From jkyser at netcom.com Wed Dec 1 00:22:16 1993 From: jkyser at netcom.com (Jeff Kyser) Date: Wed, 1 Dec 93 00:22:16 PST Subject: Fedworld BBS Info Message-ID: <199312010820.AAA26088@mail.netcom.com> Somewhat off topic, but for those of you interested in government information, there is a BBS called FEDWORLD which has gateways into 100+ federal BBS systems. It can be reached via telnet to fedworld.gov. Following is a list of the federal systems that can be reached through the gateway: 2:ALF (USDA) :National Agricultural Library BBS 3:ALIX (Lib of Congress) :Automated Library Information eXchange 4:BOM-BBN(Dept of Interior):Bureau of Mines-Bulletin Board Network 5:ISM-SIS (IRS) :ISM Support Info System 6:CIC-BBS (GSA) :Consumer Information Center 7:CLU-IN (EPA) :Superfund Data and Information 8:CPO-BBS (Census) :Lists open jobs at the Census Dept 9:CRS-BBS (Dept of Justice):Amer. With Disabilities Act Info 10:Computer Security (NIST) :Computer Sys Lab Computer Security BBS 11:DCBBS (DC Govt) :DC Government Information 12:DMIE (NIST/CSL) :NIST/CSL Data Management Information 13:EBB (Dept of Commerce) :Economic data and information 14:ELISA System (DoD) :DoD Export License Tracking System 15:GSA/IRM BBS (GSA) :Information Resources Management Issues 16:EPUB (Dept of Energy) :Energy information and data 17:FDA's BBS (FDA) :FDA info and policies 18:FDA/DMMS (FDA) :PMA, IDE, 510k & guidance documents 19:FERC-CIPS BBS(Dof Energy):Fed Energy Regulatory Commission 20:FEBBS (Fed Highway Admin):FHWA information and data 21:FRBBS (NIST) :FRBBS - Info on Fire Research 22:FEDERAL BBS (GPO) :GPO and Govt Data (Fee Based) 23:OSS-BBS (GSA) :GSA On-line Schedules System 24:Eximbank BBS :Export/Import Bank data and info. 25:JAG-NET (U.S. Navy) :Navy Judge Advocate General 26:Labor News(Dept of Labor):Dept of Labor information and files 27:Megawatt 1(DofEnergy) :Information on energy and DoE 28:NADAP (US Navy) :Navy Drug and Alcohol Abuse Prevention 29:NAVTASC (US Navy) :NAVCOMTELSTA Washington DC 30:EHSC-DDS :Army Engineering & Housing 31:NDB-BBS(Dept of Agricul) :Human Nutrition Information Service 32:NSSDC\NASA\Goddard :The NASA NODIS Locator System. 33:1040 BBS (IRS) :Electronic Tax Filing Information 34:SBB-BB (Treasury) :Surety Bond Branch, Circular 570 35:OIS (Bureau of Prisons) :US Bureau of Prison employees 36:SBIR-BBS (NASA) :NASA Small Business Innovation Research 37:WTIE-BBS (EPA) :Wastewater Treatment Info Exchange 38:QED-BBS (USGS) :Quick Epicenter Determ and EQ data 39:SALEMDUG-BBS (FEMA) :State and local FEMA user groups 40:SBA On Line (SBA) :SBA Information and data (9600 bps) 41:SBA On Line (SBA) :SBA Information & Data (2400 bps) 42:SBAI-BBS (SBA) :Small Bus. Admin internal BBS 43:Sample Weather Data (NWS):Sample data from Fee Based System 44:OPM Mainstreet :OPM - Job Info, Personnel Guidance 45:TELENEWS(Dept of Energy) :Data and info on Fossil fuels 46:USA-GPCS BBS (US Army) :Army Info System Software 47:USCS-BBS (Customs) :Customs and Exchange Rate Data & Info 48:USGS-BBS (USGS) :Geological Survey BBS/CD-ROM Info 49:NLPBB (Navy) :CNO's Navy Leadership Policy BB 50:FMS-BBS (U.S. Treas) :Inventory management data & programs 51:OASH-BBS (HHS) :Health & AIDS Information & Reports 52:FEDIX :Links Fed Data to Higher Education 53:DASC-ZE(Def Log Agency) :PC Info and files 54:GPSIC (Coast Guard) :GPS, Loran & Omega Info/status 55:NGCR-BBS (US Navy) :Next Generation Computer Resources Stan 56:PPIC-BBS (EPA) :Pollu. Preven, Clean Product, Ozone 57:Gulfline (EPA&NOAA) :Gulf Coast Pollution Information 58:FAA Safety Exchange (FAA):Small Plane Safety Reports & info 59:NTIS QuikSERVICE (NTIS) :Order NTIS Documents Online 60:LC News Service (LOC) :Library of Congress News Service 61:STIS (NSF) :Science & Technology Information System 62:MI-BBS (DoE) :DoE Minority Impact Bulletin Board 63:TECH SPECS (NRC) :Technical Specifications Improvement Pr 64:Census-BEA (Census) :Census BEA Electronic Forum 65:IHS-BBS (HHS) :Indian Health Service BBS 66:NOAA-ESDD (NOAA) :NOAA Environmental Services Data Direct 67:Offshore-BBS (Interior) :Off Shore Oil & Gas Data 68:TQM-BBS (T. Glenn) :Total Quality Management 69:NIDR Online (NIH) :Nat. Institute of Dental Research 70:NIHGL (NIH) :Nat. Inst. of Health Grant Line BBS 71:PayPerNet #1 (OPM) :Fed. Pay & Performance Management BBS 72:PayPerNet #2 (OPM) :Fed. Pay & Performance Management 73:CASUCOM (GSA) :Interagency Shared Services/Resources 74:ATTIC (EPA) :Alternative Treatment Tech Info Center 75:NCJRS-BBS (DofJustice) :National Criminal Justice Reference Sy 76:DRIPSS (EPA) :Drinking Water Info Processing Support 77:PIM BBS (EPA) :Pesticide Information Network 78:SWICH BBS (EPA&SWANA) :Solid Waste Management 79:NPS-BBS (EPA) :Nonpoint Source Program BBS 80:OEA BBS (DofInterior) :Interior's Off of Environment. Affairs 81:Metro-Net (US Army) :Army Morale, Welfare, and Recreation 82:CABB (Dof State) :Passport Info/ Travel Alerts 83:BUPERS Access (US Navy) :Navy Personnel Information 84:FCC-State Link (FCC) :FCC daily digest & carrier stats/report 85:HUD-N&E BB (HUD) :HUD News & Events BB. Press Releases 87:FREND #1 (Natl Archives) :Fed. Register Electronic News Delivery 88:FREND #2 (Natl Archives) :Fed. Register Electronic News Delivery 89:NHS-BBS (HHS) :National Head Start BBS 90:WSCA-BBS (Dof Labor) :Board of Wage & Service Contract Appeal 91:TEBBS (OGE) :Office of Government Ethics BBS 92:HSETC MD (U.S. Navy) :Naval Health Sci Edu & Training Command 93:PPCUG/RDAMIS (DoD) :Pentagon Users Group BBS 95:CBEE (Coast Guard) :Coast Guard On-Line Magazine & News 96:ATD BBS (FAA) :Air Transport Div. BBS 97:ATOS-BBS (FAA) :Air Traffic Operations Service BBS 98:AEE BBS (FAA) :FAA Office of Environment & Energy 99:OCA BBS (PRC) :Postal Rate Commission/Consumer Advocat 100:GEMI (GSA) :GSA Electronic Management Information 101:Airports BBS #1 (FAA) :Airport operators and designers 102:EnviroNET (NASA) :Space Environment Information Service 103:FAA HQ BBS (FAA) :FAA Headquarters BBS 104:IRS-SOI (IRS) :Public Taxpayer Statistical Information 105:ARA-BBS (FAA) :Aviation Rulemaking Advisory BBS 106:IIAC BBS (US Army) :Integration & Analysis Center BBS 108:ACF-BBS (HHS) :Admin. for Children and Families 109:NTIA-BBS (Dof Commerce) :Radio Freq. Management Issues 110:ED Board (Dept of Ed) :Dept of Ed Grant & Contract Info 111:BHPr-BBS (HHS) :Medical & Health Services Information 112:Marine Data BBS (NOAA) :Marine Databases & Files 113:Call-ERS BBS (USDA) :Agriculture Economic Research Info 114:Call ERS (USDA) :Economic Research Line Service Line 2 115:ABLE INFORM (Dof Ed) :Disability & Rehab Data & Info 116:PTO-BBS (PTO) :Patent and Trademark Office BBS 117:PerManNet (Dof State) :US Agency for International Development 118:Quick Facts! (NIAAA/HHS) :Alcohol Abuse & Alcoholism Information 123:IBNS/OMPAT BBS (DoD) :Military Performance Assessement 124:EDOS (DC Crt Appeals) :US Court of Appeals, District of Columb 125:RSA-BBS (RSA) :Rehabilitation Services Administration 126:FRESBB (GSA) :Federal Real Estate Sales Bulletin Boar 128:NCUA BBS (NCUA) :National Credit Union Administration 129:NBCI-BBS (USDA) :Natl Biological Control Institute 130:OECI-BBS (DOC&DoD) :Defense Conversion Information -- Jeff Kyser PGP 2.3 public key available via finger jkyser at netcom.com " " From karn at qualcomm.com Wed Dec 1 01:37:53 1993 From: karn at qualcomm.com (Phil Karn) Date: Wed, 1 Dec 93 01:37:53 PST Subject: Cryptosplit 2.0 In-Reply-To: <9311290404.AA27229@jobe.shell.portal.com> Message-ID: <199312010933.BAA27774@servo> >One possible application is to split up your PGP secret key file this >way and distribute the pieces to trusted friends such that several of >them have to cooperate to recover your key. Then if you accidentally lose >your key you can get the pieces back from your friends. I don't need to worry much about losing my secret key. I can keep as many backup copies as I like, in as many different places as I like -- all securely encrypted with my passphrase. The application for secret sharing would be to allow some subset of trusted people to regenerate your secret key *without your assistance*. I could see several situations in which a voluntary scheme like this could be useful, the main one being if you were to die unexpectedly. Phil From kpj at sics.se Wed Dec 1 01:52:18 1993 From: kpj at sics.se (KPJ Jaakkola) Date: Wed, 1 Dec 93 01:52:18 PST Subject: CORR: WiReD gopher host In-Reply-To: <9311301835.AA00579@bsu-cs.bsu.edu> Message-ID: <9312010948.AA04752@sics.se> Apparently mail agent Anonymous wrote: | Newsgroups: comp.org.eff.talk,alt.wired | From: kadie at cs.uiuc.edu (Carl M Kadie) | Subject: Wired Magazine's gopher | Message-ID: | Organization: University of Illinois, Dept. of Comp. Sci., Urbana, IL | Date: Tue, 30 Nov 1993 17:06:46 GMT | | Wired Magazine has a gopher. It includes many articles. Try | gopher gopher.wired.edu [REST OF TEXT DELETED] | Carl Kadie -- I do not represent any organization; this is just me. | = kadie at cs.uiuc.edu = The host name gopher.wired.edu is not recognized. The host address gopher.wired.com, however, is. - - - - - Type=1 Name=WiReD Path= Host=gopher.wired.com Port=70 - - - - - From an5877 at anon.penet.fi Wed Dec 1 03:22:19 1993 From: an5877 at anon.penet.fi (deadbeat) Date: Wed, 1 Dec 93 03:22:19 PST Subject: Signing Keys for Nyms and Digibank Users Message-ID: <9312011118.AA27394@anon.penet.fi> -----BEGIN PGP SIGNED MESSAGE----- > If I remember right, none of these people puts a PGP Key ID or fingerprint > in their posting signatures, so I don't have that clue available - > that would increase my confidence a lot. But I still couldn't be sure. Suppose one were an anon at penet.fi subscriber, and that one were strict in digitally signing all messages, and that one's public key were available from the PGP public key servers, and that one conducted affairs in this way for a lengthy period. Would the confluence of the Email identification in the digitally signed message with the identity on the PGP public key along with the presumption of good identity management on the Finnish remailer be of sufficient weight to convince you to sign one's PGP public key? Would existing signatures on a PGP public key influence your decision? DEADBEAT -----BEGIN PGP SIGNATURE----- Version: 2.3a iQBFAgUBLPxHnvFZTpBW/B35AQF68AF+LqDXWrjntXqW0bqgdIETD+aOddCAvJIA J02n5sreNbTv/1beDYpL1vQiA/3vHZOl =MH5W -----END PGP SIGNATURE----- ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From frissell at panix.com Wed Dec 1 07:13:10 1993 From: frissell at panix.com (Duncan Frissell) Date: Wed, 1 Dec 93 07:13:10 PST Subject: NSA Insecure Remailers? Message-ID: <199312011512.AA00807@panix.com> A >probably only the NSA and some defense agency we haven't A >yet heard of are actually performing this analysis right now. But A >given the declining price of storage media, even saving everything on A >magnetic media and paying $1000/gig, it only costs about US$8.7 million A >to keep a year's worth of traffic headers around (media cost). A > A >So what? So what indeed. Why oh why do we waste so much time seeking systems that are mathematically unbreakable. You don't need mathematically unbreakable systems to have a free market on the nets. It costs a minimum of $50K to start a federal criminal prosecution (that is if the perp is inside the US). This means that the feds can only afford a few tens of thousands a year. When you add incarceration costs it quickly becomes very difficult. This being the case, they are dependent on your obedience for law enforcement success. Like any predator, the government must gain more energy from the kill than it expends on the hunt. Otherwise it weakens and dies. Did you know that fewer than 1000 people are convicted of federal tax evasion every year. Your obedience is in turn dependent on your view of whether or not obedience is right and on your fear of punishment. Quite apart from computer networks both the ideology of obedience and the fear of punishment have been declining. Net society further weakens both of these factors. The consensual hallucination that is rule by others seems more threadbare every year. The DDR border guards had the machine guns to fire on the crowds at the Berlin Wall on 10 Nov 1989. It was not mechanical failure or a magic shield that prevented them from firing. It was simply because a change had occurred in the minds of the citizenry (and in their own minds). Sure the feds can nuke your house. Would that gain them anything? It would cost more than it was worth. What they can't do is sit down next to every person on earth (or on the nets) and intimidate them. In the past it didn't matter because almost everyone was a peasant bound to the soil. As you keep piling technology and market opportunities (choices) on individuals, their power increases. Governance of others is hard enough when those governed are weak. It rapidly becomes impossible as they gain strength. Today and in the future, those who "move like Gods through cyberspace" will be much harder to control particularly since such controls will depend not on guns but on them convincing us that we are not free. DCF "They would not leave him alone." -- The first line of what relevant work of fiction? --- WinQwk 2.0b#1165 From mech at eff.org Wed Dec 1 09:28:19 1993 From: mech at eff.org (Stanton McCandlish) Date: Wed, 1 Dec 93 09:28:19 PST Subject: "CYPHERPUNK CRIMINAL" t-shirts Message-ID: <199312011727.MAA13221@eff.org> The "CYPHERPUNK CRIMINAL" t-shirt project is now being handled