-job space. Alternatively you could have all machines attacking the key space randomly which is not as efficient but still quite workable. Finally if/when one of the boxes gets a solution, it shouts 'i got it'. It can broadcast the solution, which will turn off all the other boxes and get put onto some consol window somewhere, or some file. > > Either way, I could think of more fun things to do with those 1024 PCs :) > > jim > bon fire? From remail at tamsun.tamu.edu Wed Aug 18 17:50:43 1993 From: remail at tamsun.tamu.edu (remail at tamsun.tamu.edu) Date: Wed, 18 Aug 93 17:50:43 PDT Subject: ANON: remailer list Message-ID: <9308190002.AA05127@tamsun.tamu.edu> At 3:42 PM 8/17/93 -0500, Karl Lui Barrus wrote: >Q1: What cypherpunk remailers exist? > >A1: > > 1: nowhere at bsu-cs.bsu.edu > 2: hh at cicada.berkeley.edu > 3: hh at pmantis.berkeley.edu > 4: hh at soda.berkeley.edu > 5: 00x at uclink.berkeley.edu I've never gotten a response from this one. Has anyone? > 6: hal at alumni.caltech.edu > 7: ebrandt at jarthur.claremont.edu > 8: remailer at rebma.mn.org > 9: elee7h5 at rosebud.ee.uh.edu >10: hfinney at shell.portal.com >11: remail at tamsun.tamu.edu >12: remail at tamaix.tamu.edu These last two seem to remail from the same address. Are there really two, with one automatically feeding into the other as a two-tier? What's the deal? I'll send this message to remail at tamaix.tamu.edu to illustrate. I tried to, and this message bounced. This is the second try, to remail at tamsun.tamu.edu. From remail at tamsun.tamu.edu Wed Aug 18 18:10:47 1993 From: remail at tamsun.tamu.edu (remail at tamsun.tamu.edu) Date: Wed, 18 Aug 93 18:10:47 PDT Subject: ANON: remailer list Message-ID: <9308190108.AA11116@tamsun.tamu.edu> > >11: remail at tamsun.tamu.edu > >12: remail at tamaix.tamu.edu > These last two seem to remail from the same address. Are there really two, > with one automatically feeding into the other as a two-tier? What's the > deal? tamsun and tamaix are two different machines which share, NFS-ed, user directories; hence, any mail sent to tamsun or tamaix goes through the same bit of remailing script. They both work independantly, however, and I decided to keep both in case one of the machines goes down for some reason. > I'll send this message to remail at tamaix.tamu.edu to illustrate. I tried to, > and this message bounced. This is the second try, to > remail at tamsun.tamu.edu. Let me know via email to remail at tamsun.tamu.edu if you still can't get your message through. It should work though. -- [ Carlos Macedo Gomes ][ Quis Custodiet ][: .8. :]------ [ gomes at tamu.edu ][ Ipsos Custodes? ][ . ooo . ]000000 [ cmghelp at tamsun.tamu.edu ][ ][ : =o(Y)o= : ]000000 [ My views- not TAMU's ][30 37 40 N, 96 20 03 W][oo .ooooo. oo]------ From eb at srlr14.sr.hp.com Wed Aug 18 18:30:43 1993 From: eb at srlr14.sr.hp.com (Eric Blossom) Date: Wed, 18 Aug 93 18:30:43 PDT Subject: World record in password checking In-Reply-To: <9308182154.AA21533@snark.lehman.com> Message-ID: <9308190129.AA26882@srlr14.sr.hp.com> > You can do even better if you happen to have 2000 sparcstations which > are idle for 16 hours a day. Myself, I wonder how many machines we > would need for a net parallel DES crack. I've got ~1500 workstations... Most are idle at night... From szabo at netcom.com Wed Aug 18 19:06:10 1993 From: szabo at netcom.com (Nick Szabo) Date: Wed, 18 Aug 93 19:06:10 PDT Subject: Crypto Protocols are Hard to Analyze In-Reply-To: <9308182038.AA05720@netcom.netcom.com> Message-ID: <9308190206.AA16644@netcom.netcom.com> Tim May: > Crypto protocols are _hard_ to analyze! Agreed, alas. > I'm currently trying to analyze a digital cash "coupon" system proposed by > Nick Szabo, Whoa nelly! "S&H greenstamps" and another recent idea I've bounced off Tim refer to a LEGAL "protocol". S&H greenstamps are "coupons" that can be used to "win" a wide variety of items from several participating companies; they are not just coupons good for discount on a specific item or the products & services of a specific company ("Disney Dollars"). S&H greenstamps got into some legal hot water for being too close to a privately issued currency, but nevertheless they are still around. S&H greenstamps make a good legal "edge case". >From an object-oriented point of view, "E-greenstamps" inherit digital cash and add legal structure. Here I am assuming that E-greenstamps or other business/legal manifestations of digital cash can be implemented with Chaum's protocol, providing "Pretty Good Digital Cash" in the cryptographic sense. The "Chaum off the shelf" assumption. If there are holes in Chaum's scheme, or major problems with implementing it in software, I'd like to hear more, but "S&H greenstamps" concept doesn't address software security issues. > "premature productization"?) I think it's good to discuss business and legal issues -- cf. the excellent thread on methods of converting physical to/from digital cash. If we think the work ends with implementing a good cryptographic protocol, we are sadly mistaken. Perhaps that's where the work of "cypherpunks" ends, but I have a broader vision of crypto-anarchy that covers the legal, business, and in general social issues as well. Any group that wants to seriously deploy cryptography in the real world has to discuss these as well. And indeed we do -- does PGP infringe on patents, is it proper for a remailer operater to read or record what goes through his system, etc. Crypto-anarchy will really take off when the (real, spendable) money starts flowing. Thus we should examine a wide variety of business concepts. The "speculative business plan" is a great way to do this. Of course cypherpunks are mostly hackers, and we will concentrate on the hacking -- but before crypto-anarchy emerges, the legal and business problems (eg not driving off customers with complex or "shady" operations) also have to be solved. We do need to be more clear on when we are talking about cryptographic protocols ("digital cash"), legal structures ("S&H greenstamps"), and business concepts ("commercial remailer"). > 1. Our archive site of papers and books is not available to many of the > folks attempting to develop new protocols. To pick one example: digital > money in all its various forms. I'd love to see some digicash papers on soda. I also agree on the need for standardizing terminology in the field of cryptography and related protocols for remailers, digital cash, etc. Your concept of a "Protocol Compiler" to enable testing of new concepts for anon remailers, digicash, etc. is intriguing. We have already started a "tricks database" with the Word Perfect crypto-cracker on soda; we need to expand that. Alas, there may be strong incentive for businesses to put hype before strong crypto substance. In response, we need to pursue the following two activities -- eventually, perhaps creating a separate organization for each: * A "cracker's guild" to break weak cryptography and publicize the cryptanalysis algorithms (cf. the Word Perfect crypto cracker), forcing the weak crypto off the market. For example, if NetCash was deployed this organization would crack it. This organization might be funded anonymously by those selling strong crypto (who have an incentive to debunk their competitor's hype). * A formal Crypto Auditing Agency that would verify the algorithms and protocols were secure, without revealing trade secrets. My next statement may cause hisses & boos, but I think the recent Crypto-Auditing of Clipper by Denning and other eminent cryptologists will be a model widely applied in the commercial computer security business. The auditors should be able to examine the source and run the programs without revealing trade secrets. Nick Szabo szabo at netcom.com From bbyer at BIX.com Wed Aug 18 19:20:43 1993 From: bbyer at BIX.com (bbyer at BIX.com) Date: Wed, 18 Aug 93 19:20:43 PDT Subject: World record in password checking In-Reply-To: <199308182228.AA22350@tramp.cc.utexas.edu> Message-ID: <9308182210.memo.53061@BIX.com> >Perhaps because internal communication between those 1024 machines will be >significantly more difficult than running on a machine that is optimized >for parallel operations, RPC just doesn't cut it. You would probably lose >a number of your hosts off the top just to coordinate the activity of the >remaining machines. They do not necessarily have to be co-ordinated (or interconnected at all). You could easily give each one a range of combinations to try, and wait until one succeeds. Ben Byer From M..Stirner at f28.n125.z1.FIDONET.ORG Wed Aug 18 20:20:44 1993 From: M..Stirner at f28.n125.z1.FIDONET.ORG (M. Stirner) Date: Wed, 18 Aug 93 20:20:44 PDT Subject: Anon: remailer list Message-ID: <1930.2C718751@shelter.FIDONET.ORG> * Reply to msg originally in CYPHERPUNKS Uu> Q1: What cypherpunk remailers exist? Uu> 1: nowhere at bsu-cs.bsu.edu Uu> 2: hh at cicada.berkeley.edu Uu> 3: hh at pmantis.berkeley.edu Uu> 4: hh at soda.berkeley.edu Uu> 5: 00x at uclink.berkeley.edu Uu> 6: hal at alumni.caltech.edu Uu> 7: ebrandt at jarthur.claremont.edu Uu> 8: remailer at rebma.mn.org Uu> 9: elee7h5 at rosebud.ee.uh.edu Uu> 10: hfinney at shell.portal.com Uu> 11: remail at tamsun.tamu.edu Uu> 12: remail at tamaix.tamu.edu Uu> 13: remailer at utter.dis.org Uu> 14: remailer at entropy.linet.org Uu> 15: remail at extropia.wimsey.com OK. It seems that remail at extropia.wimsey.com (#15) is down. This is a shame, as it was the _only_ remailer that would function as an anonymous remailer for me. It worked beautifully while it was up. Its apparent demise has been reported by other users as well, . Several of the remailers listed (2,3,4,5) have _never_ worked using standard cypherpunks syntax: :: Request-Remailing-To: . All other cypherpunks remailers, reliable or not, retain the footer addresses automagically inserted by the host box here & are therefore not in any way anonymous for my purposes. There was a discussion of a "cut line" syntax before I temporarily lost access to cypherpunks, but as far as I know there was never any agreement or implementation (I shall be pleased to be corrected if this is not the case). . Penet.fi will no longer work for me since the forced-password implementation due to an apparent header conflict with the X-Anon-Password: line & local host/gate software. . Why am I depressed? . ~ . M. ********************************************************************* * - PGP Key D30909 via servers * * > What country can preserve its liberties if its rulers are not <* * > warned from time to time that their people preserve the spirit <* * > of resistance? Let them take arms!" - Thomas Jefferson, 1787 <* ********************************************************************* ... Organization: Concerned Norwegians Against Lutefisk, S.F., CA ___ Blue Wave/QWK v2.12 -- M. Stirner - via FidoNet node 1:125/1 UUCP: ...!uunet!kumr!shelter!28!M..Stirner INTERNET: M..Stirner at f28.n125.z1.FIDONET.ORG From MIKEINGLE at delphi.com Wed Aug 18 20:45:52 1993 From: MIKEINGLE at delphi.com (MIKEINGLE at delphi.com) Date: Wed, 18 Aug 93 20:45:52 PDT Subject: Cypherpunk Chip Message-ID: <01H1WQ5739PU8ZGJD4@delphi.com> I'd like to propose a Cypherpunk chip to take the place of the Clipper chip. This could go a long way toward bringing the Cypherpunk vision to life, and it could also make someone a fortune. But first, I'm going to flame a bit. Even without key escrow and secret algorithms, Clipper is no good. The Clipper chip uses a conventional single-key algorithm, so if you want to use it with public-key, you have to do the RSA operations in software. This makes it vulnerable to tampering and key stealing. Clipper is essentially a beefed-up DES with a built- in spy hole and a classified "trust us" algorithm. The NSA seems to believe that only their classified algorithms are unbreakable. This is not true. We don't need to trust the NSA to give us an unbreakable single-key cipher. What we need are two good, respected ciphers and a simple reorganization operation. Choose, for instance, IDEA and triple-DES. Both are good algorithms. They have keys which are long enough to rule out any possibility of a brute-force attack. They are resistant to known methods of cryptanalysis, including differential cryptanalysis. They have good dispersion and produce pseudo-random ciphertext. Whether the NSA could break either of these, using a classified method, is pure speculation. IDEA and triple-DES are very different algorithms. DES is based on bit manipulation and permutation tables, whereas IDEA uses 16-bit arithmetic operations. This is good, because it means that if either algorithm has a flaw, the other one is not likely to have the same flaw. Take a 64-byte section of plaintext. Encrypt it using triple-DES. Now, reorganize the ciphertext: take the first byte of each 8-byte DES block (bytes 0,8,16, and so on) and make the first 8 bytes of the reorganized section. Repeat with the second, third, etc. until the entire 64 bytes are reorganized. So: 0 0 0 0 0 0 0 0 ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@ becomes: AIQYgow4BJRZhpx5...and so on. Then, re-encrypt the section with IDEA, producing double-encrypted ciphertext. Suppose you now change one bit in the ciphertext and decrypt it. When you decrypt IDEA, you get one 8-byte block of garbage (which is indistinguishable from the rest of the still-encrypted data). When you undo the reorganization, you get one bad byte in each DES block. So when you DES decrypt, you get 64 bytes of garbage. This compound cipher is effectively a 64-byte block cipher, in that every bit in the 64 bytes depends on every other bit. This means that you would have to attack a 64-byte section i.e. you would need 64 bytes of plaintext to attempt a plaintext attack. And even if you had the 64 bytes, you probably couldn't do anything with it. If you found a weakness in either cipher that allowed you to attack it, the same weakness would not exist in the other cipher (since they are based on different methods). So you could not attack the compound cipher. For this reason, a combination of two ciphers, especially with the reorganization, should be much more secure than one cipher. If I had to choose a cryptosystem to bet my life on, I'd choose this above Skipjack any day. Of course, it would be slower than a single cipher, but there are ways to make it usable. For example, the reorganization would be performed by straight-line assembly language, with no loops. And the encryption program would use a large disk buffer. Or, better yet, use hardware. See below. The Cypherpunk Chip Why couldn't we make a chip of our own, with some venture capital? This would be a public-key encryption chip, with all the necessary hardware self-contained, which would make secure phones, faxes, computers, and everything very easy. RSA Data Security could make a fortune if they received only a small royalty on each one sold. The design of the chip would be extremely public and readily available. Any company could produce them if it was willing to pay for the use of the RSA algorithm. The chip would contain a hardware true-random-number generator; facilities for executing RSA; MD5 or another message digest; and an extremely secure conventional cipher such as the compound cipher mentioned above. It would also contain nonvolatile (flash ROM) registers to store its public key and secret key. Hardware random numbers can be generated by several methods. One is to measure the jitter in an unstable oscillator. Another is to reverse bias a diode, right on the edge of zener breakdown, causing it to produce white noise. These methods can be proven by quantum mechanics to be inherently random. The chip would be sold blank - no serial number or anything. The user would instruct it to initialize itself by generating a key pair. It would do this internally, producing and remembering a public key and secret key. This might take a while, but you only have to do it once. When this is finished, you can easily extract the public key, but there would be no way to extract the secret key from the chip. The chip would be designed to make it very difficult and expensive to extract the secret key by physical surgery, thus making key stealing hard. The secret key would be stored internally in encrypted form, using a pass phrase much like PGP does, and the chip would decrypt it before each operation. In addition to the initialization, there would be five basic operations. The chip could output its public key, encrypt, generate signatures, decrypt, and check signatures. To encrypt, you would send the chip one or more public keys for people you want to send to. It would generate a random session key, and output the session key RSA-encrypted with each of the provided public keys. It would never reveal the actual session key. Then the chip would accept plaintext, 64 bytes at a time, and output ciphertext. When the encryption of a particular message was finished, the chip would forget the session key. To sign, you would send the text to the chip, along with the pass phrase, and it would run the MD5 algorithm on it. When finished, it would output the signature, the MD5 encrypted with its secret key. To check a signature, you would send the text, signature, and public key, and the chip would output good or bad. To decrypt, you would send the ciphertext and pass phrase, and the chip would output the plaintext. This chip would do basically what PGP does, except that it would be self-contained, very difficult to steal keys from, and easy to use in any device. The chip would not need to be hard-wired into a device. It could be built into a card or other plug-in module, perhaps PCMCIA compatible. You could use this as an electronic identity, while retaining the option to remain anonymous by getting a second card and generating a new identity. The card might also contain a memory for other people's public keys. You could, for example, insert the card into a pay phone and dial your pass phrase. This would secure the call, allow you and the recipient of the call to verify each others' identities, and pay for the call with digital cash. If this chip existed, "crypto-anarchy" would be easy. Everyone would have a motive to use it. There would be no more credit card fraud, no more phone-code fraud, no more bad checks, no more hacking, no more surveillance, etc. The chip could make it happen. We cipherpunks could actually win. The chip would be introduced in a low-key way. We would let the market see its advantages and jump on it, before the bad guys recognized the threat. For example, it could be introduced as an option for computers - plug it into a PCMCIA card slot and use it to secure E-mail, your hard drive, etc. Don't advertise what it could become; just let it happen. When we get it started, it will happen by itself. < mikeingle at delphi.com > From nobody at alumni.cco.caltech.edu Wed Aug 18 21:20:45 1993 From: nobody at alumni.cco.caltech.edu (nobody at alumni.cco.caltech.edu) Date: Wed, 18 Aug 93 21:20:45 PDT Subject: network parallel decryption amateur style Message-ID: <9308190414.AA00586@alumni.cco.caltech.edu> Recent postings have gotten me to thinking: If we wrote a easily portable UNIX program to decrypt DES in parallel across our many machines, how fast could we go? Perhaps we could make use of the anonymous remailers to hide our cooperation. How many computers do we have? I have account on somewhere between 10 and 20 Sparcstation IIPX's which are very lightly loaded at night...someone else said they have 1500... PC gurus might want to also make versions for high-speed PC's on the net. It wouldn't even need to be very difficult, just maybe having one complex server which assigns keyranges to every person who mails in a request, and gets mailed back the range to check. It doesn't really have to be automatic, although that would be nice. What do y'all think? -(signature removed, because, this is a dangerous idea. That's why I like it ;) From newsham at wiliki.eng.hawaii.edu Wed Aug 18 21:35:53 1993 From: newsham at wiliki.eng.hawaii.edu (Timothy Newsham) Date: Wed, 18 Aug 93 21:35:53 PDT Subject: no subject (file transmission) Message-ID: <9308190432.AA28152@toad.com> >From nowhere at bsu-cs.bsu.edu Tue Aug 17 15:28:39 1993 Return-Path: Received: from bsu-cs.bsu.edu ([147.226.112.101]) by hemp-imi.hep.anl.gov.noname (4.1/SMI-4.1) id AA01228; Tue, 17 Aug 93 15:28:35 CDT Received: by bsu-cs.bsu.edu (5.57/Ultrix3.0-C) id AA07310; Tue, 17 Aug 93 15:32:24 -0500 Date: Tue, 17 Aug 93 15:32:24 -0500 Message-Id: <9308172032.AA07310 at bsu-cs.bsu.edu> From: Anonymous To: EDITED X-Remailed-By: Anonymous X-Ttl: 0 X-Notice: This message was forwarded by a software- automated anonymous remailing service. Status: R Introduction to BlackNet Your name has come to our attention. We have reason to believe you may be interested in the products and services our new organization, BlackNet, has to offer. BlackNet is in the business of buying, selling, trading, and otherwise dealing with *information* in all its many forms. We buy and sell information using public key cryptosystems with essentially perfect security for our customers. Unless you tell us who you are (please don't!) or inadvertently reveal information which provides clues, we have no way of identifying you, nor you us. Our location in physical space is unimportant. Our location in cyberspace is all that matters. Our primary address is the PGP key location: "BlackNet" and we can be contacted (preferably through a chain of anonymous remailers) by encrypting a message to our public key (contained below) and depositing this message in one of the several locations in cyberspace we monitor. Currently, we monitor the following locations: alt.extropians, alt.fan.david-sternlight, and the "Cypherpunks" mailing list. BlackNet is nominally nondideological, but considers nation-states, export laws, patent laws, national security considerations and the like to be relics of the pre-cyberspace era. Export and patent laws are often used to explicity project national power and imperialist, colonialist state fascism. BlackNet believes it is solely the responsibility of a secret holder to keep that secret--not the responsibilty of the State, or of us, or of anyone else who may come into possession of that secret. If a secret's worth having, it's worth protecting. BlackNet is currently building its information inventory. We are interested in information in the following areas, though any other juicy stuff is always welcome. "If you think it's valuable, offer it to us first." - trade secrets, processes, production methods (esp. in semiconductors) - nanotechnology and related techniques (esp. the Merkle sleeve bearing) - chemical manufacturing and rational drug design (esp. fullerines and protein folding) - new product plans, from children's toys to cruise missiles (anything on "3DO"?) - business intelligence, mergers, buyouts, rumors BlackNet can make anonymous deposits to the bank account of your choice, where local banking laws permit, can mail cash directly (you assume the risk of theft or seizure), or can credit you in "CryptoCredits," the internal currency of BlackNet (which you then might use to buy _other_ information and have it encrypted to your special public key and posted in public place). If you are interested, do NOT attempt to contact us directly (you'll be wasting your time), and do NOT post anything that contains your name, your e-mail address, etc. Rather, compose your message, encrypt it with the public key of BlackNet (included below), and use an anonymous remailer chain of one or more links to post this encrypted, anonymized message in one of the locations listed (more will be added later). Be sure to describe what you are selling, what value you think it has, your payment terms, and, of course, a special public key (NOT the one you use in your ordinary business, of course!) that we can use to get back in touch with you. Then watch the same public spaces for a reply. (With these remailers, local PGP encryption within the remailers, the use of special public keys, and the public postings of the encrypted messages, a secure, two-way, untraceable, and fully anonymous channel has been opened between the customer and BlackNet. This is the key to BlackNet.) A more complete tutorial on using BlackNet will soon appear, in plaintext form, in certain locations in cyberspace. Join us in this revolutionary--and profitable--venture. BlackNet -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCPAixusCEAAAEEAJ4/hpAPevOuFDXWJ0joh/y6zAwklEPige7N9WQMYSaWrmbi XJ0/MQXCABNXOj9sR3GOlSF8JLOPInKWbo4iHunNnUczU7pQUKnmuVpkY014M5Cl DPnzkKPk2mlSDOqRanJZCkyBe2jjHXQMhasUngReGxNDMjW1IBzuUFqioZRpABEB AAG0IEJsYWNrTmV0PG5vd2hlcmVAY3liZXJzcGFjZS5uaWw+ =Vmmy -----END PGP PUBLIC KEY BLOCK----- From tedwards at wam.umd.edu Wed Aug 18 21:45:53 1993 From: tedwards at wam.umd.edu (technopagan priest) Date: Wed, 18 Aug 93 21:45:53 PDT Subject: Cypherpunk Chip Message-ID: <199308190441.AA26648@rac2.wam.umd.edu> I suppose the biggest problem with a Cypherpunk chip is actually getting it designed and built. I think it is difficult to imagine anyone with a real job having the time and money to put it together. However, it is not out of the realm of possibility for a graduate project, except one must run the question of whether there is enough novelty in such a device to make it an appropriate project. I'm not sure if IDEA has been implemented in silicon yet, but clearly it will be more difficult to implement in a fast way than DES. Then there is the issue of patents...DES is the only freely usable algorithm in the concept. One would probably have to contact the IDEA people to ensure there are no problems with us using the technique. RSA, well, we know the problem there. Finally, even if implemented as a MOSIS device under NSF or other grants in a university research situation, we'd have to find a foundry to go into mass-production. This would not be possible without ironing out all legal problems. Of course, I think PKP might be on our side about Clipper, and might be very willing to license the Cypherpunk chip at a reasonable rate. I've done a couple of analog chips through MOSIS...and no, my advisor wants me doing silicon models of auditory cortex, not crypto, but I'll mention it to any incoming grad students here who want to do some digital stuff. -Thomas From hughes at soda.berkeley.edu Wed Aug 18 21:50:46 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Wed, 18 Aug 93 21:50:46 PDT Subject: META: on topics Message-ID: <9308190447.AA14672@soda.berkeley.edu> A message from your list maintainer. I try not to interfere with topic selection too much. I have only once or twice specifically requested that some topic not be discussed. Today, however, I want to offer a specific guideline about a group of topics. The guideline is as follows: Do not discuss topics on cypherpunks which are already frequently discussed on sci.crypt or alt.security.pgp and do not directly relate to cypherpunks concerns. To illustrate this guideline, the recent thread on parallel DES cracking has been well discussed on sci.crypt. This initial announcement was interesting, and maybe one round of short comments were appropriate, but the discussion should be held on sci.crypt. There is already a forum there, please use it. The list is large and getting larger. There are, by my guess, maybe four times as many people who were previously on the list than those who are on the list; most of these dropped out for volume, from the comments I get. I echo the call for self-restraint made earlier. Others have recently written on what cypherpunks, the list, is about. I have some comments myself, which are long, and go back to original purposes, and such. I will not elaborate too far in this message. _Pace_ Tim May, I do think that there should be some guidelines about list content. Cypherpunks is not all cryptography to all people, and parallel DES-cracking particular cryptography is totally mainstream. Cypherpunks is not totally mainstream. Cypherpunks is about implementations of cryptography, particularly disapproved-of cryptography--not just the privacy of epistles but the privacy of the structure of society. There can be no hard separation of topics between the newsgroups and this list; I don't intend to enforce one. Nevertheless, some things clearly belong better elsewhere. The existence of gray areas does not prevent the existence of clear ones. I do understand the concerns that some members of the list are new to cryptography as well as cypherpunks. Cryptology is a large and increasingly technical field; there is no substitute for some hours of study. I myself have logged hundreds of hours reading technical cryptography, and while I don't expect that many of the members of the list will ever do that, I do expect that those who want to learn will do some proactive reading. You can't be spoon fed a working knowledge of anything; working knowledge is the result of working. Since meta-discussion can easily bring down a group, I will appreciate it if responses to this position are short, cogent, and thoughtful. Eric From mimir at u.washington.edu Wed Aug 18 22:50:46 1993 From: mimir at u.washington.edu (Al Billings) Date: Wed, 18 Aug 93 22:50:46 PDT Subject: BlackNet In-Reply-To: <9308190432.AA28152@toad.com> Message-ID: It had to happen. Even if it isn't real, it will happen soon enough. I'm all for it. From shipley at merde.dis.org Wed Aug 18 23:00:45 1993 From: shipley at merde.dis.org (Peter shipley) Date: Wed, 18 Aug 93 23:00:45 PDT Subject: No Subject Message-ID: <9308182140.AA16487@merde.dis.org> A non-text attachment was scrubbed... Name: not available Type: text/x-pgp Size: 746 bytes Desc: not available URL: From hfinney at shell.portal.com Wed Aug 18 23:20:46 1993 From: hfinney at shell.portal.com (hfinney at shell.portal.com) Date: Wed, 18 Aug 93 23:20:46 PDT Subject: Physical to digital cash, and back again Message-ID: <9308190605.AA05358@jobe.shell.portal.com> Anonymous points out problems with managing and using digital cash: > (1) customer reads ad about cool net.service > (a) they contact directly (but this ruins privacy) > (b) they contact independent distributor of > PGP key and anon-remail address generating software. > (but how does customer trust _them_?) > (2) vendor sends key & address generators (via e-mail or floppy), > and physical-mail-security instructions > (3) customer sends in money order (from mail drop or without > return address!) along with chosen anon e-mail address and public > key. > (4) vendor sets up account and e-mails the d-cash. > (5) we still need a physical mail drop or bearer bank > account for withdrawals, refunds, etc. of physical cash. It's true that this is a lot of steps. This is one reason why we should push to make anonymous mail easy to use. If you start with an infra- structure where you can communicate securely and anonymously across the net, with return messages that don't reveal your true identity, you have a good start on steps 1 and 2 above. Another simplification would be to split the users of the digital cash into customers and vendors, along the lines of the triangle diagram Tim suggested. In my experience, I make many withdrawals from my bank, but often only two deposits a month as my paycheck comes in. Applying this to the digital bank model, customers would mostly make digital cash with- drawals to buy things on the net, with occasional physical cash deposits to keep their balance up. Customers would thus primarily turn real cash into digital cash which they send to vendors; the vendors then turn the digital cash back into real cash. Customers can remain anonymous even without physical mail drops, while vendors have less anonymity. In this model, a customer sees some new software being sold on the net. He normally keeps enough digital cash on hand for such spending, so he sends the cash to the seller, including one of his standard anonymous return addresses for the return software. If this lowered his stock of digicash below the amount he likes to keep around, he sends another check to the bank and gets another batch of digicash. (This would be analogous to carrying cash in your wallet, and when it gets low you stop by the ATM and withdraw more. How often do you find yourself depositing cash back into the ATM? I suspect customers of the digital cash bank would similarly not need to turn their digicash back into real dollars very often.) With an infrastructure like this, using digital cash does not have to be complicated. > Also, the issue of which parts of these schemes are *legal* > is critical, but being completely overlooked. I once posted some excerpts from the Code of Federal Regulations involving the tax requirements of barter agencies. These are organizations in which their members exchange their labor without the use of regular cash. Often they use some scrip as a substitute for cash, or they may just keep records in an accounting system. It appeared to me that virtually any form of digital cash would fall under this definition. Barter agencies are not illegal, but there are many rules about reporting transactions and members. It would definately not be possible under the current tax code for a barter agency to have anonymous members. Therefore it looks like anonymous digital cash would not be legal in the U.S. at this time. I don't know about Duncan's suggestion to use an offshore bank. Paul Robichaux wrote, regarding the NetCash proposal: > Collusion between the service provider & the currency house can > produce a record of exactly what I bought, but I don't know that > blinding can do much better. Actually, blinding can do better. Collusion between the bank and the vendor can not break customer anonymity in a cash system using Chaum's blinding protocols. This is one of the things I found so surprising about the NetCash proposal. I am surprised they dare to call their idea an implementation of digital cash when it does not even provide this bare minimum of customer anonymity. This anonymity is why we call it "cash", as distinguished from other forms of money. The NetCash proposal is more like cashier's checks. Bill Stewart writes: > If you're sending non-accountable-by-sender cash, you need some way to get > a receipt. If you're mailing a check or digicash, you have a way to > repudiate the transaction or at least make a claim against them, > or if you can go in to the bank in person for the transactions with cash. This is a good point, and is another reason why blinding is so important. If you don't mind it being known in general terms that you are a customer of the bank, you can send a check with instructions to turn it into digital cash to be sent to your email address. There will still be no way that the bank can figure out when or where you spend that digital cash. And they are no more likely to just cash your check and pocket the money than any other mail order business would be. Hal Finney hfinney at shell.portal.com From ld231782 at longs.lance.colostate.edu Wed Aug 18 23:25:53 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Wed, 18 Aug 93 23:25:53 PDT Subject: T. Wells & Anonymity Message-ID: <9308190625.AA04961@longs.lance.colostate.edu> My last response to Mr. Wells was in private and I hoped he would take that course himself in future communication, but as it stands he now has screamed insults at me twice in a row in this forum, and I must address his latest unanswered letter; most of these following points are from my private letter. The fundamental issue at stake is: is Mr. Wells routinely and regularly monitoring the content of the email he forwards via his so-called `anonymous server'? The answer is: definitely. To do so is very ethically borderline, IMHO, no matter who his `family'. This was enough to alarm me seriously to the point of writing a very vehement letter condemning this type of `surveillance'. Yes, he has provided this service for a long time, he is doing so voluntarily, he has a select group of participants with a particular sensitivity and need, `most' of whom are satisfied with it, this I all acknowledge. However, it's evident to me that all users of anonymous services have a set of unconscious expectations, foremost among them that the operator will not routinely be reading their mail. I pointed out to Mr. Wells that breaking the violation of trust in privacy may lead the operator to breach the trust in anonymity. Merely the knowledge of content can lead the operator to serious quandaries that can be wholly avoided in completely adhering to privacy. Furthermore, an operator who does not strive to adhere conscientiously to the set of unconscious user expectations, even if working on a voluntary basis, is actually doing his users a disservice. Mr. Wells' rambling letter, replete with references to his personal philosophy of Objectivism, is a complicated set of rationalizations that amount to `yes, I regularly monitor my server's email traffic, in fact I consider it my duty.' Given his unswerving obstinacy to this practice, I asked that he make this policy clear in his introductory statements to the server, but he has consistently failed to reassure me that he actually has done so, making me wonder to what extent of the readers in the newsgroup and of his server (a substantial overlap according to him) are aware of this very serious matter of `systematic observation'. Are any people using this server as a plain vanilla server, or do they all realize that they are establishing a very strong personal arrangement of trust with this operator, who considers their relationship analogous to the protective Platonic intimacy between a therapist and his patients? Who will personally censor messages he thinks will unduly upset them? Mr. Wells tells us that `this is neither the time nor the place to discuss the wherefors and whys of abuse recovery; you'll just have to take it as a given that the rules used for understanding people in general won't work so well when applied to this newsgroup, or to my anonymous service.' Mr. Wells, I don't claim to be a specialist in the area as you insinuate yourself, but I believe there are fundamental laws of respect and candor that are appropriate -- *necessary* -- for *all* people, and my concern is precisely that you may be not be adhering to it in this case in presenting your policies. Your polarized dance of defensiveness and offensiveness indicates to me clearly a nerve has been struck. Mr. Wells' letter is full of seemingly contradictory statements. He seems to think that `confidentiality' and `privacy' are `two distinct functions', and suggests that in his regular email monitoring he actually achieves a `tighter, higher standard of confidentiality' than Helsingius or Kleinpaste's servers. Also, his attitudes on the limitations of his actual commitments to the people who use his service are extremely disturbing. He says `Their rights do not extend to arbitary protection of their confidentiality or privacy' and the actual protections granted are `mine to choose' and `not implicit in an anonymous server'. I find these comments simultaneously highly revealing and alarming. From my point of view the sheer all-encompassing trust awarded a server operator by users requires every conceivable commitment on the latter's part to *transcend* the common denominator in user expectations of privacy. Mr. Wells says he personally handles `half the traffic' of the sexual abuse recovery newsgroup, and that `most' of its users and his `potentially legitimate' correspondents are satisfied, and that most people who have `expressed dislike for my policies' are coincidentally `outsiders'. His service is `integral to a specific community'. Perhaps so, but how would he react to another server operator specifically serving that group? His statements seem to reflect a perverse pride in his monopoly on the group's anonymity and secret knowledge of its participants. IMHO, this is precisely the kind of extremely compromising position encryption would effortlessly avert. Finally, I'm extremely disappointed in Mr. Wells transparently vitriolic rhetoric to deflect the primary issues of systematic monitoring and truth in advertising to ugly subsidiary sideshows, such as with his expert diagnosis of me as `mentally unbalanced'. This classicly ridiculous ad hominem insult is particularly ironically insensitive coming from someone who professes to tiptoe around areas requiring the utmost delicacy in human interaction in supporting people with mental anguish! Yes, my mind is indeed teetering on the brink of a breakdown -- from Mr. Wells blows, who says of me, `he should consider himself honored that I bothered to tell him where he went wrong.' -- such words bespeak an attitude of shocking, sickening arrogance and intolerance. Caveat emptor! P.S. I will respond no further to Mr. Wells in this forum. From cdodhner at indirect.com Wed Aug 18 23:30:45 1993 From: cdodhner at indirect.com (Christian D. Odhner) Date: Wed, 18 Aug 93 23:30:45 PDT Subject: BlackNet In-Reply-To: Message-ID: <9308190626.AA22276@indirect.com> > > It had to happen. Even if it isn't real, it will happen soon enough. I'm > all for it. > I think it's not real. Or at least wasn't intended to be. My best guess is that it's all a joke, but that the author will soon start receiveing genuine replys; it may yet turn into the real thing. Happy Hunting, -Chris. From julf at penet.FI Wed Aug 18 23:40:45 1993 From: julf at penet.FI (Johan Helsingius) Date: Wed, 18 Aug 93 23:40:45 PDT Subject: Anon: remailer list In-Reply-To: <1930.2C718751@shelter.FIDONET.ORG> Message-ID: <9308190844.aa05356@penet.penet.FI> As usual: repl: bad addresses: "M. Stirner" -- no mailbox in local-part (.) > . Penet.fi will no longer work for me since the forced-password > implementation due to an apparent header conflict with the > X-Anon-Password: line & local host/gate software. No, no, no! Sigh! Once again: You *don't* have to put the X-Anon-Password line in among the headers, it's OK as the first non-empty line *in the message body*. > . Why am I depressed? Because you use a screwed-up mail system/gateway? Because you give up too easily? > ... Organization: Concerned Norwegians Against Lutefisk, S.F., CA Oh? *This* might be the real reason for your depression. I sympatize. Lutefisk gets me, too! Julf From khijol!erc at apple.com Wed Aug 18 23:46:13 1993 From: khijol!erc at apple.com (Ed Carp) Date: Wed, 18 Aug 93 23:46:13 PDT Subject: APS-0.3 - anonymous posting software for the masses Message-ID: FYI - I have released the source code for APS-0.3 out to alt.sources. If anyone wants the sources but doesn't have access to alt.sources, they can email me and I'll be glad to email them the software (it's fairly small). -- Ed Carp, N7EKG erc at apple.com 510/659-9560 anon-admin at khijol.uucp If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From tcmay at netcom.com Thu Aug 19 00:15:53 1993 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 19 Aug 93 00:15:53 PDT Subject: Crypto Protocols are Hard to Analyze In-Reply-To: <9308190206.AA16644@netcom.netcom.com> Message-ID: <9308190715.AA23256@netcom5.netcom.com> In the interests of keeping the volume of postings down, I'll say only a few words about Nick Szabo's many good points: > > I'm currently trying to analyze a digital cash "coupon" system proposed by > > Nick Szabo, > > Whoa nelly! "S&H greenstamps" and another recent idea I've bounced > off Tim refer to a LEGAL "protocol". S&H greenstamps are > "coupons" that can be used to "win" a wide variety of items from > several participating companies; they are not just coupons good for > discount on a specific item or the products & services of a specific > company ("Disney Dollars"). S&H greenstamps got into some legal hot > water for being too close to a privately issued currency, but > nevertheless they are still around. S&H greenstamps make a good legal > "edge case". I certainly consider "legal" issues to be part of the larger protocol, inasmuch as banks, credit unions, etc., must obey all sorts of laws. And there are IRS reporting "protocols," and so on. Part of my point was that calling things "Green Stamps" (not a slur on Nick's idea) does not exempt them, nor does it even really mean they are not money. Whether Green Stamps, coupons, digital bearer bonds, "Get Out of Jail Free Cards," whatever, are "money" or not is a complicated issue, which I can't go into here (1. No space, 2. I'm not an expert, 3. The _names_ alone are not enough to tell.). Eric Hughes investigated digital money from a legal point of view (for example, the funny messages printed on your checks, like "Pay to the order of," have actual, real meanings). I'm sure Eric, Duncan Frisell, Sandy Sandfort, Perry Metzger, etc., can elaborate. Part of the energy barrier we face, or soon will, is that crypto money has had none (or very little) of the centuries of evolution--successes and failures--that ordinary money has had. There may be clever ways to make some forms of digital money essentially be isomorphic to actual money--the stuff the world is used to, that is--and hence ride the coat tails of the world's current system. But these will be complicated, adding to the difficulty of analyzing new protocols for crytographic, legal, fiduciary, and social acceptability. > >From an object-oriented point of view, "E-greenstamps" inherit > digital cash and add legal structure. Here I am assuming that > E-greenstamps or other business/legal manifestations of digital cash can > be implemented with Chaum's protocol, providing "Pretty Good Digital > Cash" in the cryptographic sense. The "Chaum off the shelf" > assumption. If there are holes in Chaum's scheme, or major problems > with implementing it in software, I'd like to hear more, but "S&H > greenstamps" concept doesn't address software security issues. Well, Chaum and his students have various specialized protocols, that is, they reduce the complexity by mainly targeting one particular type of system (toll roads, or digital cash for shops to redeem, whatever). The "difficulty of analyzing protocols" issue. Where Nick's idea fits it, how it might be spoofed by shopkeepers, what prevents forgery, etc., are some of the many issues. By the way, the latest (August) issue of "Mother Jones" has an article on a small town in New England (I think) which has their own barter dollars. We talked about barter dollars, and the Italian experiment some time back, about a year or so ago, when the List was just getting started. Let me point out that the IRS takes a dim view of barter transactions that are denominated in things other than dollars. > cash. If we think the work ends with implementing a > good cryptographic protocol, we are sadly mistaken. Perhaps that's > where the work of "cypherpunks" ends, but I have a broader vision of > crypto-anarchy that covers the legal, business, and in general > social issues as well. Any group that wants to seriously > deploy cryptography in the real world has to discuss these as well. Agreed. Which is yet another reason to better formalize our reasoning about complex protocols. The metaphors are too vague. > We do need to be more clear on when we are talking about cryptographic > protocols ("digital cash"), legal structures ("S&H greenstamps"), and > business concepts ("commercial remailer"). The lines that separate them are tenuous. I agree it would be nice to try to identify some truly basic "cryptographic primitives," and even have them available in libraries (secret sharing, bit committment, n-out-of-m voting, etc.). (But this is a tall order, as most of these schemes have been written about, but are not available in software.) > I'd love to see some digicash papers on soda. I also agree on the They're best left scattered amongst the "Crypto" Proceedings, for reasons I've mentioned (briefly: 1. Hard to OCR them, 2. Anyone doing work in this area _must_ have access to the Proceedings, if only to track down the various referenced papers, 3. Too many papers on soda could expose it to legal action (copyright), 4. The printed papers are easier to read, anyway.). > * A "cracker's guild" to break weak cryptography and publicize ... > * A formal Crypto Auditing Agency that would verify the algorithms > and protocols were secure, without revealing trade secrets. Any Cypherpunks are of course free to do these things, but I won't hold my breath waiting. These things take a lot of time. And the Cypherpunks group just is in no position to "decide" on a strategy and then somehow "assign" staff to these projects. So, it won't get done this way. (That's also why a "Cypherpunk chip" is farfetched....too much work.) This is not because Cypherpunks are lazy or unfocussed, but because Cypherpunks is a group of volunteers, all with their own goals and pet projects. -Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From rjc at gnu.ai.mit.edu Thu Aug 19 02:10:45 1993 From: rjc at gnu.ai.mit.edu (Ray) Date: Thu, 19 Aug 93 02:10:45 PDT Subject: T. Wells & Anonymity In-Reply-To: <9308190625.AA04961@longs.lance.colostate.edu> Message-ID: <9308190906.AA08244@geech.gnu.ai.mit.edu> This seems to be a case where technology can easily be applied to bring about a mutually satisfactory solution. If Mr. Wells wants to moderate his anonymous posting service, why not have it immediately remove all header information from the message, and store the result for later verification and posting. Thus, Mr. Wells can still "weed-out" the annoying childish-insult messages that someone like BIFF might post anonymously while protecting the privacy of those who have legitimate needs. On the other hand, I feel Mr. Detweiler has gone a little overboard in his attack in what seems to be an attempt to protect the masses from their own stupidity. The simple facts of the matter are, any time you use an anonymous remailer without encryption you run the risk of having your email intercepted. One thing people need to learn is that the world is a risky place and any action you take can have negative consequences. I certainly wouldn't send threats to president at whitehouse.gov expecting Hal's or Julf's remailers to protect me. Even using encryption, an anonymous remailer operator as well as many other people can do traffic analysis. Unix keeps tons of logs which are quite easy to parse. (I recently got finished writing syslog accounting software which tracks all the path of all messages sent and received on a system bills them based on bandwidth.) There are several things you can do such as remailer chaining, using private machines (off the network), etc but none guarantee absolute privacy. If you are concerned about protecting the masses, write up your own "Remailer Safety FAQ" detailing the benefits and dangers. -Ray p.s. is there a proposal out there to increase the security of moderated newsgroups? I was thinking that it might be a good idea to incorporate digital signatures into the moderation protocol such that newsreaders could filter out messages which didn't have a proper moderator's signature. -- Ray Cromwell | Engineering is the implementation of science; -- -- EE/Math Student | politics is the implementation of faith. -- -- rjc at gnu.ai.mit.edu | - Zetetic Commentaries -- From mab at crypto.com Thu Aug 19 03:25:59 1993 From: mab at crypto.com (Matt Blaze) Date: Thu, 19 Aug 93 03:25:59 PDT Subject: network parallel decryption amateur style In-Reply-To: <9308190414.AA00586@alumni.cco.caltech.edu> Message-ID: <9308191010.AA10142@crypto.com> >Recent postings have gotten me to thinking: If we wrote a >easily portable UNIX program to decrypt DES in parallel across >our many machines, how fast could we go? > Using the fastest software DES implementation I know of, optimized for fast single-bit key change, it would take about a million SparcStation-years (at 100% utilization) to do an exhaustive DES search. Even assuming a order of magnitude faster than that (from a better implementation or faster common workstation hardware), that's still an awful lot of Sparc-years you'd have to get "the net" to donate. -matt From julf at penet.FI Thu Aug 19 04:16:19 1993 From: julf at penet.FI (Johan Helsingius) Date: Thu, 19 Aug 93 04:16:19 PDT Subject: T. Wells & Anonymity In-Reply-To: <9308190906.AA08244@geech.gnu.ai.mit.edu> Message-ID: <9308191324.aa09804@penet.penet.FI> > On the other hand, I feel Mr. Detweiler has gone a little overboard > in his attack in what seems to be an attempt to protect the masses from > their own stupidity. The simple facts of the matter are, any time you use an > anonymous remailer without encryption you run the risk of having your email > intercepted. One thing people need to learn is that the world is a risky place > and any action you take can have negative consequences. I certainly > wouldn't send threats to president at whitehouse.gov expecting Hal's > or Julf's remailers to protect me. Yes. But in this case we are talking about somebody who definitely feels it is OK to check in on other people's messages - but he only admited to it after a very lengthy debate on a.s.a.r, that he did his best to shut down - without replying to accusations of him eavesdropping. > If you are concerned about protecting the masses, write up your own > "Remailer Safety FAQ" detailing the benefits and dangers. I still feel a remailer operator should make his policies known up front. Just like Karl Kleinpaste's "if you do something I consider abuse, I will expose you" policy. Julf From gtoal at an-teallach.com Thu Aug 19 07:26:04 1993 From: gtoal at an-teallach.com (Graham Toal) Date: Thu, 19 Aug 93 07:26:04 PDT Subject: mailing list <-> newsgroup ? Message-ID: <6013@an-teallach.com> In article <9308181850.AA10702 at toad.com> newsham at wiliki.eng.hawaii.edu writes: > How many people are subscribed to this list right now? How many > people have read it before and dropped off only due to bandwidth > problems? This list easily generates more traffic than any of > the newsgroups I read. If the number of people on this list is Then use better tools! I easily cope with this list -- and another one which averages 300 letters a day. I set up separate accounts for each list and gateway them into local 'mail.*' newsgroups. Admittedly, if it comes in with your real mail it would be a pain. But I'd rather keep it as email than news just to keep that cretin Sternlight out :-) G === Personal mail to gtoal at gtoal.com (I read it in the evenings) Business mail to gtoal at an-teallach.com (Be careful with the spelling!) Faxes to An Teallach Limited: +44 31 662 4678 Voice: +44 31 668 1550 x212 From gtoal at an-teallach.com Thu Aug 19 07:31:04 1993 From: gtoal at an-teallach.com (Graham Toal) Date: Thu, 19 Aug 93 07:31:04 PDT Subject: World record in password checking Message-ID: <6015@an-teallach.com> > You can do even better if you happen to have 2000 sparcstations which > are idle for 16 hours a day. Myself, I wonder how many machines we > would need for a net parallel DES crack. > > Perry Hmmm.... shouldn't be hard to organise either - everyone adds a crackd daemon to their inetd.conf... hey - even better - we make it an extension to 'sendmail' and put it in the default distribution bwahahaha ;-) G === Personal mail to gtoal at gtoal.com (I read it in the evenings) Business mail to gtoal at an-teallach.com (Be careful with the spelling!) Faxes to An Teallach Limited: +44 31 662 4678 Voice: +44 31 668 1550 x212 From cme at ellisun.sw.stratus.com Thu Aug 19 07:40:47 1993 From: cme at ellisun.sw.stratus.com (Carl Ellison) Date: Thu, 19 Aug 93 07:40:47 PDT Subject: Cypherpunk Chip In-Reply-To: <01H1WQ5739PU8ZGJD4@delphi.com> Message-ID: <9308191037.ZM1771@ellisun.sw.stratus.com> On Aug 18, 11:36pm, MIKEINGLE at delphi.com wrote: > Subject: Cypherpunk Chip [triple-DES | permute larger block | IDEA] > Suppose you now change one bit in the ciphertext and decrypt it. > When you decrypt IDEA, you get one 8-byte block of garbage (which > is indistinguishable from the rest of the still-encrypted data). > When you undo the reorganization, you get one bad byte in each DES > block. So when you DES decrypt, you get 64 bytes of garbage. Yes. For some time, I've been advocating (over in sci.crypt) compress|des-cbc|tran|des-cbc|tran|des-cbc instead of normal triple DES. tran is not an encryption algorithm so it's been posted worldwide several times and is available from me by mail or on a few ftp sites. It does a pseudo-random transposition of a variable length block (up to 8KB) -- using the sum of bytes in the first block as the key to the PRNG. [That could be better and I'm planning to do an improvement -- using the histogram of the bytes of the first block as a much larger key to the PRNG.] tran is a self-inverse. This dosen't guarantee bit diffusion -- but does diffuse the probability of change (of a single output bit, given a changed single input bit) evenly over a big block. For operation within a single chip, I'd advocate yours rather than this tran. Of course, one could also do (for S/W solutions): compress|des-cbc|tran|idea-cbc|tran|des-cbc > Of course, it would be slower than a single cipher, but there are > ways to make it usable. For example, the reorganization would be > performed by straight-line assembly language, with no loops. And > the encryption program would use a large disk buffer. Or, better > yet, use hardware. See below. There's no reason for pipelined operations like yours or mine to be slower than a single cipher. The pipelines need to be kept full. That means that you feed the chip data with one set of handshaking and take data from it with another set. You don't treat the chip like an RPC. As long as you think UNIX pipes, it will make sense. - Carl From honey at citi.umich.edu Thu Aug 19 09:20:46 1993 From: honey at citi.umich.edu (peter honeyman) Date: Thu, 19 Aug 93 09:20:46 PDT Subject: Cypherpunk Chip Message-ID: <9308191619.AA18795@toad.com> how important is the prng aspect of tran? presumably des-cbc does a good job of bit diffusion. why is it better to tran than to "dd conv=swab" or rot13? (or even to do nothing at all, simply des-cbc|des-cbc|des-cbc?) peter From cme at ellisun.sw.stratus.com Thu Aug 19 12:30:46 1993 From: cme at ellisun.sw.stratus.com (Carl Ellison) Date: Thu, 19 Aug 93 12:30:46 PDT Subject: Cypherpunk Chip In-Reply-To: <9308191619.AA26375@transfer.stratus.com> Message-ID: <9308191528.ZM2217@ellisun.sw.stratus.com> On Aug 19, 12:18pm, peter honeyman wrote: > Subject: Re: Cypherpunk Chip > how important is the prng aspect of tran? presumably des-cbc does > a good job of bit diffusion. why is it better to tran than to > "dd conv=swab" or rot13? (or even to do nothing at all, simply > des-cbc|des-cbc|des-cbc?) > > peter >-- End of excerpt from peter honeyman I did a version of tran which did 4 rounds of an FFT-style butterfly. This achieves maximal mixing. However, it's predictable -- therefore easier to cryptanalyze (not that I'd care to try it :-). DES does a fine job of bit diffusion, within its block. (for CBC, that includes the rest of the stream -- if you hide the ciphertext from the cryptanalyst, so he can't XOR it out again) tran moves bytes of DES output around so that they can expect to have new neighbors for the next round of encryption. This produces diffusion. The actual diffusion of tran is less than that of the FFT-butterfly. However, for the cryptanalyst, there are more possibilities. Any byte can go anywhere within the 8KB block. With the FFT, each byte goes to a known location and gets diffused with 7 neighbors by the next round of DES. - Carl From khijol!erc at apple.com Thu Aug 19 13:06:05 1993 From: khijol!erc at apple.com (Ed Carp) Date: Thu, 19 Aug 93 13:06:05 PDT Subject: T. Wells & Anonymity In-Reply-To: <9308191324.aa09804@penet.penet.FI> Message-ID: > > On the other hand, I feel Mr. Detweiler has gone a little overboard > > in his attack in what seems to be an attempt to protect the masses from > > their own stupidity. The simple facts of the matter are, any time you use an > > anonymous remailer without encryption you run the risk of having your email > > intercepted. One thing people need to learn is that the world is a risky place > > and any action you take can have negative consequences. I certainly > > wouldn't send threats to president at whitehouse.gov expecting Hal's > > or Julf's remailers to protect me. > > Yes. But in this case we are talking about somebody who definitely feels it is > OK to check in on other people's messages - but he only admited to it after a > very lengthy debate on a.s.a.r, that he did his best to shut down - without > replying to accusations of him eavesdropping. He has threatened more than one person with lawsuits regarding this whole matter. I feel it is really in his best interest for this whole discussion to go away. Why, I can only speculate... > > If you are concerned about protecting the masses, write up your own > > "Remailer Safety FAQ" detailing the benefits and dangers. > > I still feel a remailer operator should make his policies known up front. > Just like Karl Kleinpaste's "if you do something I consider abuse, I will > expose you" policy. I've released APS-0.3 to the outside world, because I welcome criticism and suggestions. The Wells APS has never been released so far as I know - who knows what the software does? I don't monitor ANY of the messages going out through my APS - I'm too damned busy trying to make a living in the sluggish California economy to worry about who's posting/emailing what... -- Ed Carp, N7EKG erc at apple.com 510/659-9560 anon-0001 at khijol.uucp If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From hkhenson at cup.portal.com Thu Aug 19 14:00:46 1993 From: hkhenson at cup.portal.com (hkhenson at cup.portal.com) Date: Thu, 19 Aug 93 14:00:46 PDT Subject: Digital money prototypes Message-ID: <9308191058.1.17017@cup.portal.com> I wonder if the various precidents set by traveler's checks might be useful in developing digital money. If American Express (or some similar) got into the game, it would be rather interesting. Keith From nobody at shell.portal.com Thu Aug 19 14:01:05 1993 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Thu, 19 Aug 93 14:01:05 PDT Subject: Physical to digital cash, and back again Message-ID: <9308191211.AA12617@jobe.shell.portal.com> As usual, Hal Finney writes an excellent post on digital cash. However, some assumptions need to be addressed. > [triangle model divides the world into banks, shops, and customers] > Customers would thus primarily turn real cash > into digital cash which they send to vendors; the vendors then turn the > digital cash back into real cash. In its first few years of operation (at least), a digicash currency will be of highly uncertain value and reputation: Currency will: * Be of questionable legality in some jurisdictions. Once they catch on, governments will actively suppress it. * Lack a track record. * Be able to purchase only a limited number of specialized information services -- the customer won't be able to use it to buy groceries, make house or car payments, etc. Thus, as a customer, the *first* thing I will be concerned about is the ability to convert my digital cash into currency that can be used to purchase physical goods & services in my local jurisdiction. Specific application #1 -- an information worker or contractor being payed in digital cash will want to convert that digital cash into local currency, early and often. Specific application #2: customer deposits money into an account to pay for online services. In most cases the customer will be concerned about refunds and return of unspent funds. Specific application #3: on-line casino, with digital cash chips. Casino customers' first priority will be the ability to "cash out" with as little hassle as possible. Now we could stretch things and call the person who wants to cash out the "shop" (especially for case #1), but then the necessity of a user-freindly system would apply just as much to shops as it would to customers. Better to have a symmetric relationship between agents rather than dividing the world into customers and shops. Any of these agents may wish to make payments in either direction. In many cases the amount of payments will be quite assymetric, but in most cases the ability to make secure payments both ways should exist. This gives us the following model: (using FRNs as the local legal cash currency): ------- | | v | FRN bearer acct <--> d-cash acct <-> agents | ^ ^ | | | | v ------- physical cash > [customer] sends another check > to the bank and gets another batch of digicash. Not a good idea, checks are not private! Try cash or money order. From pcw at access.digex.net Thu Aug 19 14:20:46 1993 From: pcw at access.digex.net (Peter Wayner) Date: Thu, 19 Aug 93 14:20:46 PDT Subject: Traveller's Checks... Message-ID: <199308192117.AA27958@access.digex.net> I think that American Express wouldn't be interested in anonymous cash because the most important "feature" of a traveller's check is the lack of transferability. Once they're bought, only one person can spend them. Still, there might be people interested in anonymous approaches. -Peter From jim at tadpole.com Thu Aug 19 14:40:47 1993 From: jim at tadpole.com (Jim Thompson) Date: Thu, 19 Aug 93 14:40:47 PDT Subject: Traveller's Checks... Message-ID: <9308192136.AA18425@chiba.tadpole.com> > > I think that American Express wouldn't be interested in > anonymous cash because the most important "feature" of > a traveller's check is the lack of transferability. Once > they're bought, only one person can spend them. I doubt that Amex is interested in traveller's checks for this reason. AMEX likes traveller's checks because they make a lot of money on the 'float', the time value of the money you give them before they have to redeem the checks when some bank presents them for payment. A digital bank could make a lot of money on 'float' too. Given that anonymous cash could be much harder to steal than paper checks, AMEX could very well be interested in this 'new' type of monetary instrument. Jim From nobody at alumni.cco.caltech.edu Thu Aug 19 15:20:48 1993 From: nobody at alumni.cco.caltech.edu (nobody at alumni.cco.caltech.edu) Date: Thu, 19 Aug 93 15:20:48 PDT Subject: Cypherpunk DES distributed DES last post Message-ID: <9308192217.AA14930@alumni.cco.caltech.edu> Since the list keeper has requested, let us let the DES parallel breaking die, for the time being at least. I mentioned a possible Cypherpunk project to set up a network of parallel DES de-cryptors linked by cryptographically secure anonymous remailers to avoid obvious detection (although one could argue all those flops in the night might speak for themselves). A quick test shows the Sparcstation IIPX doing about 100 decryptions per second in a typical unloaded system from a user account (these are relatively small decryptions...we assume here we are decrypting a text which only a small portion needs to be decrypted to reveal its appropriate entropy measure). Or over eight unused hours at night, in the neighborhood of 3 million decryptions. Let's even assume we can marshall 5000 similar machines through our combined talents, that's 15*10^9 decryptions. Keeping in mind the total 56-bit keyspace is 72*10^15, we're still talking around 5 million nights to solve the problem (~13,000 years). If we want to solve one system per month, it looks like we can only handle about 38 bits worth of keyspace. Not very impressive. So, until the next technological leap, we can probably forget about this. From cme at ellisun.sw.stratus.com Thu Aug 19 16:20:49 1993 From: cme at ellisun.sw.stratus.com (Carl Ellison) Date: Thu, 19 Aug 93 16:20:49 PDT Subject: new tran Message-ID: <9308192316.AA03198@ellisun.sw.stratus.com> I've just modified tran to operate off the histogram of inputs and have posted the code to sci.crypt. It's also available from me by e-mail. - Carl From pcw at access.digex.net Thu Aug 19 16:26:10 1993 From: pcw at access.digex.net (Peter Wayner) Date: Thu, 19 Aug 93 16:26:10 PDT Subject: Traveller's Checks... Message-ID: <199308192321.AA13563@access.digex.net> Many banks make money on float. Could digital cash pay interest? I guess the bank could append a date to the cash and mark up the value when it is "spent", but that might compromise some of the anonymity. I'm sure the bank would volunteer to guard our anonymity in the strictest sense by not paying the interest. -Peter From wcs at anchor.ho.att.com Thu Aug 19 16:51:31 1993 From: wcs at anchor.ho.att.com (Bill_Stewart_HOY002_1305) Date: Thu, 19 Aug 93 16:51:31 PDT Subject: Fiat currency: Re: Electracy: Evil Revisited Message-ID: <9308192239.AA06169@anchor.ho.att.com> (Most of this is diatribe, and I wasn't sure whether to Cc: cypherpunks, but there's some relevance to creating digital currency near the end.) Paul Moses writes: > Sorry, but today's currency system is anything but a democracy. Thank God. > It works because it is entrusted to a COMPETENT elite. Gack, sputter, foo, bletch! The currency system works so *badly* because it's trusted to an elite who can abuse it for their own power and enrichment. It works as well as it does because currency *is* a market, so it's subject to the usual price (all the market will bear) and power is subject to the usual limits (overabuse leads to revolution), and the elite is competent enough to know how much it can get away with. Yes, an incompetent elite is usually worse (e.g. the old Argentina or Israel), and democratically controlled fiat currency is inherently incompetent (the Golgafrinchians in HHGTTG declaring leaves to be money, etc., and their current US version, the Populist Party.) But fiat currency, anywhere, any time, can always be abused, and eventually is. Hard currency, such as gold, or silver, is subject to market fluctuations, but there's some inherent value, and a fair amount of local stability. Consumable commodity currencies, such as tobacco, alcohol, cows, and grain, have their obvious drawbacks, but they're very useful in pre-industrial societies (including the US up to the mid-1800s), and use reappears in badly trashed economies (immediate post-WWII Germany, when the alternative was fiat scrip deutschmarks, which were rapidly being printed and inflating.) In all of the non-fiat systems, the value of the "currency" is variable, but *you* decide what value *you* place on it, relative to the market. In fiat systems, *somebody else* (maybe "everyone", maybe an oligarchy) decides not only what value they place on it, but what value YOU must place on it. It's backed, not by trust, but by theft and threat of violence or default; witness the US confiscations of gold and legal tender laws, or the current Russian replacement of old rubles with limited quantities of new ones. Non-fiat soft currencies, including Green Stamps, private banknotes, etc. work ok because the issuers realize they are subject to the constraints of the market, so they have to maintain the goodwill of their customers, either through backing with harder currencies, goods or services, or through expectations of future backing with them. That's easiest to maintain if you're a provider of services, or if you're (for example) providing a convenient storage/exchange of other currencies. In addition to US and other government fiat currency, I also use a variety of private currencies - checks and credit cards, which are agreements to provide quantities of real silver money, (or substitute Federal Reserve private banknotes instead); New York Subway Tokens and New Jersey freeway toll tokens, which are agreements to provide services; Joe's Coffee Pot money, which is an agreement to provide addictive drugs :-). I know and trust Joe, and he'll either provide the coffee out of the accumulated coffee profits, or his own pocket, and I'd only be out a buck if he defaults anyway. I somewhat know and distrust the New York and New Jersey transportation bureaucracies, but they'd take too much political heat if they defaulted, and the price for their services never decreases :-), so I'm willing to risk 1-20 bucks, and tokens are a bit cheaper than cash in NJ. I use credit cards mainly for convenience; merchants are willing to give me stuff in return for my signature on a credit card bill because they trust the credit card provider to generally pay up. Merchants in the US generally accept US traveller's checks, because they can get cash for them cheaply and quickly; merchants in Central or Eastern Europe either didn't take them, or gave me less than face value for them. If we're going to start using digicash, and want people to accept it in return for goods and services, we either need to back it with services (like email or remailing or software support or freeway tolls), or we need to back it with other-currency transport/delivery/storage services the way credit cards and travellers checks do, or find some other reason for people to want the digicash and trust its value-stability. > [Elitist stuff about mob rule under democracy, deleted] I agree with most of what you say there. I'd be happy to have a system where the public could BLOCK new legislation, or get rid of old legislation, but just not make new stuff; the catch is how to implement it in a way that doesn't get the positives and negatives mixed up. Bill Stewart From baumbach at atmel.com Thu Aug 19 18:00:50 1993 From: baumbach at atmel.com (Peter Baumbach) Date: Thu, 19 Aug 93 18:00:50 PDT Subject: Traveller's Checks... Message-ID: <9308192350.AA12661@bass.chp.atmel.com> Peter Wayner says: > I think that American Express wouldn't be interested in > anonymous cash because the most important "feature" of > a traveller's check is the lack of transferability. Once > they're bought, only one person can spend them. >[...] I think American Express would be interested in collecting a percentage of the cash-flow. The underground economy is pretty big. Wouldn't it be nice to get a percentage of it? Peter Baumbach baumbach at atmel.com From mbriceno at aol.com Thu Aug 19 19:20:49 1993 From: mbriceno at aol.com (mbriceno at aol.com) Date: Thu, 19 Aug 93 19:20:49 PDT Subject: mailing list <-> newsgroup ? Message-ID: <9308192144.tn196089@aol.com> gtoal at gtoal.com writes: >Admittedly, if [Cypherpunks] comes in with your real mail it would be a pain. It does come with my regular mail and yes: it is a pain. >But I'd rather keep it as email than news just to keep that cretin >Sternlight out :-) I stopped reading the PGP news group. This Sternlight guy is monopolizing-and thereby destroying- the discussion. Better stay a mailing list. --Marc From nfe at scf.nmsu.edu Thu Aug 19 20:00:49 1993 From: nfe at scf.nmsu.edu (nfe at scf.nmsu.edu) Date: Thu, 19 Aug 93 20:00:49 PDT Subject: parallel DES thread Message-ID: <9308200259.AA18201@NMSU.Edu> nobody at alumni... please write me. nfe at freedom.nmsu.edu From hfinney at shell.portal.com Thu Aug 19 22:50:51 1993 From: hfinney at shell.portal.com (hfinney at shell.portal.com) Date: Thu, 19 Aug 93 22:50:51 PDT Subject: Encrypted cypherpunks list Message-ID: <9308200517.AA14986@jobe.shell.portal.com> A reminder to old subscribers, and a notice to new: I have some software running on this system (related to the remailer software) which can be configured to send a PGP-encrypted version of the list to subscribers. This way you can receive this "subversive" material without any local system operators knowing what you are doing. Send me your address and PGP public key if you'd like to be put on the encrypted list. Hal Finney hfinney at shell.portal.com From nobody at shell.portal.com Thu Aug 19 22:51:18 1993 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Thu, 19 Aug 93 22:51:18 PDT Subject: Blinded RSA signatures Message-ID: <9308200544.AA15625@jobe.shell.portal.com> An excellent description of blinding and digital cash, forwarded from sci.crypt: In article <24924cINNg4c at network.ucsd.edu>, loki at sdphu3.ucsd.edu (Lance M Cottrell) writes: -----BEGIN PGP SIGNED MESSAGE----- Some time ago I read an article in Scientific American about using RSA and smart cards to achieve untraceable and unforgable electronic cash. The system hinged on being able to "blind" a message which would be signed by the bank, and then the blinding would be removed without disturbing the signature. The signed message would then decrypt to the original message, but the signer would not know what she had signed. The article made no mention of how to do this "blinding". This morning I came up with a method which I would like comments upon. First the notation ^ : exponentiation n : the bank's modulus (p*q in usual notation) e : the exponent used to encrypt the message sent to the bank d : the exponent used to decrypt the bank's encryption. t : the text that you want signed. x : some random number with a multiplicative inverse mod n. y : the inverse of x mod n. c : the cipher text corresponding to t a : the blinded plain text b : the encrypted blinded text. Now the procedure. blind the plain text by a = ((x^d) * t) mod n the bank encrypts a by b = (a^e) mod n = ((((x^d)^e)mod n) * ((t^e)mod n)) mod n the blind is removed by multiplying through by y since ((x^d)^e)mod n = (x^(d*e))mod n = x c = y * b = (y * x * ((t^e) mod n))mod n = (t^e) mod n The question is, can one find x and y such that (x*y) mod n = 1, and can the bank recover t when only given a. Also, please tell me if there is some fundamental error in my handeling of math mod n. Many thanks for any comments. If anyone knows the method the original authors used, please post that as well. Fine description of Chaum's blind signature protocol. Your math looks good. It is easy to find y, given x and n, such that (x*y) mod n = 1, (provided gcd(x,n)=1, as it is for most x ). See Knuth Vol II section 4.5.2, or look up the extended Euclid's algorithm in some good algorithms text. The bank can not tell which t was signed via some a, since for any t and a with t in the multiplicative group mod n, there is some x such that a=x^d * t (mod n). Thus (1)the procedure is tractable, (2)blind forgeries are only possible if RSA is weak, and (3)the "blind" is unconditionally secure. Bryan Olson olson at umbc.edu From hfinney at shell.portal.com Thu Aug 19 22:51:38 1993 From: hfinney at shell.portal.com (hfinney at shell.portal.com) Date: Thu, 19 Aug 93 22:51:38 PDT Subject: Physical to digital cash, and back again Message-ID: <9308200517.AA14990@jobe.shell.portal.com> I agree with Anonymous that there are problems with the actual use of digital cash in the near term. But it depends to some extent on what problem you are trying to solve. One concern I have is that the move to electronic payments will decrease personal privacy by making it easier to log and record transactions. Dossiers could be built up which would track the spending patterns of each of us. Already, when I order something over the phone or electronically using my Visa card, a record is kept of exactly how much I spent and where I spent it. As time goes on, more transactions may be done in this way, and the net result could be a great loss of privacy. Paying in cash is still possible through the mail, but it is insecure and inconvenient. I think that the convenience of credit and debit cards will overcome most people's privacy concerns and that we will find ourselves in a situation where great volumes of information exist about people's private lives. This is a place that I could see digital cash playing a role. Imagine a Visa-like system in which I am not anonymous to the bank. In this model, imagine that the bank is granting me credit similar to a credit card. But instead of giving me just an account number which I read over the phone or send in an email message, it gives me the right to request digital cash on demand. I keep some digital cash around and spend it for transactions as I described in my previous posts. When I get low I send some email to the bank and get some more dcash. Every month I send a check to the bank to cover my account just as I do with my credit cards. My relations with the bank are very similar to my current relationships with the credit card companies: frequent withdrawals and a single payment each month by check. This has several advantages over the system which we are heading towards. No records are kept of where I spend my money. All the bank knows is how much I have withdrawn each month; I may or may not have spent it at that time. For some transactions (e.g. software) I could be anonymous to the vendor; for others the vendor might know my real address, but still no central location is able to track everything I buy. (There is also a security advantage over the ridiculous current system in which knowing a 16 digit number and an expiration date allows anyone to order anything in my name!) Furthermore, I don't see why this system could not be as legal as current credit cards. All that really differs in this system is the inability to track where users spend their money, and as far as I know this ability was never an important legal aspect of credit cards. Certainly nobody will admit today that the government has a vested interest in moving towards an environment in which every financial transaction is tracked. Granted, this does not provide full anonymity. It is still possible to see roughly how much each person spends (although nothing stops a person from withdrawing much more cash than he will spend in a given month, except per- haps for interest expenses; but maybe he can lend the extra digicash itself and gain interest on that to compensate). And it is oriented around the same customer/vendor model that Anonymous criticized. But I maintain that this model represents the majority of electronic transactions, today and in the near future. It's worth noting that it is not trivial to become a merchant who can accept credit cards. I went through this with a business I had a couple of years ago. We were selling software through mail order, and this makes the credit card companies very nervous. There is so much phone fraud in which credit card numbers are accumulated over a few months, then large amounts of charges made against them. By the time the user receives his monthly statement and complains, the vendor has disappeared. In order to get our credit card terminal we went to a company which "helps" startups with this. They seemed like a pretty shady outfit, themselves. We had to fudge our application to say that we'd be selling something like 50% of the units at trade shows, which apparently counted as over-the-counter sales. And we had to pay about $3,000 up front, as a bribe, it seemed. Even then we probably couldn't have done it if we hadn't had an office in the business district. Under the digital cash system, this might be less of a problem. The main problem with digital cash is double-spending, and if you are willing to go with online verification (reasonable for any business which is going to take anything over several hours to deliver the merchandise) this can be completely prevented. So there is no longer any possibility of merchants collecting credit card numbers for later fraud. (You still have problems with non-delivery of merchandise, though, so not all risks are eliminated.) This might eventually make the system more widely available than current credit cards. I don't know whether this system could be used to support illegal actions, tax evasion, gambling, or whatever. That is not the purpose of this proposal. It does offer the prospect of improving personal privacy and security, in a framework that might even be legal, and that's not bad. Hal Finney hfinney at shell.portal.com From panzer at drown.slip.andrew.cmu.edu Fri Aug 20 00:56:17 1993 From: panzer at drown.slip.andrew.cmu.edu (Panzer Boy) Date: Fri, 20 Aug 93 00:56:17 PDT Subject: Anonymous IRC Message-ID: Subject2: Lurker adds another Thread... Many people, I assume, have used, or at least heard of IRC. For those of you who haven't, it is a real time chat system made up of many servers that clients(users) connect to. Once connected the user can talk to pretty much anyone else on the system. It is similar to CIS's CB and other CB simulators/chat-lines. For more info, ftp to CSA.BU.EDU and look in the "/irc" directory, both servers and clients can be found. The current "problem" with irc is that when you connect, anyone can figure out who you are. Or if you have "hacked" up the standard client, people can figure out your hostname. This doesn't allow private/anonymous connections to happen. The "fix" I decided was to modify the server code and make all connections completely anonymous. Anonyminity is to all, the Server keeps no long-term records of the machines it is connected to, and the only connection information it keeps is in socket information. Owning the Server does not give you access to Clients information. Now, the only way people are identified by, is their chosen Nickname or alias. I have this server up and running on my own machine with basically no one using it currently. I would like to see what people think, pros & cons, of real-time anonymous chat. If you would like more information, you can send me email. Or you can either compile your own client, or run an existing one. Change your server to "DROWN.SLIP.ANDREW.CMU.EDU", and you should connect. Disclaimer: Since this is still an experimental server, no guarentee will/can be made about your protection. -Matt (panzer at drown.slip.andrew.cmu.edu) From nobody at alumni.cco.caltech.edu Fri Aug 20 01:30:53 1993 From: nobody at alumni.cco.caltech.edu (nobody at alumni.cco.caltech.edu) Date: Fri, 20 Aug 93 01:30:53 PDT Subject: Violent Revolution? Message-ID: <9308200824.AA23769@alumni.cco.caltech.edu> ++> From: koontzd at lrcs.loral.com (David Koontz ) + >Cypherpunks are providing the basis for long-range, (relatively) secure + >communication between those activists and thinkers who may have the + >power to bring down the State and restore the individual autonomy this + >nation was originally devised to foster. ++> As I understand it the Libertarian Party qualifies membership to ++> exclude any endorsement of violent overthrow of government. 1] I didn't see that the writer said anything about Libertarians. 2] I didn't get the impression that the writer was specifically calling for the violent overthrow of the government, only that he/she believed that actual violence _might_ eventually come. ++> While some ++> portion of those affected by this policy may well have gone ++> underground... Of course, I cannot personally say with any accuracy, but I feel strongly that a private ("underground," if you prefer) network of those discussing radical options must exist as a direct result of more secure communication. I have no evidence of this, but it seems like such an obvious and irresistable consequence that I can't picture it NOT happening, especially considering the numbers of pissed-off people using computer networks these days. ++> I don't believe that cypherpunks as a committee of the ++> whole are willing or ready to do so. 1] I didn't get the impression that the writer was saying that Cypherpunks were part of any such conspiracy, if it even exists, but only that Cypherpunks tech aided their communications. 2] I have also never been clear on how formal an organization Cypherpunks actually are - if they actually have a platform or a membership roster or secret handshakes or have turned the word "Cypherpunks" into a registered trademark with marketing licensed for logoed adjustable size baseball caps and childrens' lunchbox sets. Is there sufficient officialness for the result of a nut with "CYPHERPUNKS!" on his chest in Magic Marker biting off Hillary Roddam's left thumb at a press conference to be the forfeiture of Tim May's personal fortune under RICO? I wonder. ++> Then again as someone pointed out yesterday, cypherpunks aren't just ++> libertarians... Whatever gave you the idea that they were? ++> Some ++> portion, however large of those receiving this mailing list, may not ++> agree with this political leaning and may not consider it germaine to ++> their participation. Certainly true enough, but who claims to "speak" for cypherpunks anyway? ++> Avoiding the appearance of endorsing the violent overthrow of ++> government is prudent policy for any organization. Hell, yes. If I were signing my name to stuff, I'd be as benightedly pro-Statist in my posts as David Sternlight himself. From HELGEU at dhhalden.no Fri Aug 20 02:30:53 1993 From: HELGEU at dhhalden.no (HELGE RENE URHOLM) Date: Fri, 20 Aug 93 02:30:53 PDT Subject: "Clipper" in Norway (FYI) Message-ID: <9308200929.AA14585@toad.com> The Department of Defence in Norway have given permission to develop a new crypto-chip to use in all public and confidential data, which has been collected about persons and groups. The algorithm is secret. The chip has been compared with the American Clipper-project. The Department of Defense will be administering the keys, and the user will have no choice whether they want to use the chip or not. They are even trying to enforced the health system to use this chip. Last week Hans Olav Oestgaard (head of the Norwegian secret service) said he wanted a law which enforce companies and single persons to encrypt all information such that the secret service can access the information in a simple way. From nobody at shell.portal.com Fri Aug 20 03:36:21 1993 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Fri, 20 Aug 93 03:36:21 PDT Subject: Parallel DES Decrypt Experiment Message-ID: <9308200830.AA19492@jobe.shell.portal.com> > Recent postings have gotten me to thinking: If we wrote a > easily portable UNIX program to decrypt DES in parallel across > our many machines, how fast could we go? > What do y'all think? I say do it as an experiment. That's how I always justified doing crazy stuff as a child. Besides, as a non-programmer, I am exempt from actually doing any work on the project. From bill at twwells.com Fri Aug 20 05:06:29 1993 From: bill at twwells.com (T. William Wells) Date: Fri, 20 Aug 93 05:06:29 PDT Subject: cypher breaking and genetic algorithms Message-ID: Well, since I'm here, I thought I'd satisfy a curiosity of mine. Has anyone done any research, formal or informal, on the use of genetic algorithms to break cyphers? If not, would anyone care to discuss how it might be done? From bill at twwells.com Fri Aug 20 05:16:33 1993 From: bill at twwells.com (T. William Wells) Date: Fri, 20 Aug 93 05:16:33 PDT Subject: T. Wells & Anonymity In-Reply-To: Message-ID: <9308200739.AA01030@twwells.com> I've written a long post in answer to Ed and Julf's message. However, I've decided that it's best not to burden everyone with a couple of hundred lines of stuff whose content can be summarized as "there is little truth in their message and what little there is is told in such a way as to be misleading". If anyone cares to listen to my full rant (excepting Ed, whom I simply refuse to deal with), drop me a line and I'll send it to you. From an31122 at anon.penet.fi Fri Aug 20 06:36:33 1993 From: an31122 at anon.penet.fi (an31122 at anon.penet.fi) Date: Fri, 20 Aug 93 06:36:33 PDT Subject: Genetic Algorithms and password cracking Message-ID: <9308201332.AA27968@anon.penet.fi> Hi, If my understanding of GAs is correct (not a given), they operate by progressively narrowing the search space until they arrive at the solution. More clearly, each generation uses information gleaned from previous generations to guide the current search. The operation depends on being able to take two sets of input parameters and decide which operates better than the other. I'm not a cryptographer, so I don't know whether there is a way to find out if an answer is "close" to the actual. If not, GAs will probably be of little use. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From pmetzger at lehman.com Fri Aug 20 07:16:54 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Fri, 20 Aug 93 07:16:54 PDT Subject: Traveller's Checks... In-Reply-To: <9308192136.AA18425@chiba.tadpole.com> Message-ID: <9308201416.AA03878@snark.lehman.com> Jim Thompson says: > > > > > > I think that American Express wouldn't be interested in > > anonymous cash because the most important "feature" of > > a traveller's check is the lack of transferability. Once > > they're bought, only one person can spend them. > > I doubt that Amex is interested in traveller's checks for this > reason. AMEX likes traveller's checks because they make a lot > of money on the 'float', the time value of the money you give them > before they have to redeem the checks when some bank presents them > for payment. This is not where my masters make theirs most money. Remember, over the course of a few weeks during which you hold the travelers checks, the riskless rate of return will bring in an insanely small amount of money. Currently, even long term rates are at best 6% per annum, and you can't make that much in the money markets in practice. In fact, real interest rates, that is rates taking inflation into account, are near zero right now. On the other hand, the percentage of face value that you are charged when you buy the checks makes a couple percent instantly. The float is just cream -- its not the bread and butter. Perry Who works for Lehman Brothers, a division of American Express but who is not directly affiliated with Travel Related Services, who issue Travelers Checks and "The Card". From pmetzger at lehman.com Fri Aug 20 07:31:32 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Fri, 20 Aug 93 07:31:32 PDT Subject: Traveller's Checks... In-Reply-To: <9308192350.AA12661@bass.chp.atmel.com> Message-ID: <9308201431.AA03899@snark.lehman.com> Peter Baumbach says: > Peter Wayner says: > > I think that American Express wouldn't be interested in > > anonymous cash because the most important "feature" of > > a traveller's check is the lack of transferability. Once > > they're bought, only one person can spend them. > >[...] > I think American Express would be interested in collecting a > percentage of the cash-flow. The underground economy is pretty > big. Wouldn't it be nice to get a percentage of it? No. They have a special relationship with many governments around the world and in order to keep it are extremely careful not to involve themselves in anything that even remotely smells, especially after the Safra affair a few years ago. Perry From remailer at merde.dis.org Fri Aug 20 07:51:03 1993 From: remailer at merde.dis.org (remailer bogus account) Date: Fri, 20 Aug 93 07:51:03 PDT Subject: No Subject Message-ID: <9308191811.AA23324@merde.dis.org> -----BEGIN PGP MESSAGE----- Version: 2.2 hIwCHO5QWqKhlGkBA/4vqr/zWYTqp7Ugn2UulFEqUN1x2u59J9h5YhUKxwkUStQX L/U4bYSvNKtM9IeNhrWlV2Tu5oLtgKPd4b2BKmwI9XDLUjz5j4V2gl+D2HMnc4l6 lxiNwe5YQxqJWID9g8G2nvntBZ9HxBISdxdIbOWhhcHZp5el1QIUYzLX8kCEE6YA AAKs32ol/0slZ/tGj7TsmFnn8kxP3PXhNpguAOtE1xlN0ct5F0ww36SozwNTDvJd e0tvF72TGVgLooMLmoOWP9OyqUTkQXbufCvqamW2xzHa6lrpNWpkvZGY3gQqzBVj shz3TKBKq0oYqjn9SYDRg2Z7OdK4Z0KQR/OQagH7rvF0LOrtobIR7niL5ZgaiVof Sd0BDgnkWGsLFlumIJlx2cfQhDWd07z+CePraAioWBjqDTtUykuVZkdRkpNtELMB /FGy0jmXE4dYmoj2IkKmrMfCqsDku048WM5dC2pZKZOKE6buCwDOmk2QOCi20x6v 8t7zdo2VCDGtnKAJrOMkm9qjNjo2lkik9Hq4E0FHxTHxKkie2WH8M/3t64r9s5T5 VhHqC7ntDeyC6FOnl/nhbhhpa854wPVNkI2e/2WZrJ4tddSIuX9tpJAXnXvaMe1R EizpmT6Kz0yG/qY5IKyyKaYadqUIqMtsNzuupdclhwx7apDaWWGR/G7m0F1x1DHU WC5p8RSilbscmzAI+cWpGb1UbqX4ARTiFOsdPYzO5Nh00eKCFd3M93BEZ+4MWQel bsFq6HerLsOCAzLX2ED0byhF9pm4dxiV95UJgjbIaECzZZ7aLMs6iIPLFffxzDmn nZu/Ld0EDlUE1mqJmJOfqpLWShj+J/rk0TwpJbxMkpnab1P7N6Cey+q/lzkROWQE kVDchUaduE12I5WsKFoSfADC32lDiB1VS4PlhlbcUlKtE4aL4ByC5EBIUZQe0bMv AUERJt2jLm1hQLMLM0iH3yYXQRj/NIf9qOIYhM2CEcXbLkX9qky8JOsZtX6mlA+S h7sUJ50PThBUml7gichtQkO9Jb2JcXKmgB/AXvxY2OY8KK75kRM5peT4li0vOfxR kQV4HIlRSfVFpoExpOZz =TIu3 -----END PGP MESSAGE----- From gtoal at an-teallach.com Fri Aug 20 08:01:03 1993 From: gtoal at an-teallach.com (Graham Toal) Date: Fri, 20 Aug 93 08:01:03 PDT Subject: building a sound sampler for cryptophone application... Message-ID: <9308201356.AA07181@an-teallach.com> My old uncle - a retired electrical engineer - has gone back to night classes to learn electronics. His class has to do little projects that they pick themselves; nothing too advanced yet - his last one was a musical door-chime... Anyway, he was asking me for ideas for projects to build, and believe me I've got dozens :-) The one that I think is of most value to most people, if he designs a simple circuit for it that I can publish, is a cheap sound sampling interface .... which we can happen to steal for our various cryptophone projects... Here's how I see the design: it feeds data into a (probably IBM PC) parallel port (has to be the bidirectional kind, a plain printer port clearly won't work), and *it* supplies the timing, ie the PC reads from the port when the flags say data is ready, and no more data will be presented to that port until n uSecs later - I foresee it supplying data at either 8000 bytes/sec or 4000 bytes/sec if the former is too fast for a PC to handle. Putting the timing in the sampler frees the PC from a horrendous overhead in sampling at accurate times, and would make it trivial to feed the 4000Hz samples into code like 'shorten' which would then be shoved down a v32bis modem quite comfortably. At a cost *much* less than any commercial sampler: this thing is built from: a battery; a box; a DAC; a 7$ microphone; a parallel port driver; a crystal, and a counter. And that's it. Dead cheap and easy to build, I hope. What I'm writing here to ask is where can I get info on what chip to use to feed data into a PC down the bidirectional parallel port, and how do you drive the chip and what are the pinouts etc. I don't expect anyone to mail me detailed schematics or anything like that, just a pointer to where to look for them. (Though if someone *did* have data sheets, I wouldn't say no to a quick fax :-) ) (fwiw, I used to do electronics as a hobby *years* ago - I once built a dual-processor micro with dynamic ram, so don't be shy of mailing me anything grossly technical; I've forgotten most of what I knew in detail, but I remember enough to steer my uncle in the right direction, though I won't be doing the actual circuit design myself) Thanks for your time. I hope this isn't considered too off-topic... (I mean, I *could* have posted an incredibly interesting piece about the Challenger disater instead, eh Eric? ;-)) G PS Pointers to suitable usenet groups equally appreciated... From collins at newton.apple.com Fri Aug 20 10:16:56 1993 From: collins at newton.apple.com (Scott Collins) Date: Fri, 20 Aug 93 10:16:56 PDT Subject: cypher breaking and genetic algorithms Message-ID: <9308201639.AA10388@newton.apple.com> Hello, -- T. William Wells writes: -- Well, since I'm here, I thought I'd satisfy a curiosity of mine. Has anyone done any research, formal or informal, on the use of genetic algorithms to break cyphers? If not, would anyone care to discuss how it might be done? GA's (which I love, but you won't be able to tell from the following) are a 'robust' search mechanism better at finding _good_ answers than _the_ answer. Because genetic search is driven by partial reward from a partially correct solution, GA's are not adept at searching a space that is very flat except for the single 'spike' of the correct answer. Good encryption systems are like this. You are either right or wrong, no in between. Being one bit off in the key should give a totally fruitless result. GA's don't help much with such ciphers. However, in simple substitution ciphers, frequencies and patterns in partial decryptions can provide the reward GA's need to climb the hills. In fact, Spillman, Janssen, Nelson and Kepner wrote an article in the January 1993 Cryptologia titled "Use of a Genetic Algorithm in the Cryptanalysis of Simple Substitution Ciphers" in which they found that, for the particular class of problems they were solving, within (a short) 100 generations, the GAs could bring the cipher text to the point where a human could 'just read it', whatever that means. Scott Collins | "Few people realize what tremendous power there | is in one of these things." -- Willy Wonka ......................|................................................ BUSINESS. voice:408.862.0540 fax:974.6094 collins at newton.apple.com Apple Computer, Inc. 1 Infinite Loop, MS 301-2C Cupertino, CA 95014 ....................................................................... PERSONAL. voice/fax:408.257.1746 1024/669687 catalyst at netcom.com From baumbach at atmel.com Fri Aug 20 11:01:06 1993 From: baumbach at atmel.com (Peter Baumbach) Date: Fri, 20 Aug 93 11:01:06 PDT Subject: cypher breaking and genetic algorithms Message-ID: <9308201738.AA12822@bass.chp.atmel.com> Scott Collins writes: >[...] > between. Being one bit off in the key should give a totally fruitless > result. GA's don't help much with such ciphers. >[...] What if the GA "knew" the plain-text, the cyphertext, and the encryption algorithm, and was searching for a decryption algorithm without the encryption key? Would that be for fruitful? Peter Baumbach baumbach at atmel.com From hughes at soda.berkeley.edu Fri Aug 20 11:01:34 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Fri, 20 Aug 93 11:01:34 PDT Subject: building a sound sampler for cryptophone application... In-Reply-To: <9308201356.AA07181@an-teallach.com> Message-ID: <9308201757.AA04239@soda.berkeley.edu> >Thanks for your time. I hope this isn't considered too off-topic... (I >mean, I *could* have posted an incredibly interesting piece about the >Challenger disater instead, eh Eric? ;-)) Perfectly on-topic, Graham. That said, I think that designing custom hardware for sound sampling is a waste of time, given the abundance of multimedia cards that already work. The barrier to entry to solder up even the tiniest, simplest circuit is enormous for most people. Cypherpunks is not the Privacy League for Hackers. The solutions that we make should be to the greatest extent available to all without special prerequisites. That means that hardware should be freely purchasable, since the resource of money is more widely available that the resource of hardware skill. It means that software should not require root for Unix machines, nor, if possible, knowing how to operate a compiler. While I applaud your enthusiasm, your effort toward getting usable secure phones would be much betting spent writing device drivers for various soundblaster-type cards. Eric From hughes at soda.berkeley.edu Fri Aug 20 11:31:34 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Fri, 20 Aug 93 11:31:34 PDT Subject: Blinded RSA signatures In-Reply-To: <9308200544.AA15625@jobe.shell.portal.com> Message-ID: <9308201831.AA06912@soda.berkeley.edu> > The article made no > mention of how to do this "blinding". > This morning I came up with a method which I would like > comments upon. Apparently the first author (the one being quoted in the forwarded message) had never been exposed to the relevant math before. What is therefore significant is that this person has exactly reconstructed the basic Chaum blind signature, except for notation. The basic blind signature does not work well in practice, since the product of two such signatures is also a signature. In practice one signs a one-way hash function of the message text and exhibits the actual text; this destroys the ability to multiply signatures, assuming that finding multiplicative pairs for the hash function is hard. This scheme of algebraic blinding is quite easy to apply, once you get the hang of it. For example, it is behind the core of the encrypted open books protocol, where to blind g^x you create a pair g^(x+r),h^r. Basically all of the atomic operations that recent cryptology uses-- e.g. exponentiation in finite rings, both in the discrete log systems and in RSA, integer multiplication in elliptic curves--are amenable to blinding. The El Gamal signature scheme uses a random number to create the signature pair. Applications to existing protocols are left as an exercise by the reader. Eric From hughes at soda.berkeley.edu Fri Aug 20 11:51:06 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Fri, 20 Aug 93 11:51:06 PDT Subject: Crypto Protocols are Hard to Analyze In-Reply-To: <9308190715.AA23256@netcom5.netcom.com> Message-ID: <9308201847.AA08308@soda.berkeley.edu> >Eric Hughes investigated digital money from a legal point of view [...] Indeed. It's a mess. No matter how you do it, it seems, real corporations will have to be involved, which means business plans, etc. Not a low entry barrier, unfortunately. If you hold money for someone else, you'd better be a corporation in order to limit liability. And if you hold money for someone else, you're either entirely within the regulated bank environment or so close to its edge that your territory could be included at any time. It appears the easiest way to get digital money going is to be the bank--a fully legitimate, above board, fully qualified financial institution. Fortunately, one doesn't have to be exactly a bank, in the legal sense. Other institutions are available, such as credit unions, mutual savings banks, and S&L's--these are the so-called thrift institutions. These tend to have reduced regulatory burden in exchange for limited power to transact. Eric From gtoal at an-teallach.com Fri Aug 20 11:51:35 1993 From: gtoal at an-teallach.com (Graham Toal) Date: Fri, 20 Aug 93 11:51:35 PDT Subject: building a sound sampler for cryptophone application... Message-ID: <6263@an-teallach.com> In article <9308201757.AA04239 at soda.berkeley.edu> hughes at soda.berkeley.edu writes: > That said, I think that designing custom hardware for sound sampling > is a waste of time, given the abundance of multimedia cards that > already work. Yes, but have you ever tried to drive them from a C program? From the scanty docs I got with my Soundblaster, I wouldn't know where to start. And I get the impression that there's a major cpu overhead with these cards, like you can't actually do anything useful apart from grab the data. I want the data input to be free so there's CPU left over for compression and encryption and network or modem driving, without having to use a 66MHz 486 to do it... Oh, and multimedia cards are pretty expensive. This will cost maybe $25 at most. It's the sort of thing that once designed, hardware-inclined cypherpunks could hack up dozens of at home and pass them on at conventions like HoHoCon or the one we just had in the Netherlands... > While I applaud your enthusiasm, your effort toward getting usable > secure phones would be much betting spent writing device drivers for > various soundblaster-type cards. *My* effort already is being better expended elsewhere. As I said, my old uncle has time on his hands and wanted suggestions; I thought it was better not to squander such an opportune resource on junk like chiming doorbells when he could be doing something for us just as easily. Now, if anyone actually has an answer to the question, which was about how to drive a PC parallel port for input, do let me know please. regards Graham === Personal mail to gtoal at gtoal.com (I read it in the evenings) Business mail to gtoal at an-teallach.com (Be careful with the spelling!) Faxes to An Teallach Limited: +44 31 662 4678 Voice: +44 31 668 1550 x212 From hughes at soda.berkeley.edu Fri Aug 20 12:01:56 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Fri, 20 Aug 93 12:01:56 PDT Subject: ADMIN: Blacknet mailings on the cypherpunks list Message-ID: <9308201901.AA09451@soda.berkeley.edu> There was a recent PGP message encrypted for Blacknet that sailed by on the list. This message did not discuss any topic relevant to cypherpunks from what I could read, since, _a fortiori_ it didn't say anything I could read. Encrypted traffic such as this is inappropriate for this list. Take it elsewhere. Tim and I have already invented the proper forum for this. It's a usenet newgroup called alt.w.a.s.t.e (Read Pynchon to get the joke) The charter for this group is that it takes only encrypted messages. No plaintext allowed. Discussions about alt.w.a.s.t.e must therefore occur in a separate discussion group, named according to Usenet convention alt.w.a.s.t.e.d If someone would kindly create these two groups, the BlackNet folks can revise their announcement appropriately. I was waiting for some reason to create the newsgroup, because I didn't know what traffic would go across it. Now there is some, and it deserves its own home. Eric From tcmay at netcom.com Fri Aug 20 12:11:06 1993 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 20 Aug 93 12:11:06 PDT Subject: (fwd) anonymus@charcoal.com is going away Message-ID: <9308201907.AA26206@netcom5.netcom.com> Submitted for your consideration.... Message-ID: Date: 20 Aug 1993 18:08:05 GMT From: Karl_Kleinpaste at charcoal.com Organization: Charcoal Communicators, Pittsburgh, PA, USA Newsgroups: alt.privacy.anon-server,alt.personals,alt.sex.movies,alt.sex.fetish.feet,alt.personals.ads,alt.sex.bondage,alt.personals.bondage,soc.bi Followup-To: alt.privacy.anon-server Subject: anonymus at charcoal.com is going away Reply-To: anonymus+admin at charcoal.com I got off the phone a while ago with someone who is responsible for mail at a large southern university. He called me because he is being pressed for action regarding anonymous mail sent through charcoal.com. It seems that there is a dweeb at this university who is sending anonymous "secret admirer" mail. Two of the five recipients of this sort of mail have raised the issue through university channels as harassment, and at least one of those is in the process of dealing with the police because it correlates uncomfortably closely with harassing phone calls and other incidents going down. This mail admin, having looked through his system's mail logs for sources of the trouble, observed that one individual has repeatedly sent mail to anonymus+clear at charcoal.com, and sometime shortly thereafter mail comes back for these recipients, on the same machine. (Yes, really. This person is sending questionable anonymous mail to people on the same system as himself. No joke, though I wish it was. It's a Big Bluish Beastie.) So while I was unwilling to identify the originator of the mail myself, the admin identified him for me by login name, and he was (no surprise) correct. The individual in question is going to get at least a stern talking-to by Those Who Matter. It is hoped that the police can be kept at bay, and that more of that university's channels will not be exercised in this process. This comes on the heels of my having had to chase down incidents in the last week or two... ...someone sending half-Mbyte uuencoded core files via anonymus+clear ...having had to extinguish a couple of individuals due to, e.g., repetitious reposting, and personals posted outside alt.personals* ...another report of anonymous harassment whose details I do not feel I am at liberty to disclose at all. anonymus at charcoal.com is going away. My heart is no longer in it, because I am unwilling to ride herd on this ridiculous minority of totally cluefree individuals who seem to believe that they are somehow superior to the rest of the universe and can do things that are clearly against the requirements I stipulate in the info sheet. The potential for repercussions against myself as admin is far too high when I am informed that police are already involved -- I was much too close to such a situation 10 months ago. This server will cease operation on 31 Aug. It is my belief that other anon servers operate in all of the groups currently supported here. Users have 10 days to make other arrangements. More and more, I am convinced that life as a hermit is preferable to life on the network. It is amazing how far one's attitude will fall following one phone call. Please respect Followup-To:. Feel free (feel encouraged) to disseminate this notice wherever appropriate. This note is being posted to alt.privacy.anon-server and those groups which have received 50+ postings in the life of the current news transfer log, less alt.sexual.abuse.recovery (which happens to be far and away in the #1 slot of such a list). -- From jet at netcom.com Fri Aug 20 12:21:06 1993 From: jet at netcom.com (J. Eric Townsend) Date: Fri, 20 Aug 93 12:21:06 PDT Subject: ADMIN: Blacknet mailings on the cypherpunks list In-Reply-To: <9308201901.AA09451@soda.berkeley.edu> Message-ID: <9308201919.AA18692@netcom.netcom.com> Eric Hughes writes: > alt.w.a.s.t.e please make it alt.waste, or alt.w-a-s-t-e if you must have seps between letters. The additional '.' characters will cause a hierarchy: alt.w alt.w.a alt.w.a.s alt.w.a.s.t alt.w.a.s.t.e And would suggest other possibilities such as alt.w.b alt.w.a.s.b-k etc, etc From nowhere at bsu-cs.bsu.edu Fri Aug 20 12:36:36 1993 From: nowhere at bsu-cs.bsu.edu (Anonymous) Date: Fri, 20 Aug 93 12:36:36 PDT Subject: No Subject Message-ID: <9308201935.AA25288@bsu-cs.bsu.edu> An open message to "lurker at cyberspace.nil" As your list administrator, Erik Hughes, has requested, we will no longer accept messages posted on this List. (For bandwidth reasons.) Brief open answer to lurker at cyberspace.nil: No, Yes, Thanks, and "unreliable stock tips" probably have no market value. We understand that ventures like ours have a long way to go. But cyberspace is infinitely extensible, and we will eventually colonize it. In the meantime, this initial experiment proves the concept is basically sound. Lots of work needed, though. More places to post, better anonymous remailers, out-of-the-U.S. mail-to-UseNet services, etc. Onward and Inward! BlackNet -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCPAixusCEAAAEEAJ4/hpAPevOuFDXWJ0joh/y6zAwklEPige7N9WQMYSaWrmbi XJ0/MQXCABNXOj9sR3GOlSF8JLOPInKWbo4iHunNnUczU7pQUKnmuVpkY014M5Cl DPnzkKPk2mlSDOqRanJZCkyBe2jjHXQMhasUngReGxNDMjW1IBzuUFqioZRpABEB AAG0IEJsYWNrTmV0PG5vd2hlcmVAY3liZXJzcGFjZS5uaWw+ =Vmmy -----END PGP PUBLIC KEY BLOCK----- From tcmay at netcom.com Fri Aug 20 12:56:37 1993 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 20 Aug 93 12:56:37 PDT Subject: Thurn, Thurn, Thurn (und Taxis, too!) Message-ID: <9308201953.AA23576@netcom.netcom.com> J. Eric Townsend writes: >Eric Hughes writes: > > alt.w.a.s.t.e > >please make it alt.waste, or alt.w-a-s-t-e if you must have seps >between letters. The additional '.' characters will cause a >hierarchy: > >alt.w >alt.w.a >alt.w.a.s >alt.w.a.s.t >alt.w.a.s.t.e For the first 3/4 of "The Crying of Lot 49," Oedipa Maas thinks she is seeing "WASTE" written on boxes and mail drops. It is only later, as she is travelling through Berkeley by AC-DC ("standing for Alameda County Death Cult"), that she notices the periods, writ very small (.). So calling our cyberspace mail drop "alt.waste" would have resonances with this Oedipal error, allowing the correcting of newbies. Don't Ever Antagonize the Horn. (I hear you crying "No maas!," so I'll stop with the puns.) -Tim -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: by arrangement Note: I put time and money into writing this posting. I hope you enjoy it. From collins at newton.apple.com Fri Aug 20 12:56:57 1993 From: collins at newton.apple.com (Scott Collins) Date: Fri, 20 Aug 93 12:56:57 PDT Subject: cypher breaking and genetic algorithms Message-ID: <9308201852.AA16537@newton.apple.com> Oops, forgot to CC:cypherpunks. Sorry. -- Peter Baumbach writes: -- What if the GA "knew" the plain-text, the cyphertext, and the encryption algorithm, and was searching for a decryption algorithm without the encryption key? Would that be for fruitful? The attack I was describing assumed that the genetic strings _were_ keys and the population was about finding the right key. Peters response suggests that rather than a population comprising keys, a population of 'programs' -- probably built from (constantly reordered) modules that performed the same atomic operations used by the encryption algorithm (and then some). This is a very strong generalization, and one that is getting more attention in the field. 'Genetic Programming'. In practice this can lead to more fluid populations. In this instance, though, you can think of a key as a program to be executed by an encryption or decryption machine and see that a population of programs is similar in expressive power to a population of keys. In the case of cryptanalysis of a _good_ cipher, it is the terrain (of the problem space) itself that gives us the clues about the expected performance of GA's. For a population to improve, it has to be able to measure the performance of an individual (how high has it climbed?) so that it can give increased resources to the more successful (whose children are likely to climb higher on a continuous surface). In cryptanalysis, the goal (the mountain peak) is the correct plaintext. An individual, however it may be constructed, yields a trial decryption. Its performance must be measured against the only standard available in this case, the known plaintext (or the expected statistics of plaintext if known plaintext is not available). If there were an accurate measure of how 'good' a trial decryption was then your GA could climb. However that would imply a continuous 'goodness' function, whose surly bonds strong ciphers surely seek to slip. It is this reliance on continuousness that make GAs great at climbing hills, but rarely better than undirected random search at finding a needle in a haystack. Scott Collins | "Few people realize what tremendous power there | is in one of these things." -- Willy Wonka ......................|................................................ BUSINESS. voice:408.862.0540 fax:974.6094 collins at newton.apple.com Apple Computer, Inc. 1 Infinite Loop, MS 301-2C Cupertino, CA 95014 ....................................................................... PERSONAL. voice/fax:408.257.1746 1024/669687 catalyst at netcom.com From pmetzger at lehman.com Fri Aug 20 13:06:37 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Fri, 20 Aug 93 13:06:37 PDT Subject: ADMIN: Blacknet mailings on the cypherpunks list In-Reply-To: <9308201919.AA18692@netcom.netcom.com> Message-ID: <9308202002.AA04541@snark.lehman.com> J. Eric Townsend says: > Eric Hughes writes: > > alt.w.a.s.t.e > > please make it alt.waste, or alt.w-a-s-t-e if you must have seps > between letters. The additional '.' characters will cause a > hierarchy: I highly, highly agree. Perry From pmetzger at lehman.com Fri Aug 20 13:16:37 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Fri, 20 Aug 93 13:16:37 PDT Subject: Thurn, Thurn, Thurn (und Taxis, too!) In-Reply-To: <9308201953.AA23576@netcom.netcom.com> Message-ID: <9308202012.AA04597@snark.lehman.com> Timothy C. May says: > J. Eric Townsend writes: > > >Eric Hughes writes: > > > alt.w.a.s.t.e > > > >please make it alt.waste, or alt.w-a-s-t-e if you must have seps > >between letters. The additional '.' characters will cause a > >hierarchy: > > > >alt.w > >alt.w.a > >alt.w.a.s > >alt.w.a.s.t > >alt.w.a.s.t.e > > For the first 3/4 of "The Crying of Lot 49," Oedipa Maas thinks she is > seeing "WASTE" written on boxes and mail drops. It is only later, as she is > travelling through Berkeley by AC-DC ("standing for Alameda County Death > Cult"), that she notices the periods, writ very small (.). > > So calling our cyberspace mail drop "alt.waste" would have resonances with > this Oedipal error, allowing the correcting of newbies. Yes, Tim, but none the less creating newsgroups with .s used as puncutation instead of as heirarchy seperators is considered Very Rude. I think there is no reason for us to do something that is considered Very Rude even if it is a good joke. Dashes are likely a good compromise. Perry From bill at twwells.com Fri Aug 20 13:16:58 1993 From: bill at twwells.com (T. William Wells) Date: Fri, 20 Aug 93 13:16:58 PDT Subject: cypher breaking and genetic algorithms In-Reply-To: <9308201639.AA10388@newton.apple.com> Message-ID: In article <9308201639.AA10388 at newton.apple.com>, : Well, since I'm here, I thought I'd satisfy a curiosity of mine. : Has anyone done any research, formal or informal, on the use of : genetic algorithms to break cyphers? If not, would anyone care to : discuss how it might be done? : : GA's (which I love, but you won't be able to tell from the following) are a : 'robust' search mechanism better at finding _good_ answers than _the_ : answer. Right. So the essential problem is to define "good" in the context of deciphering. I'm sitting here trying to visualize a structure (>3 dimensions always have eluded me :-) that would let one do this but actually, I had something quite a bit more mundane in mind. What about the simple GA where each of half the bit string represents a number and the fitness function is the bit count of the complement of the XOR of the product of the two numbers and a (presumably) composite number? This seems like it would have the sorts of properties that makee GAs work and, if it this resulted in a practicable factoring system, would make hash out of several cryptosystems. : However, in simple substitution ciphers, frequencies and patterns in : partial decryptions can provide the reward GA's need to climb the hills. Right. I'd assume you'd generate a key and then compute the fitness frorm the decrypted text's statistics. That's an easy one. :-) From tcmay at netcom.com Fri Aug 20 13:26:37 1993 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 20 Aug 93 13:26:37 PDT Subject: Thurn, Thurn, Thurn (und Taxis, too!) In-Reply-To: <9308202012.AA04597@snark.lehman.com> Message-ID: <9308202023.AA04919@netcom5.netcom.com> > > So calling our cyberspace mail drop "alt.waste" would have resonances with > > this Oedipal error, allowing the correcting of newbies. > > Yes, Tim, but none the less creating newsgroups with .s used as > puncutation instead of as heirarchy seperators is considered Very > Rude. I think there is no reason for us to do something that is > considered Very Rude even if it is a good joke. Dashes are likely a > good compromise. > > Perry I'm confused, Perry. I was acknowledging that "alt.waste" (with no periods, no punctuation, in the "waste" part) would be nearly as acceptable as the more Pynchonesque form. Is "alt.waste" a rude formation in some way? -Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From pmetzger at lehman.com Fri Aug 20 13:26:57 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Fri, 20 Aug 93 13:26:57 PDT Subject: Thurn, Thurn, Thurn (und Taxis, too!) In-Reply-To: <9308202023.AA04919@netcom5.netcom.com> Message-ID: <9308202024.AA04640@snark.lehman.com> Timothy C. May says: > > > > So calling our cyberspace mail drop "alt.waste" would have resonances wit h > > > this Oedipal error, allowing the correcting of newbies. > > > > Yes, Tim, but none the less creating newsgroups with .s used as > > puncutation instead of as heirarchy seperators is considered Very > > Rude. I think there is no reason for us to do something that is > > considered Very Rude even if it is a good joke. Dashes are likely a > > good compromise. > > > > Perry > > I'm confused, Perry. I was acknowledging that "alt.waste" (with no > periods, no punctuation, in the "waste" part) would be nearly as > acceptable as the more Pynchonesque form. > > Is "alt.waste" a rude formation in some way? Sorry -- I misunderstood. "alt.waste" would be perfectly fine. Perry From poier at sfu.ca Fri Aug 20 13:36:37 1993 From: poier at sfu.ca (Skye Merlin Poier) Date: Fri, 20 Aug 93 13:36:37 PDT Subject: Anonymous IRC In-Reply-To: Message-ID: <9308202031.AA02041@malibu.sfu.ca> -----BEGIN PGP SIGNED MESSAGE----- And verily Panzer Boy doth spake unto thee: > The "fix" I decided was to modify the server code and make all connections > completely anonymous. Anonyminity is to all, the Server keeps no > long-term records of the machines it is connected to, and the only > connection information it keeps is in socket information. Owning the > Server does not give you access to Clients information. Now, the only way > people are identified by, is their chosen Nickname or alias. I have this > server up and running on my own machine with basically no one using it > currently. I would like to see what people think, pros & cons, of > real-time anonymous chat. Obviously you have not used IRC much... I think this idea would be exceptionally bad. On IRC, for those that have not used it, there are channel operators (chops) on each channel. They have the power to kick and ban people from the channel, if they are being abusive or exremely irritating (eg flooding everyone) . By removing the client information, you remove the efficiency of a ban (usu it applys the the person's userid from any machine on the same domain)... This would make it very easy for one person in a bad mood to ruin a channel for everyone. And believe me, there are usually serveral people of that kind on the net. Perhaps you could set up your own IRC net (similar to the undernet) and have it anonymous, but I would highly recommend against trying this on the standard IRC net. -- S. -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBLHU0my0bkpXW3omvAQGXzAP/ZN6XuQ+WUcndenDVHZ+D3RFxwRR/6gAU Qi2SbhjaBnBj2jJAgimMx6U8zEIlAGk1CQaoWpigi1vZAUwChw9NqXGmRePHHYho 8lwj6GbJZqY5Av0cb0ytdssFcgSwGr5oGbv0JPcceoAL7Hqg+UJGsZ2PfZXwuJhd QWbC9a5J28c= =Z53c -----END PGP SIGNATURE----- From HAHN at lds.loral.com Fri Aug 20 13:51:57 1993 From: HAHN at lds.loral.com (Reply to: hahn@lds.loral.com) Date: Fri, 20 Aug 93 13:51:57 PDT Subject: genetic algorithms for crypto analysis Message-ID: <930820165108.47c@lds.loral.com> It has been noted in this thread that a good crypto algorithm would require an attacker to locate a single spike in a problem space, rather than having to climb a hill (which is, of course, much easier). I recall reading (I think in Sci. Am.) that a theory under investigation now as to why nature has sexual reproduction as part of its repertoire is that this gives a solution-seeking population a better opportunity to located spikey solutions. From the point of view of genetic algorithms, sexual reproduction means that each offspring must be generated from two members of the existing population, each of which contributes half the information needed to generate the offspring. In theory, this maintains a population that is spread over a wider terrain, and is thus more likely to find the spike. I don't know if such a strategy would help at all in crypto analysis, or whether any genetic algorithm programs currently in use employ this strategy. __ | (V) | "Tiger gotta hunt. Bird gotta fly. | (^ (`> | Man gotta sit and wonder why, why, why. | ((\\__/ ) | Tiger gotta sleep. Bird gotta land. | (\\< ) der Nethahn | Man gotta tell himself he understand." | \< ) | | ( / | Kurt Vonnegut Jr. | | | | ^ | From bill at twwells.com Fri Aug 20 14:11:10 1993 From: bill at twwells.com (T. William Wells) Date: Fri, 20 Aug 93 14:11:10 PDT Subject: building a sound sampler for cryptophone application... In-Reply-To: <6263@an-teallach.com> Message-ID: Somebody posted a Unix soundblaster driver on alt.sources, I believe. Someone else will have to go digging though. : Now, if anyone actually has an answer to the question, which was about : how to drive a PC parallel port for input, do let me know please. Well, I have an ancient AT manual that I could probably dig out. But I don't think there's much trick to it. From khijol!erc at colossus.apple.com Fri Aug 20 14:36:40 1993 From: khijol!erc at colossus.apple.com (Ed Carp) Date: Fri, 20 Aug 93 14:36:40 PDT Subject: cypher breaking and genetic algorithms In-Reply-To: Message-ID: > Well, since I'm here, I thought I'd satisfy a curiosity of mine. > Has anyone done any research, formal or informal, on the use of > genetic algorithms to break cyphers? If not, would anyone care to > discuss how it might be done? As I recall, GAs are rather inappropriate for crypto applications, as they tend to give rather inexact answers. In a message where one wrong bit could mean the difference between "en clair" and garbage, they are useless. But for simple substitution ciphers, they can enable one to get "best guess" clear - enough to make the message readable. Hopefully. :) -- Ed Carp, N7EKG erc at apple.com 510/659-9560 anon-0001 at khijol.uucp If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From peb at PROCASE.COM Fri Aug 20 15:01:17 1993 From: peb at PROCASE.COM (Paul Baclace) Date: Fri, 20 Aug 93 15:01:17 PDT Subject: genetic algorithms for crypto analysis Message-ID: <9308202159.AA04543@banff.procase.com> Using a GA to drive a brute force key search would certainly not help: the fitness surface has a needle in a haystack (spike). This kind of problem has been identified as "unlearnable" by theoreticians like Valiant at Harvard. However, using a GA to drive a more intelligent cryptanalysis that has partial results *would* help. It seems that cryptanalysis benefits from human assistance due our excellent abilities at recognition of partial solutions. Because of this, a GA could help automate the cryptanalysis process. (My knowledge of cryptanalysis ends at the Enigma machine breaker cbw (crypt breakers workbench in comp.sources.unix archives) which uses an interative process where partial results are visible and are used to guide new guesses. The Enigma machine does state-machine substitution, but no diffusion/mixing/scrambling; lack of the latter makes visual recognition much simpler. Since DES uses scrambling, I'm not sure whether partial results are possible.) > I recall reading (I think in Sci. Am.) that a theory under investigation > now as to why nature has sexual reproduction as part of its repertoire > is that this gives a solution-seeking population a better opportunity to > located spikey solutions. Crossover of the genome is the key part of "avoiding hill-climbing" and it the key ingredient to Holland's proof of a super-linear speedup (thus "violating" Amdahl's Law of parallelization never attaining a linear speedup) otherwise known as implicit parallelism. Holland's proof of this in the '70s opened up research in GAs because of this attractive feature. [Note that it requires certain assumptions about independence and stasis of the bits in the genome to make the proof tractable, but the hope is that this will still be useful for real problems.] Paul E. Baclace peb at procase.com From szabo at netcom.com Fri Aug 20 15:11:17 1993 From: szabo at netcom.com (Nick Szabo) Date: Fri, 20 Aug 93 15:11:17 PDT Subject: genetic algorithms for crypto analysis In-Reply-To: <930820165108.47c@lds.loral.com> Message-ID: <9308202210.AA17612@netcom5.netcom.com> HAHN at lds.loral.com: > [makes excellent point that given sexual reproduction, evolution > does not need continuous search space] > I don't know if such a strategy would help at all in crypto analysis, > or whether any genetic algorithm programs currently in use employ this > strategy. Sexual reproduction (aka string crossover) is the fundamental attribute of GAs that distinguish them from hill-climbing algorithms; it has been in all GAs from their invention. One of original works on the subject is now out in reprint: John Holland's _Adaptation in Natural and Artificial Systems_, MIT Press. Crossover doesn't allow magic teleportation directly to the needle in the search space haystack. GA leaps over gaps where the "crossover Hamming distance" is small, but the space need not be continuous. Cryptanalysis where one can gain clues, partial solutions, etc. and compose these into better solutions, might be amenable to GA. If you can say "solution A is better than solution B" with an algorithm, it's a good candidate for solving with GA or GP (genetic programming, which works on trees instead of strings). Nick Szabo szabo at netcom.com From hkhenson at cup.portal.com Fri Aug 20 15:16:47 1993 From: hkhenson at cup.portal.com (hkhenson at cup.portal.com) Date: Fri, 20 Aug 93 15:16:47 PDT Subject: Traveller's Checks... Message-ID: <9308200938.2.14364@cup.portal.com> Not that this is really relevant . . . but I remember an article on traveller's checks that a significant percentage of them are *never* cashed. Talk about float! Keith From klbarrus at owlnet.rice.edu Fri Aug 20 15:17:04 1993 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Fri, 20 Aug 93 15:17:04 PDT Subject: KOH virus (long) Message-ID: <9308202211.AA08607@flammulated.owlnet.rice.edu> -----BEGIN PGP SIGNED MESSAGE----- Fellow cypherpunks, While I am woefully behind in cypherpunks mail, at this time I wish to pick the discussion on the potassium hydroxide program. I beleive this is relevant to the list, so I'm posting to the list. So as to not try everybody's patience, my own personal opinions and experiences are contained in a section so delimited toward the end. Also, some concerns brought up previously are also contained in their own section, before my opinions. So you can stop reading at any time :-). In summary, I am posting this because I intend to post KOH code when it becomes available. The feelings expressed about this may very well affect the future of the list. In fact, I may post to virus-l because it has come to my attention the topic has surfaced there as well. And I know that anti-virus professionals are always interested in the facts of any matter. A few people have requested copies of the program from me, and I know of at least one person actively working on a disassembly. I mention this partly in an effort to mentally prepare some people on this list for an event that is certain to happen in the future: the posting of KOH source code. I say this: when a disassembly of the program becomes available, if I receive a copy, I fully intend to post it to this list. I would like to point out the charter of this list includes the phrase "Cypherpunks write code." As we all know software development is a time consuming process and thus not many programming projects are discussed, due to complexity, time constraints, slow development, etc. One such project a few list readers expressed interest in was the so called "CryptoStacker" project - a program which would funtion very much like Stacker does (it automatically compresses and uncompresses disk drives) except the CryptoStacker would automatically encrypt and decrypt. Suddenly, a program which claims to do all this surfaces. KOH claims to install itself, encrypt and decrypt with IDEA and an unspecified quick algorithm, and uninstall from the hard drive on request. The author explicity states he intends no maliciousness, and will even accept bug reports and perform patches. How then can we ignore such a program? Now the author called his program a "virus", a word that is treated with near hysteria by some. I don't give a damn if the author calls his program a virus, a program, an automatic encryption program, Pretty Automatic Privacy, a universal Turing machine, or a duck-billed platypus. The fact is this program fill the need of many users, or may advance the state of art in automatic encryption programs. It most certainly will be helpful to see IDEA implemented in assembly - perhaps this could be used to many advantages, in PGP, other packages, etc. A bit of the disassembly has been performed - and apparently the program installs itself in memory, hooks various interrupts, and installs itself on floppies, marking off sectors as bad. I don't know how Stacker 3.0 stacks floppies to make them portably uncompressable (that is, you can stack a floppy, and still use it on a system that doesn't run Stacker), but it is clear it must reserve part of the disk as being used, at least to contain the decompression routines. It is also clear that Stacker installs itself into memory, and hooks various interrupts to compress/decompress on the fly, like KOH does. If this is too close to viral activity, then I ask the anti-virus professionals exactly how did you expect a program of this nature to work? How can a program like stacker funtion if it doesn't hook interrupts, install into memory, and place certain routines on floppies? Answers to these questions may direct efforts and work in another direction more pleasing to some. Now, I'm not going to waste my time looking for an official anti-virus community sanctioned example of a program which does the above. KOH is here, and we may learn and benefit from it. PREVIOUS CONCERNS Some people wrote in objections to the list about the KOH "virus". So as to diffuse a potentially emotional situation, I am not crediting the original authors, and am paraphasing their statements. One person expressed concern that all viruses carry potential for damage, and that a legitimate program would be better. 1) Yes, viruses carry potential for damage. But the author of this one states he intends no malicious behavior. * perhaps somebody could enlighten us as to how a program like stacker or KOH is supposed to work in "legitimate program" form. Both programs must obviously hook DOS systems calls, install into memory, and place "undoing" routines on floppies. * not to insult anyone, but to imply that only viruses carry potential for damage is a pretty outrageous selective use of facts. PKZIP and PGP both had bugs which caused lost data, and even DOS itself has a buggy CHKDSK command. {at this time I would like to apologize profusely to Phil Karn, Hal Finney, Derek Atkins, Edgar Swanks, Phil Zimmerman, and anybody else involved in PKZIP, PGP, or creating software in general. The people devote hours of their time and expertise towards programs which help thousands of users; I am not poking fun of anybody or blaming them or anything like that. I just wish to point out that modern software is complex, configurations are uncountable, and that despite the best efforts, mistakes are made. Fortunately, most are caught quickly and corrected. I don't think anybody can expect perfection.} Another person expressed concern that the software comes with no explanation of ramification. 2) Well, I have some interesting news: no software does. In fact, after checking the manuals for every piece of commercial software I could find, I discovered that all software comes with two disclaimers: 1) The manufacturer does not guarentee the software even works 2) The manufacturer disclaims all damages So perhaps those who wish such promises from a public domain encryption program are expecting a lot given that there isn't even any commercial software which does this. {interesting crypto relationship to reputation markets. The software industry is a billion dollar industry that sells products not even guarenteed to work, all damages disclaimed. How then is the industry so successful? Answer: reputations.} PERSONAL OPINIONS Well, I'll keep it brief since if you've read this far, you are probably getting tired :-) * I do not condone or encourage speading malicious code, especially to novice users. Perhaps the worst thing that viruses do is create a sense of fear among people already intimidated by computers. * However, I don't see anything wrong with knowledgeable users who accept the risk sharing code. Naturally, I expect they will take responsibility for their actions and not seek to destroy anybody elses property. Keep it local, use your skill to everybody's advantage. * I think viruses are severly over-hyped. It is my deepest nightmare to one day open the paper and see the headline "Planet Earth Knocked Out of Orbit by Computer Virus!" Eventually with fancier security (operating system wise), cryptography (message digests, authentication), and research on virus scanners the problem will go to zero. Yes, I know it is impossible to have a program perfectly detect viruses. But in my own reading it seems that it is possible to have one program have no false positives (but some false negatives), and another have no false negatives (but some false positives). The combination of these two scanners would then be optimal. If this is incorrect reasoning, please let me know, with an explanation if possible. * I've lost 10 minutes of work because of the nVIR virus on the copy of CricketGraph I once used. I lost one whole week of work (2400 minutes) helping figure out why Windows, Novell, and Dr Dos wouldn't work together. Files were lost, machines crashed, device drivers kept stomping one another. The problems were fixed in bug patches from the manufacturers. So maybe my experiences were atypical, but I just can't get excited about fearing a viral attack. I am more likely to fear the commercial software I use. * Some elements of the anti-viral community seem to act in a self-serving, high priesthood mode, gathering occasionally to congratulate and agree with one another. In fact, some seem to act like the NSA: answerable to no one but themselves, seeking to censor or otherwise restrict information they deem sensitive, preferring you trust them in various matters, etc. Now, I point no fingers, make no accusations, and in no way begrudge any of these people. It's an honest living, and many people do benefit from their efforts. However, I am reminded of a favorite quote of mine: "The louder they spoke of their honor, the faster we counted the spoons." That is, the louder someone condemns viruses, the more hysteria they generate, the more vehement the accusations, the more I wonder how much $$$ this person stands to make. * That's it. Again, I say studying the KOH will benefit us. Comments are welcome at klbarrus at owlnet.rice.edu. However, I am a full time student once again; classes being Monday so I will probably take a while to respond. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLHVHJIOA7OpLWtYzAQFw2wP+KzVc4V4Qjk8Cy3pttEyamxvU1uqhc/ae eAqetb5eGkoX8g5lnww8CpJg4ij0Cb/2WVBU4G8YgyuGIkTk4uR/flruogXQtpuP Qp1CaJ6x6BA9Q9U8M86lAgEhFCH72S+JjQ4lmwNJzmN+o/4loqd860WzbByg8diL MyntPVazLnc= =2V0I -----END PGP SIGNATURE----- From panzer at drown.slip.andrew.cmu.edu Fri Aug 20 15:21:15 1993 From: panzer at drown.slip.andrew.cmu.edu (Panzer Boy) Date: Fri, 20 Aug 93 15:21:15 PDT Subject: Anonymous IRC In-Reply-To: <9308202031.AA02041@malibu.sfu.ca> Message-ID: On Fri, 20 Aug 1993, Skye Merlin Poier wrote: > Obviously you have not used IRC much... I think this idea would be exceptionally > bad. On IRC, for those that have not used it, there are channel operators > (chops) on each channel. They have the power to kick and ban people from the > channel, if they are being abusive or exremely irritating (eg flooding everyone) > . By removing the client information, you remove the efficiency of a ban (usu > it applys the the person's userid from any machine on the same domain)... This > would make it very easy for one person in a bad mood to ruin a channel for > everyone. And believe me, there are usually serveral people of that kind on > the net. > > Perhaps you could set up your own IRC net (similar to the undernet) and have it > anonymous, but I would highly recommend against trying this on the standard IRC > net. Actually I have used IRC for quite some time. I have also noticed that most of the time there is not much of a problem in "annoying" people. Also the power of the Operator is much in question when it comes to banning people, as to how easy it is to overcome being "banned" from a channel. You make the example of how anyone in a "bad mood" can ruin the channel for everyone. This is something you have to deal with. Ask people running Anonymous Remailers, and Anonymous Posting Services. I did not intend to connect this up with the "Normal IRC Network". That would be a little rude on my part. Allowing people to become anonymous only on my server. Also I would suspect most other people who run servers would not let mine conenct to theirs. I am not trying to start up a server to be in competition with the "Normal IRC Network". I want an alternative for people who wish to talk, but don't wish their identity known. -Matt (panzer at drown.slip.andrew.cmu.edu) From collins at newton.apple.com Fri Aug 20 16:21:17 1993 From: collins at newton.apple.com (Scott Collins) Date: Fri, 20 Aug 93 16:21:17 PDT Subject: genetic algorithms for crypto analysis Message-ID: <9308202305.AA26160@newton.apple.com> >Sexual reproduction (aka string crossover) Sexual reproduction is not string crossover. Normal reproduction in a typical GA picks two individuals from the population independently with probability related to their fitness. In sexual reproduction, the pairs are constrained such that selection is not independent e.g., 'males' mate with 'females'. Sexual reproduction is one factor that dampens premature dominance of the population by a few 'great' individuals, so that search can continue on other hills, i.e. encourages diversity and thus IS good, as was previously stated, in choppier solution spaces. Also consider the dominance mechanism supported by the diploid chromosome. One reason why double-strand species like ourselves can more rapidly adapt than haploid species. Dominance protects solutions that were good once (and might be again) from being sampled to death, by holding them in abeyance (a 'recessive' trait) in a temporarily unfavorable environment. Again, this encourages diversity by dampening premature destruction of hard won solutions. Scott Collins | "Few people realize what tremendous power there | is in one of these things." -- Willy Wonka ......................|................................................ BUSINESS. voice:408.862.0540 fax:974.6094 collins at newton.apple.com Apple Computer, Inc. 1 Infinite Loop, MS 301-2C Cupertino, CA 95014 ....................................................................... PERSONAL. voice/fax:408.257.1746 1024/669687 catalyst at netcom.com From szabo at netcom.com Fri Aug 20 17:11:52 1993 From: szabo at netcom.com (Nick Szabo) Date: Fri, 20 Aug 93 17:11:52 PDT Subject: genetic algorithms for crypto analysis In-Reply-To: <9308202305.AA26160@newton.apple.com> Message-ID: <9308210012.AA04248@netcom5.netcom.com> Scott Collins discusses the contraint of crossover with the male/ female partition and dominance. This is theoretically interesting, especially to biology. I know of no theoretical proof that such constraints improve the search of choppy search spaces, and there is little empirical evidence -- this is a cutting-edge research topic. The poster who first brought up sexual reproduction was discussing it in terms of its cutting and pasting of strings: crossover. Crossover itself provides a far more general solution than simple mutating, hill-climbing algorithms; specifically GAs are better in choppy, non-continuous spaces. The empirical evidence for this is quite substantial (the literature on GAs) and there is theoretical substantiation (Holland, Goldberg, et. al.). Perhaps constraining with male/female and dominance provides even further improvement for some kinds of choppiness, as might (more generally) demes, but those are open research questions in the GA community, not immediately germane to the general question of whether GA might be useful for cryptanalysis. I'd like to hear more about the male/female partition and dominance -- on comp.ai.genetic, ga-distr, or genetic-programming which I read regularly, and are much more appropriate for discussing this issue. Nick Szabo szabo at netcom.com From Hastings at courier8.aero.org Fri Aug 20 18:21:54 1993 From: Hastings at courier8.aero.org (Hastings at courier8.aero.org) Date: Fri, 20 Aug 93 18:21:54 PDT Subject: Hardware Homebrew Message-ID: <00071B4C.MAI*Hastings@courier8.aero.org> One of those "too many Erics" wrote: > I think that designing custom hardware for sound sampling is > a waste of time, given the abundance of multimedia cards... I think we should build fluidic computers and communication links to resist an EMP attack. How better could we meet TEMPEST requirements than using water instead of electrons. None of this namby-pamby off-the-shelf baby stuff. If users can't build their own computers and write their own OS, they deserve to be crushed under a jackboot forever. ;-) > The solutions that we make should be to the greatest extent > available to all without special prerequisites. That means > that hardware should be freely purchasable, since the > resource of money is more widely available [THAN HOMEBREW]. And we're not talking beer, here. "When you've said DUFF, you've said enough." OK, buy when there is a variety of retail sources, but for something as limited as RSA for example, it is wise to use PGP. Is it unreasonable to prefer free software with source code to commercial 'ware without source code? Even for hardware that is freely purchaseable, shouldn't we review the security of any privacy solution ourselves rather than take some manufacturer's word that it's safe? I grant you a sound board isn't the most critical item. Writing device drivers for existing sound cards, as you suggest we should do, assumes that the user already has a general purpose computer system up and running. Isn't that a "special prerequisite?" The guy who started all this hoped his sampler would be "dead cheap and easy to build" but admittedly was still talking about an add-on to a PC. Computers and add-in boards seem cheap compared to automobiles, but not everyone has thousands of dollars to throw away on this junk. I can't believe that when microcontrollers are available for $1-$4 each, that we can't design a simple non-Unix, non-DOS standalone gadget for use by non-Nerds. One project we should consider is a non-proprietary hardware/software privacy product for mass consumption. I'd like to have a cheap audio sampler as part of a DVR module to record and play voice messages, spread-spectrum radio to give unlicensed users access to the airwaves, a self-configuring backbone of home radio voice/e-mail mailboxes, perhaps combining omni and uni-directional links for efficient message forwarding, and the ability of any user to transmit a message from their portable DVR transceiver to anyone's home mailbox and get a response, without any record of the message paths. Maybe this sounds really complicated, but a single CPU can do compression, generate chip bits per the spreading code (direct sequence software) to define a spread spectrum channel, select the best address for efficient message forwarding, and toast your bread in the morning. It should be mostly software, no? The 75% of the world's people who have no access to any phone service have more time than money, so homebrew hacking is one way for them to get privacy and freedom. It is illegal to BUY a 10-meter amplifier for ham radio because it may be abused by a CB operator (in the 11-meter band). But it is legal to BUILD a 10-meter amplifier for ham use. If it were illegal, and if you want it, but can't buy it, what other choice do you have? What happens when one of these HR4079, Digital Telephony, Clipper/Capstone/Skipjack proposals passes, and Cyphernacht takes place? Storm troopers will throw your nice little PC's on the ground to ruin the hard drives, and only the new, improved hard drives, with access for legitimate law enforcement needs will be sold. Like Chuck Hammill says: "If you don't learn how to beat your plowshares into swords before they outlaw swords, you'd better learn before they outlaw plowshares." Kent - jkhastings at aol.com From nowhere at bsu-cs.bsu.edu Fri Aug 20 19:41:58 1993 From: nowhere at bsu-cs.bsu.edu (Anonymous) Date: Fri, 20 Aug 93 19:41:58 PDT Subject: No Subject Message-ID: <9308210357.AA19222@bsu-cs.bsu.edu> Posted by a misguided, hysterical, raster-burned ranter: What happens when one of these HR4079, Digital Telephony, Clipper/Capstone/Skipjack proposals passes, and Cyphernacht takes place? Storm troopers will throw your nice little PC's on the ground to ruin the hard drives, and only the new, improved hard drives, with access for legitimate law enforcement needs will be sold. Storm troopers? You take this all a little too seriously. What makes you think that you and your nasty little private secrets warrent the time, money and effort of non-existant storm-troopers? From fergp at sytex.com Fri Aug 20 20:11:23 1993 From: fergp at sytex.com (Paul Ferguson) Date: Fri, 20 Aug 93 20:11:23 PDT Subject: KOH software topic Message-ID: <6F3L9B1w165w@sytex.com> -----BEGIN PGP SIGNED MESSAGE----- On Fri, 20 Aug 93 17:11:51 CDT, Karl Lui Barrus wrote - > In summary, I am posting this because I intend to post KOH code > when it becomes available. The feelings expressed about this > may very well affect the future of the list. In fact, I may > post to virus-l because it has come to my attention the topic > has surfaced there as well. And I know that anti-virus > professionals are always interested in the facts of any matter. While I may have been one of the first to "sound the alarm," let's get it straight -- up front -- that I do not condone any type of OS subversive program that conducts it's "activities" without the user's knowledge, or any code that has the potential to propogate without user's knowledge. That said, I think I qualify well enough as an "anti-virus professional," even though I don't -officially- produce any antivirus software for public consumption. In any case, I'm mano-en-mano with most of the notables in the field. > A few people have requested copies of the program from me, and I > know of at least one person actively working on a disassembly. I'd like to examine a copy myself. > I mention this partly in an effort to mentally prepare some people on > this list for an event that is certain to happen in the future: the > posting of KOH source code. I say this: when a disassembly of the > program becomes available, if I receive a copy, I fully intend to post > it to this list. Words escape me at the moment -- perhaps its all those damned Mooseheads... > I would like to point out the charter of this list includes the phrase > "Cypherpunks write code." [Mooseheads-kicking-in mode] "Cypherpunks write code" should be expanded (in fact, it -is- expanded, to a certain extent) to include beneficial vs non-beneificial software. But what delineates the two? This is a -very- touchy subject. "Subversive software," is a term which I use to demonstrate the properties of software which spoofs someone, in one way or another. Viruses do this, especially what we call "stealth" viruses, because of their ability to spoof the operating system. "Subversive software," in the terminolgy of KOH may be something else entirely, but any software that marks sectors bad on my disks without my permission automatically falls into the clssification of "unwanted" or "bad" software. Perhaps I don't understand or haven't familiarized myself enough with this software, but it sounds ominously like some timebomb which harbors the potential to hose the user at any given time. IMHO, this sounds like badware, but I would have to examine it further, under a debugger. > As we all know software development is a time consuming process and > thus not many programming projects are discussed, due to complexity, > time constraints, slow development, etc. One such project a few list > readers expressed interest in was the so called "CryptoStacker" > project - a program which would funtion very much like Stacker does > (it automatically compresses and uncompresses disk drives) except > the CryptoStacker would automatically encrypt and decrypt. > Suddenly, a program which claims to do all this surfaces. KOH claims > to install itself, encrypt and decrypt with IDEA and an unspecified > quick algorithm, and uninstall from the hard drive on request. The > author explicity states he intends no maliciousness, and will even > accept bug reports and perform patches. How then can we ignore such > a program? Firstly, by not jumping the gun. Secondly, by examining the software extensively. Thirdly, by making an honest analysis of its merits, its pitfalls and its contentions. All in all, if all it does is actively encrypt and compress, then it is certainly non-threatening to the general public. If it does otherwise, or has some odd caveats, the it needs to be advertised "up front." Now, don't get ne wrong -- I don't condone someone posting a debug script on the net and saying "This may hose your system," knowing full well that it will do exactly that! Comments? -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBLHWMTJRLcZSdHMBNAQF4EAQAmCtz1LYKZmh21UJcyZ5K3UuVv5rJ+4c/ L3K8oYjnqFevBQvjYBgiXIMqglxvu6R4XKXRAOXHLvUeUIHZk/3Da8UrfWbDyR14 ds72gn+5l/XldKw60DvJPuFJFvsjcYigNrvnVwMbzgUbpkN8zsi6Rfy85AfeclfG AzfnMlO+cQc= =QK5G -----END PGP SIGNATURE----- Paul Ferguson | "Government, even in its best state, Network Integrator | is but a necessary evil; in its worst Centreville, Virginia USA | state, an intolerable one." fergp at sytex.com | - Thomas Paine, Common Sense Type bits/keyID Date User ID pub 1024/1CC04D 1993/03/15 Paul Ferguson Key fingerprint = EE D2 93 7D 04 6D C6 05 AC 36 AD 9D 8E 4F 41 58 From anton at hydra.unm.edu Fri Aug 20 21:31:24 1993 From: anton at hydra.unm.edu (Stanton McCandlish) Date: Fri, 20 Aug 93 21:31:24 PDT Subject: ONE BBSCON Message-ID: <9308210542.AA19653@hydra.unm.edu> Well the time draws near. My offer to distribute anti-clipper, and pro-CP flyers, at my expense, still stands, but I don't have time to write up the material. If anyone has any good, one-page, flyer material for this effort, please mail it to me directly, and soon. Mon. will be the cut- off, as I leave Tue morn (Aug. 24) Again, send this by pvt. mail please, I've got the list turned off temporarily (to get elm's filtering working, but it refuses to cooperate, so I may just give up on that. Just doesn't seem to do ANYTHING, it just sits there when the filter command is executed. ) -- Stanton McCandlish * Space Migration * Networking * ChaOrder * NO GOV'T. * anton at hydra.unm.edu * Intelligence Increase * Nano * Crypto * NO RELIGION * FidoNet: 1:301/2 * Life Extension * Ethics * VR * Now! * NO MORE LIES! * Noise in the Void BBS * +1-505-246-8515 (24hr, 1200-14400, v32bis, N-8-1) * From bill at twwells.com Fri Aug 20 21:57:02 1993 From: bill at twwells.com (T. William Wells) Date: Fri, 20 Aug 93 21:57:02 PDT Subject: In-Reply-To: <9308210357.AA19222@bsu-cs.bsu.edu> Message-ID: There's nothing technical here; it's a political rant, though more or less related to the list topic. In article <9308210357.AA19222 at bsu-cs.bsu.edu>, Anonymous wrote: : Posted by a misguided, hysterical, raster-burned ranter: : : What happens when one of these HR4079, Digital : Telephony, Clipper/Capstone/Skipjack proposals passes, : and Cyphernacht takes place? Storm troopers will throw : your nice little PC's on the ground to ruin the hard : drives, and only the new, improved hard drives, with : access for legitimate law enforcement needs will be sold. : : : Storm troopers? You take this all a little too seriously. : What makes you think that you and your nasty little private : secrets warrent the time, money and effort of non-existant : storm-troopers? Well, in the finest of Usenet tradition :-), let me ask: What would have made a Jew think that innocent, innocuous little him would warrant the time, money and effort of non-existant storm- troopers? Other than, that is, that the storm-troopers were real and they had already gone after lots of people just like him.... To answer the question, though: once the law enforcement folks decide to make unapproved cryptography illegal, they *will* use it, not only for the purpose it's intended, as bad as that is (and, remember: *anyone* no matter how small, can serve as an example to deter others), but as an excuse for various and sundry invasions and seizures. I draw your attention to RICO, forfeiture laws, the use of traffic tickets for police funding, Steve Jackson Games, not to mention the rather dramatic destruction of our civil liberties attendant (not at all coincidentally) on the so-called Drug War. One lesson of history is quite clear: governments have an absolute tendency to misuse their power. Furthermore, the further the misuse has progressed and been accepted as "normal", the harder it is to stop, or reverse. I could go on and on but the bottom line is that any attempt by the government to exercise prior constraint on either the content *or* methods of communication, as the latter entails the former, must be absolutely rejected and without consideration for utilitarian or other similar arguments. Ultimately, the free flow of information is the only constraint on government. From hfinney at shell.portal.com Fri Aug 20 22:52:01 1993 From: hfinney at shell.portal.com (hfinney at shell.portal.com) Date: Fri, 20 Aug 93 22:52:01 PDT Subject: anonymus@charcoal.com is going away Message-ID: <9308210316.AA16687@jobe.shell.portal.com> It does not really surprise me that Kleinpaste is shutting down his server. He always seemed to be a weak supporter of anonymity, IMO. I remember how he was one of the loudest complainers when the contro- versy arose over Julf's anonymous remailer. This is how I would have handled the situation. If the sysop of this system sent mail to me (he couldn't get my phone number, I don't think), asking whether so-and-so sent mail to such-and-such, I would only be able to say, "I haven't the faintest idea." I don't keep logs, and one of the reasons I don't is so that I have no expectation of being able to answer such questions. What I would then do is to ask the sysop for the addresses which are receiving the objectionable mail, and I would add them to my "blocked" list, so that my remailer would no longer send mail to those individuals. They would then have no more reason to complain to me. All mail from my remailer includes a header message telling people that they should complain to me if they get objectionable mail. In the several months that I have been running my remailer, only one person has asked to have his name blocked. Parenthetically, this incident shows the value of remailers which add some delay to the message forwarding process. This would then make it harder to correlate the arrival of anonymous mail with the transmission of mail from a particular user. Hal Finney hfinney at shell.portal.com From felix at hu.se Sat Aug 21 00:11:25 1993 From: felix at hu.se (Felix Ungman) Date: Sat, 21 Aug 93 00:11:25 PDT Subject: Key Mgmt GUI Message-ID: <199308210824.AA01679@mail.swip.net> I'm designing a (public) key managament utility. I have no experiense with cryptography, but I have worked much with GUI design. Please let me know your opinion on the following questions. 1 - Is the key/keyring methaphor the easiest one to understand (both respect to encryption and signatures)? Is there another better methaphor, such as users (instead of keys) having a public and a secret id. For example, Apple OCE uses the notation of signer objects instead of keys. 2 - Each keyring is naturally stored as a file. The obvious way to view a keyring is to show a list of all keys in it. How much information should be visible in the list, and how should it be presented (so that the user can navigate thru very large keyrings)? Should the list include certificates? If not, how are they managed. 3 - How should key pairs be treated? Should a user's public key be "associated" with his secret key (and maybe stored together)? Should it be possible to mix public and secrets keys in a keyring? Is it neccesary to have a secret key ring when there's only one secret key? ---------------------------------------------------------------------- - RealName: Felix Ungman InterNet: felix at hu.se AppleLink: SW0358 - - Felix gor det goda godare! - ---------------------------------------------------------------------- From greg at ideath.goldenbear.com Sat Aug 21 00:31:25 1993 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Sat, 21 Aug 93 00:31:25 PDT Subject: building a sound sampler for cryptophone application... Message-ID: uunet!an-teallach.com!gtoal (Graham Toal) writes: > In article <9308201757.AA04239 at soda.berkeley.edu> hughes at soda.berkeley.edu wr > > That said, I think that designing custom hardware for sound sampling > > is a waste of time, given the abundance of multimedia cards that > > already work. > > Yes, but have you ever tried to drive them from a C program? From the > scanty docs I got with my Soundblaster, I wouldn't know where to start. Sorry I can't provide an exact pointer, but there's a whole newsgroup about it. It *might* be alt.sb.programmer, but I don't actually have a soundblaster, and hence didn't pay a lot of attention. A friend of mine has done quite a bit of soundblaster programming (more about music generation than accepting sound input, tho) and I'll track down the newsgroup name if anyone cares. > Oh, and multimedia cards are pretty expensive. This will cost maybe $25 > at most. It's the sort of thing that once designed, hardware-inclined > cypherpunks could hack up dozens of at home and pass them on at > conventions like HoHoCon or the one we just had in the Netherlands... Soundblaster clones are (I'm certain) available for $50 retail and I think I've seen them for $35 wholesale. I can find a reference for the retail price, am less sure where I saw the reseller price. None of my comments here are intended to dissuade Graham's uncle from building something useful - I do think it'd be nice to have a public domain (or shareware?) design for a hardware device useful in this context. It is reinventing the wheel, but if the reinvention is (a) fun to do, and/or (b) publicly distributable, it doesn't sound like wasted effort to me. -- Greg Broiles greg at goldenbear.com Golden Bear Computer Consulting +1 503 342 7982 Box 12005 Eugene OR 97440 BBS: +1 503 687 7764 From bart at netcom.com Sat Aug 21 02:32:14 1993 From: bart at netcom.com (Harry Bartholomew) Date: Sat, 21 Aug 93 02:32:14 PDT Subject: soundcard programming Message-ID: <9308211050.AA19749@netcom5.netcom.com> In addition to ALT.SB.PROGRAMMER another useful Usenet group is COMP.SYS.IBM.PC.SOUNDCARD. From the latter comes a FAQ listing various sources of software and documentation. It is found at rtfm.mit.edu in the /pub/usenet/news.answers/PCsoundcards directory called generic-faq. From gg at well.sf.ca.us Sat Aug 21 02:41:31 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Sat, 21 Aug 93 02:41:31 PDT Subject: "Clipper" in Norway (FYI) Message-ID: <93Aug21.035956pdt.14389-3@well.sf.ca.us> Okay, here comes a test case. Can enough copies of PGP and other decent crypto get circulating in Norway, and posted on public-accessible terminals (in bookstores and so on, perhaps with an attendant or coinbox to cover telephone charges), and posted on every university machine and anywhere else that seems useful, to prevent the Clipper-or-else law from being passed...? If it passes, are there enough people willing to do civil disobedience to get the law overturned in the courts...? Precedent is contagious. Even internationally. If the nasties get away with it over there, it's just an incentive for their colleagues everywhere else to try more of same. Does anyone here know the status of the crypto scene over there, in terms of how many people involved, how many using good crypto, how many will hop on the bandwagon if things get worse...? -gg From cme at ellisun.sw.stratus.com Sat Aug 21 07:02:24 1993 From: cme at ellisun.sw.stratus.com (Carl Ellison) Date: Sat, 21 Aug 93 07:02:24 PDT Subject: genetic algorithms for crypto analysis Message-ID: <9308211614.AA07811@ellisun.sw.stratus.com> The problem I see for finding spikes is that this is still a brute force approach. The advantage that biological populations have is in growing new test processors exponentially, so that there is a chance to attack something which is merely exponential. An algorithm or breaking method which helps against modern cryptosystems would have to turn the spikes into gentle hills by some sort of mapping of the problem space. Biological attack machines would still run up against limits (e.g., the amoung of carbon in the solar system), so we have to spread the spikes. In fact, we have to spread them over the whole space since enlargement of the key space can take a gentle but limited-width hill and make it look/act like a spike. From jrk at sys.uea.ac.uk Sat Aug 21 07:21:39 1993 From: jrk at sys.uea.ac.uk (jrk at sys.uea.ac.uk) Date: Sat, 21 Aug 93 07:21:39 PDT Subject: anonymus@charcoal.com is going away Message-ID: <7933.9308211638@zen.sys.uea.ac.uk> Hal Finney writes: >What I would then do is to ask the sysop for the addresses which are >receiving the objectionable mail, and I would add them to my "blocked" >list, so that my remailer would no longer send mail to those individuals. >They would then have no more reason to complain to me. It seems unsatisfactory for people to have to accept either all mail from the remailer or none. Can you not allow recipients to block mail only from specific ids? The sender of the mail can probably arrange to send from a new id instead, but they're unlikely to if they're not told that their mail was refused by the recipient. -- ____ Richard Kennaway __\_ / School of Information Systems Internet: jrk at sys.uea.ac.uk \ X/ University of East Anglia uucp: ...mcsun!ukc!uea-sys!jrk \/ Norwich NR4 7TJ, U.K. From gnu Sat Aug 21 08:57:30 1993 From: gnu (John Gilmore) Date: Sat, 21 Aug 93 08:57:30 PDT Subject: Cracking & auditing crypto protocols In-Reply-To: <9308190206.AA16644@netcom.netcom.com> Message-ID: <9308211555.AA14075@toad.com> > * A "cracker's guild" to break weak cryptography and publicize > the cryptanalysis algorithms (cf. the Word Perfect crypto cracker), > forcing the weak crypto off the market. For example, if > NetCash was deployed this organization would crack it. This > organization might be funded anonymously by those selling strong > crypto (who have an incentive to debunk their competitor's hype). The person who built the standard "network license manager" for Unix (flexlm) has offered us cypherpunks access to the protocol if we'll try to crack it. > * A formal Crypto Auditing Agency that would verify the algorithms > and protocols were secure, without revealing trade secrets. > My next statement may cause hisses & boos, but I think the recent > Crypto-Auditing of Clipper by Denning and other eminent > cryptologists will be a model widely applied in the commercial > computer security business. The auditors should be > able to examine the source and run the programs without revealing > trade secrets. The auditing may indeed be duplicated. By marketing departments, and for the same reason as the Denning auditing -- marketing. Solely. There is no way that the selected group of people could crack a half-reasonable cryptosystem in a few weeks. Real Cryptanalysts spend months and years working on cracking cryptosystems, and none of the panelists was a Real Cryptanalyst. We had all the details of DES, and it took 15 years to make a dent in it. But they fooled you -- and maybe a lot of other people -- so there *is* a function for such review panels. Sponsoring one is a way to convince innocent spectators who don't know better. Marketing. John Marketing Dept, Cygnus Support From bill at twwells.com Sat Aug 21 11:37:36 1993 From: bill at twwells.com (T. William Wells) Date: Sat, 21 Aug 93 11:37:36 PDT Subject: mail header parser? Message-ID: I'm in the process of updating my anonymous server. Up till now, I've relied on a really brain-dead parsing of the mail headers. This is good enough essentially all of the time; it may even be good enough all of the time (on the theory that those addresses it rejects violate de facto standards even if they don't violate de jure ones). Nonetheless, if there is a simple *and* correct mail header parser (Internet and uucp-style), I'd appreciate a pointer to it. Ya know, I *hate* testing sometimes. Eventually I want to release this thing but I want a test suite to go with it -- and I think the damned suite will be bigger than the server! From karn at qualcomm.com Sat Aug 21 11:41:46 1993 From: karn at qualcomm.com (Phil Karn) Date: Sat, 21 Aug 93 11:41:46 PDT Subject: Cracking & auditing crypto protocols In-Reply-To: <9308211555.AA14075@toad.com> Message-ID: <9308212112.AA24046@servo> >There is no way that the selected group of people could crack a >half-reasonable cryptosystem in a few weeks. Real Cryptanalysts spend >months and years working on cracking cryptosystems, and none of the >panelists was a Real Cryptanalyst. We had all the details of DES, >and it took 15 years to make a dent in it. I knew one of the panelists, Ernie Brickell, when we were both at Bellcore. Of the five, he's probably the only one with claim to the term Real Cryptanalyst, as we usually define the term (someone with a proven track record in cracking real cryptosystems.) He is generally credited with putting the final nail into the coffin of the knapsack public-key cryptosystem. I was very disappointed when I heard that he had agreed to let himself be used for such a crass political purpose as the Clipper Committee. Other than this minor point, your statement is absolutely correct. The best known Real Cryptanalyst in civilian life, Adi Shamir, wasn't involved, and even he took fifteen years to make the first dent in DES. Phil From khijol!erc at apple.com Sat Aug 21 11:47:34 1993 From: khijol!erc at apple.com (Ed Carp) Date: Sat, 21 Aug 93 11:47:34 PDT Subject: Cracking & auditing crypto protocols In-Reply-To: <9308211555.AA14075@toad.com> Message-ID: > There is no way that the selected group of people could crack a > half-reasonable cryptosystem in a few weeks. Real Cryptanalysts spend > months and years working on cracking cryptosystems, and none of the > panelists was a Real Cryptanalyst. We had all the details of DES, > and it took 15 years to make a dent in it. That's one of the strongest points in favor of crypto in wartime, for example. The usefulness of a cryptosystem is not just a function of its resistance to attack, it is also a function of how long it *has* to resist attack. For example, if the Nazis had broken a message regarding D-Day, encrypted with a cipher in such a way that if the message were compromised it wouldn't compromise the system itself, it wouldn't matter when they broke it, as long as it was after June 4, 1944. After that time, it's useless, and many messages during tactical operations have an effective lifetime of days, if not hours. -- Ed Carp, N7EKG erc at apple.com 510/659-9560 anon-0001 at khijol.uucp If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From khijol!erc at apple.com Sat Aug 21 12:12:43 1993 From: khijol!erc at apple.com (Ed Carp) Date: Sat, 21 Aug 93 12:12:43 PDT Subject: mail header parser? In-Reply-To: Message-ID: > I'm in the process of updating my anonymous server. Up till now, I've relied > on a really brain-dead parsing of the mail headers. This is good enough > essentially all of the time; it may even be good enough all of the time (on > the theory that those addresses it rejects violate de facto standards even if > they don't violate de jure ones). > > Nonetheless, if there is a simple *and* correct mail header parser (Internet > and uucp-style), I'd appreciate a pointer to it. > > Ya know, I *hate* testing sometimes. Eventually I want to release this thing > but I want a test suite to go with it -- and I think the damned suite will be > bigger than the server! Uh, I hate to say this, but why not use the one in sendmail or smail? Of course, you *could* write your own parser... ;) -- Ed Carp, N7EKG erc at apple.com 510/659-9560 anon-0001 at khijol.uucp If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From markh at wimsey.bc.ca Sat Aug 21 12:13:02 1993 From: markh at wimsey.bc.ca (Mark C. Henderson) Date: Sat, 21 Aug 93 12:13:02 PDT Subject: Cracking & auditing crypto protocols Message-ID: > > The person who built the standard "network license manager" for Unix > (flexlm) has offered us cypherpunks access to the protocol if we'll > try to crack it. My experience with network licence managers suggests that most of them are more or less a joke in terms of security, anyway. Whether this is due to the underlying licence software and protocols used in that or poor integration on the part of the vendor, I don't know. I did some investigation of this, a while ago, from the point of view of designing something more secure than the currently available schemes. I don't need to say it in this forum, but there is a long history of people coming up with schemes for various types of security where the designers claim a certain level of security that they don't actually achieve. Licence enforcement software is also prone to this type of thing. Mark -- Mark Henderson markh at wimsey.bc.ca (personal account) RIPEM key available by key server/finger/E-mail MD5OfPublicKey: F1F5F0C3984CBEAF3889ADAFA2437433 From gtoal at pizzabox.demon.co.uk Sat Aug 21 12:17:36 1993 From: gtoal at pizzabox.demon.co.uk (gtoal@gtoal.com) Date: Sat, 21 Aug 93 12:17:36 PDT Subject: Some idle comments on speech over data... Message-ID: <9308202113.AA16085@pizzabox.demon.co.uk> A little bit of context first, since this message is going out to two lists to save me explaining things twice: I posted on the cypherpunks list recently about a little hardware hack I had planned, asking for technical help (which I received - thanks, to those of you who sent schematics etc!) I also received a few mails from people who didn't know the background to what I was doing, who thought it was a fairly worthless exercise. So rather than explain again to everyone individually, I'll make this post to cypherpunks for everyone who is interested. Now, there's a second list I'm on - netphone at moink.nmsu.edu - which was set up some time ago as a discussion group for people working on various independent projects to do with speech over data, mainly so that we could get together and swap notes. The group went rather quiet a few months back after a post from Henning Schulzrinne telling us about nevot - a speech over internet project, that seemed pretty well advanced - so we all thought 'fine, this is being taken care of, there's less urgency for us to hack something in a hurry'. Also at the time there was a lot of talk about various people working on secure speech over modems using either the Zyxel modem with built-in codec, or using soundblaster cards. Unfortunately none of the people working in this area would stand up and be counted - all you'd hear would be pgp mail saying 'don't worry, it's happening, be cool, shut up, and don't rock the boat in public...' - for some reason the guys on this project seemed more paranoid than most. (The netphone group by the way was about *voice* over *net* - if someone happened to add encryption later, fine, but it wasn't in the groups stated goals, so we were all pretty open about what we were doing ourselves...) As far as i can see, nothing has actually happened on any of those secret projects - i suspect the problems were too difficult, or the kids doing them were just all talk. Anyway, nevot looked like the way things were going to happen - except that when you actually fetched the code, you discovered that unless you had hardware support, none of the sound compression schemes gave good enough performance for real-time speech over v32bis, especially since you also had the overhead of slip or ppp. And it was *very much* a Unix program, it'll take a long time to port it to DOS I suspect, yet DOS (unfortunately, but it's a fact of life) is what most of the harware out there is running... - very few of us can afford high-powered private sparcs, or 64K comms, which is what nevot et al need. (by 'et al', I actually mean Van Jacobson's 'vt', though I haven't actually seen that program yet, if it exists; I'm not sure of any other compressed-speech over net programs. 'netfone' isn't compressed and needs an ethernet) So, the situation is that we have a nice bit of research done on protocols and necessary housekeeping stuff like network lag recovery etc, and silence detection, but no systems that run on cheap hardware or v32bis modems, which many more of us have access to than networked unices. Well, one big problem now seems to be solved: Tony Robinson (on the netphone list; don't think he's a cypherpunk - pops up in comp.speech now and then) has written a new piece of ADPCM code with some new algorithms of his own, and he gets 8 bit sample -> 3 bits of compression with it, which is pretty damn good, but even better than that it's *fucking fast*... - orders of magnitude faster than real-time. Anyone who has played with the GSM 'toast' program or the CELP demo thats around somewhere will appreciate what that means... And of course the compression is sampling rate independent. So I reckon that taking something like /dev/audio's 8000s/sec and just averaging successive samples down to 4000s/sec will give us a baud rate that fits very nicely into v32bis, thank you very much. And I know that 4000s/sec is adequate for speech because I've run experiments and tried it - trivial linear interpolation between samples to scale it back up to 8000s/sec, and out to /dev/audio, is perfectly intelligible. Not *great*, but intelligible. I've passed this info on to Henning for nevot, if he's willing to try it, though I haven't received a reply. It's quite possible one of us is having mail problems. If there are any other nevot hackers here, and you want to have a go yourself, Tony's code is available from svr-ftp.eng.cam.ac.uk:comp.speech/sources/shorten-2.alpha.2.tar.Z I really urge anyone experimenting with sound compression to try it. Now, the next news: I told cypherpunks that my old uncle, who was an *electrical* engineer in the coal mines (ie high voltage stuff etc) is now taking night classes in electronics, just for fun - and was talking with me recently about suggestions for projects for his class... they're a bit short of ideas, and I'm *never* short of ideas :-) [so far they've been doing silly stuff like doorbell chimes, or a detector for finding mains cables in walls] So I suggested that he builds a cheap sound sampler that I can plug into the netphone project... Well, lots of people wrote to me saying that this was wasted effort since a mass-market solution should be based on available kit like a soundblaster. To which I don't disagree - it should, and it will; it's just that the old guy is going to build *something* and I'd rather it was useful. [Thanks to all the people who suggested various ISDN codecs by the way, and gave info on driving PC ports - any more info is still welcome. Faxes of datasheets wouldn't go amiss either! - it's hard for me to get that sort of stuff...] *but*... the scheme I'm going to use this sampler in *is* amenable to a mass-market solution. The netphone people have heard this already, but here it is again for the cypherpunks: <<<< start of repost from netphone list from 3 or 4 months ago: : OK, here's the philosophy... we should have separate bits of hardware for : each identifiable task, and string them together like unix pipes. That way : we minimise CPU overhead *and* allow any individual task to be replaced : by any hardware/software combination we already have that does the job. : : Specifically, I'm thinking of this: : : A) A cheap digitiser as suggested earlier. This has a mic socket for your : average cheap microphone as with any cassette recorder, and a parallel port : output that's compatible with bi-directional printer ports such as the one : on the IBMPC. In the middle is an a2d. Maybe uLaw, maybe not. : : B) We have a compression board that has a parallel input port (getting data : from the above) and a serial output port. In the middle is either a CPU : or custom hardware. Doesn't matter. : : C) We have a crypto board which has a serial input port and a serial output : port. In the middle is a CPU. Almost anything will do. : : With these, we can build any system we like. The three products are : independent, thus letting us develop them in parallel, and (C) is probably : just your own computer anyway. If you've got a really beefy CPU, all three : might be real unix software pipes... : : The compression board can be either a micro running ADPCM (like shorten V2) : or a DSP as discussed. I'd say we try both - you now have *all* the spec : you need to build it: centronix interface parallel in, taking bytes at : 8000/sec, and rs232 out, writing data at 9600bps. (leaving bandwidth for : network layer over v32bis slip or ppp...) Again, if you have a spare : machine, you could simply use a PC for this task as well. Would have to be : your best one, but fast 486's will cope with some of the good compression : schemes mentioned. : : The crypto board is an optional extra that doesn't affect the design of the : rest of the system at all and needn't be discussed. If you're a PC user and : don't have the CPU for crypto as well as everything else you're doing, borrow : another PC and have it run as a filter reading from COM1 and writing to : COM2... PCs are cheap and lying around all over the place. Or *any* old : computer you have with two serial ports. An Amiga or whatever old junk : you thought you'd never use again... : : So, in summary: you could implement this with existing kit *now* using : 1 average sparc for the 8000K samples, one good PC for the high-quality : compression, and one average PC for a crypto filter. Then feed the output : into your internet machine (in my case, another PC talking SLIP down a : v32bis modem) ... and then you replace the computers one by one as : you build the custom devices. : : Pipelined parallelism is the way to go folks. I'm convinced this is : the best way to get this project started. And the modular approach will : be really attractive to home hackers who get the design off the net or : more likely a magazine... not too much to get working at once - keeps them : interested. Hey *there's* a thought! Whatever happened to Steve 'Circuit : Cellar' Ciarcia? A three-part hardware series in Byte synchronised with : articles on Clipper and 'how you can do it yourself' :) would be one hell : of a coup... Anyone got good contacts at Byte? : : Graham : : PS *Do* we have any electronics hackers here, or should I go recruiting...? : PPS Speech *output* left as an exercise for the reader :) >>>>> end of repost Since then, I've thought about the detailed design of the sampler part, and that's what I'm going to ask my uncle to build. In fact, I just went out and bought the $7 microphone today, and the kit box :-) For the benefit of the netphone list who didn't see my cypherpunks post, and to give a bit more detail to the c-p's who suggested there were fatal flaws in what i was thinking about, here's the hardware plan: There's a cheap microphone, and a d2a and a parallel port, and a timer. The PC reads from the printer port and fetches a byte when the status byte says 'ready'. The PC does *not* have to do accurate timing, or work under interrupt - all it has to do is make sure it's dealt with the sample before it's time for another one. The sampler hardware does the 8000/sec (or more likely 4000/sec, switchable) timing, and doesn't say 'data ready' after a read until that length of time has elapsed. I chose interruptless parallel rather than interrupt-driven serial because serial would either have to do expensive on-chip compression, or drive the PC at very high speed - and I know from extensive comms experience that PCs *really* can't stand up to much over 19.2K - low-end PCs *certainly* can't. With this scheme there's virtually no overhead at all in getting the data to the cpu - it's almost an idle process. Interrupt driven parallel wouldn't be too bad either, at 4000/sec, though it does make the code harder to write. I'm very wary of predicating a project on tricky PC assembler - it can't be easy, otherwise there'd already be code (for example) to do something like getting bytes in a /dev/audio-like manner from say a SoundBlaster card. And i haven't found it yet if there is (though someone mailed me today to say he thought he had a copy of such code somewhere) Anyway, the point is that this box can be replaced by a soundblaster or by reading from /dev/audio - it's just another pipe in the series, but having a design lets us push it in some electronics magazine and get public awareness up another notch. But it's no big deal; it's not critical to the project. To the people who said it really should be serial and compressed - yes, I agree - that's the *next* box - a little micro running Tony's code that has parallel in and serial out. Or that micro can be a PC as it stands - no problem. PC's are cheap and plentiful. And the next box takes that serial stream and encrypts it. That too can be a PC, or if you have a powerful PC, make it a process on the one that did the compression. And finally the serial data can be shoved down a modem directly, or you can use vt's protocols etc and send it over the net, or the same protocols over slip and send *that* down a modem. The modular approach lets you do all sorts of things. Anyway, I was fed up with people talking about this project but never seeing anything working (except for Henning's laudable efforts - shame about the low-end users) so I got off my butt and am doing something about it myself. If anyone else wants to join in, the tasks needing done are: * add Tony Robinson's lossy compression to nevot * get a nevot-compatible program running on DOS and Mac over SLIP (major project here, but I know at least one guy who's starting some work on a Mac project, and I want to twist his arm to make it nevot compatible rather than Mac-proprietary, if he's listening :-) ) * help me (in the next couple of weeks, since the old guy's class restarts soon) with details of chips that he can use in a sampler - I've been told that there are several 'combo codecs' or maybe isdn codecs that do almost all the work - if we can make something that's 100% data compatible (uLaw) with a Sun, so much the better! (makes for easier development cycle and testing over the internet) * make nevot baud-rate/lag adaptive so that it works when scaled down to 14.4Kbaud and below (say when modems adapt to noise and run at 9600 - no problem, adjust the sample rate to 3000s/sec or whatever as appropriate) * experiment with crude zero-crossing algorithms (the kind they used in kiddy micros 15 years ago with 1-bit speakers) to hack a *really* low baud rate fallback algorithm to add to the protocols in nevot so you can *guarantee* some speech getting through under even the worst conditions. (We're talking around 4800baud here folks... maybe even 2400 if in dire straights - there may be times when getting the info over is more important than sounding like a dying dalek...) [btw, the zero-cossing stuff is also sometimes known as 'time encoded speech'] * hack up a much cruder system than nevot, which works in half-duplex mode, for low-powered systems that can't do incoming and outgoing speech compression/decompression at once - make it a sort of old- fashioned ham-radio interface, where you do the equivalent of 'over' at the end of an utterance, and the whole lot is sent, stored, and played back at the right speed, even if transmission over the medium isn't fast enough to keep up with speech. Such a program would *guarantee* that even the world's slowest modem would still allow crypto speech, even though the interface would take some getting used to for modern kids who never had the pleasure of half-duplex comms :-) This system needn't assume any specific underlying protocol - udp, tcp/ip, appletalk, whatever - just treat the comms medium as an error-corrected byte-stream and use what's available. Ie it'll work even if all you have is a 2400bd v42 modem... Oh, and make this code *portable* - the only device dependent bit it needs is 'put byte to comms port' and 'get byte from comms port' - you shouldn't even need to poll the port to see if data is ready, if you do it properly - remember, it's half-duplex: put stuff in the protocol you invent to turn the line around... Pretend it's very fast turnaround voice-mail if that makes you feel any better about it ;-) -- That's about it for now. Actually I'm getting married in a couple of days (to another cypherpunk as it happens) so I'll be mostly off the net for two weeks, but please write if you've anything to say and I'll answer all your mail as soon as I'm back on line. thanks for reading all this! Graham PS If anyone has comments to make to everyone rather than to me, the cypherpunks list is cypherpunks at toad.com and the netphone list is netphone at moink.nmsu.edu - I recommend technical discussions to the latter and general comments or politics or questions to the former. From strick at versant.com Sat Aug 21 13:17:53 1993 From: strick at versant.com (strick -- henry strickland) Date: Sat, 21 Aug 93 13:17:53 PDT Subject: mail header parser? In-Reply-To: Message-ID: <9308212341.AA19366@versant.com> THUS SPAKE bill at twwells.com (T. William Wells): # Nonetheless, if there is a simple *and* correct mail header parser (Internet # and uucp-style), I'd appreciate a pointer to it. You might try to c-client code inside "imap" ... contact Internet: MRC at CAC.Washington.EDU Postal mail: Mark Crispin University of Washington Networks and Distributed Computing, HG-45 Seattle, WA 98195 USA Phone: +1 (206) 543-5762 FAX: +1 (206) 543-3909 or prehaps ask archie for "imap". strick From ld231782 at longs.lance.colostate.edu Sat Aug 21 15:17:49 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Sat, 21 Aug 93 15:17:49 PDT Subject: anecdote about Prodigy Message-ID: <9308220200.AA01974@longs.lance.colostate.edu> ah, the perils of surveillance & censorship... ===cut=here=== Subject: Prodigy intrusiveness causes bogus security scare Date: Fri, 20 Aug 93 19:52:17 -0700 Subject: 14-year-old's computer 'joke' sets off alarms nationwide Date: 19 Aug 93 23:51:17 GMT SEATTLE (UPI) -- A seemingly innocuous joke sent by a 14-year-old girl over a computer network didn't get any laughs at the New York City Police Department, or with the Baltimore Orioles or Kingdome officials in Seattle. In an attempt to get a rise out of her boyfriend in New Jersey, the teenager typed out a phony death threat Monday against Baltimore Orioles superstar Cal Ripkin, Jr. The young girl knew her boyfriend was an avid Orioles fan and that Baltimore was playing the Seattle Mariners in the Kingdome. But Prodigy security personnel picked up on the message in their New York headquarters and called police. They notified the Orioles and the Kingdome, where security was immediately tightened. Police staked out the address from where the message had come for 16 hours before the girl, whose parents were on vacation, returned home with her 28-year-old sister. The girl received a stern lecture, but no charges were filed. Police said she was ``very embarrassed and apologetic'' and added, ``By the time her sister got done chewing her out, that was enough.'' ------- End of Forwarded Message From emv at mail.msen.com Sat Aug 21 18:21:50 1993 From: emv at mail.msen.com (Edward Vielmetti) Date: Sat, 21 Aug 93 18:21:50 PDT Subject: (fwd) [prodigy] Am-prodigy correction Message-ID: This came over our Reuters wire - it looks like the Prodigy message in question was not a private message, but rather a message on a public forum (where Prodigy is known to monitor such things.) I wonder whether this correction is going to get press in the print media, most of which are not likely to be hip enough to be able to convey the difference to their readers (who are not necessarily likely to know or care). --Ed From: reuters at msen.com (Msen Reuters News) Newsgroups: msen.reuters.domestic Subject: [prodigy] Am-prodigy correction Date: 21 Aug 1993 20:54:46 -0400 Organization: Msen, Inc. -- Ann Arbor, MI (acct info +1 313 998-4562) Keywords: AM-PRODIGY AM-PRODIGY CORRECTION In MEDINA, Washington item headlined U.S. TEENAGER FINDS DEATH 'THREAT' HAS ITS PRICE please read in 3rd graf ...The girl told police she made the threat in a message on an electronic bulletin board... instead of ...in an electronic message. (Correcting form of transmission of message). A corrected story follows immediately. REUTER From bart at netcom.com Sun Aug 22 00:37:56 1993 From: bart at netcom.com (Harry Bartholomew) Date: Sun, 22 Aug 93 00:37:56 PDT Subject: "Secure Voice" Message-ID: <9308221120.AA11592@netcom3.netcom.com> Just received a low budget brochure from SVC offering their "Secure Voice" TM software for $250. Used with a '386 minimum, a Sound Blaster board, and a 14.4K V.42 modem they claim to do compression and DES encryption (triple DES with a '486). "You talk into your computer, the computer digitizes your voice, encrypts it, transmits it through the high speed modem over the open phone lines to the other end, where it is decrypted, and can be heard." They indicate you need one "Secure Voice" for each end so I'd guess they have it copy protected. "No BS Updates: ... As a purchaser, you are entitled to free software updates for the life of this product. We keep no records of who purchases our products, so to receive your update, send us your original disk and a SASE." Their address: PO Box 9512 College Station, TX 77842 Texas residents add 8.25%, VISA/MC add 5% From fergp at sytex.com Sun Aug 22 02:07:56 1993 From: fergp at sytex.com (Paul Ferguson) Date: Sun, 22 Aug 93 02:07:56 PDT Subject: Munged account feeding old mail? Message-ID: Am I the only one getting carbon copies of many of my own messages from someone else's munged account? 8<------------------------ From uunet!lebanon.cerf.fred.org!daemon Sun Aug 22 03:11:00 1993 From: uunet!lebanon.cerf.fred.org!daemon (FMF Mailer Version 2.03 fergp@sytex.com Paul Ferguson) Date: Sun, 22 Aug 93 06:11 EDT Subject: returned mailNIST call for Comments on "Key-Escrow" (fwd) Message-ID: Paul Ferguson | "Government, even in its best state, Network Integrator | is but a necessary evil; in its worst Centreville, Virginia USA | state, an intolerable one." fergp at sytex.com | - Thomas Paine, Common Sense Type bits/keyID Date User ID pub 1024/1CC04D 1993/03/15 Paul Ferguson Key fingerprint = EE D2 93 7D 04 6D C6 05 AC 36 AD 9D 8E 4F 41 58 From geoffw at nexsys.net Sun Aug 22 07:01:55 1993 From: geoffw at nexsys.net (Geoff White) Date: Sun, 22 Aug 93 07:01:55 PDT Subject: "Secure Voice" Message-ID: <9308221736.AA00819@nexsys.nexsys.net> Anybody know about the voice capabilities of the ZyXel class modems? I own a ZyXel 1496E which can digitize voice and also transmit voice data that has been digitized. It would be easy to first encript this stream before sending it out. The 1496E+ also support CELP (or is it (CLEP?) but that one cost about $400. (The 1496E is around $300) It also is a 14.4 K baud modem and does FAX. From julf at penet.FI Sun Aug 22 07:41:57 1993 From: julf at penet.FI (Johan Helsingius) Date: Sun, 22 Aug 93 07:41:57 PDT Subject: "Secure Voice" In-Reply-To: <9308221736.AA00819@nexsys.nexsys.net> Message-ID: <9308222122.aa04019@penet.penet.FI> > Anybody know about the voice capabilities of the ZyXel class modems? > I own a ZyXel 1496E which can digitize voice and also transmit > voice data that has been digitized. It would be easy to > first encript this stream before sending it out. Well, we use one as a phone answering machine. Our system passes on the recorded message as a MIME mail message... Julf From XXCLARK at indst.indstate.edu Sun Aug 22 15:15:14 1993 From: XXCLARK at indst.indstate.edu (XXCLARK at indst.indstate.edu) Date: Sun, 22 Aug 93 15:15:14 PDT Subject: No Subject Message-ID: <9308222211.AA24479@toad.com> fergp at sytex.com asks: >Am I the only one getting carbon copies of many of my own messages >from someone else's munged account? Nope. But I received one only, and that a bounce back from cypherpunks... Seemed to take several days to come back. >X-Delivery-Notice: SMTP MAIL FROM does not correspond to sender. >Received: from INDST (SMTP) by indst.INDSTATE.EDU (Mailer R2.08) with BSMTP id > 4801; Sun, 22 Aug 93 04:04:07 EST >Received: from nic.cerf.net by indst.indstate.edu (IBM VM SMTP R1.2.2MX) with > TCP; Sun, 22 Aug 93 04:04:06 EST >Received: by nic.cerf.net (4.1/CERFnet-1.0) id AA11147; Sun, 22 Aug 93 02:06:2 > PDT >X-Path: cerf!sdcoe!philly!lanleb!lebanon!daemon Sat, 21 Aug 93 23:45 >Received: by sdcoe DHL85510: Sat, 21 Aug 93 23:45 Version 2.2.1 18Aug93 >Date: Fri, 20 Aug 93 11:02 edt >From: daemon at lebanon.cerf.fred.org (FMF Mailer Version 2.03 19apr93) >To: xxclark at indst.indstate.edu >Subject: returned mail >Message-Id: Error: User "dhaise" isn't on lebanon >----------returned message---------- >From lanleb!philly!sdcoe!toad.com!owner-cypherpunks Wed, 18 Aug 93 02:36 >Received: by lanleb.cerf.fred.org Version 2.02 6apr93 > id DHI00002; Wed, 18 Aug 93 02:36 edt >Date: Tue, 17 Aug 93 01:24:07 EST >Ppath: lebanon!dhaise >From: XXCLARK at indst.indstate.edu >To: cypherpunks at toad.com > ... >----------end of returned message---------- > daemon lebanon 8/22/93 From bill at twwells.com Sun Aug 22 16:05:14 1993 From: bill at twwells.com (T. William Wells) Date: Sun, 22 Aug 93 16:05:14 PDT Subject: Munged account feeding old mail? In-Reply-To: Message-ID: In article , Paul Ferguson wrote: : Am I the only one getting carbon copies of many of my own messages : from someone else's munged account? Nope. I got one too. From pcw at access.digex.net Sun Aug 22 18:06:21 1993 From: pcw at access.digex.net (Peter Wayner) Date: Sun, 22 Aug 93 18:06:21 PDT Subject: Cracking & auditing crypto protocols Message-ID: <199308230106.AA11314@access.digex.net> I'm not sure whether it is fair to call Walter Tuchman a Real Cryptanalyst, but there are many reasons to suspect that he is a talented one. When he headed the IBM team developing DES, it is said (by Coppersmith) that they developed many attacks like what we now know as Differential Cryptanalysis. These contributed to their design of DES and I think it would be fair to say that the same principles could be used to assess the strength of the Clipper chip. A Mykotronix employee told me that it "Contains s-boxes and all that stuff." I don't know whether he was the one responsible for these insights back then, but he certainly was in the right place to learn alot by osmosis. -Peter From plmoses at unix.cc.emory.edu Sun Aug 22 20:51:22 1993 From: plmoses at unix.cc.emory.edu (Paul L. Moses) Date: Sun, 22 Aug 93 20:51:22 PDT Subject: Digicash Message-ID: <9308230349.AA16925@emoryu1.cc.emory.edu> >From hughes at toad.com Sun Aug 22 20:06:38 1993 >To: plmoses at unix.cc.emory.edu (Paul L. Moses) >Subject: [plmoses at unix.cc.emory.edu (Paul L. Moses): Digicash....I think] >Date: Sun, 22 Aug 93 17:06:29 -0700 >From: hughes at toad.com > >Mail to owner-cypherpunks goes to the bounce box, where it gets looked >at occasionally. Mail to cypherpunks at toad.com to send to the whole list. > >Eric > >------- Forwarded Message > >Return-Path: plmoses at unix.cc.emory.edu >Received: from emoryu1.cc.emory.edu ([128.140.1.1]) by toad.com id AA06687; Fri, 20 Aug 93 19:36:07 PDT >Received: by > emoryu1.cc.emory.edu (5.65/Emory_cc.3.4.6) via MAILPROG > id AA19400 ; Fri, 20 Aug 93 23:49:26 -0400 >Return-Path: plmoses at unix.cc.emory.edu >Date: Fri, 20 Aug 93 23:49:26 -0400 >From: plmoses at unix.cc.emory.edu (Paul L. Moses) >Message-Id: <9308210349.AA19400 at emoryu1.cc.emory.edu> >To: owner-cypherpunks at toad.com >Subject: Digicash....I think > > >I hesitate to mention this, since I have *NO* idea of any of the mathematics >behind the digicash articles you all have mention....BUT... > >I was out running errands today and used my ATM card for a cash purchase. >This led me to think, aha, I could simply get this card "charged" every >so often with another denomination ($20, $50, $200, $2000, whatever) and >go around spending my money without the Store having to phone in the transaction. This raises a couple of thought in my mind, namely > 1) Reverse the function of current ATM units, ie use them to >"charge" (as in, activate, add money to) the BANK CARD, rather than the >opposite that we do now... > 2) Find some way to ensure that the card itself does not contain >an identifier, so that the user is not recorded during the transaction. > 3) The card then becomes a bearer instrument of sorts. No big deal; >IT'S JUST LIKE MONEY. People have to be careful with money, so they ought >to be careful with these things too. You could still probably use PIN #s >(personal code), since they're pretty generic and can be selected and >changed by the end user himself....whoops no, on second thought, not unless >the user can encode the PIN himself. Hmm. I dunno. PIN could be OK as long >as it was never recorded in the transaction, but there's the danger of the >transaction program taking a look surreptitiously... > > 4) Digicash exists already. I buy a copy card at the library and >put money onto it, then use it at will in the copy machines. If I lose the >card, I'm outta luck, cos anyone who finds it can use it. Primitive, single >function, but basically what this is about, I think? > >So, what I'm trying to say is that it is possible now to do this, without >any huge breakthrough or legal innovations. If I have missed something obvious, >please enlighten me (gently!). > >- -Paul > >------- End of Forwarded Message > > From plmoses at unix.cc.emory.edu Sun Aug 22 20:51:45 1993 From: plmoses at unix.cc.emory.edu (Paul L. Moses) Date: Sun, 22 Aug 93 20:51:45 PDT Subject: Better late than never, eh Stanton? Message-ID: <9308230350.AA17349@emoryu1.cc.emory.edu> >From hughes at toad.com Sun Aug 22 20:07:28 1993 >To: plmoses at unix.cc.emory.edu (Paul L. Moses) >Subject: [plmoses at unix.cc.emory.edu (Paul L. Moses): forwarding] >Date: Sun, 22 Aug 93 17:07:20 -0700 >From: hughes at toad.com > > >------- Forwarded Message > >Return-Path: plmoses at unix.cc.emory.edu >Received: from emoryu1.cc.emory.edu ([128.140.1.1]) by toad.com id AA25788; Tue, 17 Aug 93 09:19:15 PDT >Received: by > emoryu1.cc.emory.edu (5.65/Emory_cc.3.4.6) via MAILPROG > id AA17454 ; Tue, 17 Aug 93 12:19:07 -0400 >Return-Path: plmoses at unix.cc.emory.edu >Date: Tue, 17 Aug 93 12:19:07 -0400 >From: plmoses at unix.cc.emory.edu (Paul L. Moses) >Message-Id: <9308171619.AA17454 at emoryu1.cc.emory.edu> >To: owner-cypherpunks at toad.com >Subject: forwarding > >>From anton at hydra.unm.edu Sun Aug 15 03:21:35 1993 >From: Stanton McCandlish >Subject: Re: On The Inherent Evil of Electronic Democracy >To: plmoses at unix.cc.emory.edu (Paul L. Moses) >Date: Sun, 15 Aug 1993 01:21:25 -0600 (MDT) >In-Reply-To: <9308121908.AA06721 at emoryu1.cc.emory.edu> from "Paul L. Moses" at Aug 12, 93 03:08:00 pm >X-Mailer: ELM [version 2.4 PL21] >Mime-Version: 1.0 >Content-Type: text/plain; charset=US-ASCII >Content-Transfer-Encoding: 7bit >Content-Length: 3327 > >Quoth Paul L. Moses, verily I say unto thee: >- -=> >- -=>Regarding the Electronic Democracy idea, I vote with Tim May. Look at the > >Just the opposite here. > >One factor has been missing from this discussion. > >Representative "democracy" is a statist imposition. > >One other factor: > >The number of issues to be voted on is quite large. Even with easy access >via cable-tv data networks, public voting kiosks, etc, no one will be able >to keep up. This will immediately result in demand for LESS legislation, >which is a good thing no matter how you look at it. > >Simple requirements for quorums before a proposition comes up for voting >would head off most goofy bills right from the start. If you have to have >at least, say, 10% of the population to vote to ALLOW AN ISSUE TO EVEN BE >VOTED ON, most idiot bills will be nipped in the bud. One other thing >you'll see disappear is "private laws". Our congress wastes an incredible >amount of time and money working on laws that affect only one corporation, >or one small area. For one thing, most of this stuff is irrelevant as far >as the Law of the Land goes. It's not something our legislature should be >involved in. Let companies work out their own damn problems. For >another, local-area laws should be handled by local areas. Period. >In my opinion. > >The main objection I keep seeing is that all them loonies will vote for >stupid laws. I'd like to ask you how many of these people vote NOW? Not >very many. The idiotic, the lazy, and the careless do not vote, by and >large. The people that vote are the people that think about issues, and >decide that they want to do something about them. > >Anyway, when some of this comes about, and it is quite inevitable, I would >hope that a very least e-voting gives the people veto power, to directly >overturn anything passed by congress and the prez, and even the power to >kill bills before they even get past the discussion stage. Add to that >the right to directly propose legislation, provided there is a quorum, and >I think that would be a good starting point. > >If all Tim and others with the same views are upset about is that a sudden >change could result in utter chaos, I have no argument with that. The >changes must be gradual, so as to not cause a governmental backlash. I >can see just installing the system and cutting congress out of the picture >entirely. The resulting mess would be allowed to go on for about a month, >before the pres declared martial law due to national emergency, and then >it'd be all over. One thing that irritates the hell out of me about many >anarch[o-capital]ists and libertarians, is an all or nothing stance. Some >of you folks don't seem to clue to the ideas of compromise, gradual >change, long-term planning, and strategic retreat to throw an enemy off >balance. You aren't going to take the world by storm, and Tim's dire >predictions of a hell hole that would result if such occured are right on >the mark. Play our cards right, and we'll take the world by whispering breeze. > >- -- >Stanton McCandlish * Space Migration * Networking * ChaOrder * NO GOV'T. * >anton at hydra.unm.edu * Intelligence Increase * Nano * Crypto * NO RELIGION * >FidoNet: 1:301/2 * Life Extension * Ethics * VR * Now! * NO MORE LIES! * >Noise in the Void BBS * +1-505-246-8515 (24hr, 1200-14400, v32bis, N-8-1) * > > > >------- End of Forwarded Message > > From szabo at netcom.com Sun Aug 22 23:05:17 1993 From: szabo at netcom.com (Nick Szabo) Date: Sun, 22 Aug 93 23:05:17 PDT Subject: Digicash In-Reply-To: <9308230349.AA16925@emoryu1.cc.emory.edu> Message-ID: <9308230604.AA26451@netcom4.netcom.com> Paul Moses: > 3) The [ATM] card then becomes a bearer instrument of sorts. > No big deal; IT'S JUST LIKE MONEY. It is a big deal. Many people like carrying ID-based cards (ATM w/PIN, credit cards, etc.) so they aren't easy targets for violent thieves. Although this reaches equlilibrium -- as long as most people use credit cards instead of cash, a few of us can still carry around cash as long as we don't wave it around too much. Targets of opportunity these days include late-night ATM customers. Query: what will be the last businesses to install ATM terminals? A couple that come to mind right away: * rural businesses (poor net access) * pawn shops (desire for privacy -- though I continue to be amazed how many people create dossiers on themselves by calling 1-900 phone sex numbers, renting X-rated vids with credit card, etc.) Nick Szabo szabo at netcom.com From plmoses at unix.cc.emory.edu Sun Aug 22 23:11:24 1993 From: plmoses at unix.cc.emory.edu (Paul L. Moses) Date: Sun, 22 Aug 93 23:11:24 PDT Subject: Digicash Message-ID: <9308230610.AA02065@emoryu1.cc.emory.edu> I dont see that a "reverse" ATM card (ie, one that was "charged" with money to spend) poses any greater risk to the bearer, IF some kind of authorization code/check is built into the card. What I am hazy on is how such an authorization could exist while avoiding the problem of creating a dossier. If the individual user could encode his own PIN on the card without telling the bank, that would do it. Or, the bank could know the PIN but if the Retailer's transaction software never *records* the PIN, then there will be no privacy problem...since there will be nothing to cross check against the bank's records. The retailer is happy cos he has HIS data (item sold, amount, date, etc); the consumer is protected, and the bank is not involved at all. Eh? From cdodhner at indirect.com Mon Aug 23 00:55:17 1993 From: cdodhner at indirect.com (Christian D. Odhner) Date: Mon, 23 Aug 93 00:55:17 PDT Subject: indirect remailer Message-ID: <9308230752.AA24287@indirect.com> The indirect remailer still has some bugs to work out with the pgp portion of the scripts etc. Therefore the logs and archive files and debug stuff will remain active until I have time to fix it, probably in a day or two. I'll be sure to let you all know when it's as secure as it can be (as secure as anything can be when I don't have root and somebody else does...) Happy Hunting, -Chris. From b44729 at achilles.ctd.anl.gov Mon Aug 23 02:11:28 1993 From: b44729 at achilles.ctd.anl.gov (Samuel Pigg) Date: Mon, 23 Aug 93 02:11:28 PDT Subject: Remailers, pgp and SMTP. Message-ID: <9308230909.AA23408@achilles.ctd.anl.gov> Perhaps this has been discussed before (I am often guilty of Not Paying Attention(tm)), but would security not be improved for the remailers if people used some simple software to connect to the remailer via socket 25 and send the message that way, rather than leaving log files on their host? For remailers run from student account security could be increased by doing the same; preventing log files by using direct SMTP connections? Ex: (1) User composes message. (2) User encrypts to recipient. (3) User encrypts to remailer. (4) User then mails to remailer using a small program to handle the SMTP connection directly. (5) Remailer (perhaps running on a student account) decrypts message with its secret key. (6) Remailer manually (whenever it gets around to it (to guard against traffic analysis)) SMTP's the message to the recipients host. (7) Recipient decrypts message. Of course these security gains could be circumvented by root (on the remailer) in several different ways, but it would take much more work I would think. Hell, it could be that the remailers already do this (I don't have the code) but I doubt if many people send mail to the remailers by connecting to port 25 of the host. -Sam From M..Stirner at f28.n125.z1.FIDONET.ORG Mon Aug 23 04:46:54 1993 From: M..Stirner at f28.n125.z1.FIDONET.ORG (M. Stirner) Date: Mon, 23 Aug 93 04:46:54 PDT Subject: Munged account feeding ol Message-ID: <2028.2C78568C@shelter.FIDONET.ORG> -=> Quoting Uucp to All <=- Uu> From kumr!toad.com!owner-cypherpunks Uu> From: fergp at sytex.com (Paul Ferguson) Uu> To: cypherpunks at toad.com Uu> Date: Sun, 22 Aug 93 08:01:40 EDT Uu> Am I the only one getting carbon copies of many of my own messages Uu> from someone else's munged account? Uu> Uu> Error: User "dhaise" isn't on lebanon Uu> Uu> ----------returned message---------- I've received one of these too. ... Try to look unimportant because the bad guys may be low on ammo. ___ Blue Wave/QWK v2.12 -- M. Stirner - via FidoNet node 1:125/1 UUCP: ...!uunet!kumr!shelter!28!M..Stirner INTERNET: M..Stirner at f28.n125.z1.FIDONET.ORG From bjh at world.std.com Mon Aug 23 09:11:34 1993 From: bjh at world.std.com (Brian J Harvey) Date: Mon, 23 Aug 93 09:11:34 PDT Subject: Secure Voice Message-ID: On 8/22/93 Harry Bartholomew mentioned a new "secure voice" product from SVC in College Station, TX. Does anyone have more info on this product, ie a phone number? Question: He states that they offer "lifetime upgrades" but also that they do not mantain cust. records (for privacy), so how does one find out about new releases. Wouldn't one need to "poll the company" to learn of a new release and wouldn't that turn into a headache for the company? (Assuming they've sold significant numbers) Brian From frissell at panix.com Mon Aug 23 09:11:56 1993 From: frissell at panix.com (Duncan Frissell) Date: Mon, 23 Aug 93 09:11:56 PDT Subject: Digicash In-Reply-To: <9308230604.AA26451@netcom4.netcom.com> Message-ID: <199308231607.AA08789@panix.com> In <9308230604.AA26451 at netcom4.netcom.com> szabo at netcom.com (Nick Szabo) writes: >It is a big deal. Many people like carrying ID-based >cards (ATM w/PIN, credit cards, etc.) so they aren't easy targets for >violent thieves. Although this reaches equlilibrium -- as long as most >people use credit cards instead of cash, a few of us can still carry >around cash as long as we don't wave it around too much. Targets of >opportunity these days include late-night ATM customers. ATM cards w/pin are *already* bearer instruments. Likewise credit cards for ATM transactions and for those credit transactions (small stuff) where other ID is not checked. Most people use cash instead of credit cards. Something like 60-75% of in person transactions are still in cash. Many of the balance are via checks. 40% of the population still has no plastic and 20% don't even have checking accounts. Duncan Frissell Sorry for any problems. Learning to use Helldiver packets. Anyone know a Windows reader for Helldiver packets (they are called something else too)? From wcs at anchor.ho.att.com Mon Aug 23 10:21:34 1993 From: wcs at anchor.ho.att.com (wcs at anchor.ho.att.com) Date: Mon, 23 Aug 93 10:21:34 PDT Subject: "Secure Voice" Message-ID: <9308231713.AA01938@anchor.ho.att.com> geoffw at nexsys.net (Geoff White) writes: > Anybody know about the voice capabilities of the ZyXel class modems? > I own a ZyXel 1496E which can digitize voice and also transmit > voice data that has been digitized. It would be easy to > first encript this stream before sending it out. > The 1496E+ also support CELP (or is it (CLEP?) but that one > cost about $400. (The 1496E is around $300) It also is a 14.4 K > baud modem and does FAX. The ZyXel has a 68xxx and a DSP chip. It's able to digitize and compress voice, and also to play back digitized voice, and also to do 9600/14400 modeming, but it can't do all three at once. To build a secure voice phone with Zyxels, you'd need either 2 or 3 modems - one to handle the modem functions, one to compress the voice, and either the same or a separate one to play voice. But it's a good start. What I'd like to see is a SoundBlaster followon with a DSP chip. It IS possible to get DSP boards for PCs and I think for Macs, so you could build a system easily enough with a DSP board and a SoundBlaster, but the last time I checked, the DSP boards tended to be expensive and packaged with lots of fancy waveform analysis tools. Bill Stewart From hfinney at shell.portal.com Mon Aug 23 10:35:19 1993 From: hfinney at shell.portal.com (hfinney at shell.portal.com) Date: Mon, 23 Aug 93 10:35:19 PDT Subject: Chaum on the wrong foot? Message-ID: <9308230602.AA25529@jobe.shell.portal.com> A lot of our discussion is influenced by the ideas of David Chaum. He pioneered technology which could protect individual privacy while allowing very flexible sorts of credentials and guarantees. He has also played a big role in the various proposals for digital cash. But I think that Chaum has gone off in the wrong direction in the last few years. More and more he is concentrating on protocols which rely on a tamper-proof, hardware implementation of a cryptographic protocol which he calls an "observer". This observer chip would sit in your computer (which could be a Newton-style PDA or a smart card) and would play an important part in the exchanges of information, cash, or credentials which you would make with others. The observer basically makes sure you are telling the truth in your transactions, that you are not double-spending your digital cash, or not claiming a credential which you don't have. Now, this approach has the obvious advantage that it allows solving certain problems which can't be solved otherwise. There appears to be no way to provide for secure, off-line digital cash, for example, other than with something like an observer. But it has the equally obvious problem of relying on a tamper-proof chip as a necessary part of the protocol. Recently it seems that many of the papers out of his group are designed to explore observer-based protocols. This means that these ideas are not useful for software-only implementations. One of the (relatively few) strengths that we and the forces we represent have is that free software can be spread very far and very fast, making it hard for those opposed to privacy to successfully stop our efforts. Any technology based on special chips is going to lose these advantages. Another problem with the observer is psychological. Although Chaum goes to great lengths to design his cryptographic protocols so that even a cheating observer can learn effectively NOTHING about the computer user that would compromise his privacy, people may still feel uncomfortable about having a mechanical "conscience" in their pocket. People want to feel in control of their computers, and I think supporting this control is a big part of the Cypherpunks philosophy. A related point is that there have already been comparisons on sci.crypt between Chaum's observers and the Clipper chip, in that both rely on tamper-resistant technology to implement features which are not entirely in their owner's best interests. Assuming we do manage to successfully defeat Clipper, the taint of this association may increase resistance to observers. I wish Chaum and his group would stop directing their efforts towards protocols which require an observer chip to be effective. Granted, there are some things that don't work as nicely without observers. But I think that a realistic appraisal of the pros and cons suggests that non-observer protocols are more likely to further our ultimate goal of personal privacy. Hal Finney hfinney at shell.portal.com From hfinney at shell.portal.com Mon Aug 23 10:36:21 1993 From: hfinney at shell.portal.com (hfinney at shell.portal.com) Date: Mon, 23 Aug 93 10:36:21 PDT Subject: Attacks on remailers Message-ID: <9308230602.AA25533@jobe.shell.portal.com> Chaum, in his first paper on "Mixes" (anonymous remailers) described protocols which were designed to resist several attacks. (See the February, 1981, Communications of the ACM, p. 84.) These can be understood by considering a series of attacks of increasing sophis- tication, with corresponding responses. Our opponent has as his goal to track a message through a chain of remailers. Attack 1: Just intercept the message from the sender, and look at the commands of the form: :: Request-Remailing-To: first-remailer :: Request-Remailing-To: second-remailer :: Request-Remailing-To: final-destination The final command shows where the message is finally going to go. Response: Encrypt the messages. Use "nesting", so that all that is visible as each message leaves a remailer is the destination of the next remailer. Attack 2: Look at the mail logs on the system running the remailer to see which message goes out from the remailer account shortly after each message comes in. Response: Run the remailer on a machine which does not keep mail logs, or on a machine to which you can deny the attackers access. Attack 3: Monitor the messages in real time as they flow into and out of each remailer machine, again looking for the message which comes out just after each incoming message. Response: Batch up many messages which arrive over a period of time, only sending them out at regular intervals or when a certain number have accumulated. Send them out in random order. Alternatively, delay each message by a random amount of time before the message goes out. (This response will also deal with the previous attack.) Attack 4: Look at distinguishing features of the messages which are preserved by the remailers, such as subject line or message size, to match up incoming and outgoing messages within each batch. Response: Do not retain any header fields through remailers, not even subject. Use an encryption mode in which messages are rounded up to some standard size so that all messages appear to be the same size. Attack 5: Record an incoming message to the remailer, and insert a copy of it into the incoming message stream, so that the batch will have two identical messages. Look for two identical outgoing messages. Remove one. This is the match to that incoming message. Response: Check for duplicate incoming messages in the remailer, and remove all but one copy of each duplicate. Attack 6: Insert a duplicate message multiple times in separate batches. Observe the outgoing batches and look for a pattern of destinations which are correlated with those batches in which the incoming message is inserted. Response: Check for messages which have been duplicated from earlier batches and remove them. Include time/date stamps on incoming messages with a time limit so that they are no good after a certain number of days; this way the check for duplicates only has to go back that many days. Attack 7: Look at all messages coming out of the first remailer, and follow them into their 2nd remailers; take all messages from those and follow them on, and so on. This will eventually lead to a number of destinations, one of which must have been the destination of the original message. Over a period of time, look for correlations between destinations and sources. Response: Use large remailer chains of popular remailers. With enough mixing at each stage of the chain, the number of possible destinations will become astronomically large, making correlations statistically impossible. Attack 8: Correlate messages being sent from person A with messages being received a certain time later by person B. Even without the ability to track messages through the remailers this can show a communication pattern. Response: Send dummy messages at regular intervals, which bounce through the remailer network and then die. When you have a real message to send, replace one of the dummies with this. The sender's traffic pattern is then constant and no information can be gained from it. Attack 9: Bribe or coerce one or more remailer operators into revealing their keys, or into decrypting the desired messages. Alternatively, run many remailers, pretending to be dedicated to privacy, while secretly gathering information on the messages. Response: Use many remailers in a variety of geographical locations, so that it is unlikely that all of them can be corrupted in this way. These are all the attacks I can remember being implicitly considered in Chaum's paper. Other people who have ideas for attacks should mention them so we can think of responses. Chaum also discusses anonymous return addresses. We have a simple form of these enabled in our encrypting remailers. The idea is to encrypt a series of remailing requests for the path the message will follow, with the last request directing the message to the user whose anonymous address this is. Some more attacks are possible in this case: Attack 1A: Look at the message content as it passes through each remailer, to correlate incoming and outgoing messages. Response: Encrypt the message at each stage to prevent this matching. This raises the problem of how to determine the encryption key in such a way that the final user can decrypt the message. Chaum suggested including the encryption key in the anonymous address (a different key at each stage of the chain), so that the user can decrypt the message. Eric Messick has proposed letting the remailer choose the key, with a protocol for the user to communicate again with the remailer to get the message decrypted. Attack 1B: Send two different messages to the same return address with different contents, and look for duplicate address blocks in the outgoing batches. Response: Apply some randomization to the address blocks at each stage so that messages to the same address don't look identical. (Chaum did not give this solution, as he viewed the next attack as being essentially unanswerable.) Attack 1C: Send many addresses to the anonymous address, and look for a destination which receives that many messages in a correlated fashion. Response: Chaum's response is that the remailer must not accept more than one message with a given anonymous return address, just as it must not accept more than one copy of a message in the regular case. This implies that anonymous return addresses must be use-once to be truly secure. This conclusion is uncomfortable, as the requirement that an address be use-once will severely impair its usability. But this attack appears hard to avoid. There is always the possibility of giving up on anonymous addresses in the Chaumian sense, and instead using other ideas which have been suggested here, such as posting to newsgroups, or message broadcast pools. All of these ideas have the problem that they expose everyone in some group to all of the messages intended for every group member, hence the number of messages will scale as the square of the number of group members. This will quickly become unmanageable for large groups, therefore providing only a limited amount of anonymity. It's also worth noting that our remailers are vulnerable to almost all of these attacks; at best we are safe against two or three of them. Hal Finney hfinney at shell.portal.com From strick at versant.com Mon Aug 23 11:31:35 1993 From: strick at versant.com (strick -- henry strickland) Date: Mon, 23 Aug 93 11:31:35 PDT Subject: (CuD) (CuNews) Smart Kard Forum Message-ID: <9308231833.AA00937@versant.com> Does anyone know if these Smart Kards could be available via anonymous cash transactions, like european telephone cards? Would any of these companies be open to ideas? They don't list any address or references.... strick ------ Source: Computer underground Digest Sun Aug 22 1993 Volume 5 : Issue 64 ------ Date: Wed, 18 Aug 93 12:19:00 BST From: grmeyer at GENIE.GEIS.COM Subject: File 4--CuNews ("Smart Kards," Comp Snooping at IRS/FBI, & more) Smart Kards Are Coming ====================== A group of corporations, including MasterCard, Visa, Citicorp, Amex, IBM, AT&T, Microsoft, and Apple, have formed the Smart Card Forum. The cross-industry group will promote the use of smart-card technology for payment, transit, health care, identification, and security applications. (Information Week August 9, 1993 pg 10) From s.summers1 at genie.geis.com Mon Aug 23 12:45:20 1993 From: s.summers1 at genie.geis.com (s.summers1 at genie.geis.com) Date: Mon, 23 Aug 93 12:45:20 PDT Subject: Munged account feeding old mai Message-ID: <9308231942.AA00765@relay2.geis.com> Subject: Munged account feeding old mail? >From Paul Ferguson: >Am I the only one getting carbon copies of many of my own messages >from someone else's munged account? Nope. Even got it here (twice)... Sean From newsham at wiliki.eng.hawaii.edu Mon Aug 23 13:01:36 1993 From: newsham at wiliki.eng.hawaii.edu (Timothy Newsham) Date: Mon, 23 Aug 93 13:01:36 PDT Subject: "Secure Voice" In-Reply-To: <9308231713.AA01938@anchor.ho.att.com> Message-ID: <9308231957.AA02205@toad.com> > > What I'd like to see is a SoundBlaster followon with a DSP chip. > It IS possible to get DSP boards for PCs and I think for Macs, > so you could build a system easily enough with a DSP board and a SoundBlaster, > but the last time I checked, the DSP boards tended to be expensive > and packaged with lots of fancy waveform analysis tools. > > Bill Stewart > the soundblaster board already has a dsp on board. It is supposed to be programmable, but most books dont mention anything about how to do this. From kent_hastings at qmail2.aero.org Mon Aug 23 13:51:38 1993 From: kent_hastings at qmail2.aero.org (Kent Hastings) Date: Mon, 23 Aug 93 13:51:38 PDT Subject: Chaum criticism Message-ID: <199308232050.AA12556@aerospace.aero.org> Chaum criticism#000# Hal Finney writes: > ... I think that Chaum has gone off in the wrong direction > in the last few years [by] concentrating on protocols which rely > on a tamper-proof, hardware ... "observer"... chip ... etc. Amen. > ... it seems that many of the papers out of his group are designed > to explore observer-based protocols. I am trying to read and understand the Niels Ferguson "Off-line Coins" article, the "Efficient Off-line Digital Cash" paper also from CWI and the Netcash paper. Were you the one critical of the Netcash paper because it didn't offer unconditional untraceability? Do the papers I just listed require observer chips, or are they OK for software-only? > This means that these ideas are not useful for software-only > implementations. One of the (relatively few) strengths that we > and the forces we represent have is that free software can be > spread very far and very fast, making it hard for those opposed > to privacy to successfully stop our efforts. Any technology based > on special chips is going to lose these advantages. We have PageMaker, CAD ware, someday we may have "ChipMaker" to create "chipscript" robotic control files to make our own monolithic IC's. In the short term, perhaps we can distribute shareware hardware designs using low-cost components to avoid back doors in manufactured comm gear. > ... people may still feel uncomfortable about having a > mechanical "conscience" in their pocket ... there have already > been comparisons on sci.crypt between Chaum's observers and > the Clipper chip ... In other words, if we can't see the "source code" for the hardware design, or "compile" it ourselves, maybe we shouldn't really trust it. > I think that a realistic appraisal of the pros and cons > suggests that non-observer protocols are more likely to > further our ultimate goal of personal privacy. What particular design would you like to see widely implemented now given these objections to observer chips? Is there software we can use NOW for ATM's and banks? Kent - jkhastings at aol.com From cme at ellisun.sw.stratus.com Mon Aug 23 14:51:39 1993 From: cme at ellisun.sw.stratus.com (Carl Ellison) Date: Mon, 23 Aug 93 14:51:39 PDT Subject: Attacks on remailers In-Reply-To: <9308230602.AA25533@jobe.shell.portal.com> Message-ID: <9308231749.ZM12733@ellisun.sw.stratus.com> On Aug 22, 11:02pm, hfinney at shell.portal.com wrote: > Subject: Attacks on remailers > Chaum, in his first paper on "Mixes" (anonymous remailers) described > protocols which were designed to resist several attacks. (See the > February, 1981, Communications of the ACM, p. 84.) These can > be understood by considering a series of attacks of increasing sophis- > tication, with corresponding responses. > > Our opponent has as his goal to track a message through a chain of > remailers. > > Attack 1: Just intercept the message from the sender, and look at the > commands of the form: > :: > Request-Remailing-To: first-remailer > :: > Request-Remailing-To: second-remailer > :: > Request-Remailing-To: final-destination > > The final command shows where the message is finally going to go. > > Response: Encrypt the messages. Use "nesting", so that all that is > visible as each message leaves a remailer is the destination of the > next remailer. > > Attack 2: Look at the mail logs on the system running the remailer to > see which message goes out from the remailer account shortly after each > message comes in. > > Response: Run the remailer on a machine which does not keep mail logs, > or on a machine to which you can deny the attackers access. > > Attack 3: Monitor the messages in real time as they flow into and out of > each remailer machine, again looking for the message which comes out > just after each incoming message. > > Response: Batch up many messages which arrive over a period of time, > only sending them out at regular intervals or when a certain number have > accumulated. Send them out in random order. Alternatively, delay each > message by a random amount of time before the message goes out. (This > response will also deal with the previous attack.) > > Attack 4: Look at distinguishing features of the messages which are > preserved by the remailers, such as subject line or message size, to > match up incoming and outgoing messages within each batch. > > Response: Do not retain any header fields through remailers, not even > subject. Use an encryption mode in which messages are rounded up to > some standard size so that all messages appear to be the same size. > > Attack 5: Record an incoming message to the remailer, and insert a copy > of it into the incoming message stream, so that the batch will have two > identical messages. Look for two identical outgoing messages. Remove > one. This is the match to that incoming message. > > Response: Check for duplicate incoming messages in the remailer, and > remove all but one copy of each duplicate. > > Attack 6: Insert a duplicate message multiple times in separate batches. > Observe the outgoing batches and look for a pattern of destinations > which are correlated with those batches in which the incoming message > is inserted. > > Response: Check for messages which have been duplicated from earlier > batches and remove them. Include time/date stamps on incoming messages > with a time limit so that they are no good after a certain number of > days; this way the check for duplicates only has to go back that many > days. > > Attack 7: Look at all messages coming out of the first remailer, and > follow them into their 2nd remailers; take all messages from those and > follow them on, and so on. This will eventually lead to a number of > destinations, one of which must have been the destination of the original > message. Over a period of time, look for correlations between destinations > and sources. > > Response: Use large remailer chains of popular remailers. With enough > mixing at each stage of the chain, the number of possible destinations > will become astronomically large, making correlations statistically > impossible. > > Attack 8: Correlate messages being sent from person A with messages being > received a certain time later by person B. Even without the ability to > track messages through the remailers this can show a communication pattern. > > Response: Send dummy messages at regular intervals, which bounce through > the remailer network and then die. When you have a real message to send, > replace one of the dummies with this. The sender's traffic pattern is > then constant and no information can be gained from it. > > Attack 9: Bribe or coerce one or more remailer operators into revealing > their keys, or into decrypting the desired messages. Alternatively, run > many remailers, pretending to be dedicated to privacy, while secretly > gathering information on the messages. > > Response: Use many remailers in a variety of geographical locations, so > that it is unlikely that all of them can be corrupted in this way. > > These are all the attacks I can remember being implicitly considered in > Chaum's paper. Other people who have ideas for attacks should mention > them so we can think of responses. > > Chaum also discusses anonymous return addresses. We have a simple form > of these enabled in our encrypting remailers. The idea is to encrypt > a series of remailing requests for the path the message will follow, > with the last request directing the message to the user whose anonymous > address this is. > > Some more attacks are possible in this case: > > Attack 1A: Look at the message content as it passes through each remailer, > to correlate incoming and outgoing messages. > > Response: Encrypt the message at each stage to prevent this matching. This > raises the problem of how to determine the encryption key in such a way > that the final user can decrypt the message. Chaum suggested including the > encryption key in the anonymous address (a different key at each stage > of the chain), so that the user can decrypt the message. Eric Messick > has proposed letting the remailer choose the key, with a protocol for the > user to communicate again with the remailer to get the message decrypted. > > Attack 1B: Send two different messages to the same return address with > different contents, and look for duplicate address blocks in the outgoing > batches. > > Response: Apply some randomization to the address blocks at each stage so > that messages to the same address don't look identical. (Chaum did not > give this solution, as he viewed the next attack as being essentially > unanswerable.) > > Attack 1C: Send many addresses to the anonymous address, and look for a > destination which receives that many messages in a correlated fashion. > > Response: Chaum's response is that the remailer must not accept more than > one message with a given anonymous return address, just as it must not > accept more than one copy of a message in the regular case. This implies > that anonymous return addresses must be use-once to be truly secure. > > This conclusion is uncomfortable, as the requirement that an address be > use-once will severely impair its usability. But this attack appears > hard to avoid. > > There is always the possibility of giving up on anonymous addresses in > the Chaumian sense, and instead using other ideas which have been > suggested here, such as posting to newsgroups, or message broadcast > pools. All of these ideas have the problem that they expose everyone > in some group to all of the messages intended for every group member, > hence the number of messages will scale as the square of the number of > group members. This will quickly become unmanageable for large groups, > therefore providing only a limited amount of anonymity. > > It's also worth noting that our remailers are vulnerable to almost all > of these attacks; at best we are safe against two or three of them. > > Hal Finney > hfinney at shell.portal.com >-- End of excerpt from hfinney at shell.portal.com From cme at ellisun.sw.stratus.com Mon Aug 23 15:01:39 1993 From: cme at ellisun.sw.stratus.com (Carl Ellison) Date: Mon, 23 Aug 93 15:01:39 PDT Subject: Attacks on remailers In-Reply-To: <9308230602.AA25533@jobe.shell.portal.com> Message-ID: <9308231757.ZM12740@ellisun.sw.stratus.com> On Aug 22, 11:02pm, hfinney at shell.portal.com wrote: > Subject: Attacks on remailers Please pardon the previous mail. My new mailer's "send" button jumped into the path of my mouse and got run down. -------------------------------------------------- The best protection against traffic analysis I've seen is to make sure that there is no information available from the traffic content, timing or volume. The first can be done by encrypting all header information, as well as message contents. Thanks to public-key, we have a chance to do that. The others can be handled by making sure that the traffic timing and volume are constant. The luxurious way to do this is by keeping a continuous traffic stream going. We could do this more economically by sending daily messages (same time(s) each day) of constant length -- both between each of us and each remailer and between the remailers. This limits the maximum bandwidth per person but clobbers traffic analysis. - Carl From tcmay at netcom.com Mon Aug 23 15:45:21 1993 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 23 Aug 93 15:45:21 PDT Subject: No digital coins (was: Chaum on the wrong foot?) In-Reply-To: <9308230602.AA25529@jobe.shell.portal.com> Message-ID: <9308232244.AA16620@netcom5.netcom.com> There is no silver bullet! Here are some comments about why there are no easy to use "digital coins," and why the digital money protocols are so complicated and involve banks, tamper-resistant modules, and other things that may not be make difficult some of our Cypherpunks goals. I agree with Hal Finney's basic point about David Chaum's current direction: it is not precisely the direction I'd like to see. However, in Chaum's defense, his is only one group and can only do so much. I don't see other groups pursuing digital cash with the same vigor and depth, save for the occasional paper about "electronic wallets" and so forth, and so Chaum is doing what he is doing. It is possible that someone here in Cypherpunks will develop some form of competing system. (Bear in mind, though, that these protocols are notoriously complicated, and involve issues of forgery, spoofing, denial (that a transaction occurred), tax laws, and so on.) One of Hal's points deserves special comment: (speaking of the observer protocol) > Now, this approach has the obvious advantage that it allows solving > certain problems which can't be solved otherwise. There appears to be > no way to provide for secure, off-line digital cash, for example, other > than with something like an observer. There are no digital coins. A physical piece of gold, the canonical piece of money, is essentially imposssible to counterfeit/forge, so coins can be passed from person to person, person to shop, to banks, to tax collectors, etc. It is the ultimate "bearer instrument." Importantly, the flow of such money is "conservative" in that the total amount of such money is constant...no amount of trickery or protocol complexity can increase the amount present, and only loss of the physical coins can reduce the amount. Paper currency is ostensibly a parallel to physical money (at least in countries on a gold or silver standard, which the U.S. is not any longer). Strong currencies (DM, yen, dollar, SF...though this is all debatable) still have some of the "conservative" nature, because the bills/notes are very difficult to counterfeit and are exchanged as physical items or tokens. I won't get into things like VISA transactions, promissory notes, etc., except to say they are quite a bit less "tangible" (anyone who has gotten unexpected VISA transactions, triggered by someone out there, understands that the transactions are much less straightforward and tangible). A problem with digital money has always been that there apparently is no close equivalent to a digital coin, a token which can be passed around freely, as a quarter or a dollar bill can be. The reasons are obvious: a cryptographic number can be trivially duplicated (counterfeited/forged) and presented to a second or third person. Thus, the receiver of such a piece of digital money must confirm that it has not already been spent, that some bank will redeem it for "real" money, etc. Digital coupons have this same problem. (Real coupons are made fairly counterfeit-resistant, as are such things as lottery tickets. Lottery tickets also use a clever scheme whereby the winning number, the thing that gets announced, is hashed/transformed into another number with a secret key, and this second number is also printed on the ticket, but would-be spoofers are unable to generate the second number.) The complicated Chaum protocols, which now are going in the direction of the tamper-resistant "observer" chips (in smartcards, PDAs, etc.), address these issues of spoofing, denial, counterfeiting, etc., in various ways. Later, Hal makes another good point: > A related point is that there have already been comparisons on sci.crypt > between Chaum's observers and the Clipper chip, in that both rely on > tamper-resistant technology to implement features which are not entirely > in their owner's best interests. Assuming we do manage to successfully > defeat Clipper, the taint of this association may increase resistance to > observers. > > I wish Chaum and his group would stop directing their efforts towards > protocols which require an observer chip to be effective. Granted, > there are some things that don't work as nicely without observers. But > I think that a realistic appraisal of the pros and cons suggests that > non-observer protocols are more likely to further our ultimate goal of > personal privacy. It seems likely to me that even now a group within the bowels of the NSA and NIST is developing a "digital money clipper" (a euphonious pun?), that is, a standard for digital money with similar sorts of backdoors, emergency doors, etc., that Clipper has. NSA/NIST surely knows of the pressures for digital money, and could plan to introduce their own standard. Instead of "LEAFs" for the FBI and other law enforcement, this one could have "IRS observers" and "money-laundering observers" (this is wild speculation, I'll grant you) which tie-in to currency exchange reporting, sales tax, and income tax law enforcement systems. It may be that Chaum, who is eager to actually get some sales to groups within Europe and elsewhere, is already responding to some pressures for "accountability" (the digital money version of "wire-tappability") by various European governments and the observer protocols are an effort to satisfy some of these concerns. (I am not accusing Chaum of anything, just speculating that some groups developing digital money--and Chaum is the clear leader here--may have market or legal constraints which are shaping their focus away from the digital money = untraceable cash = crypto anarchy direction many of us favor.) A "Cypherpunks digital money" system may be more urgent than ever. -Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From anonymous at extropia.wimsey.com Mon Aug 23 16:56:39 1993 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Mon, 23 Aug 93 16:56:39 PDT Subject: Wimsey Remailer Alive! Message-ID: <199308232328.AA07642@xtropia> M. Stirner said here: "OK. It seems that remail at extropia.wimsey.com (#15) is down. This is a shame, as it was the _only_ remailer that would function as an anonymous remailer for me. It worked beautifully while it was up. Its apparent demise has been reported by other users as well," Reports of the wimsey remailer's demise are premature. I just used it to post this message! One possible cause of problems might be use of PGP version 2.3 or 2.3a WITHOUT the following set in CONFIG.TXT: pkcs_compat = 0 # Use backwards-compatible formats The PGP in use by the remailer may be version 2.0 or 2.1, which will not read PKCS-compatible PGP Messages. The wimsey remailer has an ingenious method of returning error messages anonymously. Specify a subject in the message sent to wimsey that will be meaningful to you, but won't identify you (like a set of random letters). This subject does not appear in the remailed message. Then subscribe to the mailing list errors-request at extropia.wimsey.com by sending a message with Subject: subscribe. You will receive a msg for ALL errors detected in incoming messages and ALL bounced messages. Errors in incoming messages are identified by the subject field. Errors from bounced messages are identified by the subject in the bounced message, which is specified following the To: line in the encrypted message sent to wimsey. Wimsey also has an anonymous reply mechanism using a message pool. For more info, send "help" to pool0-request at extropia.wimsey.com I think wimsey is also the only Cypherpunks remailer which resides outside the USA (It's in Canada). This obviously makes it much more inconvenient for USA Law Enforcement to broach the physical security of the remailer. Stirner also says: ". All other cypherpunks remailers, reliable or not, retain the footer addresses automagically inserted by the host box here & are therefore not in any way anonymous for my purposes. There was a discussion of a "cut line" syntax before I temporarily lost access to cypherpunks, but as far as I know there was never any agreement or implementation (I shall be pleased to be corrected if this is not the case)." I think the Hall Remailer at recognizes a "cut line" of --ignore-- I tried this and it failed the first time, but worked the second. You should try a message to yourself before relying on it. Unfortunately this remailer doesn't support encrypted remailing requests. You also may be able to alter or eliminate the automatic signature or footer produced by your BBS. Check your local documentation or ask your SYSOP. From anonymous at extropia.wimsey.com Mon Aug 23 17:31:40 1993 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Mon, 23 Aug 93 17:31:40 PDT Subject: Private Message to BlackNet Message-ID: <199308232328.AA07653@xtropia> -----BEGIN PGP MESSAGE----- Version: 2.3 hIwCHO5QWqKhlGkBA/4wOjC6Tek8x0E+oJVbQdgUDD5OA/WCvh3NlGt0aa+iom5z cAgGlK3Dn7vGzzqCdGLq0AttniSD5QLUVHGcZgz65X1kPCB/fRmkHswNwlrVPjGK HMCPXnso+6bXekobgWE3LPxPtPXwdT/hOYvWsbRCO7mSCqm/wpNka+vnGOz5R6YA AAVVzzF+qGMvjH/Ik8NwaPl0CbMrApyNO7XrX7mOFv7ZVnZRjl33BMZ4wvv5DJmc oWcf6qLhjJ6SHBo+yMmQ7N3KziB4IusR2v6Yu5f5D/ZfarFtPc4PcIwC0xT9Q/DU IiAMIJX70fm0j5vZCO9mlnjpdbXVlRFVXtujkaIWfGl2rTRXcu+2k5YIuMojh7vj WWDNh8TEPcUJBCxle9em0pay7z6Y6FJDPx/XB7WcfNjY3YQCrNqGL7HV+OiWICqK +KWwFM1vGCihHVe45fOLfwoGv7JsUfR4JqXUkxP4Gds9gA1XXbs5bciCcG+kj1W+ MLKfcAqzIPTbEQRMyRRUsmPHTNz4UXvk9iuUYNZRC+SUtTkn2qLtyI1C88Ors+zk XUGVW7UofHFVvXtYuJRxPuGL2dwImQpMX3PSsqPCBQxzrcOvZVtx9W+uxqAXRD8L 4Y6nSD4cgpd8wneC89HWqQ73tb+KYw8jXUhIaa5dUM3lgPoONy+vJsRZTVc6epYC 1wZIQl2EyQMCBsDnTQ5siLAoXYtNqMahJeZ+FevzIMO/1X2lxpuP+H/+cDYvW3V7 fuDh6vjVtUG6xror3iMsS7d90TPq3T2U9rWOu4YrNcgzfMc6Dm0WpgBL+aZEbI5x XLb/ng1skxnb7FlCuvlCLNk/E849pXKuKJ+7GaOlnIOcDsZsOCtQb7k6Ku0gmDU/ Shq1vxzERrmnAJ9Fox+SD3uRqcHtmCV3wcd5kia4nFSsq9Twf/VY1L1GIXgB/vXY 0YnUU69XZyway6AAeIRvxl2StJsqczCX+S0mskuK6FCr/UUTueFfQAfRrgbgs+b9 v2mS0CzxlZLYx/q10p3R7WGhmg/4z3iunUo2pjRxaCDV1VJ8ypTeWy54RrF3n/zI 4QehziVtlziXbh6+rrXUeLjl7icyyDBeeFG9yGoNcLDbn0EYegUGlC6grdhWlk+B KgBbWLH+p60+Rl+H6wRxrPXE/dziu6TiaMeJ+L0TEvNS7CU10Y8ugd265RatA0M/ AqiIfHBN9KOk3hBiJSuyKnvlBMLMMlJZNMXZKaWUhvYGuWIh78GBVJy/+VVOM5iv uC5gg+yhX8KlkfFqh46CG32qvU8sY67YbQ/cnA4gYs34mYry3+cGybXZWm5PBBzk Tc+hRsDA9y4olJTAodwEdv09ynZyas/2GuW2qTpA9JAX9nDe4Is255LLLUAjWi9B HVdQiG5GRd/u1bYSnsmqLVMmSRIISt+USOsA8owgqLUD7cY6mffF7SX6sAvBWlSX M7XohDobXKoafV6nbOOqnfzfk8l5FgTM9sFgenOqCx1eR6dTNjhRwc6wabEr6v3L y+XnVuBTmaeh4KcQ93MGkZBHsQHAbhPdRtTTRgc/waf0vOWhgpOUvWdQsViWVUq9 Iy5iwuTBwNdgLCrlQUT+LCI27plcVWq9XgQuuBYmcatBy4ikDOv31Z/mIFdCnMHt jdoHaZfAyMlINbHUpMBgOAEZbmp64BtKrp3MP6h/9tiHkzau/4wiDnQqg6Bz2obK paFPm1YgyxsKnycJ38s9++kimwqiGq9nafxi5gcdAc/XHAXxma3/y6RlpfOBgflh RUi0Rlc/uW2lGq+QRAgWccbhmmD0J5HBpO+RmQAU+ISM0RocJkJDGq8ybSkD3Qpz /FE4+EqM3U3/7Q9K7VCrmfR3FlBj7RSEXajPG484UKkukJDppE/pF3oWXJO1Pi0Y Vqb2XCFpahgYWcy5WCSyU4gBsspuwy7WY3FGoa/Uld0U/F6q3EDumqra4Wvu6fdW +dcl3dkw3b3e0FAQI2r88xcwJZIUSlIE =ZYyM -----END PGP MESSAGE----- From explorer at iastate.edu Mon Aug 23 18:22:11 1993 From: explorer at iastate.edu (explorer at iastate.edu) Date: Mon, 23 Aug 93 18:22:11 PDT Subject: Large factoring attempt on RSA-129 Message-ID: <9308240121.AA18851@iastate.edu> CALL FOR PARTICIPANTS --------------------- In 1977, a 129-digit integer appeared in the pages of Scientific American. This number, the RSA challenge modulus or RSA-129, has not yet been successfully factored. Factoring it, a 425-bit number, would be a major milestone in cryptography, as it would show that current technology is able to break commonly-used RSA-cryptosystem keys within a reasonable time. Excerpted from the RSA Factoring Challenge news: The "RSA challenge" published in the August 1977 issue of Scientific American (in Martin Gardner's column) is still open, and the $100 prize offer still stands. This prize can be won by factoring the RSA modulus published there, which is: RSA-129 = 11438162575788886766923577997614661201021829672124236256256184 29357069352457338978305971235639587050589890751475992900268795 43541 (129 digits, checksum = 105443) --- End of RSA Factoring Challenge news --- As with several other recent large scale factoring projects, we propose to attack this number with a very large number of workstations independently operating at dozens of research and corporate networks around the world. We are soliciting volunteers to provide compute cycles to help us towards our goal. With the permission of the authors, we will use the publicly available code of the Lenstra/Manasse Factoring by Email project, with modifications by Paul Leyland for RSA-129. The sieving will be distributed around the Internet, with relations transferred to a central site by email or ftp as convenient. Combining the relations and matrix elimination will be performed at ISU, using a combination of structured Gauss and a MasPar dense matrix eliminator. Each participant will be provided with complete source code for the siever. You can easily verify that the program takes no input from your machines and does not pose a security risk. It requires only an email connection to transmit partial results -- the software does not require communication with other machines except for this purpose. It is easy to install, and is designed so that it will take up no CPU cycles on your machine when interactive users or other important processes are active. If preferred, participants can accumulate the results locally and ftp them to the central site manually. The project currently has around 500 workstations which are ready to begin sieving. However, to finish in a reasonable amount of time, this count needs to increase greatly. We are attempting to enroll around 10,000 workstations in this project. This is a call for participants, who have workstations or MasPars at their disposal and would like to participate in this project. All contributions help a great deal. There is a $100 prize associated with factoring this number. The prize, if we win it, will be donated to the GNU project of the Free Software Foundation to help generate more of the excellent software they currently provide. For more information, please mail rsa129-request at iastate.edu. We will respond to all questions quickly. --Michael Graff [project coordinator/programmer] --Derek Atkins [coordinator/programmer] --Paul Leyland [advisor/programmer] --Daniel Ashlock [faculty advisor ISU] From hughes at ah.com Mon Aug 23 18:41:41 1993 From: hughes at ah.com (Eric Hughes) Date: Mon, 23 Aug 93 18:41:41 PDT Subject: Chaum on the wrong foot? In-Reply-To: <9308230602.AA25529@jobe.shell.portal.com> Message-ID: <9308240131.AA05517@ah.com> I applaud Hal's insight into Chaum. I was in Amsterdam last year for a few weeks working for/with him, and I can substantiate what Hal says. I was only there for six weeks, which was supposed to have been the start of a longer relationship, but I got out. >But I think that Chaum has gone off in the wrong direction in the last >few years. More and more he is concentrating on protocols which rely >on a tamper-proof, hardware implementation of a cryptographic protocol >which he calls an "observer". The observer, owned by the user, opens a communications channel to a chip and to a central computer, both controlled by some company. The observer then mediates the communication between the chip and the central computer to make sure that no privacy information leaks out. >There appears to be >no way to provide for secure, off-line digital cash, for example, other >than with something like an observer. This statement, while certainly true in Chaum's mindset, I no longer believe to be true. The question hinges on what 'security' means. To Chaum, it means that fraud losses are a mathematically perfect zero. To a real business, however, the losses must be bounded. The smaller the bound, the better, of course, but real financial service companies can and do tolerate some loss due to (technological) fraud. If the cost of the perfect system is more than the losses from fraud, there's no point in deploying it. Make no mistake, the observer system is expensive. The reasons smart cards are not more widely deployed is that they're too expensive per card. The observer protocols requires both a smart card and a small hand-held computer! >This means that these [observer] ideas are not useful for software-only >implementations. Not only not useful, but totally inapplicable. The observer model relies upon the fact that the computations inside the chip are unknown to the user. This just can't be the case with a software-only system. >I wish Chaum and his group would stop directing their efforts towards >protocols which require an observer chip to be effective. This just won't happen. The observer protocols are *patented*, you see. Anyone can design and build observers, because the spec is public, but you've got to pay up. Chaum seems to be basing his whole strategy for the future on observers. I think it's a gross strategic mistake. >I think that a realistic appraisal of the pros and cons suggests that >non-observer protocols are more likely to further our ultimate goal of >personal privacy. Amen. Eric From hughes at ah.com Mon Aug 23 18:51:41 1993 From: hughes at ah.com (Eric Hughes) Date: Mon, 23 Aug 93 18:51:41 PDT Subject: (CuD) (CuNews) Smart Kard Forum In-Reply-To: <9308231833.AA00937@versant.com> Message-ID: <9308240139.AA05520@ah.com> Strick: >Does anyone know if these Smart Kards could be available via anonymous >cash transactions, like european telephone cards? Well, let's look at the applications. >The cross-industry group will promote the use of smart-card technology >for Not necessarily identifying identifying =========== =============== health care payment identification transit security My guess is that anonymity isn't even in their heads. Eric From hughes at ah.com Mon Aug 23 19:02:05 1993 From: hughes at ah.com (Eric Hughes) Date: Mon, 23 Aug 93 19:02:05 PDT Subject: Chaum criticism In-Reply-To: <199308232050.AA12556@aerospace.aero.org> Message-ID: <9308240153.AA05544@ah.com> >I am trying to read and understand the Niels Ferguson "Off-line Coins" >article, the "Efficient Off-line Digital Cash" paper also from CWI Both articles, as I recall from the abstracts, exist square within the observer framework. >Do the papers I >just listed require observer chips, or are they OK for software-only? The two CWI papers do require observers and are useless for software-only implementations. >Is there software we can use NOW for ATM's and banks? The original blind signature still works. It can still be money. That hasn't changed. Recall, though, that the blind signature is patented by Chaum in addition to also requiring the underlying RSA patent. Eric From pmetzger at lehman.com Mon Aug 23 19:21:41 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Mon, 23 Aug 93 19:21:41 PDT Subject: Chaum criticism In-Reply-To: <9308240153.AA05544@ah.com> Message-ID: <9308240219.AA26476@snark.lehman.com> Eric Hughes says: > >I am trying to read and understand the Niels Ferguson "Off-line Coins" > >article, the "Efficient Off-line Digital Cash" paper also from CWI > > Both articles, as I recall from the abstracts, exist square within the > observer framework. I think I have a scheme for real off-line payments, that is, payments that do not require an observer at the time of transaction (although they would require a couple of on line transactions in advance). They would require that people conduct transactions in a style that they are not used to, but would require no trust and would allow full anonymity of parties. Unfortunately, I don't know enough about the mathematics of Chaum's blinding schemes to know if the scheme I have in mind (which depends on his scheme) would work. Could someone point me at a reference or two on Chaum's original work? The mathematics associated with blinding is, sadly, something that I haven't spent sufficient time on. Perry From hughes at ah.com Mon Aug 23 19:27:04 1993 From: hughes at ah.com (Eric Hughes) Date: Mon, 23 Aug 93 19:27:04 PDT Subject: No digital coins (was: Chaum on the wrong foot?) In-Reply-To: <9308232244.AA16620@netcom5.netcom.com> Message-ID: <9308240218.AA05576@ah.com> Tim: >There are no digital coins. Gold obeys a mass conservation law. Information as such does not. Everything unique about digital money stems from this basic observation. Here is a thought problem to illustrate. If money were required to be able to be xeroxed, would you be able to make a monetary system? The answer is yes, but it doesn't act the same way as a coinage system. >A problem with digital money has always been that there apparently is >no close equivalent to a digital coin, a token which can be passed >around freely, as a quarter or a dollar bill can be. It is a problem only if you want to design a digital coin. Once you rid your mind of the need for that, it's not a problem but a design constraint. >It may be that Chaum, who is eager to actually get some sales to >groups within Europe and elsewhere, is already responding to some >pressures for "accountability" (the digital money version of >"wire-tappability") by various European governments and the observer >protocols are an effort to satisfy some of these concerns. No. This is way off the mark. Chaum's complete and overriding goal is privacy, sometimes to the exclusion of other desiderata. The observer protocols sacrifice nothing in the way of privacy, but perpetuate and reinforce the subservient economic relationships between individuals and large financial institutions. The system is assymetrical; the central computer talks to its chip through the observer. There is no room here for person to person interactions. The barrier to entry to deploy chips is high, as well. In other words, the observer protocols preserve chasm of relative size of Big Business over and above the individual. This is a benign oversight, to be sure; all the individuals look alike. (You thought you were a number before? Now you're a _random_ number!) Nevertheless, the observers are not egalitarian; they are the model of cable TV as opposed to the telephone network, of newspapers as opposed to electronic mail. Chaums got privacy down, but I don't want the rest of his world. No way. Eric From umhc at sunyit.edu Mon Aug 23 19:45:23 1993 From: umhc at sunyit.edu (Michael Cummings) Date: Mon, 23 Aug 93 19:45:23 PDT Subject: SUBSCRIBE Message-ID: <9308240243.AA26403@sunyit.edu> SUBSCRIBE -- From hhll at u.washington.edu Mon Aug 23 19:51:41 1993 From: hhll at u.washington.edu (Steven Hodas) Date: Mon, 23 Aug 93 19:51:41 PDT Subject: (CuD) (CuNews) Smart Kard Forum In-Reply-To: <9308240139.AA05520@ah.com> Message-ID: On Mon, 23 Aug 1993, Eric Hughes wrote: > Strick: > >Does anyone know if these Smart Kards could be available via anonymous > >cash transactions, like european telephone cards? > > Well, let's look at the applications. > > >The cross-industry group will promote the use of smart-card technology > >for > > Not necessarily identifying > identifying =========== > =============== health care > payment identification > transit security > > My guess is that anonymity isn't even in their heads. > > Eric "Overpopulation has led to ever-increasing governmental control over the private citizen, not on the old-style police-state models of oppression and terror, but in terms of work, credit, housing, retirement benefits, and medical care: things which can be withheld. These services are computerized. No number, no service. However, this has not produced the brainwashed standardized human units postulated by such linear prophets as George Orwell. Instead, a large percentage of the population has been forced underground. How large, no one knows. These people are NUMBERLESS." >From _Blade Runner (a movie)_, William S. Burroughs, 1979, Blue Wind Press _______________________________________________________________ | | | HORSE HORSE LION LION, A Consulting Cooperative | | "Information into Culture" | | | | Steven Hodas/Catherine Holland, Principals | | | | hhll at u.washington.edu VOICE/FAX 206.285.5975 | |_______________________________________________________________| From cdodhner at indirect.com Mon Aug 23 20:35:23 1993 From: cdodhner at indirect.com (Christian D. Odhner) Date: Mon, 23 Aug 93 20:35:23 PDT Subject: sticker guy (fwd) Message-ID: <199308240331.AA00521@indirect.com> I found the sticker guy! I'm sending him a letter tonight, I'll keep you all posted. Who has the "Big Brother Inside(tm)" logo? I can't do .ps stuff, if anyone wants to send me hardcopy, it goes to Chris Odhner 14079 North 34th Place Phoenix, Arizona 85032 Or you could send it directly to the sticker guy... > Hello, > > Now that school is started again, I have a new account. My new address > is mench at cs.unr.edu. HOWEVER, I conduct no business over the Internet. > > If you are still interested in custom > vinyl stickers, send a loose stamp to: > > STICKER GUY! > c/o Pete Menchetti > 2190 Belcrest Circle > Reno, NV 89512 > > I will then send you a sample and a brochure with all the info you > need to order stickers. > > Thanks, > Pete > > mench at cs.unr.edu > From MIKEINGLE at delphi.com Mon Aug 23 21:55:24 1993 From: MIKEINGLE at delphi.com (Mike Ingle) Date: Mon, 23 Aug 93 21:55:24 PDT Subject: Mail --> News gateways Message-ID: <01H23SCR87FM99F8ZN@delphi.com> Are there any alive and functional mail-to-news gateways other than anon.penet.fi? What format do they use? In particular, is there one which can be put at the end of a chain of Cypherpunks remailers? I tried the two mentioned in the "Hal's Instructions" file, posting to alt.test, and they didn't work. How does one post to a group with a - in the name, such as alt.fan.david-sternlight? To whoever sent that huge message for BlackNet: please read the responses to this question and use news gateways to post messages for BlackNet to alt.extropians.forbidden.topics or alt.fan.david-sternlight. Neither group has much traffic anyway, and it's kind of annoying to receive large messages you can't read, especially when you're paying for the download time. To BlackNet: until alt.w.a.s.t.e or a similar group is created, why not use alt.test for anonymous communication? Nobody really cares what's posted there, since nobody reads it except to find their own test posts. The poster could put a recognizable string, such as your hex key id, in the subject, allowing you to find it quickly with the newsreader's search command. < MikeIngle at delphi.com > From cdodhner at indirect.com Mon Aug 23 22:21:41 1993 From: cdodhner at indirect.com (cdodhner at indirect.com) Date: Mon, 23 Aug 93 22:21:41 PDT Subject: Mail --> News gateways In-Reply-To: <01H23SCR87FM99F8ZN@delphi.com> Message-ID: <199308240513.AA06016@indirect.com> > Are there any alive and functional mail-to-news gateways other than > anon.penet.fi? What format do they use? In particular, is there one > which can be put at the end of a chain of Cypherpunks remailers? > I tried the two mentioned in the "Hal's Instructions" file, posting > to alt.test, and they didn't work. How does one post to a group with > a - in the name, such as alt.fan.david-sternlight? Ok, so far as I know, both of those remailers are still active, but at least one of them blocks posts from all the anonymous remailers that the operators know of. (I don't think they know of mine yet.) To post a message to alt.fan.david-sternlight use the address of alt-fan-david-sternlight when posting to the remailer. Or so I've heard, someplace on this list a while back I think. BTW, My remailer is still haveing trouble decrypting messages sent to it, but unencrypted remailing requests still work fine. > To BlackNet: until alt.w.a.s.t.e or a similar group is created, > why not use alt.test for anonymous communication? Nobody really > cares what's posted there, since nobody reads it except to find > their own test posts. The poster could put a recognizable string, > such as your hex key id, in the subject, allowing you to find it > quickly with the newsreader's search command. > > < MikeIngle at delphi.com > I second the motion. Good Idea Mike. Happy Hunting, -Chris. From sameer at netcom.com Tue Aug 24 00:11:43 1993 From: sameer at netcom.com (Sameer Parekh) Date: Tue, 24 Aug 93 00:11:43 PDT Subject: Testing Message-ID: <9308240708.AA18317@netcom.netcom.com> This is a test. -- Sameer sameer at netcom.com From fergp at sytex.com Tue Aug 24 04:51:48 1993 From: fergp at sytex.com (Paul Ferguson) Date: Tue, 24 Aug 93 04:51:48 PDT Subject: E-mail ---> Usenet gateways Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Tue, 24 Aug 1993 00:53:30 -0400 (EDT), Mike Ingle wrote - > Are there any alive and functional mail-to-news gateways other than > anon.penet.fi? What format do they use? In particular, is there one > which can be put at the end of a chain of Cypherpunks remailers? group-name at ucbvax.berkeley.edu * (blocked from non-bky sites) group-name at cs.utexas.edu group-name at pws.bull.com group-name at demon.co.uk group.name.usenet at decwrl.dec.com group.name at news.cs.indiana.edu For the utexas server in particular, you need to put a subject line in the pasted header like so: :: Request-Remailing-To: alt-test at cs.utexas.edu Subject: this is a test Organization: Organization name you desire [body] * Note that some of these require trans-literation of periods to dashes in the newsgroup name; others do not. Ucbvax is supposed to block mail from non-Berkely sites; it _might_ work from these Cypherpunks remailers: 1: hh at pmantis.berkeley.edu 2: hh at cicada.berkeley.edu 3: hh at soda.berkeley.edu -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBLHn0nZRLcZSdHMBNAQHqGwP/QlhVXZz4XQhPqf6JI/4kgiLMX3tRSdvg PedCcFq8/BMXHksZwyiERQ8u8wzlumz7GX7vMGedt8zm6N07liqfYATI6JLLEDDh 2WN/gKvxhDgVXrU/1x5n7bKOOIlCDUbTfzWbg2PdtqX7NMsnj+pwZExI6JoKK5Sb W7V+mxeSCYg= =H8Zx -----END PGP SIGNATURE----- Paul Ferguson | "Government, even in its best state, Network Integrator | is but a necessary evil; in its worst Centreville, Virginia USA | state, an intolerable one." fergp at sytex.com | - Thomas Paine, Common Sense Type bits/keyID Date User ID pub 1024/1CC04D 1993/03/15 Paul Ferguson Key fingerprint = EE D2 93 7D 04 6D C6 05 AC 36 AD 9D 8E 4F 41 58 From fergp at sytex.com Tue Aug 24 04:52:13 1993 From: fergp at sytex.com (Paul Ferguson) Date: Tue, 24 Aug 93 04:52:13 PDT Subject: "Big Brother Inside" (tm) Logo Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Mon, 23 Aug 93 20:30:47 MST, Christian D. Odhner wrote - > I found the sticker guy! I'm sending him a letter tonight, I'll keep > you all posted. Who has the "Big Brother Inside(tm)" logo? I can't > do .ps stuff, if anyone wants to send me hardcopy, it goes to [...] section 1 of uuencode 5.15 of file bigbro.zip by R.E.M. begin 644 bigbro.zip M4$L#!`H``(````J]`1O1"6(N2AD``$H9```,````24Y414Q,3TQ,$WTB6YHFFZLJV[IN&\DS7MF+GN at CW_@\,"H?$(F2'W!V2S)GQ"8U* MI]1JHXG-:K=.S^OW+;O_#YC#-TA8 M6!C"$*BX"&CH^`A)Y+3$6&EY>848N-YNN`X?K^Q.OR=_C]]5OQ^7[_^/A)_`-@`+&I0Q,&&M M at PP;*GP8I*'$B3P at 6F1!,:/#B_\<3VC\>+"CR`\@2P(^;]/HEQA?= MW\&Y`D,B/$S#4,..$)>BHI$Q(<=F]!B4;(_REL-$,>/1#(JL6,_]""MD2_K- M7Z/-4KNA"S2Q:S9KO1:>33OLW6NXQVSMG<@.<"FZAS^89UP2U^0P at 3$78O6Y MA3G2?T2MKC at -]CY-MWNPY1T%T_`E])$G29*SP4=&"F7R$6182KI)1:FA% MLRG"H161`<=.B%%0Q-PN)A8A476CK`A$B]B]"&,/#)T72XWWS62?-SHFPV-^ M@/WHWD__.4,D!OA(&%>2S=\7>V9P$;J20DHE6L$RJRF!`"(G@!:EV/?Y9K2/HJ`7ZC_SJQ+*$.4HIL MLL`V>XNNSNX&;;320MJLJ]Y>.=:NVNIWH&WBCCM!3^&>BFX%0F5U;+O3[4=5 M:_*J5-].V=[K+E*Q=:SXNO,%U'2T*L0GT6O1P MQ3NR!-5M&OL0TVFX?,QB2?QX3/(3(-&#=<><"S%RXU)M7[CGD46?< M--YN7-Y#Z:R?+K-JH[=1>@J>&^#ZZTSK8IGJ;+A>`N2Y#__YUKS+/OOOP'=` M?/.=EQU[&(S3GOL&SE^ON_&PO):\\LM?@'WXQ;^]?6Z^>_]]!>*'[W?Y0PL. MA_,6K,]^^U^#`7_\S:M//_:(W_\%$.%A?_SKG_S^5XZ<"7`"SRL"`1EHP.LA MCE-]$U$@"MA`(3Q0`A&4X`0IF#\+-@*"Z0/"!B'000]^$(07%.$?*'#"'Q`/ MABF,X00I!YD1DK!Z0Q@>#6MH0P16$`HM_"$/B5`[(Y8P at BL,U/2(^,+Y!;%U M&>3@#!E`OR;_XJ![)7L,!GTXP"LNH']:=.+Y!B0<*8I1?T=L0!;+:*@B)LB+ M7RSAZL#H@#?"D85TA$X4P3=%,03R`.O;HQD7V)\T8N"`;+2C&^MG2#XB)R)] M5",>'9@]+*[1BH-LXAEA\,<,,+*'2$ M at F$"<7R%OQO;6XA;RG'G?K4P at Q M-UV'=8%R-?O1B at K7LYC)[F0H*UOG/I>,T\WH%,>[VN1>5[OH;2YX7F#>]E[T MO?"%*G/FN]S8;DN]ZY6N11$:793V]Z*"%.DLJON(^G*7P`4>;BVE&L@%(Y@, M#.:$@3DCX%]U%[\?;BIX&:QA!W/8O\OL\(5M2U^\VO>^,"BQB1\YU!2O%7TF MC8*%F[ICPX5X597Q at 7%+NMBG=EC':Y/9FT-E=SF+R!7!5N5](&3'+ at K6]D\1H:TEF5I:IZ.>J"P?K6D M^2Q<7_]Y+I\V4+%%K>A*/SG7O$ZV*#MMYUU[=+Q^AMNQ;>)HQ-KZU`;=MJXI M/4YHMSK0E^UO5\G-MU`3F=:U9G:"2>KM<#N;TVL6]K#G:>X7 at SO"ZM[BM;7M M[DGO-^#C%O<'4FW=>7_;EA`&M,$]S>Y&]QO9^T[XE at E.[U[+N^*"_K6F`7ID M-RO\O$6>=<0Q+6V1YYC5MT;W1%/><8U/.[Q<1CC)2PYJ60\WN7F+%59#H>)%_,9F(0YFY?,373W^:&>S?##@RYT;KL8Z9H[^2%UOG.$ M/S:^V0PYF)W^;ECRG)Q9YGK2P8Y+_$!AII"6-GR!C7:!ZW/J6IGR\3',MSWFN^,=Z$]O((!)K?&&]]WC8_-Z'-EC^&3_/>U95_9>L^]OG,_=Z,(?OJOQG;Y`Y[OE!H_R[9TO&.E_'?I& M at +'9BXYHE"MSY;;GOJ1S[_[="U[\ER]\YGMJ8_\TIU_]^5(?8H7=M]U@:07<\D'@`0H@UP5 at B(X at A"'>=%'?DV'@>6G at A^W?RUX17WV M@\P7;1R7;B5(?RF8@%/@=EBW at WIG3K8U0T(8>RY'@ZTW?C6H at SFX#R[X at 0@& MA6IU:$18A#=H@<7W@`-Q?5W8?5;W9K0EAB!&AK]GAFE(.M`%@0_G4FV(?H'' M>_97?UA`!?^7$';X?2C&ABP8AE3X?'[(>L`2B)AU$1I8B.1VB#'8;&_(;R=G M at DBX@!:!B#+H=PKVB8G_.(-]:(6-&!!5T(.1Z'U,V'G^AX>62'68"(=8N(F< MV(0/446&MGG(1W126$`R^!4X=X33!XPZP8NV-DBYJ'S-.(RT=HM(5'TCD8S( MM8S3Z("O.!`E%XW2J(A`48VOAV$^YXO:>#+06(RN5XI4D6K*6(EYUWC at UPZ] MEX[MTH[6^(X*=W[GZ(?UB"YB)XZBN(_E&'H46(/^V!X%F8WRAWH$.("EQF2T MF#BGN'KS08[QZ)`A96]K%I$2:9#VAY#818XV5XZNJ(9:V#&85Y&!)8LO:(X? MN)'UUI$,60]%MI+G,8J3^)(-&9,9Z9*0Z##L<9."9`X<&%/6IXAUIV$)8Y,W M_S@&W]@)G7AC0[>33LB'&+F*(M&46.AD/DD+8%APZ[B07MF0SI>$+[&5C+AB M'IF!"R>5]C:$5VF58DF0+?D0YC&42 at B/*;AQ>CAT2"F7:F. M>ZF`-`F+A*B1<4F7CM6*18&73BEG2[B'C(F5;SF)@$F7OGB)F%F3AVF95G"1 M^I>4#>=N`*F/@4D>E:F6#4:2&[B.\\5LK,F6(0*;I[B6BHF:P9=_MXEVLYDF M=X"8]Z>0*RASCR>= M\Z:=[8%5TIF%WSF+(*B44Y9K]_B<"'*>I:F*ISF%IO^S>?F96]GIFU'"G8!( M/>K9E\+3GG=F:O"9FWK)E+O9G6%@GY[)C)L9EH&)H%#IH)\9,PP*H%WIFJ08 MH9M9E6-IEOP9G^DICQE*FEQYH0(*H;U(D"TZHN39G\9HH3:CH7+'H1BZ:I/Y MD/=)A17:H9"7*!Y7_BF3<$=>Y9B*J-<&JJB>J6/JE&E M"BEOD%9<2)A6*I at ANJNR^H*&"JL61ZA^1*NI>*H\=(8ZZ:MER:MUV:P."`[4 MJ:K!"B3%J at 2V&H6"F*MUJIG8B*>>(*VQ6IZ5):6*6I\SN9,$AX_4"@WA&J@? M&B.7:J0K.I/*^JR]:J_+RA'NVIA^.:OEBJGT6J]W&)I0QZ_M<+`@NJEHQ(A] MVJ6O98EDFH?#"A$)NV#_VK#F>JZCR(P22U"`2HT/FF)0!'T.^[#`N(_J>;%/ MP:]=IC(19[*XZ)XSJY`H6!3N&I$O6[(:NZ8?VG,J>Y9*@;-,IK.VR+-Z":\2 M2ICK_TF'+$MHS)FT*B!^1YN8%'N-0`N4D:"OM.FDO=IK42L>FDBU-!IP^=BU M_6J4A?"M!\>>W]F+A=E/&_J'QAJ at ZCJ.0]JT:JNF!0NB!:MY[#IAL1FS)YBE M=QN?8`D)H"JN>PFWFQ[JW=\BC3.BH6_NX=!NYM5JW'NM>F>NLJ2NPN*NYIXNO^3JZU2JW ML0N[F5J0-.>JG+NVO7F\M[NZT^JK.=E*\QJZ7#NZQJN[S'JBJ&NY*(EUSKN\ M]!&PTSN'N&N]R3NMJ2"R-KN1JON]V=&@O2;O6AXFBX[E3ZHN.3ZOJAX*/++>#^;P- at 0KD1+E=@;P472OV$Z MG=Y*5VP:K5@[L@>,O-?[N?WKO[+[E--X=+;[#4]+P>N+MBQL5@'+P/[AP&JZ MPAO:OD)+ MLVO,O`GKQ29:R'9J3XR\$]X6L9=K/I(\R0W_7,DCZ+CQ.!8#[+61.H-+3%@+;(.LO*AP M-WK$G\Z\JM?,Q5"V^;:QA` M*I'N2,RG9B-C&\5^JJW),9ZTNVMV3&K'],7(G,NOK+[&\9XCNQW,2_#+[4W(TRBZO^ M[,@@K&C_;]ZMLO4J\JL.+0FS9;_3-,0;7)M_%LL M[:&<7+'-_YN_C'F1\1;4NEK4^0S.*DVX.ZT06IRDM?EE`GW'62NU)EN&ON2O M'6'5/0ED;EG$/?S$X3QC1FVZ#KV%8XW*KNMSQ/S":\W6;=W1"*W#Q@#)6=VM M=LO56)RVKWO3^.S6;UW%Y_#7@$W790O7Z8S4>$W4!7W08MW%].#2`ZK(K-K4 M(9W'4JW+$WV"7K'9G.V:L+?1K3O'ZTS5$D?:(=+8D-FA)+W:/2G4,YS3*9W8 M+/G#,>G8RUK65?C:.1?;$C+8698T7T,U?\-QTMW'.]@)D-6_[=WWOMW?8MNLF]K01>V!.)X`FNX+X` MN`'>W-P*T?T,-/+-W:+]W^,:46=WVK2=O-?MV@]W,X+XU at M MX2P^U,6-OA<>S5TMK9^=X2F.WNU6QZ>7F&M"L*7 MKA'NNY'=NTQKY<[MY)9MWE%^R7]*XU6>W$B:Y8BZY4_>Y3F>,]V)5Z MX4*6YAP-Y6J^;Y>$Y&[(S'&^%/`=VF>>WE6Z/!5=3F!;ST\A8X9MXY at +;O+# MX2WM;(>N%(FNZ""."JE]TO5=VT6^H-O_[1%^+A(T#7R?RNFC MSG&2KB^GCNJPKNKH2M&"6NK;*.NQGNL$#(9EKN'/RND3D^JZONMU^):N#MC! M;2Q#]M7%'N);J\K(GK^.O>S,WNR>;N>=B\;!?I))?L__8NW7CNU1*>A_Q^V! M"J,?$N[Q,>S9+I>/?.O"#-6(WN[&/.Z)*\BVS>#6W2;U3JS.CN\9O>:E?NMH ML>[$#O".8,NMOIK>/N\I4FL/EG,UGW>\1_^<3KP?F/JQ`K>TNCBWW MGDC^KK<5KZ0&2HD%ORX)S[`DOP<>[]0^_6O2CAL21K(F3_$H'X[;_.@]@O-% MJ_,QWW8?/\R at _PWT0S]'0?^J^9[R'?SSVZGQ]N[R'4_SF\[S2&^>3(^Q51]& M,QWI19_G><+U7>_UC130/3]J8R\D98_+,(^M*J_VY1[CE>+V;\_QDQO81E3]^I+&_WBU^+I-_')PK9^S[[Q#^&S$_$))K63/Z:OJ_=GT3= MMDZ2RC\H7+2(O'^DJ4^+TK\=9%/]UO_Z1%C7!K[Z.$2"X'3]8RS[;_^20&O# M_94?_-H_)^Y#__6OS`0 at WT"7NQ$B-VFU%V>]>?5Y MANTJRL$\NOT?&!0.033C$454WI!-V=+%@^RD!^@5F]4JG5W5%LSQCDMA3=7Z M02?,;?<[3![#Z0WYO/Y8"]3K_!\PL..N2;".$.]OC\]CS_`1,A"Q,-)ML at MP ML0^MLM-SZ_+HLRW4J6Z1D<-QE+45IM34%116%`XU=<-/=II244(9(F>QD^A2*4A-0?2BE>K6G5*Q-A6[U.D(JS:\OPHXUBR&LV+,N MTJYUJR"MVK=@R\[U&E>N7;IM]?[$.['OJ[]Y`WL<#+ at PV<.$$Q-2EGP8\SY+&^N:GFJ9VR=17,%';JT3LVI39]&S;H2:-A!7".<3:?V;2ZU M`^J&EMMW.MZ]@YL<7ESX<,3(,Q]GGEPYY.WK+U_8O_WXZR]`_,PJ,+X! MWT#0-I at 8Q$1!0![\+Z0)B8E00 at OMH4A#:3`,JD-YW`E1Q`]!))$%95#TT,16 M5I0#MQ<3:3$;&4/9S48R:.PEQQ[UVS$8'X7,#LAGACS2M2)E0I))O)0DI\DH MNWH2'2FM!(C*>:[,23$*\A"C,,F,9DT,SU4P/S8S67+/-FMZ\,DZ@ MYD2R3J;NE#%/K/8,L<^Q_D0P4+<&O:]0O0ZM+M'(%DVRTG2S2TB:-JU+? M+CTIT^(VY:?3Z3[U)E3W1H6E5`Q/A3'5'5?=L-4^`YHSUEKAXM+67!U at 4B/7 M7BL0TM=@/<`25&&-;>W&"6 at YEEGHO!"CGV:E7;#!:8,I```[4$L!`A0`"@`` M````"KT!&]$)8BY*&0``2AD```P````````````@`````````$E.5$5,3$]' :+D=)1E!+!08``````0`!`#H```!T&0`````` ` end sum -r/size 6924/9117 section (from "begin" to "end") sum -r/size 15003/6596 entire input file -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBLHn0aZRLcZSdHMBNAQHUlQP+NfyYqzM2vXhQcKz7R8aLFntOPOdT2c1N yzLriGaggf9huPER+watsFGn+8+onlBLmZS1zPNjvlfz8SYlIdbXeoIoaBY8I+6C +uVTdTsOwazrcBMwLvJeJA07AbUWZH0GWIsPrBoySNpLSxV2SWc/H60mB8fZ3Upw NCaI8MT8lgM= =m/i8 -----END PGP SIGNATURE----- Paul Ferguson | "Government, even in its best state, Network Integrator | is but a necessary evil; in its worst Centreville, Virginia USA | state, an intolerable one." fergp at sytex.com | - Thomas Paine, Common Sense Type bits/keyID Date User ID pub 1024/1CC04D 1993/03/15 Paul Ferguson Key fingerprint = EE D2 93 7D 04 6D C6 05 AC 36 AD 9D 8E 4F 41 58 From nowhere at bsu-cs.bsu.edu Tue Aug 24 05:01:48 1993 From: nowhere at bsu-cs.bsu.edu (Anonymous) Date: Tue, 24 Aug 93 05:01:48 PDT Subject: No Subject Message-ID: <9308241203.AA13543@bsu-cs.bsu.edu> > I think the Hall Remailer at recognizes a > "cut line" of > --ignore-- > I tried this and it failed the first time, but worked the second. > You should try a message to yourself before relying on it. Let us try it here and see how it works; the following line contains the kiss-off "ignore" and everything that shows beyond it was added without my intention: From pmetzger at lehman.com Tue Aug 24 07:16:50 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Tue, 24 Aug 93 07:16:50 PDT Subject: No digital coins (was: Chaum on the wrong foot?) In-Reply-To: <9308240218.AA05576@ah.com> Message-ID: <9308241414.AA01681@snark.lehman.com> Eric Hughes says: > No. This is way off the mark. Chaum's complete and overriding goal > is privacy, sometimes to the exclusion of other desiderata. The > observer protocols sacrifice nothing in the way of privacy, but > perpetuate and reinforce the subservient economic relationships > between individuals and large financial institutions. In what sense are you "subservient", Mr. Hughes? The institution and you have a contractual relationship in which they hold your money for you and in exchange handle all sorts of inconvenient tasks, in exchange for your having to pay them for performing these tasks by letting them lend out your money. You can usually touch your money at any time, though. Doesn't seem to be terribly abusive. What do they do to you that's so bad? Charge you for performing services? Shudder -- how horrible! Capitalism! Ohmygod! In any case I see no reason that small groups couldn't start digital cash issuing organizations, just as very small groups can also form banks -- you'd be suprised how small some credit unions are. Although the cost of the infrastructure is high to DESIGN, it will presumably be commercially available to any entity that wants to deploy it. > In other words, the observer protocols preserve chasm of relative size > of Big Business over and above the individual. What is wrong with large organizations per se? Perry From frissell at panix.com Tue Aug 24 08:55:27 1993 From: frissell at panix.com (Duncan Frissell) Date: Tue, 24 Aug 93 08:55:27 PDT Subject: (CuD) (CuNews) Smart Kard Forum In-Reply-To: Message-ID: <199308241553.AA19959@panix.com> In Steven Hodas writes: Actually Burroughs... >"Overpopulation has led to ever-increasing governmental control over the >private citizen, not on the old-style police-state models of oppression >and terror, but in terms of work, credit, housing, retirement benefits, >and medical care: things which can be withheld. These services are >computerized. No number, no service. However, this has not produced the >>From _Blade Runner (a movie)_, William S. Burroughs, 1979, Blue Wind Press Actually I have work, credit, housing, retirement benefits, and medical care and they don't have my (right) numbers. Mostly they don't have any numbers. It is all still possible. Duncan Frissell Practicing & Preaching Privacy since at least 1969. From anonymous at extropia.wimsey.com Tue Aug 24 10:11:51 1993 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Tue, 24 Aug 93 10:11:51 PDT Subject: No Subject Message-ID: <199308241646.AA12564@xtropia> Uu> Reports of the wimsey remailer's demise are premature. I just used Uu> it to post this message! If this goes through, it's back up. I have used it recently and it worked again. Apparently, it was just temporarily ailing. Uu> pkcs_compat = 0 # Use backwards-compatible formats Uu> The PGP in use by the remailer may be version 2.0 or 2.1, which will Uu> not read PKCS-compatible PGP Messages. I don't think that this was the problem, but is there any drawback to installing this line in CONFIG just in case? Uu> Wimsey also has an anonymous reply mechanism using a message pool. Uu> For more info, send "help" to Uu> pool0-request at extropia.wimsey.com Will check this out. Uu> I think wimsey is also the only Cypherpunks remailer which resides Uu> outside the USA (It's in Canada). This obviously makes it much more Uu> inconvenient for USA Law Enforcement to broach the physical security Uu> of the remailer. On the other hand, it makes it fair game for legal interception by the NSA. Uu> I think the Hall Remailer at recognizes a Uu> "cut line" of Uu> --ignore-- I shall try this one also. Thank you very much for your assistance. From hughes at ah.com Tue Aug 24 11:15:28 1993 From: hughes at ah.com (Eric Hughes) Date: Tue, 24 Aug 93 11:15:28 PDT Subject: No digital coins (was: Chaum on the wrong foot?) In-Reply-To: <9308241414.AA01681@snark.lehman.com> Message-ID: <9308241805.AA06449@ah.com> >Charge you for performing services? Shudder -- how horrible! >Capitalism! Ohmygod! I count this comment as an intentional misreading of my position. I am not a libertarian, nor is it likely that I ever will be. I've also read E. F. Schumacher's _Small is Beautiful_ and thought much of it was just plain wrong, or, at best, unprovable. I read your words as an attempt to enforce a sort of libertarian political correctness, as insulting as that phrase will no doubt be to you. The agenda of privacy is orthogonal to most partisan political positions. As strong as the libertarian presence is on this list, it is by no means the only view. It is precisely because cypherpunk issues cut clean across the political spectrum that they are so powerful. I expect no one here to wear seamless garments of any cut or cloth. There are many on this list whose personal agendas call for making the world safe for greater accumulations of capital. This is not at all my agenda, yet I have put aside my repugnance at this in pursuit of a common goal. While I expect no one to hold to any particular view, I do expect that everyone here treat opposing views with respect, or better yet, with silence. The cypherpunks list is about creating privacy. We assume that everyone here wants the availability of more privacy than they currently have. We need not debate the particulars of these reasons, nor need we suppress the statements of these reasons. I am perfectly happy with individuals stating their own reasons for desiring privacy; these statements are powerful and useful, yet they should not engender debate on this list as to their propriety. Should anyone insist on debating belief, private e-mail is always available. I know that when the goals of personal privacy are achieved that the people and opinions that currently cohere on this list will fragment and splinter. I do not want this dispersal to happen, however, before our goals are acheived. Disrespect for each other, or, in other words, bone-headed stupidity, will certainly accomplish a premature dissolution. Let us work together while we need to, and no longer. Eric From marc at GZA.COM Tue Aug 24 11:45:29 1993 From: marc at GZA.COM (Marc Horowitz) Date: Tue, 24 Aug 93 11:45:29 PDT Subject: No digital coins (was: Chaum on the wrong foot?) In-Reply-To: <9308241414.AA01681@snark.lehman.com> Message-ID: <9308241842.AA00526@dun-dun-noodles.aktis.com> >> What is wrong with large organizations per se? This is way off-topic, but.... Large organizations have too much power. Take a look at the sorts of things Andrew Carnegie was able to do. Like running at a loss in order to squash small competitors. That's where the Sherman antitrust legislature comes from. Before you call me a government-lover, I have to say that I'm not sure which I find more abhorrent: "capitalist" companies engaging in unfair business practices, or government regulation. If someone wants to explain how we can get away without both (in personal email :-) I'd love to hear it. I think the "right thing" is somewhere in between purely individual transactions, with some sort of distributed trust model (the world is too big for that to be tractable, I think), and the current model of Huge Banks essentially controlling all money flow. Fact is, infrastructure costs money, and big organizations can amortize one-time costs over more customers. Marc From dmandl at lehman.com Tue Aug 24 12:07:18 1993 From: dmandl at lehman.com (David Mandl) Date: Tue, 24 Aug 93 12:07:18 PDT Subject: No digital coins (was: Chaum on the wrong foot?) Message-ID: <9308241905.AA27779@disvnm2.lehman.com> Well said, Eric. There's no reason for people to assume that "We're all [fill in name of your political faction] here." We've got a common goal/program and happily we agree on many of the most crucial political issues. Everything seems to work fine without subtle swipes at other people's views or egocentric assumptions about what we all believe. Some people on this list, for example, are staunch anti-capitalists, but we're polite enough to hold off on the capitalist- and spectacle-bashing rhetoric because we generally respect other people's views and realize that there's no good in it. Recently, one bonehead posted a message stating, in effect, that this is an Extropian list. That is, of course, nonsense, but even more, it's obnoxious, egomaniacal, and pointless. This is a very diverse list, but I think we know what assumptions are NOT shared by everyone. Your remark did seem like a blatant taunt, Perry. --Dave. > From: hughes at ah.com (Eric Hughes) > > >Charge you for performing services? Shudder -- how horrible! > >Capitalism! Ohmygod! > > I count this comment as an intentional misreading of my position. > > I am not a libertarian, nor is it likely that I ever will be. I've > also read E. F. Schumacher's _Small is Beautiful_ and thought much of > it was just plain wrong, or, at best, unprovable. > > I read your words as an attempt to enforce a sort of libertarian > political correctness, as insulting as that phrase will no doubt be to > you. > > The agenda of privacy is orthogonal to most partisan political > positions. As strong as the libertarian presence is on this list, it > is by no means the only view. It is precisely because cypherpunk > issues cut clean across the political spectrum that they are so > powerful. > > I expect no one here to wear seamless garments of any cut or cloth. > > There are many on this list whose personal agendas call for making the > world safe for greater accumulations of capital. This is not at all > my agenda, yet I have put aside my repugnance at this in pursuit of a > common goal. While I expect no one to hold to any particular view, > I do expect that everyone here treat opposing views with respect, or > better yet, with silence. From klbarrus at owlnet.rice.edu Tue Aug 24 12:46:53 1993 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Tue, 24 Aug 93 12:46:53 PDT Subject: Blinding messages Message-ID: <9308241945.AA20679@flammulated.owlnet.rice.edu> -----BEGIN PGP SIGNED MESSAGE----- Earlier Perry asked for references to blinding methods. I can provide one, but the mathematics is fairly simple and straightforward, so I'll just talk about it here. Any good intro text on number theory, or even some crypto books (Denning, Seberry & Peiprzyk) will have all the math you need to know. Conceptually, when you blind a message, nobody else can read it. A property about blinding is that under the right circumstances if another party digitally signs a blinded message, the unblinded message will contain a valid digital signature. So if Alice blinds the message "I owe Alice $1000" so that it reads (say) "a;dfafq)(*&" or whatever, and Bob agrees to sign this message, later Alice can unblind the message Bob signed to retrieve the original. And Bob's digital signature will appear on the original, although he didn't sign the original directly. Mathematically, blinding a message means multiplying it by a number (think of the message as being a number). Unblinding is simply dividing the original blinding factor out. One thing protocols that involve signing blinded messages have to watch for are messages that you don't really want to sign. If someone asks you to digitally sign a random stream of symbols, remember that what you sign may be unblinded to reveal a contract, etc. Techniques of getting around this seem to be cut-and-choose protocols, which I won't get into here. Judy Moore's paper "Protocol Failures in Cryptosystems" - appeared in IEEE Proceedings, May 1988, Vol. 76, No.5, and also appears in the big IEEE Crypto book Simmons edited - discusses this as the "Notory Protocol." I'll excerpt from her paper: 1) To setup the notary protocol, Alice chooses RSA parameters p, q, e, d She publishes her public key e, and n = pq Bob now wants to trick Alice into signing a message which says she owes him some money. 2) Bob now chooses an arbitrary number x. He computes y = x^e mod n. e is Alice's public key and everyone knows it. Bob can now use y (bliding factor) to obtain forgeries on another document. 3) Bob forms the messages he wants, and muliplies in the blinding factor y. He calulates m' = ym 4) Alice agrees to sign a message m' which is total gibberish. She computes s = m'^d mod n and returns the result s to Bob. 5) Bob then calculates s' = s x^-1. A valid signature on m' is m'^d mod n = (ym)^d mod n = y^d m^d mod n = x m^d mod n so all Bob has to do is remove x from what Alice signed and he has m^d mod n, Alice's digital signature on message m. An example with numbers (I'm currently learning Scheme so I will give the Scheme code I used): Alice chooses p = 43, q = 47, thus n = 2021 d = 5, gcd(d,phi(n)) = 1, so e = 773 (* see note below) Bob chooses x = 314, y = x^e mod n = 314^773 mod 2021 = (expt-mod 314 773 2021) = 1271 Bob creates the message m = 99, which means Alice owes him money. Bob blinds the message by calculating m' = ym = 1271 99 = (modulo (* 1271 99) 2021) = 527 Alice agrees to sign 527, a message which is possible unintelligible. She calculates s = m'^d mod n = 527^5 mod 2021 = (expt-mod 527 5 2021) = 360 Bob takes Alice's signed message s = 360 and unblinds it. He calculates s' = s x^-1 First he calculates x^-1 = 354 (*see note below) Then, s' = 360 364 = (modulo (* 360 354) 2021) = 117 As a check, say Alice decides to sign the original message m=99. Then, the signed message would be m^d mod n = 99^5 mod 2021 = 117 So Bob does indeed have a message which is his original message with Alice's digital signature on it. Be more careful next time, Alice. * Note: There are two ways I know of to calculate the inverse of a number. First, x = a^((phi(n)-1) mod n will yeild x, the inverse of a mod n. But, sharp eyed people will note you need phi(n) to calculate this way - - and only Alice knows the factorization of n. So she can calculate e, the inverse of d mod phi(n) as: e = d^((phi(phi(n))-1) mod phi(n) = 5^(phi(1932)-1) mod 1932 = 5^(264-1) mod 1932 = 5^263 mod 1932 = (expt-mod 5 263 1932) = 773 Now how does Bob calculate the inverse of x mod n? He does not know the factorization of n. Well, for the purposes of this problem I did now how n factors so I used it :-) BUT, there is a way you can calculate the inverse of a number mod n without knowing how n factors. The algorithm is related to Euclid's, the one that you can use to tell if two numberse a relatively prime. Essentially, you run through Euclid's forwards, and then in the reverse direction, grouping and substituting, and the inverse will pop out. Once you do it by hand it will be clear, and you won't ever want to do it by hand again :-) If you use Mathematica, it will let you do PowerMod[x, -1, n] to calculate the inverse of x mod n. But Scheme won't since the three integers for expt-mod must be positive. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLHpvRoOA7OpLWtYzAQEpfwP/XjhLspMqeXfFeL6GiZ9QNEyZulYx+uWr ZgvyaPWwYbZ8PuO/ee4cglR2KydRao7Z/W6KbJo87Ugkts9dZp/tnAHO/PUCpgMf +IFUaqwCYwUN6r7KQo8pWoj7H55+o7FP5snI9774OFNiKSrwiGaMzXzpta+jPR9U cwoYLF+8HSU= =zigb -----END PGP SIGNATURE----- From pmetzger at lehman.com Tue Aug 24 13:15:30 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Tue, 24 Aug 93 13:15:30 PDT Subject: No digital coins (was: Chaum on the wrong foot?) In-Reply-To: <9308241805.AA06449@ah.com> Message-ID: <9308242012.AA02593@snark.lehman.com> Eric Hughes says: > >Charge you for performing services? Shudder -- how horrible! > >Capitalism! Ohmygod! > [...] > I read your words as an attempt to enforce a sort of libertarian > political correctness, as insulting as that phrase will no doubt be to > you. There is no enforcement involved. If you truly feel that there is some sort of horrific "power relationship" between large banks and their customers, I would suggest that since the worst that they do to you is charge you for performing services that you are upset with the notion of banks charging for services. > The agenda of privacy is orthogonal to most partisan political > positions. I strongly disagree. The liberal and conservative agendas depend on control of the people in order to work. Privacy, cryptocash, etc. will all result in a strong shift towards a libertarian society -- without any need for people to try to produce such a society. When you can no longer trace money transfers, for example, taxation becomes difficult -- and any social programs you desire based on taxation become difficult. If you are truly a liberal, strong privacy rights are counter to what you truly want, and I would suggest that you reexamine whether or not you hold a consistant position, as your position in favor of privacy might be counterproductive to your position in favor of what now goes by the term "liberalism". I would be happy to see you favor strong privacy rights anyway -- but I am constrained by honesty to point out that I don't think strong privacy and a state based on coercive taxation are compatible. I do not feel that this list should be involved in discussions of libertarianism vs. any other political theory -- but I will point out that it was you, not me, that brought up the question of whether big banks are a good or bad thing, which is very much a political question. I'll happily steer clear of this entire topic if you will. Perry From hnash at mason1.gmu.edu Tue Aug 24 13:25:30 1993 From: hnash at mason1.gmu.edu (hnash at mason1.gmu.edu) Date: Tue, 24 Aug 93 13:25:30 PDT Subject: Digital Gold Message-ID: <9308242023.AA12227@mason1.gmu.edu> -----BEGIN PGP SIGNED MESSAGE----- I tried to imagine a digital currency which is not backed by any bank, but just exists by mathematics and convention, like gold. The result is the following currency system which could be called digital gold. It involves three conventions, (1) a convention for valuing coins, (2) a convention for claiming coins, (3) a convention for transfering coins. I believe the resulting currency is unforgeable, uninflatable, and untraceable. Let me know where I've gone wrong (gently). Digital Gold ----------- Let's associate one digital gold coin with each positive integer. Let's agree that the coin for each integer N is worth half as much as the coin for integer N/2. integers: are each worth: -------- ----------- 1 - 1 1 ounce 2 - 3 1/2 ounce 4 - 7 1/4 ounce 8 - 15 1/8 ounce 16 - 31 1/16 ounce The total amount of digital gold is infinite. However, the amount in circulation will always be finite because the lowest denomination coins aren't worth claiming or to spending. (Claiming and spending of coins will be described shortly. For the time being, let's just assume that each requires a certain amount of computation.) For example, if it costs 1/10 ounce of digital gold to spend a digital coin, then 1/16 ounce coins will not circulate. The total amount of digital gold in circulation will then be 4 ounces. The supply of digital gold is similar to the supply of real gold. As the value of real gold increases (relative to the cost of mining), more real gold can be mined profitably. If the demand for digital gold doubles, its value will roughly double, and a lower denomination can then circulate. Similarly, if the cost of computation halves, a lower denomination of coins can circulate. In either case, the number of coins doubles, but the supply of digital gold increases only slightly. Each denomination represents an equal fraction of the digital gold in circulation. Therefore, as new denominations come into circulation, the supply of digital gold remains relatively stable. However, the number of coins increases in proportion to the demand for digital gold, and to the supply of computation. This seems appropriate. Also, only a small fraction of the digital gold is in the smallest denominations. This is important since the smallest denominations are always inefficient to spend. Claiming Digital Gold -------------------- Let's agree, by convention, that the first person to sign a particular integer, owns the digital gold corresponding to that integer. This is the law of initial acquisition of digital gold. In order to claim a digital gold coin, the claimer must publicize a "claim certificate", containing the signed integer and the public key required to recognize the signature. The first person to publicize a claim certificate will be recognized as the owner. A claimer can use a new alias for each new claim. In this way, he can claim coins without revealing his identity. Spending Digital Gold -------------------- In order to spend a coin, the payor signs a claim certificate from the payee. This voids the payor's ownership of the coin, and validates the payee's ownership. The payor uses his old alias to sign the payee's claim, so that he does not identify himself. The payee can generate a new alias for each new claim certificate, so he can accept coins without identifying himself. The law of property transfer for digital gold is the same as the law of property acquisition. The first person to publicize a new claim certificate signed by the previous rightful owner, rightfully owns the coin. The payee should have the claim confirmed (signed) by some of the agencies where he might like to spend the coin. A confirmation indicates that the agency is willing to accept the coin from the new alias. Before confirming a claim, an agency should establish that the payer owned the coin at one time, and that he has not yet granted it to anyone but the payee. If the claim is good, the agencies should take note of the new owner. If the claim is bad, the payee can confront the payer. Agencies can do enough research to avoid confirming most bad claims. For each coin, there exists a chain of claim certificates extending all the way back the the original owner of the coin. The backward chain proves that each alias has owned the coin at one time. The forward chain proves that each alias no longer owns the coin. Agencies can also sign claims with timestamps, in order to settle disputes over coins claimed by multiple owners. The result is ownership by consensus. If the agencies I wish to do business with agree that my alias owns a particular coin, then I own a certain amount of digital gold. ------- Yours Truly, ][adon Nash --------------------- in founding a family or a state, or acquiring fame even, we are mortal; but in dealing with truth we are immortal, and need fear no change nor accident. --------------------------- ][enry David Thoreau ----- -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLHo/dTIwr9YMSTuBAQE2yAQAqOXczfGi0SffaNoPj294bQQSoSTMkiTU Ko62ELCoshD729+2Qin5NqS+eFcW5zL+o/KZU4c1OZYa5Bt5PqlZIq29kjuNiNSr Z/E6++HyaLO0S4ivjUhWRqOorT5b8WwL+a37zk2cNEdXG8sfsyS6Hn+xhHHhUmgD 2E4dGeMeftY= =HWaS -----END PGP SIGNATURE----- From pmetzger at lehman.com Tue Aug 24 13:26:54 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Tue, 24 Aug 93 13:26:54 PDT Subject: "Trusts" vs. Trust. (was: Re: No digital coins) In-Reply-To: <9308241842.AA00526@dun-dun-noodles.aktis.com> Message-ID: <9308242024.AA02658@snark.lehman.com> Marc Horowitz says: > >> What is wrong with large organizations per se? > > This is way off-topic, but.... > > Large organizations have too much power. Take a look at the sorts of > things Andrew Carnegie was able to do. Like running at a loss in > order to squash small competitors. Never happened. Its a myth, plain and simple. "Predatory pricing" doesn't work -- any real business man can tell you that. Unfortunately, decades of propaganda tell us all sorts of garbage. Right now, some folks in Arkansas are suing Walmart for this very offense -- Wallmart's real crime, of course, is providing too much choice to the consumer at too low a price for the taste of their competitors. As for Andrew Carnegie's empire, U.S. Steel, which was formed by merging Carnegie's operations and all the other big steel producing operations in the U.S., controlled well over 95% of steel production in the U.S. when it was started -- and within a few years, was down to under 50%. Oh, and Standard Oil was dropping in market share as fast as a stone when it was broken up. Anyone REALLY believe Microsoft is a monopoly, please raise their hands. I hate MS-DOS, but no one is FORCED to use it -- its just, unfortunately, a standard. > That's where the Sherman antitrust legislature comes from. Nah. The Sherman Antitrust Act and all its friends are based partially on myths, and partially on the desire of businessmen to get government ENFORCEMENT of cartels. The ICC, for instance, was created entirely to enforce cartel pricing on the railroads. Airlines scream loudly for regulation -- because they don't like the low prices competition has forced over the last decade. Most monopolies are things created by the government -- phone companies or utility companies being given exclusive franchises even though there is no real reason two or more sets of lines couldn't be run. I can name exactly one significant real monopoly -- that is, a monopoly that was not formed with the collusion of the government and that wasn't a trivial case like "only pizza parlor in the village" -- in U.S. history. The case in question was Alcoa, and the only reason they maintained an aluminum monopoly as long as they did was that they did everything they could to lower aluminum prices and maintained minimal profits -- had they tried jacking up profits, other companies would have appeared instantly. > Before you call me a government-lover, I have to say that I'm not > sure which I find more abhorrent: "capitalist" companies engaging in > unfair business practices, or government regulation. If someone > wants to explain how we can get away without both (in personal email > :-) I'd love to hear it. Monopolies, cartels, etc, are all a myth. The longest any of J.P. Morgan's railroad cartels lasted was a matter of months (until he got the Interstate Commerce Commission created to get government to enforce his cartels for him -- but thats another story). Cartesls and monopolies are naturally unstable entities. OPEC was able to control prices for only a couple of years before things crashed -- oil now is near the same price it was in 1973 measured in real dollars (and OPEC has NO regulation of its activities at all.) Perry From pmetzger at lehman.com Tue Aug 24 13:31:54 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Tue, 24 Aug 93 13:31:54 PDT Subject: No digital coins (was: Chaum on the wrong foot?) In-Reply-To: <9308241905.AA27779@disvnm2.lehman.com> Message-ID: <9308242030.AA02690@snark.lehman.com> David Mandl says: > Well said, Eric. > > There's no reason for people to assume that "We're all [fill > in name of your political faction] here." We've got a common > goal/program and happily we agree on many of the most crucial > political issues. I agree with this -- however, I think the notion that people aren't going to comment on other people's political comments is unrealistic. If someone makes a political comment, its going to be answered. My suggestion is that people try to keep politics off the list and just assume that people are interested in privacy for whatever reason. Perry From wcs at anchor.ho.att.com Tue Aug 24 13:41:56 1993 From: wcs at anchor.ho.att.com (wcs at anchor.ho.att.com) Date: Tue, 24 Aug 93 13:41:56 PDT Subject: syntax for cut lines Message-ID: <9308241508.AA28992@anchor.ho.att.com> Mr. Anonymous sent the following to cypherpunks, through one remailer: > > I think the Hall Remailer at recognizes a > > "cut line" of > > --ignore-- > > I tried this and it failed the first time, but worked the second. > > You should try a message to yourself before relying on it. > Let us try it here and see how it works; the following line contains the > kiss-off "ignore" and everything that shows beyond it was added without > my intention: And it worked... I would recommend one change to the handling of cut lines like --ignore-- : - leave the cut line in the message, just cut the stuff after it This lets you use one --ignore-- line to chop of any trailers from multiple remailers, so you don't risk building up a trail. Getting rid of the first one is obviously the most critical, but the rest can also be a risk. Also, someone has commented that most people who use anonymous remailers test them by sending a message to themselves before sending it to their real destination. If your intended recipient is on the same system or group of systems that you are, this is a traffic analysis risk... Bill Stewart From explorer at iastate.edu Tue Aug 24 14:15:31 1993 From: explorer at iastate.edu (explorer at iastate.edu) Date: Tue, 24 Aug 93 14:15:31 PDT Subject: rsa129 project: Mail problems, some mail lost Message-ID: <9308242112.AA05776@iastate.edu> If you replied to the rsa129 factoring project using rsa129-request at iastate.edu, please mail that address once again. We had a local mail problem and some mail was lost. If you have gotten a reply from me however, I will mail out source and such asap. Thank you --Michael From nobody at soda.berkeley.edu Tue Aug 24 18:55:32 1993 From: nobody at soda.berkeley.edu (nobody at soda.berkeley.edu) Date: Tue, 24 Aug 93 18:55:32 PDT Subject: Digital Gold Message-ID: <9308250154.AA01671@soda.berkeley.edu> At 4:23 PM 8/24/93 -0400, hnash at mason1.gmu.edu wrote: > >I tried to imagine a digital currency which is not backed by >any bank, but just exists by mathematics and convention, like >gold. The result is the following currency system which >could be called digital gold. It involves three conventions, >(1) a convention for valuing coins, (2) a convention for >claiming coins, (3) a convention for transfering coins. > >I believe the resulting currency is unforgeable, >uninflatable, and untraceable. Let me know where I've gone >wrong (gently). I love this scheme, but I have two questions about it. 1) How will disputes be settled? >In order to claim a digital gold coin, the claimer must >publicize a "claim certificate", containing the signed >integer and the public key required to recognize the >signature. The first person to publicize a claim certificate >will be recognized as the owner. Some variant of the keyserver could be the public registry of gold. Can this be done in a reasonable way, where a large part of the transaction cost is not involved in verifying that the buyer really owns her cash? Is there some way to make this more like a web of trust? Can it be blinded in a way that maintains the trust but allows anonymous transactions? 