by: Christian Void I've passed on all queries and "I want one!" messages to him, so no need to resend them. -- Stanton McCandlish mech at eff.org 1:109/1103 EFF Online Activist & SysOp O P E N P L A T F O R M C R Y P T O P O L I C Y O N L I N E R I G H T S N E T W O R K I N G V I R T U A L C U L T U R E I N F O : M E M B E R S H I P @ E F F . O R G From peb at PROCASE.COM Wed Dec 1 09:58:11 1993 From: peb at PROCASE.COM (Paul Baclace) Date: Wed, 1 Dec 93 09:58:11 PST Subject: Factor Breakthru! Message-ID: <9312011756.AA19523@ada.procase.com> Factoring is only one method. Case in point: solving the game of Go has been proven to take exponential time *and* exponential space. An encryption algorithm based on it could potentially be very hard, although there are subtleties about trap doors and the cost of key generation and use... Paul E. Baclace peb at procase.com P.S.: I'm installing procmail over here...get version v2.91 (I fixed a segv in v2.61 [on SunOS] yesterday and should have just picked up the newer version first.) From frissell at panix.com Wed Dec 1 09:58:12 1993 From: frissell at panix.com (Duncan Frissell) Date: Wed, 1 Dec 93 09:58:12 PST Subject: Knights who say NII ( Message-ID: <199312011753.AA01618@panix.com> M >Government is not the only potential source of harm--private industry M >can be plenty harmful. Prove it. Sans guns there's not much private institutions can do. That's the problem with letting leftists hang around here. (Just kidding folks.) They're not worried about governments with nukes and centuries of a tradition of slaughtering millions of people but they are worried about private entities who've hardly killed anyone. Most NGO (non governmental organization) problems are actually misclassifications. Analysts confusing NGO+Government conspiracies with NGOs alone. I can live next to a Chevy dealer for 80 years without him sending armed men next door to my house to get me to buy a car. Bell Atlantic is a bad thing only because it used to have a government granted local loop monopoly. Since that monopoly is as dead as a doornail no matter what Bell Atlantic or the government thinks about the matter, BA (and indeed the government itself) are just market actors. As soon as we (and they) recognize their new status, we'll be better off. May you live in interesting times. DCF --- WinQwk 2.0b#1165 From frissell at panix.com Wed Dec 1 09:58:15 1993 From: frissell at panix.com (Duncan Frissell) Date: Wed, 1 Dec 93 09:58:15 PST Subject: EFF Op-Ed from the NY Tim Message-ID: <199312011753.AA01622@panix.com> N >The amount of electronic material the superhighway can carry is N >dizzying compared to the relatively narrow range of broadcast TV and N >the limited number of cable channels. Properly constructed and N >regulated, it could be open to all who wish to speak, publish and N >communicate. How is it possible to prevent it with or without government action. Since the information superhighway will be carrying "phone calls" and since there will be absolutely no difference between "phone calls" and everything else on the system, "phone calls" can carry everything. If we don't like corporate offerings "phone calls" can be used to disseminate whatever we like. Phone and cable services were limited because they were government monopolies. The only way to assure that future networks don't suffer from these problems, is to eliminate government regulation/monopoly. The market smashed IBMs closed platform computer system without government help. There is no risk that Bell Atlantic could impose a closed network system unless the government helps it. To the contrary, I doubt if they would be able to do it even *with* government help. And another thing. I'm sick and tired of moaning about cost. Services are virtually free today and prices can go nowhere but down. There are homeless people on the streets of NY with Internet accounts. The hardware cost of a computer is essentially zero. What exactly is the fair market value of a Commodore Vic 20 and a Commodore 300 baud modem. I know I can get an XT+1200 baud modem + shareware comms program for circa $100 at any computer show in NJ. Once your local loop monopoly is broken, local phone service will be dirt cheap. Network Email connections via local BBS are cheap. AT&T Mail charges a big $3/month for an Email account (with 800 number). Most network services are reachable via Email gateways. The real prices of almost all open market goods have fallen dramatically since WWII. This has particularly been the case in telecoms and electronics. This decline will continue. We need market discipline not government discipline to open up network access. DCF --- WinQwk 2.0b#1165 From an48848 at anon.penet.fi Wed Dec 1 10:02:23 1993 From: an48848 at anon.penet.fi (an48848 at anon.penet.fi) Date: Wed, 1 Dec 93 10:02:23 PST Subject: Who is this Detweiler guy anyway? Message-ID: <9312011800.AA23062@anon.penet.fi> As a fairly recent addition to this list, I'm unfamilliar with the history of cypherpunks. Can anyone enlighten me? Thanks. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From dmandl at lehman.com Wed Dec 1 11:08:13 1993 From: dmandl at lehman.com (David Mandl) Date: Wed, 1 Dec 93 11:08:13 PST Subject: EFF Op-Ed from the NY Tim Message-ID: <9312011905.AA21822@disvnm2.lehman.com> > From: Duncan Frissell > > And another thing. I'm sick and tired of moaning about cost. Services > are virtually free today and prices can go nowhere but down. There are > homeless people on the streets of NY with Internet accounts. Got a list of their names? --Dave. From tcmay at netcom.com Wed Dec 1 11:28:14 1993 From: tcmay at netcom.com (Timothy C. May) Date: Wed, 1 Dec 93 11:28:14 PST Subject: Two items from recent magazines... Message-ID: <199312011925.LAA09377@mail.netcom.com> Two items form recent magazines: * "Time" (on the newstands now) has an article on the Internet and its rapid growth and uses John Gilmore's wonderful quote: "The Internet interprets censorship as damage and routes around it." (may not be his exact phrasing) * Pseudospoofing detectors? "The Economist," November 20, has an article "Hidden Agenda" which describes how an outfit named CHI Research in New Jersey uses its 12-year data base of U.S. patents to determine who is really doing what. Apparently some companies try to obscure what they're doing by using different "inventors"...sounds fishy to me (I'd be pissed if my invention got credited to someone else). Anyway, CHI uses various techniques to deduce actual inventors, what companies are doing what, etc. Then he sells the conclusions. This fits with some of the themes we discuss here, both for our own use and in terms of what our opponents may be doing. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From gtoal at an-teallach.com Wed Dec 1 11:38:14 1993 From: gtoal at an-teallach.com (Graham Toal) Date: Wed, 1 Dec 93 11:38:14 PST Subject: Cryptosplit 2.0 Message-ID: <11678@an-teallach.com> In article <9311291648.AA25233 at jobe.shell.portal.com> hfinney at shell.portal.com "Hal Finney" writes: > I once proposed a DOS TSR (a "background" program) which would monitor > your keystrokes all day long and condense the timing data into a file > full of random bits. Then you'd use up the bits when you needed to do > cryptography. I haven't learned enough about DOS to write such a > thing, though. I'm doing this for unix this weekend. One very important point to note: only take *one* bit of random data per keystroke, and take it by ex-oring every single bit in the clock() value - that way you make sure the randomly fluctuating one is in there - because on some systems the bottom bit might always be 0, if the resolution of the clock is low. Also, think about the problems if you have a function that returns milliseconds but the hardware clock is one tick, say, every 1/17 sec... G -- Personal mail to gtoal at gtoal.com (I read it in the evenings) Business mail to gtoal at an-teallach.com (Be careful with the spelling!) Faxes to An Teallach Limited: +44 31 662 4678 Voice: +44 31 668 1550 x212 From gtoal at an-teallach.com Wed Dec 1 11:38:14 1993 From: gtoal at an-teallach.com (Graham Toal) Date: Wed, 1 Dec 93 11:38:14 PST Subject: Let's Talk About Solutions Message-ID: <11679@an-teallach.com> In article <199311291601.LAA15061 at eff.org> mnemonic at eff.org "Mike Godwin" writes: > For some, adequate solutions may already be in place. But I note that for > "mere users" (as distinct from sophisticated users and programmers), > current filtering tools are difficult to use. What can make this better? So, you have an objection to the net evolving into a technocratic class system? I see nothing wrong with letting people suffer who haven't the competancy to protect themselves for net.idiots. That's practically the entire basis of the Amercian enconomic system after all... G -- Personal mail to gtoal at gtoal.com (I read it in the evenings) Business mail to gtoal at an-teallach.com (Be careful with the spelling!) Faxes to An Teallach Limited: +44 31 662 4678 Voice: +44 31 668 1550 x212 From gtoal at an-teallach.com Wed Dec 1 11:42:23 1993 From: gtoal at an-teallach.com (Graham Toal) Date: Wed, 1 Dec 93 11:42:23 PST Subject: Let's Talk About Solutions Message-ID: <11680@an-teallach.com> In article <9311291759.AA00573 at snark.lehman.com> pmetzger at lehman.com writes: > As a practice, removing people is simple, cheap, and astonishingly > effective. > > Perry Bye Perry! (What, you don't think you'd be one of the first to be kicked out if we started doing that here? Cast your bread apon the waters and it will be returned to you manyfold...) G -- Personal mail to gtoal at gtoal.com (I read it in the evenings) Business mail to gtoal at an-teallach.com (Be careful with the spelling!) Faxes to An Teallach Limited: +44 31 662 4678 Voice: +44 31 668 1550 x212 From banisar at washofc.cpsr.org Wed Dec 1 11:43:14 1993 From: banisar at washofc.cpsr.org (Dave Banisar) Date: Wed, 1 Dec 93 11:43:14 PST Subject: New Docs Reveal NSA Role in Message-ID: <00541.2837600133.1215@washofc.cpsr.org> New Docs Reveal NSA Role in Telephony Proposal >From the CPSR Alert 2.06 (Dec. 1, 1993) New Docs Reveal NSA Involvement in Digital Telephony Proposal A series of memoranda received by CPSR from the Department of Commerce last week indicate that the National Security Agency was actively involved in the 1992 FBI Digital Telephony Proposal. Two weeks ago, documents received by CPSR indicated that the FBI proposal, code named "Operation Root Canal," was pushed forward even after reports from the field found no cases where electronic surveillance was hampered by new technologies. The documents also revealed that the Digital Signature Standard was viewed by the FBI as "[t]he first step in our plan to deal with the encryption issue." The earliest memo is dated July 5, 1991, just a few weeks after the Senate withdrew a Sense of Congress provision from S-266, the Omnibus Crime Bill of 1991, that encouraged service and equipment providers to ensure that their equipment would "permit the government to obtain the plain text contents of voice, data and other communications...." The documents consist of a series of fax transmittal sheets and memos from the Office of Legal Counsel in the Department of Commerce to the National Security Agency. Many attachments and drafts, including more detailed descriptions of the NSA's proposals, were withheld or released with substantial deletions. Also included in the documents is a previously released public statement by the National Telecommunications and Information Administration entitled "Technological Competitiveness and Policy Concerns." The document was requested by Rep. Jack Brooks and states that the proposal could obstruct or distort telecommunications technology development by limiting fiber optic transmission, ISDN, digital cellular services and other technologies until they are modified, ... could impair the security of business communications ... that could facilitate not only lawful government interception, but unlawful interception by others, [and] could impose industries ability to offer new services and technologies. CPSR is planning to appeal the Commerce Department's decision to withhold many of the documents. To subscribe to the Alert, send the message: "subscribe cpsr " (without quotes or brackets) to listserv at gwuvm.gwu.edu. Back issues of the Alert are available at the CPSR Internet Library FTP/WAIS/Gopher cpsr.org /cpsr/alert Computer Professionals for Social Responsibility is a national, non-partisan, public-interest organization dedicated to understanding and directing the impact of computers on society. Founded in 1981, CPSR has 2000 members from all over the world and 22 chapters across the country. Our National Advisory Board includes a Nobel laureate and three winners of the Turing Award, the highest honor in computer science. Membership is open to everyone. For more information, please contact: cpsr at cpsr.org or visit the CPSR discussion conferences on The Well (well.sf.ca.us) or Mindvox (phantom.com). From gtoal at an-teallach.com Wed Dec 1 11:52:23 1993 From: gtoal at an-teallach.com (Graham Toal) Date: Wed, 1 Dec 93 11:52:23 PST Subject: NEW: Cypherwonks (fwd) Message-ID: <11681@an-teallach.com> In article arthurc at crl.com "Arthur Chandler" writes: > I'm assuming, of course, that it's not a spoof. Oh come on, Julf is a European. Even if Lance doesn't have the sense to realise it would be called 'cypherWanks' within 10 seconds of the announcement, Julf certainly would. Obviously Arthur Chandler is An ARM of the MEDUSA :) G -- Personal mail to gtoal at gtoal.com (I read it in the evenings) Business mail to gtoal at an-teallach.com (Be careful with the spelling!) Faxes to An Teallach Limited: +44 31 662 4678 Voice: +44 31 668 1550 x212 From an48848 at anon.penet.fi Wed Dec 1 11:53:14 1993 From: an48848 at anon.penet.fi (an48848 at anon.penet.fi) Date: Wed, 1 Dec 93 11:53:14 PST Subject: New anonymous list member (?) Message-ID: <9312011951.AA11262@anon.penet.fi> Mike McNally : m5 at tivoli.com writes: > Is it an indication that LD's persistance has paid off that my first > reaction to the above (probably innocent) query was to egrep through > my archived cypherpunks stuff to see whether LD has ever misspelled > "familiar"? (He hasn't, as far as I can tell...) > Sigh. wELL, leT ME just SaY this. I intonenTonally misSpell and Change TYPEING StylES WHEN i wanT tO BE ANon. It MAkes THiNGs thaT mUch more DIFfiCulT. I HAVe a UtiliTY that DOEs thIs for ME. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From pmetzger at lehman.com Wed Dec 1 12:12:25 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Wed, 1 Dec 93 12:12:25 PST Subject: Let's Talk About Solutions In-Reply-To: <11680@an-teallach.com> Message-ID: <9312012010.AA11972@snark.lehman.com> Graham Toal says: > In article <9311291759.AA00573 at snark.lehman.com> pmetzger at lehman.com writes: > > As a practice, removing people is simple, cheap, and astonishingly > > effective. > > > > Perry > > Bye Perry! (What, you don't think you'd be one of the first to be > kicked out if we started doing that here? Cast your bread apon the > waters and it will be returned to you manyfold...) I don't CARE if I'd be the first one kicked off. I could always start another list, and nothing can stop me from sending mail to any of the people on the list I'd actually want to talk to. I've run lists over the years, and I've kicked people off of them (never been kicked off of one, but there is always a first time.) Kicking people off is a very simple strategy for dealing with unwanted guests, very much like the way you would likely kick someone who you didn't like out of your living room. Assuming you DON'T feel its your right to kick people out of your living room, I hope you don't mind if I forward your address to your neighborhood homeless population. Perry From mnemonic at eff.org Wed Dec 1 12:22:25 1993 From: mnemonic at eff.org (Mike Godwin) Date: Wed, 1 Dec 93 12:22:25 PST Subject: Let's Talk About Solutions In-Reply-To: <11679@an-teallach.com> Message-ID: <199312012018.PAA15543@eff.org> Graham Toal writes: > So, you have an objection to the net evolving into a technocratic class > system? Well, yes. To the extent that tools remain the province of the elite, it is politically easy to take them away from that elite. --Mike From wex at media.mit.edu Wed Dec 1 13:22:27 1993 From: wex at media.mit.edu (Alan (Miburi-san) Wexelblat) Date: Wed, 1 Dec 93 13:22:27 PST Subject: Two items from recent magazines... In-Reply-To: <199312011925.LAA09377@mail.netcom.com> Message-ID: <9312012114.AA07097@media.mit.edu> W.R.T. using "fake" inventors. It's illegal to file a patent application without the true original inventor's name on it. If it can be proven that a company did this, it is liable for treble damages and the lawyer who filed the application can be disbarred. It's possible that companies might shuffle the order of names on an application so that someone's name doesn't keep showing up as primary applicant, but the inventor's name has to appear on the application somewhere. --Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard Media Lab - Advanced Human Interface Group wex at media.mit.edu Voice: 617-258-9168 Page: 617-945-1842 an53607 at anon.penet.fi "To pleasure!" "To passion!" "To paradise!" "To pain!" "Tonight!" From wex at media.mit.edu Wed Dec 1 13:23:18 1993 From: wex at media.mit.edu (Alan (Miburi-san) Wexelblat) Date: Wed, 1 Dec 93 13:23:18 PST Subject: Help the NII (if you want to) Message-ID: <9312012121.AA07576@media.mit.edu> ---------- Forwarded message ---------- Date: Wed, 01 Dec 1993 13:56:09 -0500 (EST) From: richard chimera - 522.1 To: hcil at cs.umd.edu, hcidc at cs.umd.edu, hciumd at cs.umd.edu, dis at umdd.umd.edu Subject: Help the NII (Natl Info Infrastructure) Article 12722 of comp.software-eng: Newsgroups: comp.software-eng,misc.int-property,misc.legal.computing Path: kong.gsfc.nasa.gov!cs.umd.edu!news.umbc.edu!eff!news.kei.com!eddie.mit.edu!news.mtholyoke.edu!world!srctran From: srctran at world.std.com (Gregory Aharonian) Subject: Patent Office seeks advice on information superhighway Message-ID: Organization: The World Public Access UNIX, Brookline, MA Date: Sun, 28 Nov 1993 20:56:45 GMT Lines: 41 Xref: kong.gsfc.nasa.gov comp.software-eng:12722 misc.int-property:2259 misc.legal.computing:4688 The Patent Office is soliciting suggestions and comments on intellectual property aspects of the National Information Infrastructure. (They had a public meeting on the 18th at the Patent Office). Some of the questions they seek comments on are: Is the existing copyright law adequate to protect the rights of those who will make their available via the NII? What statutory or regulatory changes, if any, should be made? Should standards or other requirements be adopted for the labeling or encoding of works available via the NII so that copyright owners and users can identify copyrighted works and the conditions for their use? Should a licensing system be developed for certain uses of any or all works available via the NII? If so, should there be a single type of licensing or should the NII support a multiplicity of licensing systems? What types of education programs might be developed to increase public awareness of intellectual property laws, their importance to the economy, and their application to works available via the NII. (More information can be found in the November 9, 1993 Official Gazette). You can send your ideas to the Patent Office up until December 10, 1993. Address your comments to: Terri Southwick c/o Commissioner of Patents and Trademarks US Patent and Trademark Office Box 4 Washington, DC 20231 fax: 703-305-8885 tel: 703-305-9300 Greg Aharonian Internet Patent News Service -- ************************************************************************** Greg Aharonian srctran at world.std.com Source Translation & Optimization 617-489-3727 P.O. Box 404, Belmont, MA 02178 From mcguirk at enuxsa.eas.asu.edu Wed Dec 1 13:28:18 1993 From: mcguirk at enuxsa.eas.asu.edu (Dan McGuirk) Date: Wed, 1 Dec 93 13:28:18 PST Subject: HP48 Crypto Message-ID: <199312012128.AA01302@enuxsa.eas.asu.edu> I'm interested in finding out what cryptographic tools, if any, are available for the HP48 calculator. I think someone mentioned that they were developing a challenge authentication system using the HP48 to ameliorate the problem of sending cleartext passwords during telnet sessions. Is this project still being worked on? Also, are there any multiple-precision math libraries available for the 48? Thanks for any information... From wcs at anchor.ho.att.com Wed Dec 1 13:28:19 1993 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Wed, 1 Dec 93 13:28:19 PST Subject: signing nyms Message-ID: <9312012056.AA01201@anchor.ho.att.com> Under the conditions Deadbeat described (long tradition of posting from anon-server with pgp signatures/keys, keys on the key server, etc., I might be willing to sign such a key. I wouldn't use my regular key to do it - I'd create one or more nym-signing keys, so people could tell that I know I'm signing a nym's key and it's less reliable than signing a physically-known person's key. To do it right, though, I'd have to have been saving keys for a while from that nym, since it's really hard to tell if a set of postings have really been from the same source, or if it's just a recent impersonation. I'd certainly need to send mail to the nym through the anon-server. I'd be a lot more comfortable, though, with a signature from the anon-server runners, since they at least know the real-side email address, and since they could also do something like automatic collection of signatures. It's still tappable, though, unless the anon-server only accepts encrypted mail on the non-anonymous side. Bill From corbet at stout.atd.ucar.EDU Wed Dec 1 14:22:23 1993 From: corbet at stout.atd.ucar.EDU (Jonathan Corbet) Date: Wed, 1 Dec 93 14:22:23 PST Subject: Two items from recent magazines... In-Reply-To: <9312012114.AA07097@media.mit.edu> Message-ID: <9312012218.AA27473@stout.atd.ucar.EDU> > W.R.T. using "fake" inventors. It's illegal to file a patent application > without the true original inventor's name on it. If it can be proven that a > company did this, it is liable for treble damages and the lawyer who filed > the application can be disbarred. It's not the inventors who are faked, according to the article -- it's the companies for whom they work. I forget the examples now (mag is at home), but these people have turned up corporations which file their patents under no end of front companies (tentacles? :-) so as to make it hard for their competitors to see what they are up to. It's by using the inventors' names that all this information is being pulled back together. Jonathan Corbet National Center for Atmospheric Research, Atmospheric Technology Division corbet at stout.atd.ucar.edu they are - and I haven't tried checking their articles to know what to look for to check whether an email request claiming to be from one of them looks unforged. If I remember right, none of these people puts a PGP Key ID or fingerprint in their posting signatures, so I don't have that clue available - that would increase my confidence a lot. But I still couldn't be sure. [This is the hitch in digital signatures isn't it? At least as far as those not issued from an authority are concerned. You are really signing for a location rather than anything else. You have no idea who has access to the secret key on the other side of the public or if the "who" is a "him" a "her" or "they." A signature is webbed in with the trust you give it. Tim May's signature means nothing if everyone knows that Tim and his close friends all use it even if the key only has the words "Tim May" on it. ++ Tim, I used your name because I want someone else to be the example today :) ++ Technically (for you grassy knoll types) the holder of a secret key could be quite dead and anyone might have taken up use. The dead key holder, or even the duress key holder, creates all sorts of problems if you are dealing with nym's or anonymous keys. Same problem with so-called "password" or "bearer" accounts. The money is only as secure as the protocol is secret. Subjectively different for each and every user. People like LD have to break past the barrier in concept and accept that a public key system with an open trust web just cannot be used to establish IDENTITY. With a properly structured web it approaches zero probability of "identity fraud," but never quite gets there. I'm not lying if I sign some key that I know to belong to a person who actively uses the name "564FR" All my signature says is that "at one time 564FR held this key and I trust him to send a revocation if there is a problem." NOT "This key is held by 564FR and 564FR alone, so help me (insert deity of choice)" Frankly I think this system is a lot MORE honest than a centralized system (which stinks to me of big government anyhow) because multiple signatures from several individuals represent different perspectives on identity. Chances are that if you have 6 nice signatures you managed to convince 6 very different people that the key is "yours" I trust this much more than some "trusted authority" which is likely to be neither trusted, nor an authority.] +++ On the other hand, if I really cared about preserving the anonymity of the nym-user, and it was somebody I knew in person, or myself, I probably wouldn't sign it with my real key - it may be relatively obvious that "Bill The Dragon-Basher" whose key was signed by "Bill Stewart" was me, but I'd rather not have to deal with a court subpoena or Mafia equivalent trying to find the users of the keys for "Crypto International, Ltd." or "Coalition Against the U.S. Invasion of Cuba" or "Some Unapproved Religion" or "Bear's Custom Chemicals" or an anonymous Panamanian bank account that's mine. But if the keys are only signed by other nyms, how trustable are they? [So how do you know what's a nym and what's not?] If I ran a digibank, I'd be real hesitant about accepting changes of address or public-key unless I had some physical verification or other securely shared secret to avoid eavesdropper and interloper attacks, but one of the goals of digital banking is that you're not supposed to need physical transactions. I suppose an initial account set up by sending the bank a message with a Secret and a public key and a bunch of digibucks might do the job, with some cut&choose protocols to decrypt the digibucks if the account is approved? [If I ran a digibank with open accounts, I'd shift the security burden to the account holder. Especially when dealing with accounts from sketchy identities. Provide the means for security in protocol, the rest is up to the user.] Bill The Dragon-Basher (oops! ^X^C:wq!/exit~.