2) Why should anyone value a digital gold coin in the first place? Money has value because of people's expectation (based on experience) that if they take it to a store they can buy stuff with it. Where will digital gold obtain its bootstrap value? Somebody has to start using it. My own feeling about how digicash will develop is that it will be added into an initially non-anonymous digital based debt clearinghouse. With PGP (etc.) we already have the means to create verifiable IOU's, contracts, loans, etc. (Is anyone using them?) If such IOU's were used widely but non-anonymously, it would require only a small innovation to move to anonymity (either through blinding, or use of agents with reputations, or ?). The problem is getting any kind of online action to begin with. (AMiX?) From BillG at Microbio.LifeSci.ucla.edu Tue Aug 24 19:16:58 1993 From: BillG at Microbio.LifeSci.ucla.edu (Gomes, Bill M'bio) Date: Tue, 24 Aug 93 19:16:58 PDT Subject: No Subject Message-ID: <2C7AC9C2@smtpgate.lifesci.ucla.edu> Please subscribe me to the cypherpunks mailing list. Thanks. From ld231782 at longs.lance.colostate.edu Tue Aug 24 23:12:01 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Tue, 24 Aug 93 23:12:01 PDT Subject: 16th NCSC meeting Sep 20-23 1993 announcement Message-ID: <9308250610.AA20571@longs.lance.colostate.edu> >From Risks 14.86 Aug 24 1993 This is a Spook Central meeting, so the topics given are interesting `signal intelligence' on what's on the NSA^D^D^DNIST's mind at the moment. Also, it suggests what companies have active consulting & production arrangements with NSA (MITRE, Motorola, etc.). What's on their mind: hierarchical security systems (antithetical to the subversive PGP `web of trust'), distributed/network security, CLIPPER, `publishing work', (read: restrictions on cryptographic topics in journals?), `security requirements for cryptographic modules' (read: restrictions on cryptographic device export?) `International harmonization' by a Frenchman (hehe, sounds a lot like `Ministry of Truth'), a probable codeword for International Cryptographic Restriction. Acronyms: TPEP, TTAP -- sound big, what are they? Some kind of U.S. government `evaluation paradigms'. Again, probably for crypto-device export. Interesting presentations by spook outsiders & wannabes: virus attacks, `Security & Auditability of Electronic Voting Systems', `Privacy Impact of technology in 90's', `Electronic Crime Prevention & Investigation' Hopefully, some patriotic cypherpunk can sneak in and smuggle out a report! ------------------------------ Date: Thu, 19 Aug 93 12:32 EDT From: Reiner at DOCKMASTER.NCSC.MIL Subject: NCSC 16 Announcement for RISKS 16TH NATIONAL COMPUTER SECURITY CONFERENCE Dates: 20-23 September 1993 Location: Baltimore Convention Center Baltimore, Maryland Registration fee: $275 The National Computer Security Center and the National Institute of Standards and Technology will present the 16th National Computer Security Conference from 20-23 September at the Baltimore Convention Center. This year's three and one-half day program features tracks in : Research & Development; System Implementation; Management & Administration; Criteria & Evaluation; Tutorials & Other Presentations. aA summary of the technical program follows. To obtain more information about the technical program send a message to NCS_Conference at DOCKMASTER.NCSC.MIL or call the NCSC on 410-859-4371. To obtain a registration form, call the Conference Registrar at 301-975-2775 or send a message to NCS_Conference at DOCKMASTER.NCSC.MIL TECHNICAL PROGRAM SUMMARY: R&D TRACK PANELS - Strategies for Integrating Evaluated Products Chair: J. Williams, MITRE - Multilevel Information System Security Initiative Chair: G. Secrest, NSA - Trusted Applications Chair: J. Cugini, NIST - Best of the New Security Paradigms Workshop II Chair: H. Hosmer, Data Security Inc. - Enterprise Security Solutions Chair: P. Lambert, Motorola PAPER SESSIONS - Honesty Mechanisms Chair: E. Boebert, SCTC - Database Research Chair: M. Schaefer, CTA - Access Control Chair: P. Neumann, SRI SYSTEM IMPLEMENTATION TRACK Panels: - Perspectives on MLS System Solution Acquisition Chair: J. Sachs, ARCA - Network Management -- The Harder Problem Chair: R. Henning, Harris Corp. - Application of INFOSEC Products on WANs Chair: J. Capell, Lockheed - Security for the Securities Industry Chair: S. Meglathery, NYSE Paper Sessions: - Access Control Topics Chair: D. Balenson, TIS - Network Risks & Responses Chair: B. Burnham, NSA - Software Engineering Chair: V. Gibson, Grumman - System Engineering with OTS Products Chair: M. Tinto, NSA - Network Implementation Chair: F. Mayer, Aerospace Corp MANAGEMENT & ADMINISTRATION TRACK PANELS - Virus Attacks & Counterattacks: Real World Experiences Chair: J. Litchko, TIS - Terror at the World Trade Center Chair: S. Meglathery, NYSE - Contingency Planning in the 90s Chair: I. Gilbert-Perry, NIST - On a Better Understanding of Risk Management Techniques Chair: S. Katzke, NIST - Security Awareness, Training & Professionalization Chair: D. Gilbert, NIST - Accreditor's Perspective - How Much is Enough? Chair: J. Litchko, TIS - Security & Auditability of Electronic Voting Systems Chair: R. Mercuri, U. of Penn. - Protection of Intellectual Property Chair: G. Lang, Harrison Ave. Corp. - The Privacy Impact pof technology in the 90s Chair: W. Madsen, CSC - Electronic Crime Prevention & Investigation Chair: R. Lau, NSA PAPER SESSION - Managing & Promoting INFOSEC Programs Chair: D. Parker, SRI TUTORIALS & PRESENTATIONS TRACK Tutorials: - Threats & Security Overview A. Liddle, IRMC - Trusted Systems Concepts C. Abzug, IRMC - Trusted Networks R. Bauer, E. Schultz, ARCA - Trusted Databases G. Smith, W. Wilson, ARCA - Trusted Integration & System Certification J. Sachs, ARCA Panel Presentations: - CLIPPER Chip Chair: L. McNulty, NIST - Getting Your Work Published Chair: J. Holleran, NSA - INFOSEC Standards: The DISA Process Chair: W. Smith, DISA - Security Requirements for Cryptographic Modules; Chair: L. Carnahan, NIST CRITERIA & EVALUATION TRACK Presentations: - Introduction to the Federal Criteria G. Troy, NIST; D. Campbell, NSA - Federal Criteria: Protection Profile Development J. Cugini, NIST; M. DelVilbiss, NSA - Federal Criteria: Registration of Protection Profiles D. Ferraiool, NIST; L. Ambuel, NSA Panels - Federal Criteria: Protection Profiles for the 90s Chair: R. Dobry, NSA - Federal Criteria: Vetting & Registration of Protection Profiles Chair: L Ambuel, NSA - Evaluation Paradigms: Update on TPEP and TTAP Chair: S Nardone, NSA - European National Evaluation Schemes Chair: E. Flahavin, NIST - The European Evaluation Process Chair: P. Toth, NIST - International Harmonization I Chair: Y. Klein, SCSSI, France - Goals & Progress Toward the Common Criteria Chair: G. Troy, NIST - Federal Criteria User Forum Chair: C. Wichers NSA Plenary: "Information System Security Strategies for the Future" Chair: Stephen Walker Panel: James P. Anderson Dr. Willis Ware Dr. Roger Schell ------------------------------ End of RISKS-FORUM Digest 14.86 ************************ From snark!esr at gvls1.VFL.Paramax.COM Wed Aug 25 00:37:02 1993 From: snark!esr at gvls1.VFL.Paramax.COM (Eric S. Raymond) Date: Wed, 25 Aug 93 00:37:02 PDT Subject: "Trusts" vs. Trust. (was: Re: No digital coins) In-Reply-To: <9308242024.AA02658@snark.lehman.com> Message-ID: Perry Metzger writes: > Never happened. Its a myth, plain and simple. > Oh, and Standard Oil was dropping in market share as fast > as a stone when it was broken up. > Nah. The Sherman Antitrust Act and all its friends are based partially > on myths, and partially on the desire of businessmen to get government > ENFORCEMENT of cartels. > Monopolies, cartels, etc, are all a myth. You are objectively correct about all this. You're also being obnoxious and shouldn't have started this argument. Please stop. -- Eric S. Raymond From greg at ideath.goldenbear.com Wed Aug 25 01:47:29 1993 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Wed, 25 Aug 93 01:47:29 PDT Subject: Bank misbehavior (was: Re: No digital coins?) In-Reply-To: <9308242012.AA02593@snark.lehman.com> Message-ID: Perry Metzger writes: > If you truly feel that there is some > sort of horrific "power relationship" between large banks and their > customers, I would suggest that since the worst that they do to you is > charge you for performing services that you are upset with the notion > of banks charging for services. I wish it were so; banks may provide information on me that I don't want dispersed to the government, to other folks who know enough to use the Touch-Tone account info hotline, and to marketing folks. The Wall Street Journal had an article sometime in August 1991 (give or take a month; I don't have DJNR access or I'd give a real cite) about how banks make available payee and amount information from checks customers write, without customer notification or permission. Banks in general seem to have poorly considered or actively harmful (anti)privacy practices. How easy IS it to start a credit union? Perhaps what we need is the People's Sekrit Privacy Credit Union! 1/2 :) -- Greg Broiles greg at goldenbear.com Golden Bear Computer Consulting +1 503 342 7982 Box 12005 Eugene OR 97440 BBS: +1 503 687 7764 From prz at columbine.cgd.ucar.EDU Wed Aug 25 01:55:35 1993 From: prz at columbine.cgd.ucar.EDU (Philip Zimmermann) Date: Wed, 25 Aug 93 01:55:35 PDT Subject: Coming Soon: Commercial version of PGP! Message-ID: <9308250853.AA06179@columbine.cgd.ucar.EDU> Coming Soon: Commercial Version of PGP! Philip Zimmermann has signed an agreement with ViaCrypt, a division of Lemcom Systems, Inc, to sell a commercial version of PGP. ViaCrypt is a company in Phoenix Arizona that already has an RSA license from Public Key Partners to sell products that use the RSA algorithm. The freeware version of PGP will still be available, and will be maintained as well as the commercial version. Most corporations were not willing to use PGP because it was not licensed by PKP or RSA Data Security. With this commercial version of PGP, it will be possible for PGP to enter commercial environments for the first time, and compete with other products such as PEM. This is expected to enhance PGP's viability as a de facto standard in the long run. ViaCrypt PGP will be available in the USA and Canada, for an introductory price of $100 for a single user, with quantity discounts available. For details, call ViaCrypt at (602) 944-0773, or contact Philip Zimmermann at prz at acm.org. From nobody at shell.portal.com Wed Aug 25 03:35:36 1993 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Wed, 25 Aug 93 03:35:36 PDT Subject: No digital coins (was: Chaum on the wrong foot?) Message-ID: <9308250838.AA20693@jobe.shell.portal.com> If your goal is only privacy of personal information not economic privacy you would do better to support Clipper-like systems (such as DigiCash with an IRS-Tax Backdoor). Supporting untracable perfectly secure cash will make taxation and state economic planning hard if not impossible. It is contradictory for a liberal to support DigiCash, Strong Cryptography, etc because effective collective coercion requires personal information. All you have to do is take perfect anonymity to its natural conclusion and you see where it leads. (and it ain't socialism) From nobody at shell.portal.com Wed Aug 25 03:36:33 1993 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Wed, 25 Aug 93 03:36:33 PDT Subject: Blinding messages (newbie questions) Message-ID: <9308250839.AA20717@jobe.shell.portal.com> >[Karl Barrus describes blinding] Excellent post! Can you tolerate a few newbie questions? > Conceptually, when you blind a message, nobody else can read it. So "blinding" is a synonym for encryption with your own public key, aka multiplication by a very-hard-to-factor number? > under the right circumstances if another > party digitally signs a blinded message, the unblinded message will > contain a valid digital signature. In other words if Alice encrypts and Bob signs, Da(Db(Ea(M))) = Db(M)? Under what conditions? Does RSA (in PGP) satisfy those conditions? > If someone asks > you to digitally sign a random stream of symbols, remember that what you > sign may be unblinded to reveal a contract, etc. For what applications would Bob want to sign an encrypted contract instead of a plaintext? From remail at tamsun.tamu.edu Wed Aug 25 05:32:06 1993 From: remail at tamsun.tamu.edu (remail at tamsun.tamu.edu) Date: Wed, 25 Aug 93 05:32:06 PDT Subject: Attacks on remailers Message-ID: <9308251148.AA25085@tamsun.tamu.edu> Hal Finney writes a nice "To Do" list for the cypherpunks remailers by enumerating and describing possible attacks. Let's priortize these items. First we should do those items that are easy to implement, and those items needed to prevent any remaining cheap 'n easy attacks. We can leave expensive attacks for future projects. > Response: Encrypt the messages. Use "nesting", so that all that is > visible as each message leaves a remailer is the destination of the > next remailer. This should be made smoother. The learning curve needed to get to this stage : install PGP & get it working, learn how to use remailers, install remailer nesting script, debug all of the above, because something in there is bound to break at this stage : quite a lot of work! Just improving things up to here with clearer documentation, and better scripts and GUIs, would greatly increase the number of remailer users and traffic. > Response: Run the remailer on a machine which does not keep mail logs, > or on a machine to which you can deny the attackers access. The former is much to be preferred! The first link in the remailer chain, especially, needs to be trusted not to maintain logs. The trustworthy remailer operator goes to great lengths to minimize the temptation to look at messages. >[Attack 3: timing & ordering of messages in & out] >[Attack 4: look at subject line, message size, etc.] >[other attacks involving intercepting mail stream] Batching and random delays only work well if there is large message traffic through the remailer. What in specific detail is needed to gain access to the mail stream to make these attacks? If no mail logs are kept, and the remailer denies access to a spool file, by hiding it or putting random garbage in it or denying access to its host computer, an attack looks to me like it requires a sophisticated wiretap. Avoiding expensive attacks is low priority at this point. >[Message pools] have the problem that they expose everyone > in some group to all of the messages intended for every group member, > hence the number of messages will scale as the square of the number of > group members. First let's make the problem happen. Then we can solve it! Here's another item: faster links! The delay between when I post this and when it arrives on "cypherpunks" can be half a day. What about that idea of using direct sockets instead of SMTP between remailers? That could kill two birds with one stone: delivery speed and cheap attacks against the intermediate links via logging or spool files. From b44729 at achilles.ctd.anl.gov Wed Aug 25 06:35:37 1993 From: b44729 at achilles.ctd.anl.gov (Samuel Pigg) Date: Wed, 25 Aug 93 06:35:37 PDT Subject: Attacks on remailers In-Reply-To: <9308251148.AA25085@tamsun.tamu.edu> Message-ID: <9308251334.AA22042@achilles.ctd.anl.gov> > Response: Encrypt the messages. Use "nesting", so that all that is > visible as each message leaves a remailer is the destination of the > next remailer. This should be made smoother. The learning curve needed to get to this stage : install PGP & get it working, learn how to use remailers, install remailer nesting script, debug all of the above, because something in there is bound to break at this stage : quite a lot of work! Just improving things up to here with clearer documentation, and better scripts and GUIs, would greatly increase the number of remailer users and traffic. Working on it. (NeXT version at least.) [..] Here's another item: faster links! The delay between when I post this and when it arrives on "cypherpunks" can be half a day. What about that idea of using direct sockets instead of SMTP between remailers? That could kill two birds with one stone: delivery speed and cheap attacks against the intermediate links via logging or spool files. Actually what I was proposing was the direct usage of SMTP itself rather than going through the host machine's mail system. As anyone can do it, it would help with the usage of student accounts as remailers. And with direct SMTP (socket connections to port 25 of the receiving machine) you have some control over the header information that is generated. The protocol is outlined in RFC821 if anyone wants to look at it. So that's 4 birds with one stone: (1) Speed. (2) No logging on remailer host. (3) Control over header information (hell you could even make something up for the header fields that looks 'legitimate') (4) Tighter control of possible batching by not going though the host machine's mail system. Earlier it was noted that traffic analysis worked for the a.s.a.r. remailer to find the sender of messages by checking the logs on the machine that the messages were originally from. With a simple utility someone could submit mail directly to the remailer host using sockets, and so leave little trace on their host of having done so. I'm working on the tiny utility to send mail via socket 25 (I'm sure it has been done many times before, and is probably already available somewhere. Is no big deal.) School is of course stealing my time. -Sam (is the remailer source code available on soda?) From strick at versant.com Wed Aug 25 08:42:08 1993 From: strick at versant.com (strick -- henry strickland) Date: Wed, 25 Aug 93 08:42:08 PDT Subject: Visa, HNC Inc. develop neural network as a weapon to fight fraud Message-ID: <9308251540.AA19232@versant.com> Extracted from "FC NEWSBYTES 1.3", David Geddes Editor, where FC = FutureCulture mailing list . strick ____________________________________________ _ _.......... B Y T E 4: Visa, HNC Inc. develop neural network as a weapon to fight fraud SAN FRANCISCO (AUG. 10) PR NEWSWIRE - Visa International and HNC Inc. have announced a strategic agreement to develop a comprehensive merchant risk detection system. The new system will be designed to better control fraud at the merchant level by determining the risk associated with individual card transactions. This agreement continues to support Visa International's active role in developing effective solutions to the problem of fraud occurring at the point of sale. The merchant risk detection system will be available in 1994. "Visa has combined its core systems capabilities and the premier technology available -- neural networks -- for fighting credit card fraud," explained Roger Peirce, Visa International's executive vice president, Delivery Systems. "HNC, an industry leader in neural network applications and credit card control services, is a logical partner for Visa," he added. Michael A. Thiemann, HNC's executive vice president, called the agreement "another example of our commitment to solving tough business problems through the application of cutting-edge technologies." Neural network technology enables a system to predict the probability of fraud by learning from a large number of past transactions, both legitimate and fraudulent. By using neural networks to its full extent, Visa will be able to provide superior risk analysis for its members. In combating credit and debit card fraud, Visa already has developed several programs utilizing information gained from neural network research. Worldwide implementation of the International Points-of- Compromise (IPOC) program has proved highly effective for identifying merchant locations that may be selling or giving account information to counterfeiters. Another successful program, called the Central Deposit Monitoring (CDM) program, matches merchant activity with sales draft laundering characteristics and identifies unusual merchant deposits. In addition, close cooperation with law enforcement agencies and legislatures enhances the value of the programs which, in turn, allow Visa members to pass on the protection to its cardholders and merchants. The planned Visa-HNC merchant risk detection system is designed to further reduce fraud losses by assigning a risk score to each authorization transaction processed through the VisaNet systems. "With this new system, members will be better able to assess risk at the point- of-transaction and, therefore, make more informed authorization decisions," confirmed Peirce. According to The Nilson Report, merchant fraud worldwide cost the financial industry an estimated US $689 million in 1992. HNC will integrate the risk score into Falcon(TM), their existing, real-time credit card fraud-detection system that runs at card issuer sites to identify and prevent a wide range of fraud at the cardholder level. It determines the probability of fraud on each credit card authorization by comparing it to the cardholder's purchase patterns and the latest trends in credit card fraud. Introduced in September 1992, Falcon has already achieved success in reducing fraud losses of major credit card issuers. HNC Inc., the world's leader in the application of neural networks, develops, sells, integrates and supports advanced decision solutions based on neural network and statistical technology. HNC provides practical products and services to the financial, credit card, debit card, merchant services, insurance, mortgage underwriting, retail and direct marketing industries. Visa is the leading consumer payment system in the world with more than 10.4 million acceptance locations, the largest global ATM network and 309 million cards issued worldwide. -0- 8/10/93 /CONTACT: Gail Murayama of Visa International, 415-570-3645; or Ken Jones of HNC Inc., 619-546-8877 ____________________________________________ _ _.......... From J_G_Thomas%CAASD1 at mwmgate1.mitre.org Wed Aug 25 08:45:38 1993 From: J_G_Thomas%CAASD1 at mwmgate1.mitre.org (J_G_Thomas%CAASD1 at mwmgate1.mitre.org) Date: Wed, 25 Aug 93 08:45:38 PDT Subject: Attacks on remailers Message-ID: <199308251542.AA23719@mwunix.mitre.org> Samuel Pigg wrote: > Actually what I was proposing was the direct usage of SMTP itself rather > than going through the host machine's mail system. As anyone can do it, > it would help with the usage of student accounts as remailers. > And with direct SMTP (socket connections to port 25 of the receiving machine) > you have some control over the header information that is generated. > The protocol is outlined in RFC821 if anyone wants to look at it. The trouble is, one side (the receiver) is still keeping logs, since only sendmail (or some other root process doing the same job) can bind to port 25. On most machines, that means logs. There are plenty of ports over 1000 that user processes can bind to, and that cypherpunk remailers can support, if we want to go that way. I think it's worth thinking about. (This is in addition to receiving mail delivered normally to their e-mail adresses, probably either by port-25/sendmail or uucp). We could start by having cypherpunk remailers talk to _each_other_ on an agreed- upon, unlogged port, using RFC 821 protocol. Final hops to non-remailer addresses will have to be handled on port 25, of course, but within the remailer web we can avoid sendmail logs entirely. After that's implemented, we could talk about using a different protocol. A new protocol is probably the cleanest way to solve the problem of traffic analysis of messages addressed with encrypted address blocks. The best way to get security in a remailer chain is to nest your encryption, so only one layer gets peeled off in each remailer hop. That isn't possible with encrypted address blocks, since the sender will only know the address (and public key) of the first remailer in the chain. All hops after the first one must send the same message out as they got in, with just a layer off the encrypted address block. But if remailers talked to each other by first doing RSA-signed Diffie- Hellman key exchange, then encrypting the traffic, a packet snooper wouldn't be able to correlate incoming and outgoing messages. The latter is one of the "expensive" attacks, I think, and should be thought about after we make sure the logs aren't being kept. Thoughts? Joe (they're trying to pry me away from my NeXT, so don't reply directly to the From: line; use jthomas at mitre.org) From plmoses at unix.cc.emory.edu Wed Aug 25 08:52:08 1993 From: plmoses at unix.cc.emory.edu (Paul L. Moses) Date: Wed, 25 Aug 93 08:52:08 PDT Subject: Bank misbehavior (was: Re: No digital coins?) Message-ID: <9308251549.AA12684@emoryu1.cc.emory.edu> Maybe someone has said this, but another key way to foster privacy is to START A BANK that values this. I recal some references to Swiss banking, anonymous accounts, etc, before. So wouldnt it be a good idea to find some bankers out there who wanted to create a niche market for themselves, and sell them on the crypto-protocols? First suggestion: try Miami.... - paul From kevinr at csn.org Wed Aug 25 09:55:38 1993 From: kevinr at csn.org (Kevin Reynolds) Date: Wed, 25 Aug 93 09:55:38 PDT Subject: link Message-ID: <199308251653.AA11302@teal.csn.org> Is anyone currently porting link to msdos? I have the ability, but it may take me a while to do so, so if anyone is already doing it, I'd rather not overdo it. The file is available from soda.berkeley.edu in /pub/cypherpunks. Check it out. kev From hnash at mason1.gmu.edu Wed Aug 25 09:56:41 1993 From: hnash at mason1.gmu.edu (hnash at mason1.gmu.edu) Date: Wed, 25 Aug 93 09:56:41 PDT Subject: Digital Coin Claim Message-ID: <9308251652.AA01541@mason1.gmu.edu> The first certificate attached to this message is a claim to ownership of the first digital gold coin. Some anonymous person is claiming ownership of this coin simply because no one else has claimed it. This original owner has signed a deed granting ownership of the coin to himself. The second attached certificate is a transfer of ownership of the same digital coin. The first owner has granted ownership of the coin to some other anonymous person (who could be the original owner himself). If someone tries to offer you coin #1 in exchange for some good or service, make sure his signature matches the public key in the latest deed of ownership of coin #1. (The first public key is now worthless, by convention.) -----BEGIN PGP SIGNED MESSAGE----- <>-<>-<> Deed of Ownership <>-<>-<> The following digital coin is hereby granted to the owner of the following alias by the signer of this deed. coin #1 - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQA/Aix7OzAAAAEBgNeA+IZOQOmczjSUMiWaMTnkZLDYCA1XGzxjnXTiYA1/LVpN SkUywA+kGfe9cCuaQQARAQABtAlhbm9ueW1vdXM= =YrPq - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.3 iQBFAgUBLHtQdYuK85NmoAdhAQHevwF+OOZEZHUjDADYBaM5EQvDbfCTTEskX2kr aA46cE2GaZBPV5JdyjR+dnNwRXHfug0M =z9OC -----END PGP SIGNATURE----- -----BEGIN PGP SIGNED MESSAGE----- <>-<>-<> Deed of Ownership <>-<>-<> The following digital coin is hereby granted to the owner of the following alias by the signer of this deed. coin #1 - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQA/Aix7SWsAAAEBgLanVXE9dTkrDCAWOt1Dw3bhLSIGMVweD1zifEpiDIWRZzXO Sl22i4YVPmeLvfdL3QARAQABtAVhbm9uMg== =5fkK - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.3 iQBFAgUBLHtQo4uK85NmoAdhAQEF9QF/aB6iX/bwXn6HEerJrOzES0VTpxsybC9L L++CIvjbDLBXmgPzXClGuGKg5t+urJ8J =Jabu -----END PGP SIGNATURE----- From cdodhner at indirect.com Wed Aug 25 10:25:38 1993 From: cdodhner at indirect.com (Christian D. Odhner) Date: Wed, 25 Aug 93 10:25:38 PDT Subject: Coming Soon: Commercial version of PGP! In-Reply-To: <9308250853.AA06179@columbine.cgd.ucar.EDU> Message-ID: <199308251723.AA21838@indirect.com> > ViaCrypt PGP will be available in the USA and Canada, for an introductory > price of $100 for a single user, with quantity discounts available. > For details, call ViaCrypt at (602) 944-0773, or contact Philip Zimmermann > at prz at acm.org. Ok, I just spoke with Dave somebody at viacrypt, and he told me that the ViaCrypt PGP would be based on PGP 2.3a, and the only code changed would be the lines implementing rsa itself. He told me it would be backwards compatable with all past versions of PGP and that as improvements were made to ViaCrypt PGP, the same improvements would be made to the freeware version. I was thinking that if a bunch of us cypherpunks wanted copys we could order them as a group and get a volume discount. I've asked to have the price scheduals sent to me. If anybody has any questions for ViaCrypt, you could refer them through me if you like, as thier offices are just 16 miles or so from my house. Happy Hunting, -Chris From khijol!erc at colossus.apple.com Wed Aug 25 10:32:09 1993 From: khijol!erc at colossus.apple.com (Ed Carp) Date: Wed, 25 Aug 93 10:32:09 PDT Subject: "Trusts" vs. Trust. (was: Re: No digital coins) In-Reply-To: Message-ID: > > Perry Metzger writes: > > Never happened. Its a myth, plain and simple. > > Oh, and Standard Oil was dropping in market share as fast > > as a stone when it was broken up. > > Nah. The Sherman Antitrust Act and all its friends are based partially > > on myths, and partially on the desire of businessmen to get government > > ENFORCEMENT of cartels. > > Monopolies, cartels, etc, are all a myth. > > You are objectively correct about all this. > > You're also being obnoxious and shouldn't have started this argument. > > Please stop. I don't think so. Perry's arguments were well-reasoned and not obnoxious at all. Perhaps some don't like to be proven they are wrong? -- Ed Carp, N7EKG erc at apple.com 510/659-9560 anon-0001 at khijol.uucp If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From hughes at soda.berkeley.edu Wed Aug 25 10:42:09 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Wed, 25 Aug 93 10:42:09 PDT Subject: SEA Opposes Privatization of Digital Signature Standard (fwd) Message-ID: <9308251738.AA10272@soda.berkeley.edu> Simona Nass of SEA sent this over to me for y'all. Eric ----------------------------------------------------------------------------- From: Simona Nass Subject: SEA Opposes Privatization of Digital Signature Standard (fwd) > August 19, 1993 FOR IMMEDIATE RELEASE > > CONTACT: Simona Nass > (212) 982-4320 or simona at sea.org > > Society for Electronic Access (SEA) Opposes > Privatization of Digital Signature Standard > > In June, the National Institute for Standards and Technology (NIST) > published in the Federal Register its intention to grant an exclusive > license for nongovernmental use of the Digital Signature Algorithm > (DSA), a technique developed for NIST by federally-funded researchers. > DSA can help people authenticate the origin of electronic mail and > other computerized messages. NIST has proposed making DSA the basis of > a standard for digital signatures for transactions within federal > agencies and by anyone doing electronic business with the government > (and thus, de facto, by anyone else interested in a widely-accepted > digital-signature standard). Interested parties were given 60 days to > comment. The SEA has now gone on record opposing this license on three > grounds: > > 1) The law requires an open discussion of whether such an exclusive > license serves the interests of both the government and the public > _before_ the license and its terms are proposed. > > 2) The proposed license directly contravenes NIST's stated purpose > in developing DSA in the first place, which was to make a > digital-signature standard free of encumbrance from privately held > patent licenses, one that would be available royalty-free worldwide. > > 3) The proposed license violates federal law governing the granting > of exclusive licenses. The law states that an exclusive license can > only be granted for a patent if it can be shown that the technology > embodied in the patent would not otherwise be developed, brought to > market and widely used. Considering that NIST's proposed licensee, > Public Key Partners, is currently engaged in legal action to prevent > anyone else from developing or marketing digital-signature technology > in the U.S., they appear to be an unlikely choice to ensure the widest > possible use of DSA. Indeed, granting an exclusive license to PKP > would extend their potential legal monopoly on digital signatures > until 2010. > > Opposition to the NIST/PKP deal has been widespread throughout the > electronic community. NIST has yet to respond to the SEA's August 9 > filing, or to comments filed by other organizations (a full text of > the SEA's statement, written by SEA board member Clay Shirky, is > available via Internet gopher -- reach gopher.panix.com and look under > Society for Electronic Access (SEA), Telecom Law Information, SEA > Comment on NIST-PKP Agreement -- or via e-mail by sending a request > asking for the "SEA Comment on NIST-PKP Agreement" to sea at sea.org). > > The Society for Electronic Access is a New York-based organization > focusing on electronic civil liberties and access issues; for more > information, e-mail sea-info at sea.org; write to The Society for > Electronic Access, Post Office Box 3131, Church Street Station, > New York, NY 10008-3131; or call (212) 982-4320. From talon57 at well.sf.ca.us Wed Aug 25 11:15:39 1993 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Wed, 25 Aug 93 11:15:39 PDT Subject: recommended reading Message-ID: <93Aug25.111323pdt.13912-2@well.sf.ca.us> Friendly Spies How America's allies are using economic espionage to steal our secrets By Peter Schweizer ISBN 0-87113-497-7 'bout twenty bucks I would have to rate this as a must read for anyone concerned with Privacy. Schweizer has written a very informative, and well written text describing in great detail the involvement of so called "friendly" inteligence services in corporate espionage. Brian Williams Cypherpatriot From tcmay at netcom.com Wed Aug 25 11:25:39 1993 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 25 Aug 93 11:25:39 PDT Subject: "Inspired by the Cypherpunks" Message-ID: <9308251825.AA20473@netcom.netcom.com> It's nice to know we're having some influence. The latest "Wired" has the following letter, which credits the Cypherpunks as the inspiration for a privacy seeker: "A few days ago, in a chain record store, I bumped into this big screen on a box marked with an "i." I looked at it, thinking it would be a good idea to know what I'm buying, when this guy came up and told me that to be able to use this neato piece of high tech, I'd have to fill out a piece of paper, which not only asked about my taste, but about my credit, my name, my address, etc. Inspired by the cypherpunks of your last issue (_Wired_ 1.2, page 54), I decided there was no good reason for these people to know this about me. I took the reply form and walked off, throwing it away when I got home. The next day, I went searching bookstores and found the new _Wired_. What did I see, but a glowing recommendation for this privacy-basher on page 23 (_Wired_ 1.3). I'm sorry, 30 seconds of a pop tune is too little for the price of my privacy." "Dave Jacoby Please don't print my user ID" So, we are playing our part in raising consciousness. (I'll avoid getting into a political debate about whether these corporations asking questions havd too much power, whether the market works or not, etc.) -Tim May -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: by arrangement Note: I put time and money into writing this posting. I hope you enjoy it. From tcmay at netcom.com Wed Aug 25 11:45:39 1993 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 25 Aug 93 11:45:39 PDT Subject: How "Wired" did the "Crypto Rebels" article Message-ID: <9308251842.AA23059@netcom.netcom.com> A free newspaper devoted to graphics arts, "OnLine Design," has a nice piece in the August issue: "Designing _Wired_," by Ken Coupland. (I've seen this issue at a mall software store, so those of you in California may want to look for it before it vanishes.) The focus is on the launching of "Wired," its layout policies, the feel of the paper, the design team, and so on. "Wired" is turning into a major publishing success story, hence the interest in its creative/artistic side. The Steven Levy article on "Crypto Rebels" got a major part of the coverage, especially the cover (some Cypherpunks in masks, holding the American flag, in case some of you newcomers to this list missed this issue) and the opening 2-page spread used in that article. The caption for the 2-page spread is: "This layout for the "Crypto Rebels" piece supports the story's argument that the "Cypherpunks" are patriotic revolutionaries." Nice to see that the "meme" is being accepted that folks like us are on the right side. Interestingly, one of the photos of the design editors shows one of them holding a "Cypherpunks mask" up in front of her face. (Needless to say, they are the ones who thought up the mask idea in the first place.) Just thought you'd like to hear about this article. -- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: by arrangement Note: I put time and money into writing this posting. I hope you enjoy it. From mrose at stsci.edu Wed Aug 25 12:57:39 1993 From: mrose at stsci.edu (Mike Rose) Date: Wed, 25 Aug 93 12:57:39 PDT Subject: reading mail with gnus Message-ID: <9308251956.AA13519@MARIAN.STSCI.EDU> I'd like to start reading cypherpunks mail with gnus, and continue reading my other mail with rmail. Is this possible? I'm running emacs 19.19; I know there were patches for an earlier gnus that supported this, but I don't know if they work with the emacs 19 gnus. Thanks, Mike From ajw at Think.COM Wed Aug 25 13:05:40 1993 From: ajw at Think.COM (Andy Wilson) Date: Wed, 25 Aug 93 13:05:40 PDT Subject: Visa, HNC Inc. develop neural network as a weapon to fight fraud In-Reply-To: <9308251540.AA19232@versant.com> Message-ID: <9308252001.AA14017@custard.think.com> Date: Wed, 25 Aug 93 08:37:07 -0700 From: strick -- henry strickland Extracted from "FC NEWSBYTES 1.3", David Geddes Editor, where FC = FutureCulture mailing list . strick ____________________________________________ _ _.......... B Y T E 4: Visa, HNC Inc. develop neural network as a weapon to fight fraud SAN FRANCISCO (AUG. 10) PR NEWSWIRE - Visa International and HNC Inc. have announced a strategic agreement to develop a comprehensive merchant risk detection system. The new system will be designed to better control fraud at the merchant level by determining the risk associated with individual card transactions. For those who are not familiar with the details of neural networks, I thought I would point out that this represents a departure from the current notion of a credit rating in two ways: 1) There is no clear way to fix your "neural credit rating" if there is a problem. The neural network program which predicts the probability of fraud will give its guess as to the probability of fraud. If you are a cardholder and it predicts that a transaction is likely to be fraudulent, then your purchase won't be accepted. But, unlike conventional credit reporting firms which use a credit report, the neural network cannot explain anything about how it came to its decision. With existing credit reporting schemes, you at least have the option of acquiring your credit report and taking the necessary steps to repair your credit rating if there is a problem. With the use of neural networks, this is no longer possible. Given the current state of neural network research, a percentage of the rejections will be false. This means that a number of card users will be denied service for no other reason than the fact that neural networks make mistakes. 2) You are no longer judged on your own actions, but on the similarity of your purchasing patterns with those who have committed fraudulent acts. Instead of being judged on your trustworthiness based on your past actions, you will be judged based on whether people whose purchasing profiles are similar to yours are trustworthy. An example of this being problematic is say you purchase a particular CD and the neural network decides that, partly based on this and partly on other information, that you won't pay your bill because most of the people in the database who bought that CD didn't pay their bills. Andy From chaos at aql.gatech.edu Wed Aug 25 13:12:11 1993 From: chaos at aql.gatech.edu (Paul Goggin) Date: Wed, 25 Aug 93 13:12:11 PDT Subject: Commerical PGP Message-ID: <9308252010.AA17861@toad.com> Chris, I would be interested in going in on a group purchase of this product. However, there is one main question on my mind: Unless they provide the source code, how do we know these are the only lines changed within PGP 2.3A? Paul -- R O All Comments Copyright by | Technofetisht A N Paul S. Goggin (1993) | Cypher, Cyber, Chaos V Information Broker | Ergoflux, Interzone E chaos at aql.gatech.edu | Carpe Diem: Stop the Clipper wiretap chip Finger account for latest _Phrack_ | Public Key: PGP and RIPEM available For anonymous communication:---> anonymus+4744 at charcoal.com ------------------------------------------------------------------------------ Title 18 USC 2511 and 18 USC 2703 Protected -- Monitoring Absolutely Forbidden From pcw at access.digex.net Wed Aug 25 13:17:11 1993 From: pcw at access.digex.net (Peter Wayner) Date: Wed, 25 Aug 93 13:17:11 PDT Subject: Visa, HNC Inc. develop neural network as a weapon to fight fraud Message-ID: <199308252015.AA24986@access.digex.net> My impression is that the companies will use the Neural Network to detect strange spending habits. For instance, a friend with an American Express card had a strange occurance when he was on a business trip. His spending was way up and when he tried to make a purchase, the card reader said, "Dial Amex." The clerk did and the friend found himself talking to an Amex representative. They said, "We've noticed that you've had more purchases than usual lately and we just wanted to check in to see if you're who you say you are." I think they asked him his mother's maiden name or something like that. In the end, he felt that this intruision was a feature and touted it to me as a great reason to get an Amex card. All these guys are out there protecting you. Privacy advocates might have a different opinion. -Peter From bill at twwells.com Wed Aug 25 14:27:41 1993 From: bill at twwells.com (T. William Wells) Date: Wed, 25 Aug 93 14:27:41 PDT Subject: Visa, HNC Inc. develop neural network as a weapon to fight fraud In-Reply-To: <9308252001.AA14017@custard.think.com> Message-ID: In article <9308252001.AA14017 at custard.think.com>, Andy Wilson wrote: : [mostly bogus stuff] That is irrelevant to cypherpunks, as I understand the list. There is no technology, including that of privacy, that cannot be used for ill. We don't know how they're going to be using the neural network. They could, as was suggested, abandon their minds and and rely on the neural net. I don't think they will because doing so would be a really bad business decision. Furthermore, on the evidence, the neural network output will only be used as one datum in a process involving many inputs and a human making the final decision. Finally, in the examples I'm familiar with (from reading AI Expert), when a neural net is used as a decision element, precisely because of its error rate, the decision isn't "go/no go" but "go/refer the problem to a human". From talon57 at well.sf.ca.us Wed Aug 25 14:32:12 1993 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Wed, 25 Aug 93 14:32:12 PDT Subject: INFO: smoking gun? Message-ID: <93Aug25.142818pdt.13935-2@well.sf.ca.us> "According to sources at the National Security Agency, on the morning of July 13, 1982, the NSA had intercepted commercial communications from the Washington office of Mitsubishi to the Japanese Foreign Ministry in Tokyo. The NSA monitors fifty-three thousand communication signals in the United States every day. They usually aren't reviewed by analysts, however, unless the signal carries a message with a signature-a key word or phrase that triggers a computer to transcribe the communication. Any word that might signal confidential or classified government information triggers the transcribing system." from Friendly spies, page 90. looks like a smoking gun to me...... Brian Williams Cypherpatriot From kent_hastings at qmail2.aero.org Wed Aug 25 14:32:41 1993 From: kent_hastings at qmail2.aero.org (Kent Hastings) Date: Wed, 25 Aug 93 14:32:41 PDT Subject: Julieboard DDS Message-ID: <199308252128.AA16005@aerospace.aero.org> Julieboard DDS Remember my constant whining about the lack of suitable hardware for spread-spectrum radio? No more! The August 1993 issue of 73 Amateur Radio Today contains an article and schematic for: JULIEBOARD. Woo hoo! Ahem. The Julieboard is a Direct Digital Synthesis (DDS) circuit built around the 28-pin DIP Harris HSP45102 DDS chip. A software controller program is shown using GWBASIC. Here is a summary of features: "0 to 16 MHz coverage (*Note: can be used to modulate UHF/Microwave*) 0.007 Hz frequency resolution Virtually instantaneous switching time No drift/no calibration Excellent spectral quality Simple interface via PC printer port" The following is music to my eyes (Wha?...Dhoh!): "...there is no reason why an appropriately programmed single chip microcomputer (such as a Motorola '68705 or Intel '8051) couldn't replace the PC for those who object to having to drag around a large, bulky *Homer-mungous* PC just to drive a tiny little board. With a single chip microcomputer, an entire HF rig could be made to fit into a shirt-pocket-sized package!" A circuit board can be obtained for $25 U.S. from: Bruce Hodgkinson, VE3JIL Box 232 Pakenham, Ontario, CANADA K0A 2X0 Phone: (613) 624-5247 A wired and tested 33-MHz chip system can be obtained from stock or within a week for $120+$5.00 S&H. A wired and tested 40-MHz chip system waits up to 8 weeks for availability of chips, and costs $135+$5.00 S&H. Bruce told me that the 33-MHz chips he tested worked fine at 40-MHz. It seems Harris is very conservative in their chip ratings. Of course, nobody would use these DDS boards for direct-sequence, frequency-hopping, time-hopping, plus chaos-transmitted-reference hybrid spread-spectrum transmitters to achieve signal hiding and interference rejection. Nope. Last thing on MY mind. Haa ha ha ha... eat flaming death statist scum! You are all doomed! Kent aka WA6ZFY - From b44729 at achilles.ctd.anl.gov Wed Aug 25 15:42:14 1993 From: b44729 at achilles.ctd.anl.gov (Samuel Pigg) Date: Wed, 25 Aug 93 15:42:14 PDT Subject: INFO: smoking gun? In-Reply-To: <93Aug25.142818pdt.13935-2@well.sf.ca.us> Message-ID: <9308252241.AA00104@achilles.ctd.anl.gov> From: Brian D Williams Date: Wed, 25 Aug 1993 14:28:12 -0700 "According to sources at the National Security Agency, on the morning of July 13, 1982, the NSA had intercepted commercial communications from the Washington office of Mitsubishi to the Japanese Foreign Ministry in Tokyo. The NSA monitors fifty-three thousand communication signals in the United States every day. They I haven't had a chance to read the book, but is this referring to the *supposed* "project harvest"? (a supposed NSA project to automate the wiretapping and flagging of phone conversations by voice-recognition software (ie key words trigger conversations being bumped to human listeners.)) usually aren't reviewed by analysts, however, unless the signal carries a message with a signature-a key word or phrase that triggers a computer to transcribe the communication. Any word that might signal confidential or classified government information triggers the transcribing system." from Friendly spies, page 90. looks like a smoking gun to me...... (for all I know this is mere paranoia (the "project harvest") so no flames about the obvious "fringe factor" involved here. Just wanting to know if the book "Friendly Spies" (unavailable in my university library as of yet) mentions this.) -Sam From ajw at Think.COM Wed Aug 25 15:52:13 1993 From: ajw at Think.COM (Andy Wilson) Date: Wed, 25 Aug 93 15:52:13 PDT Subject: Visa, HNC Inc. develop neural network as a weapon to fight fraud In-Reply-To: Message-ID: <9308252250.AA17771@custard.think.com> From: bill at twwells.com (T. William Wells) Date: Wed, 25 Aug 1993 21:04:05 GMT In article <9308252001.AA14017 at custard.think.com>, Andy Wilson wrote: : [mostly bogus stuff] That is irrelevant to cypherpunks, as I understand the list. The prospect of the impossibility of anonymity and the uses to which personal information is made in a cashless economy is not relevant? I beg to differ. This is exactly what digital cash is meant to prevent. There is no technology, including that of privacy, that cannot be used for ill. We don't know how they're going to be using the neural network. They could, as was suggested, abandon their minds and and rely on the neural net. I don't think they will because doing so would be a really bad business decision. Furthermore, on the evidence, the neural network output will only be used as one datum in a process involving many inputs and a human making the final decision. Finally, in the examples I'm familiar with (from reading AI Expert), when a neural net is used as a decision element, precisely because of its error rate, the decision isn't "go/no go" but "go/refer the problem to a human". The problem with referring a neural network's decision to a human is that the neural network gives no information other than the probability of fraud. It does not tell the human why it determined the transaction was likely to be flawed, like a system based on rules or case-based reasoning would be able to do. There is not any good way to combine the judgement of the neural net with that of a human for that reason. With respect, I have found AI Expert to consist more of marketing hype than correct and useful information on artificial intelligence technology. Andy From M..Stirner at f28.n125.z1.FIDONET.ORG Wed Aug 25 16:32:14 1993 From: M..Stirner at f28.n125.z1.FIDONET.ORG (M. Stirner) Date: Wed, 25 Aug 93 16:32:14 PDT Subject: "more money than brains?" Message-ID: <2091.2C7BE7E4@shelter.FIDONET.ORG> Uu> From: cdodhner at indirect.com ("Christian D. Odhner") > ViaCrypt PGP will be available in the USA and Canada, for an introductory > price of $100...for a single user ^^^^^^ Uu> Ok, I just spoke with Dave somebody at viacrypt, and he told me that Uu> the ViaCrypt PGP would be based on PGP 2.3a, and the only code changed Uu> would be the lines implementing rsa itself. ... Uu> improvements were made to ViaCrypt PGP, the same improvements would be Uu> made to the freeware version. I was thinking that if a bunch of us Uu> cypherpunks wanted copys we could order them... Only one question: WHY? If PGP is freeware for noncommercial single users, why on earth would anyone wish to drop $100 +/- for single-user rights to a virtually identical program? The mind boggles. I know that the principal Cypherpunks are rich, but I'm sure they could find more worthy charities than ViaCrypt...like getting me a new modem, for example... ********************************************************************* * - PGP Key D30909 via servers * * > What country can preserve its liberties if its rulers are not <* * > warned from time to time that their people preserve the spirit <* * > of resistance? Let them take arms!" - Thomas Jefferson, 1787 <* ********************************************************************* ___ Blue Wave/QWK v2.12 -- M. Stirner - via FidoNet node 1:125/1 UUCP: ...!uunet!kumr!shelter!28!M..Stirner INTERNET: M..Stirner at f28.n125.z1.FIDONET.ORG From szabo at netcom.com Wed Aug 25 17:52:15 1993 From: szabo at netcom.com (Nick Szabo) Date: Wed, 25 Aug 93 17:52:15 PDT Subject: "more money than brains?" In-Reply-To: <2091.2C7BE7E4@shelter.FIDONET.ORG> Message-ID: <9308260048.AA12637@netcom4.netcom.com> M. Stirner: > Only one question: WHY? If PGP is freeware for noncommercial single > users, why on earth would anyone wish to drop $100 +/- for single-user > rights to a virtually identical program? There are several business proposals floating around the cypherpunks community that would require commercial licenses. I encourage the various crypto-entrepreneurs elaborate if they wish. Some of the proposals are quite interesting and illuminating. There's a strong habit of keeping business ideas "trade secret", which can be a bad idea, since (a) many of the ideas are obvious; trade secrets only work for subtle but important technological bottlenecks known to a small group of mutually trustworthy people, and (b) many of the ideas need to debugged by a wide variety of crackers and experts before they will provid good privacy. Trade secrets also inhibit the progress of the cypherpunks agenda, but that's a judgement call; I myself dont' feel morally bound to Reveal All for the sake of the Movement. But, "I'll post mine if you post yours". Nick Szabo szabo at netcom.com From cdodhner at indirect.com Wed Aug 25 18:52:45 1993 From: cdodhner at indirect.com (Christian D. Odhner) Date: Wed, 25 Aug 93 18:52:45 PDT Subject: Source Code NOT available for ViaCrypt PGP Message-ID: <199308260150.AA01716@indirect.com> I talked once again with Dave Barnheart at ViaCrypt, and he told me: A) No source code will be available, due to the nature of the agreement between PKP and ViaCrypt. B) He is under 'a lot' of pressure to have a product 'on the shelves in under two months', and therefore the first release will be a MS-DOS version, then Macintosh, SVR4, SUN OS, and all of those unix versions, and that they will eventualy put out a windows product and start makeing improvements to the actual product. So in answer to (Paul Goggin's?) questions about verification of changes, "We'll Just Have To Trust Them(tm)" But look on the bright side... This will blow David Sternlight out of the water! Happy Hunting, -Simon Trask PGP public key available upon request. From bill at twwells.com Wed Aug 25 19:12:17 1993 From: bill at twwells.com (T. William Wells) Date: Wed, 25 Aug 93 19:12:17 PDT Subject: Visa, HNC Inc. develop neural network as a weapon to fight fraud In-Reply-To: <9308252250.AA17771@custard.think.com> Message-ID: In article <9308252250.AA17771 at custard.think.com>, Andy Wilson wrote: : Andy Wilson wrote: : : [mostly bogus stuff] : : That is irrelevant to cypherpunks, as I understand the list. : : The prospect of the impossibility of anonymity and the uses : to which personal information is made in a cashless economy is : not relevant? But that wasn't what you were writing about. You were writing about bad business decisions, not violations of privacy. For that matter, your notions on neural networks seem contradictory. On the one hand, you complain about a violation of privacy and on the other you complain that a neural network won't tell you how it reached its conclusions! : I beg to differ. This is exactly what digital : cash is meant to prevent. Digital cash and the use of neural networks to authenticate transactions are essentially orthogonal issues. : The problem with referring a neural network's decision to a human : is that the neural network gives no information other than the : probability of fraud. 1) This statement is false. It is true of some neural networks but not all. We have no way of knowing whether their neural network is among those. 2) A problem with *any* decision system is that people may place an unsupportable weight on some particular piece of evidence. Your "problem" is not that (some) neural networks give answers that can't be interpreted but that some people will use their answers in an inappropriate way. Blaming neural networks for bad *human* decision making is just plain silly. : There is not any : good way to combine the judgement of the neural net with that of a : human for that reason. Nonsense. As the existence of rule based systems that incorporate neural networks shows. : With respect, I have found AI Expert to consist more of marketing : hype than correct and useful information on artificial intelligence : technology. Oh, goodie, an ad hominem argument. But, as it happens, it is because AI Expert is so commercially oriented that it is an appropriate reference. It speaks to how, and why, AI gets deployed in business and that makes it just the right place to go. From plmoses at unix.cc.emory.edu Wed Aug 25 19:25:41 1993 From: plmoses at unix.cc.emory.edu (Paul L. Moses) Date: Wed, 25 Aug 93 19:25:41 PDT Subject: Digital Coin Claim Message-ID: <9308260224.AA10068@emoryu1.cc.emory.edu> The idea of Digital Gold, here, now seems to include a Chain of Title dimension. The idea that successive owners need to "record" the transfer from the previous owner just completely *baffles* me. A bearer instrument is payable to WHOEVER IS HOLDING IT. There are no title searches done on coins used in everyday commerce. What "hnash" proposes is probably do-able, but currency does not operate this way. On the other hand, this is exactly what you do with Real Property. I think that creating a chain of title for digicoins would defeat the whole purpose of the exercise. Creating a history of ownership is done in order to increase accountability, not privacy. And such a history is necessary only to clarify disputes over ownership, liens, defects....things which are simply not problems with currency and bearer instruments. The question is, what is the end to which this chain of title is being put? To verify that the holder is a "valid" holder? THIS IS IRRELEVANT. He who holds, owns. A safeguard MAY be introduced (such as a PIN) for public policy and convenience (ie people will not be scared of armed robbery), but it is a secondary measure. The digicoin is by definition (and purpose) SELF-AUTHENTICATING. Any computer magic here will only be the electronic equivalent of the red and blue fibers in the dollar bill paper, the seals, the complex designs and colors of other currencies, etc. Otherwise you don't have money. - Paul From plmoses at unix.cc.emory.edu Wed Aug 25 20:02:17 1993 From: plmoses at unix.cc.emory.edu (Paul L. Moses) Date: Wed, 25 Aug 93 20:02:17 PDT Subject: Digital Coin Claim Message-ID: <9308260256.AA14390@emoryu1.cc.emory.edu> Clarification 1) unix munched out on some text. Para 2: "such a history is necessary only to clarify with currency and bearer instruments disputes over ownership....arg try again now "to clarify disputes over ownership, liens, and defects - things which are simply not problems with bearer instruments" Clarification 2) Digicoins may differ from ordinary currency in being revocable, but this is not necessary. That is, X loses his digicoin. Y finds it and uses it. Just like money. OR: X loses his digicoin. Y finds it but cannot use it b/c Y does not know the PIN. OR: X loses his digicoin. Y could use the digicoin, but X calls the issuing bank and they cancel the digicoin number. In the last scenario, the one most compatible with the 'chain of title' or verification-type approach, there is clearly a major privacy problem. At least this is the way I see it... From newsham at wiliki.eng.hawaii.edu Wed Aug 25 20:12:18 1993 From: newsham at wiliki.eng.hawaii.edu (Timothy Newsham) Date: Wed, 25 Aug 93 20:12:18 PDT Subject: Source Code NOT available for ViaCrypt PGP In-Reply-To: <199308260150.AA01716@indirect.com> Message-ID: <9308260309.AA19952@toad.com> > > I talked once again with Dave Barnheart at ViaCrypt, and he told me: > A) No source code will be available, due to the nature of the > agreement between PKP and ViaCrypt. > > But look on the bright side... > > This will blow David Sternlight out of the water! will it? the NSA seems to be pretty happy with the way PKP handles things. PKP has an arangement with viacrypt not to release source. It might be safe, but I wouldnt trust it given the way that the NSA pushes commerce to install backdoors in strong encryption. > Happy Hunting, -Simon Trask > > PGP public key available upon request. btw, how did they get around PKP's rule about using the interface provided which uses DES ? From cjl at micro.med.cornell.edu Wed Aug 25 20:17:17 1993 From: cjl at micro.med.cornell.edu (Chris Leonard) Date: Wed, 25 Aug 93 20:17:17 PDT Subject: Viacrypt PGP source code unavailable Message-ID: <9308260315.AA07283@ micro.med.cornell.edu> >I talked once again with Dave Barnheart at ViaCrypt, and he told me: > > A) No source code will be available, due to the nature of the >agreement between PKP and ViaCrypt. > >So in answer to (Paul Goggin's?) questions about verification of changes, >"We'll Just Have To Trust Them(tm)" PUBLIC NOTICE: The question below reflects the curiosity of a cryptologically, and mathematically, fairly naive user of PGP. Isn't there some way to black box it the way engineers do with circuits? If you control the inputs, randseed, message, keys etc. that goes into each copy of the program aren't you going to be able to compare the outputs directly. Or are they going to be different everytime because of some randomization I am unaware of? remember the naive part :-) You may not be able to break PGP with a plaintext attack, but all you really need to know is that the output of the unsourced VIACrypt gives the same result as the freeware, don't you? Awaiting enlightenment, please be gentle it's my first time :-} C. J. Leonard Dave Burns writes: >2) Why should anyone value a digital gold coin in the first >place? Money has value because of people's expectation >(based on experience) that if they take it to a store they >can buy stuff with it. Where will digital gold obtain its >bootstrap value? Somebody has to start using it. Good question. At this point, we might call it "digital dirt" because no one values it at all. The important thing is that a limited quantity of an informational substance exists. Therefore, if some community wants to begin using information as a medium of exchange, a suitable "virtual substance" exists. Furthermore, the fact that these tokens are not backed by any particular organization may be essential. As I understand it, the US government prohibits its citizens from making private currencies that compete with the US dollar. But it doesn't prohibit them from trading any currencies they like. Therefore, as long as no-one guarantees digital gold (as long as its value is due only to convention), it should be legal. Yours Truly, ][adon Nash From hnash at mason1.gmu.edu Wed Aug 25 21:12:47 1993 From: hnash at mason1.gmu.edu (hnash at mason1.gmu.edu) Date: Wed, 25 Aug 93 21:12:47 PDT Subject: Digital Gold, a bearer instrument? Message-ID: <9308260411.AA08724@mason1.gmu.edu> Paul Moses writes: >A bearer instrument is payable to WHOEVER IS HOLDING IT. >There are no title searches done on coins used in everyday >commerce. ... > >The question is, what is the end to which this chain of title >is being put? To verify that the holder is a "valid" holder? >THIS IS IRRELEVANT. He who holds, owns. These are fine questions. Thanks for asking them. The purpose I have in mind for the chain of titles is as a way of establishing ownership of something which consists *wholey of information*. It is the closest approximation I can imagine to a bearer instrument for bearers who can have no physical contact. Please notice that the chain of titles is between *aliases* which do not reveal the identities of the people trading the coins. Only the people engaged in particular transactions can associate particular people with particular digital coins. Who owns digital coin #1? (It might be me, but it has already been transfered to a new alias once.) The chain of titles I have proposed does not increase accountability. The public cannot determine where the money is being spent, they can only determine the aliases which anonymously identify the latest owners. This is the bear minimum information that could make a peice of information valuable to the members of a community. Yours Truly, ][adon Nash From marc at Athena.MIT.EDU Wed Aug 25 21:32:18 1993 From: marc at Athena.MIT.EDU (Marc Horowitz) Date: Wed, 25 Aug 93 21:32:18 PDT Subject: Visa, HNC Inc. develop neural network as a weapon to fight fraud In-Reply-To: <199308252015.AA24986@access.digex.net> Message-ID: <9308260427.AA01502@steve-dallas.MIT.EDU> >> In the end, he felt that this intruision was a feature and touted it >> to me as a great reason to get an Amex card. All these guys are out >> there protecting you. >> >> Privacy advocates might have a different opinion. This topic came up in a side conversation at the Internet Mercantile Protocols BOF at the last IETF. We asked ourselves why credit card companies, banks, supermarkets, etc. were so keen on selling information about us. Not surprisingly, it came down to money. The AmEx example is a great one. By noticing patterns in my purchasing, they can try to notice a stolen card via a change in purchasing patterns. In the long run, this reduces my costs as an AmEx cardholder (or increases their profits). If I told them not to keep my spending patterns, they might not notice if my card was stolen and used. The law says my personal liability is limited, but AmEx has to cover its costs somehow, through their commission or yearly fee or whatever. Same goes for the supermarket reselling my buying patterns. If they can sell information about me, my groceries are cheaper (or they make money). Selling personal information is a competitive advantage. For most people, this is more important than privacy. People here have advocated setting up a Privacy Credit Union. I think this would be a great idea, but I think that its costs would be higher than its competitors. When it comes right down to it, privacy costs money. And, as antithetical as this may seem to us, many people will opt for more money in their pocket than more privacy. Cypherpunks will bank at Privacy Trust, use their Privacy Visa card, and make transactions via anonymous digital cash whenever they can. But other people, maybe even most people, will choose the higher interest rate or the cheaper credit card. We can create technologies, and maybe even infrastructure. But we can't make people use it. My rant for the day :-) Marc From ld231782 at longs.lance.colostate.edu Wed Aug 25 21:37:47 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Wed, 25 Aug 93 21:37:47 PDT Subject: AT&T & cable co. `internet for the masses' product announcements Message-ID: <9308260436.AA17507@longs.lance.colostate.edu> Two announcements on products that will bring internet to large audiences. One by Continental Cablevision Inc. The cable line one apparently uses special coaxial cable modems, and apparently is full-duplex (?). On front page of today's Wall St. Journal. Following that, AT&T announces the Interspan `Frame Relay Services and Information Access Services' to the internet. In the former, one gets `cost-effective' internet capabilities, in the later ``current Interspan customers and all global Internet users will be able to subscribe to the full range of messaging services from AT&T EasyLink Services including electronic mail, text-to-fax delivery and telex, and will be able to communicate with subscribers of non-Internet commercial network services worldwide.'' Access through current connections with new `virtual circuit' or by anyone at 300-14.4 bps in nationwide, toll free, seven digit number 950-1ATT, also an 800 number. Also, customers can register in an AT&T database for the DNS system with company names. Also, access to InterNic directory (hm, I wonder if that was built in preparation & anticipation of this). then stuff on the current EasyLink: 160 countries, electronic messages with data interchange, gateways from LANs, email, enhanced fax, etc. The critical question underlying all these services -- when will it be the case that a completely cyberspatial company is erected, free of harassment by archaic `internet acceptable use policies'? ===cut=here=== From: cook at path.net (Gordon Cook) Date: Tue, 24 Aug 1993 17:41:51 GMT >From today's Wall St. Journal "Cable Company is Set to Plug into Internet Cable Television will connect to the Internet, information pathway to millions of personal computer users world-wide, early next year through direct link up via Continental Cablevision Inc., one of the nation's largest cable operators. The service, which could greatly alter delivery of electronic information, would allow Continental's customers to plug PCs and a special modem directly into Continental's cable lines, said William Schrader, President of Performance Systems, a Herndon, VA. network services company that is Continental's partner in the project. The cable link would by pass local phone and other special hookups to access the internet directly. More significantly it would allow customers . . . to fetch whole kinds of information. . . at information superhighway speeds - as fast as 10 million bits per second. . . . Mr Schrader said. . . . . "This isn't some fluffy pie-in-the-sky vision," said David Fellows, a senior vice president at Continental. Added Mr. Schrader: "Other companies such as Time Warner inc in Orlando are talking about elaborate multimedia service tests. But our plan is small simple and easy. This will work." But while the new service holds much promise, no one is sure what the customer demand will be, especially at an estimated cost of $70 to $100 a month. . . . [Comment by G COOK Here the Journal gets confused. It seems to assume that the audience for this service is the same as for prodigy or for CATV home entertainment. NOT TRUE! The audience will be telecommuters, individual entrepreneurs, and small businessmen with their own LANs, and K-12 school districts, and local governments for whom $100 a month would be about 20% of what they would have to pay for equivalent service over regular internet RBOC phone access channnels.] Performance Systems, which provides a means for customers to hook up to the internet system , plans to install computer routers in the continental network. . . . The routers will be installed in the main hubs or "head end" facilities in continental's vast network, allowing easy extension of the new internet service to homes and businesses tethered to the cable company. For the customer's home or business computer Performance Systems will provide a special computer modem to reach the service. The two companies plan to announce the service today at an industry trade show in San Francisco. The first hookups are scheduled to take place in Cambridge Mass where Continental has many subscribers connected to Harvard University and the Massachusetts Institute of Technology." The rest of the article is plain vanilla what is the internet all about. This seems to me to be an extremely significant announcement that does not bode well for the RBOCs. I'd expect to see the rest of IP commercial service providers running hard to jump on the band wagon. _______________________________________________________________ Gordon Cook, Editor Publisher: COOK Report on Internet -> NREN 431 Greenway Ave, Ewing, NJ 08618 cook at path.net (609) 882-2572 Ask about my 15,000 word, $250, CATV vs. Telco's Internet & NII Study _______________________________________________________________ ===cut=here=== Date: Tue, 24 Aug 1993 18:04:27 -0500 From: farber at central.cis.upenn.edu (David Farber) Subject: rather PRey but still -- AT&T Announces New Internet Connectivity Options FOR IMMEDIATE RELEASE: Tuesday, August 24, 1993 AT&T Announces New Internet Connectivity Options BASKING RIDGE, N.J -- AT&T today announced new options that will provide a single-vendor solution for accessing both the global Internet and enhanced messaging services. These new options will be available in the first quarter of 1994 to customers of AT&T InterSpan (R) Services, AT&T EasyLink Services and the millions of people worldwide who use the Internet. There will be new connections to the Internet from AT&T InterSpan Frame Relay Services and Information Access Services. There also will be new connections from AT&T EasyLink Services to the Internet through AT&T InterSpan Services. Customers of InterSpan Services will gain a variety of convenient, cost-effective options to access the global Internet. At the same time, InterSpan customers and all global Internet users will be able to subscribe to the full range of messaging services from AT&T EasyLink Services including electronic mail, text-to-fax delivery and telex, and will be able to communicate with subscribers of non-Internet commercial network services worldwide. AT&T InterSpan Frame Relay Service customers will have access to the Internet by simply adding a single permanent virtual circuit to their existing connections. Similarly, InterSpan Information Access Service customers will be able to access the Internet at speeds ranging from 300 - 14400 bps with a nationwide toll-free, seven-digit number (950-1ATT). "Increasingly, organizations need to reach beyond their own boundaries to access the information and computing resources they need," said Jayne Fitzgerald, product line director, InterSpan Data Communications Services. "With these new options, our customers will have the opportunity to simplify their premises equipment needs and vendor interface requirements, as well as streamline their network management issues." For customers of AT&T EasyLink Services, who already have access to the global Internet, the new connections will mean improved reliability and performance for their Internet communications. "More and more people, including AT&T customers, want to have the option to communicate on the global Internet," said Sal Noto, product management vice president, AT&T EasyLink Services. "In providing that option, we're increasing the ease with which millions of people can access each other as well as the information they want and need." The new AT&T options will include a naming service based on the Domain Name System (DNS), a widely used method for naming and translating addresses on the Internet. With this service, AT&T customers will be able to register an Internet name of their choice--one that reflects their corporate identity, for example--and use that name for their communication on the Internet. AT&T also will offer to assist customers with selection, registration and maintenance of their names on the Internet. All of the new AT&T Internet connectivity options will support TCP/IP (Transmission Control Protocol/ Internet Protocol), the primary method for transferring information across various networks on the Internet. Customers of the new Internet connectivity options will be able to tap into the InterNic directory and database services. Provided by AT&T since April under a cooperative agreement with the National Science Foundation, these services make it easier for all Internet users to find available Internet resources. AT&T InterSpan Frame Relay Service and InterSpan Information Access Service are members of a comprehensive new family of high-quality, innovative data connectivity solutions designed to make it easier to link people, locations and information. The InterSpan Services facilitate faster, more efficient distributed computing for business through customized data services flexible enough to change and grow as a company evolves. AT&T EasyLink Services serves more than 160 countries and has sales and support offices in three dozen countries. AT&T EasyLink Services offers one of the broadest arrays of electronic messaging services in the market, including electronic data interchange, gateways from LAN-based e-mail systems and telex, in addition to electronic mail, enhanced fax and information services. # # # Editors' notes: The global Internet is a system of approximately 14,000 interconnected data networks, reaching more than 100 countries and serving commercial organizations, research organizations, governments and universities. By the end of 1993, more than 2 million computers, terminals and other devices will be accessible on the Internet. 950 access is currently available in 90% of the U.S. market. Where 950 access is not available and as back-up, an 800 number is provided. # # # From ld231782 at longs.lance.colostate.edu Wed Aug 25 22:17:48 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Wed, 25 Aug 93 22:17:48 PDT Subject: Thoughts on Posting to the List Message-ID: <9308260516.AA17960@longs.lance.colostate.edu> The topic of secrecy in development of various cypherpunk pet projects has been raised peripherally before by G. Toal and szabo at netcom.com (Nick Szabo) brings it up explicitly: >There are several business proposals floating around the cypherpunks >community that would require commercial licenses. I encourage the >various crypto-entrepreneurs elaborate if they wish. >Some of the proposals are quite interesting and illuminating. >There's a strong habit of keeping business ideas "trade secret", >which can be a bad idea, [...] I'd like to motivate anyone developing various projects to be candid in describing their development. After all, there is enough room in areas such as Digital Cash for the entire population. In publicizing your efforts, you can unite with others who are developing similar ideas and can point out weaknesses in approaches that may cost you dearly to discover otherwise. In fact, to be secretive about the development of critical projects is extremely counterproductive from the point of view of the overall movement. Only the NSA believes that it can (1) keep important technology under wraps, (2) gain the upper hand in doing so. To a large degree, this petty secrecy is probably inherent to the Cypherpunk personality, one of those nagging glitches in the group psyche that is continually tripping up true progress and prompting the recent introspective meanderings about Cypherpunks Stalled. However, in volunteering information about projects, I also recommend that the author develop a thick skin and not be dissuaded by any negative comments that attack the whole foundation of the proposal as misguided. It is better to have written a program and toss it aside than to have never written one at all. === Now, along totally opposite lines of *discouraging* postings to anyone proposing digital cash ideas (or cryptographic ones in general) -- please, read at least *one* article on the subject in a magazine before coming up with your own Digital Cash Scheme Supreme, which may look rather naive and simpleminded in retrospect of further focused, serious consideration. Minor criticisms aside, over almost a decade Chaum has done an *excellent* job of putting together very solid and ingenious systems, and in both articulating and accomplishing the critical goals at stake. In fact, in reading his descriptions, one often has that inescapable satisfaction that goes along with all great research and discoveries, the vague feeling along the lines of `I wouldn't have thought of that, but now that you point it out, it's obviously critical and important'. In particular, the two survey articles mentioned by H. Finney bear repeating: Scientific American, Aug 1992 p. 96, and Communications of the ACM, October 1985, p.1030. The first is a rather `user friendly' introduction that goes some detail on the `representative-observer' relationship and the basics of blinding. The latter describes in much more detail his three-tiered system for what might be called `social privacy' (hinting at but still lacking most of the mathematics): dining cryptographers protocol creating totally secure anonymity in communication, the digital cash transaction that guarantees total anonymity, and the idea of institutions granting `credentials' to allow a person to develop and maintain reputations completely pseudonymously. This is all very epochal work, perhaps only exceeded in importance by public key cryptography in influencing vast new social and technological infrastructures. From uri at watson.ibm.com Wed Aug 25 22:32:19 1993 From: uri at watson.ibm.com (uri at watson.ibm.com) Date: Wed, 25 Aug 93 22:32:19 PDT Subject: Viacrypt PGP source code unavailable In-Reply-To: <9308260315.AA07283@ micro.med.cornell.edu> Message-ID: <9308260527.AA19219@buoy.watson.ibm.com> Chris Leonard says: > >I talked once again with Dave Barnheart at ViaCrypt, and he told me: > > A) No source code will be available, due to the nature of the > >agreement between PKP and ViaCrypt. > Isn't there some way to black box it the way engineers do with circuits? > If you control the inputs, randseed, message, keys etc. that goes into each > copy of the program aren't you going to be able to compare the outputs > directly. Or are they going to be different everytime because of some > randomization I am unaware of? remember the naive part :-) Frankly, I see no real problems so far. But several good things: 1) PKP is going to get some royalties, so they're happy. Does it mean they're going to leave freeware PGP alone? 2) Business users, who didn't dare to use PGP fearing lawsuits, can now buy it officially and use legally. A big step forward. 3) As long as ViaCrypt will release patches, so that freeware PGP can stay in sync with their product, compatibility isn't an issue... 4) It's not too hard to build a test-suite for PGP to ensure it's implementation of IDEA is correct, and it's possible to check it's key generation/session key generation things. Of course key management isn't too big a deal either... Thus I don't think it requires too great an effort to trust ViaCrypt. And if not - buy their copy to stay legal and use the Source to be safe (:-). The only thing unclear to me yet is - what exactly is PKP going to do (if anything) about freeware PGP in USA? -- Regards, Uri uri at watson.ibm.com scifi!angmar!uri N2RIU ----------- From jet at netcom.com Thu Aug 26 00:22:21 1993 From: jet at netcom.com (J. Eric Townsend) Date: Thu, 26 Aug 93 00:22:21 PDT Subject: "more money than brains?" In-Reply-To: <9308260048.AA12637@netcom4.netcom.com> Message-ID: <9308260720.AA26178@netcom4.netcom.com> M. Stirner: > Only one question: WHY? If PGP is freeware for noncommercial single > users, why on earth would anyone wish to drop $100 +/- for single-user > rights to a virtually identical program? Well, I've had dealings with a couple of business clients who refuse to use freeware PGP it because of 'the shaky legal ground'. We explained that as a government agency, we can use PGP legally, and because (in each case) the business already had rights to use RSA for their own purposes, there was no problem. They said if they could buy it, that'd make it a lot easier to use. (These same businesses refuse to distribute FSF/GNU code for similarly vague legal reasons.) From mbriceno at aol.com Thu Aug 26 00:27:21 1993 From: mbriceno at aol.com (mbriceno at aol.com) Date: Thu, 26 Aug 93 00:27:21 PDT Subject: Bank misbehavior (was: Re: No digital coins?) Message-ID: <9308260321.tn19239@aol.com> Greg Broiles writes: > How easy IS it to start a credit union? Perhaps what we need is the > People's Sekrit Privacy Credit Union! 1/2 :) I would be ideal to start our own credit union. We could make it a haven of privacy and it would give us a base from which to implement digital cash. So all you law wizards out there: How much starting capital do we legaly need? What are the requirements? --Marc From mbriceno at aol.com Thu Aug 26 00:27:50 1993 From: mbriceno at aol.com (mbriceno at aol.com) Date: Thu, 26 Aug 93 00:27:50 PDT Subject: Source Code NOT available for ViaCrypt PGP Message-ID: <9308260321.tn19240@aol.com> Simon Trask writes: > A) No source code will be available, due to the nature of the > agreement between PKP and ViaCrypt. So we are supposed to trust it sight unseen? Why in the world would anyone buy an encryption program of questionable security --which any program for we can not get the source is-- when we can get a supposedy virtually identical program that we know is secure for free? > B) He is under 'a lot' of pressure to have a product 'on the shelves > in under two months', and therefore the first release will be a > MS-DOS version, then Macintosh, SVR4, SUN OS, and all of those unix > versions, and that they will eventualy put out a windows product and > start makeing improvements to the actual product. I can't help but wonder if the guy is feeling other pressures besides time pressures. Just thinking. I don't think that ViaCrypt will make much money of the people on this list. --Marc From b44729 at achilles.ctd.anl.gov Thu Aug 26 00:35:43 1993 From: b44729 at achilles.ctd.anl.gov (Samuel Pigg) Date: Thu, 26 Aug 93 00:35:43 PDT Subject: Attacks on remailers In-Reply-To: <199308251542.AA23719@mwunix.mitre.org> Message-ID: <9308260733.AA26970@achilles.ctd.anl.gov> >>>>> On Wed, 25 Aug 93 11:39:11 EDT, J_G_Thomas%CAASD1 at mwmgate1.mitre.org said: Joe> Samuel Pigg wrote: > Actually what I was proposing was the direct usage of SMTP itself rather > than going through the host machine's mail system. As anyone can do it, > it would help with the usage of student accounts as remailers. > And with direct SMTP (socket connections to port 25 of the receiving machine) > you have some control over the header information that is generated. > The protocol is outlined in RFC821 if anyone wants to look at it. Joe> The trouble is, one side (the receiver) is still keeping Joe> logs, since only sendmail (or some other root process Joe> doing the same job) can bind to port 25. On most Joe> machines, that means logs. There are plenty of ports Joe> over 1000 that user processes can bind to, and that Joe> cypherpunk remailers can support, if we want to go that Joe> way. I think it's worth thinking about. (This is in Joe> addition to receiving mail delivered normally to their Joe> e-mail adresses, probably either by port-25/sendmail or Joe> uucp). Joe> We could start by having cypherpunk remailers talk to Joe> _each_other_ on an agreed- upon, unlogged port, using RFC Joe> 821 protocol. Final hops to non-remailer addresses will Joe> have to be handled on port 25, of course, but within the Joe> remailer web we can avoid sendmail logs entirely. After Joe> that's implemented, we could talk about using a different Joe> protocol. Joe> A new protocol is probably the cleanest way to solve the Joe> problem of traffic analysis of messages addressed with Joe> encrypted address blocks. The best way to get security Joe> in a remailer chain is to nest your encryption, so only Joe> one layer gets peeled off in each remailer hop. That Joe> isn't possible with encrypted address blocks, since the Joe> sender will only know the address (and public key) of the Joe> first remailer in the chain. All hops after the first Joe> one must send the same message out as they got in, with Joe> just a layer off the encrypted address block. But if Joe> remailers talked to each other by first doing RSA-signed Joe> Diffie- Hellman key exchange, then encrypting the Joe> traffic, a packet snooper wouldn't be able to correlate Joe> incoming and outgoing messages. Joe> Thoughts? I think this is probably the best solution proposed to date. Does the RSA-signed DH key exchange mentioned above provide security against possible spoofing on the remailer machine (someone else using the agreed-upon port)? How exactly would such a thing be implemented? Joe> Joe (they're trying to pry me away from my NeXT, so don't Joe> reply directly to the From: line; use jthomas at mitre.org) On the user side, I think a good tool to augment this would be a mailer program which kept a list of the functioning remailers with keys, and randomly selected a route through them using a random (reasonable) number of hops, and performing the necessary nested encryptions. Then it could start the remailer hopping process via special socket connection to the first remailer in the chain. Perhaps a protocol could be worked out for the mailer program to request from any one of the remailers a current list of the functioning remailers? (in an effort to transparentize the process some more, as manually maintaining a list of current remailers would be tedious.) We would need to work out the protocol details beforehand, such as how to handle busy ports etc. (Who wants to work on this project with me?) Can someone supply a reference for DH key exchange? (for me, as I don't know the details and so can't implement it. (is it patented?)) -Sam From Jon.Barber at isltd.insignia.com Thu Aug 26 01:02:21 1993 From: Jon.Barber at isltd.insignia.com (jon barber) Date: Thu, 26 Aug 93 01:02:21 PDT Subject: Visa, HNC Inc. develop neural network as a weapon to fight fraud Message-ID: <1337.9308260756@panacea> > Visa, HNC Inc. develop neural network as a weapon to fight fraud About time too. I recently had a run in with a local bike mechanic and had to stop a cheque for 650 pounds. However, my cheque guarantee card is also a Visa card, and so the scumbag filled out a Visa slip using the details on my cheque - without my permission of course. This was successfully paid to him by Visa. However, I told my bank what had happened and they freaked. It seems I'm definitely going to get the money back after about 3 months (!!). The bank were very embarrassed and want me to tell the police as it's a criminal offence. It's always struck me how people could easily fill out Visa slips from discarded receipts, get the money and split. Jon. From gg at well.sf.ca.us Thu Aug 26 01:42:22 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Thu, 26 Aug 93 01:42:22 PDT Subject: Coming Soon: Commercial version of PGP! Message-ID: <93Aug26.013902pdt.14441-4@well.sf.ca.us> How soon before a Mac compatible version is available? Or will the current version run under Soft PC on the Mac, which is essentially a PC-emulator...? If yes to either, sign me up...! -gg at well.sf.ca.us From gg at well.sf.ca.us Thu Aug 26 02:02:22 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Thu, 26 Aug 93 02:02:22 PDT Subject: Source Code NOT available for ViaCrypt PGP Message-ID: <93Aug26.015906pdt.14440-4@well.sf.ca.us> What about the idea of having someone who is known trustworthy examine the source code under nondisclosure? A passing grade from a couple of the respected members of the community here would be great for ViaCrypt's promotional efforts, if nothing else...! -gg From khijol!erc at apple.com Thu Aug 26 02:12:23 1993 From: khijol!erc at apple.com (Ed Carp) Date: Thu, 26 Aug 93 02:12:23 PDT Subject: Source Code NOT available for ViaCrypt PGP In-Reply-To: <9308260321.tn19240@aol.com> Message-ID: > > B) He is under 'a lot' of pressure to have a product 'on the shelves > > in under two months', and therefore the first release will be a > > MS-DOS version, then Macintosh, SVR4, SUN OS, and all of those unix > > versions, and that they will eventualy put out a windows product and > > start makeing improvements to the actual product. > > I can't help but wonder if the guy is feeling other pressures besides time > pressures. Just thinking. I don't think that ViaCrypt will make much money of > the people on this list. I think he's trying to run ahead of Clipper and the resulting encryption ban. Make a lot of $$$ from people by selling them soon-to-be-"useless" software. What a scam... -- Ed Carp, N7EKG erc at apple.com 510/659-9560 anon-0001 at khijol.uucp If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From remail at tamsun.tamu.edu Thu Aug 26 03:05:44 1993 From: remail at tamsun.tamu.edu (remail at tamsun.tamu.edu) Date: Thu, 26 Aug 93 03:05:44 PDT Subject: E-trade opinions (fwd) Message-ID: <9308261003.AA12504@tamsun.tamu.edu> Forwarded from misc.invest: In article <476 at complex.complex.is> frisk at complex.is (Fridrik Skulason) writes: >Do you ever thing we will see something like E-trade on the Internet ? They tell me that the Internet is not secure, so you would risk having your password compromised. But, yes, I assume that this will come eventually. >I would really like to see a service I could connect to using Telnet...as the >services that are currently available are impractical for me - AOL is totally >out of the question, as connecting to them would involve an international >phone call, and CompuServe would require going through the X.25 network, >which is not cheap either....I already pay around $7000/year for decent >Internet access, and don't want to double that by using X.25 I have been told that one can telnet to compuserve.com, but when I tried it I got Unknown host. .... From M..Stirner at f28.n125.z1.FIDONET.ORG Thu Aug 26 04:32:55 1993 From: M..Stirner at f28.n125.z1.FIDONET.ORG (M. Stirner) Date: Thu, 26 Aug 93 04:32:55 PDT Subject: "more money than brai Message-ID: <2112.2C7C984F@shelter.FIDONET.ORG> Uu> From: bei at dogface.austin.tx.us (Bob Izenberg) # Only one question: WHY? If PGP is freeware for noncommercial single # users, why on earth would anyone wish to drop $100 +/- for single-user # rights to a virtually identical program? Uu> Dumb as it may sound, at work the people from Finance want to see that Uu> we've paid for all the software on our machines. Yes, I've received several replies like yours, but note that company use was not the question - I understand the "why" there, complete with all the corporate shareware/freeware phobia - but the question was why a _private single user_ would pay $100 for the honor of a licensed private single-user release of a freeware program. THAT doesn't make sense, thus my question. . Conceivably, someone with assets (certainly not me, but I suppose such people exist somewhere) might be worried about the sound & fury emanating from PKP concerning lawsuits against all freeware PGP users, but $100 is mighty high insurance against an event with that low of a probability. ********************************************************************* * - PGP Key D30909 via servers * * > What country can preserve its liberties if its rulers are not <* * > warned from time to time that their people preserve the spirit <* * > of resistance? Let them take arms!" - Thomas Jefferson, 1787 <* ********************************************************************* ___ Blue Wave/QWK v2.12 -- M. Stirner - via FidoNet node 1:125/1 UUCP: ...!uunet!kumr!shelter!28!M..Stirner INTERNET: M..Stirner at f28.n125.z1.FIDONET.ORG From M..Stirner at f28.n125.z1.FIDONET.ORG Thu Aug 26 04:32:57 1993 From: M..Stirner at f28.n125.z1.FIDONET.ORG (M. Stirner) Date: Thu, 26 Aug 93 04:32:57 PDT Subject: "more money than brai Message-ID: <2111.2C7C984E@shelter.FIDONET.ORG> Uu> From: szabo at netcom.com (Nick Szabo) > M. Stirner: > Only one question: WHY? If PGP is freeware for noncommercial single > users, why on earth would anyone wish to drop $100 +/- for single-user > rights to a virtually identical program? Uu> There are several business proposals floating around the cypherpunks Uu> community that would require commercial licenses. Note that I was not speaking of commercial, but single-user licenses. Uu> I encourage the Uu> various crypto-entrepreneurs elaborate if they wish. Uu> Some of the proposals are quite interesting and illuminating. Uu> There's a strong habit of keeping business ideas "trade secret", Uu> which can be a bad idea, since (a) many of the ideas Uu> are obvious; trade secrets only work for subtle but important Uu> technological bottlenecks known to a small group of mutually Uu> trustworthy people, and (b) many of the ideas need to Uu> debugged by a wide variety of crackers and experts before they will Uu> provid good privacy. Trade secrets also inhibit the progress Uu> of the cypherpunks agenda, but that's a judgement call; I myself Uu> dont' feel morally bound to Reveal All for the sake of the Uu> Movement. But, "I'll post mine if you post yours". I feel rather in the dark. If you are going to say something, please say it. I had my circumlocution buffer filled by noon today by others who beat you to the punch. However, the mere mention of money makes my cute little ears stand right up, assuming it's not in non-negotiable digital gold coins, which niether my landlady nor the Arab bodega where I buy my menudo will accept... . ~ . M. ... "The good & the possible never seemed to coincide."Orwell ___ Blue Wave/QWK v2.12 -- M. Stirner - via FidoNet node 1:125/1 UUCP: ...!uunet!kumr!shelter!28!M..Stirner INTERNET: M..Stirner at f28.n125.z1.FIDONET.ORG From fergp at sytex.com Thu Aug 26 04:42:26 1993 From: fergp at sytex.com (Paul Ferguson) Date: Thu, 26 Aug 93 04:42:26 PDT Subject: Data battles amongst the "Big Three" Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Wed, 25 Aug 93 22:36:33 -0600, "L. Detweiler" wrote - > Two announcements on products that will bring internet to large > audiences. One by Continental Cablevision Inc. The cable line one > apparently uses special coaxial cable modems, and apparently is > full-duplex (?). On front page of today's Wall St. Journal. > Following that, AT&T announces the Interspan `Frame Relay Services and > Information Access Services' to the internet. In the former, one gets > `cost-effective' internet capabilities, in the later Forgive me for furthering this slightly off-topic thread, but Sprint has been offerring Frame Relay data sevices for quite some time, both for private wide-area networks and for interconnectivity to the global internet via SprintLink. Now, Sprint will beat everyone else to the punch offerring up ATM - excerpted from: Communications Week August 23, 1993 pages 1, 144 Sprint Takes Lead in ATM Service Race by Robin Gareiss San Francisco -- Four months ahead of schedule, Sprint will announce this week that its asynchronous transfer mode transmission service is available immediately, according to industry analysts. The service, to be introduced at the INTEROP 93 August show here, will be the first ATM service from a major long distance carrier. [....] Sprint plans to announce flexible, user-specific pricing, according to Jeffrey Held, partner with Ernst & Young's Network Strategies practice, Vienna, Va. Sprint briefed Held on its announcement last week. Sprint originally had planned to make its ATM service available in first-quarter 1994. According to sources, the carrier has been able to step up its plans because trials have gone more smoothly than anticipated. [....] Sprint will let users access its ATM-based service via local switched multimegabit data service or dedicated -T-3 lines, sources said. As specifications evolve, Sprint also will develop interfaces between its ATM and frame-relay and SprintLink TCP/IP services, Held said. [....] 8<-------- End excerpt ------ ferguson at icp.net ,-) -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBLHyJbpRLcZSdHMBNAQHeOgP/Q/sY8kOcjsCF41+GNUl325TX00R0TtJw sxqxGw++lSsRWeA+T+fAU5at9oPaiE7zVgAgNBGoQjGy4Bz+paiyIjK+Mi9YHqa4 ufTKq2bV3ZutruznR1Nk9j3zYi/zGIkdrNg05y4pvEUcLeEgRTfnzo2EhXIu6M5l t6cUjP1XhlY= =exLc -----END PGP SIGNATURE----- Paul Ferguson | "Government, even in its best state, Network Integrator | is but a necessary evil; in its worst Centreville, Virginia USA | state, an intolerable one." fergp at sytex.com | - Thomas Paine, Common Sense Type bits/keyID Date User ID pub 1024/1CC04D 1993/03/15 Paul Ferguson Key fingerprint = EE D2 93 7D 04 6D C6 05 AC 36 AD 9D 8E 4F 41 58 From vince at dsi.unimi.it Thu Aug 26 05:47:26 1993 From: vince at dsi.unimi.it (David Vincenzetti) Date: Thu, 26 Aug 93 05:47:26 PDT Subject: Source Code NOT available for ViaCrypt PGP Message-ID: <9308261246.AA22555@pluto.sm.dsi.unimi.it> > Just thinking. I don't think that ViaCrypt will make much money of > the people on this list. Very true. Too bad that PGP is going commercial. Even worse the fact that sources won't be available. If PGP will become a commercial product and the public domain version will be unsupported or ``left behind'' in respect of the commectial version, then I believe that some hackers will start hacking the public domain version (probably infringing PGP's copyright as well), a new version, newly-featured version of PGP (let's call it NPGP) will start being used and then the commercial version of PGP will become suspect, poorly trusted and unpopular in the Internet community. -- David Vincenzetti, system adminitrator | DSI, Universita` degli Studi di Milano, | phone: ++39 2 55006 391 via Comelico 39, 20135 Milan, ITALY | fax: ++39 2 55006 373 From talon57 at well.sf.ca.us Thu Aug 26 07:22:28 1993 From: talon57 at well.sf.ca.us (Brian D Williams) Date: Thu, 26 Aug 93 07:22:28 PDT Subject: info; ATM Message-ID: <93Aug26.071800pdt.13947-1@well.sf.ca.us> Paul Ferguson wrote; >Forgive me for furthering this slightly off-topic thread, but >Sprint has been offerring Frame Relay data sevices for quite some >time, both for private wide-area networks and for >interconnectivity to the global internet via SprintLink. Now, >Sprint will beat everyone else to the punch offerring up ATM - Too late; MFS plugs in leading-edge network for high-speed data transfers MFS Communications Corp. claimed the technological lead among data communications service providers last week with the launch of its end-to-end asynchronous transfer mode network. MFS, an upstart better known for its successful challenges to local telephone company monopolies, claims to have set up the first ATM network in the country. But analysts say that distinction could be fleeting, as at least one other service provider -- Sprint Corp. -- is expected to offer a similar service by year-end. Although these systems can carry regular telephone conversations, they are most apt to be used to transmit huge volumes of computer data and to make it possible for computers in widely separate locations to work together. Ultimately, Royce Holland, president of MFS, sees ATM networks providing the backbone for a telecommunications infrastructure that supplies movies to home television sets at the touch of a button. Investor's Business Daily -- August 24 -- Page 4 Sprint was also before congress last week asking that MFJ restrictions against the RBOC's entry into long distance be codified into law, and that they (the RBOC's) be restricted from entry into long distance for 10 years! can you say competition? Brian Williams Ameritech data center Cypherpatriot From frissell at panix.com Thu Aug 26 07:25:46 1993 From: frissell at panix.com (Duncan Frissell) Date: Thu, 26 Aug 93 07:25:46 PDT Subject: Visa, HNC Inc. develo Message-ID: <199308261423.AA00547@panix.com> To: cypherpunks at toad.com M >Same goes for the supermarket reselling my M >buying patterns. If they can sell information about me, my groceries M >are cheaper (or they make money). Selling personal information is a M >competitive advantage. For most people, this is more important than M >privacy. M > M > Marc But it's trivial in the case of supermarket "Price Plus" card programs to use a nome de guerre and a mail drop (which you should be using in any case). Thus you get the discount and the supermarket gets purchasing info which may or may not match your actual demographics depending on whether or not you lied about those as well as your name on the initial ap. Secured credit cards allow you similar anonymous use of payment facilities (if obtained in a nome de guerre) without surrendering privacy. That said, I realize that it is difficult even to convince civilians of the benfits of receiving all their mail via an agent. They consider it weird. Perhaps "celebrity stalkers" and the general breakdown in civility will ecourage the use of communications screening devices like mail receiving services, voice mail, and the coming network-based communications servers. Duncan Frissell What this metaverse needs is a cheap anonymous communications server for all who want one. This software entity located "somewhere on the nets" would receive all email, voice, fax, video, and VR communications directed to an individual, record and filter them, and forward (anonymously) those communications that meet certain pre-established criteria to its principal located "somewhere on the nets." --- WinQwk 2.0b#0 From cme at ellisun.sw.stratus.com Thu Aug 26 07:35:47 1993 From: cme at ellisun.sw.stratus.com (Carl Ellison) Date: Thu, 26 Aug 93 07:35:47 PDT Subject: Source Code NOT available for ViaCrypt PGP In-Reply-To: <9308260309.AA19952@toad.com> Message-ID: <9308261032.ZM2500@ellisun.sw.stratus.com> -----BEGIN PRIVACY-ENHANCED MESSAGE----- Proc-Type: 2001,MIC-CLEAR Originator-Name: cme at ellisun.sw.stratus.com Originator-Key-Asymmetric: MIGbMAoGBFUIAQECAgP+A4GMADCBiAKBgCl79/jl0DEVl1GQzOHlzjDmChDDxnWO Acd7jShj2x1vclFh6vbHx9IJqkQdwNhNAWf8XnTrqBDN+VSBc1qdT6nSEAbNPxHD XcvY2DudhuRaRBVLgUQ4scTK657m90Q+bTL5yIh2MaFipUw9BgbIXPTDlksSskWP 9oHjo+pCJC+lAgMBAAE= MIC-Info: RSA-MD5,RSA, DT+ZyepTl4TuHEa3jiojjmLnH8GYnfP2owhSC0rQO7sq6vsmgUifrl/usgJ4VckB kxc7p7GK1kMeqPRG/1LLHcZDpOYvWEhbLSmV/xKpZ+nmj/wd0oBARuxd7nmRnxbS DE4WJzaT3I3rhREjtY0fjB/WFZCglu5IpOgsHuGlY/0= On Aug 25, 5:05pm, Timothy Newsham wrote: > > But look on the bright side... > > > > This will blow David Sternlight out of the water! > > will it? > the NSA seems to be pretty happy with the way PKP handles things. > PKP has an arangement with viacrypt not to release source. > It might be safe, but I wouldnt trust it given the way that > the NSA pushes commerce to install backdoors in strong encryption. As long as there is an approved version (ie., non-commercial, made by the PGP cabal) -- interoperability will prevent any sneaking of back doors into the message stream. The only place to worry is with key generation, both IDEA and RSA. I wouldn't be surprised if they're using the BSAFE object code or something equivalent. In that case, key generation (random number routines, actually) might be outside the package. Does anyone here know? > > btw, how did they get around PKP's rule about using the > interface provided which uses DES ? If they're using a general purpose, purchased library from RSA (not RSAREF) then there's no built-in DES limitation. Meanwhile, I'm looking forward to the commercial version, for my machine here at work. Until then, I'm limited to RIPEM -- which few others on this list speak. - <> - Carl Ellison cme at sw.stratus.com - Stratus Computer Inc. M3-2-BKW TEL: (508)460-2783 - 55 Fairbanks Boulevard ; Marlborough MA 01752-1298 FAX: (508)624-7488 -----BEGIN RIPEM PUBLIC KEY----- User: cme at ellisun.sw.stratus.com PublicKeyInfo: MIGbMAoGBFUIAQECAgP+A4GMADCBiAKBgCl79/jl0DEVl1GQzOHlzjDmChDDxnWO Acd7jShj2x1vclFh6vbHx9IJqkQdwNhNAWf8XnTrqBDN+VSBc1qdT6nSEAbNPxHD XcvY2DudhuRaRBVLgUQ4scTK657m90Q+bTL5yIh2MaFipUw9BgbIXPTDlksSskWP 9oHjo+pCJC+lAgMBAAE= MD5OfPublicKey: 39D9860686A9F075A9A83D49589C677A -----END RIPEM PUBLIC KEY----- >-- End of excerpt from Timothy Newsham -----END PRIVACY-ENHANCED MESSAGE----- From cme at ellisun.sw.stratus.com Thu Aug 26 08:27:29 1993 From: cme at ellisun.sw.stratus.com (Carl Ellison) Date: Thu, 26 Aug 93 08:27:29 PDT Subject: Source Code NOT available for ViaCrypt PGP In-Reply-To: Message-ID: <9308261125.ZM2808@ellisun.sw.stratus.com> On Aug 26, 1:14am, Ed Carp wrote: > > I think he's trying to run ahead of Clipper and the resulting encryption ban. > Make a lot of $$$ from people by selling them soon-to-be-"useless" software. > > What a scam... Is anyone taking bets on encryption bans? I can't believe that the public would allow the gov't to get away with one. Of course, that's no reason to get complacent. We still need to continue flooding the country with decent S/W (non-escrowed) encryption. If each user of RIPEM or PGP would get one newcomer to start using it every month, for example, it would take less than 18 months to get the whole US covered. - Carl From still at kailua.colorado.edu Thu Aug 26 09:42:29 1993 From: still at kailua.colorado.edu (James Still) Date: Thu, 26 Aug 93 09:42:29 PDT Subject: Source Code NOT available for ViaCrypt PGP Message-ID: <2C7CF52E@kailua.colorado.edu> Carl wrote: >> I think he's trying to run ahead of Clipper and the resulting encryption >ban. >> Make a lot of $$$ from people by selling them soon-to-be-"useless" software. >> What a scam... > >Is anyone taking bets on encryption bans? [...] >If each user of RIPEM or PGP would get one newcomer to start using it >every month, for example, it would take less than 18 months to get the >whole US covered. Are there any volunteers among the Windows guru/programmer's here to kick out a shell that supports PGP? 2.3a is *much* more stable than 2.2 (and runs great from within PGPShell .PIF'd from Windows.) IMHO only a fraction of Carl's newcomers will even take a second look at PGP unless there's an interface for it. Our privacy shtick falls short on the masses that don't understand our zealotry or the need to protect their own privacy. They want it to be *fun* and could care less about the conspiracies involved. First you get the teeming millions to enjoy what they're doing (see? encryption is fun kids!) and more importantly, feel very comfortable using encryption tools. That way if the fateful day of encryption bans does come, these tools will be as hard to take away from them as from a Texan who first learns to shoot his father's gun. ---- still at kailua.colorado.edu ------------------------------------- From klbarrus at owlnet.rice.edu Thu Aug 26 10:22:30 1993 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Thu, 26 Aug 93 10:22:30 PDT Subject: blinding message & newbie questions Message-ID: <9308261719.AA16210@elf.owlnet.rice.edu> -----BEGIN PGP SIGNED MESSAGE----- [I think I messed up when I responded originally ... KLB] Sure, I'll take questions :-) I may be a little slow in responding at the moment. >> Conceptually, when you blind a message, nobody else can read it. >So "blinding" is a synonym for encryption with your own public >key, aka multiplication by a very-hard-to-factor number? Not exactly. Blinding/Unblinding is multiplication; Encryption/Decryption is exponentiation. While I can unblind a document without knowing phi(n), I cannot decrypt a message without knowing phi(n). Knowing phi(n) is equivalent to knowing how n factors, so this is intractable. phi(n) = Euler totient function. >> under the right circumstances if another >> party digitally signs a blinded message, the unblinded message will >> contain a valid digital signature. >In other words if Alice encrypts and Bob signs, Da(Db(Ea(M))) = Db(M)? >Under what conditions? Does RSA (in PGP) satisfy those conditions? The conditions are usually satisfied. Offhand, the only one I can think of is that x and n must be relatively prime, otherwise there is no inverse of x mod n. With really huge numbers, the chances of guessing x such that gcd(x,n) != 1 are very small. If this does happen, then you've guessed x such that x is a multiple of one of the factors of n! Time for somebody to pick a new p,q, and n :-) As far as PGP, I think the only messages PGP produces are exponentiated. I mean, PGP doesn't produces messages obscured only by a muliplication factor; the ascii snow messages PGP generates are encrypted, signed, compressed, or all of the above. So this doesn't arise. >> If someone asks >> you to digitally sign a random stream of symbols, remember that what you >> sign may be unblinded to reveal a contract, etc. >For what applications would Bob want to sign an encrypted contract >instead of a plaintext? Let me get back on this. I beleive the general name these sorts of protocols go under is "embassy protocols". They are useful in things such a digital cash: blind a message, and get the bank to sign it. Then unblind and you have a valid, digitally signed piece of cash. The bank is unable to track it since it couldn't read it (message was blinded when the bank signed), but the bank can verify that the cash is digitally signed by them. It also arises in automatic protocols: say in computer security. If the computer sends a challenge string which you decrypt and send back, the computer can encrypt with your public key to verify you. If the challenge string is random, you may have unwittingly digitally signed a blinded document that is not in your favor... The cut-and-choose protocol allows a person to sign a blinded document and be sure they aren't signing something else. I'll get back on this as well. /--------------------------------------------------\ | Karl L. Barrus | | klbarrus at owlnet.rice.edu | | D1 59 9D 48 72 E9 19 D5 3D F3 93 7E 81 B5 CC 32 | \--------------------------------------------------/ -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLHzwP4OA7OpLWtYzAQEyuQP/Vrc5tB5TfbDc0/FRWN9uALdSZk/JZNwX UYmFfKHQzhYdqJkoOrDE+MMHbJaGuZkuSnYUbIEAFvos6SRPI9doRAvyWnKjQKfp 9h04BMGrB3IoHPBqK59CbH+jNtNc3hYgWw4zSpaFo3+1aEPM+WUHQ2plO2KjJSJg 2M272Y2Y3IE= =tHuX -----END PGP SIGNATURE----- From bryan at fegmania.wustl.edu Thu Aug 26 10:52:30 1993 From: bryan at fegmania.wustl.edu (bryan o'connor) Date: Thu, 26 Aug 93 10:52:30 PDT Subject: No Subject Message-ID: <9308261751.AA00635@fegmania.wustl.edu> subscribe bryan at fegmania From thug at phantom.com Thu Aug 26 11:05:47 1993 From: thug at phantom.com (Murdering Thug) Date: Thu, 26 Aug 93 11:05:47 PDT Subject: Commercial PGP: Verifying Trustworthiness Message-ID: Here's a real simple way to verify the trustworthiness of the commercial version of PGP. It's a bidirectional comparison of outputs. 1) Have freeware PGP generate a set of keys. 2) Using keys from (1) encrypt several files using both conventional and public key encryption using freeware PGP _and_ commercial PGP, then compare the output byte-for-byte of both to see if they match up. 3) Have commercial PGP generate a set of keys. 4) Using keys from (3) encrypt several files using both conventional and public key encryption using freeware PGP _and_ commercial PGP, then compare the output byte-for-byte of both to see if they match up. Basically, if both commercial PGP and freeware PGP produce exactly the same encrypted files as output based on the same keys, and if you have the source code and can trust freeware PGP, then it can be stated that commercial PGP is secure. I'm no expert on mathematical proofs, but the above seems very logical to me. I'm assuming the NSA will pressure ViaCrypt to put in a backdoor. One possible backdoor that can be placed inside the commercial PGP and still allow it to pass the above test is if commericial PGP secretly writes all keys and pass phrases to a block on your hard disk, and marks that block as used to the file system. In order to prevent you from scanning your hard disk and finding that block, the information stored there could be encrypted by a key which the NSA has in it's possession. I would never use commercial PGP because I do not place inherent trust in programs which come with no source code, and commercial PGP doesn't come with source code. Thug From honey at citi.umich.edu Thu Aug 26 11:25:47 1993 From: honey at citi.umich.edu (peter honeyman) Date: Thu, 26 Aug 93 11:25:47 PDT Subject: Commercial PGP: Verifying Trustworthiness Message-ID: <9308261825.AA25232@toad.com> > Basically, if both commercial PGP and freeware PGP produce exactly the > same encrypted files as output based on the same keys, and if you have > the source code and can trust freeware PGP, then it can be stated that > commercial PGP is secure. pgp and viacrypt will always generate differnt outputs: pgp adds some pseudo-random stuff to the start of the file it is encrypting to ensure that a file encrypts differently each time. peter From hughes at soda.berkeley.edu Thu Aug 26 11:32:31 1993 From: hughes at soda.berkeley.edu (Eric Hughes) Date: Thu, 26 Aug 93 11:32:31 PDT Subject: PROTOCOL: Encrypted open books Message-ID: <9308261828.AA12936@soda.berkeley.edu> Note: I started this reply last week; I've decided to post what I know, since I don't have a solution and I've run out of simple ideas for now. Hal' criticism that (real) money could leak out of the system is correct. The problem is that while the books would still balance, i.e. sum to zero, some fake depositor would have a negative balance, the net result of taking out more money than you put in. Negative numbers just aren't allowed in double-entry bookkeeping, but they were allowed in the first protocol set. The first part of the solution is to allow no private accounts on the left hand (asset) side of the ledger, in other words, no anonymous loans. A protocol for doing anonymous loans could be invented, but since the first problem is merely to run a money exchange and not more complicated financial services, this is acceptable. Most of the money that left the S&L's was by corrupt loan practices, so I don't consider this omission a particularly glaring one right now. Therefore all the private accounts must be on the right hand side, that is, they are all liabilities. In layman's terms, the bank owes you; should you ask for your money, they have to give it to you. If we can verify that each of these accounts never goes negative, then we can be certain that if the books balance, that the amounts of money in each account are accurate. Consider this. If money was transferred from your account to another one, that transaction shows up in the public encrypted transaction record. If you have due diligence over this record, you can assertain that no transaction was performed against your will. This case corresponds to a debit and credit against two customer accounts, decreasing one and increasing the other. Another way that money might end up in a fake account if it were credited with assets. A debit to an asset increase its value and the credit to the account increases that value. This is the case of a deposit; the bank gets cash (+asset) and credits someone's account (+account). Now if they want to give someone money this way, they have to do so by increasing the assets somehow; in other words, they money has to come from somewhere. It didn't come from any of the customers because they've already verified that. It didn't magically appear from one of the other asset accounts because these are all publically audited. In summary, we need to ensure that all accounts have positive balance. Public accounts can be revealed and seen to be positive. Private accounts need a cryptographic assurance. A private account starts off at zero. This can be publically revealed. Then to the encrypted transaction log and the public cyclic balances we add publication of the private balances in encrypted form that allows us to verify to the blinded balance is positive. This balance is verifiably linked to previous cyclic balances via the transaction log. It is therefore linked all the way back to the beginning balance which was zero. Consider all the transaction triples for which the first element is equal to the private account in question, since the account was opened. Take a product of all of the second elements and a product of all the third elements. It is clear that these products can be calculated inductively from the previous cyclic products and the activity in this cycle. The products on second and third elements are equal to g^( Sum x_i,j,t + Sum r_i,j,t ), h^( Sum r_i,j,t ) where I've added a time index by cycle which was implicit before. The notation for the inductive calculation is different, of course, and also obscures the underlying invariant. What we want is a certificate that Sum x_i,j,t is positive. Here it gets a bit hairy. There are likely other solutions to this technical requirement; here is the one I thought up yesterday and today. I thought I had an idea with promise on how to create such certificates using quadratic residuosity, but it doesn't work. I'm still thinking about it; this certificate doesn't seem impossible to create, but the standard ideas that I know about in algebraic protocol design don't seem to work. If anybody wants to work on this technical point off-line with me, send me mail. The math involved is advanced enough that I'd prefer to post summaries of work rather than all the detailed discussion. Another non-technical attack on the problem is to require periodic bank holidays, where all private balances will be revealed to be zero (preferably), or whatever is actually in the account. This doesn't prevent owner fraud, but does put an upper bound on the time in which to perpetrate it. Eric From yerazunis at aidev.enet.dec.com Thu Aug 26 11:47:31 1993 From: yerazunis at aidev.enet.dec.com (Read me doctor memory! 26-Aug-1993 1434) Date: Thu, 26 Aug 93 11:47:31 PDT Subject: ViaCrypt's PGP Message-ID: <9308261844.AA08587@enet-gw.pa.dec.com> Thug at phantom.com says: >I'm assuming the NSA will pressure ViaCrypt to put in a backdoor. One >possible backdoor that can be placed inside the commercial PGP and still >allow it to pass the above test is if commericial PGP secretly writes all >keys and pass phrases to a block on your hard disk, and marks that >block as used to the file system. In order to prevent you from scanning >your hard disk and finding that block, the information stored there could >be encrypted by a key which the NSA has in it's possession. There's actually a much easier way for a backdoor to be inserted that will allow monitoring even without the spooks knocking on your door to get your disk... PGP uses RSA only to encode and transmit a "random" DES/IDEA-type session key, and the rest of the message is encoded only with the session key. The recipient PGP uses RSA to recover the session key, and then decodes the rest of the message with the recovered session key. Say that the "backdoored" PGP is redesigned to only choose session keys from a large-but-reasonably-brute-forceable set.... [example: only from consecutive 8-byte sequences in the executable image; I'm sure some other more obscure method can be easily devised]. The result is that there might only be a few hundred thousand possible session keys- few enough that a brute-force attack with a small array of workstations might succeed in recovering the session key in a few minutes to hours. ----- The only way ViaCrypt can prove that this isn't the case is to distribute the source code of _their_ product. [Note: they do NOT have to include the RSA module source- if it's possible to examine the non-RSA code, and instrument it (to prove that the session key is honestly generated _AND_ transmitted/recovered correctly) then Thug's tests will be adequate to verify a lack of backdoors (as far as I can see- but I'm perhaps not as devious as a professional). -Bill From klbarrus at owlnet.rice.edu Thu Aug 26 12:05:48 1993 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Thu, 26 Aug 93 12:05:48 PDT Subject: blinding & PGP Message-ID: <9308261903.AA19617@arcadien.owlnet.rice.edu> It occured to me over lunch that PGP IDEA encrypts files; what is RSA encrypted are session keys, hashes, etc. So you never really digitally sign the file itself, you instead digitally sign the portion that contains the session key used, hashes and so forth. Again, I'm sure PGP doesn't blind the RSA portion, so I would say you can't bamboozle someone into signing a blinded document with PGP. Now, as for verifying a commercial version of PGP by comparing encrypts... it all depends on how exactly randseed.bin figures into the session key creation. Two files encrypted with the same public key could compare very differently if the random session keys are different, since the IDEA encryptions would differ and the so would the MD5 hashes, and so forth. I'm not sure if additional info besides the randseed.bin file goes into session key creation. -- /--------------------------------------------------\ | Karl L. Barrus | | klbarrus at owlnet.rice.edu | | D1 59 9D 48 72 E9 19 D5 3D F3 93 7E 81 B5 CC 32 | \--------------------------------------------------/ From norm at netcom.com Thu Aug 26 12:07:32 1993 From: norm at netcom.com (Norman Hardy) Date: Thu, 26 Aug 93 12:07:32 PDT Subject: Source Code NOT available for ViaCrypt PGP Message-ID: <9308261906.AA17663@netcom3.netcom.com> The proper paranoid must worry whether the licenced PGP does what it is supposed to do. One can compare the output of the ViaCrypt PGP with that of the current version. Discrepencies would merit great suspicion and perhaps disassembly. Improper paranoids might be comforted in the knowledge that many proper paranoids were comparing the two versions. I have not studied the format of the PGP output. Is it possible for the ViaCrypt PGP to interoperate with the current version unless it comforms completely? We must clearly worry about undocumented new formats. Incedently why do the code owners trust the customer to not illegitamitely copy the binary program, but not trust the customer to not illegitamitely copy the source program? From huntting at glarp.com Thu Aug 26 12:12:32 1993 From: huntting at glarp.com (Brad Huntting) Date: Thu, 26 Aug 93 12:12:32 PDT Subject: ViaCrypt's PGP In-Reply-To: <9308261844.AA08587@enet-gw.pa.dec.com> Message-ID: <199308261910.AA05802@misc.glarp.com> > The only way ViaCrypt can prove that this isn't the case is to distribute > the source code of _their_ product. [Note: they do NOT have to include the > RSA module source- if it's possible to examine the non-RSA code, and > instrument it (to prove that the session key is honestly generated > _AND_ transmitted/recovered correctly) then Thug's tests will be adequate > to verify a lack of backdoors (as far as I can see- but I'm perhaps not > as devious as a professional). One could apply the same sabotage to the generation of RSA public keys making any keys generated with ViaCrypt easily crackable. Of course you could use PGP to generate keys. And now what is ViaCrypt useful for? It's original purpose: Establishing plausable deniability. "Yes your honor, all these encrypted messages presented by the FBI as Exibit A were generated by ViaCrypt which incidentally we have a site licence for... No sir, We've never used PGP." brad From ajw at Think.COM Thu Aug 26 12:22:32 1993 From: ajw at Think.COM (Andy Wilson) Date: Thu, 26 Aug 93 12:22:32 PDT Subject: Visa, HNC Inc. develop neural network as a weapon to fight fraud In-Reply-To: Message-ID: <9308261917.AA16210@custard.think.com> From: bill at twwells.com (T. William Wells) Date: Thu, 26 Aug 1993 01:21:03 GMT [...] But that wasn't what you were writing about. You were writing about bad business decisions, not violations of privacy. No, you were writing about bad business decisions. I was providing a few details on how credit/charge-card information is used in this process and a few potential problems resulting from it. For that matter, your notions on neural networks seem contradictory. On the one hand, you complain about a violation of privacy and on the other you complain that a neural network won't tell you how it reached its conclusions! You are deliberately confusing two different points: 1) the fact that neural networks do not provide useful explanations of how they arrived at a particular decision, and 2) some potential problems that arise from this fact that concern privacy issues. : I beg to differ. This is exactly what digital : cash is meant to prevent. Digital cash and the use of neural networks to authenticate transactions are essentially orthogonal issues. I will reiterate that the whole point of digital cash is to provide anonymity, which will prevent these kinds of uses made of personal information which are not done with the explicit approval of the person involved. : The problem with referring a neural network's decision to a human : is that the neural network gives no information other than the : probability of fraud. 1) This statement is false. It is true of some neural networks but not all. We have no way of knowing whether their neural network is among those. It is true of all commercial applications of neural networks to my knowledge, and certainly true of the neural networks developed by Hecht-Nielsen. : There is not any : good way to combine the judgement of the neural net with that of a : human for that reason. Nonsense. As the existence of rule based systems that incorporate neural networks shows. That shows no such thing. The only way to combine the judgement of a neural network with that of a rule-based system, or anything else, is to see if both arrive at the same conclusion. You cannot see the reasoning process of the neural network to help the human understand why it made the judgement that it did, the marketing hype of neural network vendors notwithstanding. This is my last post on this thread. Andy From ajw at Think.COM Thu Aug 26 12:52:32 1993 From: ajw at Think.COM (Andy Wilson) Date: Thu, 26 Aug 93 12:52:32 PDT Subject: Visa, HNC Inc. develop neural network as a weapon to fight fraud Message-ID: <9308261948.AA16559@custard.think.com> Date: Wed, 25 Aug 93 22:02:04 -0600 From: "L. Detweiler" [...] Furthermore, a `warning flag' system is potentially superior to the current system, contrary to your statement of it being a `problem' in that potentially no other information other than `suspicious activity alert' is provided. as P. Wayner indicated, the potential for simple PR is increased to the point that at least some customers are pleased. I did not intend to imply that Visa's policy in particular was not to use the neural network as a "warning flag". I was merely pointing out potential problems in the trend of using neural networks to make decisions based on personal information, including details of neural network technology that limit their usefulness as "warning flags". I was not commenting on the policies of Visa, Inc., of which I have no personal knowledge. The use of AI technology by both businesses and the government to track personal and corporate transactions is a major trend. A former colleague who is doing classified work along this line referred to what he was doing as "building big brother." Andy From an31144 at anon.penet.fi Thu Aug 26 12:53:01 1993 From: an31144 at anon.penet.fi (an31144 at anon.penet.fi) Date: Thu, 26 Aug 93 12:53:01 PDT Subject: Further PGP Security Doubts Message-ID: <199308261827.AA25477@xtropia> > 4) It's not too hard to build a test-suite for PGP to ensure it's > implementation of IDEA is correct, and it's possible to check > it's key generation/session key generation things. Of course > key management isn't too big a deal either... Thus I don't > think it requires too great an effort to trust ViaCrypt. > And if not - buy their copy to stay legal and use the > Source to be safe (:-). I would be pleased to see some truly exhaustive efforts made to test PGP's actual security. I have been seeing yet more criticisms of PGP, this time from some character calling himself "Raymond Paquin." He claims to be a professor of mathematics who has been working at an unnamed university exclusively on cryptographics for the past twelve years. He implies that he is working for some government in a classified capacity and is thus unable to either publish or discuss the matter openly. He claims that PGP is fatally flawed, though the flaw is in niether RSA or IDEA, but rather somewhere within the PGP part of the program. Copping the "I can say no more! I have said too much already!" melodrama, no more detailed information is forthcoming. Now, this tease seems to reek of a hoax, but Zimmermann himself claimed no high degree of security for the program. To my knowledge, no serious or well-funded unclassified attempts have been made to crack PGP. I fear that we are putting our faith in snake oil, as Zimmermann puts it. I am not a mathematician, but merely a former spear-carrier in the Cold War with some fairly well-developed residual instincts about this sort of thing, including a conviction that all security measures - physical, electronic or cryptographic - can be compromised by a determined opponent with extensive resources. Once compromised, attacks thereafter may often be trivially accomplished. From smb at research.att.com Thu Aug 26 13:05:48 1993 From: smb at research.att.com (smb at research.att.com) Date: Thu, 26 Aug 93 13:05:48 PDT Subject: Source Code NOT available for ViaCrypt PGP Message-ID: <9308262005.AA25758@toad.com> btw, how did they get around PKP's rule about using the interface provided which uses DES ? That rule applies to RSAREF, and not necessarily to anything else. From norm at netcom.com Thu Aug 26 14:42:34 1993 From: norm at netcom.com (Norman Hardy) Date: Thu, 26 Aug 93 14:42:34 PDT Subject: Source Code NOT available for ViaCrypt PGP Message-ID: <9308262139.AA05382@netcom3.netcom.com> Regarding Secret key generation. cme at ellisun.sw.stratus.com (Carl Ellison) says: > The only place to worry is with key generation, > both IDEA and RSA. I presume this is true. I include a Scheme program that finds the first prime in an arithmetic sequence. It uses a function published in Knuth. You can either study my program or compare its output with some program written by someone else to the same spec. If people are interested I will annotate the code and its output better. As it is now the prime that it finds is the last number that it outputs before it stops. Curiously it has a probability of error which is large for small numbers but exceedingly small for large numbers, just the opposite of human testers. I claim that this is a good specification for choosing your secret primes. It has a slight advantage over merely finding the first prime beyond some specified number because that tends to find primes that follow long runs of composites. It just now (as I edited this) found the prime 1000000000000000 00000000000000000000000000000000000000000000000000000000000000913 as the first prime in the sequence 10^80+11*n. I typed (scan (expt 10 80) 11) to the interpreter to get this. It took several minutes. I used MacGambit on a 68030. The output theoretically depends on the hokey random number generator here but if two implementations yield different answers due to different random number generators Knuth and others would be very interested! For use in real RSA application we should include a function that hashes typed in text into a bignum. A good hash of long text is a very good random number! It need not be a crypto hash! (define (ex x)(write x)x) (define (rand31 seed) (lambda()(let* ((hi (quotient seed 127773)) (lo (- seed (* 127773 hi)))(test (- (* 16807 lo) (* 2836 hi)))) (set! seed (if (> test 0) test (+ test 2147483647))) seed))) (define (gbrand max seed)(let* ((rq (rand31 seed)) (nq (let v ((c max)(n 0))(if (< c (expt 2 31)) (cons (let w ((cx c)(nx 1))(if (< cx 2) nx (w (quotient cx 2)(+ nx 1))))n) (v (quotient c (expt 2 31))(+ n 1))))) (z (car nq))(n (cdr nq))(k (+ (* 31 n) z))) (write(list max k z n)) ; max, k, n, z, L and m are non-negative integers. ; 2^(k-1)<=max<2^k. k=31*n+z. 0= a P) (j (modulo a P) P) (if (even? a) (let((q (j (/ a 2) P)) (m (modulo P 8))) (if (or (= m 3)(= m 5))(- q) q)) (let((q (j (modulo P a) a))) (if(or (= (modulo P 4) 1) (= (modulo a 4) 1)) q (- q))))))) (define (mod-exp b p m)(cond ((= p 0) 1) ((even? p)(let ((x (mod-exp b (/ p 2) m)))(modulo (* x x)m))) (#t (modulo (* b (mod-exp b (- p 1) m)) m)))) ; The following is by Solovay & Strassen as presented in Knuth page 396. (define (p-test a P)(if(zero? a)(cdr 2))(and (odd? P) (= (gcd a P) 1) (zero? (modulo (- (j a P)(mod-exp a (/(- P 1) 2) P)) P)))) (quote "The function scan below returns the first prime in the") (quote "arithmetic sequence a + n*b") (define (scan a b)(let* ((g (gcd a b))(n (modulo b 210)) (random (gbrand (+ a (if (positive? b) 0 (* 2000 b))) 228765)) (probe (+ 1 (random)))) (if (> g 1) (list "Always divisible by" g) (let more ((a1 a)(m (modulo a 210))(cn 0)) (if (and (let all ((l (list 2 3 5 7)))(or (null? l) (and (positive? (remainder m (car l))) (all (cdr l))))) (let all ((l 20)(p probe)) (or (zero? l) (and (ww cn (pt p a1)) (all (- l 1)(+ 1 (random))))))) a1 (begin (display ",")(more (+ a1 b)(modulo (+ m n) 210)(+ cn 1)))))))) (define (pc wx) (let zz ((q (- wx 1))(s 0))(if (zero? q) s (zz (- q 1)(+ (if (p-test q wx) 1 0) s))))) ; The following prmality test is from second edition of ; volume 2 of Knuth's "The Art of Computer Programming", ; page 379. (define (pt x n) (or (= n 2) (let* ((pr (let z ((q (- n 1))(k 0))(if (odd? q)(cons q k) (z (quotient q 2)(+ k 1))))) (q (car pr))(k (cdr pr))(nm1 (- n 1))) (let lp ((j 0)(y (mod-exp x q n))) (or (and (= j 0)(= y 1)) (= y nm1) (and (< (+ j 1) k)(lp (+ j 1)(modulo (* y y) n)))))))) ; 10^100-797, 10^200-189, 10^299-171, 10^300-69 are prime. ~. ~. From norm at netcom.com Thu Aug 26 14:57:34 1993 From: norm at netcom.com (Norman Hardy) Date: Thu, 26 Aug 93 14:57:34 PDT Subject: Commercial PGP: Verifying Trustworthiness Message-ID: <9308262157.AA25459@netcom5.netcom.com> thug at phantom.com (Murdering Thug) writes: > I'm assuming the NSA will pressure ViaCrypt to put in a backdoor. One > possible backdoor that can be placed inside the commercial PGP and still > allow it to pass the above test is if commericial PGP secretly writes all > keys and pass phrases to a block on your hard disk, and marks that > block as used to the file system. In order to prevent you from scanning > your hard disk and finding that block, the information stored there could > be encrypted by a key which the NSA has in it's possession. At least the Commercial PGP is not tamper proof and examination can, in principle, discover the backdoor. After discovery it would impossible to deny. From norm at netcom.com Thu Aug 26 15:15:49 1993 From: norm at netcom.com (Norman Hardy) Date: Thu, 26 Aug 93 15:15:49 PDT Subject: Commercial PGP: Verifying Trustworthiness Message-ID: <9308262215.AA29262@netcom4.netcom.com> peter honeyman says: > pgp and viacrypt will always generate differnt outputs: pgp > adds some pseudo-random stuff to the start of the file it is > encrypting to ensure that a file encrypts differently each time. This means that I am trusting the "pseudo-random" stuff not to be some secrets that PGP has read from my disk. The only benefit that I see to the pseudo-random stuff is to send the same message to several people without revealing the fact that the messages are the same except to those that can decode the messages. From danodom at matt.ksu.ksu.edu Thu Aug 26 15:42:35 1993 From: danodom at matt.ksu.ksu.edu (Dan Odom) Date: Thu, 26 Aug 93 15:42:35 PDT Subject: Source Code NOT available for ViaCrypt PGP In-Reply-To: <93Aug26.015906pdt.14440-4@well.sf.ca.us> Message-ID: <9308262239.AA26848@matt.ksu.ksu.edu> George A. Gleason Said: > What about the idea of having someone who is known trustworthy examine the > source code under nondisclosure? A passing grade from a couple of the > respected members of the community here would be great for ViaCrypt's > promotional efforts, if nothing else...! That is not a bad idea, and I would trust certain people to tell the truth about ViaCrypt PGP's security.... the problem is convincing ViaCrypt to let someone that Cypherpunks consider trustworthy to look at it. I mean, I wouldn't listen to Sternlight or Denning, but I might listen to May or Gilmore. But would ViaCrypt allow May or Gilmore to see their source? -- Dan Odom danodom at matt.ksu.ksu.edu -- Kansas State University, Manhattan, KS PGP key by finger or request. From an31185 at anon.penet.fi Thu Aug 26 17:05:50 1993 From: an31185 at anon.penet.fi (Anon of Ibid) Date: Thu, 26 Aug 93 17:05:50 PDT Subject: Coming Soon: Commercial version of PGP! Message-ID: <9308270001.AA11449@anon.penet.fi> >How soon before a Mac compatible version is available? Or will the current >version run under Soft PC on the Mac, which is essentially a PC-emulator...? >If yes to either, sign me up...! > >-gg at well.sf.ca.us Well, it works on SoftPC on my workstation, so I guess it would work on the Mac as well. I don't think I'd trust the key generation though, as if I remember correctly the PC version sets the PC timer to a high rate which SoftPC probably doesn't support. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From an31185 at anon.penet.fi Thu Aug 26 17:12:36 1993 From: an31185 at anon.penet.fi (Anon of Ibid) Date: Thu, 26 Aug 93 17:12:36 PDT Subject: Further PGP Security Doubts Message-ID: <9308270006.AA11920@anon.penet.fi> an31144 at anon.penet.fi writes: ["Raymond Paquin"] >.. claims that PGP is fatally flawed, though the flaw is in niether >RSA or IDEA, but rather somewhere within the PGP part of the program. > >Copping the "I can say no more! I have said too much already!" >melodrama, no more detailed information is forthcoming. Yes, this seems to be a persistent rumour, though I've no idea how true it might be. I uploaded PGP to a bulletin board a few months back and received a message from another user claiming the same thing. (And taking the same copout...) I've been meaning to take a good look at the source for a while, I think it's about time to investigate the key generation code..... ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From mbriceno at aol.com Thu Aug 26 17:42:37 1993 From: mbriceno at aol.com (mbriceno at aol.com) Date: Thu, 26 Aug 93 17:42:37 PDT Subject: Coming Soon: Commercial version of PGP! Message-ID: <9308262031.tn30727@aol.com> gg at well.sf.ca.us writes: > How soon before a Mac compatible version is available? Or will the > current version run under Soft PC on the Mac, which is essentially a > PC-emulator...? If yes to either, sign me up...! Have you tried the freeware version of MacPGP yet? It is very easy to use. The next release (now in beta) will even support AppleEvents. I think it will be quite a while before you can buy something similar. [And why would you want to pay if you can get for free?] --Marc From cjl at micro.med.cornell.edu Thu Aug 26 18:32:37 1993 From: cjl at micro.med.cornell.edu (Chris Leonard) Date: Thu, 26 Aug 93 18:32:37 PDT Subject: .Comparing ViaCrypt and freeware. Message-ID: <9308270131.AA13145@ micro.med.cornell.edu> {Refering to my earlier post about the possibility of black-boxing the commercial ViaCrypt and comparing it to freeware PGP} I've been most gratified by the response (private and posted) to my question. Thanks for the enlightenment. The first few responses were diametrically opposite in their conclusions, but after that what I have taken away as the message is that the session key is generated on-the-fly and would be different every time, although I guess I still don't understand enough to figure out why no matter what the program uses as randomness input some really bright boy capable of working real down close to the silicon couldn't fake up some sort of a test bed to spoon-feed the "randomness" to the program. It's not like this thing runs on quantum randomness. Is it? As for why bother when the freeware is available, plausible deniability was mentioned and I think that is probably the most convincing argument. The Jackson Games seizure, and other computer confiscations by law enforcement are enough to keep any company from allowing a copy of PGP on the premises, it also has a fairly chilling effect on those less brave souls who don't have the power of their convictions and are willing to trust the government not to snoop on their E-mail or phone conversations. The right to privacy can be eroded away because most people don't care to learn how the box on the desk works, let alone worry about exercising their civil liberties. Hell, most people don't even bother to vote. I found out about PGP from the WIRED article on the cypherpunks, and I have been doing as someone else suggested, turning other people on to privacy. I have converted several friends already and they in turn are spreading the encrypted word. eep-Kay o-nay rypting-'Cay, cjl From norm at netcom.com Thu Aug 26 19:15:51 1993 From: norm at netcom.com (Norman Hardy) Date: Thu, 26 Aug 93 19:15:51 PDT Subject: Commercial PGP: Verifying Trustworthiness Message-ID: <9308270215.AA19598@netcom3.netcom.com> Forwarding for cdodhner at indirect.com (Christian D. Odhner) > > peter honeyman says: > > pgp and viacrypt will always generate differnt outputs: pgp > > adds some pseudo-random stuff to the start of the file it is > > encrypting to ensure that a file encrypts differently each time. > This means that I am trusting the "pseudo-random" stuff not to be > some secrets that PGP has read from my disk. The only benefit > that I see to the pseudo-random stuff is to send the same message > to several people without revealing the fact that the messages are > the same except to those that can decode the messages. > I could very well be wrong about this one, but since pgp uses a random idea session key each time you encrypt, wouldn't that in fact ensure that no two encryptions of the same file with the same public key are ever the same? Why then would random stuff be needed? Happy Hunting, -Chris PGP public key available upon request. From norm at netcom.com Thu Aug 26 19:22:37 1993 From: norm at netcom.com (Norman Hardy) Date: Thu, 26 Aug 93 19:22:37 PDT Subject: Commercial PGP: Verifying Trustworthiness Message-ID: <9308270218.AA19958@netcom3.netcom.com> cdodhner at indirect.com (Christian D. Odhner) says: > I could very well be wrong about this one, but since pgp uses a random > idea session key each time you encrypt, wouldn't that in fact ensure that > no two encryptions of the same file with the same public key are ever the > same? Why then would random stuff be needed? I knew that! I forgot that! Thanks for reminding me. Back to the drawing board! A protocol where the user controlled the session key would be more awkward but would solve that problem. On the otherhand that isn't the PGP protocol. From gnu Thu Aug 26 19:32:37 1993 From: gnu (John Gilmore) Date: Thu, 26 Aug 93 19:32:37 PDT Subject: Crypto Consulting / Employment Opportunities at Microsoft Message-ID: <9308270228.AA27682@toad.com> Posted at CRYPTO '93 in Santa Barbara this week were these two job offers, FYI: CRYPTOGRAPHER -- Advanced Technology and Business Development, Advanced Consumer Technology Group, reporting to Group Manager, Research Group Primary responsibilities include the research, analysis, verification, and recommendation of cryptographic methods; designing and proving new methods; and working with a development team to implement such methods. Candidate should be familiar with authentication techniques, blind signatures, digital signature and time-stamping techniques, public key encryption systems, hashing methods, and encryption standards. Familiarity with RSA, LUC, DES, minimum knowledge systems, and Digital Cash/Smart Card technology a plus. A MS/Phd degree in Mathematics, with a focus on cryptography, desired. Do you need a research challenge which results in tangable (sic) product? Then Microsoft is the place for you! Microsoft looking (sic) to challenge the brightest mathematical minds with the latest advances in cryptography. The ideal candidate will be responsible for the reserach, analysis, verification, and recommendation of cryptographic standards as well as the design of new standards. Candidate should be familiar with ... [repeats itself here] COMPUTER SECURITY EXPERT -- Advanced Technology and Business Development, Advanced Consumer Technology Group, reporting to Group Manager. Primary responsibilities include the reserach, analysis, verification, and recommendation of computer and communication security techniques; designing new methods; and working with a development team to implement such methods. Some programming responsibilities also will be assumed. Qualifications should include a minimum of 5 years experience with secure transaction systems, data security, authentication techniques, basic encryption technology, and knowledge of security standards. Famililarity with electronics funds transfer systems (SWIFT, ...), Smart Card technology, C/C++ language, and RSA encryption a plus. A BS/MS/Phd degree in Computer Science or related field preferred. Contact: Lester Waters, +1 206 936 4288, lesterw at microsoft.com Gideon Yuval, gideony at microsoft.com From ld231782 at longs.lance.colostate.edu Thu Aug 26 20:22:39 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Thu, 26 Aug 93 20:22:39 PDT Subject: Cisco routers backdoor Message-ID: <9308270317.AA16085@longs.lance.colostate.edu> ===cut=here=== Date: Wed, 25 Aug 1993 12:56:54 -0700 (PDT) From: Al Whaley Subject: Cisco routers Rumors abound that Cisco routers have a back door; that is when a TCP port is disabled, it can still be accessed from Cisco's IP number. I have personally verified this with the sendmail port. Al Whaley al at sunnyside.com +1-415 322-5411(Tel), -6481 (Fax) Sunnyside Computing, Inc., PO Box 60, Palo Alto, CA 94302 [Private trapdoors for developers and maintenance folks are remarkably common, and in many other cases represent more serious risks than this one. WarGames was not pulling your leg. PGN] ------- End of Forwarded Message From warlord at Athena.MIT.EDU Thu Aug 26 20:32:38 1993 From: warlord at Athena.MIT.EDU (Derek Atkins) Date: Thu, 26 Aug 93 20:32:38 PDT Subject: Source Code NOT available for ViaCrypt PGP In-Reply-To: <9308262239.AA26848@matt.ksu.ksu.edu> Message-ID: <9308270328.AA20123@w20-575-50.MIT.EDU> > That is not a bad idea, and I would trust certain people to tell the > truth about ViaCrypt PGP's security.... the problem is convincing > ViaCrypt to let someone that Cypherpunks consider trustworthy to look > at it. I mean, I wouldn't listen to Sternlight or Denning, but I > might listen to May or Gilmore. But would ViaCrypt allow May or > Gilmore to see their source? You realize that this is not ViaCrypt taking PGP and making it into a product, but an agreement between Phil Z. and ViaCrypt to turn the Public version into a legal-for-commercial-use product??? First and foremost, the public, shareware (freeware? I forget what the status is) version of PGP will always remain ahead of the commercial version, but the commercial version will use the code from the free version. Secondly, regarding "whom do you trust": Do you trust Phil Z? As far as I know (and granted, its not much, yet), Phil Z is going to oversee the commercial product, to make sure that nothing is put into it. Granted, he probably wont get to see the RSA sources, but there are sources of those (pun intended). Listen, this is a Good Thing (TM). It means that there will be a version of PGP, for a nominal fee, that is legal for commercial use in the US. When the free(share)ware version of PGP also becomes legal, then there won't be any problems with RSA/PKP!!! This is a step in the right direction. Let's calm down some and see where it goes! -derek From cjl at micro.med.cornell.edu Thu Aug 26 21:02:39 1993 From: cjl at micro.med.cornell.edu (Chris Leonard) Date: Thu, 26 Aug 93 21:02:39 PDT Subject: viacrypt and freeware Message-ID: <9308270401.AA13257@ micro.med.cornell.edu> >> As for why bother when the freeware is available, plausible deniability was >> mentioned and I think that is probably the most convincing argument. The >> Jackson Games seizure, and other computer confiscations by law enforcement >Note that the seizure had *nothing* to do with copyright or other IP >infringement; no incriminating material was ever found, and we were >completely cleared. Also, the name of the company is "Steve Jackson Games" >That aside, I agree with your basic analysis. It was not my intent to speak to the *specifics* of the Steve Jackson Games case, although your point is well taken. My reference was more to the point that as a reasonably well publicized event, particularly among the computer cognescenti, that people (i.e. sysops and owners) have every reason to fear completely outrageous and unconstitutional behavior from government agencies. The law enforcement agencies are well aware of the value of making a high profile example of how much they are able to get away with and be completely free from any redress of grievances. cjl From cjl at micro.med.cornell.edu Thu Aug 26 21:05:52 1993 From: cjl at micro.med.cornell.edu (Chris Leonard) Date: Thu, 26 Aug 93 21:05:52 PDT Subject: Apology Message-ID: <9308270403.AA13260@ micro.med.cornell.edu> Sorry for the last post. It was sent to the board in error. cjl From fergp at sytex.com Thu Aug 26 21:12:40 1993 From: fergp at sytex.com (Paul Ferguson) Date: Thu, 26 Aug 93 21:12:40 PDT Subject: Adding an "AKA" Message-ID: -----BEGIN PGP SIGNED MESSAGE----- I just finished upgrading from PGP v2.2 to v2.3a (and without a hitch, I might add). This may sound like a silly question, but how do you add an AKA to your key? I skimmed through the manual, as usual, to ensure that I didn't absent-mindedly overlook something, but didn't see this mentioned. I have, however, seen it done and have a couple on my keyring in fact. Something along the lines of: Type bits/keyID Date User ID pub 1024/1CC04D 1993/03/15 Paul Ferguson -----> Paul Ferguson 1 key(s) examined. Danke. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLH1mVJRLcZSdHMBNAQHchAP/URXN0T/7aW/kFC1flZgi4Rnjf4QEr2Nu Dx/FidcB2JgV9Kz0M145VCvNa1w4f9+jBFltRMLRRB/xHLFFB6kCj18a6EO31rp0 VAhjqd3GG+WAgZJ4VyQ4vY+iuByum++gHSzbh+eiD1Gpha/Fw96Pv4xskl5QbtS2 Y55QKIQB1Io= =tg73 -----END PGP SIGNATURE----- Paul Ferguson | "Government, even in its best state, Network Integrator | is but a necessary evil; in its worst Centreville, Virginia USA | state, an intolerable one." fergp at sytex.com | - Thomas Paine, Common Sense Type bits/keyID Date User ID pub 1024/1CC04D 1993/03/15 Paul Ferguson Key fingerprint = EE D2 93 7D 04 6D C6 05 AC 36 AD 9D 8E 4F 41 58 From bill at twwells.com Thu Aug 26 22:05:52 1993 From: bill at twwells.com (T. William Wells) Date: Thu, 26 Aug 93 22:05:52 PDT Subject: .Comparing ViaCrypt and freeware. In-Reply-To: <9308270131.AA13145@_micro.med.cornell.edu> Message-ID: If you're worried about backdoors, reverse engineer it and verify that it works as advertised. Given that the program has to largely duplicate an existing set of source, this should be trivial. From hfinney at shell.portal.com Thu Aug 26 22:22:41 1993 From: hfinney at shell.portal.com (hfinney at shell.portal.com) Date: Thu, 26 Aug 93 22:22:41 PDT Subject: Attacks on remailers Message-ID: <9308270511.AA25634@jobe.shell.portal.com> From: b44729 at achilles.ctd.anl.gov (Samuel Pigg) > On the user side, I think a good tool to augment this would be a > mailer program which kept a list of the functioning remailers with > keys, and randomly selected a route through them using a random > (reasonable) number of hops, and performing the necessary nested > encryptions. Then it could start the remailer hopping process via > special socket connection to the first remailer in the chain. This seems like a good idea. Note that on the ftp site there are scripts and a program which will set up a chained remailing if you are willing to type in the names or numbers of the remailers to use. Extending these to use a random route or set of hops would not be a major job. > Perhaps a protocol could be worked out for the mailer program to > request from any one of the remailers a current list of the > functioning remailers? (in an effort to transparentize the process > some more, as manually maintaining a list of current remailers would > be tedious.) More and more I think this would be a good idea. People are always complaining about temporary "down time" among the remailers. Perhaps someone could run a service which would run every night, ping all the remailers, and keep a file with a list of those remailers which have responded in the last 24 hours. This file could be made available by finger, ftp, or some other method. Perhaps someone could volunteer to write such a beast? This is another project that seems doable in a moderate amount of time. Putting these two together, as Sam suggests, would produce a more robust and convenient way of using the remailers. Nice ideas, Sam. Hal Finney hfinney at shell.portal.com From hfinney at shell.portal.com Thu Aug 26 22:23:09 1993 From: hfinney at shell.portal.com (hfinney at shell.portal.com) Date: Thu, 26 Aug 93 22:23:09 PDT Subject: Viacrypt PGP source code unavailable Message-ID: <9308270511.AA25638@jobe.shell.portal.com> I spoke briefly with Phil Zimmermann about the ViaCrypt deal this afternoon. He explained, as I understood it, that the company was contractually obligated to use their own version of the RSA library. This code is apparently proprietary and so the source is not currently planned to be released. Phil indicated, though, that he will discuss this issue with ViaCrypt, and hopefully some solution can be found which will satisfy users. It was not clear to me whether the random-number code from PGP would be retained. I suspect that it will be, though, which would mean that if you started with identical randseed.bin files, and RSA-encrypted identical files, that the two programs should produce identical output. PGP uses the contents of this file to initialize its random number generator. (PGP does put some random data at the beginning of the plaintext before encryption, as was described; this is to make cryptanalysis harder, since the first few bytes of the plaintext will not be known. Again, this random data is based on the contents of the randseed.bin file.) To address a few other points that were made: Phil reiterated his strong committment to keep the freeware version of PGP at least as up-to-date as the commercial version. This is not a case where the freeware version will be left to languish. In fact, Phil expects the commercial version to be based on the freeware version, with advances occuring first in the freeware code. As to whether individuals will pay $100 or more for a legal version, that remains to be seen. In some ways the same question can be asked about many commercial packages, for which pirated versions are available for free from friends or user groups. Yet still some people pay for software because they feel better using a legal version. People who feel this way would perhaps also prefer a legal version of PGP. Hal Finney hfinney at shell.portal.com From hfinney at shell.portal.com Thu Aug 26 22:23:12 1993 From: hfinney at shell.portal.com (hfinney at shell.portal.com) Date: Thu, 26 Aug 93 22:23:12 PDT Subject: Digital Gold, a bearer instrument? Message-ID: <9308270511.AA25625@jobe.shell.portal.com> ][adon Nash's digital gold concept is interesting, however I think it is harder to use than existing cash systems in the literature. In order to know whether to accept a given piece of digital gold in payment for a product or service, a vendor must check a central database which records all transactions anywhere in the world. It must trace through the chain of possession for that piece of digital gold in order to verify that the ownership is legitimate. In particular, if the person passing the gold is a cheater he may be spending it twice, perhaps very close together in time. This means that the database must be updated and checked in real time. This is the same communications requirement for the simplest form of digital cash based on Chaum blinded signatures. We have discussed this cash several times on this list. It is basically just an RSA-signed certificate from a trusted bank, but one which has had the "blinding" technique (which Karl has been describing) applied so that the bank won't recognize the cash when it is returned. For a vendor to know whether to accept a digital coin, he has to check with the bank to make sure the coin hasn't been spent before. This is analogous to ][adon's check of the gold-claim database. The bank's job seems somewhat easier, as it just has to look up whether the coin's number is present in a list. Also, Chaum provides "offline" variants on his system in which the vendor just trusts the person passing the cash, because he knows that if the customer cheats, his anonymity will be automatically broken and he can be sued. It's not clear how the digital gold approach could provide any such generalization. As for the notion of transferring assets from person to person, using aliases to provide for privacy, this has been discussed by Barry Hayes in Anonymous One-Time Signatures and Flexible Untraceable Electronic Cash, in the AusCrypt proceedings. He describes a system, in some ways an elaboration of Chaum's ideas, which works like checks which get endorsed from person to person. Just the other day I got a check which was made out to person A but endorsed over to me. I could endorse it over to someone else if I want. This chain can continue until someone cashes it. Hayes's system, like Chaum's, retains anonymity as long as no one cheats. If someone tries to pass the same check twice, their identity will be revealed. It's too bad that these papers aren't more widely available. The math is not that complicated. If you can understand RSA, you can understand digital cash, at least the simpler systems. But the papers are mostly only in the crypto proceedings, and not all libraries have them. I have to say, though, that although I don't really think the digital gold proposal is technically feasible, the proposal to own numbers shows tremendous chutzpah and is quite creative. Hal Finney hfinney at shell.portal.com From hfinney at shell.portal.com Thu Aug 26 22:25:53 1993 From: hfinney at shell.portal.com (hfinney at shell.portal.com) Date: Thu, 26 Aug 93 22:25:53 PDT Subject: Attacks on remailers Message-ID: <9308270511.AA25630@jobe.shell.portal.com> >>>>> On Wed, 25 Aug 93 11:39:11 EDT, J_G_Thomas%CAASD1 at mwmgate1.mitre.org said: Joe> A new protocol is probably the cleanest way to solve the Joe> problem of traffic analysis of messages addressed with Joe> encrypted address blocks. The best way to get security Joe> in a remailer chain is to nest your encryption, so only Joe> one layer gets peeled off in each remailer hop. That Joe> isn't possible with encrypted address blocks, since the Joe> sender will only know the address (and public key) of the Joe> first remailer in the chain. All hops after the first Joe> one must send the same message out as they got in, with Joe> just a layer off the encrypted address block. As I indicated in my long posting, it is not necessary to send out the same message that was received. Chaum proposed encrypting the message (the non-address-block portion) with a secret key at each stage, a key which would be revealed to the remailer (along with the address of the next address in the chain) when it peeled off its own layer of encryption. But if Joe> remailers talked to each other by first doing RSA-signed Joe> Diffie- Hellman key exchange, then encrypting the Joe> traffic, a packet snooper wouldn't be able to correlate Joe> incoming and outgoing messages. If no encryption is done on the message body, there is another attack for this case that I didn't mention. It is: Run a remailer. For every anonymous address floating around on the net, try sending a message to it. Look at the messages which pass through your own remailer and look for matches to the message you sent. Any anonymous address which includes your remailer as one of the elements will pass through you. You have then defeated all of the stages of the chain before yourself. In particular, if you happen to be the last remailer of the chain, you have broken the anonymity of the anonymous address. This attack, while not the most powerful on the list, defeats many of the principles of remailer chains, such as that the chain is as strong as its strongest link. It requires you to strongly trust at least one remailer in the chain (the last one), whereas without this attack you would not have to especially trust any single remailer. So it is sig- nificant. Diffie-Hellman encrypting messages between remailers would not help against this attack. Also, rather than DH it would be just as effective to use the public key of the next remailer in the chain, and more convenient: some remailers are not able to participate in TCP exchanges, being connected to the net by occasional uucp connections. This lack-of-TCP problem also impacts the proposal to use a public telnet port for message communication. Another problem with that proposal is that it would need the remailers to run as background processes. With the current software they can run as mail filters, which makes them much less conspicuous to system managers. The suggestion for remailers to send messages by telnet connection to port 25 of some other machine (rather than by piping to sendmail as they currently do) is perhaps reasonable (for those systems with TCP access), although it makes the remailer somewhat harder to set up since you have to find some other machine which will let you connect to their port. Also, I think some machines may log incoming or outgoing telnet connections to this port, since it is a common technique for mail forgeries. I have heard that most systems will actually not allow public telnet connections to this port. I don't know that much about how widely available telnet and other TCP/IP services are on the net, so if these techniques are more usable than I am suggesting I'd like to hear about it. Hal Finney hfinney at shell.portal.com From MIKEINGLE at delphi.com Thu Aug 26 23:05:52 1993 From: MIKEINGLE at delphi.com (Mike Ingle) Date: Thu, 26 Aug 93 23:05:52 PDT Subject: Commercial PGP; trapdoor rumors Message-ID: <01H2813M8J6090MZGB@delphi.com> It would be very easy to put a trapdoor into a version of PGP, and the only way to detect it would be to reverse-engineer the object code. For example: take the date, recipient's key id, and a 16 bit random number, MD5 it, and that's your session key. They all look random, but to crack it you only have to try 65536 combinations (trivial - IDEA is fast). You could also set a trapdoor value which would always be accepted as a valid signature. However, it would be very unlikely that a company which deals in cryptography would actually do this. There are quite a few hackers around who can reverse-engineer code. If one of them found the tampering, ViaCrypt would be commercially ruined (magazine headlines, nobody buys crypto from them again) and likely open to lawsuits from anyone who ever used their product. If they really want to reassure us: let Phil Zimmerman and a couple of others examine *all* of the source code, let Zimmerman run the compiler himself, then Zimmerman and the others sign the object code and a statement that they certify the program has no trapdoors. Include this as a detached signature certificate with the program, much like PGPSIG.ASC. Also, offer a sizable reward ($1000 or better) for anyone who breaks either commercial or freeware PGP and tells how it's done. PGP uses randseed.bin and the time to generate random session keys. If you used the same randseed and wrote a tsr which freezes the clock (i.e. always gives the same value) wouldn't you get the same session key? You'd have to recopy randseed from a backup after each run, because it's re-scrambled. If you get free PGP to give the same key twice, commercial PGP should give the same key under the same conditions. There should be no way to tell, by looking at keys or ciphertext, whether they were created by commercial or free PGP. This would head off any persecution of free PGP users, provided of course that anyone who makes a cent from PGP had better *own* the commercial version. He could, of course, *use* the free version! Will PKP agree to condone the use of the free version for personal non-profit communication? They will if they know what's good for their bottom line. PGP could become a standard, and they stand to make a lot of money off its success. I hope that future U.S. PGP's are not hobbled with slow PKP-approved RSA code. If they are, I and many people will ftp the foreign versions from sites outside the U.S. > From: IN%"an31144 at anon.penet.fi" 26-AUG-1993 19:17:39.96 > I would be pleased to see some truly exhaustive efforts made to test > PGP's actual security. > I have been seeing yet more criticisms of PGP, this time from some > character calling himself "Raymond Paquin." He claims to be a > professor of mathematics who has been working at an unnamed university > exclusively on cryptographics for the past twelve years. He implies > that he is working for some government in a classified capacity and is > thus unable to either publish or discuss the matter openly. > He claims that PGP is fatally flawed, though the flaw is in niether > RSA or IDEA, but rather somewhere within the PGP part of the program. > Copping the "I can say no more! I have said too much already!" > melodrama, no more detailed information is forthcoming. > Now, this tease seems to reek of a hoax, but Zimmermann himself claimed > no high degree of security for the program. To my knowledge, no serious > or well-funded unclassified attempts have been made to crack PGP. I > fear that we are putting our faith in snake oil, as Zimmermann puts it. > I am not a mathematician, but merely a former spear-carrier in the Cold > War with some fairly well-developed residual instincts about this sort > of thing, including a conviction that all security measures - physical, > electronic or cryptographic - can be compromised by a determined > opponent with extensive resources. Once compromised, attacks thereafter > may often be trivially accomplished. > From: IN%"an31185 at anon.penet.fi" 26-AUG-1993 20:40:09.66 > an31144 at anon.penet.fi writes: > ["Raymond Paquin"] > >.. claims that PGP is fatally flawed, though the flaw is in niether > >RSA or IDEA, but rather somewhere within the PGP part of the program. > > > >Copping the "I can say no more! I have said too much already!" > >melodrama, no more detailed information is forthcoming. > Yes, this seems to be a persistent rumour, though I've no idea how true > it might be. I uploaded PGP to a bulletin board a few months back and > received a message from another user claiming the same thing. (And taking > the same copout...) > I've been meaning to take a good look at the source for a while, I think > it's about time to investigate the key generation code..... Where did these rumors come from? 1: PKP 2: NSA 3: David Sternlight I remember a thread on alt.security.pgp about version 2.3 having a trapdoor in it. And I think they said the same about 2.2 before that. Whoever "Raymond Paquin" is, he's no spook. Spooks just don't do things like that - tell a little bit, then clam up. They are trained by instinct never to leak. Most rumors wilt under bright lights; where were these originally posted? Ask this person to post anonymously: where is the trapdoor? If there is any flaw in PGP, there are only a few places where it could be. The basic mechanics of the program (RSA, IDEA, etc) obviously work. The file format can easily be checked to make sure it is correct. A subtle flaw would have to be somewhere like: prime number generation, random RSA key generation, or random session key generation. If the primes weren't actually prime, that would make the RSA keys breakable. But you could take the primes (pgp -kg -l and you will see them in hex) and feed them into a primality tester to verify that. The most likely place for a bug would be in the randomness. I suppose it is possible that a one-line bug somewhere could leave out most of the randomness, making the keys still look random but actually be predictable. Random number generation is hard to verify. How has that in PGP been checked? The PGP source is so big and spread out, it's hard to check. I don't think there is a bug, but it would be nice if PGP were carefully examined and attacked. Where are these rumors coming from? They are bad for the cause. < mikeingle at delphi.com > PGP key on servers. Clipper - Big Brother Inside! From gg at well.sf.ca.us Fri Aug 27 01:52:42 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Fri, 27 Aug 93 01:52:42 PDT Subject: ViaCrypt's PGP Message-ID: <93Aug27.014902pdt.14451-3@well.sf.ca.us> "No sir, we never used PGP" can probably be proven false if ViaCrypt has some kind of tweak built in. So then you get nailed both ways. No thanks; let's have someone check out the source code under NDA and then report back, and if ViaCrypt is clean, great, that can only help the overall cause. -gg From gg at well.sf.ca.us Fri Aug 27 01:53:11 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Fri, 27 Aug 93 01:53:11 PDT Subject: ViaCrypt's PGP Message-ID: <93Aug27.014641pdt.14451-2@well.sf.ca.us> Source code for ViaCrypt: I believe I raised a point about having some trusted members of the crypto community (i.e. cypherpunks) examine the source under non-disclosure. Well...? This is an entirely reasonable demand. There are people in this list who are highly placed professionally, who own companies that are worth a reasonable sum, or who own houses at least, and therefore who can be trusted by ViaCrypt to not blow the gig because the resulting lawsuit would cost them mightily. So we trust those folks because they're part of this community, and ViaCrypt would trust them to not blow their NDA because they could be sued all to hell. Also from ViaCrypt's perspective, think of the marketing value of having the product independently certified or validated. That would certainly be worth something. NOw if Viacrypt refuses to go with this, that fact in and of itself would be harmful to their position: it would be a virtual admission that their system was dirty. The question is, who here wants to take this on...? To me the point is very straightforward: we have an interest in privacy, and the legal issues around privacy... the fight to preserve "underground" crypto fits into this picture, but I can't see any justification for boycotting or trying to tear down ViaCrypt simply because they're charging a fee for it and are making a profit on it and all that. Free markets, right? A successful ViaCrypt product would probably spread around to many users who would never have gotten onboard with PGP, for instance businesses who want to be totally squeaky clean about the copyright issues. We need everyone onboard who we can get, and we *don't* need some kind of PC litmus test of "are you willing to use underground software?" -gg From gg at well.sf.ca.us Fri Aug 27 02:02:42 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Fri, 27 Aug 93 02:02:42 PDT Subject: Source Code NOT available for ViaCrypt PGP Message-ID: <93Aug27.015856pdt.14453-4@well.sf.ca.us> "(the problem is) convincing ViaCrypt to trust (some Cypherpunk)." There are cypherpunks who have sufficient assets that they would reasonably be considered to want to protect themselves from losing same in a lawsuit over violating the terms of the non-disclosure agreement. Hey, if you have equity in a house, you begin to qualify for this one. Better if you own a company or have other significant assets. If someone here stands up and says, "Hey ViaCrypt, I'll put my (house/company/stock portfolio/etc.) on the block to back up my NDA, now let's play ball," ViaCrypt will have a very very hard time saying no. And if they do say no, they come out looking very bad indeed. If ViaCrypt are reasonable people, let's give them the reassurance that any reasonable person needs against the possibility of getting burned. Then the ball's in their court, and they've got to respond. -gg From b44729 at achilles.ctd.anl.gov Fri Aug 27 03:55:54 1993 From: b44729 at achilles.ctd.anl.gov (Samuel Pigg) Date: Fri, 27 Aug 93 03:55:54 PDT Subject: Attacks on remailers (LONG) In-Reply-To: <9308270511.AA25630@jobe.shell.portal.com> Message-ID: <9308271052.AA07922@achilles.ctd.anl.gov> >>>>> On Thu, 26 Aug 93 22:11:20 PDT, hfinney at shell.portal.com said: >>>>> On Wed, 25 Aug 93 11:39:11 EDT, J_G_Thomas%CAASD1 at mwmgate1.mitre.org said: [...] hfinney> As I indicated in my long posting, it is not hfinney> necessary to send out the same message that was hfinney> received. Chaum proposed encrypting the message (the hfinney> non-address-block portion) with a secret key at each hfinney> stage, a key which would be revealed to the remailer hfinney> (along with the address of the next address in the hfinney> chain) when it peeled off its own layer of hfinney> encryption. [...] hfinney> If no encryption is done on the message body, there hfinney> is another attack for this case that I didn't hfinney> mention. It is: hfinney> Run a remailer. For every anonymous address floating hfinney> around on the net, try sending a message to it. Look hfinney> at the messages which pass through your own remailer hfinney> and look for matches to the message you sent. Any hfinney> anonymous address which includes your remailer as one hfinney> of the elements will pass through you. You have then hfinney> defeated all of the stages of the chain before hfinney> yourself. In particular, if you happen to be the hfinney> last remailer of the chain, you have broken the hfinney> anonymity of the anonymous address. hfinney> This attack, while not the most powerful on the list, hfinney> defeats many of the principles of remailer chains, hfinney> such as that the chain is as strong as its strongest hfinney> link. It requires you to strongly trust at least one hfinney> remailer in the chain (the last one), whereas without hfinney> this attack you would not have to especially trust hfinney> any single remailer. So it is significant. Correct me if I'm wrong, but as I see it, there are two goals for the remailers: (1) Anonymous addresses to which mail can be sent, but the recipient is unknown and cannot be determined (receiving anonymous mail). (2) The ability to send mail to someone without anyone (including the recipient) determing that you did so (sending anonymous mail). Number 2 can be mostly taken care of with nested encryption of mail headers. Using the method you mentioned above of including a key to encrypt the body of the message nested inside each level of nested encryption would take care of the above problem (having to completely trust the last remailer) and restore the "chain is as strong as its strongest link" principle. This would complicate slightly complicate the final decryption for the anonymous recipient (having to decrypt the body of the message with each key in turn.) New software tools could need to be written for the recipients as well as the sender to handle this easier. A "anonymous address block" similar to the pgp signature blocks would be helpful for automating the sending of mail to anonymous addresses. To construct an anonymous address block might be something like: Anonymous Anne wants an anonymous address. First she generates a set of N keys (IDEA, DES or RSA, doesn't matter except RSA would disallow a remailer to decrypt what it encrypted using it.) She would then choose a path through the remailers and encrypt her address (and perhaps one of the random keys) with the last remailer's key. The result of this she would pair with the address of the next remailer closer to her (in the remailing path) and one of the random keys, and encrypt this with the next-to-the-last remailer's key . . (for all hops) . | v She would then encrypt the result of the previous operation with the key of the intended first remailer in the chain. Then she would add the address of the first remailer (in cleartext). This (largish nested encrypted address chain + cleartext first remailer address) she would encrypt (or sign) with the secret key of her anonymous persona. The appropriate software tools would allow someone to reply to an anonymous address using this "anonymous address block". [...] hfinney> This lack-of-TCP problem also impacts the proposal to hfinney> use a public telnet port for message communication. hfinney> Another problem with that proposal is that it would hfinney> need the remailers to run as background processes. hfinney> With the current software they can run as mail hfinney> filters, which makes them much less conspicuous to hfinney> system managers. True, but it would also protect against attack 2 in your "Attacks on remailers" post -- the mail log problem. I think it would be fairly simple to include in the next-remailer-address whether or not to use normal mail channels (for uucp remailers) or to use socket nnnn connection to the remailer (for the ones that are capable.) hfinney> The suggestion for remailers to send messages by hfinney> telnet connection to port 25 of some other machine hfinney> (rather than by piping to sendmail as they currently hfinney> do) is perhaps reasonable (for those systems with TCP hfinney> access), although it makes the remailer somewhat hfinney> harder to set up since you have to find some other hfinney> machine which will let you connect to their port. hfinney> Also, I think some machines may log incoming or hfinney> outgoing telnet connections to this port, since it is hfinney> a common technique for mail forgeries. I have heard hfinney> that most systems will actually not allow public hfinney> telnet connections to this port. The socket connections to other remailers would use a special port number. For the last connection (to the recipient) could be either by socket 25 connection or normal mail, whichever works (preferrably socket 25.) hfinney> I don't know that much about how widely available hfinney> telnet and other TCP/IP services are on the net, so hfinney> if these techniques are more usable than I am hfinney> suggesting I'd like to hear about it. I haven't seen a machine that doesn't allow just anyone to connect to port 25. (is there some new authentication protocol for this that I missed?) So the attacks and defenses as outlined by hal (with some additions): (1) Reading the "request-remailing-to" lines in the message to determine where it is going. Defeats remailer goal #2. Defense: can be defeated by nesting the remailer encryption. (2) Reading mail logs to plot the path of a message. Defeats remailer goals 1 and 2. Defense: bypass mail systems on remailer hosts, using special port socket connection communication wherever possible; run remailers only on systems that do not keep mail logs. (3) Monitor messages in real time flowing in and out of remailers, correlating the input messages with output. This is a variation of attack 2, and can defeat both remailer goals. Defense: Batch remailing messages in a manner which frustrates analysis; send fake messages to other remailers in such a manner as to maintain a constant flow, removing flow rate cues. (4) Read header info and check message size for remailer input/output correlation cues. Variation of attack 2, and can defeat both remailer goals. Defense: Do not preserve any header information; pad messages to remove size cues. (5) Inject a clone of a message into the remailer stream, and look for two identical messages to come out of a remailer to track the message. Another variation of attack 2. Defense: Check for duplicate messages in the remailer and remove all but one copy of each duplicate. (6) Insert duplicate messages in the input stream in seperate batches, checking the outgoing batches for copies to track the message. Same problem as (5) really. Defense: Timestamp the messages so they are only good for a number of days, thus reducing the number of messages to check against for duplicates. I don't like this defense. Who would make the timestamp? Where would you put the timestamp? How would you prevent spoofing? If you added an element of randomness to the procedure that padded/altered the message before sending on to the next remailer, it would defend against this line of attack -- so two identical messages going into a remailer would come out differently. This is where DH key exchange could be fruitful (with random session keys for each message.) (Assuming that the remailers don't know each other's RSA keys. If they did, then they could simply encrypt a random session key with the other's key and encrypt the message with the key also, and ship them both over to the next remailer.) (7): Look at all messages coming out of the first remailer, and follow them into their 2nd remailers; take all messages from those and follow them on, and so on. This will eventually lead to a number of destinations, one of which must have been the destination of the original message. Over a period of time, look for correlations between destinations and sources. Defense: Use large remailer chains of popular remailers. With enough mixing at each stage of the chain, the number of possible destinations will become astronomically large, making correlations statistically impossible; use of dummy messages to pad flow rate to constant would increase the difficulty of such an attack (would hide the signal deeper in the noise.); such an attack (PROLONGED monitoring of all remailers) would be very difficult to perform, esp. with use of remailer-remailer socket connections. (8): Correlate messages being sent from person A with messages being received a certain time later by person B. Even without the ability to track messages through the remailers this can show a communication pattern. Defense: Send dummy messages at regular intervals, which bounce through the remailer network and then die. When you have a real message to send, replace one of the dummies with this. The sender's traffic pattern is then constant and no information can be gained from it. (9): Bribe or coerce one or more remailer operators into revealing their keys, or into decrypting the desired messages. Alternatively, run many remailers, pretending to be dedicated to privacy, while secretly gathering information on the messages. Defense: Use many remailers in a variety of geographical locations, so that it is unlikely that all of them can be corrupted in this way. There is another attack scenario, a variation of (9) that has not really been discussed. (10)The problem begins with the fact that anonymous addresses are essentially timeless. While you are safe as long as one remailer is not compromised ("chain being as strong as its strongest link"), your anonymous address block is "eternal" in that it lasts as long as the remailers themselves. Suppose some "determined power" wanted to know who was at the other end of an anonymous address. This "determined power" could coerce each remailer to in turn strip its encryption from the anonymous address block, and TAKE AS LONG AS IT NEEDED with each remailer to do this. To defend against this, I think remailer secret keys should expire and BE DESTROYED after a set period of time. When it's time to expire the old key pair, a remailer could generate a new key pair, and sign the new public key with the old secret key (assuring it came from the remailer) and then destroy the old secret key completely. All remailers would have to do this fairly synchronized, in order for anon addresses to be useable. (Can't have one key in the chain expiring unexpectedly). Anonymous addresses would then have to be re-generated with the new remailer keys (and hopefully a new remailer path as well!). Hopefully if such a situation ever arose, the keys would expire and be deleted before the "determined power" could manage to coerce ALL the remailers in the anonymous address block's remailer chain to strip off their respective encryption layers. (coercion/key theft/whatever..) (ie "Sorry.. can't decrypt this for you.. the key was automatically destroyed 6 days ago...") This would also help defend against attack #7 by forcing the re-generation of anonymous address blocks, with (hopefully) new remailer chains attached to them. Other possibilities for increasing the security and the difficulty of attacks: (1) Allow for encrypted header blocks (either in the anonymous address block or in the sender's encrypted header block) to contain commands to remailers to split the message into pieces (either just cutting it up, or ripping it into 2 or more pieces connected by XOR's or whatever) and send out via different paths (path "forking") to be reassembled at the end. This would make attacks 3,4, and 7 more difficult, and would not be too bad to reassemble for the anonymous address blocks, but would be hard to deal with for the sender-anonymity version (at the receiver end.) (2) Implement a remailer web that is constantly connected via sockets, with a near-constant-volume encrypted byte stream, with rapidly changing keys and mixing of fake data and real data. This would eliminate the need to pad or batch messages and would defeat attacks 2,3,4,5,6, and would make attack 7 harder. This would also be pretty tough to do, and could put a serious drain on the computational and bandwidth resources of the remailer hosts. (student accts would be out.) Ideas/Comments/Criticisms? Sorry, this was longer than I thought it would be (trying to be as complete as I can.) -Sam From dmandl at lehman.com Fri Aug 27 05:12:47 1993 From: dmandl at lehman.com (David Mandl) Date: Fri, 27 Aug 93 05:12:47 PDT Subject: Coming Soon: Commercial version of PGP! Message-ID: <9308271210.AA09599@disvnm2.lehman.com> > gg at well.sf.ca.us writes: > > > How soon before a Mac compatible version is available? Or will the > > current version run under Soft PC on the Mac, which is essentially a > > PC-emulator...? If yes to either, sign me up...! > > Have you tried the freeware version of MacPGP yet? It is very easy to use. > The next release (now in beta) will even support AppleEvents. I think it will > be quite a while before you can buy something similar. > [And why would you want to pay if you can get for free?] > > --Marc I was a beta tester of the latest version of MacPGP, and it looks *very* nice. Some annoying minor bugs have been fixed and a few new features added, including a hook for BBEdit (a godsend). I assume it'll be released any week now, if not sooner. If it's true that the freeware version of PGP will be allowed to exist alongside the new (sourceless) commercial version, I don't think the cypherpunk in the know will have much trouble choosing... --Dave. From pfarrell at cs.gmu.edu Fri Aug 27 07:38:18 1993 From: pfarrell at cs.gmu.edu (Pat Farrell) Date: Fri, 27 Aug 93 07:38:18 PDT Subject: Commercial PGP; trapdoor rumors Message-ID: <38183.pfarrell@cs.gmu.edu> In message Fri, 27 Aug 1993 01:46:57 -0400 (EDT), Mike Ingle writes: > > Will PKP agree to condone the use of the free version for personal > non-profit communication? They will if they know what's good for their > bottom line. PGP could become a standard, and they stand to make > a lot of money off its success. In April, I talked to Jim Bidzos @ PKP, and he agreed to allow his licensed RSA code to be built into a PGP compatible freeware program. I believe some folks at MIT were planning to start work on it... After all, cypherpunks write code... Pat Pat Farrell Grad Student pfarrell at cs.gmu.edu Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include From snark!esr at gvls1.VFL.Paramax.COM Fri Aug 27 08:02:50 1993 From: snark!esr at gvls1.VFL.Paramax.COM (Eric S. Raymond) Date: Fri, 27 Aug 93 08:02:50 PDT Subject: Cypherpunks FAQ status Message-ID: I have received valuable and detailed feedback on the second-draft cypherpunk FAQ from a couple of posters. Accordingly, I expect to post a third cut either later today or around 8th September, on my return for California. (I'm flying out tomorrow for the World Science Fiction Convention. I'll meet some of you FTF at the 5th anniversary Extropians party.) -- >>eric>> From snark!esr at gvls1.VFL.Paramax.COM Fri Aug 27 08:03:19 1993 From: snark!esr at gvls1.VFL.Paramax.COM (Eric S. Raymond) Date: Fri, 27 Aug 93 08:03:19 PDT Subject: Mailer hooks for PGP Message-ID: I've now uploaded and made PGP. It looks mondo cool, but also kind of a pain to use because the existing interface requires one to perform encryption and decryption manually. I'm considering writing patches for Elm 2.4 that would allow it to (a) check your public ring and automatically sign/encode outgoing mail to eligible users, and (b) automatically decode incoming mail. Elm is a very popular mailer. If I could get these patches into the distribution, the hassle barrier to widespread use of PGP would drop significantly. And the prospects for that are good; I'm friendly with the Elm development group moderator. Also, there's precedent for Elm to delegate message decoding --- it has MIME hooks that shell out to metamail. (That brings up another point. Has anyone worked on getting armored PGP registered as an official MIME encoding type? Getting pgp support into metamail would be a massive win --- probably better than hooks in Elm itself. If no one else is working this angle, I'd be willing to get in touch with Nathaniel Borenstein and use whatever zorch I have with him to make it happen.) Now, before I begin hacking. Has anything like this been done before? Are there any known design problems or pitfalls in integration with a mailer such as Elm? And, finally, if prz is listening, would you be willing to accept minor hacks for this purpose such as the addition of a new pgp interface mode tailored for use from mailers? -- >>eric>> From klbarrus at owlnet.rice.edu Fri Aug 27 08:35:56 1993 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Fri, 27 Aug 93 08:35:56 PDT Subject: Adding an "AKA" In-Reply-To: Message-ID: <9308271532.AA10380@arcadien.owlnet.rice.edu> Paul, I think all you do is pgp -ke ferguson and it will ask if you want to add more info to your public key. I did this so now my public key looks like this: 'pgp -kvv barrus' Key ring: '/home/klbarrus/Crypto/pgp/pubring.pgp', looking for user ID "barrus". Type bits/keyID Date User ID pub 1024/5AD633 1993/01/08 Karl L. Barrus Karl L. Barrus 1 key(s) examined. -- /--------------------------------------------------\ | Karl L. Barrus | | klbarrus at owlnet.rice.edu | | D1 59 9D 48 72 E9 19 D5 3D F3 93 7E 81 B5 CC 32 | \--------------------------------------------------/ From rjc at gnu.ai.mit.edu Fri Aug 27 08:47:50 1993 From: rjc at gnu.ai.mit.edu (Ray) Date: Fri, 27 Aug 93 08:47:50 PDT Subject: Mailer hooks for PGP In-Reply-To: Message-ID: <9308271545.AA29692@geech.gnu.ai.mit.edu> Isn't there already a version of elm with pgp patches? -- Ray Cromwell | Engineering is the implementation of science; -- -- EE/Math Student | politics is the implementation of faith. -- -- rjc at gnu.ai.mit.edu | - Zetetic Commentaries -- From nobody at alumni.cco.caltech.edu Fri Aug 27 09:02:51 1993 From: nobody at alumni.cco.caltech.edu (nobody at alumni.cco.caltech.edu) Date: Fri, 27 Aug 93 09:02:51 PDT Subject: Commercial PGP; trapdoor rumors Message-ID: <9308271554.AA08533@alumni.cco.caltech.edu> > In April, I talked to Jim Bidzos @ PKP, and he agreed to allow his > licensed RSA code to be built into a PGP compatible freeware program. have you considered the possibility that bidzos is a FUCKING LIAR? shaen bernhardt put it well many months ago: Don't sell out cypherpunks, RSA Inc. will stab you in the back as quickly as anyone else. here's another quote i like to review when i'm feeling too calm. it comes from a tcmay description of a cpunx mtg in sf: I think I mentioned somewhere that I put Bidzos on the spot with what I called "The 64-bit Question": Are you going to cut a deal and sell us out? [regarding clipper/capstone] Bidzos was very sober when he answered this, and said, roughly: "If you mean will I conspire with the government to deny strong crypto to users, no. But if Clipper and Capstone are destined for deployment and they come to us and offer royalties, what choice will we have? We have a duty to our shareholders." And as he was leaving for the day, he leaned in the door to our meeting and said, as if to reiterate the point, "Tim, I won't sell you out." let me translate bidzos' reply: I WILL SELL YOU OUT. so go ahead, rely on bidzos' word. but take my advice: count your fingers after shaking hands. From hughes at ah.com Fri Aug 27 10:22:51 1993 From: hughes at ah.com (Eric Hughes) Date: Fri, 27 Aug 93 10:22:51 PDT Subject: REMAIL: Attacks on remailers In-Reply-To: <9308271052.AA07922@achilles.ctd.anl.gov> Message-ID: <9308271714.AA11676@ah.com> Attack (7) is made by an opponent who monitors all network traffic, but has no access to the insides of the remailer nodes. The defense is more subtle, however, than proposed. >(7): Look at all messages coming out of the first remailer, and >follow them into their 2nd remailers; take all messages from those and >follow them on, and so on. This will eventually lead to a number of >destinations, one of which must have been the destination of the original >message. Over a period of time, look for correlations between destinations >and sources. Let us assume that these remailers have the basic characteristics of mixes: encryption rewriting, size quantization, and message reordering. Furthermore, let us assume that the defense of using 'large' chains of 'popular' remailers is being used. >With enough >mixing at each stage of the chain, the number of possible destinations >will become astronomically large, The possible number of destinations should increase exponentially with each hop. If gather-and-rearrange mixing is done, then the number is the product of the rearrangement thresholds for each remailer. If a radioactive decay model for reordering is used, then it is the expected value of the number of destinations which grows exponentially, that is, the possible number of destinations (those with non-zero probability) grows faster that the expected value of the number of destinations. They are both exponential, but one has a larger base than the other. What is more important than the reordering algorithm is that the expected number of destinations grows exponentially with the number of hops. There will be correlations, but with linear increase in cost we can get rid of them, we hope. >making correlations statistically impossible What is the nature of the remailer path, however, for which we have an assurance that the correlations are too difficult to carry out? Or to ask a simpler question for a simpler environment where we assume all remailers are equal, just how long does the path have to be? We know that by making the paths "long enough" that we can prevent correlations from becoming significant. The question is how do we find out what is long enough? >such an attack (PROLONGED monitoring of all >remailers) would be very difficult to perform, esp. with use of >remailer-remailer socket connections. The fact that it would be difficult is not the issue for the theory, but for the practice. The extremely high cost, however, could be justified for 'national security' reasons against a few targets, or to break the system completely open looking for 'tax evaders.' If our theory is good against an arbitrarily strong opponent, then the system can withstand sustained attack. If the existence of the system is seen as sufficiently threatening, for any number of different threats, we should plan for a sustained attack. We need to know what the limits of the capability are and not just guess. I've been thinking about an invariant for communications systems proof against traffic analysis which I call 'privacy diffusion'. The privacy diffusion is a probability distribution over possible recipients. One characteristic of the privacy diffusion is the expected value of the number of different recipients. This is a good first measure, but I suspect it won't be enough. The expected number of recipients is multiplicative in the diffusion per node, as described above. If different downstream nodes have different mixing thresholds, they'll need to be weighted. Since the system is multiplicative, the weighting should be by geometric mean, i.e. a downstream node with probability 1/10 should multiply by the 10th root of its own threshold. One can see that if all the downstream nodes have equal likelihood and identical thresholds, that this formula degenerates into the simple one above. In fact, there is a simple closed form expression for this value, namely, e^-E(ln p), the inverse exponential of the expected log probability. This is exactly e^H, where H is the entropy of the probability distribution. e^H is also the expected size of the search space, were we looking for encryption keys. On the other hand, this situation is unlike a key search space in that every value is not equally likely and that the priors are not independent. In a phrase, not everybody talks to everyone else, but everyone who talks talks to someone else. We can make a baseline model of a communications graph with probabilities on it. (This doesn't take into account state, e.g. conversations tend to happen alternately.) Most edges on this graph will have p=0, i.e. these two people have never communicated. Let us remove these null edges. What we are left with is a sparse graph with lots of clustering (friends of friends). In this situation, if our message could have gone to ten million people (say, 7 hops each with threshold 10), it is more likely that it went to one of twenty or fifty. Even if you don't know what the graph looks like, you'll know that it is sparse, and you'll have some idea of what the characteristic distributions are. This is exactly the equivalent of studying letter, digram, and higher order statistics for English and other natural languages. The statistics gathered as to the prior distribution will appear in the observed output unless one has some good idea of how to 'confuse and diffuse' them. I am pushing an analogy here between cracking codes and cracking traffic patterns. I am pretty sure that there are more parallels than meet the eye. The appearance of the entropy in the expected number of recipients may be only the tip of a much larger correlation. traffic cipher ======= ====== statistics of letter frequencies interconnection of the plaintext observed messages ciphertext path through key remailers mixing algorithms encryption null messages padding This whole mix system needs a lot more thought before we'll have an assurance that it will be secure against sustained attack. ------------------------------------------------------- On the lighter side, I couldn't resist this next one. >(8): Correlate messages being sent from person A with messages being >received a certain time later by person B. >Defense: [...] The sender's traffic pattern is >then constant and no information can be gained from it. And for the receiver, just subscribe to cypherpunks under several different aliases. Eric From hughes at ah.com Fri Aug 27 10:32:52 1993 From: hughes at ah.com (Eric Hughes) Date: Fri, 27 Aug 93 10:32:52 PDT Subject: Mailer hooks for PGP In-Reply-To: Message-ID: <9308271722.AA11690@ah.com> >check your public ring and automatically sign/encode outgoing mail to >eligible users As a general rule, mere presence of a key on a keyring should not indicate that this person wishes to receive encrypted mail. There should be a separate installation for that, either by an enhanced alias file or similar. There are many for whom reading encrypted mail is not always desirable, because the effort required to download it and decrypt it is more time than the content is worth. I myself fall into this category, unfortunately. I mean, if you encrypted if there was a key for someone, and sent mail to David Sternlight, he wouldn't be able to read what you wrote! :-) Eric From frissell at panix.com Fri Aug 27 10:35:59 1993 From: frissell at panix.com (Duncan Frissell) Date: Fri, 27 Aug 93 10:35:59 PDT Subject: What, Me Worry? Message-ID: <199308271732.AA13237@panix.com> To: cypherpunks at toad.com >From Thursday's WSJ news that suggests that the competition may be a tad busy to worry about suppressing strong crypto: Poor Man's Cruise Airliners Can Exploit U.S. Guidance System But So Can Enemies --------- Global Positioning Satellites Could Be Used to Direct Cheap, Accurate Missiles ---------- Defense Aide:It's a Quandry Washington--At the Pentagon, they call it "the poor man's cruise missile." It is a low-flying guided missile or robot aircraft that is relatively cheap to produce, but capable of hitting targets with a precision the U.S. once monopolized... (you can fill in the rest of the story) Reminded me of the late 60's early 70's with VonuLife and the gypsies and the troglodytes arguing that high-tech weapons would render large cities (aka target-rich environments) uninhabitable and people would have to spread out into communities too small to waste hardware on. Also, Vinge's "The Ungoverned" in which tornado-killer missiles are retargeted at the government baddies. This is an example of what I call the Sack-Full-Of-Cats-Thrown-In-The-River effect. As things get dicey for large "target-rich" institutions like governments, and their revenues drain away to the nets, internal and external struggles for fading influence begin. It ends up like a sack full of cats thrown into a river. Noisy, but fun if you don't like the cats. Duncan Frissell Who likes cats himself and could almost feel sorry for the rulers of others if they hadn't quite killed so many people. "In his first three months in the White House, President Clinton killed more people in the United States than during the 12 years of Reagan-Bush." --- WinQwk 2.0b#0 From wayner at cs.cornell.edu Fri Aug 27 10:57:52 1993 From: wayner at cs.cornell.edu (Peter Wayner) Date: Fri, 27 Aug 93 10:57:52 PDT Subject: Key Escrow Anecdote... Message-ID: <9308271756.AA12706@sindri.cs.cornell.edu> I was speaking with an international crypto consultant who told me this story about a business with an office in a South American country. They decided to start encrypting their link. Within a week, a team of soldiers burst through the door and smashed the encryption hardware to bits. On the way out, they asked, "What are you trying to hide from us?" -Peter From tedwards at wam.umd.edu Fri Aug 27 11:12:52 1993 From: tedwards at wam.umd.edu (technopagan priest) Date: Fri, 27 Aug 93 11:12:52 PDT Subject: ViaCrypt PGP and source code Message-ID: <199308271810.AA08679@rac1.wam.umd.edu> I am sure that businesses will buy ViaCrypt PGP, even for $100. PGP has proven itself to be a useful and safe encryption package, and also can do digital signature, a feature not seen in similarly priced PC security packages. I think to not release the source code with ViaCrypt PGP is a serious mistake. First, I cannot see how releasing the RSA source can be harmful to ViaCrypt. People can freely examine PD PGP, I can't see how any trade secrets are going to be revealed by showing the RSA source. Perhaps it is slightly faster, but information theoretic limits show that RSA quickly becomes lengthy to encrypt, and I doubt PKP nor ViaCrypt have made any significant progress towards making it faster compared with PD PGP. I had to laugh when people suggested the "Clipper-Like" review. Why is it good for ViaCrypt, but not good for the government? Let's face it...if ViaCrypt is serious about security, they will release all source code for examination, and will digitally sign all programs and have those signatures tracable to a key on a ViaCrypt owned dial-up BBS. I understand that there is a contractual problem with releasing the RSA source. Perhaps the contract should be re-negotiated. I will bet ViaCrypt PGP will rapidly become a best-seller if implemented properly. There is plenty of money to be made if everything is kept on the cryptographic "up and up." -Thomas From peb at PROCASE.COM Fri Aug 27 11:13:21 1993 From: peb at PROCASE.COM (Paul Baclace) Date: Fri, 27 Aug 93 11:13:21 PDT Subject: What, Me Worry? Message-ID: <9308271811.AA06477@banff.procase.com> The WSJ article about GPS has a familiar cypherpunk ring to it...the commercial GPS signal is weakened (millitary 10ft accuracy signal is encrypted), the "enemies" are using it for missile guidance anyway (better than gyroscopes), and the hegemony of the US is wanning as perfectly predicted in The Great Reckoning (James Davidson and Rees-Mogg): defensive technology is improving over destructive technology and information technology eventually leaks out. Paul E. Baclace peb at procase.com From nowhere at bsu-cs.bsu.edu Fri Aug 27 11:25:59 1993 From: nowhere at bsu-cs.bsu.edu (Anonymous) Date: Fri, 27 Aug 93 11:25:59 PDT Subject: No Subject Message-ID: <9308271825.AA04321@bsu-cs.bsu.edu> Hi, Being new to this list, I've got a ways to go before I understand everything I'm reading. But one thing I'd like to know today, is JUST WHO IS DAVID STERNLIGHT? I've seen his name mentioned here for the first time, and many times since. Tanks From edgar at spectrx.Saigon.COM Fri Aug 27 11:32:52 1993 From: edgar at spectrx.Saigon.COM (Edgar W. Swank) Date: Fri, 27 Aug 93 11:32:52 PDT Subject: Phil Zimmerman Press Briefing? Message-ID: To: Bay Area Extropians Cypherpunks I just spoke to Phil Zimmerman on the phone (8/27 about 10am). He told me he plans to attend the Extropganza tomorrow, and to use the occasion to hold some kind of press briefing of his just- announce product "ViaCrypt", a commercial version of PGP. He asked me to send out this E-mail request for all of you who know any press people to invite them to attend. Unfortunately, Phil was unable to tell me exactly when he expects to arrive. -- edgar at spectrx.saigon.com (Edgar W. Swank) SPECTROX SYSTEMS +1.408.252.1005 Cupertino, Ca From marc at GZA.COM Fri Aug 27 11:42:52 1993 From: marc at GZA.COM (Marc Horowitz) Date: Fri, 27 Aug 93 11:42:52 PDT Subject: ViaCrypt PGP and source code In-Reply-To: <199308271810.AA08679@rac1.wam.umd.edu> Message-ID: <9308271841.AA01487@dun-dun-noodles.aktis.com> >> I understand that there is a contractual problem with releasing >> the RSA source. Perhaps the contract should be re-negotiated. You don't seem to understand that RSA has a monopoly. You think they are going to bend over backwards for ViaCrypt PGP when they are pulling in millions in royalties from companies like Lotus? >> I will bet ViaCrypt PGP will rapidly become a best-seller if >> implemented properly. There is plenty of money to be made if >> everything is kept on the cryptographic "up and up." "Nobody ever went broke underestimating the intelligence of the American public." Consider how unaware most people are today. They're not going to care if they can audit the code; most people don't have the skills anyway. If AT&T or the government says something is secure, they will be believed by most people. Certain large organizations (like banks) may have the clout (financial clout, since that's what counts) to do their own code audit. But Cypherpunks just aren't big enough fish. There's plenty of money to be made if you aren't 'on the cryptographic "up and up"'. If you don't want to buy ViaCrypt PGP because you can't get sources, RSA isn't going to cry over those lost profits. Their monopoly insures that they can get their money from more compliant customers. Cynically yours, Marc From collins at newton.apple.com Fri Aug 27 12:06:00 1993 From: collins at newton.apple.com (Scott Collins) Date: Fri, 27 Aug 93 12:06:00 PDT Subject: Who is David Sternlight? Message-ID: <9308271859.AA22219@newton.apple.com> >[...] WHO IS DAVID STERNLIGHT? [...] David Sternlight is a particulary active, if not universally admired, poster to sci.crypt et al (including a special fan club news group). The volume of his posts and their position (often antithetical to positions taken by cypherpunks) has led some to speculate that he is not an individual at all, but a group with an agenda. Some people delight in reading his posts, either because they approve, or for the same reason I like to read 'Ask Marilyn' in Parade: because they like to get riled up. Some people just add him to their 'kill' files. There has been debate over adding software moderation to sci.crypt that automatically redirects David Sternlight posts to a side group. In any case, DS (as he is sometimes referred to) is a prominent political feature of the privacy/cryptography related news groups. If you really want to know who he is: join sci.crypt; read some of his posts; and then ask him in e-mail. If you do send him e-mail -- make sure that if you use an anonymous remailer of the variety that allows him to respond to you, unlike the one you used to post this request. Hope this helps, Scott Collins | "Few people realize what tremendous power there | is in one of these things." -- Willy Wonka ......................