\b\b\b\b\b\b) # Bill Stewart Old address: wcs at anchor.ho.att.com AT&T Bell Labs, Holmdel, NJ # After 10/15, NCR, 6870 Koll Center Parkway, Pleasanton CA, 94566 # Voice/Beeper 510-224-7043, Phone 510-484-6204, email bill.stewart at pleasantonca.ncr. com - -uni- (Dark) [who will begin to attach key fingerprints to mail and not just usenet and finger] :) 073BB885A786F666 6E6D4506F6EDBC17 -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLP0XEBibHbaiMfO5AQHeKQQAhN6RXRQ8fZ1hz+jvFbuw6N6fvByG2Euq BYISCdcLgcWa1V/Jpq7GjjIwLTEYjxFQBqg2txyu4QKpmg1HR3ox/MAyUPcqQqQy K9WxvwVMW/3ydGKRwLyatthHZsa47JGVumwzQJ2/cDzhNZhfiM/SqXgH3jdHBSAO 9r744wKJsoc= =Qi4O -----END PGP SIGNATURE----- From strick at osc.versant.com Wed Dec 1 14:32:22 1993 From: strick at osc.versant.com (henry strickland) Date: Wed, 1 Dec 93 14:32:22 PST Subject: <8c> signing nyms In-Reply-To: <9312012056.AA01201@anchor.ho.att.com> Message-ID: <9312012231.AA22813@osc.versant.com> -----BEGIN PGP SIGNED MESSAGE----- # Under the conditions Deadbeat described (long tradition of posting from # anon-server with pgp signatures/keys, keys on the key server, etc., # I might be willing to sign such a key. I wouldn't use my regular key A few months ago I was willing. I checked all the old mail I had from deadbeat and the signatures matched. # to do it - I'd create one or more nym-signing keys, so people could tell # that I know I'm signing a nym's key and it's less reliable than # signing a physically-known person's key. To do it right, though, I figure I know Deadbeat electronically as well as, or better than, most of the Tentacles whom I've met In The Flesh at the mountain view physical meetings. So I signed the key that matched the writings that we all know and love as Deadbeat. That's what Deadbeat means to me, not . Here it is, with my "working" signature. Granted, I'm not well-connected into the cypherpunk signature web yet. (And if my reputation drops due to this act, perhaps I never will be.) Also, my Real Name is not on my signature, because I consider this signature less secure than the Real Me. strickperson #1 I sign nyms ===== DEADBEAT ===== - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.2 mQA9AitLtIwAAAEBgLojzfFnokmz6jInPYHNnkRtRFiuHNoVWbXyg7Tt7m3wEeXC L1Jg6I/xWU6QVvwd+QAFEbQfREVBREJFQVQgPG5hNTg3N0Bhbm9uLnBlbmV0LmZp PokAVQIFECy5l50KtyDIDCVDZQEBloAB/0z6l1hWqI7YXC8+agKHZ0ofN7gSnYkb z91ZmQuUoAgD+UB+2HZElWn/YhcXTmoH72a7efzphCgShsslgcR1cdK0H2RlYWRi ZWF0IDxhbjU4NzdAYW5vbi5wZW5ldC5maT4= =ir1b - -----END PGP PUBLIC KEY BLOCK----- ===== strickperson #1 ===== - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.2 mQBNAivfNEsAAAECALxgaciRLaLJDPE1VxeOggXf600OrQksi3pN6DGaYFOIS0TU yFmklmcG2dwTQnwxL3cSYoTrYj1sCrcgyAwlQ2UABRG0KHN0cmlja3BlcnNvbiAj MSA8c3RyaWNrQG9zYy52ZXJzYW50LmNvbT6JAJUCBRAr+HB7P4P8NX9Y9rMBAd79 BADUf4llIbsBvZ8on9AFNn6prbYmQxH/vRi7IIhIF/g3QInpJZBhw8jFZPBfn1Kd imGUj8J0q5cP3oHA/SUYfzY4b/W0uoqQ+YReXW2y8bBpodFY2aq2mndP3NXt4BbZ bBmlaFyVXyHmGKbaS0nDhhX9e/UUWm4cPWVh61JXoHth8YkARAIFECv4a8fSnR8f nm9wlQEB0fcBd0a+FOwGASUhJD7943gOGaPpFsbzplZHEy5648jlx6liXrdHT8pj GV/j4O6UzGrliQBVAgUQK/h5bkozmKNUUeyZAQEoYQH6A93UC1SdZKEMxzUNwcrb W5eMaeI6vcRRuE7oSQ/ESIOMltPb4/qnFHd8T16muM6xCDb4nBPEBxhkzDClLu1h U4kAVQIFECvfZWgKtyDIDCVDZQEBUkECAJHjGr9vRG6H/cURrvJk65/GyRQ8tRZ+ mXsByBIGZvlBO7Joee9yXh6Uz0JHeohq30MoJr2wPn/9gukJ83NF424= =Lpcc - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: 2.2 iQBVAgUBLP0a+wq3IMgMJUNlAQGe+wH/T+yYWUHAmA1n/jIVBZ90/GqOzH8cpArR f5UW5sTRzAECC369bHkf5xeId30hp51HpE9q98BJL5fSH1rdlnzeBw== =63Ni -----END PGP SIGNATURE----- From mech at eff.org Wed Dec 1 14:42:24 1993 From: mech at eff.org (Stanton McCandlish) Date: Wed, 1 Dec 93 14:42:24 PST Subject: CP-austin addresses? Message-ID: <199312012240.RAA18240@eff.org> Anyone know the subscribe addresses for the Austin cypherpunks lists? -- Stanton McCandlish mech at eff.org 1:109/1103 EFF Online Activist & SysOp O P E N P L A T F O R M C R Y P T O P O L I C Y O N L I N E R I G H T S N E T W O R K I N G V I R T U A L C U L T U R E I N F O : M E M B E R S H I P @ E F F . O R G From archie at phantom.com Wed Dec 1 15:08:18 1993 From: archie at phantom.com (Douglas Chester) Date: Wed, 1 Dec 93 15:08:18 PST Subject: No Subject Message-ID: Help with encryption needed Can someone point me towards a set of C functions along the lines of: char *encrypt (cleartext_string, key); char *decrypt (encrypted_string, key); Where encrypt would return the encrypted string and decrypt would return the decrypted string. The stronger the encryption the better. Thanks. From warlord at MIT.EDU Wed Dec 1 15:22:23 1993 From: warlord at MIT.EDU (Derek Atkins) Date: Wed, 1 Dec 93 15:22:23 PST Subject: No Subject In-Reply-To: Message-ID: <9312012321.AA03674@toxicwaste.media.mit.edu> There are tons of functions along those lines. Your query is not very specific. What kind of algorithm do you want, public-key or secret-key? What size key? Blocksize? whatever. You've just defined an abstraction that includes every single encryption function known to man.... -derek From mccoy at ccwf.cc.utexas.edu Wed Dec 1 15:23:18 1993 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Wed, 1 Dec 93 15:23:18 PST Subject: CP-austin addresses? In-Reply-To: <199312012240.RAA18240@eff.org> Message-ID: <199312012322.AA14977@tramp.cc.utexas.edu> > > Anyone know the subscribe addresses for the Austin cypherpunks lists? Send mail to listproc at mcfeeley.cc.utexas.edu with the following line in the body of the message (where [name] is some "real name" you wish associated with your id): subscribe austin-cypherpunks [name] jim From archie at phantom.com Wed Dec 1 15:32:24 1993 From: archie at phantom.com (Douglas Chester) Date: Wed, 1 Dec 93 15:32:24 PST Subject: your mail In-Reply-To: <9312012321.AA03674@toxicwaste.media.mit.edu> Message-ID: > > There are tons of functions along those lines. Your query is not very > specific. What kind of algorithm do you want, public-key or > secret-key? What size key? Blocksize? whatever. > > You've just defined an abstraction that includes every single > encryption function known to man.... > > -derek > It should be a secret key algorithm, and be able to hanlde blocks of at least 256 characters in length. Keysize isn't as important as the type of encryption being used. Something that is reasonably secure such as IDEA or DES is preferable to a function that just XORs everything. I'm sure if I was a more patient person I could download a few megs of source from the net and pore through it to find what I'm looking for. I was hoping that someone on this list could be of assistance and save me the trouble. Thanks. From jon at balder.us.dell.com Wed Dec 1 16:12:24 1993 From: jon at balder.us.dell.com (Jon Boede) Date: Wed, 1 Dec 93 16:12:24 PST Subject: mix Message-ID: <9312020011.AA01419@balder.us.dell.com> Does anybody have source code to Istvan Mohos "mix" programs? I have the binaries but I lost the source a while back. It's kind-of a fun encryption algorithm because it's a transposition cypher rather than a stream cypher -- the result set contains exactly the same characters as the input set. Jon From mg5n+ at andrew.cmu.edu Wed Dec 1 17:03:19 1993 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Wed, 1 Dec 93 17:03:19 PST Subject: EFF Op-Ed from the NY Tim In-Reply-To: <9312011905.AA21822@disvnm2.lehman.com> Message-ID: dmandl at lehman.com (David Mandl) wrote: > > From: Duncan Frissell > > > > And another thing. I'm sick and tired of moaning about cost. Services > > are virtually free today and prices can go nowhere but down. There are > > homeless people on the streets of NY with Internet accounts. > > Got a list of their names? I doubt it. If you're not enrolled at a major university, or employed at a computer-related company, and don't subscribe to an expensive online service, getting an internet account is NOT easy or cheap. Services like netcom are expanding, but I seriously doubt a homeless person could get an internet address. Check out almost any BBS network (other than fido) and every other week, some jerk will ask when they'll get connected to the internet. And every time, five sysops respond "Fine. We'd love to. Would you mind telling us how the hell we could connect to the internet???" From pmetzger at lehman.com Wed Dec 1 17:18:19 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Wed, 1 Dec 93 17:18:19 PST Subject: EFF Op-Ed from the NY Tim In-Reply-To: Message-ID: <199312020117.UAA13042@snark.ts.lehman.com> Matthew J Ghio says: > If you're not enrolled at a major university, or employed > at a computer-related company, and don't subscribe to an expensive > online service, getting an internet account is NOT easy or cheap. To most of the nations population, which lives in cities, it costs under $25 a month total variable cost including phone costs. It is likely far more expensive in rural areas. Perry From karn at qualcomm.com Wed Dec 1 17:22:24 1993 From: karn at qualcomm.com (Phil Karn) Date: Wed, 1 Dec 93 17:22:24 PST Subject: A study of National Cryptography Policy In-Reply-To: <199311291832.NAA17576@eff.org> Message-ID: <199312020120.RAA01034@servo> >As part of the Defense Authorization Bill for FY 1994, the U.S. Congress >has asked the Computer Science and Telecommunications Board >(CSTB) of the National Research Council (NRC) to undertake a study of >national policy with respect to the use and regulation of cryptography. [...] A *two year*, *classified* study of national cryptography policy?? I suppose it's just as well. The closest thing we currently have to a "national cryptography policy" are some ineffective and pointless export controls that, if proposed legislation is adopted, may go away in a few months anyway. That would leave civilian cryptography pretty much unregulated -- exactly as it should be. So sure, take all the time you like to "study" the issue. The longer the better. The "cryptography genie" is already well out of its bottle; in two years, it will be everywhere. And yes, by all means, require security clearances of all the participants and classify all of the proceedings. That will exclude many of the biggest names in civilian cryptography -- those who are not US citizens, who will not submit themselves to government censorship, and who do not wish to lend any legitimacy to a government effort that will inevitably try to regulate what will (and should) be left alone. And it will stifle any embarassing public debates on minor issues like free speech, freedom of association and personal privacy, all of which are just annoying technicalities that keep law enforcement and intelligence agencies from doing their jobs more efficiently. Better yet, restrict membership to these loyal law enforcement and intelligence agencies, the same ones responsible for the silly current state of export controls on cryptography. That should eliminate what few shreds of credibility might remain in the Board's final report. Phil From jdblair at nextsrv.cas.muohio.EDU Wed Dec 1 17:58:18 1993 From: jdblair at nextsrv.cas.muohio.EDU (jdblair at nextsrv.cas.muohio.EDU) Date: Wed, 1 Dec 93 17:58:18 PST Subject: 2nd midwest meeting attempt Message-ID: <9312020217.AA10893@ nextsrv.cas.muohio.EDU > -----BEGIN PGP SIGNED MESSAGE----- Are there any Cypherpunks in the Midwest Region that would like to hold a meeting? I'd like to interact face-to-face for once. I'm located just north of Cincinatti in Oxford, OH, and would probably be able to host something. Unfortunately, this probably isn't very central. I've brought this up before, but didn't get enough response to put a meeting togethor, so... I'm trying again. Please e-mail me directly if you are interested, with a clear, loud subject so I can differentiate you from the noise. hanging in Ohio, - -john. -----BEGIN PGP SIGNATURE----- Version: 2.3 iQBVAgUBLP0UAKNqtARNqVmxAQGP6QH+Ino8UhNLBycReXJxx82OzHW8JSI/nKwL i1ZXoywUBgccK/WM7w3s1tVnW8kTX5RWLEKzgsFmOgzd/yCR2U49AQ== =SsPD -----END PGP SIGNATURE----- From hlin at nas.edu Wed Dec 1 19:02:24 1993 From: hlin at nas.edu (Herb Lin) Date: Wed, 1 Dec 93 19:02:24 PST Subject: A study of National Cryptography Policy Message-ID: <9311017548.AA754812061@nas.edu> As the broadcast message noted, the ground rules regarding classification were not established by the CSTB, but rather by the U.S. Congress. Note also that the final report is intended to be unclassified, though classified annexes may be necessary for completeness. Regarding the two-year time frame of the study: the premise of the study is that there are many perspectives on the issue and that the appropriate policy balance has not yet been established; surely you would acknowledge that both these statements are true. Thus, a serious study of the issue requires time to reflect, especially if different perspectives are to be reconciled. So, let me invite you folks to submit whatever materials you would like the study committee to consider (e.g., printed articles, written statements, etc), and what opportunity, if any, you would like to have to testify before the committee or its staff. Herb Lin **** >As part of the Defense Authorization Bill for FY 1994, the U.S. Congress >has asked the Computer Science and Telecommunications Board >(CSTB) of the National Research Council (NRC) to undertake a study of >national policy with respect to the use and regulation of cryptography. [...] A *two year*, *classified* study of national cryptography policy?? I suppose it's just as well. The closest thing we currently have to a "national cryptography policy" are some ineffective and pointless export controls that, if proposed legislation is adopted, may go away in a few months anyway. That