|................................................ BUSINESS. voice:408.862.0540 fax:974.6094 collins at newton.apple.com Apple Computer, Inc. 1 Infinite Loop, MS 301-2C Cupertino, CA 95014 ....................................................................... PERSONAL. voice/fax:408.257.1746 1024/669687 catalyst at netcom.com From ferguson at fiber.sprintlink.net Fri Aug 27 12:42:53 1993 From: ferguson at fiber.sprintlink.net (Paul Ferguson x2044) Date: Fri, 27 Aug 93 12:42:53 PDT Subject: Whois Sternlight? Message-ID: <9308272038.AA19628@fiber.sprintlink.net> On Fri, 27 Aug 93 13:25:39 -0500, Anonymous wrote - > Being new to this list, I've got a ways to go before I understand > everything I'm reading. But one thing I'd like to know today, is > JUST WHO IS DAVID STERNLIGHT? I've seen his name mentioned here > for the first time, and many times since. You must not follow the Usenet nesgoups sci.crypt, alt.privacy, alt.privacy.clipper, comp.eff.org.talk (etc, etc, ad nauseam) which Sternlight frequents. He even has a news.group named for him (by his detractors), alt.fan.david.sternlight. ,-) ---------------------------- ----------------------------- Paul Ferguson Minbank Consulting Group ferguson at fiber.sprintlink.net Fairfax, Virginia USA ferguson at icm1.icp.net From ferguson at icm1.icp.net Fri Aug 27 12:45:58 1993 From: ferguson at icm1.icp.net (Paul Ferguson x2044) Date: Fri, 27 Aug 93 12:45:58 PDT Subject: Another "fan" Message-ID: <9308272009.AA03678@icm1.icp.net> On Fri, 27 Aug 93 13:25:39 -0500, Anonymous wrote - > Being new to this list, I've got a ways to go before I understand > everything I'm reading. But one thing I'd like to know today, is > JUST WHO IS DAVID STERNLIGHT? I've seen his name mentioned here > for the first time, and many times since. You must not follow the Usenet nesgoups sci.crypt, alt.privacy, alt.privacy.clipper, comp.eff.org.talk (etc, etc, ad nauseam) which Sternlight frequents. He even has a news.group named for him (by his detractors), alt.fan.david.sternlight. ,-) Paul From tcmay at netcom.com Fri Aug 27 12:47:54 1993 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 27 Aug 93 12:47:54 PDT Subject: Who is David Sternlight? In-Reply-To: <9308271825.AA04321@bsu-cs.bsu.edu> Message-ID: <9308271947.AA24274@netcom3.netcom.com> Anonymous asks: > Hi, > > Being new to this list, I've got a ways to go before I understand > everything I'm reading. But one thing I'd like to know today, is > JUST WHO IS DAVID STERNLIGHT? I've seen his name mentioned here > for the first time, and many times since. > > Tanks "David Sternlight" is actually an experimental neural net program which is linked to the Net through Netcom. It has a long way to go before being mistaken for a real person, though it seems to have perfected the "rancor-mode" behavior seen in Net flame wars. This near-AI is especially active in sci.crypt, alt.privacy.clipper, alt.security.pgp, and has its own special test area, alt.fan.david-sternlight. Questions about the source code for the "David Sternlight" program should be addressed there. Like most computer programs, it is tenacious and has seemingly inexhaustible patience in repeating arguments over and over again. When challenged, it always responds. When challenged further, it invokes subroutines which cite its knowledge base, its credentials, and its general superiority to carbon-based intelligences. Some say the program, which is nominally based in the Los Angeles area, is actually one of the "Blue Ice" programs developed by the NSA, similar to the Serdar Argic program deployed by the State Department and the Ludwig Plutonium program being tested now by the National Science Foundation. I hope this helped. -Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From karn at qualcomm.com Fri Aug 27 13:13:24 1993 From: karn at qualcomm.com (Phil Karn) Date: Fri, 27 Aug 93 13:13:24 PDT Subject: What, Me Worry? In-Reply-To: <9308271811.AA06477@banff.procase.com> Message-ID: <9308272011.AA06979@servo> I follow the GPS universe fairly closely. The term for the intentional degrading of accuracy for "unauthorized" (civilian) users is "Selective Availability" (SA). The story gets even better. Although the DoD hasn't described how SA works, it's now apparent that they add cryptographically generated "phase noise" to the timebase on each satellite, probably with a direct digital synthesizer. In other words, the satellite looks like it has a noiser atomic clock than it really does. "Authorized" users with the right keys can regenerate the same dither stream and subtract it out of their observations. During the Gulf War, the DoD quietly turned SA *off* because they could only meet their immediate need for vast quantities of receivers by tapping the commercial ("unauthorized") market. Of course, this did not go unnoted by the civilan GPS market; there were probably some red faces in the Pentagon. I do know there were a lot of broad grins in the civilian world. It's almost as if they had decided to use PGP on PC clones due to a lack of NSA-approved military crypto gear. Unfortunately, after the war, DoD turned SA back on again. However, the civies had a neat trick up their sleeves: "differential GPS". This involves placing a GPS receiver in a fixed spot and having it broadcast the difference between its known location and its current position as determined by GPS. Because most of the errors in GPS are strongly correlated between nearby receivers, this subtracts out almost all the errors in the mobile user's position. Not just SA, but ionospheric dispersion, orbital element inaccuracies, etc. The result is an accuracy of 1-3 meters, with or without SA. The really fun part is this. Guess who's leading the effort to deploy differential GPS beacons? The US Coast Guard! That's right, while one side of the military intentionally sabotages the signal, another military service (albeit under the Department of Transportation rather than the DoD) works to un-sabotage it! Your tax dollars at work. Actually, the Coast Guard says it would be doing differential GPS even if SA were turned off. With SA on, accuracy is typically on the order of 100m; without it, accuracy improves only to about 25m, and this is insufficient for many harbor approaches. And here's yet another delightful irony in the GPS saga. The DoD maintains a network of ground tracking stations that determine the orbit of each GPS satellite. Every few hours they uplink these orbital elements to the satellites so they can be broadcast to the users. There was talk for a time of encrypting the low order bits of the orbital elements as part of SA, but this apparently hasn't happened. Nevertheless, GPS is so useful to the international scientific community that they've set up their own network of tracking stations to produce and disseminate their own GPS orbital elements. And while the DoD-generated elements are good only to about 10-15m, the civilians, having many more stations and better techniques, generate sets good to less than 1m! Phil From honey at citi.umich.edu Fri Aug 27 13:27:53 1993 From: honey at citi.umich.edu (peter honeyman) Date: Fri, 27 Aug 93 13:27:53 PDT Subject: Commercial PGP: Verifying Trustworthiness Message-ID: <9308272026.AA17010@toad.com> > This means that I am trusting the "pseudo-random" stuff not to be > some secrets that PGP has read from my disk. trust? you could read the code, starting at about line 550 of crypto.c. of course, you have to trust your eyes, your editor (if you use one), and your operating system not to deceive you. (i think i've carried this too far.) > The only benefit > that I see to the pseudo-random stuff is to send the same message > to several people without revealing the fact that the messages are > the same except to those that can decode the messages. that is a big win, in my view, but the random prefix also also helps defeat chosen plaintext attacks, does it not? peter From honey at citi.umich.edu Fri Aug 27 13:32:54 1993 From: honey at citi.umich.edu (peter honeyman) Date: Fri, 27 Aug 93 13:32:54 PDT Subject: Source Code NOT available for ViaCrypt PGP Message-ID: <9308272032.AA17050@toad.com> > > What about the idea of having someone who is known trustworthy examine the > > source code under nondisclosure? > > ... > > That is not a bad idea, ... i disagree. who will guarantee that viacrypt ships binaries based on the validated code? peter From honey at citi.umich.edu Fri Aug 27 14:02:56 1993 From: honey at citi.umich.edu (peter honeyman) Date: Fri, 27 Aug 93 14:02:56 PDT Subject: .Comparing ViaCrypt and freeware. Message-ID: <9308272102.AA17377@toad.com> > If you're worried about backdoors, reverse engineer it and verify > that it works as advertised. Given that the program has to largely > duplicate an existing set of source, this should be trivial. do you mean decompile it, or reverse engineer it based on the outputs? that former is tractable, but i suspect the latter is comparable to "busting" the idea algorithm. neither is "trivial" in my mind. peter From newsham at wiliki.eng.hawaii.edu Fri Aug 27 14:07:54 1993 From: newsham at wiliki.eng.hawaii.edu (Timothy Newsham) Date: Fri, 27 Aug 93 14:07:54 PDT Subject: Matrix extensions of the rsa algorithm. Message-ID: <9308272106.AA17441@toad.com> I have posted this before and never saw any reply. The following sounded appealing to me because it gives public key features with private key cryptosystem speeds. Matrix Extensions of the RSA Algorithm Chih-Chwen Chuang and James George Dunham CRYPTO '90 Abstract A new matrix extension of the RSA algorithm is proposed which is based on the Cayley-Hamilton theorem and a one-way function. The security of this algorithm rests on that of the RSA algorithm and the one-way function. The computational efficiency of the new algorithm depends on the dimension of the marix. The most efficient implementation is the 2x2 case in which both the encryption and decryption use a single modulo arithmetic multiplication and single evaluation of the one-way function. later in the paper.. 'Under a chosen plaintext attack on the key, the security of the new algorithm is equivalent to that of the RSA algorithm. Under a known plaintext attack on the message, the security of the system rests upon that of the one-way function.' '..theyse public key cryptosystems hvae the potential of a fast implementation.' Has anyone looked into this paper? Has anyone implemented the cryptosystem explained in it? From honey at citi.umich.edu Fri Aug 27 14:12:55 1993 From: honey at citi.umich.edu (peter honeyman) Date: Fri, 27 Aug 93 14:12:55 PDT Subject: Viacrypt PGP source code unavailable Message-ID: <9308272112.AA17537@toad.com> > Yet still some people pay for software because > they feel better using a legal version. People who feel this way would > perhaps also prefer a legal version of PGP. i remind you (all) that the courts have long recognized an exemption from patent infringement liability for research and experimental use. this exemption makes my use of pgp legal, maybe yours, too peter From an31144 at anon.penet.fi Fri Aug 27 14:15:59 1993 From: an31144 at anon.penet.fi (an31144 at anon.penet.fi) Date: Fri, 27 Aug 93 14:15:59 PDT Subject: Plausible Spookiness Message-ID: <199308272046.AA04048@xtropia> > Whoever "Raymond Paquin" is, he's no spook. Spooks just don't do > things like that - tell a little bit, then clam up. They are > trained by instinct never to leak. I got a sad little chuckle out of that one. Leaving aside the paradoxical "trained by instinct" line, I can assure you that your claim here is simply naive. Perhaps you watch too much TV. For every Ivy League CIA careerist station chief with a vested interest and thorough indoctrination, there are several thousand nobodies who more or less blundered into the racket in minor capacities. These are underpaid, ignored, fucked-with, jacked around, abused, denied, manipulated, lied to, insulted, cut loose, yanked back and otherwise generally driven nuts until they quit, at which time they discover they are too burned out to do anything in the real world - say, hold down some shitty job ("There seems to be a rather large hole in your resume, Mr. Smith...") or maintain personal relationships. What these people will or won't do is beyond reliable conjecture. Did you guess I speak from personal experience and observation? What Paquin is or isn't, I can't say. I haven't believed or trusted anyone since late 1970 or so anyway, but I would not be surprised if Paquin actually was doing pretty much what he said, namely working at some university doing crypto math on some government grant with big strings. This is completely plausible. > If there is any flaw in PGP, there are only a few places where it > could be. The basic mechanics of the program (RSA, IDEA, etc) > obviously work... If you mean that they are NSA-proof, or that only brute force attacks would affect decryption, I would suggest that we know no such thing, and it is extremely unlikely that we ever will. The NSA has _astounding_ resources, unequalled by anything in the private sector, dedicated to no other purpose than compromising world-class cyphers. Their successes are not public knowledge, to say the least. No one here should blithely dismiss claims of PGP weaknesses when the opposition has literally billions of dollars earmarked to find such flaws. It bears noting that the concealment of major successes in decryption are every bit as important as the decryption itself, a fact often overlooked. I would like to see "Paquin's" case against PGP as well as a competent analysis of his claims. Unfortunately, I cannot produce either. > A subtle flaw would have to be somewhere like: prime number > generation, random RSA key generation, or random session key > generation. If the primes weren't actually prime, that would make the > RSA keys breakable. But you could take the primes (pgp -kg -l and you > will see them in hex) and feed them into a primality tester to verify > that. I have seen numerous conjectures about PGP primes, but am not competent to judge them. > The most likely place for a bug would be in the randomness. This has been another subject of discussion, though I know of no firm conclusions being reached. From nobody at pmantis.berkeley.edu Fri Aug 27 14:27:55 1993 From: nobody at pmantis.berkeley.edu (nobody at pmantis.berkeley.edu) Date: Fri, 27 Aug 93 14:27:55 PDT Subject: Digital Coin Claim Message-ID: <9308272126.AA13256@pmantis.berkeley.edu> At 10:24 PM 8/25/93 -0400, Paul L. Moses wrote: >I think that creating a chain of title for digicoins would defeat the whole >purpose of the exercise. Creating a history of ownership is done in order to >increase accountability, not privacy. And such a history is necessary only to >clarify disputes over ownership, liens, defects....things which are simply not >problems with currency and bearer instruments. > >The question is, what is the end to which this chain of title is being put? >To verify that the holder is a "valid" holder? THIS IS IRRELEVANT. He who >holds, owns. Yes, but holds what? I think you missed the point. You're thinking that people use their identity-revealing keys to sign these public documents. I think Hnash intended that people use anonymous or even one-time-only keys. The bearer instrument is not the thing that gets publicized, it is the private key corresponding to the public key in the public document. When you generate that key, you put no identifying info in it. You use it only once, to transfer ownership. Hence, your true identity is not tied in to the history of ownership. This leads back to the question about settling disputes - if the keys associated with the owner of the coin do not identify him, he could attempt to use the same coin more than once. This could perhaps be circumvented by having a single registry. The merchant would wait until the registry showed her (her key) to be the owner before handing over the goods. From snark!esr at gvls1.VFL.Paramax.COM Fri Aug 27 14:32:56 1993 From: snark!esr at gvls1.VFL.Paramax.COM (Eric S. Raymond) Date: Fri, 27 Aug 93 14:32:56 PDT Subject: What, Me Worry? In-Reply-To: <199308271732.AA13237@panix.com> Message-ID: > "In his first three months in the White House, President Clinton killed > more people in the United States than during the 12 years of Reagan-Bush." I'm no fan of Clinton and his crypto-socialist allies, but this strikes me as extreme, unwarranted, and unsupported. Can you back it up? -- Eric S. Raymond From mdiehl at triton.unm.edu Fri Aug 27 14:52:59 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Fri, 27 Aug 93 14:52:59 PDT Subject: Key Escrow Anecdote... In-Reply-To: <9308271756.AA12706@sindri.cs.cornell.edu> Message-ID: <9308272147.AA07656@triton.unm.edu> According to Peter Wayner: > I was speaking with an international crypto consultant > who told me this story about a business with an office > in a South American country. They decided to start encrypting > their link. Within a week, a team of soldiers burst through > the door and smashed the encryption hardware to bits. On > the way out, they asked, "What are you trying to hide from us?" ...Which brings up the questoin of "who's soldiers were they?" From frissell at panix.com Fri Aug 27 17:42:58 1993 From: frissell at panix.com (Duncan Frissell) Date: Fri, 27 Aug 93 17:42:58 PDT Subject: What, Me Worry? Message-ID: <199308280040.AA00841@panix.com> To: cypherpunks at toad.com Since I received 3 or 4 requests to explain my earlier signature line... C.>>"In his first three months in the White House, President Clinton C.>killed C.>>more people in the United States than during the 12 years of C.>Reagan-Bush." C.> C.>Could you expand on this? I'm curious. C.> Sorry, I was rushed. The "improved" version: During the first three months of the Clinton Administration, federal enforcement agencies killed more Americans than they killed during the entire 12 years of the Reagan and Bush Administrations. Waco! This is true because usually the Feds kill few Americans directly (fewer than 1 a month). DCF --- ~ WinQwk 2.0b#0 ~ Unregistered Evaluation Copy From fergp at sytex.com Fri Aug 27 18:42:58 1993 From: fergp at sytex.com (Paul Ferguson) Date: Fri, 27 Aug 93 18:42:58 PDT Subject: Cisco vulnerabilities? Message-ID: On Thu, 26 Aug 93 21:17:16 -0600, L. Detweiler wrote - > ===cut=here=== > > Date: Wed, 25 Aug 1993 12:56:54 -0700 (PDT) > From: Al Whaley > Subject: Cisco routers > > Rumors abound that Cisco routers have a back door; that is when > a TCP port is disabled, it can still be accessed from Cisco's > IP number. > > I have personally verified this with the sendmail port. > > Al Whaley al at sunnyside.com +1-415 322-5411(Tel), -6481 (Fax) > Sunnyside Computing, Inc., PO Box 60, Palo Alto, CA 94302 > Sure, they have a backdoor -- it's called unsecured ports and lackidaisical security. Cisco routers don't really have "TCP" ports, per se. They have ethernet ports, or token ring ports, v.35 serial ports, and dial-up rs-232 for fail-safe configuration when some idiot drops your feed at the local rboc and you need to "look into" your net. If the "entrance" passwords are enabled properly, then I feel quite sure that this threat is minimal. However, I have learned recently that some facets of SNMP encapsulation can exploit _management_ but can not, however exploit the configuration of the router. It can add to the traffic overhead. Also, there is an additional "enable" password for configuration modification, such as changing IP addresses of the ethernet or serial interfaces (ports) and saving the configuration to NVRAM. I had a guy adamantly try to convince me the other day that the (Cisco) routers were in jeopardy because of the ability to TFTP a new (albeit, damaging) operating system directly into NVRAM (a sleight of hand), rendering the box useless. It can be done, in fact, Cisco would have to ship me a whole new box overnight if it happened, but if I mind my P's and Q's (read: adhere to proper security), he's pissin' in the wind. ;-) Cheers, Paul Ferguson | "Government, even in its best state, Network Integrator | is but a necessary evil; in its worst Centreville, Virginia USA | state, an intolerable one." fergp at sytex.com | - Thomas Paine, Common Sense Type bits/keyID Date User ID pub 1024/1CC04D 1993/03/15 Paul Ferguson Key fingerprint = EE D2 93 7D 04 6D C6 05 AC 36 AD 9D 8E 4F 41 58 From fergp at sytex.com Fri Aug 27 18:43:27 1993 From: fergp at sytex.com (Paul Ferguson) Date: Fri, 27 Aug 93 18:43:27 PDT Subject: Physical security lapses will getcha every time. Message-ID: -----BEGIN PGP SIGNED MESSAGE----- On Fri, 27 Aug 1993 01:46:57 -0400 (EDT), Mike Ingle wrote - > The most likely place for a bug would be in the randomness. > I suppose it is possible that a one-line bug somewhere could > leave out most of the randomness, making the keys still look > random but actually be predictable. Random number generation > is hard to verify. How has that in PGP been checked? The PGP > source is so big and spread out, it's hard to check. I don't > think there is a bug, but it would be nice if PGP were > carefully examined and attacked. Where are these rumors > coming from? They are bad for the cause. Let's be realistic, Mike. The biggest threat to any security, on any basis, is the threat of human nature. The chances of someone factoring your PGP encoded message is somewhere in the range of slim-to-none, but the chances of someone (you) -physically- compromising their key is much, much higher. In fact, I'd venture to say that it's much higher than even you or I imagine, given the fact that some folks ignore what most of us would deem common sense and use PGP on a multi-user system (such as a SUN server, any other UNIX-flavored workstation, or even a Netware server). Fact Two: That's why you won't see messages from me either (a.) signed with PGP, or (b.) encrypted with PGP from any of my other e-mail accounts. All are UNIX (open) environments and I don't like the implications of the possibilities of my secret key being exposed, even if I do trust the folks I work with. Call me a schizoid. Cheers, -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLH6FrJRLcZSdHMBNAQEs1AP8D3ve8oRYIT4/Lne3LYY9xZWkghZFQyhH CcCdFhHfAyXeAnz6puIpSN+9zior4/W9pcgxK/EdcCt72hMOzTYQvWtFZVIE0nQA Fn+a5FkUwCLhvfiIqCSPvBjG8UvBt2RTuv7GN0IiIfMwzCeAkB9MTkoNQut48DGU thDLDXfnRxs= =0v11 -----END PGP SIGNATURE----- Paul Ferguson | "Government, even in its best state, Network Integrator | is but a necessary evil; in its worst Centreville, Virginia USA | state, an intolerable one." fergp at sytex.com | - Thomas Paine, Common Sense Type bits/keyID Date User ID pub 1024/1CC04D 1993/03/15 Paul Ferguson Key fingerprint = EE D2 93 7D 04 6D C6 05 AC 36 AD 9D 8E 4F 41 58 From danodom at matt.ksu.ksu.edu Fri Aug 27 18:56:02 1993 From: danodom at matt.ksu.ksu.edu (Dan Odom) Date: Fri, 27 Aug 93 18:56:02 PDT Subject: Source Code NOT available for ViaCrypt PGP In-Reply-To: <9308270328.AA20123@w20-575-50.MIT.EDU> Message-ID: <9308280153.AA06594@matt.ksu.ksu.edu> Derek Atkins Said: > Secondly, regarding "whom do you trust": Do you trust Phil Z? As far > as I know (and granted, its not much, yet), Phil Z is going to oversee > the commercial product, to make sure that nothing is put into it. > Granted, he probably wont get to see the RSA sources, but there are > sources of those (pun intended). If Phil says that the commercial PGP is OK, I will believe him. -- Dan Odom danodom at matt.ksu.ksu.edu -- Kansas State University, Manhattan, KS PGP key by finger or request. From bill at twwells.com Fri Aug 27 20:08:29 1993 From: bill at twwells.com (T. William Wells) Date: Fri, 27 Aug 93 20:08:29 PDT Subject: .Comparing ViaCrypt and freeware. In-Reply-To: <9308272102.AA17377@toad.com> Message-ID: : > If you're worried about backdoors, reverse engineer it and verify : > that it works as advertised. Given that the program has to largely : > duplicate an existing set of source, this should be trivial. : : do you mean decompile it, or reverse engineer it based on the Decompile. : neither is "trivial" in my mind. I have a program that (mostly) automatically turns 386 code into ugly C code. It's not maintainable but, for the purpose of determining that the commercial product is essentially the same as the version that you have source to, that's not necessary. You compile the two versions, decompile them, diff the results, pattern match to eliminate the artifactual differences, re-diff and then examine the diff with the proverbial fine-tooth comb. This would make it quite easy to determine what the commercial code is actually doing, with a minimum of work. And remember: it only has to be done once per version. (No, before anyone asks, the decompiler isn't available. It's not documented. It's hackery. And the code is gross. You'd be much better off writing your own; it isn't hard.) From honey at citi.umich.edu Fri Aug 27 20:32:58 1993 From: honey at citi.umich.edu (peter honeyman) Date: Fri, 27 Aug 93 20:32:58 PDT Subject: .Comparing ViaCrypt and freeware. Message-ID: <9308280330.AA24324@toad.com> > I have a program that (mostly) automatically turns 386 code into > ugly C code. i'm impressed. (honest.) but the task here isn't to compare viacrypt to pgp -- they use different rsa engines -- it's validating that viacrypt doesn't have a backdoor. the diff scheme you describe presupposes that this step has been done, but it has not, and i think it would be very, very hard to do. peter From szabo at netcom.com Fri Aug 27 20:42:58 1993 From: szabo at netcom.com (Nick Szabo) Date: Fri, 27 Aug 93 20:42:58 PDT Subject: Practical security, Internet commercialization, etc. In-Reply-To: Message-ID: <9308280338.AA06727@netcom4.netcom.com> Paul Ferguson: > The biggest threat to any security, on any basis, is the threat of > human nature. The chances of someone factoring your PGP encoded > message is somewhere in the range of slim-to-none, but the chances > of someone (you) -physically- compromising their key is much, much > higher. I'd like to strongly second this, and add my own twist. The problems of making & breaking ciphers are being hashed out, both in open literature and closed quarters (eg NSA), by many highly specialized minds far more focused on these problems than almost all of us on this list. The most important cypherpunks issues are being almost completely ignored by these academics: practical implementation of remailers, most issues dealing with software- based digital cash, reliable key handling, trustworhy key distribution, construction of "webs of trust", implementation of these schemes with all of their pitfalls (legal, social, etc.), commercialization, etc. In most of these cases, the protocols (ciphers, remailing mixes, digital cash, etc.) can theoretically be "broken" by a powerful agent, but the real question is what practical, cheap steps can we take to make things more expensive for those with little respect for our privacy or liberty. Our design criterion should not be max(their expense) but min(our expense/their expense), where "our expense" includes the time needed to hack, test, deploy, and integrate these systems into the social net.fabric. Furthermore, the antagonistic agent in almost all cases will have far less than the full computing power or crypto expertise of the NSA at their disposal, and it's merely speculative fun to try to cover every possible attack at this time. Romana Machado's "Stego" is a great example of useful steganography that address the simple practical issue of hiding data in Mac PICT files without worrying about the many theoretical, statistical ways to detect encryption hidden in pattern- containing pictures. Even if PGP could be broken by the NSA that's no reason not to use it, unless something significantly better comes along. Real crypto-anarchy is quite imperfect, but vastly superior to no privacy at all, the panoptic world to which the Internet sans cypherpunks seems to be heading. Internet commercialization in itself is a _huge_ issue full of pitfall and opportunity: Mom & Pop BBS's, commercial MUDs, data banks, for-profit pirate and porn boards, etc. are springing up everywhere like weeds, opening a vast array of both needs of privacy and ways to abuse privacy. Remailers, digital cash, etc. won't become part of this Internet commerce way of life unless they are deployed soon, theoretical flaws and all, instead of waiting until The Perfect System comes along. Crypto-anarchy in the real world will be messy, "nature red in tooth and claw", not all nice and clean like it says in the math books. Most of the debugging will be done not in any ivory tower, but by the bankruptcy of businesses who violate their customer's privacy, the confiscation of BBS operators who stray outside the laws of some jurisdication and screw up their privacy arrangements, etc. Anybody who thinks they can flesh out a protocol in secret and then deploy it, full-blown and working, is in for a world of hurt. For those who get their Pretty Good systems out there and used, there is vast potential for business growth -- think of the $trillions confiscated every year by governments around the world, for example. At the last Bay Area meeting Tim May asked "what is the low-hanging fruit"? A few pieces I see involve implementing _some_ of the discussed remailer function. The non-SMTP socket solution looks attractive, even if limited to TCP (which most if not all current remailers run over anyway). Non-SMTP sockets cut through the Gordion Knot of the many attacks Hal Finney listed, making them far more expensive, but not attempting to make them "theoretically impossible". A sockets solution seems much easier to implement, thus much more likely to be implemented, than the huge piece of software needed to address address each of the 15-odd attacks in a theoretically strong way. Nick Szabo szabo at netcom.com From eric at Synopsys.COM Fri Aug 27 20:56:02 1993 From: eric at Synopsys.COM (eric at Synopsys.COM) Date: Fri, 27 Aug 93 20:56:02 PDT Subject: Attacks on remailers (LONG) In-Reply-To: <9308271052.AA07922@achilles.ctd.anl.gov> Message-ID: <199308280353.AA02675@gaea.synopsys.com> >>>>> On Fri, 27 Aug 93 05:52:43 CDT, b44729 at achilles.ctd.anl.gov (Samuel Pigg) said: Samuel> Correct me if I'm wrong, but as I see it, there are two goals Samuel> for the remailers: Samuel> (1) Anonymous addresses to which mail can be sent, but the recipient Samuel> is unknown and cannot be determined (receiving anonymous mail). Samuel> (2) The ability to send mail to someone without anyone (including Samuel> the recipient) determing that you did so (sending anonymous mail). Samuel> Number 2 can be mostly taken care of with nested encryption of mail headers. This is an excellent observation which many people seem to ignore when thinking about anonymous remailers. It's understandable why, because achieving both of these goals at the same time is really quite difficult. I've been working on a system to accomplish this for several months now, and it's quite complicated. I call it SASE for Self Addressed Stampable Envelopes. Actually a new name that doesn't imply prepaid postage would be nice if anyone can think of a catchy one... Samuel> To construct an anonymous address block might be something like: Samuel> Anonymous Anne wants an anonymous address. Samuel> First she generates a set of N keys (IDEA, DES or ....... That's basically the way SASE works. It's important that some of the keys be public key pairs, however; as you need to be able to publish one half of a key, and seal the other half for an unpublished remailer to decrypt with. One thing is certain, these protocols are not simple. We definitely need people thinking about them... -eric messick From rjc at gnu.ai.mit.edu Fri Aug 27 21:16:02 1993 From: rjc at gnu.ai.mit.edu (Ray) Date: Fri, 27 Aug 93 21:16:02 PDT Subject: Who is David Sternlight? In-Reply-To: <9308271947.AA24274@netcom3.netcom.com> Message-ID: <9308280413.AA05634@geech.gnu.ai.mit.edu> Timothy C. May () writes: > Some say the program, which is nominally based in the Los Angeles > area, is actually one of the "Blue Ice" programs developed by the NSA, > similar to the Serdar Argic program deployed by the State Department > and the Ludwig Plutonium program being tested now by the National > Science Foundation. No No No! Ludwig Plutonium was developed by the Atomic Energy Commission. Alexander Abian (of "TIME HAS INERTIA", "CORRECT EARTH'S TILT BY DROPPING MOON INTO OCEAN", and "GIVE VENUS An EARTh ORBIT AND CURE AIDS AND CANCER" fame) was developed by the NSF. Robert McElwaine was deployed by the CIA to test the limits of what the populace will believe before they see through propaganda. (JUMBO COSMOSPHERES, BIOLOGICAL TRANSMUTATION, THE RECIPROCAL SYSTEM) The Department of Commerce is now testing an automated program which posts long diatribes on Japan and the need for "industrial policy" (American version of MITI). This program has the unique approach in that it posts messages to _every newsgroup_ Why is the government developing all these propaganda robots? Well, in 1976 a secret panel of government officials called Majestic-14 met with the head of the Trilateral Commission and the Bilderburgers to fight the Martian Invasion and the Communists. The Communists and the Martians had contracted with Folger's to secretly replace our government officials with idiots. (And you thought they only did that with coffee, wrong! The coffee commercials were a carefully constructed coverup) Anyway, the Folger replacements didn't work (the Communists thought they would because the average person was an idiot too) So the Martians and the Communists moved to and now control the University of California at Berkeley. The Centurians then arrived and became very jealous that the Martians and Communists had their own college. They created a super-android code-named Ronald Reagan to fight the Communists-Martians and cut Federal Spending for colleges. Professor Robert T. Birch-Sternlight, a member of SEVSO (Super Elite Very Secretive Organization) decided that enough was enough. He single-handedly pioneered AI (Artificial Insanity), a carefully calculated technology to rid this planet of Martians and Centurians once and for all. The AEC, SEC, RTC, FDIC, CIA, NSF, NSA, DEA, DoD, DoC, were all directed to deploy this software on the internet for testing before installing it at the New York Times, Newsweek, and Time Magazine. Some say NYT and Time are already beta-testing AI. -Ray, member of HEMSATWOSEVSO(Hyper Elite Mega Secretive Agency That Watches over SEVSO) p.s. Hillary Clinton is actually a Star-Baby from the 24th century who came back in time to prevent the Centurians and Earthmen from teaming up to up the Galatic Matriarchy. followups-to: alt.alien.visitors,talk.politics.misc,comp.ai,sci.space, alt.conspiracy (alt.alien.visitors is a coverup! The so-called UFO enthusiasts in there are really government agents attempting to locate the Plutonian base!) THE MARS FACE IS REALLY ELVIS! From markh at wimsey.bc.ca Fri Aug 27 21:43:30 1993 From: markh at wimsey.bc.ca (Mark C. Henderson) Date: Fri, 27 Aug 93 21:43:30 PDT Subject: Physical security lapses will getcha every time. Message-ID: > > Fact Two: That's why you won't see messages from me either (a.) > signed with PGP, or (b.) encrypted with PGP from any of my other > e-mail accounts. All are UNIX (open) environments and I don't like > the implications of the possibilities of my secret key being exposed, > even if I do trust the folks I work with. Call me a schizoid. Of course, this doesn't make the UNIX versions of PGP useless. There is absolutely no reason why you can't run your own personal Unix box. Really all you need is a 386 machine with Linux or 386BSD. The nice thing about the UNIX/Linux setup, is that you can still use all the UNIX tools to send/receive encrypted mail (your favourite mail user agent+pgp/ripem+UUCP+sendmail/smail) in a convenient way without messing with MSDOS. Mark -- Mark Henderson markh at wimsey.bc.ca (personal account) RIPEM key available by key server/finger/E-mail MD5OfPublicKey: F1F5F0C3984CBEAF3889ADAFA2437433 From b44729 at achilles.ctd.anl.gov Fri Aug 27 21:48:30 1993 From: b44729 at achilles.ctd.anl.gov (Samuel Pigg) Date: Fri, 27 Aug 93 21:48:30 PDT Subject: Attacks on remailers (LONG) In-Reply-To: <199308280353.AA02675@gaea.synopsys.com> Message-ID: <9308280446.AA01688@achilles.ctd.anl.gov> >>>>> On Fri, 27 Aug 93 20:53:51 -0700, eric at Synopsys.COM said: >>>>> On Fri, 27 Aug 93 05:52:43 CDT, b44729 at achilles.ctd.anl.gov (Samuel Pigg) said: Samuel> Correct me if I'm wrong, but as I see it, there are two goals Samuel> for the remailers: Samuel> (1) Anonymous addresses to which mail can be sent, but the recipient Samuel> is unknown and cannot be determined (receiving anonymous mail). Samuel> (2) The ability to send mail to someone without anyone Samuel> (including the recipient) determing that you did so Samuel> (sending anonymous mail). Samuel> Number 2 can be mostly taken care of with nested encryption of Samuel> mail headers. [...] Samuel> To construct an anonymous address block might be something like: Samuel> Anonymous Anne wants an anonymous address. Samuel> First she generates a set of N keys (IDEA, DES or ....... eric> That's basically the way SASE works. It's important eric> that some of the keys be public key pairs, however; as eric> you need to be able to publish one half of a key, and eric> seal the other half for an unpublished remailer to eric> decrypt with. I don't see why some of the keys need to be public key pairs. The intermediate encryptions done by the remailers are only to be undone by the anonymous recipient correct? So why would one part of the keys need to be published? (the anonymous address block would have these keys sealed in the various nested encryption levels, as you said.) eric> One thing is certain, these protocols are not simple. eric> We definitely need people thinking about them... ..and discussing them! (as we are doing now.) -Sam From newsham at wiliki.eng.hawaii.edu Fri Aug 27 22:02:59 1993 From: newsham at wiliki.eng.hawaii.edu (Timothy Newsham) Date: Fri, 27 Aug 93 22:02:59 PDT Subject: Who is David Sternlight? In-Reply-To: <9308280413.AA05634@geech.gnu.ai.mit.edu> Message-ID: <9308280501.AA26285@toad.com> > > Timothy C. May () writes: > > Some say the program, which is nominally based in the Los Angeles > > area, is actually one of the "Blue Ice" programs developed by the NSA, > > similar to the Serdar Argic program deployed by the State Department > > and the Ludwig Plutonium program being tested now by the National > > Science Foundation. > > No No No! Ludwig Plutonium was developed by the Atomic Energy Commission. [... much deleted....] I cant believe you didnt even *mention* the secret USL and BSD contract! It is central to understanding the situation! From ld231782 at longs.lance.colostate.edu Fri Aug 27 22:37:58 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Fri, 27 Aug 93 22:37:58 PDT Subject: Internet: commercial or not? Message-ID: <9308280535.AA14562@longs.lance.colostate.edu> This is just a little blip on the screen of the increasing strains in the commercialization of the internet, a message enclosed below for your perusal. There is a huge amount of seismic fault-slipping on this subject. What is `allowed' on the internet? For example, are people allowed to send credit card numbers to businesses for purchase? this is happening with e.g. Wired subscriptions and other situations, but most places who advertise directly get flamed by someone in the NSF ranks, and afterwards at least do it more discreetly. The situation is that the `internet' is now such a patchwork of different nets, all with different policies and oversight, is very close to anarchy, but still with distinct `taboos' against commercial activity, to put it lightly. But the day that everyone will be dialing up the Online Shopping Program over their PCs is inevitable and rapidly approaching. The only question is, what will become of the current `internet'? Will future networks just be laid on top of it, or will it whither up after all traffic moves to completely `unrestricted' commercial networks? I was just telling someone in email: to the extent that you like the Internet, it is unrepresentative of the typical government program. To the extent that you dislike it, it is representative. It has only flourished to the degree it has because of relative *unregulation* and *unrestriction*. A major problem is that there is no way to guarantee that a given message traverses exclusively commercial networks in going from one source to another. I propose that new mail protocols be developed that enforce the distinction, such that the message can `request' it be transmitted in a completely commercial `unrestricted' path or not at all. In this way a new group of networks governed by agencies explicitly commited to unrestricted commercial traffic (hehe, sounds sort of ominous like Unrestricted Submaring Warfare). In the current situation, all the government bureacrats fire off messages that `even though your message can travel on commercial nets only, there is no way of guaranteeing that it does not cross public networks, therefore it must abide by NSF Internet Use Policies.' In a system where transmission paths are prescribed for email, a completely commercial network can be achieved, an absolutely critical foundation for all future electronic economics, and all our favorite ideas (digital banks, services, etc.), with no whiney complaints from the Backward Bureacrats. If anyone is familar with the proliferation of online services over commercial internet subnetworks, such as the `biz' distribution of Usenet, please post more information on the progress of this. Read my words! as beautiful and promising as the Internet is today, it is just a small glimmer in the eye of future cyberspace, in which all traffic is unrestricted except in volume and cost per bit (the former prodigious and the latter piddly), so that commercial enterprise can flourish. We have already waited long enough. The current taboos on the internet will look quaintly archaic. Look at the way this guy below is whining because the NIC service had a `nice booth at InterOp' with enough cost to have funded `3-4 full time employees typing whois entries' and asks for an `audit' because of the possibility of (horrors) `advertising'. Yes, in the current dark ages I concede he has a valid point (they are funded in part by NSF grants), but this shows in crystalline clarity the absolutely chilling effect that government funding has on a project (e.g., the internet) in constraining its full commercial development. The greatest supporters are the greatest detractors! Where else would a company be criticized & investigated for having a classy booth at a trade convention (uh, Microsoft excepted)? When the whole cyberspace in unrestricted, though, I suppose he'll pop up complaining about the big companies with glossy booths that could have funded 20 children on Welfare. BTW, Network Information Center, database & catalogue of all internet services, while a thinly veiled approach likely to evolve into a full-fledged charging & advertising Cyberspatial Yellow Pages, is clearly a cornerstone of AT&T's new drive into the internet for the masses. (What is this guy referring to in the `attempt to reduce expected services as with Whois'?) ===cut=here=== Posted-Date: Fri, 27 Aug 93 12:09:31 EDT Date: Fri, 27 Aug 93 12:09:31 EDT Sender: ietf-request at IETF.CNRI.Reston.VA.US From: William Allen Simpson To: ietf at CNRI.Reston.VA.US Cc: Stephen Wolff Reply-To: bsimpson at morningstar.com Subject: over funding of [InterNIC] It has become apparent with the recent spate of disregard for internet etiquette (posting job positions, posting "advertisements"), and the simultaneous attempt to reduce expected services (whois), the providers of the InterNIC are not suitable. Did everyone see that they can afford a nice booth at InterOp? When did any previous NSF grantee get such a thing? The cost could have funded 3-4 full-time employees typing whois entries. Obviously, the grant was too large, since they have all of this extra money for advertising. And why would they need to advertise, except that they want to leverage a monopoly grant position into some commercial market? I call for an NSF audit to endure that NSF money was not spent for advertising and lobbying. Bill.Simpson at um.cc.umich.edu ------- End of Forwarded Message From remail at tamsun.tamu.edu Fri Aug 27 22:46:03 1993 From: remail at tamsun.tamu.edu (remail at tamsun.tamu.edu) Date: Fri, 27 Aug 93 22:46:03 PDT Subject: Another BBS Seizure in Hartford Message-ID: <9308280543.AA22652@tamsun.tamu.edu> Date: 08-03-93 (22:35) Number: 1089 From: KENNETH PAVLAK Refer#: NONE To: ALL Recvd: NO Subj: Sysop held on $500,000 Bail Conf: (24) F-Law&Dis --------------------------------------------------------------------------- The Hartford Courant on August 5, 1993 (page b-4) stated that a 21 year old computer BBS operator was arrested for maintaining a computer bulletin board that had a bomb making recipe. Michael Elansky was charged by the West Hartford police with inciting injury to persons or property - a felony charge - and risk of injury to a minor. He was held in lieu of $500,000 bond (in CT the bond for a person accused of murder is normally $100,000) Det. Capt. James Gustafson said the case was "sealed" and no information could be released. Michal Elansky's father said information from the Anarchists Cook Book (Available from Paladin Press, P.O. Box 1307, Boulder, CO 80306, phone 303-443-7250) was on the bbs placed there by person or persons unknown; it was impossible for his son to keep track of due to the number of calls to his bbs. And so, Big Brother now says that passing along information will get a person 21 years old locked up on a half a million dollars bail, while accused murderers get out on 100,000 dollars. The newspaper did not say if the computer or the files from it were taken. Can the people who were on that bbs look forward to a "Visit" from the servants of Big Brother? Will they be arrested if they downloaded VERBOTEN information? Will there be MASS ARRESTS of people who have knowledge that is no longer permitted? Time will tell === GEcho 1.00 * SPEED 1.30 >01< * Remember, god works in meaningless ways. From rjc at gnu.ai.mit.edu Fri Aug 27 22:57:58 1993 From: rjc at gnu.ai.mit.edu (Ray) Date: Fri, 27 Aug 93 22:57:58 PDT Subject: Another BBS Seizure in Hartford In-Reply-To: <9308280543.AA22652@tamsun.tamu.edu> Message-ID: <9308280555.AA06139@geech.gnu.ai.mit.edu> Does this mean I can be arrested for mentioning the fact that dry ice and water put into an empty 2-liter bottle of Coke makes a nice explosion? -- Ray Cromwell | Engineering is the implementation of science; -- -- EE/Math Student | politics is the implementation of faith. -- -- rjc at gnu.ai.mit.edu | - Zetetic Commentaries -- From mdiehl at triton.unm.edu Fri Aug 27 23:22:59 1993 From: mdiehl at triton.unm.edu (J. Michael Diehl) Date: Fri, 27 Aug 93 23:22:59 PDT Subject: Another BBS Seizure in Hartford In-Reply-To: <9308280555.AA06139@geech.gnu.ai.mit.edu> Message-ID: <9308280615.AA23307@triton.unm.edu> According to Ray: > Does this mean I can be arrested for mentioning the fact that dry ice > and water put into an empty 2-liter bottle of Coke makes a nice explosion? Or how about saying, "You can kill someone by running them over with a car." This is pathetic. ========================+==========================================+ J. Michael Diehl ;^) | Have you hugged a Hetero........Lately? | mdiehl at triton.unm.edu | "I'm just looking for the opportunity to | mike.diehl at fido.org help| be Politically Incorrect!" +=========+ al945 at cwns9.ins.cwru.edu| Is Big Brother in your phone? | PGP KEY | (505) 299-2282 (voice) | If you don't know, ask me. |Available| ========================+================================+=========+ PGP Key = 7C06F1 = A6 27 E1 1D 5F B2 F2 F1 12 E7 53 2D 85 A2 10 5D This message is protected by 18 USC 2511 and 18 USC 2703. Monitoring by anyone other than the recipient is absolutely forbidden by US Law From tcmay at netcom.com Fri Aug 27 23:48:00 1993 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 27 Aug 93 23:48:00 PDT Subject: Another BBS Seizure in Hartford In-Reply-To: <9308280543.AA22652@tamsun.tamu.edu> Message-ID: <9308280645.AA01459@netcom5.netcom.com> Someone has forwarded this info: > The Hartford Courant on August 5, 1993 (page b-4) stated that a 21 year > old computer BBS operator was arrested for maintaining a computer > bulletin board that had a bomb making recipe. > > Michael Elansky was charged by the West Hartford police with inciting > injury to persons or property - a felony charge - and risk of injury > to a minor. > > He was held in lieu of $500,000 bond (in CT the bond for a person accused > of murder is normally $100,000) > > Det. Capt. James Gustafson said the case was "sealed" and no information > could be released. > > Michal Elansky's father said information from the Anarchists Cook Book > (Available from Paladin Press, P.O. Box 1307, Boulder, CO 80306, I find this hard to believe...not saying it isn't true, but it's hard for me to believe that the cause was just material from the long-available, long-discredited "Anarchists Cookbook"...I bought my copy in 1972-3 and it's still widely available (Loompanics, Paladin, the "Anubus Warpus" store in Santa Cruz, etc.). I hope the EFF gets involved in this one, as there shouldn't be a double standard, with printed material (books, magazines) held to a different legal standard than bulletin boards and networks are. (The copyright violation issues are another--and much lesser--matter.) If something is legal in written form--and nearly everything should be, of course--then the electronic form should be treated identically. -Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From remail at tamsun.tamu.edu Fri Aug 27 23:58:33 1993 From: remail at tamsun.tamu.edu (remail at tamsun.tamu.edu) Date: Fri, 27 Aug 93 23:58:33 PDT Subject: Call for Papers IFIP SEC'94 Caribbean Message-ID: <9308280655.AA26572@tamsun.tamu.edu> ================================================================= Call for Papers IFIP SEC'94 - updated information August 1993 ================================================================= *************************************************************** C A L L F O R P A P E R S *************************************************************** Technical Committee 11 - Security and Protection in Information Processing Systems - of the UNESCO affiliated INTERNATIONAL FEDERATION FOR INFORMATION PROCESSING - IFIP, announces: Its TENTH INTERNATIONAL INFORMATION SECURITY CONFERENCE, IFIP SEC'94 TO BE HELD IN THE NETHERLANDS ANTILLES (CARIBBEAN), FROM MAY 23 THROUGH MAY 27, 1994. Organized by Technical Committee 11 of IFIP, in close cooperation with the Special Interest Group on Information Security of the Dutch Computer Society and hosted by the Caribbean Computer Society, the TENTH International Information Security Conference IFIP SEC'94 will be devoted to advances in data, computer and communications security management, planning and control. The conference will encompass developments in both theory and practise, envisioning a broad perspective of the future of information security. The event will be lead by its main theme "Dynamic Views on Information Security in Progress". Papers are invited and may be practical, conceptual, theoretical, tutorial or descriptive in nature, addressing any issue, aspect or topic of information security. Submitted papers will be refereed, and those presented at the conference, will be included in the formal conference proceedings. Submissions must not have been previously published and must be the original work of the author(s). Both the conference and the five tutorial expert workshops are open for refereed presentations. The purpose of IFIP SEC'94 is to provide the most comprehensive international forum and platform, sharing experiences and interchanging ideas, research results, development activities and applications amongst academics, practitioners, manufacturers and other professionals, directly or indirectly involved with information security. The conference is intended for computer security researchers, security managers, advisors, consultants, accountants, lawyers, edp auditors, IT, adminiatration and system managers from government, industry and the academia, as well as individuals interested and/or involved in information security and protection. IFIP SEC'94 will consist of a FIVE DAY - FIVE PARALLEL STREAM - enhanced conference, including a cluster of SIX FULL DAY expert tutorial workshops. In total over 120 presentations will be held. During the event the second Kristian Beckman award will be presented. The conference will address virtually all aspects of computer and communications security, ranging from viruses to cryptology, legislation to military trusted systems, safety critical systems to network security, etc. The six expert tutorial workshops, each a full day, will cover the following issues: Tutorial A: Medical Information Security Tutorial B: Information Security in Developing Nations Tutorial C: Modern Cryptology Tutorial D: IT Security Evaluation Criteria Tutorial E: Information Security in the Banking and Financial Industry Tutorial F: Security of Open/Distributed Systems Each of the tutorials will be chaired by a most senior and internationally respected expert. The formal proceedings will be published by Elsevier North Holland Publishers, including all presentations, accepted papers, key-note talks, and invited speeches. The Venue for IFIP SEC'94 is the ITC World Trade Center Convention Facility at Piscadera Bay, Willemstad, Curacao, Netherlands Antilles. A unique social program, including formal banquet, giant 'all you can eat' beach BBQ, island Carnival night, and much more will take care of leisure and relax time. A vast partners program is available, ranging from island hopping, boating, snorkeling and diving to trips to Bonaire, St. Maarten, and Caracas. A special explorers trip up the Venezuela jungle and the Orinoco River is also available. For families a full service kindergarten can take care of youngsters. The conference will be held in the English language. Spanish translation for Latin American delegates will be available. Special arrangements with a wide range of hotels and appartments complexes in all rate categories have been made to accommodate the delegates and accompanying guests. (*) The host organizer has made special exclusive arrangements with KLM Royal Dutch Airlines and ALM Antillean Airlines for worldwide promotional fares in both business and tourist class. (**) (*)(**) Our own IFIP TC11 inhouse TRAVEL DESK will serve from any city on the globe. All authors of papers submitted for the referee process will enjoy special benefits. Authors of papers accepted by the International Referee Committee will enjoy extra benefits. If sufficient proof (written) is provided, students of colleges, universities and science institutes within the academic community, may opt for student enrollment. These include special airfares, appartment accommodations, discounted participation, all in a one packet prepaid price. (Authors' benefits will not be affected) ************************** INSTRUCTIONS FOR AUTHORS ************************** Five copies of the EXTENDED ABSTRACT, consisting of no more than 25 double spaced typewritten pages, including diagrams and illustrations, of approximately 5000 words, must be received by the Program Committee no later than November 15th, 1993. We regret that electronically transmitted papers, papers on diskettes, papers transmitted by fax and handwritten papers are not accepted. Each paper must have a title page, which includes the title of the paper, full names of all author(s) and their title(s), complete address(es), including affiliation(s), employer(s), telephone/fax number(s) and email address(es). To facilitate the blind refereeing process the author(s)' particulars should only appear on the separate title page. The language of the conference papers is English. The first page of the manuscript should include the title, a keyword list and a 50 word introduction. The last page of the manuscript should include the reference work (if any). Authors are invited to express their interest in participating in the contest, providing the Program Committee with the subject or issue that the authors intend to address (e.g. crypto, viruses, legal, privacy, design, access control, etc.) This should be done preferably by email to < TC11 at CIPHER.NL >, or alternately sending a faxmessage to +31 43 619449 (Program Committee IFIP SEC'94) The extended abstracts must be received by the Program Committee on or before November 15th, 1993. Notification of acceptance will be mailed to contestants on or before December 31, 1993. This notification will hold particular detailed instructions for the presentation and the preparation of camera ready manuscripts of the full paper. Camera ready manuscripts must be ready and received by the Program Committee on or before February 28, 1994. If you want to submit a paper, or you want particular information on the event, including participation, please write to: IFIP SEC'94 Secretariat Postoffice Box 1555 6201 BN MAASTRICHT THE NETHERLANDS - EUROPE or fax to: IFIP SEC'94 Secretariat: +31 43 619449 (Netherlands) or email to: < TC11 at CIPHER.NL > *************************************************************** Special request to all electronic mail readers: Please forward this Call for Papers to all networks and listservices that you have access to, or otherwise know of. **************************************************************** Sincerely IFIP TC 11 Secretariat Call for Papers - updated information August 1993 ================================================================= From bill at twwells.com Sat Aug 28 00:12:59 1993 From: bill at twwells.com (T. William Wells) Date: Sat, 28 Aug 93 00:12:59 PDT Subject: .Comparing ViaCrypt and freeware. In-Reply-To: <9308280330.AA24324@toad.com> Message-ID: In article <9308280330.AA24324 at toad.com>, peter honeyman wrote: : i'm impressed. (honest.) but the task here isn't to compare viacrypt : to pgp -- they use different rsa engines -- it's validating that viacrypt : doesn't have a backdoor. the diff scheme you describe presupposes that : this step has been done, but it has not, and i think it would be very, : very hard to do. My understanding is that the two pieces of software are very similar. A full decompile and analysis would be a pain (but doable and worthwhile, if one is paranoid enough) but I don't think it's necessary. My thought is that once one has isolated the differences, those alone would get scrutinized. One would isolate the rsa engines by difference, pretty up the code, and then verify that it doesn't have any backdoors. So long as the two versions are closely related, the code that has to be understood apart from pgp should be relatively small and that would make the verification process much easier. From ld231782 at longs.lance.colostate.edu Sat Aug 28 00:17:59 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Sat, 28 Aug 93 00:17:59 PDT Subject: Cisco response Message-ID: <9308280715.AA15502@longs.lance.colostate.edu> RISKS 14.89 27 Aug 93 ===cut=here=== Date: Fri, 27 Aug 1993 11:15:23 -0700 From: Paul Traina Subject: Re: Cisco backdoor? There are no known bugs in any software providing access-control-list functionality in any current cisco software. There has only been one very obscure bug that could cause a security problem in the history of our product, and we immediately fixed this problem, published an immediate workaround, and informed CERT of this problem. We have never, and will never implement any sort of trapdoor or backdoor functionality which would allow bypassing of ordinary security systems. Paul Traina, cisco Systems From khijol!erc at apple.com Sat Aug 28 01:28:01 1993 From: khijol!erc at apple.com (Ed Carp) Date: Sat, 28 Aug 93 01:28:01 PDT Subject: Plausible Spookiness In-Reply-To: <199308272046.AA04048@xtropia> Message-ID: > If you mean that they are NSA-proof, or that only brute force attacks > would affect decryption, I would suggest that we know no such thing, and > it is extremely unlikely that we ever will. The NSA has _astounding_ > resources, unequalled by anything in the private sector, dedicated to no > other purpose than compromising world-class cyphers. Their successes > are not public knowledge, to say the least. No one here should blithely > dismiss claims of PGP weaknesses when the opposition has literally > billions of dollars earmarked to find such flaws. > > It bears noting that the concealment of major successes in decryption > are every bit as important as the decryption itself, a fact often > overlooked. > > I would like to see "Paquin's" case against PGP as well as a competent > analysis of his claims. Unfortunately, I cannot produce either. I'm rather surprised that the most significant piece of evidence in favor of the "NSA has cracked PGP" theory is that no one's put a bullet through Phil Zimmerman's head. Not to be macabre or anything, but if PGP was a real threat, don't you think that the NSA would act rather quickly to suppress it if they couldn't read stuff encrypted with it? And if you think that they don't monitor stuff coming in and going out via ftp to various parts of the world, I think you're being naive. If you think that they wouldn't act quickly, with violence if need be, to protect "national security", you're being even more naive. The umbrella of "national security" can (and has) encompass a wide variety of sins, excesses, oversights, etc. Hell, the NSA probably enjoys every time someone writes about how "stupid" the NSA really is - after all, it might convince someone to let down their guard. I think that, personally, the public-key stuff's gotta have some sort of a hole in it that nobody's thought of yet outside of spook central. -- Ed Carp, N7EKG erc at apple.com 510/659-9560 anon-0001 at khijol.uucp If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From remail at tamsun.tamu.edu Sat Aug 28 02:36:04 1993 From: remail at tamsun.tamu.edu (remail at tamsun.tamu.edu) Date: Sat, 28 Aug 93 02:36:04 PDT Subject: NSA & the Crypto-Zionist Myth of "Public Key"! Message-ID: <9308280932.AA03052@tamsun.tamu.edu> >I'm rather surprised that the most significant piece of evidence in favor of >the "NSA has cracked PGP" theory is that no one's put a bullet through Phil >Zimmerman's head. Excuse me, but I'm getting tired of this silly paranoia. NSA is not Evil Incarnate Central, and we are not fighting a Valiant War We Are Fated to Lose. The NSA are a bunch of Americans who went to school & college with the rest of us, and share our communities with us. Most of them joined NSA to fight totalitarian Communism, and most of them are sympathetic with values most Americans share when they bother to think about them, like freedom, privacy, etc. Sure, NSA has been caught up in the Cold War habits of secrecy, bureaucracy, and an ingrained habit to control information. It's also almost surely caught up in the same kind of bureaucratic incompetence we see in the rest of the U.S. Federal government (most of the DoD, the space programs, the BATF, the FBI, etc.) Does a $40+ crypto-voice-chip with an obvious trap door look like Malicious Plot to Destroy All Strong Crypto and Take Over The World, or does it look like an a half-competent, half-hearted attempt to retain Cold War era capabilities they had gotten used to? NSA is going through the same crisis of goals as the rest of the Cold War establishment. Their mission, if they have any left at all, has changed radically, and they know it. While it may be "in the best interest of NSA" to maintain control over strong crypto, that's only a superficial analysis at one level. NSA employees are also Americans, community members, family members, etc. They don't typically go around murdering hackers they don't like. Nor would that accomplish anything for them -- RSA was published internationally long ago, and PGP is now scattered at sites all over the world, with new versions being hacked on in nearly a dozen countries. The biggest problem I've encountered talking to various people about implementing encryption is that they think cypherpunks are a bunch of paranoid nuts, so only paranoids would want to do things like use digital cash for their semi-legal barter schemes. Your expression of surprise that the NSA hasn't offed Phil Zimmerman just confirms their suspicions. How can I convince them that cryptography is not just for paranoids? The rest of us are concerned about things like protecting and enhancing our privacy and freedom, and there's nothing silly or paranoid about that. But now that you mention it -- Shamir does operate out of Tel Aviv. Obviously he built RSA with a hole in it, and NSA is the main arm of the Crypto-Zionist conspiracy of Jewish Planetary Hegemony! And he didn't publish "Differential Cryptanalysis of the DES" until non-Zionist bankers got ahold of DES. It's all clear now! > I think that, personally, the public-key stuff's gotta have some sort > of a hole in it that nobody's thought of yet outside of spook central. I think your head has to have some sort of a hole in it. Perhaps the NSA's work? From nobody at shell.portal.com Sat Aug 28 02:38:03 1993 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Sat, 28 Aug 93 02:38:03 PDT Subject: "The Internet Letter"--Internet's First Commercial Digest Message-ID: <9308280620.AA10127@jobe.shell.portal.com> -------------------------------------------------------------- I hear the first issue of TIL is free. If somebody obtains an e-copy can they post pointers to its availability to cypherpunks, send it via e-mail upon request, or put it up on an ftp site? thanks. --------------------------------------------------------------- The Internet Letter (ISSN 1070-9851), the first commercial newsletter on the Internet, will premiere at INET 93 and INTEROP(r)93, and a hard copy version will be available at Booth #1334 (InterCon Systems Corp.) in the South Hall of the Moscone Center. The first issue of TIL provides provides the following information about the editor: The editor is Jayne Levin (netweek at access.digex.net). Levin was former deputy bureau chief of Institutional Investor in Washington, D.C., and has written on the Internet for The Washington Post and Infoworld. Tony Rutkowski (amr at CNRI.Reston.VA.US) is special adviser. Rutkowski is founder and vice president of the Internet Society and director of technology assessment at Sprint Corp. He was former editor-in-chief and publisher of Telecommunications magazine. Levin will be available for interviews at INTEROP. Contact INTEROP press relations. The table of contents for the first issue covered a wide range of topics. The articles were professionally written and incisive: 001) INTERNET EXPERIENCING AN INFORMATION EXPLOSION 002) COMPANIES TAP INTERNET'S POWER 003) THE TOP 150 COMMERCIAL USERS ON INTERNET -- CHART 004) CIA, US GOVERNMENT INTELLIGENCE AGENCIES DEVELOP INTERNET LINK 005) REALTY FIRM IMPROVES PRODUCTIVITY, INTERNET SPEEDS REALTY TRANSACTIONS 006) MULTIMEDIA MAGAZINE TO DEBUT ON INTERNET 007) TASK FORCE PROPOSES STANDARD TO SECURE CONTENTS OF E-MAIL 008) INTERNET MERCANTILE STANDARDS EXPLORED 009) GOPHER LICENSING FEE SPARKS DISPUTE 010) FINDING GOPHER & GN 011) FROM SOFTWARE TO MAGAZINES, BUYING ELECTRONICALLY 012) CIX LAUNCHES COMMERCIAL "INFORMATION" EXCHANGE 013) SOME COMPANIES PREFER WAIS FOR BUILDING IN-HOUSE DATABASES 014) MORE ON WAIS 015) INTERNET TO ASSIST BETHANY IN ADOPTION SERVICES 016) FAQ 017) PROVIDERS' CIRCUIT 018) CIX CONTACTS -- CHART 019) TIPS & TECHNIQUES 020) POINTERS 021) TALK OF THE NET 022) WASHINGTON 023) READ ALL ABOUT IT 024) DATEBOOK The first issue of TIL provides the following price information: 30-DAY INTEROP SPECIAL (good until September 30) 40% Discount off the regular rate of $249/year Charter subscriptions: $149/year -- a 40% discount. Universities and nonprofits $95/year. If you not completely satified, your money will be refunded. You can receive The Internet Letter electronically or on paper. From gg at well.sf.ca.us Sat Aug 28 02:53:03 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Sat, 28 Aug 93 02:53:03 PDT Subject: AT&T Home Security Plus Message-ID: <93Aug28.024813pdt.14474-3@well.sf.ca.us> Today I got a most interesting call from a phone solicitor, who said that he was with AT&T and they were going to be hosting a demo of an AT&T home security system on my block and was I interested in attending. I told him about Clipper and asked if the AT&T home burglar alarms came along with backdoors allowing various govt agents and burglars to sneak in. Somehow the discussion shifts to PGP vs. Clipper, and the caller asks if I've got a handle (I told him my email address, which was Really Dumb) and then he asks if I'm into pirating or anything... of course I'm not, and said so.... Somewhere along the line I entirely forgot to ask how the hell he got any idea what block I lived on, since my residence address information is something I take great pains to protect. And then it occurred to me... perhaps Something Else is also going on...? Like, "are you into pirating...?" Hmmm... I never even thought about that at the time, but if anyone else out there gets a call like this, it might be worth some follow-up research... -gg From b44729 at achilles.ctd.anl.gov Sat Aug 28 03:03:02 1993 From: b44729 at achilles.ctd.anl.gov (Samuel Pigg) Date: Sat, 28 Aug 93 03:03:02 PDT Subject: REMAIL: Attacks on remailers (LONG (again)) In-Reply-To: <9308271714.AA11676@ah.com> Message-ID: <9308280959.AA15615@achilles.ctd.anl.gov> >>>>> On Fri, 27 Aug 93 10:14:19 -0700, hughes at ah.com (Eric Hughes) said: Eric> Attack (7) is made by an opponent who monitors all Eric> network traffic, but has no access to the insides of the Eric> remailer nodes. Eric> The defense is more subtle, however, than proposed. >(7): Look at all messages coming out of the first remailer, and >follow them into their 2nd remailers; take all messages from those and >follow them on, and so on. This will eventually lead to a number of >destinations, one of which must have been the destination of the original >message. Over a period of time, look for correlations between destinations >and sources. [...] >making correlations statistically impossible Eric> What is the nature of the remailer path, however, for Eric> which we have an assurance that the correlations are too Eric> difficult to carry out? Or to ask a simpler question Eric> for a simpler environment where we assume all remailers Eric> are equal, just how long does the path have to be? Eric> We know that by making the paths "long enough" that we Eric> can prevent correlations from becoming significant. The Eric> question is how do we find out what is long enough? >such an attack (PROLONGED monitoring of all >remailers) would be very difficult to perform, esp. with use of >remailer-remailer socket connections. Eric> The fact that it would be difficult is not the issue for Eric> the theory, but for the practice. The extremely high Eric> cost, however, could be justified for 'national Eric> security' reasons against a few targets, or to break the Eric> system completely open looking for 'tax evaders.' Eric> If our theory is good against an arbitrarily strong Eric> opponent, then the system can withstand sustained Eric> attack. If the existence of the system is seen as Eric> sufficiently threatening, for any number of different Eric> threats, we should plan for a sustained attack. We need Eric> to know what the limits of the capability are and not Eric> just guess. [.. lots of good stuff about privacy diffusion deleted..] You are right of course, we can't just hope that it's "good enough", but I want to ask if this problem of defending against attack (7) should be considered a problem for the remailer web to handle at all. I think this should be a problem for the authors of anonymous address blocks and sender-anonymous headers blocks, and the software used to do such. NOT that this should not be addressed, but it should not be an impediment to implementing a remailer web. If we delegate resolution of that problem (as complex a defense as you want) to software to create encrypted headers, then people can have as good a defense to this attack as they deem reasonable. (ie protection against this is responsibility of remail users rather than the remail net.) To delegate this responsibility to the remail users, one could implement the remailers with the ability to process simple commands that are revealed when the remailer strips off its layer of encryption of the encrypted header (or anonymous address block). The most important command (for anonymous address blocks) would be instructions to encrypt the message body with with a supplied key. This is to defeat the previously discussed problem of trusting the remailers themselves (run your own remailer and send mail to anon address, and look for a copy of your message to pass through.) A delay function would be useful also. (ie delay(15000) to tell the remailer to hold the message 15 minutes before sending on.) A command that would make analysis more difficult would be a random function that could be used to randomize aspects of the message's path, layered encryption, or time delay. Ex1: After removing its layer of encryption from the message header, the remailer gets something like (pseudo header with comment lines begin with a #): random(3,7463) # 3 choices^ ^seed { header-block 1 header-block 2 header-block 3 } #the header blocks would contain the next remailer to use, the #encrypted header to send along with the message, and the key to encrypt #the message with (if this is an anonymous address block we are talking about) Ex2: delay(random(20000,9842)) #this would tell the remailer to wait between some minimum and #20000 seconds to send the message along (along with the seed of 9842 for #the random function. The randomness should be seeded by both the message and the remailer, and if using randomly selectly keys to encrypt with (from a list), some indication of which one was used (1, 2, or 3 etc) should be included with the message, perhaps tacked onto the end of the message after encryption (in a remailer->recipient data block ?), possibly encrypted to the anonymous recipient using their key (included in this layer.) Commands could of course be nested, to create as complex a routing specification as desired. While this may seem overly complicated, most of it could be handled fairly transparently by the user software. This approach ("smart messages") would have the possible drawback of very large anonymous address blocks (containing multiply encrypted, command driven headers, path branches etc.) A response to this could consist of "anonymous address servers" which which the user software could, when mailing to an anon address (ie "anon7462849") query to get the associated anonymous address block (which being signed by the anonymous recipient would assure its authenticity) and connect to the first remailer in the chain as specified by the anon address block, all handled transparently, possibly including handling sender-anonymity header work as well. This would have several added advantages. The first would be the simplification of handling anonymous address block- all the user would need to know is the name and public key of the anonymous persona. It would also assist in the remailer key-expiration defense I proposed previously. The anonymous address server could be synched with the remailers to erase all the anonymous addresses when the remailer keys are replaced. Anonymous address creation software could be written to grab the new public keys to all the remailers from somewhere (maybe even the anon address server itself ?) which were signed with the old secret keys to assure their authenticity, and construct a new anonymous address block, which would then be encrypted with the anonymous address server's key, and submitted to the server via sender-anonymous mail. Anonymous recipients could then also alter their anon address header as often as they wanted (although being forced to when the remailer keys expire), changing the path specification to frustrate statistical path analysis. As ideas progress regarding how to defend against statistical analysis of the message traffic, software to create anonymous address blocks and construct sender-anonymous headers could be correspondingly improved, without having to rewrite the remailer software. I know this appears to be quite a bit of software work, but if and when we get the protocols agreed upon, *I* will work on it as much as I can, and I hope others would work on it also (whatever system is accepted/agreed upon -- be it this or something else.) The software system I've proposed includes (so far): Remailers: Socket connections for talking to other remailers; Encrypt using other remailers keys to insure that two identical messages going into a remailer come out differently (random session key). Ability to handle simple command language and perform operations on the message and header. (picking one of several paths etc.) Ability to handle all the necessary decryptions- header encryption using its pubkey and random session key based encryption from previous remailer. Message batching (to be combined with "delay" function somehow?) Message padding (to be handled inside of encryption-to-next-remailer?) Mailer: Ability to handle construction of sender-anonymous nested encrypted headers possibly using command language. Ability to communicate with and verify output of anonymous address block servers. Anonymous Address Creation Software: Ability to obtain current remailer keys. Generate set of random keys for remailers to use. Intelligent creation of "smart header" and random anonymous mail path(s). Anonymous Mail Reader: Ability to parse message and determine which keys were used by the remailers and decrypt layers to get message. Such a system would not have to be implemented all at once. I think the first steps would be remailer socket communication, and simple anonymous address and sender-anonymity header construction software. Comments/Suggestions/Improvements/Criticisms necessary and welcome. (yeah I know.. it's easy to "propose" something -- but I'm willing to actually invest significant effort and time in it also, for what it's worth.) Sam Pigg "UnAmused" by the USGovCo. b44729 at achilles.ctd.anl.gov dt1acaca at cfraix.cfr.usf.edu PGP Key Fingerprint: ED A7 49 33 65 90 9A BD A4 E4 C5 92 5A 00 BC 6C From gg at well.sf.ca.us Sat Aug 28 03:36:03 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Sat, 28 Aug 93 03:36:03 PDT Subject: Another BBS Seizure in Hartford Message-ID: <93Aug28.033217pdt.14474-2@well.sf.ca.us> Bombs & bulletin boards: the news media regularly mention the name of the chemical used to stinkbomb abortion clinics, and the composition of the world trade center bomb. So it seems to me a decent defense could be made on the grounds of "selective prosecution" since after all, juveniles can always tune in the news and learn how to make bad things. Well...? -gg From julf at penet.FI Sat Aug 28 03:43:03 1993 From: julf at penet.FI (Johan Helsingius) Date: Sat, 28 Aug 93 03:43:03 PDT Subject: Physical security lapses will getcha every time. In-Reply-To: Message-ID: <9308281339.aa06956@penet.penet.FI> > Of course, this doesn't make the UNIX versions of PGP useless. There > is absolutely no reason why you can't run your own personal Unix > box. Really all you need is a 386 machine with Linux or 386BSD. Yeah. Or even run BSDI on your 386SX notebook. That's what I'm doing. I don't want to use DOS, with all it's cruft. Much prefer a system I have full source code to... > The nice thing about the UNIX/Linux setup, is that you can still use > all the UNIX tools to send/receive encrypted mail (your favourite > mail user agent+pgp/ripem+UUCP+sendmail/smail) in a convenient way > without messing with MSDOS. Yeah. And... Well... I don't want to get into any religious battles, but I still prefer BSDI (the support is great and the networking code is much more stable) over Linux - and yes, I do know Linux was develped out here in Finland... Julf From doug at netcom.com Sat Aug 28 08:18:08 1993 From: doug at netcom.com (Doug Merritt) Date: Sat, 28 Aug 93 08:18:08 PDT Subject: AT&T Home Security Plus In-Reply-To: Message-ID: <9308281517.AA02895@netcom.netcom.com> "George A. Gleason" said: >Somehow the discussion shifts to PGP vs. Clipper, and the caller asks if >I've got a handle (I told him my email address, which was Really Dumb) and >then he asks if I'm into pirating or anything... of course I'm not, and said >so.... >Somewhere along the line I entirely forgot to ask how the hell he got any >idea what block I lived on, since my residence address information is >something I take great pains to protect. >And then it occurred to me... perhaps Something Else is also going on...? The term "handle", as well as the fact that this person could say anything even slightly knowledgeable about any computer related subject, points to him being a hobbyist who frequents BBS's. ("Handle" is pretty much not used in newsgroups, nor have I run into it on muds, but it is very widely used in BBS circles.) Telephone soliciting is generally a minimum wage job, although in high price sales "professional" salespeople are used who get a commission. Even if you assume a conspiracy of some sort, there isn't any reason for the company to make a particular effort to use someone more knowledgeable for cold calling. The question about pirating probably arose because it has always been a very frequent topic of conversation on BBS's. The caller himself might be a pirate; that would be my first guess. As for knowing your address, phone companies sell phone books that are reverse-indexed by address. Companies use these for cold-calling because they can pick out more affluent neighborhoods and skip e.g. ghetto areas where a call might be a waste of time or even worse. Generally "taking great pains" to protect information about your address doesn't guarantee that you are successful; I've heard that some of these sales-tool phone books have more information in them than is released to the public in the usual phone books. Perhaps they cross-reference with mailing lists. I could believe that there's a backdoor built into home security systems, if I could figure out how they would make use of it. Sell the info to organized crime for the purpose of burglary, perhaps? A little paranoid considering you're talking about AT&T. How would they be able to implement such a thing and still keep it secret? Or in cahoots with the FBI/CIA/NSA? Doesn't make sense; if spooks want to get into someone's house, they can do so in any number of ways, they needn't risk a large scale conspiracy, which would only pay off on the very small percentage of homes that used AT&T's system in particular. And regardless of that, again, even if there's a conspiracy, there's just no reason to let the phone solicitors in on it. All they need to do is build a backdoor into the security system and then do everything else aboveboard. Calling people up and hoping to catch someone in the admission of being a pirate during a sales pitch is just ludicrous. Doug From frissell at panix.com Sat Aug 28 08:23:07 1993 From: frissell at panix.com (Duncan Frissell) Date: Sat, 28 Aug 93 08:23:07 PDT Subject: Another BBS Seizure i Message-ID: <199308281519.AA23081@panix.com> To: cypherpunks at toad.com R > Does this mean I can be arrested for mentioning the fact that dry R >ice and water put into an empty 2-liter bottle of Coke makes a nice R >explosion? No but it *does* mean that you can be busted for saying that if you mix ammonium nitrate and diesel fuel in a 19 to 1 ratio, you can blow up the World Trade Center. It's a good thing that I never said that. Duncan Frissell Who knows things much more dangerous to the government than explosives and will reveal all for a small fee. --- WinQwk 2.0b#0 From frissell at panix.com Sat Aug 28 08:23:40 1993 From: frissell at panix.com (Duncan Frissell) Date: Sat, 28 Aug 93 08:23:40 PDT Subject: Internet: commercial or n Message-ID: <199308281519.AA23074@panix.com> To: cypherpunks at toad.com L.>In the current situation, all the government bureacrats fire off L.>messages that `even though your message can travel on commercial nets L.>only, there is no way of guaranteeing that it does not cross public L.>networks, therefore it must abide by NSF Internet Use Policies.' To which I fire back: "Since you consider it OK for Internet to carry pictures of naked men, women, children, and animals as well as text (tiny) sex and such kink as alt.fan.bill.gates, you have to put up with *our* ideas of the sorts of activities that consenting adults can engage in online. I'm sick and tired of this discrimination against commercial intercourse." Duncan Frissell Who practices commercial activities every day on the Internet and is not ashamed to admit it. --- ~ WinQwk 2.0b#0 ~ Unregistered Evaluation Copy From bruce at phantom.com Sat Aug 28 09:26:06 1993 From: bruce at phantom.com (Bruce Fancher) Date: Sat, 28 Aug 93 09:26:06 PDT Subject: AT&T Home Security Plus In-Reply-To: <93Aug28.024813pdt.14474-3@well.sf.ca.us> Message-ID: > Today I got a most interesting call from a phone solicitor, who said that he > was with AT&T and they were going to be hosting a demo of an AT&T home > security system on my block and was I interested in attending. > > I told him about Clipper and asked if the AT&T home burglar alarms came > along with backdoors allowing various govt agents and burglars to sneak in. > Somehow the discussion shifts to PGP vs. Clipper, and the caller asks if > I've got a handle (I told him my email address, which was Really Dumb) and > then he asks if I'm into pirating or anything... of course I'm not, and said > so.... > > Somewhere along the line I entirely forgot to ask how the hell he got any > idea what block I lived on, since my residence address information is > something I take great pains to protect. > > And then it occurred to me... perhaps Something Else is also going on...? > Like, "are you into pirating...?" Hmmm... I never even thought about that > at the time, but if anyone else out there gets a call like this, it might be > worth some follow-up research... > > -gg I used cold call for a home improvement company while I was in high school. Generally "Our salesman is going to be in your neighboorhood" is just a way to get people to feel like they'd better look at the product now rather than later. It doesn't mean they know where you live. However, unless your number is unlisted it will probably be in the Coles directory (along with such information as how long you've lived at that residence). It sounds like an ordinary cold call. From frissell at panix.com Sat Aug 28 11:13:08 1993 From: frissell at panix.com (Duncan Frissell) Date: Sat, 28 Aug 93 11:13:08 PDT Subject: Another BBS Seizure in Ha Message-ID: <199308281808.AA13419@panix.com> To: cypherpunks at toad.com Please crosspost --- ~ WinQwk 2.0b#0 ~ Unregistered Evaluation Copy From frissell at panix.com Sat Aug 28 11:13:42 1993 From: frissell at panix.com (Duncan Frissell) Date: Sat, 28 Aug 93 11:13:42 PDT Subject: Another BBS Seizure in Ha Message-ID: <199308281808.AA13422@panix.com> To: cypherpunks at toad.com PLEASE CROSS POST AT WILL R >The Hartford Courant on August 5, 1993 (page b-4) stated that a 21 R >year old computer BBS operator was arrested for maintaining a computer R >bulletin board that had a bomb making recipe. R > R >Michael Elansky was charged by the West Hartford police with inciting R >injury to persons or property - a felony charge - and risk of injury R >to a minor. R > R >He was held in lieu of $500,000 bond (in CT the bond for a person R >accused of murder is normally $100,000) I just spoke to his mother Elaine and Michael himself from jail via the miracle of call waiting. She is establsihing a defense fund. Please send money: Michael Elansky Defense Fund P. O. Box West Hartford, Connecticut 06117 Duncan Frissell --- ~ WinQwk 2.0b#0 ~ Unregistered Evaluation Copy From frissell at panix.com Sat Aug 28 11:13:44 1993 From: frissell at panix.com (Duncan Frissell) Date: Sat, 28 Aug 93 11:13:44 PDT Subject: Free Electronic Cash Message-ID: <199308281808.AA13416@panix.com> To: cypherpunks at toad.com Be the first on your block to spend some electronic "near" cash. If you are the first to read this post, you may be able to use up to $5 of electronic pseudo-cash. I wanted to be the first to post some so it was worth $5 to me. Yesterday I bought a Western Union Phone Card (tm) from my nearest Western Union money transfer agent. It is good for about 8 minutes of phone calls anywhere in the continental US (fewer minutes of international calls). To use the "cash:" Call 1 (800) 374-8686 Wait for the tone Dial the code 428 22 601 When you get a dial tone, dial the (area code) + phone-number of the number you wish to reach. The system will tell you how many minutes you have available for the call. Western Union Phone Cards (tm) are available from any agent in $5, $10, $20, and $50 denominations. They can be (must be) purchased for cash. I have no idea whether Western Union saves the ANI info of incoming calls and cross indexes it with the outgoing number and the "account" number. All that I ask is that the user(s) of this card send me email (anonymously if you like) so I can send back privacy consulting solicitations. Duncan Frissell Michael Elansky Defense Fund 25 Maiden Lane West Hartford, CT 06117 --- ~ WinQwk 2.0b#0 ~ Unregistered Evaluation Copy From an31144 at anon.penet.fi Sat Aug 28 12:13:09 1993 From: an31144 at anon.penet.fi (an31144 at anon.penet.fi) Date: Sat, 28 Aug 93 12:13:09 PDT Subject: Only Pretty Good Message-ID: <199308281845.AA10153@xtropia> >> Derek Atkins Said: > Secondly, regarding "whom do you trust": Do you trust Phil Z? As far > as I know (and granted, its not much, yet), Phil Z is going to oversee > the commercial product, to make sure that nothing is put into it. >>>> If Phil says that the commercial PGP is OK, I will believe him. >>>> Dan Odom It's worth re-reading the PGP docs again to re-establish the fact that _Phil_ only rated PGP as Pretty Good Privacy. I trust that appraisal and believe it to be accurate. I do not expect that the commercial product will be appreciably better or worse. From newsham at wiliki.eng.hawaii.edu Sat Aug 28 13:03:10 1993 From: newsham at wiliki.eng.hawaii.edu (Timothy Newsham) Date: Sat, 28 Aug 93 13:03:10 PDT Subject: differential cryptanalysis Message-ID: <9308282000.AA07110@toad.com> Hi, Does anyone have code that implements differential cryptanalysis of DES like systems? I'd be most interested in seeing something that will find the key of a DES system with less than 16 rounds. Tim From mccoy at ccwf.cc.utexas.edu Sat Aug 28 13:36:07 1993 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Sat, 28 Aug 93 13:36:07 PDT Subject: Another BBS Seizure in Hartford In-Reply-To: <93Aug28.033217pdt.14474-2@well.sf.ca.us> Message-ID: <199308282034.AA02091@tigger.cc.utexas.edu> > Bombs & bulletin boards: the news media regularly mention the name of the > chemical used to stinkbomb abortion clinics, and the composition of the > world trade center bomb. So it seems to me a decent defense could be made > on the grounds of "selective prosecution" since after all, juveniles can > always tune in the news and learn how to make bad things. Well...? It is even easier than that. They can go down to the local library and check out a book that will tell them how to make something better than an ammonium nitrate fuel oil composition (it is hard to ignite such beasts, but as someone who was always intrigued with pyrotechnics as a youth I know there is a lot of info out there...) Besides, they could just order a book from loompanics that tells them how do make a whole lot more. A good lawyer should be able to tear this one to bits... jim From caadams at polaris.unm.edu Sat Aug 28 15:16:08 1993 From: caadams at polaris.unm.edu (Clifford A Adams) Date: Sat, 28 Aug 93 15:16:08 PDT Subject: USENET and US-legal PGP (signing only?) Message-ID: <9308282211.AA00889@polaris.unm.edu> Hello again! Has there been any progress on a USA-legal PGP? Are negotiations still in progress or are they stalled? I am willing to write code (up to a few thousand lines of C) to help integrate PGP with USENET newsreaders. (I have a little PGP/RIPEM signature verification fuction now, and a section called "Digital signatures, cryptograpy, and USENET" in the online documentation.) I am waiting for a US-legal version of PGP before coding further. I think that USENET provides a wonderful environment for public key crypto applications. My particular interest is in digital signatures for forgery protection. One use of this is in collaborative message filters where people can rate or add keywords to other messages. I would like for all of this to be updated semi-automagically, using usual (insecure!) USENET postings. Greater numbers of strong-crypto users should also help in the political arena. Many people don't see why the current cryptograpy battles are important, because they don't care very much about strong privacy. An easy-to-use cryptosystem integrated into their ordinary tools like newsreaders and mailers will get some of these people involved. For instance, imagine these interactions: ----- start examples ----- [While reading news, the user types 'r' to reply to a message] The poster included a PGP encryption key, and will accept encrypted replies. Encrypt your reply? [nyh] === [User posts a message] PGP key found. Sign this posting? [yn] [User types 'y'] Signing posting using PGP key. Enter your passphrase: [...] === [User posts a message] Digital signature not found. Would you like to generate a digital signature? (type 'h' for help) [nyh] [user types 'h'] A digital signature allows other people to have some confidence that your postings are really from you, and not a forgery. ...