would leave civilian cryptography pretty much unregulated -- exactly as it should be. So sure, take all the time you like to "study" the issue. The longer the better. The "cryptography genie" is already well out of its bottle; in two years, it will be everywhere. And yes, by all means, require security clearances of all the participants and classify all of the proceedings. That will exclude many of the biggest names in civilian cryptography -- those who are not US citizens, who will not submit themselves to government censorship, and who do not wish to lend any legitimacy to a government effort that will inevitably try to regulate what will (and should) be left alone. And it will stifle any embarassing public debates on minor issues like free speech, freedom of association and personal privacy, all of which are just annoying technicalities that keep law enforcement and intelligence agencies from doing their jobs more efficiently. Better yet, restrict membership to these loyal law enforcement and intelligence agencies, the same ones responsible for the silly current state of export controls on cryptography. That should eliminate what few shreds of credibility might remain in the Board's final report. Phil From 71332.747 at CompuServe.COM Wed Dec 1 20:52:26 1993 From: 71332.747 at CompuServe.COM (James Hicks) Date: Wed, 1 Dec 93 20:52:26 PST Subject: N-Gram Message-ID: <931202044516_71332.747_DHQ95-1@CompuServe.COM> Business Week, Nov. 29, 1993, p. 99 "BUT WILL IT REMEMBER WHERE THE CAR KEYS ARE?" Joseph M. Bugajsky quit Ford Motor Co. in 1985 to pursue his dream of inventing a computer formula that would analyze and store data the same way the human brain does. This September, his efforts paid off with a U.S. patent on a system that spots patterns in data and compresses the data into "memories." These memories, Bugajsky says, take up only one-half of 1% of the original space. That could make them a boon to banks, libraries, and laboratories flooded with data. The key to Bugajsky's software for supercomputers, called N-Gram, is that it not only finds patterns in data but also patterns within the patterns, as human memory does. The layers of patterns are linked, so "recalling" something consists of working back down from the abstract to the specific. The original can be reconstructed down to the last bit. Bugajsky's company, Triada Ltd., in Ann Arbor, Mich., is planning tests with, among others, NASA and the National Institutes of Health. ------------------------------------------------------------ Any comments? >James< From MIKEINGLE at delphi.com Wed Dec 1 22:08:20 1993 From: MIKEINGLE at delphi.com (Mike Ingle) Date: Wed, 1 Dec 93 22:08:20 PST Subject: Secure Drive Use/Distribution ?'s Message-ID: <01H5ZHQ49RG290QCQF@delphi.com> To those who have requested Secure Drive: How's it working? How widely is it being distributed? How many people outside the Cypherpunks, if any, are using it? Please let me know how the program is doing. Any serious bugs? (Note: I do not have a list of people who've received it.) To those who haven't: Big Brother is watching you! Any ideas on better ways to distribute it? I'm thinking about posting the ad to some newsgroups, since there haven't been any reports of major bugs as of yet. --- MikeIngle at delphi.com From kinney at ucsu.Colorado.EDU Wed Dec 1 22:52:26 1993 From: kinney at ucsu.Colorado.EDU (W. Kinney) Date: Wed, 1 Dec 93 22:52:26 PST Subject: Steganography and noise Message-ID: <199312020648.AA02919@ucsu.Colorado.EDU> -----BEGIN PGP SIGNED MESSAGE----- What about doing steganography by embedding messages in random-dot stereograms? -- Will -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLP0qSffv4TpIg2PxAQEWNgP7B5HCqn5Nk9s/r3kPra/gZTiZx7sRnyoP MnQL3gUCm1sGDQYU4pVeivJM+amHTrOXt2BN4NMbEM/dj4Ev7iRh/2eRIAcloF/n 53Kguclj/UEwbYhh0Z5m2QrkOVRpzjkkwe08Pw9dTSBGUyRwrR1NeI63WpnA54V/ iOz8QWdwjSQ= =dRoM -----END PGP SIGNATURE----- From ld231782 at longs.lance.colostate.edu Wed Dec 1 23:28:21 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Wed, 1 Dec 93 23:28:21 PST Subject: ACE Introduction Message-ID: <9312020724.AA16931@longs.lance.colostate.edu> ===cut=here=== Date: Thu, 2 Dec 93 01:09:03 EST Subject: Your Request From: Americans Communicating Electronically at ra.esusda.gov. (info at ace.esusda.gov) - -------------------------------------------------------------------- AMERICANS COMMUNICATING ELECTRONICALLY (ACE) Thank you for your electronic mail message. This note acknowledges receipt of your message to info at ace.esusda.gov. WELCOME Welcome to ACE--Americans Communicating Electronically! ACE is a team of volunteer citizens, from inside and outside federal government, dedicated to open access to information and learning from every home and community across the Nation. Your initial message to us signals your interest in making this exciting experiment a reality for all Americans. Your participation is vital to the success of this project! WHO ARE ACE MEMBERS? Who are the pioneers in launching ACE? They include: the White House, the Department of Agriculture, National Archives, Commerce, Defense, Education, Energy, Environmental Protection Agency, Government Printing Office, General Services Administration, Health and Human Services, House of Representatives, Interior, Justice, Labor, National Science Foundation, Small Business Administration, U.S. Senate, State, Transportation and numerous associations and organizations. Several states, including many universities and colleges, are also part of the ACE team. WHAT KIND OF INFORMATION IS AVAILABLE FROM ACE? The ACE Experiment is coming on line in stages. During Stage One, selected agencies in the Departments listed above will participate. A single electronic mail address will be used to receive incoming messages from citizens. These messages will be forwarded electronically to the appropriate ACE agency contact for action. Citizens will receive responses, either electronically or through conventional means within "48 hours" of their request. During Stage Two, a directory of U.S. Government agencies and online databases that can be accessed directly by electronic mail will be accessible by citizens. Also, available on line, will be frequently asked questions, policy and issue papers, and speeches. You will be able to browse this information at your leisure. Future stages will build on what we learn! ACE is already finalizing plans to pilot test "Interactive Citizen Participation Centers" in local communities where people can electronically access U.S. government information when they grocery shop or visit the local library. Your feedback as we roll out these stages will be critical in helping us learn to improve this exciting, interactive communications. Working together, we can make it happen! HOW CAN I, MY NEIGHBORS, MY COMMUNITY, MY ORGANIZATION-- JOIN ACE? To join ACE, send an electronic mail message to: letters at ace.esusda.gov Describe how you would like to volunteer. Can you help others learn how to use the network? Can you provide a facility where citizens can come to access the network? Can you help form a group of citizens that would like to establish an interactive participation center? WHAT HAPPENS NEXT? We expect to receive a large volume of electronic mail. You, and your message, are important to us. So important, we'd like some additional information about you. Please provide us your conventional address (name, street address, city, state, zip, phone and fax) as well as your electronic mail address. HOW CAN YOU GET ADDITIONAL INFORMATION FROM ACE? Send your query to the Internet Electronic Mail Address listed below: - - Information request for a specific item (This notice): info at ace.esusda.gov - - Letter of inquiry of a more general nature: letters at ace.esusda.gov. INFORMATION AVAILABLE FROM THE ACE SERVER We currently have information on the National Initatives available for access in various ways. To find out more on what is available, Send a message to the following addresses. NAFTA nafta at ace.esusda.gov Health Security Act health at ace.esusda.gov National Performance Review npr at ace.esusda.gov National Information Infrastructure nii at ace.esusda.gov Each one of these has information on how to access the documents for your areas of interest. The ACE project is an exciting one! It's an opportunity for people, inside and outside government, to become involved. Involved,--not just in re-inventing today's government, but in charting tomorrow's future together! AMERICANS COMMUNICATING ELECTRONICALLY [You will receive this message only once a day] ------- End of Forwarded Message From analyst at netcom.com Thu Dec 2 00:02:26 1993 From: analyst at netcom.com (Benjamin McLemore) Date: Thu, 2 Dec 93 00:02:26 PST Subject: NSA Insecure Remailers Message-ID: <199312020759.XAA12950@mail.netcom.com> ---Some stuff deleted, basically my concern that through traffic analysis of backbone internet traffic, at least the NSA can penetrate the security of anonymous remailers---- >probably only the NSA and some defense agency we haven't >yet heard of are actually performing this analysis right now. But >given the declining price of storage media, even saving everything on >magnetic media and paying $1000/gig, it only costs about US$8.7 million >to keep a year's worth of traffic headers around (media cost). > >So what? #So what indeed. # #Why oh why do we waste so much time seeking systems that are #mathematically unbreakable. You don't need mathematically unbreakable #systems to have a free market on the nets. # #It costs a minimum of $50K to start a federal criminal prosecution (that #is if the perp is inside the US). This means that the feds can only #afford a few tens of thousands a year. When you add incarceration costs #it quickly becomes very difficult. This being the case, they are #dependent on your obedience for law enforcement success. Like any #predator, the government must gain more energy from the kill than it #expends on the hunt. Otherwise it weakens and dies. All I was trying to point out with my post is what I saw as a flaw in my previous understanding of the depth of the security provided by anonymous remailers. There is a difference between relying on the mathematics of strong crypto to protect you from government spooks and prying bureacrats-- and relying on one's belief that- although one's security has been compromised, it will be too expensive or otherwise difficult for the government to use this information against you. It seems to me that anonymous remailers, despite my initial assumptions that they were cryptographically strong, are probably compromised by the ability of the NSA to monitor Internet backbone traffic, a hypothesis I would love to see disproved. Additionally, my understanding of the nature of the packet data that passes over the Internet backbones is weak; someone posted the other day that they felt the government would soon require that all data passing over the nets be addressed and labeled, enabling the Feds to monitor it--it is my understanding of networking that that day is here *now*. I want unbreakable security, untraceable communication and unforgeable digital cash--ALL of it mathematically guaranteed and none of it compromisable by some underpaid bureacrat who might decide to make a little money off of ME in his spare time. ------------------------------------------------------------------------------ Benjamin McLemore analyst at netcom.com -- From pierre at shell.portal.com Thu Dec 2 00:52:24 1993 From: pierre at shell.portal.com (Pierre Uszynski) Date: Thu, 2 Dec 93 00:52:24 PST Subject: Two items from recent magazines... Message-ID: <9312020852.AA16294@jobe.shell.portal.com> > From: Jonathan Corbet > > > W.R.T. using "fake" inventors. It's illegal to file a patent application > > without the true original inventor's name on it. If it can be proven that a > > company did this, it is liable for treble damages and the lawyer who filed > > the application can be disbarred. > > It's not the inventors who are faked, according to the article -- it's the > companies for whom they work. > [...] so as to make it hard for their > competitors to see what they are up to. Just a remark, that for large companies (I'd call them "groups"), the groups are formed of so many differently named entities that even insiders can't figure it out. This is because these large (usually older) groups have formed by buying and selling other companies, branches and divisions of companies. After each purchase, pride, economic interests (brand names), or traditions are such that the old names survive, or are munged into new names. I would expect it is very rare when an old name simply disappears. So, what was a company name, may become a division name in two different holdings that bought each half of the company. And if that same name was used for, say light bulbs and TVs before the split, then after the split, it is still used for the same items. Except they now come from two different companies... still following? The result is that even insiders in large groups have a hard time figuring out which part of the company is working on what, or even which brand names are produced by your company. Let alone which patent belongs to whom, or has been licensed from whom, or which non-disclosure agreements exist between which project and which project. All this simply to point out that at least some of this "hide and seek" game in patents is probably not even voluntary. From working for one of