[more explanation of digital signatures, about 10-15 lines]... Generating a digital signature usually takes between 5-15 minutes. You will only have to do this once. Would you like to generate a digital signature? (type 'h' for help) [nyh] [user types y] PGP found. RIPEM not found. Generating digital signature using PGP... [Nice, friendly key generation process.] ----- end examples ----- Finally, would it be possible to release a US-legal/RSAREF *subset* of PGP which allows only signatures and signature verification? To my knowledge this wouldn't require violating the RSAREF interface. (My understanding is that the interface problem is that PGP uses IDEA rather than DES for message encryption. The signature is simply an RSA-encrypted hash of the message--this could be handled by the RSAREF package. Correct?) --Cliff -- Clifford A. Adams caadams at polaris.unm.edu | USENET Interface Project: 457 Ash St. NE Albuquerque, NM 87106 | Tools for advanced newsreading STRN (Scan TRN) now in testing: trn 3.3 plus flexible newsgroup menus, fast article scoring with score ordered display, and merged/virtual newsgroups. From an31185 at anon.penet.fi Sat Aug 28 15:48:13 1993 From: an31185 at anon.penet.fi (Anon of Ibid) Date: Sat, 28 Aug 93 15:48:13 PDT Subject: Commercial PGP; trapdoor rumors Message-ID: <9308282243.AA26548@anon.penet.fi> In message <01H2813M8J6090MZGB at delphi.com> Mike Ingle said: >If there is any flaw in PGP, there are only a few places where it >could be. The basic mechanics of the program (RSA, IDEA, etc) obviously >work. I'll agree with you there, or at the least, if they don't work I'm not likely to be able to prove it. I also very much doubt that there's really a 'trapdoor' to deliberately make decryption easy, but there's plenty of scope for a bug or unwarranted assumption to do so by accident. (Look at WordPerfect 5.1 encryption, for a good example). >The file format can easily be checked to make sure it is correct. >A subtle flaw would have to be somewhere like: prime number generation, >random RSA key generation, or random session key generation. If the primes >weren't actually prime, that would make the RSA keys breakable. But >you could take the primes (pgp -kg -l and you will see them in hex) >and feed them into a primality tester to verify that. With regard to the file format, I've just been looking at that, I hacked a test copy of PGP 2.3a to dump out the plaintext that it would normally idea-encrypt to a file, and encrypted a selection of files with a selection of keys to look for known plaintext, then went back into the source code to track down where it came from. The first twelve bytes of the data that gets idea-encrypted contain two bytes of known plaintext, and two repeated bytes. The actual contents are: bytes 1-8: Randomly generated prefix bytes 9-10: Repeat of bytes 7 and 8 (key check bytes) bytes 11-12: ALWAYS 0xA3 and 0x01 !!!! The repeated bytes come from idea_file() in crypto.c, and are used to verify that you got the correct key to decrypt the file. The known bytes come from squish_and_idea_file() in the same file, and verify that the input contains compressed data and that it's zipped. Now, I don't know enough about idea encryption to know how much this would help to break the code, but it still seems to me that much of this does not need to be here. Anyone got any suggestions ? (I'd guess you could at least move the repeated bytes to the end of the file ?). It's definitely a weak point, as a brute-force attack would only need to decrypt 12 bytes to verify (or almost verify ?) a correct idea key, though whether that *greatly* reduces the security, I don't know. I realise that the random bytes are supposed in part to protect you from this, however, I don't see any point in reducing the security of the data if you don't have to. >The most likely place for a bug would be in the randomness. I suppose >it is possible that a one-line bug somewhere could leave out most of >the randomness, making the keys still look random but actually be >predictable. Random number generation is hard to verify. How has >that in PGP been checked? The PGP source is so big and spread out, >it's hard to check. I don't think there is a bug, but it would >be nice if PGP were carefully examined and attacked. Where are these >rumors coming from? They are bad for the cause. Randomness is the next thing I'm going to look at. From the output I've produced, I can't say I'm greatly impressed by the randomness of the random prefix bytes, though that's probably a result of looking at such a small sample. Tomorrow, hopefully, I'll set a program running to generate a few hundred thousand PGP random numbers and look at what comes out. Obviously, I can look at the frequency of different byte values, both overall and in each of the bytes it produces, but does anyone know of any other simple 'randomness' tests for 16-byte random numbers ? ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From huntting at misc.glarp.com Sat Aug 28 15:58:12 1993 From: huntting at misc.glarp.com (Brad Huntting) Date: Sat, 28 Aug 93 15:58:12 PDT Subject: PGP-MIME In-Reply-To: Message-ID: <199308292250.AA00175@mini.glarp.com> > (That brings up another point. Has anyone worked on getting armored > PGP registered as an official MIME encoding type? Getting pgp support > into metamail would be a massive win --- probably better than hooks in > Elm itself. If no one else is working this angle, I'd be willing to > get in touch with Nathaniel Borenstein and use whatever zorch I have > with him to make it happen.) I agree. MIME is taking the Internet by storm and for PGP or PEM to reach wide audiences, it will need to be integrated with MIME, and be able to draw on MIME's features. For PGP to really make use of MIME, it could use "multipart" types to separate the objects being encrypted and/or signed from the signatures and encrypted session keys associated with them. This could facilitate using MIME's features for external body parts where part of the message is stored on an anonymous ftp site or retrievable from a mail responder. One could encrypt a document or other file on an ftp server, then send out PGP-MIME messages with the RSA encrypted session key to decypt the file. MIME handles retreving the file and PGP deals with how to decrypt it. MIME of course deals with ascii armor on any body part leaving PGP free to use binary data wherever needed. As I see it, the main problems PGP-MIME would be (1) The lack of MIME capable readers available for PC's and MAC's (the preferred platforms for anyone concerned about PGP security). But more importantly, (2) it's not obvious how to make a painless transition from PGP-2 to PGP-MIME. Any thoughts? brad From newsham at wiliki.eng.hawaii.edu Sat Aug 28 16:53:14 1993 From: newsham at wiliki.eng.hawaii.edu (Timothy Newsham) Date: Sat, 28 Aug 93 16:53:14 PDT Subject: PGP-MIME In-Reply-To: <199308292250.AA00175@mini.glarp.com> Message-ID: <9308282352.AA09137@toad.com> > > As I see it, the main problems PGP-MIME would be (1) The lack of > MIME capable readers available for PC's and MAC's (the preferred > platforms for anyone concerned about PGP security). But more > importantly, (2) it's not obvious how to make a painless transition > from PGP-2 to PGP-MIME. check out the PCPINE package, it does mime. It can read mail out of an mbox, or a remote mailbox using IMAP or POP (assuming you have a network connection). > brad > From demon at aql.gatech.edu Sat Aug 28 19:23:17 1993 From: demon at aql.gatech.edu (Network Demon) Date: Sat, 28 Aug 93 19:23:17 PDT Subject: Total RSA in PGP Message-ID: <9308290221.AA10833@toad.com> Is it possible to use RSA all the way through a PGP encrypted message (do not use IDEA)? If so, how? I know it would take a LONG time, but it would make for a nice option. If not, why? Although, it might take "forever", why not make it an option for those willing to wait? Am I mistaken in believing RSA is more secure than the present hybrid? Thanx, --demon From warlord at Athena.MIT.EDU Sat Aug 28 20:23:18 1993 From: warlord at Athena.MIT.EDU (Derek Atkins) Date: Sat, 28 Aug 93 20:23:18 PDT Subject: PGP-MIME In-Reply-To: <199308292250.AA00175@mini.glarp.com> Message-ID: <9308290317.AA07547@podge.MIT.EDU> > For PGP to really make use of MIME, it could use "multipart" types > to separate the objects being encrypted and/or signed from the > signatures and encrypted session keys associated with them. No, this is WRONG. Take a look at the PEM-MIME Internet Draft. You *do not* want to separate the signature from the body of text being signed, since then you lose the delimiters of the signed message, and MIME can do anything with the data (like transfer tabs to spaces, etc.) This is BAD. If you keep the message and signature together, it will work better. MIME still does funky things, however, some times. Currently, you can easily use MIME as a transport mechanism for PGP messages. However currently there is no way to use PGP security for a MIME message. Hopefully we can take what the PEM-MIME effort has learned and apply that to PGP.. -derek From warlord at Athena.MIT.EDU Sat Aug 28 20:36:10 1993 From: warlord at Athena.MIT.EDU (Derek Atkins) Date: Sat, 28 Aug 93 20:36:10 PDT Subject: Total RSA in PGP In-Reply-To: <9308290221.AA10833@toad.com> Message-ID: <9308290333.AA07580@podge.MIT.EDU> This was discussed about a year ago! It is a bad idea to do this for a couple reasons. First of all, RSA can only encrypt a block of data the same size as the key. So, for example, if you encrypt a message to me using my key, it RSA-encrypts in blocks of 709 bits! Second, there is no cypher-chaining, so the encryption from one block doesn't affect the encryption of the next. It is possible to do something like this, but I sure wouldn't want to do it. As for the time, lets say you have a 10K message (not unreasonable, although thats a fairly long email message ;-), and you are encrypting it in a 512-bit key. Well, 512 bits is 64 bytes, so you are encrypting 10K bytes 64 bytes at a time (or 160 blocks). Each 64-byte block takes a few seconds, lets just say one second (its a little faster on some system, and a lot slower on others!) This means you are spending 160 seconds, or almost THREE MINUTES, to encrypt this 10K file! Personally, I don't think that the extra security that you may (or may not: you now have a massive plain-text attack, although I don't know how you can really use it) get is worth the 2 extra orders of magnitude of time it takes to encrypt the data! As for adding this as a feature to PGP. It's *not* going to happen. -derek From collins at newton.apple.com Sat Aug 28 21:18:49 1993 From: collins at newton.apple.com (Scott Collins) Date: Sat, 28 Aug 93 21:18:49 PDT Subject: Total RSA in PGP Message-ID: <9308290413.AA21961@newton.apple.com> >Am I mistaken in believing RSA is more secure than the present hybrid? .....SHORT ANSWER..... You are mistaken. .....MEDIUM ANSWER..... You are mistaken not because the statement 'RSA is more secure than the present hybrid' is false, but because it is a mistake to put your belief in this statement, which has not been proved true. RSA alone would represent a great increase in computational effort, without risk of a decrease in security, after which you couldn't prove you were any better off (though, in practice, against currently known attacks, and with a large key, you might be). .....LONG ANSWER..... RSA alone is no _less_ secure than the PGP's combination of RSA and IDEA: if you can break RSA, you can extract the IDEA key and decipher the message; if you can break IDEA, you don't need the key. I am guessing that you share a widely echoed predjudice that public-key ciphers are better than secret-key ciphers (I apologize if I have mis-labeled you :). Public-key ciphers have gained a reputation for being more secure, as a class, than secret-key ciphers. Perhaps because public-key ciphers afford 'better' key management, the world at large has gotten the impression that they provide 'better' security. Public-key ciphers as a class are _not_ more secure than secret-key ciphers. One counter example, which periodically rears its ugly head here, is the (truly random) one-time-pad. This secret-key cipher offers perfect security in the Shannon sense. No public-key cipher can make that claim. To prove RSA _more_ secure than the hybrid, RSA must be proved more secure than IDEA. Unfortunately, we don't really know how secure the RSA algorithm is (or IDEA, for that matter). It is known that RSA is no _more_ secure than factoring a component of the public key (readily available to an attacker). To my knowledge, it has not been proved that either a) RSA is at least this secure; or b) factoring is hard. Despite a paucity of formal proof, I know of know better attack on a message enciphered with well chosen keys than factoring, which both man and machine currently find taxing. RSA with well chosen keys is 'empirically' computationally secure. While IDEA has been designed specifically to resist differential cryptanalysis (thanks to those who pointed me to the IDEA papers explaining this), more formal proof of its security awaits further understanding of the information theory aspects of its foundation: mixing operations from incompatible groups. In the end, IDEA is also 'empirically' computationally secure. I know of no comparisons of the security offered by RSA and IDEA against practical attacks. .....FINAL ANSWER..... In theory: theory is as good as practice; but in practice... it isn't. Hope this helps, Scott Collins | "Few people realize what tremendous power there | is in one of these things." -- Willy Wonka ......................|................................................ BUSINESS. voice:408.862.0540 fax:974.6094 collins at newton.apple.com Apple Computer, Inc. 1 Infinite Loop, MS 301-2C Cupertino, CA 95014 ....................................................................... PERSONAL. voice/fax:408.257.1746 1024/669687 catalyst at netcom.com From thug at phantom.com Sat Aug 28 22:16:11 1993 From: thug at phantom.com (Murdering Thug) Date: Sat, 28 Aug 93 22:16:11 PDT Subject: Free Electronic Cash In-Reply-To: <199308281808.AA13416@panix.com> Message-ID: > Western Union Phone Cards (tm) are available from any agent in $5, $10, > $20, and $50 denominations. They can be (must be) purchased for cash. I > have no idea whether Western Union saves the ANI info of incoming calls > and cross indexes it with the outgoing number and the "account" number. If you don't want your number being passed via ANI to the 800 number owner and don't want it to appear on their monthly 800 bill statement, simply use your local "0" operator to place the 1-800 call for you, it's free. Simply state "Operator, I'm having problems dailing this call..etc.." Readers of comp.dcom.telecom and 2600 magazine already know about this neat little trick. You can prove it to yourself by calling Full Disclosure's 800 ANI Demo line (800-235-1414) first without using an operator, and then with an operator and compare the results. If you call Dial-A-Mattress (1-800-MATTRESS) with your ANI blocked they will get crazy on you and hang up. They are so used to seeing your number on their screen, that when they can't, they go berzerk. The reason they have live ANI is because apparently they are a big target for pranksters (pranksters ordering mattresses to other peoples houses instead of pizzas, like the pranksters of years past). > Michael Elansky Defense Fund > 25 Maiden Lane > West Hartford, CT 06117 I just sent $10 cash to them. Better them than the corrupt EFF which has been accepting kickbacks/bribes from AT&T and Pac Bell. Speaking of which, has anyone bothered to contact the EFF/CPSR/ACLU about this case? It seems like a perfect 1st Ammendment issue, and I would personally love to see the pigs who raided Mr. Elansky lose their jobs because of these outrageous civil rights violations. Thug From gg at well.sf.ca.us Sun Aug 29 00:26:11 1993 From: gg at well.sf.ca.us (George A. Gleason) Date: Sun, 29 Aug 93 00:26:11 PDT Subject: AT&T Home Security Plus Message-ID: <93Aug29.002236pdt.14096-3@well.sf.ca.us> Re Doug's response to my item on this topic: please don't get the idea that I thought AT&T were going after *me* for any reason, or trying to trap hackers deliberately, or anything like that. I may be dumb but I'm not one of those raving paranoids who assumes that everything that happens means someone is out to get me....! Nor did I mean to suggest that AT&T would actually have a backdoor in their home security systems. I was using that point as a cynical joke with the dude who called me. It was *not* intended to be serious. It *was* intended to make a sarcastic poke at Clipper. Cross-list directories: having served as a key witness against a very deadly local stalker here, I have taken great pains to let PacBell know that my service address is not to be released in any form for any reason; I've gone over this with service reps every single year at directory-compiling season. What I would really like to do is force the issue legally, i.e. serve them with some kind of court order or something, which would bar them from releasing that information. Anyway, enough for now... -gg From mbriceno at aol.com Sun Aug 29 02:08:23 1993 From: mbriceno at aol.com (mbriceno at aol.com) Date: Sun, 29 Aug 93 02:08:23 PDT Subject: Examination of ViaCrypt's PGP by members of this group Message-ID: <9308290503.tn71687@aol.com> A number of posts have proposed that perhaps some of the more astute members of this list should be allowed by ViaCryp to examine the source of the commercial PGP. The idea is that if some of the people we are likely to trust give their O.K. to the code then we can all go out and buy the program without fear of hidden back doors. Unfortunately this proposal has the same fundamental flaws that the recent review of the Clipper chip by Denning et al had. A group of even the most competent reviewers can overlook some problems in the code. It may take a long time before a flaw is discovered. The stamp of approval by some members of this list to a commercial PGP with a secret source code would therefore be little more than a marketing scheme. It would be no different from the expert review marketing scheme used to sell us Clipper, as --I think it was John Gillmore-- has recently explained. ---Marc From lg2g+ at andrew.cmu.edu Sun Aug 29 05:43:26 1993 From: lg2g+ at andrew.cmu.edu (Liam David Gray) Date: Sun, 29 Aug 93 05:43:26 PDT Subject: no ftpd on soda.berkeley.edu ? Message-ID: <8gU_DXW00Uh_I1fURT@andrew.cmu.edu> Has anyone else tried to ftp soda in the past 2 days or so? I've been unable to establish a connection. I assume whoever maintains the Cypherpunks archive on this machine (is it Eric H.?) might be able to find out: Is there any ftpd running on it at the moment, and what's the expected downtime? Thanks. - Liam Gray lg2g+ at andrew.cmu.edu From smb at research.att.com Sun Aug 29 05:43:57 1993 From: smb at research.att.com (smb at research.att.com) Date: Sun, 29 Aug 93 05:43:57 PDT Subject: Examination of ViaCrypt's PGP by members of this group Message-ID: <9308291242.AA16121@toad.com> A group of even the most competent reviewers can overlook some problems in the code. It may take a long time before a flaw is discovered. The stamp of approval by some members of this list to a commercial PGP with a secret source code would therefore be little more than a marketing scheme. It would be no different from the expert review marketing scheme used to sell us Clipper, as --I think it was John Gillmore-- has recently explained. No, there is an important difference: you'd be starting from known- good source. That might make the task feasible. That doesn't mean it's easy, of course. A fair number of years ago, I participated in a review of some code which had been developed, in part, by someone who was later convicted of assorted {h,cr,chr}acking- related offenses. There was far too much source code to check it all; however, we knew when this person had first had access, so we could use diff on many modules. That tremendously reduced the scope of the effort. We did find one curious construct -- a combination of two bugs that together constituted a security hole. Either alone was harmless. And to this day, I don't know if they were inserted deliberately. From warlord at Athena.MIT.EDU Sun Aug 29 06:03:26 1993 From: warlord at Athena.MIT.EDU (Derek Atkins) Date: Sun, 29 Aug 93 06:03:26 PDT Subject: Examination of ViaCrypt's PGP by members of this group In-Reply-To: <9308291242.AA16121@toad.com> Message-ID: <9308291259.AA10290@c-m-kornbluth.MIT.EDU> > No, there is an important difference: you'd be starting from known- > good source. That might make the task feasible. I can almost guarantee that you will not get to see the RSA sources. And I can almost guarantee that the REST of the code for the product will be straight PGP, similar to the freeware... I can't guarantee that ViaCrypt won't decide to do something stupid. -derek From doug at netcom.com Sun Aug 29 07:33:27 1993 From: doug at netcom.com (Doug Merritt) Date: Sun, 29 Aug 93 07:33:27 PDT Subject: AT&T Home Security Plus In-Reply-To: Message-ID: <9308291431.AA02561@netcom4.netcom.com> "George A. Gleason" said: >Cross-list directories: having served as a key witness against a very deadly >local stalker here, I have taken great pains to let PacBell know that my >service address is not to be released in any form for any reason; I've gone >over this with service reps every single year at directory-compiling season. Yes, unfortunately there are institutions that are obnoxious about this. Here's an innocent anecdote that shows how bad things can be. Last year I got to know a woman via her nome de plume on a mud. She was highly privacy-conscious, to the point where she told no one there anything about her real life (this is common on many muds, but not on that particular one). We'd had a bunch of heart-to-heart's, and since I'm a smart ass, at one point I called her up. Since she hadn't told me her real name nor what city she was in, let alone given me her phone number, she naturally wanted to know how I'd managed this. (I underscore that this was innocent; we talked for 6 hours that time and she recently visited me while passing through the area where I live, which is to say that she wasn't bent out of shape by my doing the above.) Anyway the scary part is that her university lists both *residence* phone and address for all students in their phone directory services. She said that she had tried to get unlisted but that university policy *forbade* that, so she was stuck with being listed. (Yes, this is a U.S. university.) That's the sort of policy that ought to be prevented by law. Even non-deadly stalkers can be a serious nuisance. Doug From cdodhner at indirect.com Sun Aug 29 08:23:28 1993 From: cdodhner at indirect.com (Christian D. Odhner) Date: Sun, 29 Aug 93 08:23:28 PDT Subject: Free Electronic Cash In-Reply-To: Message-ID: <199308291518.AA13632@indirect.com> > If you don't want your number being passed via ANI to the 800 number owner > and don't want it to appear on their monthly 800 bill statement, simply > use your local "0" operator to place the 1-800 call for you, it's free. > Simply state "Operator, I'm having problems dailing this call..etc.." > Readers of comp.dcom.telecom and 2600 magazine already know about this > neat little trick. You can prove it to yourself by calling Full > Disclosure's 800 ANI Demo line (800-235-1414) first without using an > operator, and then with an operator and compare the results. I just tried this, both ways, and got my own home phone number repeated to me, both times. Maybe they fixed this "bug"? Happy Hunting, -Chris PGP public key available upon request. From frissell at panix.com Sun Aug 29 08:38:29 1993 From: frissell at panix.com (Duncan Frissell) Date: Sun, 29 Aug 93 08:38:29 PDT Subject: Free Electronic Cash Message-ID: <199308291536.AA23488@panix.com> To: cypherpunks at toad.com T >> Michael Elansky Defense Fund T >> 25 Maiden Lane T >> West Hartford, CT 06117 T > T >I just sent $10 cash to them. Better them than the corrupt EFF which T >has been accepting kickbacks/bribes from AT&T and Pac Bell. Speaking T >of which, has anyone bothered to contact the EFF/CPSR/ACLU about this T >case? It seems like a perfect 1st Ammendment issue, and I would T >personally love to see the pigs who raided Mr. Elansky lose their jobs T > because of these outrageous civil rights violations. They have been in contact with the EFF and received some moral support but they mostly have to depend on their own resources. I did determine that the BBS was not siezed, BTW. It was missing when the Geheime Staats Polizei arrived. Duncan Frissell (Net Prime - 01000001st Fiberborne) "A Machine Age army can no more defeat an Information Age army than a Muscle Age army can defeat a Machine Age army." Join in the fun as Slick Willie and the other spearcarriers of the New World Order charge the machine guns of the Info Army. Cyberspace Wants You. Join the 01000001st Fiberborne - recruiting depot open at this address. Phase One guerilla operations have already begun... --- ~ WinQwk 2.0b#0 ~ Unregistered Evaluation Copy From huntting at glarp.com Sun Aug 29 09:26:15 1993 From: huntting at glarp.com (Brad Huntting) Date: Sun, 29 Aug 93 09:26:15 PDT Subject: PGP-MIME In-Reply-To: <9308290317.AA07547@podge.MIT.EDU> Message-ID: <199308291623.AA03115@misc.glarp.com> >> For PGP to really make use of MIME, it could use "multipart" types >> to separate the objects being encrypted and/or signed from the >> signatures and encrypted session keys associated with them. > No, this is WRONG. Take a look at the PEM-MIME Internet Draft. You > *do not* want to separate the signature from the body of text being > signed, since then you lose the delimiters of the signed message, and > MIME can do anything with the data (like transfer tabs to spaces, > etc.) This is BAD. If the signed object where of type text/*, then yes it might be altered with impunity. But MIME would not alter a body part type such as application/pgp-object or message/external-body would it? There's a definite advantage in using multipart/* to separate signatures from the plain-text they apply to because then you can easily encode the signatures with base64 while encoding the text in "7bit" or "8bit". > If you keep the message and signature together, it will work better. > MIME still does funky things, however, some times. Then we need to get the MIME do's and dont's nailed down in the next RFC (if they arn't already) specifying exactly which type can be altered, and to what extent. > Currently, you can easily use MIME as a transport mechanism for PGP > messages. However currently there is no way to use PGP security for a > MIME message. Hopefully we can take what the PEM-MIME effort has > learned and apply that to PGP.. But I can put a MIME message headers in a PGP message. And (though I haven't tried it), I should be able to specify that application/pgp messages will be piped through a command like "pgp -m|metamail" or "pgp -m|mhn -file /dev/stdin". Unfortunately, I've had problems redirecting pgp's stdin and stdout. I'm not sure that it opens /dev/tty every time it wants to talk to the user. Also, since you bring up PEM-MIME, what could be done to bring PGP and PEM closer together? I'm not suggesting changing the web of trust model or using DES instead of IDEA. Just make the formats similar enough so that an application implementing one could be painlessly modified to implement the other. A common format wouldn't seem to be all that difficult to implement. Since some folks want to use triple DES and others IDEA, add this info to the RSA encrypted portion of the message. This has the advantage of hiding not only the key used to encrypt the body of the message, but the algorithm as well. As for the trust models, there not so different in theory, just in practice. PEM is planing on using X.509 type certificates, and they are having problems figuring out how to map X.500 Distinguished Names (DN's) onto e-mail addresses (I think they're making the problem allot harder than it is). Perhaps the model for future PEM/PGP systems is to keep both private key rings, and public key rings with the latter being found in the (Internet) X.500 directory. This would nessesitate being able to sign a private key with a public key, and vice versa. brad From gnu Sun Aug 29 10:36:15 1993 From: gnu (John Gilmore) Date: Sun, 29 Aug 93 10:36:15 PDT Subject: Whit Diffie on Sept 27th Sunergy Satellite TV Broadcast Message-ID: <9308291735.AA18888@toad.com> ---------------------------------------------------------------------------- The Florida SunFlash Sept 27th Sunergy Satellite Broadcast SunFLASH Vol 56 #26 August 1993 ---------------------------------------------------------------------------- 56.26 Sept 27th Sunergy Satellite Broadcast 7th Sunergy Broadcast will be on September 28, 1993 from 9:00 - 10:45 am PDT. Title: "Cyberjockying in the 21st Century". How will supernetworks and the Internet affect you ? ---------------------------------------------------------------------------- If you have satellite receive capabilities and wish to downlink this program please send email to david.howard at Sun.COM. We will add your name to our alias and send the appropriate satellite and transponder information when it becomes available. Sunergy #7 September 28, 1993 9:00 - 10:45 am PDT Cyberjockying in the 21st Century How will supernetworks transport you to the far reaches of the data galaxy? What is the current status of the internet and other "information highways"? What can these "highways" do for you today? This next Sunergy live broadcast will focus on the issues and technologies surrounding the worldwide movement of information. It will take a look at the internet, information suppliers, information retrievers and the other related resources. Discussions will also include regulation and security on the internet. Some current technologies will be demonstrated. Guests include: John Gage - Director of the Science Office, SMCC Whitfield Diffie - Distinguished Engineer, Security - SMCC Carl Malamud - President, Internet Multicasting Service Brewster Kahle - President, WAIS Inc If you wish to downlink this broadcast, please send email to david.howard at Sun.COM or phone the Sunergy office at +1 415/336-5847 Program is available on satellites over Europe (west, central and east), Canada, Latin America and the US. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Biographies: John Gage Director, Science Office Sun Microsystems Computer Corporation John Gage works for Bill Joy, the Chief Technical Officer of Sun, and is responsible for Sun's relationships with the world scientific and public policy communities, international scientific institutions and groups developing new forms of scientific research involving computing. He is on scientific and advisory panels of the United States National Science Foundation, the US Congress Office of Technology Assessment, the European institute of Technology and the United States National Academy of Sciences. He has recently been appointed to the US National Research Council Mathematical Sciences Education Board. He is a member of ACM, IEEE, SIAM, AMS, AAAS, and SMPTE. He attended the Harvard Business School and the Harvard Graduate School of Public Policy. He did doctoral work in economics and mathematics at the university of Berkeley at the same time as Bill Joy. Gage subsequently left Berkeley with Joy to start Sun in 1982. Gage is on the Board of Directors of Unicode, an industry consortium of IBM, Microsoft, Apple, Novell, Sun, GO Corporation, and others to provide multilingual capability in all world scripts for all documents and applications. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Carl Malamud President Internet Multicasting Service Carl Malamud is the author of seven professional reference books including STACKS (Prentice Hall), Analyzing Sun Networks (Van Nostrand Reinhold), and Exploring the Internet: A Technical Travelogue (Prentice Hall). Currently, Carl is producing the Internet Town Hall and Internet Talk Radio series for the Internet Multicasting Service and conducts research on integration of telephone systems into the Internet. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Whitfield Diffie Distinguished Engineer Sun Microsystems Whitfield Diffie is best known for his 1975 discovery of the concept of public key cryptography, for which he was recently awarded a Doctorate in Technical Sciences (Honoris Causa) by the Swiss Federal Institute of Technology. For a dozen years prior to assuming his present position in 1991, Diffie was Manager of Secure Systems Research for Northern Telecom, functioning as the center of expertise in advanced security technologies throughout the corporation. Among his achievements in this position was the design of the key management architecture for NT's recently released PDSO security system for X.25 packet networks. Diffie received a Bachelor of Science degree in mathematics from the Massachusetts Institute of Technology in 1965. Prior to becoming interested in cryptography, he worked on the development of the Mathlab symbolic manipulation system --- sponsored jointly at Mitre and the MIT Artificial Intelligence Laboratory --- and later on proof of correctness of computer programs at Stanford University. He is the recipient of the IEEE Information Theory Society Best Paper Award for 1979 and the IEEE Donald E. Fink award for 1981. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Brewster Kahle President Wide Area Information Servers, Inc. Inventor and architect of the WAIS electronic publishing system, Brewster Kahle has lead the multi-company effort to build a practical system for end-users to find and retrieve information from servers worldwide. Before this work, he helped design and build parallel supercomputers at Thinking Machines Corporation. Brewster was schooled at MIT in Computer Science and Artificial Intelligence. ********************************************************************** For information about SunFlash send mail to info-sunflash at Sun.COM. Subscription requests should be sent to sunflash-request at Sun.COM. Archives are on draco.nova.edu, ftp.uu.net, sunsite.unc.edu, src.doc.ic.ac.uk and ftp.adelaide.edu.au All prices, availability, and other statements relating to Sun or third party products are valid in the U.S. only. Please contact your local Sales Representative for details of pricing and product availability in your region. Descriptions of, or references to products or publications within SunFlash does not imply an endorsement of that product or publication by Sun Microsystems. Send brief articles (e.g. third party announcements) and include contact information (non-800#, fax #, email, etc) to: John McLaughlin, SunFlash editor, flash at Sun.COM. +1 305 351 4909 From tcmay at netcom.com Sun Aug 29 12:08:30 1993 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 29 Aug 93 12:08:30 PDT Subject: Talked to Phil Zimmermann.... Message-ID: <9308291906.AA23360@netcom5.netcom.com> Cypherians, Phil Zimmermann was at our "Extropians Fifth Anniversary Party" in the Santa Cruz mountains yesterday and last night; Extropians are another mailing list/group, of course, but there is a substantial overlap between the groups. Several items of potential interest: 1. RSA did not know of the ViaCrypt deal until after it was signed last Sunday. ViaCrypt's license allows it to put whatever it wants around the RSA core....it has picked PGP as the wrapper. RSA can't really object to this, provided the RSA core is as the contract with ViaCrypt specifies. 2. Phil will carefully inspect the code, including the RSA part, and is confident no funny business is planned by ViaCrypt or anyone else. (I have to trust Phil on this matter more than any "panel" or the like....after all, he wanted to put trapdoors in, he could in the existing PGP--though of course this is highly unlikely to have been put in in the first place and to have remained undiscovered all this time.) 3. There's a bunch of confusing--to me--stuff about U.S. versions, European/foreign versions, what can and can't be exported and imported, the ITAR (International Traffic in Arms Regulations), and so on. Basically, there may be separate European versions, possibly using different code. Triple DES may be used in some versions (don't ask me for details....I'm not sure of the tradeoffs between DES and IDEA...perhaps the deal to use IDEA doesn't fit with a commercial version of PGP). 4. I showed Phil the MacPGP 2.3 program on my PowerBook 170. The "help" system especially impressed him (it does me, too). He is not closely connected with Zig F.'s Macintosh development. 5. Integrating PGP with mailers--the "elm" and MIME ideas that keep surfacing--is still being debated. Running PGP on a machine outside one's own control is always dangerous, but, let's face it, is how _many_ people are already using PGP and how many of the future corporate customers will be likely to use it. (The PGP secret key will then be found scattered around in backups, on other disks, etc. Even the manually-entered passphrase is *not sufficient*, as many systems have "scrypt" and similar keystroke-capture programs automatically recording all keystrokes. Even my Macintoshes capture all keystrokes ("Last Resort," "Thunder 7, etc., have such utilities). This is an unresolved issue! (Talk of using smartcards, RSA cards, Newton-like PDAs, etc., is one approach, but this moves away from ease of use by requiring specialized hardware.) 6. Ease of use remains a problem. Phil mentioned again that he sends a routine form letter out to all those who send him encrypted e-mail explaining that it may take him several days to get around to reading their messages...he has to do the same multi-step procedure of downloading to his local PC, quitting, saving the file, starting PGP, and so on. (Phil has never run PGP on a machine outside his control.) 7. Phil also wanted to talk about the political issues of RSA vs. PGP, about my concerns some months back that the battle for strong crypto would not be won with explicitly illegal programs, etc. I told him I thought the ViaCrypt deal was a nearly perfect solution to these concerns: individuals and corporations can now safely use PGP without the fear of asset forfeiture or criminal prosecution should a zealous prosecutor decide to "make an example" of them. A legal version of PGP is the goal many of us were seeking. A major win. I congratulate Phil for pulling this off. 8. Perhaps most ironically, David Sternlight (the neural net AI automatic posting program I mentioned a few days ago) has asked to be a beta site for the ViaCrypt program! Sternlight blesses ViaCrypt...the mind boggles. (To be fair to Sternlight--something many people may flame me for :-} --he never argued for a ban on crypto, or for restrictions, only that a "legal" or "unencumbered" version be used. Hence his involvement with RIPEM.) That's what I remember. The party started at 2 p.m. at the mountain-top home of Mark Desilets and lasted 'til well after 3 a.m....and may still be going. I didn't count, but there were probably at least a hundred people, including a dozen or more Cypherpunks. A real blast. -Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From collins at newton.apple.com Sun Aug 29 12:13:30 1993 From: collins at newton.apple.com (Scott Collins) Date: Sun, 29 Aug 93 12:13:30 PDT Subject: no ftpd on soda.berkeley.edu ? Message-ID: <9308291907.AA01298@newton.apple.com> >Has anyone else tried to ftp soda in the past 2 days or so? I've been >unable to establish a connection. Ditto. From tcmay at netcom.com Sun Aug 29 13:03:30 1993 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 29 Aug 93 13:03:30 PDT Subject: Apple planning to use Clipper chip? Message-ID: <9308292002.AA01284@netcom5.netcom.com> A disturbing rumor/tidbit from the party I just finished discussing: Someone from Apple Computer said that Apple has been making "input" on the Clipper/Skipjack/Capstone/whatever thing and _endorsed_ the idea (or at least someone representing Apple did). Apple even discussed the pricing and said that if the Clipper/Skipjack chip could be sold to them for less than $30, they could "design it into every Mac." Phil Zimmermann was listening when this was said, and he was as shocked as I was. Can anyone on this list confirm or refute this report? (I don't want to name the Apple guy--several were at the party--unless he wants me to. But since he's not on the Cypherpunks list...) The fact that Apple is reviewing the "key escrow" proposals probably implies other hardware makers are as well. This suggests a whole behind-the-scenes movement to get Clipper/Skipjack/Capstone key escrow chips designed into PCs, probably in the communications/modem/network subsections. Speculatively, this could be a worse "fait accompli" than the Clipper proposal for phones, since not many people are planning to buy new secure phones, but a huge number of new Macs and PCs will be bought. (I assume folks can "wire around" the Skipjack/Capstone subroutines in some way, probably more easily than mods to the Clipper phones can be made. After all, it's software. So I don't claim the Feds will automatically be successful.) Many of us believe the "other shoe will drop" when a new Crime Bill (like the Biden Bill of a while back) is proposed, and key escrow is made mandatory for data systems. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From tcmay at netcom.com Sun Aug 29 13:13:31 1993 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 29 Aug 93 13:13:31 PDT Subject: Talked to Phil Zimmermann.... Message-ID: <9308292008.AA01693@netcom5.netcom.com> I rarely waste your time with minor spelling or grammar corrections, or even missing words, but this omission needs a correction: > 2. Phil will carefully inspect the code, including the RSA part, and > is confident no funny business is planned by ViaCrypt or anyone else. > > (I have to trust Phil on this matter more than any "panel" or the > like....after all, he wanted to put trapdoors in, he could in the > existing PGP--though of course this is highly unlikely to have been > put in in the first place and to have remained undiscovered all this > time.) "...after all, if he wanted to put trapdoors in...." The "if" is the all-important subjunctive qualifier. -Tim From fergp at sytex.com Sun Aug 29 13:43:31 1993 From: fergp at sytex.com (Paul Ferguson) Date: Sun, 29 Aug 93 13:43:31 PDT Subject: The Hunt for Red Miata (humor) Message-ID: excerpted from the notorious, left-wing publication: The Washington Post Sunday, 29 August 1993 Page C5; Outlook Commentary and Opinion The Hunt for Red Miata A Glimpse at the New Indutrial-Espionage CIA, by David Corn "Economic intelligence is the hottest current topic in intelligence poilcy." - CIA Director R. James Woolsey The President slammed the files down on the desk and glared across the Oval Office to his national security advisors. "Intelligence reports from the NSA," he huffed, "tell us that Volkswagen is about to introduce a sports coupe with room for passengers in the back, air bags in front and rear, zero to 60 in 6.8, over 50 mpg, retailing for less than $12,000, due to a new employee profit-sharing arrangement. This is intolerable. Detroit could be driven to its knees. And what's worse is those damn ... uh, competitors ... are stealing secrets from our companies. Thank God, one of their design specialists used an unsecured cellular phone. What are we going to do?" Woolsey finished cleaning his glasses with his tie. "Well, Mr. President," he said, "our sources tell us that all they really got was GM's plans to market luxury sedans in Japan -- a lot of good that will do them. But we realize this threat is serious. We are putting our best officer on the case ..." James Ryan was waiting in the hallway outside the Oval Office. He was still nursing a bad case of eye strain and a touch of R.S.I from the last operation -- the Toshiba HDTV case. It had ended badly. Two hackers dead. A Cray was down. And the disks were at the bottom of the Sea of Japan. As he entered the president's office, Ryan silently cursed Woolsey for making him attend this damn dog-and-pony show. The president stared at Ryan, a 25-year veteran of the service. Was this the agency's best man? He wore thick glasses; a plastic pocket-protector protruded from his shirt pocket. The end of his belt dangled. "Mr. President," Woolsey explained," he's undercover." The president clasped his hands together. "Very convincing, Director," he said. "Just wanted to meet the man upon whom our economic future as a nation rests. Now that I have, I feel very comfortable. Make us proud, Mr. Ryan. Get us their secret plans. By the way, if anyone ever asks, I will disavow any knowledge of your actions." Ryan nodded. "I will erase it." First stop was Dusseldorf, an auto trade show. Ryan was following a marketing exec out of a beerhall -- her gray suit flattered her long legs -- when the personal fax in his briefcase rang. He ducked into an alley and read the noncurling document: Go to the HiTek Cafe in Berlin -- damnit, he hated that smoke-free, non-alcohol pub -- and await your contact, who will carry a copy of HyperText Life magazine. Ryan was playing with his slide rule when she walked in the HiTek. Nice, he thought. She sat down next to him and gave the code signal: "Don't you hate to run out of memory?" "With some data," he replied, "you just have to learn to let go." Victoria Goodlog, she introduced herself. An American grad student in design engineering who had received a fellowship to work in the new, restricted Fahrvergnugen Research Facility. "But we're on the same team," she added. "You worked with Daddy on the Greece business, didn't you?" "Dirty business, that was," he said. "But we won the Cold War." "It killed Daddy." "Yes, but he died knowing that the U.S. gold supply was safe and that he had thwarted another communist plot to rule the world." "But now we know Moscow was not even capable of ruling its own country." "Well, sure, hindsight is 20/20 .... So tell me, what's a girl like you doing in a job like this?" Ryan put his hand on her thigh and rubbed the corduroy. "Make that 'woman'," she said. "And you don't have to seduce me. I'm on your side. Let's go back to my hotel. I have condoms." Nothing is the same anymore, Ryan thought. After a lengthy discussion of their sexual pasts and then moderately passionate lovemaking, the two ordered Evian from room service and plotted. "I'll create a power surge to knock out the computer security system. You'll have a few minutes to copy the encrypted data file," Goolog said. Ryan like the plan. "What's your favorite algorithm?" he asked. "Later," she said with a smile. The next morning, everything fell into place. Ryan, posing as a workplace facilitator, gained entry into the lab and cracked the computer locks. He downloaded the file into his laptop and copied the plans onto super-high-density diskettes designed by Langley's techies to look like cough drops. On the way out, he dumped the computer in a garbage can. It would be untraceable. He rendezvoused with Goodlog at a virtual-reality arcade. As they walked down the Kurfurstendamm, Ryan stopped to fix the penny in his loafer. "Look at this," Goodlog said as she walked on. "Somebody must have dropped an experimental Hexium-25050 advance microprocessor chip." She bent doen to pick it up. "Don't!" bellowed Ryan. The chip exploded. It was too late. He held her in his arms, stroked her short hair, removed her black-frame glasses. But when he heard the sirens, he dropped her body to the cold pavement and ran. He didn't look back. His satellite-signal beeper souded. He ignored it. He walked past the Brandenburg Gate. It all used to be much easier. Back then, he was fighting the Evil Empire to save the Free World. That was worth taking a bullet for. But why should he have to face the diabolical security chief of BMW or the goons of Honda to benefit the dinosaurs of Detroit? He hated the Ford he owned. No pick-up, lousy handling. He thought of Goodlog. Who in Grosse Point would mourn her? Rather than use the plans to build a better, cheaper car, GM would probably find a way to sabotage the new VW model. That might even be his next assignment. Ryan tossed the diskettes into a sewer. What would he tell Woolsey? He looked at the spot where Checkpoint Charlie once stood. It began to rain. "I know," Ryan muttered to himself. "I'll say that I ran out of fax paper." -------------------------- David Corn is Washington editor of the Nation magazine. Paul Ferguson | privacy \'pri-va-see\ n, pl, -cies; Mindbank Consulting Group | 1: the quality or state of being apart Fairfax, Virginia USA | from others 2: secrecy fergp at sytex.com | ferguson at icp.net | Privacy -- Use it or lose it. Type bits/keyID Date User ID pub 1024/1CC04D 1993/03/15 Paul Ferguson Key fingerprint = EE D2 93 7D 04 6D C6 05 AC 36 AD 9D 8E 4F 41 58 From collins at newton.apple.com Sun Aug 29 15:23:33 1993 From: collins at newton.apple.com (Scott Collins) Date: Sun, 29 Aug 93 15:23:33 PDT Subject: ftp from soda Message-ID: <9308292118.AA02494@newton.apple.com> available again From pcw at access.digex.net Sun Aug 29 15:56:18 1993 From: pcw at access.digex.net (Peter Wayner) Date: Sun, 29 Aug 93 15:56:18 PDT Subject: Crypto and Jurassic Park Message-ID: <199308292253.AA11905@access.digex.net> Here is an anecdote about the use of cryptography taken from "The Beauty in the Beasts" an article by Jody Duncan on page 95 of the magazine "Cinefex". Principal (sic) photography on Jurassic Park wrapped just after the Thanksgiving weekend. In the six months that followed, the film was editted, scored, mixed for sound and provided with finalized computer graphics dinosaurs. Already on to his next project-- Schindler's List-- Speilberg was shooting in Europe throughout most of the postproduction phase, but continued to keep his hand in Jurassic Park through an encrypted satellite feed from ILM (Industrial Lights and Magic). From 72114.1712 at CompuServe.COM Sun Aug 29 16:54:05 1993 From: 72114.1712 at CompuServe.COM (Sandy) Date: Sun, 29 Aug 93 16:54:05 PDT Subject: JURASSIC CRYPTO Message-ID: <930829234818_72114.1712_FHF50-1@CompuServe.COM> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT Reply to: ssandfort at attmail.com . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Peter Wayner quoted from an article by Jody Duncan on page 95 of the magazine "Cinefex": . . . Speilberg was shooting in Europe throughout most of the postproduction phase, but continued to keep his hand in Jurassic Park through an encrypted satellite feed from ILM (Industrial Lights and Magic). Maybe these folks need some stronger crypto. I got a call from a Cypherpunk on assignment in France. He said that he had been involved in an unauthorized capture and decryption some of those very same digital dinosaurs. He said they were "pretty cool." I got the impression the cracking wasn't very difficult. Maybe Speilberg and ILM need some expert help. Another Cypherpunk business opportunity? S a n d y "When crypto becomes extinct, only dinosaurs will have crypto" >>>>>> Please send e-mail to: ssandfort at attmail.com <<<<<< ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From frissell at panix.com Sun Aug 29 18:13:34 1993 From: frissell at panix.com (Duncan Frissell) Date: Sun, 29 Aug 93 18:13:34 PDT Subject: AT&T Home Security Pl Message-ID: <199308300109.AA09976@panix.com> To: cypherpunks at toad.com D >Anyway the scary part is that her university lists both *residence* D >phone and address for all students in their phone directory services. D >She said that she had tried to get unlisted but that university D >policy *forbade* that, so she was stuck with being listed. (Yes, this D >is a U.S. university.) D > D >That's the sort of policy that ought to be prevented by law. Even D >non-deadly stalkers can be a serious nuisance. D > Doug Haven't you people ever heard of mail receiving services and voice mail? When people want to violate your privacy by asking questions, give them what they want but make sure it's meaningless. When people ask *me* address and phone number as they seem to do every week or so, I just give them my voice mail and mail drop. ($20/month combined cost NYC.) No laws required. Duncan Frissell ************************************************************************* ATMs, Contracting Out, Digital Switching, Downsizing, EDI, Fax, Fedex, Home Workers, Internet, Just In Time, Leasing, Mail Receiving, Quants, Securitization, Temps, Voice Mail. - Not as sexy as Tim May's signature line but just as important. --- ~ WinQwk 2.0b#0 ~ Unregistered Evaluation Copy From stig at netcom.com Sun Aug 29 19:08:36 1993 From: stig at netcom.com (Stig) Date: Sun, 29 Aug 93 19:08:36 PDT Subject: Apple planning to use Clipper chip? In-Reply-To: <9308292002.AA01284@netcom5.netcom.com> Message-ID: <9308300206.AA20871@netcom3.netcom.com> > > The fact that Apple is reviewing the "key escrow" proposals probably > implies other hardware makers are as well. This suggests a whole > behind-the-scenes movement to get Clipper/Skipjack/Capstone key escrow > chips designed into PCs, probably in the communications/modem/network > subsections. > It's quite fortunate, then, that the PC market is not monopolized as the Macintosh market is. Stig ;; __________________________________________________________________________ ;; Stig at netcom.com netcom.com:/pub/stig/00-PGP-KEY ;; It's hard to be cutting-edge at your own pace... 32 DF B9 19 AE 28 D1 7A ;; Bullet-proof code cannot stand up to teflon bugs. A3 9D 0B 1A 33 13 4D 7F From nate at VIS.ColoState.EDU Sun Aug 29 20:49:08 1993 From: nate at VIS.ColoState.EDU (nate at VIS.ColoState.EDU) Date: Sun, 29 Aug 93 20:49:08 PDT Subject: Apple planning to use Clipper chip? Message-ID: <9308300346.AA04541@monet.VIS.ColoState.EDU> > > The fact that Apple is reviewing the "key escrow" proposals probably > implies other hardware makers are as well. This suggests a whole > behind-the-scenes movement to get Clipper/Skipjack/Capstone key escrow > chips designed into PCs, probably in the communications/modem/network > subsections. > I think it signals a time to look into other platforms... The new Silicon Graphics Indy looks quite good right about now. Just imagine the stickers we could put on those babies! "Big Brother built-in!" "Big Brother Inside!" come to mind, among others. -nate +-------------------------------------------------------------------- | Nate Sammons email: nate at VIS.ColoState.Edu | Colorado State University Computer Visualization Laboratory | Finger nate at monet.VIS.ColoState.Edu for my PGP key | #include | Always remember "Brazil" +----------------------+ From hkhenson at cup.portal.com Sun Aug 29 21:19:08 1993 From: hkhenson at cup.portal.com (hkhenson at cup.portal.com) Date: Sun, 29 Aug 93 21:19:08 PDT Subject: Another BBS Seizure in Ha Message-ID: <9308292046.1.26977@cup.portal.com> Re this thread, I know someone on this list is also very active with EFF. Could John tell us if EFF is on this case? I would really be interested in such details as did the cops get warrants for all the email on the system? If they did not, it is Alcor or Steve Jackson all over again. (and several other cases which did not go very far because the cops found out how much trouble they were in. :) ) Keith Henson PS, EFF would seem like a good place to administer a defense fund. From mgream at acacia.itd.uts.edu.au Mon Aug 30 00:46:20 1993 From: mgream at acacia.itd.uts.edu.au (Matthew Gream) Date: Mon, 30 Aug 93 00:46:20 PDT Subject: Source Code NOT available for ViaCrypt PGP In-Reply-To: <9308272032.AA17050@toad.com> Message-ID: <9308300745.AA22452@acacia.itd.uts.EDU.AU> In a previous life, peter honeyman said ... | i disagree. who will guarantee that viacrypt ships binaries based on | the validated code? Have your appropriately trusted person watch the code compiled in front of him, and take a signature of the completed binary. Although, this becomes somewhat of a nightmare, as 'Mr Trusted' will need to oversee all 'release' compilations, and spend time beforehand going over code to verify everything. This signature could be signed by 'Mr Trusted' and included with the distribution, including s/ware to allow the 'pleb' user ensure they match. Matthew. -- Matthew Gream,, M.Gream at uts.edu.au -- Consent Technologies, 02-821-2043. From gnu Mon Aug 30 00:58:39 1993 From: gnu (John Gilmore) Date: Mon, 30 Aug 93 00:58:39 PDT Subject: Another BBS Seizure in Hartford In-Reply-To: <9308292046.1.26977@cup.portal.com> Message-ID: <9308300757.AA28049@toad.com> > Re this thread, I know someone on this list is also very active with EFF. > Could John tell us if EFF is on this case? I would really be interested I have no idea. I'm a few days back in my personal email, and just now skipped ahead to read all the "BBS" messages. As far as I can tell, nobody actually forwarded any information about this problem *TO EFF*! I have gathered all the useful msgs sent to cypherpunks and forwarded them to Mike Godwin and Shari Steele at EFF. But in future, guys, when you want action our of EFF, howabout letting them know? (eff at eff.org is probably the best place to send such info). John Gilmore From edgar at spectrx.Saigon.COM Mon Aug 30 01:23:39 1993 From: edgar at spectrx.Saigon.COM (Edgar W. Swank) Date: Mon, 30 Aug 93 01:23:39 PDT Subject: Phil Zimmerman Press Briefing? Message-ID: <0s539B2w165w@spectrx.saigon.com> To: Bay Area Extropians Cypherpunks Phil Zimmerman is sitting here beside me now (8/29 10:50am). He was surprised to learn people thought he wanted to do a "press conference" at Extropaganza. I guess that was my misunderstanding of what I heard on the phone. He asked me to find some Bay Area trade press reporters to talk to about his commercialization of PGP, at anytime during his CA visit, not necessarily during the party. And certainly nothing as presumptious as a "press conference." -- edgar at spectrx.saigon.com (Edgar W. Swank) SPECTROX SYSTEMS +1.408.252.1005 Cupertino, Ca From gnu Mon Aug 30 02:43:40 1993 From: gnu (John Gilmore) Date: Mon, 30 Aug 93 02:43:40 PDT Subject: CLIPPING CLIPPER by Lance Hoffman, by permission from CACM Message-ID: <9308300939.AA29097@toad.com> Date: Sun, 29 Aug 1993 08:13:32 -0500 From: farber at central.cis.upenn.edu (David Farber) Subject: CLIPPING CLIPPER by permission from CACM To: interesting-people at eff.org (interesting-people mailing list) From: hoffman at seas.gwu.edu (Lance J. Hoffman) Several people have asked me to post this for those who do not get Communications of the Association for Computing Machinery. So here it is, reprinted with permission from Communications of the ACM, September 1993, volume 36, number 9. (This is a version which differs in minor detail from the one which finally appeared, and which does not have the footnotes included in the CACM article. But, otherwise it is substantially the same.) Viewpoint: CLIPPING CLIPPER Professor Lance J. Hoffman Department of Electrical Engineering and Computer Science The George Washington University Washington, D. C. hoffman at seas.gwu.edu The FBI is becoming increasingly worried about the fact that the United States is technologically close to having effectively unbreakable encryption available to individuals. This will eliminate its capability to listen in on specific telephone conversations, even with a court-authorized warrant under existing wiretap legislation. In 1991, it pushed legislation to to require significant changes in computer hardware, software, and communications equipment so that agents could maintain these capabilities in the increasingly digital telephone network [1]. But opposition by computer and communications companies, professional societies, and civil libertarians convinced the Senate to remove the provision from its crime bill. Last year, not one member of Congress was willing to introduce legislation requiring telecommunications providers to turn back the clock and redesign the emerging digital telecommunications system so that the FBI could, at some considerable economic cost to all users, continue to tap, under court order, certain digital communications [2]. Now the FBI and its allies in the intelligence community have persuaded the President to pursue a course which, if not reversed, may achieve the same goal by effectively building "Big Brother" capabilities into the computer/telephone network of the future with the "Clipper" chip, an encryption device with applications in telephones and other computer network peripherals [3, 4, 5]. The Clipper encryption method [6] (see sidebar) requires escrowing of user encryption keys with two trusted authorities, not announced as of this writing. One might anticipate the government will compound its surprising move with Clipper by selecting two in-government executive-branch entities as the escrow agents. If it does so, there will be further erosion of the power of Congress to establish public policy. One could, of course, ask whether escrow technology will be accepted by computer users who can get the real thing elsewhere. Encryption is available around the world without the burden of key escrowing -- preliminary survey results from the Software Publishers Association revealed 143 non-U.S. and 133 U. S.-based cryptographic products, many providing DES [7] and/or RSA [8] capabilities. Moreover, encryption software (including DES and RSA algorithms and the user-ready and popular Pretty Good Privacy (PGP) [9] secure message system) is freely downloadable from public networks around the world [10]. Encryption is becoming increasingly important. Persons who wish unescrowed confidentiality -- both law-abiding persons and criminals -- will find and use other encryption schemes to protect information they wish to keep secure. After all, it is not hard to superencrypt messages with one's own software or hardware encryption first, not registering any key with any authority, and very possibly using an imported device (or software) from another country. Increasingly, travelers use telephones to communicate information back and forth between workstations they have never seen before and their home or office computers; the threats of eavesdropping and falsification are much greater than in years past [11]. These persons can't be expected to trust a U. S.-developed standard whose algorithm is secret if they can instead turn to cryptosystems available elsewhere with an algorithm that has faced public scrutiny and whose keys are completely under control of the user. The only way a government can prevent this is by outlawing the use of encryption methods which are not readable by the government. The Administration admits that this is a fundamental policy question which "will be considered during the broad policy review" [12] it has underway. If the government adopts (or, as it appears now, decrees) such a "Digital Volstead Act", there will be some benefits to law enforcement. In the long term however, it will have a negative effect on individual freedom and liberty. It might even encourage contempt for law enforcement on the digital network since strong cryptographic algorithms are already available in software, freely reproducible by all who desire, regardless of where they live or work. The Clinton administration should postpone the introduction of Clipper. And Congress should mandate a serious, open, public review of the issues and options facing society. The implications are too profound to allow the promulgation of the first partially classified Federal Information Processing Standard (FIPS) without appropriate discussion. Congress should also move to strengthen the independence of NIST, which has apparently not only used the National Security Agency's skills in cryptography (as required by the Computer Security Act of 1987) but also appears to be all too eager to adopt its policy interests as well. This has resulted in the discussion of critical issues being framed by the cryptographic policy specialists at NSA, who have so far sidestepped Congress and are protecting their traditional ways of doing things, while the world is changing all around them. They are apparently reluctant to admit that cryptography and the policy issues that go with it are now important enough to merit a full public debate, or that the genie may be out of the bottle, or that we now have "a regulatory structure that goes back to the cold war and does not recognize the realities of the present situation" [11]. So they are using the Clipper initiative to pull off a "turf coup d'etat". The issue here is U.S. cryptographic policy and who controls it, not the technical merit of the Clipper initiative. This has far-reaching policy implications [13, 14] and is not an issue for the technical community only. The Clinton administration has, to its credit, identified the important questions and realizes that there are serious constitutional issues here. Unfortunately, it has picked the wrong player -- the National Security Council -- to examine them in the wrong forum, a classified one. There is no valid reason for the broad policy debate to be classified and many reasons for it not to be; one of the most important is the government's credibility. There is no need to rush to judgement here. The administration has not reached out beyond the government to computer hardware or software manufacturers or to the telecommunications industry or to business in general or to academe during the planning of the Clipper initiative. This is one reason that almost all the major players in the industry have raised serious objections [11, 10, 15]. No adequate and public analysis of the economic and social costs and benefits of the Clipper proposal has yet been done. Unfortunately, the administration is conducting a hasty ill-defined investigation, going hell-bent for leather to conclude by about the time you read this [19]. Instead, what is needed is a serious, comprehensive, dispassionate study, with real data, cool heads, unbiased scientists, legal experts, and adequate time for examining many intricate issues which threaten long lasting, even permanent, consequences for the basic structure of constitutional government in the United States. A number of issues must be considered in the encryption policy discussion: - Very serious Constitutional questions. In the opinion of some, the government's key-escrow initiative would violate the First, Fourth, and Fifth Amendments of the U. S. Bill of Rights [15, 20, 21], and possibly others such as the Ninth and Tenth. - Serious questions regarding the proposed Clipper key escrow scheme, including non-government escrow agencies and software solutions [22] - 114 questions asked by the Digital Privacy and Security Working Group [15]. As of this writing, NIST had not responded to these. - How U. S. firms can compete with foreign firms who don't have to "dumb down" [23] the technology (the "level playing field" issue) - Tensions between law enforcement, national security, and the citizen's personal freedoms and rights, such as privacy. - The future world of a National (and International) Information Infrastructure, and why export controls [10, 24] have to be reformulated - A rough cost/benefit analysis of any controls over cryptography, including retraining and conversion costs for cryptographic experts with much less to do if an increasing amount of traffic will be encrypted well enough to defy effective decryption by them. Better answers will emerge if respected organizations such as the National Academy of Sciences and the Office of Technology Assessment are given the opportunity to analyze the issues carefully. There are meritorious alternatives to Clipper. For example, Professor Silvio Micali of MIT has proposed a multi-key escrow capability in which multiple trusted parties authenticate a message and/or allow eavesdropping [25]. The parties can be selected by the message sender or jointly by the sender and the other party (as with current escrow agents). Without a choice of alternatives, many persons who are eager to develop and use the emerging information infrastructure -- "digital superhighways" and other forward-looking projects of Vice President Gore -- will turn away from those projects. The full potential of the network and the Vice President's vision will never be realized. The Computer System Security and Privacy Advisory Board, created by the Computer Security Act of 1987, called for such a full, public national review of cryptographic policy in March 1992. It, too, is queasy with the Clipper initiative. On June 4, 1993, it passed a resolution which stated that "Key escrowing encryption technology represents a dramatic change in the nation's information infrastructure. The full implications ... are not fully understood at this time. Therefore, the Board recommends that key escrowing encryption technology not be deployed beyond current implementations planned within the Executive Branch, until the significant public policy and technical issues ... are fully understood". NIST has not (ever) taken any significant action on the cryptographic policy suggestions of this national statutory board whose basic mission is to be alert for latent public policy issues related to computer and communications technology. By the time you read this, the government policy "review" may be close to completion. Computer professionals have a special obligation to let their senators and member of Congress (as well as other key legislators) know of the profound negative impacts of such a rush to judgment, and to urge them to defer this initiative. Copies of those communications should also be sent to the President (whose electronic mail address is president at whitehouse.gov), the vice president (whose electronic mail address is vice.president at whitehouse.gov), and to NIST which is the official government spokesman on the issue through its deputy director, Raymond G. Kammer, (kammer at micf.nist.gov). REFERENCES 1. Sessions, W.S., "Keeping an Ear on Crime", New York Times, March 27, 1992, page A35. 2. Denning, D., To Tap or Not to Tap. CACM 36:25-44, 1993. 3. Statement by the Press Secretary on a Cryptography Initiative. White House Press Office, April 16, 1993. 4. Markoff, John, "U. S. as Big Brother of Computer Age", New York Times, May 6, 1993, page D1. 5. Mintz, John and Schwartz, John, " Chipping Away at Privacy?" Washington Post, May 30, 1993, pages H1-H4. 6. Denning, D., "Cryptography, Clipper, and Capstone", Proc. 3rd CPSR Cryptography & Privacy Conf., Washington, D.C., June 7, 1993. 7. National Bureau of Standards, Data Encryption Standard, Washington, D.C.:1977. 8. Rivest, R., Shamir, A. and Adelman, L., A method for obtaining digital signatures and public-key cryptosystems. CACM 21:120-126, 1978. 9. Zimmerman, P., "PGP, Public Key Encryption for the Masses", Proc. 3rd CPSR Cryptography & Privacy Conf., Washington, D.C., June 7, 1993. 10. Rosenthal, I., Software Publishers Association Statement to the Computer System Security and Privacy Advisory Board on cryptography, June 3, 1993. 11. Diffie, W., Testimony before the House Subcommittee on Telecommunications and Finance. Congressional Record June 9, 1993. 12. Statement by the White House Press Secretary, Questions and Answers about the Clinton Administration Telecommunications Initiative, April 16, 1993. 13. Who Holds the Keys? In: Proc. 2nd Conf. on Computers, Freedom, and Privacy, edited by Hoffman, Lance J. New York, N.Y.: Association for Computing Machinery, 1993, p. 133-147. 14. Murray, W.H., Who holds the keys? CACM 35:13-15, 1992. 15. Digital Privacy and Security Working Group, Issues and Questions Regarding the Administration's Clipper Chip Proposal, in [18], 36-47, 1993. 16. Denning, D., Position Statement Supporting the Key-Escrow Chip, in [18], 64-67, 1993. 17. Postings to sci.crypt, comp.risks, and alt.privacy.clipper Internet newsgroups after the announcement of the key escrow initiative. 18. Cryptographic issue Statements Submitted to the Computer System Security and Privacy Advisory Board, May 27. 1993, Gaithersburg, Md.:NIST, 1993. 19. Schwartz, J., "U. S. Data Decoding Plan Delayed", Washington Post, June 8, 1993, p. A-12. 20. Computer and Business Equipment Manufacturers Association, Statement before the Computer Systems Security and Privacy Advisory Board, May 27, 1993, in [18], 138-161, 1993. 21. American Civil Liberties Union, Comment for Cryptographic Issue Statements, in [18], 195-199, 1993. 22. NIST Computer System Security and Privacy Advisory Board, Resolution #1 and #2 of June 4, 1993. 23. Goldman, J., Why Cater to Luddites? New York Times, March 27, 1992, p. A35. 24. Turner, G.W., Commercial Cryptography at the Crossroads. Information Systems Security 1:34-42, 1992. 25. Micali, S., Fair Public-Key Cryptosystems (Preliminary Draft 3/25/93), MIT Laboratory for Computer Science, Cambridge, Mass. -- Professor Lance J. Hoffman Department of Electrical Engineering and Computer Science The George Washington University (202) 994-4955 Fax: (202) 994-0227 Washington, D. C. 20052 hoffman at seas.gwu.edu From cdodhner at indirect.com Mon Aug 30 02:44:13 1993 From: cdodhner at indirect.com (Christian D. Odhner) Date: Mon, 30 Aug 93 02:44:13 PDT Subject: Source Code NOT available for ViaCrypt PGP In-Reply-To: <9308300745.AA22452@acacia.itd.uts.EDU.AU> Message-ID: <199308300940.AA17049@indirect.com> > In a previous life, peter honeyman said ... > > | i disagree. who will guarantee that viacrypt ships binaries based on > | the validated code? > > Have your appropriately trusted person watch the code compiled in > front of him, and take a signature of the completed binary. Although, > this becomes somewhat of a nightmare, as 'Mr Trusted' will need to > oversee all 'release' compilations, and spend time beforehand going > over code to verify everything. This signature could be signed by > 'Mr Trusted' and included with the distribution, including s/ware > to allow the 'pleb' user ensure they match. > > Matthew. > -- > Matthew Gream,, M.Gream at uts.edu.au -- Consent Technologies, 02-821-2043. Why not just arrange for 'Mr Trusted' to receive a copy of the source code to examine on a secure system. Then when he/she is sure that it's ok, compile it on the same trusted system and compare with the release binaries. Happy Hunting, -Chris. PGP public key available upon request From strat at abc.ksu.ksu.edu Mon Aug 30 04:03:41 1993 From: strat at abc.ksu.ksu.edu (Steve Davis) Date: Mon, 30 Aug 93 04:03:41 PDT Subject: The need for FREE cryptography ... Message-ID: <9308301100.AA13519@abc.ksu.ksu.edu> There is still a void in the arena of free public encryption systems for regular human beings. It would be wonderful if somebody would put a reasonably secure package (much like PGP) and copyleft the source. PGP has never been a very useful tool to me as a programmer because of its internal structure. What I'd need, if I wanted to integrate this technology into new platforms such as voice communication or an encrypted file system, is a library of tools for shuffling this data around and piping it through the "magic" algorithms. I wonder if somebody on this list could outline what efforts are being made in this area. Stratocaster -- Steve Davis (strat at cis.ksu.edu) Kansas State University "[Nuclear Weapons] can't help but have an effect on the population as a whole." -- Ronald Reagan From mrose at stsci.edu Mon Aug 30 05:43:42 1993 From: mrose at stsci.edu (Mike Rose) Date: Mon, 30 Aug 93 05:43:42 PDT Subject: Apple planning to use Clipper chip? In-Reply-To: <9308300206.AA20871@netcom3.netcom.com> Message-ID: <9308301237.AA17573@MARIAN.STSCI.EDU> On Sun, 29 Aug 1993 19:06:54 PDT, stig at netcom.com (Stig) said: >> >> The fact that Apple is reviewing the "key escrow" proposals probably >> implies other hardware makers are as well. This suggests a whole >> behind-the-scenes movement to get Clipper/Skipjack/Capstone key escrow >> chips designed into PCs, probably in the communications/modem/network >> subsections. >> >It's quite fortunate, then, that the PC market is not monopolized as the >Macintosh market is. > Stig Darn, and just as I was thinking about a powerbook 180. If Apple buys into key escrow, I'm not buying into Apple. Mike From klbarrus at owlnet.rice.edu Mon Aug 30 07:23:44 1993 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Mon, 30 Aug 93 07:23:44 PDT Subject: REMAIL: Attacks on remailers In-Reply-To: <9308280959.AA15615@achilles.ctd.anl.gov> Message-ID: <9308301420.AA03878@elf.owlnet.rice.edu> Samuel Pigg wrote: > A delay function would be useful also. (ie delay(15000) to >tell the remailer to hold the message 15 minutes before sending on.) Well, I tried to implement this on a test remailer as follows: 1) file incoming mail in a spool directory 2) at midnight, pick a random file in the spool directory, operate on it, mail it out, and delete 3) keep on going until the directory is empty Naturally, you could make the interval larger: say a week. With no root privs on the machine, I tried using the at command to perform the above function and then reschedule itself for tomorrow. Problem: if the machine reboots then the mailing out portion is killed. I'll fiddle with it some more. > Socket connections for talking to other remailers; Yes! This might help avoid some log files. > Encrypt using other remailers keys to insure that > two identical messages going into a remailer come out > differently (random session key). If you add random stuff to the end of an encrypted message and encrypt again, when you decrypt will PGP throw away the ending junk? If so, maybe the routing software could include random bits between each nested encryption instead. If the remailers encrypt then the operators will have to keep adding to the remailer's pubring. -- /--------------------------------------------------\ | Karl L. Barrus: klbarrus at owlnet.rice.edu | | D1 59 9D 48 72 E9 19 D5 3D F3 93 7E 81 B5 CC 32 | \--------------------------------------------------/ From strat at sam.ksu.ksu.edu Mon Aug 30 07:58:46 1993 From: strat at sam.ksu.ksu.edu (Steve Davis) Date: Mon, 30 Aug 93 07:58:46 PDT Subject: Apple planning to use Clipper chip? In-Reply-To: <9308301237.AA17573@MARIAN.STSCI.EDU> Message-ID: <9308301454.AA15682@sam.ksu.ksu.edu> >From the keyboard of Mike Rose: > Darn, and just as I was thinking about a powerbook 180. > If Apple buys into key escrow, I'm not buying into Apple. There are many other reasons not to buy or use Apple equipment. I have never purchased an Apple computer due to a profound distaste for their policies. The Free Software Foundation is boycotting Apple due to some litigation concerning user interface design. Companies like Apple don't like the idea of free software. Consequently, many people don't like Apple. Stratocaster -- Steve Davis (strat at cis.ksu.edu) Kansas State University It is a far, far better thing to have a firm anchor in nonsense than to put out on the troubled seas of thought. -- John Kenneth Galbraith From mrose at stsci.edu Mon Aug 30 08:03:45 1993 From: mrose at stsci.edu (Mike Rose) Date: Mon, 30 Aug 93 08:03:45 PDT Subject: Apple planning to use Clipper chip? In-Reply-To: <9308301454.AA15682@sam.ksu.ksu.edu> Message-ID: <9308301500.AA17856@MARIAN.STSCI.EDU> On Mon, 30 Aug 1993 09:54:15 -0500 (CDT), strat at sam.ksu.ksu.edu (Steve Davis) said: >>From the keyboard of Mike Rose: >> Darn, and just as I was thinking about a powerbook 180. >> If Apple buys into key escrow, I'm not buying into Apple. >Consequently, >many people don't like Apple. >Stratocaster I'm aware of this, but don't see its relevance to cypherpunks. Mike From strat at sam.ksu.ksu.edu Mon Aug 30 08:23:45 1993 From: strat at sam.ksu.ksu.edu (Steve Davis) Date: Mon, 30 Aug 93 08:23:45 PDT Subject: Apple planning to use Clipper chip? In-Reply-To: <9308301500.AA17856@MARIAN.STSCI.EDU> Message-ID: <9308301519.AA15857@sam.ksu.ksu.edu> >From the keyboard of Mike Rose: > >> Darn, and just as I was thinking about a powerbook 180. > >> If Apple buys into key escrow, I'm not buying into Apple. > >Consequently, > >many people don't like Apple. > I'm aware of this, but don't see its relevance to cypherpunks. Most discussion here is a technical examination of privacy and freedom with specific regards to the use of technology as either a tool or a weapon. When something as broad and necessary as "freedom" is at stake, it is important to know who your friends are. Stratocaster -- Steve Davis (strat at cis.ksu.edu) Kansas State University Anarchy means having to put up with things that really piss you off. From nobody at rosebud.ee.uh.edu Mon Aug 30 08:43:45 1993 From: nobody at rosebud.ee.uh.edu (nobody at rosebud.ee.uh.edu) Date: Mon, 30 Aug 93 08:43:45 PDT Subject: Practical security, Internet commercialization, etc. Message-ID: <9308301541.AA02264@toad.com> At 8:38 PM 8/27/93 -0700, Nick Szabo wrote: >Paul Ferguson: >> The biggest threat to any security, on any basis, is the threat of >> human nature. The chances of someone factoring your PGP encoded >> message is somewhere in the range of slim-to-none, but the chances >> of someone (you) -physically- compromising their key is much, much >> higher. > >I'd like to strongly second this >The most important >cypherpunks issues are being almost completely ignored by these academics: >practical implementation of remailers, most issues dealing with software- >based digital cash, reliable key handling, trustworhy key distribution, >construction of "webs of trust", implementation of these schemes with >all of their pitfalls (legal, social, etc.), commercialization, etc. > >In most of these cases, the protocols (ciphers, remailing mixes, >digital cash, etc.) can theoretically be "broken" by a powerful >agent, but the real question is what practical, cheap steps can we take >to make things more expensive for those with little respect for our >privacy or liberty. Yeah, its an arms race, and we don't have time to wait for the ultimate weapon. Similarly, it doesn't matter how ultimate the weapon is in the hands of someone who doesn't know how to use it. I wish that the generic security advice was separate from the IBM-flavored instructions in the PGP manual. It's very tedious for a Mac user. From lefty at apple.com Mon Aug 30 09:36:22 1993 From: lefty at apple.com (Lefty) Date: Mon, 30 Aug 93 09:36:22 PDT Subject: Apple planning to use Clipper chip? Message-ID: <9308301628.AA01701@internal.apple.com> Tim May writes: >> >> The fact that Apple is reviewing the "key escrow" proposals probably >> implies other hardware makers are as well. This suggests a whole >> behind-the-scenes movement to get Clipper/Skipjack/Capstone key escrow >> chips designed into PCs, probably in the communications/modem/network >> subsections. >> To which Stig responds >It's quite fortunate, then, that the PC market is not monopolized as the >Macintosh market is. and Nate Sammons rejoins: >I think it signals a time to look into other platforms... The new >Silicon Graphics Indy looks quite good right about now. > >Just imagine the stickers we could put on those babies! > >"Big Brother built-in!" "Big Brother Inside!" come to mind, >among others. Now, first off, I'm not the one who originally propogated this rumor. And, as near as I can tell, rumor is exactly what it is. I would hope that people would make a minimal effort to obtain some facts before coming to conclusions. Just a suggestion, mind you. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From mnemonic at eff.org Mon Aug 30 09:49:21 1993 From: mnemonic at eff.org (Mike Godwin) Date: Mon, 30 Aug 93 09:49:21 PDT Subject: Another BBS Seizure in Ha In-Reply-To: <9308292046.1.26977@cup.portal.com> Message-ID: <199308301646.AA07362@eff.org> I'm working on the Hartford, Conn., BBS-seizure case. --Mike > Re this thread, I know someone on this list is also very active with EFF. > Could John tell us if EFF is on this case? I would really be interested > in such details as did the cops get warrants for all the email on the > system? If they did not, it is Alcor or Steve Jackson all over again. > (and several other cases which did not go very far because the cops > found out how much trouble they were in. :) ) Keith Henson > PS, EFF would seem like a good place to administer a defense fund. > From ferguson at fiber.sprintlink.net Mon Aug 30 10:23:46 1993 From: ferguson at fiber.sprintlink.net (Paul Ferguson x2044) Date: Mon, 30 Aug 93 10:23:46 PDT Subject: CACM article "Clipping Clipper" Message-ID: <9308301819.AA23007@fiber.sprintlink.net> On Sun, 29 Aug 1993 13:14:01 GMT, Lance J. Hoffman wrote - > Several people have asked me to post this for > those who do not get Communications > of the Association for Computing Machinery. > So here it is, reprinted with > permission from Communications of the ACM, > September 1993, volume 36, number 9. I would like to (firstly) extend my personal thanks to you for posting the article in sci.crypt, and (secondly) for expressing your opposition to the "key-escrow" initiative. I, and I am sure many others, appreciate your viewpoints on the entire fiasco and stand alongside you in opposition of this threat to personal freedom and privacy in the dawning new age of information. Your paper is well-written and presents the facts in a succint and indisputable fashion. I look forward to the seeing the issue in print, and any counter-point articles which may also appear in this issue. Cheers, _____________________________________________________________________________ Paul Ferguson Mindbank Consulting Group ferguson at fiber.sprintlink.net Fairfax, Virginia USA ferguson at icm1.icp.net From hughes at ah.com Mon Aug 30 10:43:46 1993 From: hughes at ah.com (Eric Hughes) Date: Mon, 30 Aug 93 10:43:46 PDT Subject: no ftpd on soda.berkeley.edu ? In-Reply-To: <8gU_DXW00Uh_I1fURT@andrew.cmu.edu> Message-ID: <9308301732.AA16372@ah.com> >Has anyone else tried to ftp soda in the past 2 days or so? I've been >unable to establish a connection. soda.berkeley.edu was down Friday to have a disk reformatted. It was the disk that the cypherpunks archive was one, BTW; if anybody notices anything missing, please tell me. Eric From nobody at soda.berkeley.edu Mon Aug 30 10:46:22 1993 From: nobody at soda.berkeley.edu (nobody at soda.berkeley.edu) Date: Mon, 30 Aug 93 10:46:22 PDT Subject: Apple vs. Free Software Foundation Message-ID: <9308301743.AA05693@soda.berkeley.edu> Steve Davis writes: >When something as broad and necessary as "freedom" is at stake, it is >important to know who your friends are. When my son asks me "What does 'fair' mean?", I had to answer: "It depends on who says it." When someone says "That's not fair!" or "I think that's fair", most often they are not weighing abstract values; they are deciding whether the situation is favorable to them, and describing it with charged vocabulary to sway all other parties to their point of view. Patents on machines are fair; but patents on really useful algorithms -- that I could actually use in my code (if it weren't for that damn patent) -- aren't. Why? Because I don't like it (and I really, really don't like it :( ). Companies act like people in many ways: they grow; they have goals; they protect their interests; and they ignore that which they don't believe will effect them. But like animals and machines, it is important not to anthropomorphize companies. No company is anyones 'friend'. I speak for neither Apple, nor FSF, but it is easy to see why they have taken the courses that they have. Neither path has led to its promised goal. FSF is not punishing Apple. It _is_ punishing programmers, individuals, human beings who have a job to do. In fact, the FSF is punishing me, since I have spent no small amount time programming Apple computers (and no small amount of time porting GNU tools to them). Has Apple's strategy of closely guarded secrets proved the correct one? Let's call up Bill Gates and ask him. In summary, I find your statements to be an undisguised attempt to hang your unrelated personal agenda from a charged political situation. Do I think that's fair? People have been doing it for centuries. I may not approve of Apple's technological strategy, but (even though it is not a human being) I will defend its right to _its_ privacy. From markh at wimsey.bc.ca Mon Aug 30 10:49:22 1993 From: markh at wimsey.bc.ca (Mark C. Henderson) Date: Mon, 30 Aug 93 10:49:22 PDT Subject: The need for FREE cryptography ... Message-ID: > It would be wonderful if somebody would put a > reasonably secure package (much like PGP) and copyleft the source. > ... What I'd need, if I wanted to integrate this technology into > new platforms such as voice communication or an encrypted file system, is a > library of tools for shuffling this data around and piping it through the > "magic" algorithms. > > I wonder if somebody on this list could outline what efforts are being made > in this area. Well the GNU MP library would be a good place to start (it implements the raw RSA operations quite efficiently). It wouldn't be much work to package it up with free code for Triple DES, IDEA, MD5, SHS and some good "random" number generation algorithms. What you are looking for is something like RSAREF with different licensing terms. If this sort of work were to be distributed it should be done by someone outside of the U.S. and Canada. At one point I wrote some code to do part of this based on GMP (using LUC). I've seen old versions of it on anonymous ftp sites. Obviously one would want to add DH key exchange and some other features, but it did come with a very simple sample application called L3 which implemented PGP/RIPEM-like public key encryption and signing. Certainly if you can find an one of these old versions lying around on a ftp site, you are free to do with it as you like (anything I wrote is in the public domain) At this point, I do NOT plan to distribute any newer versions of this, because of anticipated patent infringement claims and because of the overly restrictive licence of GMP. It has essentially become a project for my own personal research and amusement. Mark -- Mark Henderson markh at wimsey.bc.ca (personal account) RIPEM key available by key server/finger/E-mail MD5OfPublicKey: F1F5F0C3984CBEAF3889ADAFA2437433 From hughes at ah.com Mon Aug 30 10:53:46 1993 From: hughes at ah.com (Eric Hughes) Date: Mon, 30 Aug 93 10:53:46 PDT Subject: Talked to Phil Zimmermann.... In-Reply-To: <9308291906.AA23360@netcom5.netcom.com> Message-ID: <9308301745.AA16383@ah.com> >Triple DES may be used in some versions (don't ask me >for details....I'm not sure of the tradeoffs between DES and >IDEA...perhaps the deal to use IDEA doesn't fit with a commercial >version of PGP). As Phil told me, the owner of the IDEA patent has recently been asking for lots more money. These actions don't affect the agreement with Phil with respect to PGP. Phil doesn't want to encourage the patentholder's behavior. I've cc: Phil should he wish to elaborate. Eric From jamie at apl.washington.edu Mon Aug 30 11:23:47 1993 From: jamie at apl.washington.edu (Jamie Jamison) Date: Mon, 30 Aug 93 11:23:47 PDT Subject: Privacy issues and how to sell them Message-ID: >From reading the group it seems to me that there is a need for two styles of data encryption. One style would be something similar to DES, it would be a standard cypher and would be used for encrypting items such as the files on your hard disk. The other would be a public key cypher and would be used for communicating between individuals. Now, as far as selling these two concepts goes one thing that might help is to point out the fact that not only is the government untrustworthy, in the sense that they abuse their power, but that they're also incompetent. Americans have an unfortunate tendency, at least in my eyes to, buy into catch-phrases such as "law and order" or "national security" in a completely uncritical fashion. However Americans also mistrust, and rightfully so, the competence of the government, so perhaps we should point out that since the government can't keep its own secrets very well that it obviously can't keep the secrets of 250 million citizens very well either, which is what the government would be attempting to do if SkipJack/Clipper/Capstone were made the national standard for encryption. Jamie Jamison WITH STANDARD DISCLAIMER From 72114.1712 at CompuServe.COM Mon Aug 30 11:33:47 1993 From: 72114.1712 at CompuServe.COM (Sandy) Date: Mon, 30 Aug 93 11:33:47 PDT Subject: JURASSIC CRYPTO Message-ID: <930830182642_72114.1712_FHF80-5@CompuServe.COM> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SANDY SANDFORT Reply to: ssandfort at attmail.com . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Punksters, Some of you have asked for more details about the interception of encrypted digital dinosaurs. Alas, I don't know much more than I posted. The Cypherpunk in question is still out of the country, to the best of my knowledge. I have no contact information for him. When he gets in touch with me again, I'll suggest he post something about how the satellite feed was compromised. To me, the most important facts are that it could be done and that it was done, not how it was done. (Flame away, technoids.) S a n d y >>>>>> Please send e-mail to: ssandfort at attmail.com <<<<<< ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ From tcmay at netcom.com Mon Aug 30 12:24:23 1993 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 30 Aug 93 12:24:23 PDT Subject: Stego for Stegosaurs Message-ID: <9308301922.AA01393@netcom5.netcom.com> > Some of you have asked for more details about the interception of > encrypted digital dinosaurs. Alas, I don't know much more than I .. > S a n d y Frankly, I'm surprised no one has pointed out the obvious solution, so I guess I'll have to. Spielberg and Company clearly needed to protect their transmissions using the "Stego" program of Romana Machado. By packing the real content of the "Jurassic Park" communications into MPEG transmissions of "Barney," the circle would be completed. Just my least significant bit. -Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From collins at newton.apple.com Mon Aug 30 12:28:48 1993 From: collins at newton.apple.com (Scott Collins) Date: Mon, 30 Aug 93 12:28:48 PDT Subject: Apple planning to use Clipper chip? Message-ID: <9308301921.AA14675@newton.apple.com> I do not, in any capacity, speak for Apple. But... >Apple even discussed the >pricing and said that if the Clipper/Skipjack chip could be sold to >them for less than $30, they could "design it into every Mac." Based on long experience with Macs and Mac software (system and otherwise), I think this is highly unlikely. 1. Apple has a history of following the 'software only' approach in general. 2. Apple loudly and often touts compatability across its entire line. 3. 3rd party Mac developers have little incentive to write software with mass appeal (e.g., communications software) but limited applicability (because of hardware requirements). 4. If the software isn't pre-installed in your system, then unless it comes from Microsoft, such a 'questionable' standard is probably avoidable. 5. Therefore, for a standard to emerge on the Mac... 1) Apple would have to begin producing machines that contained this chip; 2) Apple would have to produce special system software, explicitly for this class of machines, that used this chip; 3) Apple would have to produce compelling end-user communications software that used clipper services on this class of machines and either didn't run at all on earlier hardware, or didn't use clipper technology. It is unlikely that a 3rd party would do it, or have any impact if it did. But Apples history is scalable software that runs on every machine (ala QuickTime). If Apple wanted to introduce privacy enhancement technology in its system, it seems economically and historically more probable that it would simply license RSA/DES/etc technology and roll in a software only service. This is my opinion, based solely on my nine years of experience as Macintosh developer. To paraphrase Columbo: "It's my experience, sir, that people rarely do things they don't *usually* do." ...which may sound obvious, but then you *saw* the killer do it in the first 10 minutes... Scott Collins | "Few people realize what tremendous power there | is in one of these things." -- Willy Wonka ......................|................................................ BUSINESS. voice:408.862.0540 fax:974.6094 collins at newton.apple.com Apple Computer, Inc. 1 Infinite Loop, MS 301-2C Cupertino, CA 95014 ....................................................................... PERSONAL. voice/fax:408.257.1746 1024:669687 catalyst at netcom.com From mccoy at ccwf.cc.utexas.edu Mon Aug 30 12:46:24 1993 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Mon, 30 Aug 93 12:46:24 PDT Subject: The need for FREE cryptography ... In-Reply-To: <9308301100.AA13519@abc.ksu.ksu.edu> Message-ID: <199308301943.AA29011@tramp.cc.utexas.edu> > What I'd need, if I wanted to integrate this technology into > new platforms such as voice communication or an encrypted file system, is a > library of tools for shuffling this data around and piping it through the > "magic" algorithms. Such an interface would be a useful addition to PGP, maybe a libpgp.a approach with such magic routines. This would definitely be useful for a great many things. > It would be wonderful if somebody would put a > reasonably secure package (much like PGP) and copyleft the source. You should try reading the source sometime. Like the file pgp.c.... jim From dsinclai at acs.ucalgary.ca Mon Aug 30 12:48:49 1993 From: dsinclai at acs.ucalgary.ca (Douglas Sinclair) Date: Mon, 30 Aug 93 12:48:49 PDT Subject: EXE Encryptor Message-ID: <9308301945.AA42541@acs1.acs.ucalgary.ca> Development of the EXE encrypting package that s_duck at pinetree.org and I were working on has effectivly stalled. We were unable to wedge DOS at the right level to virtualize an .exe file. Sorry for getting your hopes up. If anyone wishes to continue the project, please ask s_duck for the existing code. -- PGP 2.3a Key by finger From tcmay at netcom.com Mon Aug 30 12:49:24 1993 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 30 Aug 93 12:49:24 PDT Subject: Apple planning to use Clipper chip? In-Reply-To: <9308301921.AA14675@newton.apple.com> Message-ID: <9308301945.AA04070@netcom5.netcom.com> Scott Collins has commented at length on my first post on this, which is good. Let me note again that I was communicating pretty much exactly what I heard, and labelled my own speculations as just that. In particular, I was not claiming the decision has been made, or that it could reasonably be implemented. Anyway, some comments on Scott's points: > Based on long experience with Macs and Mac software (system and otherwise), > I think this is highly unlikely. > > 1. Apple has a history of following the 'software only' approach in general. > > 2. Apple loudly and often touts compatability across its entire line. The new "audio-visual" Macs (660av and 840av) have DSP hardware inside and software for speech recognition (part of PlainTalk, I understand) which is specific to these machines. The speech synthesis software will run on all (or most?) machines, as the DSP is not used, but the speech recognition only runs on the av machines (or properly DSP-equipped machines, presumably). This suggests the "software only" and "compatibility across its entire line" are things of the past. (BTW, as we Mac users all know, minor incompatibilities have often existed, as with virtual memory not running on all platforms--how could it have?