these groups (in several differently named "entities"), I think an external company could actually have an easier time piecing it all together than any insider (including at the top levels). (Thus a business idea, (although I think that is an extropians thread :-) A business that makes contacts with individual projects of a large "holding" or multinational, setting up non-disclosure agreements with each, then constantly cross references this data to put in contact groups of the holding that could benefit from knowing about each other. Individual projects (and their hierarchy) usually do not have enough short term incentive to devote much man-power to keeping in touch) Pierre. pierre at shell.portal.com From tcmay at netcom.com Thu Dec 2 01:02:24 1993 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 2 Dec 93 01:02:24 PST Subject: NSA Insecure Remailers In-Reply-To: <199312020759.XAA12950@mail.netcom.com> Message-ID: <199312020902.BAA25636@mail.netcom.com> Benjamin McLemore writes: > All I was trying to point out with my post is what I saw as a flaw in > my previous understanding of the depth of the security provided by > anonymous remailers. There is a difference between relying on the > mathematics of strong crypto to protect you from government spooks and > prying bureacrats-- and relying on one's belief that- although one's > security has been compromised, it will be too expensive or otherwise > difficult for the government to use this information against you. Cypherpunks remailers are far from "ideal digital mixes," as described in David Chaum's February 1981 "Communications of the ACM" paper. This is well known, and the issues of traffic analysis Benjamin raises are also valid and known issues. A while back we had many debates about what to do about message size padding (e.g., quantizing all outgoing packet sizes to a standard size, or perhaps to one of several (small, medium, large. etc.) packet sizes. And we debated adding latency, so that a message waits until N total messages have been received before remailing. And so on. In any case, Chaum's ideal digital mix is hard to implement now for several reasons, largely economic. Ideal mixes also need physical security against tampering, against interception of internal operations (perhaps via RF monitoring), etc. Perhaps most critical, and least studied to date, remailers are only as good as the human policies at the sites are. (My conception of ideal remailers involves remailer hardware, perhaps on boards containing enough RAM and/or disk drive space to hold the batch of messages, that is "untouched" by human hands. Tamper-resistant modules, sealed hardware, etc. Lots of issues here. I think "Mom and Pop remailers" could be sold on boards similar to SoundBlaster boards.) Chaum's original hardware-based mix also has some weaknesses, as noted in a EuroCrypt '89 paper by Pfitzmann and others. The software-based "DC-Net," which comes up so often on this list, is generally better. Several Cypherpunks are interested in implementing DC-nets. So far, no progress to report. > It seems to me that anonymous remailers, despite my initial > assumptions that they were cryptographically strong, are probably > compromised by the ability of the NSA to monitor Internet backbone > traffic, a hypothesis I would love to see disproved. Additionally, my No, they are very far from being even cryptographically strong (although parts of the process, involving sending encrypted messages to the next node, are of course as secure as, say, PGP is). > I want unbreakable security, untraceable communication and unforgeable > digital cash--ALL of it mathematically guaranteed and none of it > compromisable by some underpaid bureacrat who might decide to make a > little money off of ME in his spare time. Well, wanting something is not the same thing as getting it. Read the 1981 paper, the 1988 DC-Net paper (available at the soda.berkeley.edu ftp site), and follow the Cypherpunks activities on DC-Nets. Then look at the various Cypherpunks remailers...some _require_ encryption (most don't, and most of us don't even use encryption, which means anyone reading the packets can see what's going on! A fatal flaw or just laziness?), some add hours of latency (though not N latency, as too few messages are flowing), and so on. The market will push development in possibly more secure directions. Right now, you can see that Cyperpunks remailers, and also Julf's penet site, have significant flaws. You get what you pay for (this is a serious point: the lack of real commerce, the volunteer nature of all of this, and the generally "hobby-like" nature of these systems explains why these weaknesses are not getting fixed. These are largely "toy" systems to provide some experience. They'll get better with time. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From jkreznar at ininx.com Thu Dec 2 03:43:24 1993 From: jkreznar at ininx.com (John E. Kreznar) Date: Thu, 2 Dec 93 03:43:24 PST Subject: Let's Talk About Solutions In-Reply-To: <199312012018.PAA15543@eff.org> Message-ID: <9312021141.AA08608@ininx> -----BEGIN PGP SIGNED MESSAGE----- > Graham Toal writes: > > So, you have an objection to the net evolving into a technocratic class > > system? > Well, yes. To the extent that tools remain the province of the elite, > it is politically easy to take them away from that elite. The cypherpunks welcome message (Eric Hughes, I suppose) seems to apply here: > Cypherpunks acknowledge that those who want privacy must > create it for themselves and not expect governments, corporations, or > other large, faceless organizations to grant them privacy out of > beneficence. So a cypherpunk strives to construct an effective technical defense against the tyranny of the majority so that it is not ``politically easy'' to deprive him of his privacy. John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLP3TJcDhz44ugybJAQEtIgP6Ai5JkOLa9c6ng5pBJ3Zp2QZZE6RVCUow Q/Ml/TKUphUZTEFqznj7f2vOf5U+rP1dCDbalewhhMCXeezYj8U+GQf1rmNEX+rB +q1nyzzFNH40HnINIvMJbIi8hQtjBqUZQAn8X29TJJhK5CDHAcsLjUl3HE0PPFEW iHkN8XMh4xA= =+4Nf -----END PGP SIGNATURE----- From julf at penet.fi Thu Dec 2 03:48:24 1993 From: julf at penet.fi (Johan Helsingius) Date: Thu, 2 Dec 93 03:48:24 PST Subject: NEW: Cypherwonks (fwd) In-Reply-To: <11681@an-teallach.com> Message-ID: <199312021143.AA10472@lassie.eunet.fi> > Oh come on, Julf is a European. Uh... I take that was a compliment ;-) Julf From an4914 at anon.penet.fi Thu Dec 2 04:52:29 1993 From: an4914 at anon.penet.fi (Nitch) Date: Thu, 2 Dec 93 04:52:29 PST Subject: The Key Escrow is a *GOOD* thing. Message-ID: <9312021248.AA09441@anon.penet.fi> I see the introduction of common, publicly promoted cryptography as a *GOOD* thing... even if it's insecure. Yes, even if the government can read every toggled bit of it. If the public uses cryptography of even the simplest sort as a matter of routine then the *REAL* cryptography, the really *SECURE* stuff, will pass through unnoticed. Why would *I* care if some super-secret agency could read my clipper'd data? I'd be using PGP on top of it! only then my messages wouldn't stand out like so many lights in a dark night... ...more like just a few more stars in the sky. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From mnemonic at eff.org Thu Dec 2 05:32:28 1993 From: mnemonic at eff.org (Mike Godwin) Date: Thu, 2 Dec 93 05:32:28 PST Subject: Let's Talk About Solutions In-Reply-To: <9312021141.AA08608@ininx> Message-ID: <199312021329.IAA23622@eff.org> John Kreznar writes: > against the tyranny of the majority so that it is not ``politically > easy'' to deprive him of his privacy. > That's part of it. But the other part is providing tools that everyone, not just cypherpunks, can use. --Mike From pat at tstc.edu Thu Dec 2 06:38:38 1993 From: pat at tstc.edu (Patrick E. Hykkonen) Date: Thu, 2 Dec 93 06:38:38 PST Subject: EFF Op-Ed from the NY Tim In-Reply-To: Message-ID: <9312021436.AA02569@tstc.edu> > > Got a list of their names? > > I doubt it. If you're not enrolled at a major university, or employed > at a computer-related company, and don't subscribe to an expensive > online service, getting an internet account is NOT easy or cheap. > Services like netcom are expanding, but I seriously doubt a homeless > person could get an internet address. Check out almost any BBS network > (other than fido) and every other week, some jerk will ask when they'll > get connected to the internet. And every time, five sysops respond > "Fine. We'd love to. Would you mind telling us how the hell we could > connect to the internet???" This is beginning to kill me! This guy comes from the cmu.edu domain and obviously has never tried to get an account on a system outside of his institution. Much less on one of the "expensive on-line services", as he put it. Here's some news! Currently the Delphi service offers full Internet connectivity (e-mail, FTP, Telnet, Gopher, News) for $20 a month for 20 hours of access. Delphi can be accessed through SprintNet which means that most metropolitan areas will have a local dial in point. In the near future America On Line has stated that in the near future they too will go full connectivity, they charge $9.95 a month for 4 hours worth of access. AOL currently has e-mail available. That's just two of the services that can be accessed from just about any city of any real size in the states. Now, let's talk about those sysops that want to get connected to the Interet. Here in Waco, Texas (a city of about 150,000 people... 250,000 people if you count all the outlying cities) to get a 56K dedicated Internet connection would cost something like... $ 3000.00 Router $ 1500.00 CSU/DSU $ 600.00 Local Loop Termination/Installation --------- $ 5100.00 One-time costs. $ 75.00 Regional Network membership fee $ 250.00 Local Loop Charge --------- $ 325.00 Monthly costs. These figures are ballpark, and some are gueses based on experience in dealing with the regional networks here in Texas. I know several sysops here that would easily spend $5000.00 on their board in one shot, and could easily spend the $300.00 a month for the connection. On top of all that, it is a proven fact that people will *pay* for Internet connectivity. These costs are based on a dedicated 56K connection. A 14.4 or 19.2K SLIP connection would probably be *much* less! And, as Duncan and so many others are so fond of pointing out. If the gummint would get out of the way and let competition happen for the local loop these prices would drop dramatically. -- Pat Hykkonen ** N5NPL ** pat at tstc.edu ** CNSA -- (817) 867-4831 Disclaimer: This product may cause irritability in some users. In cases of allergic reaction, delete and consult a physician immediately. From cvoid at albemuth.tatertot.com Thu Dec 2 08:08:35 1993 From: cvoid at albemuth.tatertot.com (Christian Void) Date: Thu, 2 Dec 93 08:08:35 PST Subject: CYPHERPUNKS CRIMINAL T-SHIRTS Message-ID: I will be sorting through the t-shirt requests and compiling a list. It will be done in a few days. As soon as I finish this, I will mail everyone on the list, and we can start hashing out a design. I have a screening company I work with, and am currently working out the details with them. Any questions can be directed to me at or . Thanks. Christian Void /T71 | "I don't like it, and I'm sorry I | V/M/Research, Inc. cvoid at netcom.COM | ever had anything to do with it." | P.O. Box 170213 Tel. 1+415-807-5491 | -Erwin Schrodinger (1887-1961) | SF, CA 94117-0213 * PGP v2.3a Public Key Available Via Finger * From hfinney at shell.portal.com Thu Dec 2 08:32:36 1993 From: hfinney at shell.portal.com (Hal Finney) Date: Thu, 2 Dec 93 08:32:36 PST Subject: NSA Insecure Remailers Message-ID: <9312021630.AA28878@jobe.shell.portal.com> As Tim says, it is no secret on this list that the remailers are not presently secure. I posted a long message a few months ago outlining possible attacks on the remailers. It's worth noting that Karl Barrus' remailer does batch up messages and send them out once a day. If enough people use it that will help mix them up. There is still the message size to match them up, though (and, believe it or not, the Subject: line!). Karl is working on padding code. Really, fixing these problems is not hard. There will be some penalties in terms of usability of the systems. Subject lines will have to be embedded in the encrypted message blocks, so the software which sets up cascaded message commands will need to do this. More intrusively, I think all messages will have to be padded to be the same size everywhre in the remailer network. We need to pick a size large enough to accomodate most messages yet not so large that padding all messages to that size will be too expensive or wasteful. Then messages bigger than that size will either be rejected or at least some warning given to the user that his message will be trackable. The traffic volume problem should be solved by having a source of random messages which traverse the network, mixing in with user messages. This will help, but you still have the problem that only user messages will leave the network. The biggest problem is that many remailers are on unsecure systems. The PGP keys and passwords for these remailers are on the disk IN THE CLEAR. Anyone who can get privileges on these systems (many hackers, these days, not to mention the NSA) can get the remailer's keys and decrypt any messages sent to those remailers. Karl's monthly posting shows which remailers are on private machines; those are the only ones which have any hope of being secure against the NSA. As I said, I think most of these problems are fixable, or at least can be significantly improved. Perhaps after the holidays interested parties can set up a sub-list to discuss "Mark II" remailers which will more closely approximate Chaum's vision. Hal Finney hfinney at shell.portal.com From jdwilson at gold.chem.hawaii.edu Thu Dec 2 09:08:39 1993 From: jdwilson at gold.chem.hawaii.edu (Jim Wilson VA) Date: Thu, 2 Dec 93 09:08:39 PST Subject: Two Articles FYI Message-ID: <9312021706.AA22476@gold.chem.hawaii.edu> CP's: Two articles you might find interesting: November 15, 1993 InfoWorld, p. 57, "From the Editor": Article titled "Top 10 Reasons the Feds Shouldn't Build the Data Highway" Also PC Week November 1, 1993 Special Report p. 86 "Hitch a ride on the digital highway." Aloha no -Jim From unicorn at access.digex.net Thu Dec 2 09:08:44 1993 From: unicorn at access.digex.net (Black Unicorn) Date: Thu, 2 Dec 93 09:08:44 PST Subject: Key Escrow a *GAD* thing Message-ID: <199312021707.AA01049@access.digex.net> -----BEGIN PGP SIGNED MESSAGE----- From: an4914 at anon.penet.fi (Nitch) Date: Thu, 2 Dec 1993 12:48:19 UTC Subject: The Key Escrow is a *GOOD* thing. I see the introduction of common, publicly promoted cryptography as a *GOOD* thing... even if it's insecure. Yes, even if the government can read every toggled bit of it. If the public uses cryptography of even the simplest sort as a matter of routine then the *REAL* cryptography, the really *SECURE* stuff, will pass through unnoticed. Why would *I* care if some super-secret agency could read my clipper'd data? I'd be using PGP on top of it! only then my messages wouldn't stand out like so many lights in a dark night... ...more like just a few more stars in the sky. +++ No insult intended "Nitch," but it is obvious that you haven't been much involved in politics. What you want is security by obscurity. The problem is that such security is illusory. I don't care what the administration says about the program being voluntary. The centralization of encryption, which is what this program is, is a *BAD* thing. (to use your emphasis) It is NOT a standardization in the strict sense and the only thing that makes me think otherwise in the slightest degree is the fact that AT&T is doing the manufacturing (read: there is nothing that makes me think the other way). The easiest way for a large organization to take away major rights, or to curb the development of major rights is to attack them slowly. Right after everyone "adopts" this "voluntary" standard, it will be that much easier to require compliance. Where will private crypto development be? You will indeed be using PGP2.x on top of Clipper, even 50 years from now when it is entirely behind the times. Why? Because Clipper will close the valve on private development. I hope I'm being overly paranoid. I really do. Consider the administrations real stated purpose. (This is my wording, but _their_ goal.) To harmonize the needs of law enforcement with the (cryptographic) privacy of citizens. (We want to read your mail) Not mentioned the thefact that this is like trying to harmonize sodium and water. If (when) they find they can't read your mail, they are going to be as upset as a spoiled child on christmas morning in a recession. You really think they are going to invest so much time and effort in a program that is so easily and plainly circumvented. [Begin political rant here] I suppose now is the time to harp on the trend against individual rights. Call me a formalist, I just think most people want to live, conduct business, relax, recreate, procreate and exist in general while being generally _left alone_. I expect government to provide infrastructure and support private development of infrastructure where it is most efficient (the so called data highway in particular). I do not expect, or want government to legislate morality, unreasonably impose a majority (which is almost always an oligarchy, and not a majority) on the remainder, gege nerally intervene in my private and legimate a affairs. Clipper is simply invasionary. - -uni- (Dark) -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLP4cdRibHbaiMfO5AQHHPQP+KrNPS+NIA51t60tmNwIXpD5ruN/fAzqf eXXWL9359lqEoFaRY0k7nqfG9qmbVCliHS882r4g5mqlWrw8F1ivIRUDnQVpLFda I3RLiYO+/Y79hiC9EyFG4C0t7bp6nCxTkC3aXFdg5Hqy67DvRihwWmegK5PEF++y Cy04OkTkxFA= =4G3W -----END PGP SIGNATURE----- From trestrab at GVSU.EDU Thu Dec 2 09:48:36 1993 From: trestrab at GVSU.EDU (BETH TRESTRAIL) Date: Thu, 2 Dec 93 09:48:36 PST Subject: EFF Op-Ed from the NY Tim Message-ID: <9311027548.AA754862642@GVSU.EDU> Perry Metzger writes: > Matthew J Ghio says: >> If you're not enrolled at a major university, or employed >> at a computer-related company, and don't subscribe to an expensive >> online service, getting an internet account is NOT easy or cheap. > >To most of the nations population, which lives in cities, it costs >under $25 a month total variable cost including phone costs. It is >likely far more expensive in rural areas. > >Perry Indeed. My account at Delphi costs $20/ month for the first 20 hours and $1.80/hr thereafter (plus $3/mo surcharge for Internet access other than e-mail). The total cost is not signifigantly more than the cost of the daily paper (yet its far more informative...). There is a $9/hr charge for access 6am-7pm, though, so I use my wife's account to read this and other lists (and you probably thought I was psuedospoofing :-)) Jeff From jimn8 at netcom.com Thu Dec 2 10:08:35 1993 From: jimn8 at netcom.com (Jim Nitchals) Date: Thu, 2 Dec 93 10:08:35 PST Subject: Key Escrow a *GAD* thing In-Reply-To: <199312021707.AA01049@access.digex.net> Message-ID: <199312021808.KAA22802@mail.netcom.com> Because the spelling of my last name is fairly uncommon, and someone used a pseudonym that happens to be a good part of said name, I just wanted to make it clear that an4914 at anon.penet.fi is not me, and I have no idea who "Nitch" actually is. Sorry to waste bandwidth on that... with the heated discussion on pseudospoofing etc I don't want to get caught in the cross-fire. - Jim Nitchals QuickTime team, Apple Computer Inc. From an4914 at anon.penet.fi Thu Dec 2 10:23:37 1993 From: an4914 at anon.penet.fi (Nitch) Date: Thu, 2 Dec 93 10:23:37 PST Subject: N-Gram Message-ID: <9312021822.AA28336@anon.penet.fi> > > Joseph M. Bugajsky quit Ford Motor Co. in 1985 to pursue his dream of >inventing a computer formula that would analyze and store data the same way >the human brain does. This September, his efforts paid off with a U.S. patent >on a system that spots patterns in data and compresses the data into >"memories." These memories, Bugajsky says, take up only one-half of 1% of the >original space. That could make them a boon to banks, libraries, and >laboratories flooded with data. [...] >Any comments? Compression down to 0.5% ?!? HA! Try saying that on comp.compression!!! Let's see... That's half a typed page of data crunched down into five bytes. Give me a break. That guy ought to be sued for false advertising. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From peb at PROCASE.COM Thu Dec 2 11:03:41 1993 From: peb at PROCASE.COM (Paul Baclace) Date: Thu, 2 Dec 93 11:03:41 PST Subject: N-Gram Message-ID: <9312021903.AA20570@ada.procase.com> Sounds like Bugajsky creates a generative grammar and then stores list of productions that specifies a walk on the tree to extract data. This is a form of Kolmogorov Complexity compression, which has been expanded upon most notably by Chaitin. In the general case, the program could be for a Turing complete machine: e.g., if I want to compress 3.14159265..., the compression algorithm could recognize the sequence and give an essentially infinite compression if you want an infinite number of digits (that's right, my patented algorithm can compress your data, as found inside pi, to 0.0000000000000% of original size! Oops, pi can't be patented, well, then I'll have to use the mumble secret sequence which can be patented! ;^) I wonder whether Bugajsky includes the size of his grammar in the compressed size...if he doesn't then his 0.5% non-lossy compression is overstated. Barnsley fractal compression achieves very high compression rates like this, but it could take days to compress one picture (of course, faster compression algorithms exist that don't compress as much). JPEG can get very high compression rates if loss of exact data is okay (which it is for pictures). And yet another lossy compression example is Sony's MiniDisc which biases to the loss of data to areas that are difficult for most humans to recognize. Paul E. Baclace peb at procase.com Bib: Chaitin. "Algorithmic Information Theory", Cambridge University Press, 1987. Kolmogorov. "Three Approaches to the Quantitative Definition of Information", Problems of Information Transmission 1, 1-7 [1965]. Kolmogorov. "On the Logical Foundations of Information Theory", Problems of Information Transmission 5, 3-7 [1969]. From collins at newton.apple.com Thu Dec 2 12:12:32 1993 From: collins at newton.apple.com (Scott Collins) Date: Thu, 2 Dec 93 12:12:32 PST Subject: N-Gram Message-ID: <9312022002.AA26873@newton.apple.com> >[algorithm to] store data the same way the human brain does. >[stored data would] take up only [0.5%] of the original space. Whoever said the human brain stores data compressed to 0.5% of its original size, and what is its original size anyway. Paul Baclace says: >Sounds like Bugajsky creates a generative grammar and then stores list >of productions that specifies a walk on the tree to extract data. This >is a form of Kolmogorov Complexity compression, which has been expanded >upon most notably by Chaitin. I agree. The description sounds more like this than anything else I'm familiar with. Paul Baclace goes on to say: >I wonder whether [he] includes the size of his grammar in [the claim] 0.5% is a questionable claim. If it includes the grammar, then the grammar must be very simple, and the data of very low entropy with respect to it -- in which case 0.5% would be an uninteresting experimental result. If the claim does _not_ include the size of the grammar, then the claim is useless for evaluating this scheme. Scott Collins | "Few people realize what tremendous power there | is in one of these things." -- Willy Wonka ......................|................................................ BUSINESS. voice:408.862.0540 fax:974.6094 collins at newton.apple.com Apple Computer, Inc. 5 Infinite Loop, MS 305-2B Cupertino, CA 95014 ....................................................................... PERSONAL. voice/fax:408.257.1746 1024:669687 catalyst at netcom.com From rxt109 at psu.edu Thu Dec 2 12:38:38 1993 From: rxt109 at psu.edu (Bob Torres) Date: Thu, 2 Dec 93 12:38:38 PST Subject: NSA CAN BREAK PGP ENCRYPTION Message-ID: <199312022035.AA26183@genesis.ait.psu.edu> check out this load of bull that I pulled off of alt.privacy today. Reminds me of those chain letters.... > > > A lot of people think that PGP encryption is unbreakable and that the >NSA/FBI/CIA/MJ12 cannot read their mail. This is wrong, and it can be a deadly >mistake. In Idaho, a left-wing activist by the name of Craig Steingold was >arrested _one day_ before he and others wee to stage a protest at government >buildings; the police had a copy of a message sent by Steingold to another >activist, a message which had been encrypted with PGP and sent through E-mail. > > Since version 2.1, PGP ("Pretty Good Privacy") has been rigged to >allow the NSA to easily break encoded messages. Early in 1992, the author, >Paul Zimmerman, was arrested by Government agents. He was told that he >would be set up for trafficking narcotics unless he complied. The Government >agency's demands were simple: He was to put a virtually undetectable >trapdoor, designed by the NSA, into all future releases of PGP, and to >tell no-one. > > After reading this, you may think of using an earlier version of >PGP. However, any version found on an FTP site or bulletin board has been >doctored. Only use copies acquired before 1992, and do NOT use a recent >compiler to compile them. Virtually ALL popular compilers have been >modified to insert the trapdoor (consisting of a few trivial changes) into >any version of PGP prior to 2.1. Members of the boards of Novell, Microsoft, >Borland, AT&T and other companies were persuaded into giving the order for the >modification (each ot these companies' boards contains at least one Trilateral >Commission member or Bilderberg Committee attendant). > > It took the agency more to modify GNU C, but eventually they did it. >The Free Software Foundation was threatened with "an IRS investigation", >in other words, with being forced out of business, unless they complied. The >result is that all versions of GCC on the FTP sites and all versions above >2.2.3, contain code to modify PGP and insert the trapdoor. Recompiling GCC >with itself will not help; the code is inserted by the compiler into >itself. Recompiling with another compiler may help, as long as the compiler >is older than from 1992. > >Distribute and reproduce this information freely. Do not alter it. >------------------------------------------------------------------------- >To find out more about the anon service, send mail to help at anon.penet.fi. >Due to the double-blind, any mail replies to this message will be anonymized, >and an anonymous id will be allocated automatically. You have been warned. >Please report any problems, inappropriate use etc. to admin at anon.penet.fi. > > --**--**-- R X T 1 0 9 @ E M A I L . P S U . E D U --**--**-- Bob Torres | "I don't know what I'm writing about: plato at phantom.com | I'm obscure even to myself." PGP PUB KEY AVAILABLE ** | -C. Lispector, _The Stream of Life_ From mg5n+ at andrew.cmu.edu Thu Dec 2 12:43:38 1993 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Thu, 2 Dec 93 12:43:38 PST Subject: EFF Op-Ed from the NY Tim In-Reply-To: <9312021436.AA02569@tstc.edu> Message-ID: > This is beginning to kill me! This guy comes from the cmu.edu > domain and obviously has never tried to get an account on a > system outside of his institution. Much less on one of the > "expensive on-line services", as he put it. ha ha ... BTW: I did get an internet mail address not in the cmu.edu domain. > Here's some news! Currently the Delphi service offers full > Internet connectivity (e-mail, FTP, Telnet, Gopher, News) > for $20 a month for 20 hours of access. Delphi can be accessed > through SprintNet which means that most metropolitan areas > will have a local dial in point. In the near future America > On Line has stated that in the near future they too will go > full connectivity, they charge $9.95 a month for 4 hours > worth of access. AOL currently has e-mail available. That's > just two of the services that can be accessed from just about > any city of any real size in the states. True. But I could just as well set up my own BBS for about the same price. > Now, let's talk about those sysops that want to get connected > to the Interet. Here in Waco, Texas (a city of about 150,000 > people... 