--and the differences in FPUs, screens, etc.) > 3. 3rd party Mac developers have little incentive to write software with mass > appeal (e.g., communications software) but limited applicability (because of > hardware requirements). My speculation would be that the Clipper/Skipjack/Capstone deal, if it is happening at all, is some time off. Perhaps for a phone version of the av Macs (there had been speculation that Apple was planning to use the on-board DSP hardware for a modem tool, similar to what NeXT has done with its hardware). > 5. Therefore, for a standard to emerge on the Mac... 1) Apple would have to > begin producing machines that contained this chip; 2) Apple would have to > produce special system software, explicitly for this class of machines, > that used this chip; 3) Apple would have to produce compelling end-user > communications software that used clipper services on this class of machines > and either didn't run at all on earlier hardware, or didn't use clipper > technology. #1 and #2 are already satisfied with the new generation of av Macs, as noted above. #3 may or may not occur. My speculation is that Apple will not go it alone, but may be in the early negotiation phases of such a deal (perhaps an encrypted phone conferencing system, or other phone use of the av Macs, which the Feds would have some interest in, a la the whole Clipper thing). I would never urge anyone to boycott Apple products on such a flimsy basis as this story I heard from an Apple guy. I just wanted to let the Cypherpunks know what I heard; it might make later developments more understandable. Anyone who wants a Mac but instead buys Windows because of this rumor deserves what he gets. -Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From paul at poboy.b17c.ingr.com Mon Aug 30 13:03:49 1993 From: paul at poboy.b17c.ingr.com (Paul Robichaux) Date: Mon, 30 Aug 93 13:03:49 PDT Subject: Apple planning to use Clipper chip? In-Reply-To: <9308301921.AA14675@newton.apple.com> Message-ID: <199308301955.AA20308@poboy.b17c.ingr.com> I agree 100% with what Scott had to say about Apple's past history. My own experience as a Mac owner and developer bears him out. However, Apple *does* have a set of software to allow digital signatures for documents and mail- AOCE. 1. Apple has a history of releasing software which *can* take advantage of special hardware available on newer machines (i.e. Color QuickDraw, the Sound Manager, which allows recording sounds directly on machines with built-in mikes), but which is still backwards-compatible. 2. AOCE already includes RSA for digital signatures; using the Component Manager, it could conceivably take advantage of a Capstone/Clipper ASIC on the motherboard or on an expansion card (or a PCMCIA slot, or whatever.) 3. Third-party developers have little reward in developing an API for something like digital signatures, but there are great rewards in writing software which supports Apple's API. Look at the ongoing competition between video codecs for an example. Theorem A: just because Apple _can_ do something is no reason to think they _will_, especially when the benefits are questionable (as they certainly are here!) Theorem B: Even *if* (and I stress that one little word) Apple put a Capstone into every Macintosh, that doesn't mean *you* have to use it. Since AOCE supports plug-in encryption & signature technology, you can roll your own (and I see a good market in doing so.) While the proof of both of the above must be left to future readers, I'm not too concerned. A meta-note: let's keep all the FSF wrangling someplace else. It's really not appropriate here. -Paul -- Paul Robichaux, KD4JZG | "Change the world for a better tomorrow. But perobich at ingr.com | watch your ass today." - aaron at halcyon.com Intergraph Federal Systems | Be a cryptography user- ask me how. From Mandrake at f1.n8012.z86.toadnet.org Mon Aug 30 13:53:51 1993 From: Mandrake at f1.n8012.z86.toadnet.org (Mandrake) Date: Mon, 30 Aug 93 13:53:51 PDT Subject: unsubscribe Message-ID: <746729907.AA00601@cheswicks.toadnet.org> unsubscribe From HAHN at lds.loral.com Mon Aug 30 13:56:25 1993 From: HAHN at lds.loral.com (Reply to: hahn@lds.loral.com) Date: Mon, 30 Aug 93 13:56:25 PDT Subject: Another BBS Seizure in Hartford Message-ID: <930830165241.28e3@lds.loral.com> So this fellow was arrested because one of his BBS clients posted the bomb recipes on his BBS? This makes for a viable means of destroying somebody else's means of info distribution. Say XYZ-BBS attracts clients who are interested in some political viewpoint that I oppose. I would subscribe, pretending to share their interests, then post bomb recipes. I could facilitate my treachery even further by making a call to the appropriate authorities, warning them of a political terrorism conspiracy. XYZ-BBS is destroyed. If I then inform the press, I can also publicly impeach the entire group. BTW, you don't need _The Anarchist's Cookbook_ to make a bomb. I have a US Gubment (DOD special forces) book that provides enough recipes to produce mountains of mayhem. And you can find most of the materials you need in stores that would be present in any small town. What law would it violate to post what the gubment has already published? __ | (V) | "Tiger gotta hunt. Bird gotta fly. | (^ (`> | Man gotta sit and wonder why, why, why. | ((\\__/ ) | Tiger gotta sleep. Bird gotta land. | (\\< ) der Nethahn | Man gotta tell himself he understand." | \< ) | | ( / | Kurt Vonnegut Jr. | | | | ^ | From collins at newton.apple.com Mon Aug 30 13:58:50 1993 From: collins at newton.apple.com (Scott Collins) Date: Mon, 30 Aug 93 13:58:50 PDT Subject: Apple+Clipper Message-ID: <9308302050.AA17798@newton.apple.com> Tim and Paul present accurate evidence mitigating some of my specific points. I agree that the AV Macs and AOCE are steps (or even leaps) towards a platform favorable for clipper infestation. .....BEGIN HAIR SPLITTING MESSAGE..... I would like to fine tune one of Tim's comments: >#1 and #2 are already satisfied with the new generation of av Macs, as These machines most certainly do not contain the clipper chip (which I'm sure Tim did not mean to imply), though they do show that Apple can make machines with special purpose hardware and capabilities not present, or emulatable, on earlier machines (this, I think, was Tim's point: a counter example to my speculation). It is illuminating to note, however, that the 880av is not based on the same hardware as the 800. It is an earlier generation that took longer to come to market. In this sense it recalls the late IIfx i.e., faster for a while and then a dead end. In many ways, the 800 is a superior machine, and the 880 has some catching up to do (like adding interleaved RAM access, for one). By my count, the 880 has taken over three years to come to market. Summary: the AV Macs may indicate a new trend, but they do not represent an immediate foothold for clipper. .....END HAIR SPLITTING MESSAGE..... Other than that, and although they come to slightly different conclusions, I agree with Tim and Paul, who examined the root motives rather than 'diagnosing for symptoms'. My final take on this is: Apples history and our guesses about its likely motives lead me to (still) predict that Apple can't immediately jump on the Clipper bandwagon; though the further out we speculate (beyond 2 years?), the less faith in this prediction we can justify. I like to be wrong almost as much as I like to be right. More, if the pay is better. Scott Collins | "Few people realize what tremendous power there | is in one of these things." -- Willy Wonka ......................|................................................ BUSINESS. voice:408.862.0540 fax:974.6094 collins at newton.apple.com Apple Computer, Inc. 1 Infinite Loop, MS 301-2C Cupertino, CA 95014 ....................................................................... PERSONAL. voice/fax:408.257.1746 1024:669687 catalyst at netcom.com From pcw at access.digex.net Mon Aug 30 14:18:50 1993 From: pcw at access.digex.net (Peter Wayner) Date: Mon, 30 Aug 93 14:18:50 PDT Subject: Another BBS Seizure in Hartford Message-ID: <199308302116.AA00126@access.digex.net> BTW, there is a story in today's NYT about a poor, French kid who watched McGiver make a bomb in the TV show and then decided to "try this at home." He was killed. Now his family has filed a nice, big law suit. The guy on the show made the bomb with sugar and some kind of fertilizer or other stuff. -Peter From hughes at ah.com Mon Aug 30 14:38:50 1993 From: hughes at ah.com (Eric Hughes) Date: Mon, 30 Aug 93 14:38:50 PDT Subject: The need for FREE cryptography ... In-Reply-To: Message-ID: <9308302129.AA16834@ah.com> >> It would be wonderful if somebody would put a >> reasonably secure package (much like PGP) and copyleft the source. >Well the GNU MP library would be a good place to start [...] >It wouldn't be much work >to package it up with free code for Triple DES, IDEA, MD5, SHS and >some good "random" number generation algorithms. My own thoughts on packaging this kind of thing for general use is to make a cryptographically enchanced PERL. In particular, I'd add the following data types: - arbitrary precision integers - arbitrary precision modular integers (i.e. a value, modulus pair) - bit/byte/word vectors of specifiable lengths I'd add the following operators - '*%' (ternary) modular multiplication - '**%' (ternary) modular exponentiation - '~' (binary) bit permutation - '~~' (binary) byte permutation I'd add some functions - des() - armor(), disarmor() - gcd() - xgcd() which also returns the coefficients s.t. x*a + y*b = gcd(x,y) I'd add some miscellaneous stuff like being able to read in a PGP keyring as an associative array. Some strong pseudorandom number generators might be useful. It might also be convenient to have a fast parser for RFC822 email. (Does everybody see where this is leading??) And just because you _can_ easily write, say, $plaintext = &idea( decrypt, $ciphertext, $cipherkey ** $public_exponent{ $user} % $public_modulus{ $user } ) or maybe something else, say, $p = & first_prime( & long_random( 510, 514 ) ) ; $q = & first_prime( & long_random( 510, 514 ) ) ; $N = $p * $q ; [...] doesn't mean that the cryptographic PERL violates anybody's patent rights in any way. These are just my thoughts. I'm not going to work on this, but I do hope to inspire someone who might. Eric From scott at Cadence.COM Mon Aug 30 14:56:24 1993 From: scott at Cadence.COM (Scott Gustafson) Date: Mon, 30 Aug 93 14:56:24 PDT Subject: Apple planning to use Clipper chip? Message-ID: <9308302148.AA12099@racecar> At 12:45 PM 8/30/93 -0700, Timothy C. May wrote: >My speculation would be that the Clipper/Skipjack/Capstone deal, if it >is happening at all, is some time off. Perhaps for a phone version of >the av Macs (there had been speculation that Apple was planning to use >the on-board DSP hardware for a modem tool, similar to what NeXT has >done with its hardware). The Centris 660av and Quadra 840av are both equiped with the Phone software to allow them to do modem emulation, phone calls (speaker phone), and faxes in software only. If you want more info on this, send me an email and we'll keep it off this list. scott --- Scott Gustafson '93 ZX-11D Pilot (408) 894-3432 Cadence Design Systems, 555 River Oaks Pkwy., San Jose, CA 95134 Internet: scott at cadence.com WARNING: This vechile capable of evading high speed pursuit. From nate at rodin.VIS.ColoState.EDU Mon Aug 30 15:26:24 1993 From: nate at rodin.VIS.ColoState.EDU (nate at rodin.VIS.ColoState.EDU) Date: Mon, 30 Aug 93 15:26:24 PDT Subject: Apple planning to use Clipper chip? Message-ID: <9308302222.AA11542@rodin.VIS.ColoState.EDU> >5. Therefore, for a standard to emerge on the Mac... 1) Apple would have to >begin producing machines that contained this chip; 2) Apple would have to >produce special system software, explicitly for this class of machines, >that used this chip; 3) Apple would have to produce compelling end-user >communications software that used clipper services on this class of machines >and either didn't run at all on earlier hardware, or didn't use clipper >technology. kind of like they put the DSPs in the new macs, and make a new, individualized version o fhte MacOS for EVERY new machine (individualized by the "System Enablers").. and how they make everyone want the new macs because of the speech and video software, that is dependant on the new hardware... Nope, it'll never happen... -nate From danodom at matt.ksu.ksu.edu Mon Aug 30 15:33:50 1993 From: danodom at matt.ksu.ksu.edu (Dan Odom) Date: Mon, 30 Aug 93 15:33:50 PDT Subject: The need for FREE cryptography ... In-Reply-To: <9308301100.AA13519@abc.ksu.ksu.edu> Message-ID: <9308302227.AA18470@matt.ksu.ksu.edu> Steve Davis Said: > There is still a void in the arena of free public encryption systems for > regular human beings. It would be wonderful if somebody would put a > reasonably secure package (much like PGP) and copyleft the source. PGP has > never been a very useful tool to me as a programmer because of its internal > structure. What I'd need, if I wanted to integrate this technology into > new platforms such as voice communication or an encrypted file system, is a > library of tools for shuffling this data around and piping it through the > "magic" algorithms. RSAREF is available, but you can't use it in commercial products. Also, it doesn't have many 'toys', although I can't really figure out what 'toys' are needed... If you don't need public-key algorithms (doesn't PKP claim patent rights on _all_ public key systems?), IDEA may be used for non-commercial purposes; IDEA is also fairly fast. ---> Dob -- Dan Odom danodom at matt.ksu.ksu.edu -- Kansas State University, Manhattan, KS PGP key by finger or request. From jamie at apl.washington.edu Mon Aug 30 15:43:50 1993 From: jamie at apl.washington.edu (Jamie Jamison) Date: Mon, 30 Aug 93 15:43:50 PDT Subject: AV Macs and Apple Paranoia Message-ID: Actually I was going to ask in here if the DSP in the new Macs would lend itself to real-time PGP use for voice communications. WITH STANDARD DISCLAIMER From danodom at matt.ksu.ksu.edu Mon Aug 30 15:44:26 1993 From: danodom at matt.ksu.ksu.edu (Dan Odom) Date: Mon, 30 Aug 93 15:44:26 PDT Subject: Apple vs. Free Software Foundation In-Reply-To: <9308301743.AA05693@soda.berkeley.edu> Message-ID: <9308302241.AA19165@matt.ksu.ksu.edu> [Much deleted from the below quotes] > Steve Davis writes: > > >When something as broad and necessary as "freedom" is at stake, it is > >important to know who your friends are. > > FSF is not punishing Apple. It _is_ punishing programmers, individuals, > human beings who have a job to do. In fact, the FSF is punishing me, since > I have spent no small amount time programming Apple computers (and no small > amount of time porting GNU tools to them). Has Apple's strategy of closely > guarded secrets proved the correct one? Let's call up Bill Gates and ask > him. > > In summary, I find your statements to be an undisguised attempt to hang > your unrelated personal agenda from a charged political situation. Do I > think that's fair? People have been doing it for centuries. I would love to write pages about how Apple used to supply ROM code for free with its machines and now sends the FBI after people who simply get portions of their code, or about how they 'went corporate' and betrayed all of the people who were loyal throughout the Steve^2 era, but instead I'll say: Please don't argue about this here. It may have some relevance to Cypherpunks, but it is an emotionally charged issue and neither side will ever convert the other; this will just degenerate in to a mindless flame war, getting nowhere fast. Don't flood the list. If you do decide to continue this, keep using anonymous remailers; Strat is vicious when he's pissed, just ask Dave. > -- Dan Odom danodom at matt.ksu.ksu.edu -- Kansas State University, Manhattan, KS PGP key by finger or request. From newsham at wiliki.eng.hawaii.edu Mon Aug 30 15:44:27 1993 From: newsham at wiliki.eng.hawaii.edu (Timothy Newsham) Date: Mon, 30 Aug 93 15:44:27 PDT Subject: The need for FREE cryptography ... In-Reply-To: Message-ID: <9308302242.AA06434@toad.com> > > > It would be wonderful if somebody would put a > > reasonably secure package (much like PGP) and copyleft the source. > > ... What I'd need, if I wanted to integrate this technology into > > new platforms such as voice communication or an encrypted file system, is a > > library of tools for shuffling this data around and piping it through the > > "magic" algorithms. > > > > I wonder if somebody on this list could outline what efforts are being made > > in this area. > Well the GNU MP library would be a good place to start (it implements > the raw RSA operations quite efficiently). It wouldn't be much work > to package it up with free code for Triple DES, IDEA, MD5, SHS and > some good "random" number generation algorithms. > > What you are looking for is something like RSAREF with different > licensing terms. What I would like to see is libraries from PGP, along with some additions. Why PGP? It would be nice to be able to use the optimized IDEA and RSA algorithms from PGP. More importantly it would be nice to write programs that use the well established key ring files. This would solve problems of key ring distribution. It would also mean that crypto programmers need not worry about their own random number generation, with all random number generation handled by the PGP libs. The advantage of this is that there would be 1 random number generator that did things right rather than a bunch of implementations that had subtle flaws. If everything shares the same implementation, that implementation can be strengthened much faster. The PGP library itself is not enough though, it is missing some things that should accompany it: DES/triple-DES and DH key exchange for example. Tim N. From newsham at wiliki.eng.hawaii.edu Mon Aug 30 15:46:24 1993 From: newsham at wiliki.eng.hawaii.edu (Timothy Newsham) Date: Mon, 30 Aug 93 15:46:24 PDT Subject: Matrix extensions of the rsa algorithm. (fwd) Message-ID: <9308302245.AA06486@toad.com> Forwarded message: > You've probably gotten some other responses about this... > > I think that the paper you describe has been implemented as the Warlock > cyphersystem. Someone else posted a C++ Warlock implementation, and > some related material, to cypherpunks about two months ago. I can't > find my filed copy, but if you ask I'm sure someone has it stashed > away. > > Paul Robichaux, KD4JZG | "Change the world for a better tomorrow. But > perobich at ingr.com | watch your ass today." - aaron at halcyon.com > Intergraph Federal Systems | Be a cryptography user- ask me how. Does anyone have a copy of Warlock? I'd appreciate getting a copy from someone. From bill at twwells.com Mon Aug 30 19:03:51 1993 From: bill at twwells.com (T. William Wells) Date: Mon, 30 Aug 93 19:03:51 PDT Subject: article in Science News Message-ID: For those into such things, it might be worthwhile to check out the articles on the last page of Science News, Vol. 144, No. 9, August 28, 1993. Interesting tidbits are "...computer scientist Dorothy E. Denning..." and mention of the panel that evaluated SKIPJACK. (Isn't Denning a lawyer turned ersatz cryptography expert? Or do I have her confused with some other "expert"?) From thug at phantom.com Mon Aug 30 19:09:26 1993 From: thug at phantom.com (Murdering Thug) Date: Mon, 30 Aug 93 19:09:26 PDT Subject: Free Electronic Cash In-Reply-To: <9308300825.AA28414@toad.com> Message-ID: > Exactly which corrupt EFF did you have in mind? Howabout some serious > facts rather than random accusations? Or did you just want to libel us? > > John Gilmore > Board of Directors, Electronic Frontier Foundation True or False, the EFF accepted money from AT&T in return for the EFF's support on various issues/bills before congress wherein AT&T came out on top in it's effort to commercialize parts of the Internet for it's own monetary gain? I've that's not bribery and corruption of what otherwise is supposed to be a non-profit organization, then I don't know what is. 'nuf said. Thug From tcmay at netcom.com Mon Aug 30 19:23:51 1993 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 30 Aug 93 19:23:51 PDT Subject: Apple+Clipper In-Reply-To: <9308302050.AA17798@newton.apple.com> Message-ID: <9308310218.AA19812@netcom5.netcom.com> It is very satisfying to me to see a post turn into a mini-debate (not a flame...entirely too many debates are wrongly labelled as flames) and then get resolved into a consens. I agree with Scott that Apple is not likely to implement Clipper/etc. anytime soon. > Tim and Paul present accurate evidence mitigating some of my specific > points. I agree that the AV Macs and AOCE are steps (or even leaps) > towards a platform favorable for clipper infestation. This is all I meant, that _someone_ at Apple (and probably other companies) is at least _talking_ to the Clipperpunks. Maybe it's just "distant future" stuff, maybe it's industry panels, perhaps it's the AOCE stuff Paul mentioned, and perhaps its the long-rumored telephone product for the AV Macs (the true paranoid might see the failure of Apple to unveil the modem and phone apps, using the DSP chip, as evidence that Fort Meade has asked them to delay these products...as I am not a true Xandor Korzybski-class paranoid, I will refrain from such speculations!). > These machines most certainly do not contain the clipper chip (which I'm > sure Tim did not mean to imply), though they do show that Apple can make > machines with special purpose hardware and capabilities not present, or > emulatable, on earlier machines (this, I think, was Tim's point: a counter > example to my speculation). Yep, I was just making this point, that Apple is _already_ releasing hardware with OS incompatibilities. (By the way, many/all? of the newer Macs need a "system enabler" patch to run System 7.1, that is, the standard System (OS) no longer runs on all machines. I could easily see such patches for the AV Macs and the (debated) ClipperMacs. > Other than that, and although they come to slightly different conclusions, > I agree with Tim and Paul, who examined the root motives rather than > 'diagnosing for symptoms'. My final take on this is: > Apples history and our guesses about its likely motives lead me to (still) > predict that Apple can't immediately jump on the Clipper bandwagon; though > the further out we speculate (beyond 2 years?), the less faith in this > prediction we can justify. On this we agree also. Moreover, when the "Clipper asteroid" is possibly heading in your direction, but is still very far off, a relatively small nudge can have great effect. I'm not suggesting we rise up in righteous anger and march in front of Spindler's offices, but we should keep in the back of our mind the _possibility_ that makers of computer-based phones or conferencing systems: Apple, IBM, NeXT _cubes_, SGI "Indy," and perhaps Soundblaster folks...though I am even more skeptical that independent DSP board makers could be brought into the Clipper fold. If the NIST/NSA group wants Clipper/Capstone/etc. deployed widely, then it would make sense for them to be working with computer and multimedia companies. Else, in several years these DSP-based schemes will have proliferated beyond any hope of control. An outcome devoutly to be wished. -Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From tcmay at netcom.com Mon Aug 30 19:33:51 1993 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 30 Aug 93 19:33:51 PDT Subject: AV Macs and Apple Paranoia In-Reply-To: Message-ID: <9308310229.AA20932@netcom5.netcom.com> Jamie Jamieson asks: > > Actually I was going to ask in here if the DSP in the new Macs would lend > itself to real-time PGP use for voice communications. Phil Zimmermann says a non-CELP scheme he is investigating is fast enough on a run-of-the-mill 486 for "Pretty Good Phone Privacy," or whatever he ends up calling his project. The 66 MHz AT&T DSP (a true paranoid would note the "AT&T") in the new AV Macs is enormously faster, for many DSP and array manipulations, and should be even easier to develop a voice-encryption scheme for. Also, software-based schemes can easily be reconfigured to emulate/talk to other encryption systems or phones. This may be part of why the Skipjack algorithms are being held secret for as long as possible, to delay this emulation. -Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From visgraph!forrie Mon Aug 30 19:53:52 1993 From: visgraph!forrie (Forrest Aldrich) Date: Mon, 30 Aug 93 19:53:52 PDT Subject: Help/Advice requested Message-ID: <199308310248.AA03151@visgraph.uucp> I'm working on the development of a resonably secure software registration scheme, and thought that someone from the Cypherpunk list would be ideal for helping out. Sample code is even better, but general advice to do with the methodology and coding would be most appreciated. There is a program out there called PROTECT! EXE/COM, which does something on the lines of EXE encryption which has been brought up here. I've corresponded with the author and he won't release the code (understandably, he's worked very hard on it). Apparently what it does is (after you have run something like PKLITE on your executable) encapsulates the EXE file, encrypted, with CRC checks and debugger traps. He claims this is quite effective and has not had anyone come through with cracking it yet. Just thought I would mention this .... Unfortunately, that program is only for DOS/Windows. It would be NICE to have something like this working under UNIX, and I can't imagine that it would be that difficult, although it would most certainly be platform (assembly language) specific. Anyone have some ideas about how to implement such a beast? Thanks alot... From tcmay at netcom.com Mon Aug 30 20:03:53 1993 From: tcmay at netcom.com (Timothy C. May) Date: Mon, 30 Aug 93 20:03:53 PDT Subject: Apple+Clipper In-Reply-To: <9308302050.AA17798@newton.apple.com> Message-ID: <9308310300.AA23821@netcom5.netcom.com> > I would like to fine tune one of Tim's comments: > > >#1 and #2 are already satisfied with the new generation of av Macs, as > > These machines most certainly do not contain the clipper chip (which I'm > sure Tim did not mean to imply), though they do show that Apple can make In rereading my post earlier today on this issue, I can see I took Scott to be referring to "a new standard" as any new specialized hardware, such as the either the AV DSP stuff or the Clipper, etc. But Scott was apparently using the _specific_ case of a Clipper inside as the case he was citing. Sorry for any confusion. I certainly agree that Clipper is far off, if it happens, but specialized hardware is already a reality with the new generation of AV Macs. And I don't dismiss the possibility, thought I consider it remote, that the phone/modem tools have been delayed for reasons relating to Clipper and key escrow. More likely, delayed because something just didn't work in time for the announcement. -Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From greg at ideath.goldenbear.com Mon Aug 30 22:14:30 1993 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Mon, 30 Aug 93 22:14:30 PDT Subject: Apple, privacy, and AOCE Message-ID: Recent discussion about Apple's commitment (or lack thereof) to providing anything like real privacy calls to mind some stuff from MacWeek of several weeks ago; the 7/12/93 issue of MacWeek includes a "special report" on AOCE (Apple Open Collaborative Environment, a "groupware" (anyone have any better explanation?) setup which facilitates sharing data between colleagues. The "special report" includes two sidebars about encryption and security in the AOCE environment, which I reproduce below. I called and asked about permission to reprint the entire article to the list but was unable to get past marketroids who wanted me to pay $50 + copying costs (payable to them) for my 4-color glossy reprints showcasing my product. (don't have one, dammit.) Some folks still don't "get" the net. Sigh. I found the idea that RSADSI will be generating folks' key pairs particularly chilling. The article accompanying these sidebars suggests that folks' private keys will be stored on the server; the article made the security of the thing sound *so* poorly designed that I figure it must be the result of miscommunication between the Apple folks and the article's author (Mitch Radcliffe). If anyone really cares I can see about posting some more of the article. --- "Apple could have the toughest code on the block" The Cold War mind-set in Washington, D.C., thawed a bit when Apple gained permission from the U.S. government to ship AOCE outside the United States while retaining the software's advanced encryption features. Encryption technology is considered munitions by the national defense apparatus. For many years, the Department of Commerce, in collaboration with the National Security Agency, has limited encryption technology exports. But the strict limits on cryptography seem to be eroding after the fall of the Soviet Union. According to sources, the RC-4 encryption in AOCE was approved under a special agreement between Apple and the NSA that will allow slightly more-powerful scrambling capabilities than are typically given export clearance. The NSA recently signed an agreement with the Software Publishers Association that will provide expedited approval of RC-4 encryption based on 40-bit keys. AOCE uses 64-bit keys, and larger keys mean better security. "Protection can be at many levels," Gursharan Sidhu, Apple technical director of collaboration systems development, told attendees at the Apple Worldwide Developers Conference in May. He said it's very easy to protect against casual intrusion and even determined hackers. But a resource-rich intruder with access to supercomputers can defeat many encryption technologies. "You've got to look at these various dimensions of how far you want to go in providing security," Sidhu said. Apple's security is among the best available, he said. The company fought for several years to win approval for AOCE's privacy and security technologies. "In the world of commercial security, it's a matter of saying it is secure within the parameters of commercial reality," Sidhu said. Sources said it would take a supercomputer-equipped intruder from two hours to six days to crack a 64-bit RC-4 key using a brute-force attack that analyzed the encrypted data for hints about the key. Even if such an intruder cracked the key for one network session, each successive session would have to be recracked because it would have a different key. Apple will be constrained from selling AOCE in countries on the State Department's list of terrorist nations. And the company will sell a version of AOCE without encryption functions in France, because the French government requires access to all imported encryption technology. In the United States, the barriers against encryption export seem to be falling. In May, the Computer System Security and Privacy Advisory Board of the National Institute of Standards and Technology, the Department of Commerce agency that monitors civilian encryption technologies, issued resolutions that recommend the United States revise its export laws to facilitate the spread of encryption technologies. "I think the NIST resolutions are a good indication that the Department of Commerce is trying to make it clear to the White House that these policies are backward," said Marc Rotenberg, director of the Washington, D.C., office of Computer Professionals for Social Responsibility. "If they don't change, they'll still be making policy for the 1950's." - by Mitch Ratcliffe --------- "Behind it all, digital signatures" If the messaging engine is the workhorse of AOCE, the digital signature capability is the electronic Paul Revere that carries the important information. A digital signature is an electronic analogy to the written signature, and no two are alike. The result of complex cryptographic processes, a digital signature can prove that a particular user "signed" a particular document. Users sign a document by clicking a check box in the AOCE mailer. The legal force of such signatures has not been determined, but Apple believes they are sufficiently reliable for building audit trails through a company or even between companies. Users will have to apply for and recieve their digital signatures from RSA Data Security Inc. of Redwood City, Calif., which developed the technology. The signature arrives in two parts, a private key that the user must keep secure and a public key that can be distributed freely. Any document signed using the private key can be compared with the user's public key to see if the document is authentic and unchanged. Public keys can be handed out by a user or stored in a key database, where users can go to get keys that have been verified by a third party. For example, a bank might keep the list of public keys that can be used by a customer's company for signing purchase orders. Developers, such as Snow Development Corp. of Clearwater, Fla., and Shana Corp. of Edmonton, Alberta, plan to use AOCE digital signatures in report-routing and forms software. The applications will let a user create a flowchart of colleagues who need to sign off on a document, send the document to that list serially or in parallel, and collect all the digital signatures for auditing purposes in the final document. -- by Mitch Ratcliffe -- Greg Broiles greg at goldenbear.com Golden Bear Computer Consulting +1 503 342 7982 Box 12005 Eugene OR 97440 BBS: +1 503 687 7764 From newsham at wiliki.eng.hawaii.edu Mon Aug 30 23:08:55 1993 From: newsham at wiliki.eng.hawaii.edu (Timothy Newsham) Date: Mon, 30 Aug 93 23:08:55 PDT Subject: Diffie Hellman Message-ID: <9308310606.AA14262@toad.com> Hi, Does anyone know of DH code that is freely available and distributable? Preferably available outside the USA. Preferably speed optimized. although I'll put up w/ whatever i can get my hands on. Tim N. From bbyer at BIX.com Mon Aug 30 23:13:56 1993 From: bbyer at BIX.com (bbyer at BIX.com) Date: Mon, 30 Aug 93 23:13:56 PDT Subject: Commercial PGP: Verifying Trustworthiness Message-ID: <9308310014.memo.72462@BIX.com> In-Reply-To: <9308272026.AA17010 at toad.com> > From: peter honeyman > trust? you could read the code, starting at about line 550 of crypto.c. > of course, you have to trust your eyes, your editor (if you use one), > and your operating system not to deceive you. (i think i've carried > this too far.) I dunno. The early versions of UNIX had a back door in the login program put in by the designer. The compiler also watched for the login source code to be recompiled and added the back door. The compiler also watched for the compiler source code to be recompiled and inserted the login code modification code _and the compiler modification code. You can never be to careful. From marc at Athena.MIT.EDU Mon Aug 30 23:33:56 1993 From: marc at Athena.MIT.EDU (Marc Horowitz) Date: Mon, 30 Aug 93 23:33:56 PDT Subject: Commercial PGP: Verifying Trustworthiness In-Reply-To: <9308310014.memo.72462@BIX.com> Message-ID: <9308310628.AA14903@oliver.MIT.EDU> >> I dunno. The early versions of UNIX had a back door in the login >> program put in by the designer. The compiler also watched for the >> login source code to be recompiled and added the back door. The >> compiler also watched for the compiler source code to be recompiled >> and inserted the login code modification code _and the compiler >> modification code. You can never be to careful. I've let a lot of stupid comments go by, but I have to respond to this one. It is true that Dennis Ritchie (I believe, if not him, one of the other original UNIX authors) proposed such a login/compiler virus. But it wasn't in any early version of UNIX. Marc From nobody at shell.portal.com Tue Aug 31 03:49:02 1993 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Tue, 31 Aug 93 03:49:02 PDT Subject: Internet commerce...for your cracking pleasure Message-ID: <9308301940.AA22212@jobe.shell.portal.com> ================================================= INDIVIDUAL INTERNET SUBSCRIPTIONS AVAILABLE! Have you ever wanted the convenience of the news delivered directly to your e-mail box? Now its possible! ...USA Today....The Moscow News is available for just $80 a year. For more information, or to place an order send an e-mail to subscrib at americast.com Include the e-mail the address to which you want the services delivered. In that e-mail please designate the paper and sections you would like to receive, give your full name, address, phone number, and the credit card (Visa or MasterCard) you will be using for the purchase, and the credit card expiration date. From collins at newton.apple.com Tue Aug 31 06:46:31 1993 From: collins at newton.apple.com (Scott Collins) Date: Tue, 31 Aug 93 06:46:31 PDT Subject: Apple, privacy, and AOCE Message-ID: <9308311334.AA07407@newton.apple.com> >I found the idea that RSADSI will be generating folks' key pairs >particularly chilling. What I gathered from actually using this software is that you personally generate a key pair, on your own machine, and then transparently send your public key to RSADSI. Some time later, you receive a certificate (with an expiration date) that allows your 'signer' to function. RSADSI does not make, or even see, your private key. >The article accompanying these sidebars suggests that folks' private keys >will be stored on the server; My understanding is that address books on the [optional] servers may have copies of certificates, for people who have certificates and want them published. >the article [...] must be the result of miscommunication yes >The NSA recently signed an agreement with the Software Publishers >Association that will provide expedited approval of RC-4 encryption based >on 40-bit keys. Not surprising, since a pre-computation attack allowing a direct key lookup against RC-4 with 40 bit keys is economically feasible for anyone who can afford a CD-ROM jukebox (128 mips-years of computation + 8 terabytes of storage). >NSA [...] will allow slightly more-powerful scrambling capabilities >[in AOCE] AOCE uses 64-bit keys, and larger keys mean better security. This could mean anything. They might actually be using 64 bit keys (which would be good, although 80 bits is recommended), or they might be using 40 bit keys with 24 bits of salt (or worse: 32 and 32). Salted keys (key+salt of sufficient size), stop the precomputed attack, but if the actual key size, without salt, is still only 40 bits, then exhaustive search of the keyspace, after the salt has been seen, will only take 64 mips-years. Scott Collins | "Few people realize what tremendous power there | is in one of these things." -- Willy Wonka ......................|................................................ BUSINESS. voice:408.862.0540 fax:974.6094 collins at newton.apple.com Apple Computer, Inc. 1 Infinite Loop, MS 301-2C Cupertino, CA 95014 ....................................................................... PERSONAL. voice/fax:408.257.1746 1024:669687 catalyst at netcom.com From doug at netcom5.netcom.com Tue Aug 31 07:39:03 1993 From: doug at netcom5.netcom.com (Doug Merritt) Date: Tue, 31 Aug 93 07:39:03 PDT Subject: Commercial PGP: Verifying Trustworthiness In-Reply-To: Message-ID: <9308311433.AA11758@netcom5.netcom.com> --- Forwarded mail from Marc Horowitz >From owner-cypherpunks at toad.com Mon Aug 30 23:40:01 1993 Received: from relay2.UU.NET by mail.netcom.com (5.65/SMI-4.1/Netcom) id AA14421; Mon, 30 Aug 93 23:39:57 -0700 Received: from toad.com by relay2.UU.NET with SMTP (5.61/UUNET-internet-primary) id AA10745; Tue, 31 Aug 93 02:40:50 -0400 Received: by toad.com id AA14781; Mon, 30 Aug 93 23:33:56 PDT Received: by toad.com id AA14701; Mon, 30 Aug 93 23:31:26 PDT Return-Path: Received: from Athena.MIT.EDU ([18.72.1.1]) by toad.com id AA14688; Mon, 30 Aug 93 23:31:23 PDT Received: from OLIVER.MIT.EDU by Athena.MIT.EDU with SMTP id AA00837; Tue, 31 Aug 93 02:28:59 EDT Received: by oliver.MIT.EDU (AIX 3.2/UCB 5.64/4.7) id AA14903; Tue, 31 Aug 1993 02:28:52 -0400 Message-Id: <9308310628.AA14903 at oliver.MIT.EDU> To: bbyer at BIX.com Cc: honey at citi.umich.edu, cypherpunks at toad.com Subject: Re: Commercial PGP: Verifying Trustworthiness In-Reply-To: Your message of Tue, 31 Aug 93 00:14:18 -0400. <9308310014.memo.72462 at BIX.com> Date: Tue, 31 Aug 93 02:28:52 EDT From: Marc Horowitz Marc Horowitz said: >> I dunno. The early versions of UNIX had a back door in the login [...] >I've let a lot of stupid comments go by, but I have to respond to this one. > >It is true that Dennis Ritchie (I believe, if not him, one of the >other original UNIX authors) proposed such a login/compiler virus. >But it wasn't in any early version of UNIX. Stupid? Watch the flame bait...he merely overstated a touch. The back doors weren't part of any of the full distributions, it's true, but they were quite a bit more than proposals. Ken Thompson actually distributed those back doors via a compiler update, warning of a security problem and urging all sites to recompile. Most did, which inserted the back doors into the programs. That's close enough to the original claim. See the Ken Thompson & Dennis Ritchie Turing Award Lecture, which goes into detail about this. The level of sneakiness involved was amazing. Compilers are the ultimate security breach. Doug From collins at newton.apple.com Tue Aug 31 08:16:30 1993 From: collins at newton.apple.com (Scott Collins) Date: Tue, 31 Aug 93 08:16:30 PDT Subject: What's wrong with PEM? Message-ID: <9308311508.AA08669@newton.apple.com> After reading the RFCs for PEM (1421-1424), I am curious what other people think about PEM. For cypherpunks agenda, in what ways is PEM lacking? My take is: 1. PEM is a protocol, only applicable to mail (perhaps only to internet mail) while PGP is program that provides similar services for mail, but is also applicable to non-mail related encryption tasks. 2. PEM and PGP don't aggree on the symmetric algorithms (DES, IDEA). 3. PEM certificates are bulky, and transmission is encouraged. 4. PEM certificates are issued by Certificate Authorities, which would seem to preclude PGP's 'web of trust' model. These all seem to have answers: 1. PEM is protocal, PGP is a program that implements much of what PEM is... why not make PGP PEM compliant. 2. Propose IDEA as a symmetric algorithm for PEM. 3. Ha! PGP already has key servers. 4. Propose a revion to the certification scheme where USER certificates would be created by the owner and signed by non-certificate-authority acquaintances ala PGP. Yes, this would take time and effort. No, this should not be taken as an affront to our current and previous efforts. I think that we should persue _every_ avenue. If the only real problem with PEM is the trust model, and we can change that, then this would be a strongly legitimizing action. Scott Collins | "Few people realize what tremendous power there | is in one of these things." -- Willy Wonka ......................|................................................ BUSINESS. voice:408.862.0540 fax:974.6094 collins at newton.apple.com Apple Computer, Inc. 1 Infinite Loop, MS 301-2C Cupertino, CA 95014 ....................................................................... PERSONAL. voice/fax:408.257.1746 1024:669687 catalyst at netcom.com From gnu Tue Aug 31 08:34:02 1993 From: gnu (John Gilmore) Date: Tue, 31 Aug 93 08:34:02 PDT Subject: EFF bribery and corruption, not! In-Reply-To: Message-ID: <9308311533.AA21900@toad.com> > True or False, the EFF accepted money from AT&T in return for the EFF's > support on various issues/bills before congress wherein AT&T came out on > top in it's effort to commercialize parts of the Internet for it's own > monetary gain? False. > I've that's not bribery and corruption of what otherwise > is supposed to be a non-profit organization, then I don't know what is. > 'nuf said. You don't know what is. You have managed to produce a mishmash of several false rumors, National-Enquirer style. * AT&T is a minor contributor to EFF, and has no effect on its policy positions, which are set by its Board (including me). CPSR and a few other organizations assumed that EFF wasn't taking the same position as they were on various issues because EFF had been corrupted by corporate funding. In reality, we were more interested in enforcing rights than in forced equity (e.g. school choice rather than busing; no licensing of broadcasters rather than requiring "equal time" to rebut). We disagree because we're more libertarian than liberal, not because we sold out. * AT&T isn't crushing the net by commercialization. A bill introduced by Cong. Markey (which I spoke with him about personally, when I happened to be in DC) would've required that Internet access be provided solely by commercial carriers, not by the NSF. It already is -- ANS is a commercial carrier. The idea was to make *sure* the government stops owning networks (which it would then control the users of, with Acceptable Use Policies, censorship, exclusion of political opponents, etc). Instead, it would subsidize educational and research organizations so they can buy network access from the commercial carrier of their choice, the same way they buy telephone service. Whether by malice or mistake, a "modem tax"-like rumor spread through the net that the bill would kill academic use of Internet. You fell for it. I've enclosed a relevant article from Computer Underground Digest. John Gilmore Date: Sun, 22 Aug 1993 20:23:18 CDT From: Jim Thomas Subject: File 1--Has the EFF SOLD OUT?!? The Electronic Frontier Foundation has been co-opted by the telecommunications conglomerates and has, as a consequence, lost it's integrity and credibility. Or so some critics would have us believe. Especially since the re-organization of The EFF, allegations that they have "sold out" by accepting contributions from telephone companies--or worse, that EFF now is implicitly in the employ of telephone companies--persist. This allegation seems not only unfounded, but does a disservice to the cybercommunity by falsely maligning the integrity of one of the two (CPSR being the other) most active and effective organizations working to establish and preserve the rights of the electronic realm. Because I am a dues-paying member of EFF and have recently sent my subscription fee to CPSR, I am not a dispassionate observer. Both groups are effective, and--even when in disagreement, I respect the goals and strategies chosen by each group. Therefore, as a member of EFF, I'm troubled by some of the public commentary I've read on Usenet, BBSes, and public access systems that continue to irresponsibly tarnish the integrity of EFF with false allegations. Some of the basis for criticism rests on rumors. Perhaps some derives from malice. But, the bulk may simply be a lack of information about EFF's funding sources and an imperfect understanding about the relationship between funders and recipients and the obligations that relationship entails. I see nothing *inherently* improper about EFF (or any organization) accepting funds from organizations whose goals, ideology or practices may not overlay perfectly with those of the recipients. Let's look at a few issues. 1. HOW MUCH DOES EFF RECEIVE FROM TELECOS? According to EFF sources, roughly eight percent of their $1.6 million operation budget comes from telecom sources, with no more than five percent coming from a single source. Fiscal ratios change, and whether the exact sum is seven or 11 percent matters nil. This is a useful chunk of resources, but hardly substantial. It is certainly not a sufficient amount to cause a crisis if it were withdrawn. The remainder of EFF's resources are reported to derive from private donors, membership fees, and revenue-generating activities (such as sales of t-shirts). Both in the Usenet discussion group (comp.org.eff.talk) and in its newsletters, EFF has been open about its funding sources and has never concealed or minimized contributions by corporate donors, including telecos. Therefore, EFF's alleged ethical malfeasance does not lie in failure to conceal its funding resources. Nor does it lie in a dependency relationship with the donors. 2. WHAT OBLIGATIONS DOES EFF OWE THE TELECOS? The broader question here centers on what obligations a donor might expect from the recipient. It is hardly unusual for organizations to accept funds from contributors whose interests overlap. Examples include contributions by R.J. Reynolds tobacco and The Playboy Foundation to the ACLU to--as a personal example--my own former funding by the National Institute of Justice. Does the ACLU support freedom of speech because it is funded in part by those with a commercial interest in protecting it? Should the ACLU abstain from taking a position on smokers'/non-smokers' rights because of funding sources? Should I have refused federal funding lest I be accused (as I once was) of being little more than a paid lackey of federal police and social control interests? Criticism of EFF for its funding sources and suspicion of the strings that might be attached extend into the lives of many of us. However, it is rare that general donations require any substantive changes in the behavior or principles of recipients. It is also common for well-endowed donors to spread their largess to a variety of groups with ends often (seemingly) antithetical to each other and even to the donor. There is no evidence whatsoever that EFF has changed its direction to satisfy donors. In fact, the recent re-organization at EFF, however much some of us might be disappointed by the emphasis, is fully consistent with their original policy statement. In fact, a careful reading of the founding EFF statement and its recent public policy formulations indicate that the re-organization was primarily structural rather than the reflection of a new philosophy. As the CPSR/EFF/ACLU coalition in the 2600 Magazine Washington Mall incident of 1992 suggest, the EFF continues to involve itself with those types of issues that led to its founding. And, as Mike Godwin's continued involvement with EFF and his willingness to help those in need of legal advice attest, EFF remains the first resource most of us think of when we seek computer-related legal assistance. Those who know Mike and EFF founders John Barlow and Mitch Kapor cannot, in their wildest fantasies, imagine even the most generous donor influencing their behavior or principles. 3. WHAT ARE THE ETHICAL/LEGAL OBLIGATIONS OF RECIPIENTS? Federal and state statutes, as well as various professional codes of ethics, specify obligations that might lead to a conflict of interest. The attorneys amongst us can elaborate on these. However, there is absolutely no evidence that the EFF approaches even the strictest conflict of interest threshold. Its coincidental interests with telecos involve policy and legislation affecting primarily the development of an "information highway" and the attendant technology. The EFF is not litigating on behalf of any telecos, it is not (according to EFF sources and their documents) serving in a client relationship with them, and it is engaged in no activity that--at least by any apparent logic--could be construed to place the EFF in a conflict of interest situation. EFF's initiative and perseverance in the Steve Jackson Games litigation would seem prima facie evidence that the EFF is committed to principle and not to funding expedience. There is room for considerable intellectual disagreement over the focus, goals, and organization of EFF, CPSR, and, I suppose, even CuD. But the one issue that is indisputable is the integrity, commitment, and credibility the EFF possesses. Because there is nary a soupcon of evidence to to suggest cooptation, it's time to end this unnecessary and destructive bickering about EFF's funding sources. Those who have taken the trouble to follow the public policy statements and read the EFF electronic and hardcopy newsletters, will find nothing new in my comments. Those who do not receive the newsletter and do not follow CuD's periodic summaries of the activities of groups such as the EFF and CPSR might have been influenced by rumors and misinformation. Those of us who are concerned about the future of "cyberspace" should remember our debt to these groups. Part of that debt means that we squelch false rumors that risk irreparably tarnishing the reputations and subverting the effectiveness of groups from whose actions we all benefit. From visgraph!root Tue Aug 31 08:39:02 1993 From: visgraph!root (Superuser) Date: Tue, 31 Aug 93 08:39:02 PDT Subject: Help/Advice requested (fwd) Message-ID: <199308311534.AA04994@visgraph.uucp> Through e-mail, gnu at toad.com writes: | | > Anyone have some ideas about how to implement such a beast? | | First you have to tell us what it's supposed to do. [ ... ] Sorry, I had assumed that people would know about registration schemes here. By the use of a (perhaps complex) algorithm, generate serial numbers that would be entered by the registering user which would effectively 'register' the program. There would be a routine in the executable that could detect a valid serial number and act accordingly. The algorithm to do this should be well-hidden into the code, as to discourage simple hacking and alteration... There are a wealth of schemes out there. For example, SCO UNIX uses a (albeit weird) scheme that involves a serial number and activation key which actually decrypts the executable (not what I want to do, really). INFORMIX uses a scheme that brands the executable with a serial number (very interesting). I thought of having an external program that would brand the executable with a serial number and perhaps some other hidden information in reserved spaces. Something like the program mentioned below would be effective in hiding the code. What else do you need to know? | > have run something like PKLITE on your executable) encapsulates the | > EXE file, encrypted, with CRC checks and debugger traps. | | Fine, it uses encryption and CRC and debug traps. Now, to what purpose? | What's the objective? What's the goal? Why? [ ... ] Here's a README from the distribution... Protect! EXE/COM 3.1 encrypt and still run .EXE's Registration $ 25.00 SDN_UTIL AUG93 PROTECT EXE COM CRC SECURE ENCRYPT SCRAMBLE FILES: PrExCm31.SDN Author: Jeremy Lilley Protect! EXE/COM is a powerful EXE/COM protection utility which thoroughly encrypts any EXE or COM file but still allows it to be run. And, files protected by it make a full CRC INTEGRITY CHECK every time they are run. This NEW version fixes many bugs found in previous versions of this program such as an infamous screen bug in v.3.0. Additions are made to make this program to prevent CRACKING, REVERSE ENGINEERING, and MODIFICATION even more. This program is one of the most powerful and cost-effecive solutions to problems with your programs' being modified by malicious hackers. With every other form of file security being nullified, Protect! has been renewed and can now secure your programs more than ever. What would you do if somebody were to add a TROJAN or 'MODIFY' a few screens to a program of yours ? Protect! can make this circumstance extremely unlikely for only $25. If a problem is detected, a message of your choice can be outputted to the user to tell the user exactly what to do. Instead of burying your head in the sand, get Protect! to protect your programming and software investment. Requirements: DOS 2.0 or higher, IBM or compatible PC, 256k RAM, & any executable file compression utility such as LZEXE, PKLite, Compack, Diet, or another program for compressing EXE files before they are scrambled and protected. [ .SDA Format is (c)Copyright 1993 The SDN Project ] [ SDN Authors-Only Info Line is 203-634-0370 USA ] -------- If you need more information, I can give you the author's email address... From rjc at gnu.ai.mit.edu Tue Aug 31 08:56:30 1993 From: rjc at gnu.ai.mit.edu (Ray) Date: Tue, 31 Aug 93 08:56:30 PDT Subject: EFF bribery and corruption, not! In-Reply-To: <9308311533.AA21900@toad.com> Message-ID: <9308311553.AA02449@geech.gnu.ai.mit.edu> John Gilmore () writes: > > > True or False, the EFF accepted money from AT&T in return for the EFF's > > support on various issues/bills before congress wherein AT&T came out on > > top in it's effort to commercialize parts of the Internet for it's own > > monetary gain? Oh, the horrors! Just think about it. A corporation doing something for profit! I'll be cheering the day when AT&T, MCI, Sprint, the Baby Bells, and the Cable Companies start offering internet service to the home at affordale rates. (In fact, I've already read news on Clarinet of some cable company's plan to sell a cable-modem pc card giving high speed internet access at not much more than going phone rates) -- Ray Cromwell | Engineering is the implementation of science; -- -- EE/Math Student | politics is the implementation of faith. -- -- rjc at gnu.ai.mit.edu | - Zetetic Commentaries -- From khijol!erc at colossus.apple.com Tue Aug 31 09:49:36 1993 From: khijol!erc at colossus.apple.com (Ed Carp) Date: Tue, 31 Aug 93 09:49:36 PDT Subject: encryption program posted to comp.sources.misc Message-ID: Anyone else seen "syf" posted to comp.sources.misc? Someone oughta talk to Paul Vixie about posting XOR encryption programs... -- Ed Carp, N7EKG erc at apple.com 510/659-9560 anon-0001 at khijol.uucp If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From hughes at ah.com Tue Aug 31 10:54:04 1993 From: hughes at ah.com (Eric Hughes) Date: Tue, 31 Aug 93 10:54:04 PDT Subject: REMAIL: Attacks on remailers In-Reply-To: <9308301420.AA03878@elf.owlnet.rice.edu> Message-ID: <9308311745.AA17964@ah.com> >With no root privs on the machine, I tried using the at command to >perform the above function and then reschedule itself for tomorrow. >Problem: if the machine reboots then the mailing out portion is killed. A user's crontab is not deleted at reboot, to my knowledge. You could simply run a cron job to schedule mail delivery. (If you deliver on cron, you don't get an even distribution of delivery times, unless you use a much more frequent cron.) Eric From klbarrus at owlnet.rice.edu Tue Aug 31 10:54:37 1993 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Tue, 31 Aug 93 10:54:37 PDT Subject: PGP: question Message-ID: <9308311748.AA25345@flammulated.owlnet.rice.edu> Cypherpunks, Are there any heavy implications, security and otherwise, to the truncation of the environment variable PGPPATH that occurs in buildfilename()? Background: I've been trying all sorts of stuff getting pgp to read config.txt when I'm anywhere else in my directory structure. My home directory is /home/klbarrus which as it turns out is a symbolic link another directory (it may even change from time to time). Since I never could get PGPPATH to work on my old NeXT account, and my home directory there was also a link to something else, I thought: AHA! PGP uses stat() and/or some other functions which don't follow symbolic links!! Nope, it does, so that wasn't it. So, I poked around the code more and found out that buildfilename() returns null if the length of getenv(PGPPATH) is greater than 50. This probably explains why it didn't work on the NeXT; PGPPATH was set to some huge path like /private/Net/tree/Users/barrus/Cryptography/pgp or something close, so buildfilename() returned null. But the pathname on my new account is definitely shorter than 50 characters, but I decided to try increasing 50 just to see what it would do. Right before remaking pgp I realized the mistake I had made, one that is (export) almost too embarrasing to admit :-) Anyway, any "deep" reason to return null if the length of the environment variable is > 50? Or is it just to keep the path relatively short, maybe to keep from breaking a system call on some machine out there? -- Karl L. Barrus: klbarrus at owlnet.rice.edu keyID: 5AD633 hash: D1 59 9D 48 72 E9 19 D5 3D F3 93 7E 81 B5 CC 32 "One man's mnemonic is another man's cryptography" - my compilers prof discussing file naming in public directories From lefty at apple.com Tue Aug 31 11:14:04 1993 From: lefty at apple.com (Lefty) Date: Tue, 31 Aug 93 11:14:04 PDT Subject: Apple+Clipper Message-ID: <9308311806.AA23317@internal.apple.com> Tim May says: >Yep, I was just making this point, that Apple is _already_ releasing >hardware with OS incompatibilities. (By the way, many/all? of the >newer Macs need a "system enabler" patch to run System 7.1, that is, >the standard System (OS) no longer runs on all machines. Actually, this has always been true. It's just that it was done in the form of patch resources internal to the System file prior to the release of System 7.1. It used to be that, in order to save disk space, one could go into the System file with ResEdit and remove the various 'PTCH' resources that didn't apply to the particular machine you happened to be using. The System Enabler scheme is simply a somewhat cleaner method of accomplishing the same thing: you now have a "generic" System file, with the various hacks segregated in the Enabler. -- Lefty (lefty at apple.com) C:.M:.C:., D:.O:.D:. From remail at tamsun.tamu.edu Tue Aug 31 12:26:32 1993 From: remail at tamsun.tamu.edu (remail at tamsun.tamu.edu) Date: Tue, 31 Aug 93 12:26:32 PDT Subject: anonymous mail Message-ID: <9308311923.AA17945@tamsun.tamu.edu> PEM also reveals who signs messages, even when the message is encrypted. In other words, if I send you a PGP encrypted message which I also signed, the signature is hidden under the encryption. You do not know who sent you the PGP message (assuming a cypherpunks remailer or equivalent was used) until after you decrypt the first "packet" and gaze inside. PEM, on the other hand, reveals in the clear who signed the message, outside of the encrypted portion. Also note that to be PEM compliant, you *must* always sign your messages. So much for anonymous encrypted messages... There is something to be said for the PGP encapsulated approach... From bill at twwells.com Tue Aug 31 13:04:05 1993 From: bill at twwells.com (T. William Wells) Date: Tue, 31 Aug 93 13:04:05 PDT Subject: article in Science News In-Reply-To: Message-ID: In article , T. William Wells wrote: : (Isn't Denning a lawyer turned ersatz cryptography expert? Or do : I have her confused with some other "expert"?) Apparently, the latter. Sorry. From markh at wimsey.bc.ca Tue Aug 31 13:06:32 1993 From: markh at wimsey.bc.ca (Mark C. Henderson) Date: Tue, 31 Aug 93 13:06:32 PDT Subject: anonymous mail Message-ID: > PEM, on the other hand, reveals in the clear who signed the message, outside > of the encrypted portion. Also note that to be PEM compliant, you *must* > always sign your messages. So much for anonymous encrypted messages... There are also performance concerns here. There is no reason to take the substantial amount of time it takes to sign, if you don't want to sign a message. On the other hand, in terms of anonymity, you can always generate a self-signed key with TIS/PEM (I forget the exact term they use in the TIS/PEM docs, but you can just make yourself a certificate which doesn't really say anything about your identity). -- Mark Henderson markh at wimsey.bc.ca (personal account) RIPEM key available by key server/finger/E-mail MD5OfPublicKey: F1F5F0C3984CBEAF3889ADAFA2437433 From klbarrus at owlnet.rice.edu Tue Aug 31 13:14:38 1993 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Tue, 31 Aug 93 13:14:38 PDT Subject: REMAIL: list Message-ID: <9308312011.AA13862@flammulated.owlnet.rice.edu> -----BEGIN PGP SIGNED MESSAGE----- Q1: What cypherpunk remailers exist? A1: 1: nowhere at bsu-cs.bsu.edu 2: hh at cicada.berkeley.edu 3: hh at pmantis.berkeley.edu 4: hh at soda.berkeley.edu 5: 00x at uclink.berkeley.edu 6: cdodhner at indirect.com 7: hal at alumni.caltech.edu 8: ebrandt at jarthur.claremont.edu 9: remailer at rebma.mn.org 10: elee7h5 at rosebud.ee.uh.edu 11: hfinney at shell.portal.com 12: remail at tamsun.tamu.edu 13: remail at tamaix.tamu.edu 14: remailer at utter.dis.org 15: remailer at entropy.linet.org 16: remail at extropia.wimsey.com NOTES: #1-#6 no encryption of remailing requests #7-#15 support encrypted remailing requests #16 special - header and message must be encrypted together #9,#14,#15,#16 introduce larger than average delay (not direct connect) #9,#14,#15 running on privately owned machines ====================================================================== Q2: What help is available? A2: Check out the pub/cypherpunks directory at soda.berkeley.edu (128.32.149.19). Instructions on how to use the remailers are in the remailer directory, along with some unix scripts and dos batch files. The public keys for the remailers which support encrypted remailing requests is also available in the same directory. Mail to me (klbarrus at owlnet.rice.edu) for further help and/or questions. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLIOvDYOA7OpLWtYzAQGbDQQAvnyZ9XpGUntp483/trZQwyIb74jJEGgR ZpWwPWAlp2j3Vp1WW2JcnvHXIfVtU9r8g22JErwDalgq00NdXIrqIpf5ZllbXfQA XwNoq6hqeECeKtRG/nwc1NeLejFfi1QhA+tjL8yLbyvcZ+bawLbd58NmE7AODUK2 2vuRnYtz+WM= =xnSQ -----END PGP SIGNATURE----- From huntting at glarp.com Tue Aug 31 13:56:33 1993 From: huntting at glarp.com (Brad Huntting) Date: Tue, 31 Aug 93 13:56:33 PDT Subject: anonymous mail In-Reply-To: <9308311923.AA17945@tamsun.tamu.edu> Message-ID: <199308312052.AA01186@misc.glarp.com> > PEM, [...] reveals in the clear who signed the message, outside of > the encrypted portion. Also [...] to be PEM compliant, you *must* > always sign your messages. Perhaps it's time we polished the edges, added a few of the features that are lacking, and wrote up up an RFC for the PGP message format. Some features I'd like to see in PGP are: The ability to send an encrypted message to multiple recipients without duplicating the entire message. The most logical way to do this would probably be to encrypt the random IDEA key once for each recipient. There needs to be a facility for having multiple signatures on a single document without making the signers sign each others signatures. Besides the obvious application of removing a signature from a document, this would also facilitate things like petitions where many people could asynchronously sign a single document, and latter assemble all the signatures together. It should be possible (though certainly not mandatory) to hide the recipient's identity entirely. The message format needs to allow for alternate forms of encryption (besides IDEA). Furthermore, the (shared key) algorithm used to encrypt a message should be hidden in the RSA encrypted part of the message along with the shared key. Ideally, a list of algorithms could be given which would allow the message to be optionally compressed before being encrypted, or encrypted two or more times with different algorithms. If I'm confused and the PGP message format already supports some of these features, please correct me. brad From cme at ellisun.sw.stratus.com Tue Aug 31 15:29:09 1993 From: cme at ellisun.sw.stratus.com (Carl Ellison) Date: Tue, 31 Aug 93 15:29:09 PDT Subject: (fwd'd) more Clipper inside? Message-ID: <9308312224.AA01506@ellisun.sw.stratus.com> Check this out. Clipper inside the Apple get you bothered? How about Clipper inside all UNICES ? (all POSICES) Sorry if this is a repeat for folks.. - Carl Date: Mon, 30 Aug 1993 10:03:00 EDT Reply-To: TC11-I IFIP TC11 Global information Sender: TC11-I IFIP TC11 Global information From: Ambuel at DOCKMASTER.NCSC.MIL Subject: Call for Participation - POSIX Security Group X-To: tc11-i at HEARN.NIC.SURFNET.NL X-Cc: smaha at DOCKMASTER.NCSC.MIL, snapp at DOCKMASTER.NCSC.MIL, emery at D74SUN.MITRE.ORG, tsig at WDL1.WDL.LORAL.COM, wbr at MITRE.ORG, chang at ST1.NCSL.NIST.GIV, p1003.6 at PERCH.NOSC.MIL, p1003.22 at PERCH.NOSC.MIL, tc11 at CIPHER.NL To: Multiple recipients of list TC11-I Status: RO _____________________________________________ Call for Participation The POSIX security working group will be concentrating on several new areas of security functionality at the October 18 meeting in Bethesda, Maryland. The group believes that these areas must be completed in order for the defined interfaces in P1003.6.1 and P1003.6.2 to be fully useful. These new areas include: Identification and Authentication Services Portable Data Formats Cryptographic Services Administrative Services Identification and Authentication Services POSIX 1003.1 and 1003.2 provide little functionality in the areas of identification and authentication. The security working group believes that services for identifying users and authenticating those identities is essential for protecting resources within a system. One proposal, from ICL, has been received to date on this subject. It will be distributed in the POSIX mailing and will be discussed at the October meeting. In addition, distributed issues of identification and authentication will be discussed so that a resulting standard will accommodate distributed identification and authentication technology. Any additional proposals for identification and authentication services will also be entertained. Portable Data Formats POSIX 1003.6.1 has defined several interfaces to create and manipulate security-related data items - access control lists, labels, capabilities, and audit records. However, the data items are not described to the level of detail necessary to use them in a portable way. For true application portability the format of these data items must be known. One proposal has been received, from Haystack Laboratories, for a common audit trail interchange format. This proposal will be included in the POSIX mailing and will be discussed at the October meeting. Any additional proposals for portable data formats will also be entertained. Cryptographic Services One proposal has been received, form NIST, which outlines interfaces for several areas of cryptographic services: user cryptographic database management, secret key cryptography services, and public key cryptography services. The secret key services include encryption and data integrity, as well as key management. The public key services include encryption and digital signatures, as well as key management. The proposal will be included in the POSIX mailing and will be discussed at the October meeting. Another proposal may be submitted by the October meeting and will also be discussed. Any additional proposals for crytpographic services will also be entertained. Administrative Services The security working group met with the administrative services working group (P1003.7) to discuss what interfaces and utilities need to be defined to provide portable application writers with a standard method for administering security-related data items. The original scope of P1003.6 excluded this functionality because P1003.1 and P1003.2 excluded this functionality. However, these utilites and functions are essential for application writers to provide truly portable applications. Any proposals in this areas are encouraged and will be discussed at the October meeting. Proposals in these, or other, security-related areas are welcome and can be mailed to the chair for enclosure in the POSIX mailing and the agenda for the meeting. This will allow members of the working group to review the proposal and be prepared for discussion at the meeting. Proposals will also be accepted at the meeting, but only in written form. This makes it more likely that a proposal has been thought out and keeps discussion focused on a tangible document. In order to plan for the agenda for the working group meeting, please forward your name, email address, area of interest, and expected duration that you will be at the Bethesda meeting. Addresses for the chair are listed below. The hope is that a large group will be available for discussion all week, but sometimes that is not quite reality. If you can only attend a few days, or would like to present something on a specific day, please provide that inforamtion and the agenda will be created accordingly. Questions and written proposals can be sent to the chair in any of the following ways: U.S. Mail: Lynne Ambuel Attn: I94 Department of Defense Fort G.G. Meade, MD 20755-6000 Internet: Ambuel @ dockmaster.ncsc.mil FAX: (410) 850-7166 From cme at ellisun.sw.stratus.com Tue Aug 31 16:09:41 1993 From: cme at ellisun.sw.stratus.com (Carl Ellison) Date: Tue, 31 Aug 93 16:09:41 PDT Subject: What's wrong with PEM? Message-ID: <9308312306.AA01658@ellisun.sw.stratus.com> -----BEGIN PRIVACY-ENHANCED MESSAGE----- Proc-Type: 2001,MIC-CLEAR Originator-Name: cme at ellisun.sw.stratus.com Originator-Key-Asymmetric: MIGbMAoGBFUIAQECAgP+A4GMADCBiAKBgCl79/jl0DEVl1GQzOHlzjDmChDDxnWO Acd7jShj2x1vclFh6vbHx9IJqkQdwNhNAWf8XnTrqBDN+VSBc1qdT6nSEAbNPxHD XcvY2DudhuRaRBVLgUQ4scTK657m90Q+bTL5yIh2MaFipUw9BgbIXPTDlksSskWP 9oHjo+pCJC+lAgMBAAE= MIC-Info: RSA-MD5,RSA, D6p2f/wP8D4TOg3vWp7JGoGdKw4iL3bQeSFiany6kDNAdS8Tt65pSqb99zUpBN7v 13Cu+LQhS0OA0jpyv+/DpkdjiW3GgECX05YkfIzd4iOF0CI/76pPoV65hIgdi5ze tcnBn6hr/fcBUByM+nWp0BIi/tApWp1xl/iEUOBiuwU= >Message-Id: <9308311508.AA08669 at newton.apple.com> >Date: Tue, 31 Aug 1993 08:08:33 -0800 >From: collins at newton.apple.com (Scott Collins) Hi Scott. I think you have PEM right -- except that there's RIPEM which does file encryption/decryption just like PGP. I've built a shell script for my mailer (Mail) which invokes either RIPEM or my own secret key algorithm so it's a bit more convenient. Once I get purchased PGP, I'll add PGP to that list. I hope to use the same key for PGP and RIPEM. (1024 bit RSA). - <> - Carl Ellison cme at sw.stratus.com - Stratus Computer Inc. M3-2-BKW TEL: (508)460-2783 - 55 Fairbanks Boulevard ; Marlborough MA 01752-1298 FAX: (508)624-7488 - -----BEGIN RIPEM PUBLIC KEY----- User: cme at ellisun.sw.stratus.com PublicKeyInfo: MIGbMAoGBFUIAQECAgP+A4GMADCBiAKBgCl79/jl0DEVl1GQzOHlzjDmChDDxnWO Acd7jShj2x1vclFh6vbHx9IJqkQdwNhNAWf8XnTrqBDN+VSBc1qdT6nSEAbNPxHD XcvY2DudhuRaRBVLgUQ4scTK657m90Q+bTL5yIh2MaFipUw9BgbIXPTDlksSskWP 9oHjo+pCJC+lAgMBAAE= MD5OfPublicKey: 39D9860686A9F075A9A83D49589C677A - -----END RIPEM PUBLIC KEY----- -----END PRIVACY-ENHANCED MESSAGE----- From remail at tamsun.tamu.edu Tue Aug 31 16:44:10 1993 From: remail at tamsun.tamu.edu (remail at tamsun.tamu.edu) Date: Tue, 31 Aug 93 16:44:10 PDT Subject: Encryption policies of Fidnet, etc. Message-ID: <9308312337.AA17814@tamsun.tamu.edu> Forwarded from alt.cyberspace: ------------------------------ ->> Joseph T Dickinson was mumbling something about Encryption <<- JTD> It is illegal to encrypt messages period. JTD> E-mail encryption is illegal Depends on your network and where you live. It is illegal to use PGP in the United States due to its use of a copyrighted algoritm. It is *NOT* illegal to use it anywhere else in the world. Other encryption methods are legal. In Fidonet (the largest *amatuer* mail network), it is against policy to encrypt 'echomail' (Fido version of newsgroups), but perfectly acceptable to encrypt *direct* netmail (Fido email delivered directly to the recieving system without regard to its location). Routed netmail (email passed from system to system before eventually arriving at its destination) may be encrypted provided each sysop whose node the message passes through agrees that the message may be encrypted, otherwise, it has to be sent en claire. On RIME (Relaynet International Mail Exchange, the *2nd* largest amatuer run network), email is regularly encrypted as part of the networking and routing software in use by the network. Sending routed, reciever-only mail is not only common, but *encouraged*, since it cuts down on the overhead of the other systems in the net. You'd have to look at the network's topology to see why; it's basically a 'tree' formation in which nodes at the bottom feed their newsgroups up to the topstars and recieve them from the topstars. Keven ... Get the facts first - you can distort them later! ___ Blue Wave/QWK v2.12 From remail at tamsun.tamu.edu Tue Aug 31 17:04:10 1993 From: remail at tamsun.tamu.edu (remail at tamsun.tamu.edu) Date: Tue, 31 Aug 93 17:04:10 PDT Subject: Adv Pgm: 1st ACM Conf. on Computer and Communications Security Message-ID: <9309010001.AA22758@tamsun.tamu.edu> ***** 1st ACM Conference on Computer and Communications Security ****** Nov 3-5 1993, Fairfax, Virginia Sponsor: ACM SIGSAC Hosts: Bell Atlantic and George Mason U In cooperation and participation from: International Association of Cryptologic Research IEEE Communications Society TC on Network Operations and Management IEEE Computer Society TC on Security and Privacy Washington DC Chapter ACM CONFERENCE HIGHLIGHTS: We invite your participation in this exciting new conference whose purpose is to bring together researchers and practitioners of computer and communications security. Our program offers a unique blend of cryptography and security theory and practice, with emphasis on the practical. The conference will be held in the Holiday Inn, Fair Oaks, in Fairfax, Virginia; minutes from the Nation's Capital. We welcome you to enjoy an informative and invigorating program, and Washington's pleasant mid-fall sight-seeing weather. Registration form and hotel information: --------------------------------------- Is given at the end, or can be obtained from George Mason University at: Ph\#: +1 703-993-2090, Fax\#: +1 703-993-2112, email: acmccs93\@isse.gmu.edu ADVANCE TECHNICAL PROGRAM (subject to change) =============================================== November 3rd ------------ Welcome (Dorothy Denning & Ray Pyle) Session: Applications-1 (Ravi Sandhu) - Does Licensing require new Access Control Techniques? (Ralf Hauser) - A Cryptographic File System for UNIX (Matt Blaze) - A Particular Solution to Provide Secure Communication in an Ethernet environment (Jordi Forne, Miguel Soriano, Jose Melus and Francisco Recacha) Session: Cryptographic Protocols - 1 (Michael Weiner) - Lower Bounds on Messages and Rounds for Network Authentication Protocols (Li Gong) - Optimality of Multi-Domain Protocols (Raphael Yahalom) - On Simple and Secure Key Distribution (Gene Tsudik and Els Van Herreweghen) Session: Digital Signatures (Ravi Ganesan) - The History of RSA -- Invited Talk (Ronald Rivest) - A New Signature Scheme Based on the DSA Giving Message Recovery (Kaisa Nyberg and Rainer Rueppel) - Random Oracles are Practical: A Paradigm for Designing Efficient Protocols (Mihir Bellare and Phillip Rogaway) - Sorting Out Signature Schemes (Birgit Pfitzmann) Session: Legal and Policy Issues (Richard Graveman) - Avoiding Cryptographic Information Anarchy in Enterprises: Invited Talk (Donn Parker) - Digital Signatures: Can They Be Accepted As Legal Signatures in EDI? (Patrick Brown) Session: Short Talks (Virgil Gligor) - Design of the Commercial Data Masking Facility (CDMF) Data Privacy Algorithm (Don Johnson, Stephen Matyas, An Le and John Wilkins) - Adding Time to a Logic of Authentication (Paul Syverson) - NetCash: A design for practical electronic currency on the Internet (Gennady Medvinsky and Clifford Neuman) - Considerations for Security in Personal Communications Systems (PCS) (Dan Brown) - A Framework for Distributed Authorization (Thomas Woo and Simon Lam) November 4th ------------ Session: Multilevel and Database (Carl Landwehr) - A Pump for Rapid, Reliable, Secure Communication (Myong Kang and Ira Moskowitz) - Authorizations in Relational Data Base Mgmt. Systems (Elisa Bertino, Pierangela Samarati and Sushil Jajodia) - High Assurance Discretionary Access Control for Object Bases (Elisa Bertino, Pierangela Samarati and Sushil Jajodia) Session: Applications - 2 (Victoria Ashby) - Denial of Service - Invited Talk (Roger Needham) - Analysis of an Algorithm for Distributed Recognition and Accountability (Terrance Goan, Deborah Frincke, Calvin Ko, Todd heberlein, Karl Levitt, Biswanath Mukherjee and Chris Wee) - Integration of DCE and Local Registries (Ping Lin) Session: Cryptology (Rainer Rueppel) - Multiple Encryption and the Economics of DES - Invited Talk (Whitfield Diffie) - Systematic Generation of Cryptographically Robust S-boxes (Jennifer Seberry, Xian-Mo Zhang and Yuliang Zheng) - Differential Cryptanalysis of Hash Functions Based on a Block Cipher (Bart Preneel) - Verifiable Secret Sharing for Monotone Access Structures (Marcus Otten, Han-Joachim Knobloch and Thomas Beth) Session: Telecommunications Security (Ravi Ganesan) - Securing a Global Village and its Resources: Baseline Security for Interconnected Signaling System 7 Telecommunications Networks - Invited Talk (Hank Kluepfel) - Panel: How Secure is the Public Switched Network? November 5th ------------ Session: Reliability of Security Systems (Ravi Sandhu) - Cryptanalysis and Protocol Failure - Invited Talk (Gustavus Simmons) - Why Cryptosystems Fail (Ross Anderson) - Panel: How to Engineer Reliable Security Session: Cryptgraphic Protocols - 2 (Yacov Yacobi) - Towards Practical `Proven Secure' Authenticated Key Distribution (Yvo Desmedt and Mike Burmester) - Applying Formal Analysis Techniques to Authenticated Diffie-Hellman Protocols (Paul Van Oorschot) - Augmented Encrypted Key Exchange: A Password-Based Protocol Secure Against Dictionary Attacks and Password File Compromise (Steve Bellovin and Michael Merritt) ****************************** General Chairs Program Committee -------------- ----------------- Dorothy Denning Victoria Ashby (MITRE) (Georgetown University) Steve Bellovin (Bell Labs) Whitfield Diffie (Sun) Raymond Pyle Taher El Gamal (Oki Data) (Bell Atlantic) Deborah Estrin (USC) Joan Feigenbaum (Bell Labs) Program Chairs Virgil Gligor (U. Maryland) -------------- Li Gong (SRI) Richard Graveman (Bellcore) Ravi Ganesan Sushil Jajodia (GMU) (Bell Atlantic) Paul Karger (GTE) Carl Landwehr (NRL) Ravi Sandhu E. Stewart Lee (U. Toronto) (George Mason University) Giancarlo Martella (U. Milan) Michael Merritt (Bell Labs) Invited Speakers Jonathan Millen (MITRE) ---------------- Clifford Neuman (USC ISI) Whitfield Diffie (Sun) Steven Rudich (CMU) Hank Kluepfel (Bellcore) Rainer Rueppel (R3 Sec. Eng.) Roger Needham (Cambridge U) Eugene Spafford (Purdue U) Donn Parker (SRI) Jacques Stern (DMI-GRECC) Ronald Rivest (MIT) Michael Wiener (BNR) Gustavus Simmons Yacov Yacobi (Bellcore) ****** 1st ACM Conference on Computer and Communications Security ******* Nov 3-5 1993, Fairfax, Virginia REGISTRATION FORM Mail or fax (+1 703-993-2112) this form to: ACMCCS '93 Registration Center for Professional Development-Business Office George Mason University Fairfax, VA 22030-4444 REGISTRATION CONTACT: Diane Waters, GMU (Phone: +1 703-993-2090, fax: +1 703-993-2112) NAME: AFFILIATION: ADDRESS: Phone: Fax: ACM/IEEE Member Number: Special Meal Requirements: Kosher Vegetarian REGISTRATION FEE: (Circle one) ACM/IEEE Member $300 (before 10/1/93) $325 (after 10/1/93) Non-Members $360 (before 10/1/93) $400 (after 10/1/93) Students $100 $100 Fees include continental breakfast (11/3-5), lunch (11/3-4) and banquet (11/4). Student fee is restricted to full-time students, or part-time students who are unemployed. In either case an advisor's endorsement is required. Advisor Name and Signature: Make checks or money orders payable, in US currency, to GMU/ACMCCS'93 Payment can also be made by purchase order (US organizations only) or credit card (Visa or Mastercard only). Cirle one of: VISA Mastercard Card No: Expiration: Name on Card: Signature: HOTEL: Holiday Inn at Fair Oaks, Phone: +1 703 352 2525, Fax: +1 703 352 4771 Rate: $69 (single/double) available until Oct 12 Mention 'ACM Security Conference' to get this rate From greg at ideath.goldenbear.com Tue Aug 31 17:19:10 1993 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Tue, 31 Aug 93 17:19:10 PDT Subject: Mitch Ratcliffe's article re AOCE Message-ID: <7w969B2w164w@ideath.goldenbear.com> I received a nice message today from Mitch Ratcliffe (I misspelled his name in my earlier post to C-punks) re my posting of the sidebars from his AOCE article. I'm not forwarding his E-mail as I was raised to consider that impolite :), but feel safe in summarizing thus: 1. There are a number of weaknesses in AOCE, but it is also a step forward in some senses. Discussion/elaboration of these weaknesses is precluded by space limitations of MacWeek, as well as other trade or mainstream magazines. 2. Editing for space accounts for some lack of detail in the sidebars; they are also intended for a general audience. Mitch suggests Apple as a source of further technical information re AOCE, and mentions a talk given by Gursharan Sidhu at the Apple Worldwide Developers' Conference in May, in which Sidhu suggests the government should be able to crack a system's security in some cases. Sidhu is the technical director of collaboration systems development at Apple. Mitch's e-mail address is godsdog at netcom.com; I've written back asking for clarification about other points raised in the article. -- Greg Broiles greg at goldenbear.com Golden Bear Computer Consulting +1 503 342 7982 Box 12005 Eugene OR 97440 BBS: +1 503 687 7764 From karn at qualcomm.com Tue Aug 31 18:04:11 1993 From: karn at qualcomm.com (Phil Karn) Date: Tue, 31 Aug 93 18:04:11 PDT Subject: (fwd'd) more Clipper inside? In-Reply-To: <9308312224.AA01506@ellisun.sw.stratus.com> Message-ID: <9309010058.AA27169@servo> Yeah, the NIST folks have been on the road trying to sell Clipper to those industry groups who don't yet (or should) know better. A month or two ago, it was the TIA digital cellular folks. Phil From honey at citi.umich.edu Tue Aug 31 18:46:35 1993 From: honey at citi.umich.edu (peter honeyman) Date: Tue, 31 Aug 93 18:46:35 PDT Subject: PGP: question Message-ID: <9309010146.AA29652@toad.com> if you ask me, limiting $PGPPATH to length 50 is a bug (albeit most likely benign). peter From tcmay at netcom.com Tue Aug 31 19:54:10 1993 From: tcmay at netcom.com (Timothy C. May) Date: Tue, 31 Aug 93 19:54:10 PDT Subject: Ratcliffe's palindrome In-Reply-To: <7w969B2w164w@ideath.goldenbear.com> Message-ID: <9309010251.AA03303@netcom5.netcom.com> Greg Broiles wrote: > Mitch's e-mail address is godsdog at netcom.com; I've written back asking for "godsdog" spelled backward is.... I wonder if anyone has ever gotten a good palindrome with their full domain address? (Best to ignore the "." delimiters, for now.) "limit at ti.mil" is a crude start, except that T.I. is not a military site. Our own "Abraham-Hughes" Cypherpunks team could have a user "mocha," as in the coffee, so that the address would be "mocha at ah.com". I'll stop at that one. -Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From nobody at alumni.cco.caltech.edu Tue Aug 31 21:14:12 1993 From: nobody at alumni.cco.caltech.edu (nobody at alumni.cco.caltech.edu) Date: Tue, 31 Aug 93 21:14:12 PDT Subject: Able was I ere I saw Elba Message-ID: <9309010404.AA05328@alumni.cco.caltech.edu> Have recently heard from an official of the Advanced Logistical Planning board of the city of Plano TX. (near Dallas) vogon at alp.plano.gov Something about a proposed hyperspace bypass ...... Napoleon --ignore-- From ld231782 at longs.lance.colostate.edu Tue Aug 31 22:29:14 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Tue, 31 Aug 93 22:29:14 PDT Subject: NY TAXES CYBERSPACE, CRAM REACTS Message-ID: <9309010524.AA11600@longs.lance.colostate.edu> Attention c'punks! A massive artillery fire on our Cyberspatial Reality Advancement Movement (CRAM) has been volleyed on the NY front! Retrenchments and counterattack requested ASAP! Reports that this is the first major enemy offensive on free Cyberspatial territory, to be followed by supporting attacks in nearby theatres soon! The enemy must be subjugated at this early critical period before basic footholds are established to supply a larger offensive! Critical aspects of our evolving plan: 1) match offensives with more powerful counterattacks 2) infiltrate the enemy with spies and saboteurs, leverage strategic insights 3) propaganda and disinformation campaign on the public and enemy We've been caught completely off guard by this attack! Let's banish our passivity and complacency and surge into action! Onward, troops! ===cut=here=== Date: 31 Aug 93 06:01:03 EDT From: Marty Winter <76407.3521 at compuserve.com> Subject: Sales tax on information services to increase OK, so what does all this gobbledegook mean? It means simply that New York State has decided to trash the information superhighway that has been touted as the solution to unemployment and the means by which New York could have rebuilt itself. New York, former home of leading edge high-technology is working overtime to relegate its citizenry to the welfare rolls. It means that BBS's which are already liable for collection of sales tax must now go back and collect an additional 5% for a total of 13%. This tax is RETROACTIVE ... Any BBS which has already collected a membership fee or other charges up front for a year of service must go back and collect more money from their subscribers unless their fiscal year begins on September 1. It means that a connection to the Internet, a subscription to GEnie, Prodigy, or CompuServe just got A LOT more expensive. It means that directory assistance calls to look up a phone number will cost more. Calls for technical support or 800 or 900 services just got a lot more expensive. Relatives of mine who are still employed by IBM downstate got told by their superiors that as a potential result of this change IBM and numerous other information service providers have decided or will decide to leave New York as quickly as possible. Newspapers and other entities that would have poured millions of dollars into New York's economy have found the cost to potential users and subscribers of new information services has now moved beyond practicality. The bottom line is that New York has literally killed its own future. New York's politicians from the Governor to the majority in both aisles of the legislature have shown a degree of stupidity unparalleled since Nero was emperor in Rome in killing the golden goose that could have made New York a mecca for high tech communications. Modern communications in New York by political fiat will have to consist of semaphor flags and smoke signals while the remainder of the world outside our third-world state go digital. This particular episode proves that New York's political system is so corrupt and so incredibly inept that citizens of New York really have to give serious consideration to drastic measures against our state government including voting out every single politician in statewide office. I am particularly dismayed that this tax law was kept SO secret while being nursed through the legislative process that no one knew about it at all, including the Senate. Not a single one of my contacts was able to find out about any of this in advance. Even the notification from Tax and Finance a mere three days before its enactment was incredible and unprecedented. This latest folly will have no effect on free bulletin boards such as Friends & Lovers, but it will be murder on those services run by those who thought New York might have permitted them to eek out a living with a computer and a modem. Thirteen percent sales tax? Think about that number a little bit. The morons we elected have gone and done it. Do we really think they're done yet? Are you REALLY going to vote for the same guy again in the Assembly, the Senate, or the State house? Or are you going to make use of your digital communications while there is still a dialtone? Is Bill Clinton watching New York's government and is Bill Clinton REALLY going to sit idly by and let our bozos in Albany get away with it? Information superhighway ... ptooey! [...] The biggest threats to the use of cyberspace are NOT going to come out those committees and state organizations that deal directly with coputes, the Internet or other on-line services, but from places like the Finance committeess, etc, who see the use of the Internet and other services as a way of helping to fill the state's coffers. If we are going to educate anybody within the government, it MUST be those who seem to have the least sake in cyberspace. As Kevin so rightely pointed out, the boays in Finance and over at T&F have effectively put the Internet, CompuServe, GEnie and other commercial on-line services out of the reach of those who might benefit MOST from the use of such services. In some areas of the state the extra 5% that they just tacked onto the bill could bring the total coast closer to 20% rather than the 13% it does in ALbany. Worst part is, that the legislation that authorizes such things is often buried in the middle of bills that take weeks to read owing to their sheer size. Our information highway is going to become a dead end dirt road if things like this continue in NY. STATE OF NEW YORK SLAPS 13 PERCENT SALES TAX ON INFORMATION SUPERHIGHWAY ------------------------------------------------------------------------ The following is a complete electronic transcript of a bulletin issued by the New York State Department of Taxation and Finance and was received by Friends & Lovers BBS on Saturday, August 28, 1993. (begin T&F document) New York State Department of Taxation and Finance N-93-20 (8/93) IMPORTANT NOTICE Increase in Tax Rate Applicable to Entertainment and information Services Provided by Means of Telephony or Telegraphy Effective September 1, 1993, there will be an additional state sales tax at the rate of 5% added to the existing 4% state sales tax imposed on receipts from the services of furnishing or providing an entertainment or information service which is furnished, provided or delivered by means of telephony or telegraphy or telephone or telegraph service of whatever nature (see section 1105(c)(9) of the Tax Law). The treatment of these services for sales tax purposes remains identical to the existing treatment except as to rate. Thus, the only change is that the state sales tax rate on such services has been increased from 4% to 9%. The Municipal Assistance Corporation sales taxes (section 1107 of the Tax Law), the Metropolitan Commuter Transportation District sales taxes (section 1109 of the Tax Law) and local sales taxes imposed pursuant to the authority of Article 29 of the Tax Law are to be added to the aforementioned 9% state sales tax rate. Example: A person residing in New York State subscribes to an entertainment service that is provided by telephony. The entertainment service recipient receives the service on a monthly basis and is charged for the service directly on the bill for telephone service. Prior to September 1, 1993, both the telephone service and the entertainment service were subject to an 8% sales tax (4% state, 4% local). However, any entertainment service provided after September 1, 1993 will be subject to a 13% sales tax (9% state, 4% local). There is no change in the rate of tax imposed on the telephone service which remains at 8%. The affected services contracted for or paid for prior to September 1, 1993 will be subject to the additional state sales tax if they are rendered after September 1, 1993. A new line and reporting code has been added to the sales and use tax return in order to report the additional state sales tax imposed on such services. Entertainment and information services provided or delivered by means of telephony or telegraphy or telephone or telegraph service include ALL such services delivered by such means. These services are taxable, and subject to tax at the higher rate and the applicable local tax rate, whether provided through 500, 700, 800 or 900 telephone numbers, as well as those delivered by local exchange, private telephone line, cable, or channel. It should be kept in mind that the services subject to tax at the increased rate are distinct from telephone or telegraph services subject to tax under section 1105(b) of the Tax Law. Collecting, compiling or analyzing information of any kind and reporting such information to other persons by means of telephony or telegraphy or telephone or telegraph service constitutes the rendering of an information service subject to tax at the increased state tax rate as well as the applicable local sales tax, unless otherwise exempt. Information services that are currently subject to tax when furnished in written form by printed, mimeographed or multigraphed matter or duplicating written or printed matter, such as tapes, disc, electronic readouts or displays, continue to be subject to tax at the 4% state tax rate and the applicable local tax (see section 1105(c)(1) of the Tax Law). The higher sales tax rate applies to all charges for the service by the vendor to the customer which are subject to tax pursuant to section 1105(c)(9) of the Tax Law. A fee for subscribing to a taxable entertainment or information service (taxable under section 1105(c)(9) of the Tax Law) that is billed on a monthly, annual or other basis is taxable at the new rate. Membership or other fees entitling the subscriber to receive by means of telephony, telegraphy, a certain number of free reports or services, or reduced charges on reports or services, are also taxable at the new state tax rate. No tax is due if the vendor makes no charge for the services. Tax is to be separately stated on the recipient's telephone bill, credit card charge receipt or any other bill issued for such services. The increased state tax rate does not apply to any receipts from the sale of information services that are not subject to tax under section 1105(c)(1) of the Tax Law. These include an information service which is personal or individual in nature and is not or may not be substantially incorporated into reports furnished to other persons by the person who collected, compiled or analyzed the information. Examples of such services include a personalized management report delivered orally over the telephone, or an insurance damage appraisal conveyed over the telephone. Also, purchases of information services by newspapers or radio and television broadcasters that are used in the collection and dissemination of news are exempt from sales tax. In addition, the increased state sales tax rate does not apply to charges made to organizations and entities (such as government agencies, exempt organizations, etc.) that are exempt from the general sales and use tax in accordance with section 1116(a) of the Tax Law. Documentation which substantiates exemption from the state and local sales tax for such organizations will likewise serve to exempt such organizations from the additional 5% state sales tax. When exempt entertainment services or exempt information services are being billed by a person other than the actual exempt provider of the services, the actual provider must give an exempt certification document, form ST-930, Certification of Nontaxable Services Provided Via Telephony or Telegraphy or Telephone or Telegraph Services, to the person who will be doing the billing in order that sales tax (including the increased state sales tax) will not be charged on the exempt services. This sales tax exempt certification document may not be issued unless the person issuing the document is registered to collect sales tax or is specifically exempt under section 1116(a) of the New York State Tax Law (and, if required issued a Form ST-119, Exempt Organization Certificate). When any person, affiliate or agent other than the actual provider of entertainment or information services bills the recipient of the services on behalf of the provider, that person will be deemed a vendor of the service for sales tax purposes and will be liable for all the obligations of a vendor. Such obligations include collecting, reporting, and remitting the sales tax (including the additional 5% state tax) due on entertainment and information services which are furnished, provided or delivered by means of telephony or telegraphy or telephone or telegraph services. A person deemed a vendor of these services is entitled to and possesses all the rights afforded a vendor, including the right to an exclusion or a credit or refund of tax as provided in section 1132(c) of the New York State Tax Law with respect to such services. The person providing the billing service, whetyher doing the actual billing or or having the billing done by an affiliate or agent, will be deemed to be a vendor of entertainment or information services when the charges for the services are wither listed as part of, or as a schedule to the statement of such person to its customers, or are billed separately. The term affiliate means an entity which: - directly, indirectly or constructively controls a person deemed a vendor of entertainment or information services. - is controlled by a person deemed a vendor of entertainment or information services - is controlled by a common parent who also controls a person deemed a vendor of entertainment or information services. The designation of a person as a vendor, by virtue of such person performing the billing of charges on behalf of the actual provider of entertainment or information services, in no way limits the obligations or removes the liabilities of the actual provider of such services or any other person with respect to the sales tax imposed on these services. (end of T&F bulletin N-93-20 [8/93]) -------------------------------------------------------------------------- ==========================================================================