250,000 people if you count all the outlying cities) > to get a 56K dedicated Internet connection would cost > something like... > > $ 3000.00 Router > $ 1500.00 CSU/DSU > $ 600.00 Local Loop Termination/Installation > --------- > $ 5100.00 One-time costs. > > $ 75.00 Regional Network membership fee > $ 250.00 Local Loop Charge > --------- > $ 325.00 Monthly costs. > > These figures are ballpark, and some are gueses based on > experience in dealing with the regional networks here > in Texas. I know several sysops here that would easily > spend $5000.00 on their board in one shot, and could > easily spend the $300.00 a month for the connection. > On top of all that, it is a proven fact that people will > *pay* for Internet connectivity. Yes, I know there are sysops who could afford this, but the vast majority couldn't. I know it's certainly over my budget. > These costs are based on a dedicated 56K connection. > A 14.4 or 19.2K SLIP connection would probably be > *much* less! > > And, as Duncan and so many others are so fond of > pointing out. If the gummint would get out of the > way and let competition happen for the > local loop these prices would drop dramatically. Of course... Isn't this what cypherpunks have been wishing for all along? From klbarrus at owlnet.rice.edu Thu Dec 2 13:42:35 1993 From: klbarrus at owlnet.rice.edu (Karl Lui Barrus) Date: Thu, 2 Dec 93 13:42:35 PST Subject: REMAIL: list 12/2/93 Message-ID: <9312022139.AA15442@arcadien.owlnet.rice.edu> Unless I missed more, the changes are chaos.bsu.edu can be looked up, so no more remailer%chaos remailer at cdodhner at indirect.com is down also, I got some anon mail about changing the dos scripts to include more redirection to nul; apparently 4dos is more verbose. I will update this over the break, promise! -----BEGIN PGP SIGNED MESSAGE----- Cypherpunk anonymous remailers, 12/2/93 Q1: What are the anonymous remailers? A1: 1: remailer at chaos.bsu.edu 2: nowhere at bsu-cs.bsu.edu 3: hh at cicada.berkeley.edu 4: hh at pmantis.berkeley.edu 5: hh at soda.berkeley.edu 6: 00x at uclink.berkeley.edu 7: hal at alumni.caltech.edu 8: cs60a-qu at cory.eecs.berkeley.edu 9: ebrandt at jarthur.claremont.edu 10: catalyst at netcom.com 11: sameer at netcom.com 12: remailer at rebma.mn.org 13: elee6ue at rosebud.ee.uh.edu 14: elee7h5 at rosebud.ee.uh.edu 15: hfinney at shell.portal.com 16: sameer at soda.berkeley.edu 17: remail at tamsun.tamu.edu 18: remail at tamaix.tamu.edu 19: remailer at utter.dis.org 20: remailer at entropy.linet.org 21: elee9sf at menudo.uh.edu 22: remail at extropia.wimsey.com NOTES: 1-6 no encryption of remailing requests 7-21 support encrypted remailing requests 22 special - header and message must be encrypted together 12,19,20,22 introduce larger than average delay (not direct connect) 12,19,22 running on privately owned machines 13 requires "cash" payment for remailing 21 supports RIPEM encryption, caches remailing requests ====================================================================== Q2: What help is available? A2: Check out the pub/cypherpunks/remailer directory at soda.berkeley.edu (128.32.149.19). chain.zip - program that helps with using remailers dosbat.zip - MSDOS batch files that help with using remailers hal's.instructions.gz - in depth instruction on how to use hal's.remailer.gz - remailer code pubkeys.tar.gz - public keys of remailers which support encryption pubkeys.zip - MSDOS zip file of public keys scripts.tar.gz - scripts that help with using remailers For MAC's, at 129.82.156.104 in /pub/pgpc/ are two files: pgpc22.tar.gz, pgpc22.tar.Z which assist in using the anonymous remailers, including anon.penet.fi. Mail to me (klbarrus at owlnet.rice.edu) for further help and/or questions. ====================================================================== Q3. Email-to-Usenet gateways? A3. 1: group-name at cs.utexas.edu 2: group.name.usenet at decwrl.dec.com 3: group.name at news.demon.co.uk 4: group.name at news.cs.indiana.edu 5: group-name at pws.bull.com 6: group-name at ucbvax.berkeley.edu NOTES: * This does not include ones that work for single groups, like twwells.com. #6 blocks from non-berkeley sites (so use the berkeley remailers :-) -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLP5f44OA7OpLWtYzAQGzUQP/ewQIHSB4DNjAMabfcpvIiggpE/uuliyG RpmbqROIRQr7YQ6NaCuYxXFLO5v4nJeMeGOpVCzdGNoyFyX8BlUlAyZVjnNh+ymT Hmg8v18xEuH6OaMDRRiACUA1zfiU1Ia/iTDl8Z8fUxXAUzuuBkbYYofORBMWa1Rg iVxCj5IS+8w= =veYO -----END PGP SIGNATURE----- -- Karl L. Barrus: klbarrus at owlnet.rice.edu keyID: 5AD633 hash: D1 59 9D 48 72 E9 19 D5 3D F3 93 7E 81 B5 CC 32 "One man's mnemonic is another man's cryptography" - my compilers prof discussing file naming in public directories From jazz at hal.com Thu Dec 2 14:28:38 1993 From: jazz at hal.com (Jason Zions) Date: Thu, 2 Dec 93 14:28:38 PST Subject: NSA CAN BREAK PGP ENCRYPTION Message-ID: <9312022227.AA25783@jazz.hal.com> Major-league guffaws. > A lot of people think that PGP encryption is unbreakable and >that the NSA/FBI/CIA/MJ12 cannot read their mail. This is wrong, and it >can be a deadly mistake. In Idaho, a left-wing activist by the name of >Craig Steingold was arrested _one day_ before he and others wee to stage >a protest at government buildings; the police had a copy of a message >sent by Steingold to another activist, a message which had been >encrypted with PGP and sent through E-mail. Craig Steingold indeed. Looks so much like Craig Shergold, of infamous dying-boy-wants-Guiness-record fame, that I had to read it twice. > Since version 2.1, PGP ("Pretty Good Privacy") has been rigged >to allow the NSA to easily break encoded messages. Early in 1992, the >author, Paul Zimmerman, was arrested by Government agents. He was told >that he would be set up for trafficking narcotics unless he >complied. The Government agency's demands were simple: He was to put a >virtually undetectable trapdoor, designed by the NSA, into all future >releases of PGP, and to tell no-one. Paul, not Phil (his actual name). > After reading this, you may think of using an earlier version of >PGP. However, any version found on an FTP site or bulletin board has >been doctored. Only use copies acquired before 1992, and do NOT use a >recent compiler to compile them. Virtually ALL popular compilers have >been modified to insert the trapdoor (consisting of a few trivial >changes) into any version of PGP prior to 2.1. Members of the boards of >Novell, Microsoft, Borland, AT&T and other companies were persuaded into >giving the order for the modification (each ot these companies' boards >contains at least one Trilateral Commission member or Bilderberg >Committee attendant). Oh, no, not the Trilateral Commission again! > It took the agency more to modify GNU C, but eventually they did >it. The Free Software Foundation was threatened with "an IRS >investigation", in other words, with being forced out of business, >unless they complied. The result is that all versions of GCC on the FTP >sites and all versions above 2.2.3, contain code to modify PGP and >insert the trapdoor. Recompiling GCC with itself will not help; the code >is inserted by the compiler into itself. Recompiling with another >compiler may help, as long as the compiler is older than from 1992. Right. Every commercial compiler has code that recognizes every version of GCC source since 2.2.3 and inserts into the generated object code some new stuff that makes the freshly compiled GCC recognize every version of PGP released since 1992 and inserts into *its* object code magic breakage that creates an NSA trapdoor. I hereby nominate this message for the Cypherpunk's Paul Bunyan award, 1993, in the category of "Biggest Whopper". (Oh, yeah. While I'm at it - Detweiller's Medusa theories, in conjunction with his pseudospoofed distribution techniques, are hereby nominated for the Goebel's Memorial award for "Best Big Lie" of '93.) Jason Zions "Wish I really were Eric Hughes or Tim May, or at least that sharp" From newsham at wiliki.eng.hawaii.edu Thu Dec 2 14:38:38 1993 From: newsham at wiliki.eng.hawaii.edu (Timothy Newsham) Date: Thu, 2 Dec 93 14:38:38 PST Subject: NSA CAN BREAK PGP ENCRYPTION In-Reply-To: <199312022035.AA26183@genesis.ait.psu.edu> Message-ID: <9312022235.AA07977@toad.com> > > Since version 2.1, PGP ("Pretty Good Privacy") has been rigged to > >allow the NSA to easily break encoded messages. Early in 1992, the author, > >Paul Zimmerman, was arrested by Government agents. He was told that he hmm, amazing that "Paul" Zimmerman can so easily put a backdoor into a program he no longer maintains :) > > After reading this, you may think of using an earlier version of > >PGP. However, any version found on an FTP site or bulletin board has been > >doctored. Only use copies acquired before 1992, and do NOT use a recent wow! they went to every bbs and replaced the files! I wonder what they threatened all of those BBS sysops with? :) > >compiler to compile them. Virtually ALL popular compilers have been > >modified to insert the trapdoor (consisting of a few trivial changes) into amazing! As if compiler designers didnt have enough problems trying to optimize their code and make their code optimize others! Now they have to put up with inserting backdoors for NSA! Hmm, I wonder what kind of backdoors they are putting into unix these days? > > It took the agency more to modify GNU C, but eventually they did it. > >The Free Software Foundation was threatened with "an IRS investigation", > >in other words, with being forced out of business, unless they complied. The > >result is that all versions of GCC on the FTP sites and all versions above > >2.2.3, contain code to modify PGP and insert the trapdoor. Recompiling GCC > >with itself will not help; the code is inserted by the compiler into > >itself. Recompiling with another compiler may help, as long as the compiler > >is older than from 1992. No wonder GCC is so slow! > --**--**-- R X T 1 0 9 @ E M A I L . P S U . E D U --**--**-- > Bob Torres | "I don't know what I'm writing about: > plato at phantom.com | I'm obscure even to myself." > PGP PUB KEY AVAILABLE ** | -C. > Lispector, _The Stream of Life_ Thanx for the cross-post Bob! Great humor! Anybody make sure that no idiots over at alt.privacy believe this yet? Thanx for the great software "Paul"! From greg at ideath.goldenbear.com Thu Dec 2 14:52:36 1993 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Thu, 2 Dec 93 14:52:36 PST Subject: NSA CAN BREAK PGP ENCRYPTION In-Reply-To: <199312022035.AA26183@genesis.ait.psu.edu> Message-ID: uunet!psu.edu!rxt109 (Bob Torres) writes: > check out this load of bull that I pulled off of alt.privacy today. > Reminds me of those chain letters.... > > > A lot of people think that PGP encryption is unbreakable and that th > >NSA/FBI/CIA/MJ12 cannot read their mail. This is wrong, and it can be a dead > >mistake. In Idaho, a left-wing activist by the name of Craig Steingold was > >arrested _one day_ before he and others wee to stage a protest at governmen > >buildings; the police had a copy of a message sent by Steingold to another > >activist, a message which had been encrypted with PGP and sent through E-mai Mr. Steingold is still being held; yet another modern American political prisoner. He's asked that all people, everywhere, supportive of freedom of speech and association please send him Christmas cards; he's hoping to get into the Guiness Book of World Records, and hence gain publicity which will make the evil sheriff set him free. His address: Craig Steingold Inmate # 231768 c/o Washington County Jail Coeur d'Alene, ID 97401 (Ok, ok, just kidding. Sorry. Couldn't help myself. Don't send cards. The bandwidth police can come get me now.) -- Greg Broiles Lemon Detweiler Pledge? greg at goldenbear.com You're soaking in it. From an4914 at anon.penet.fi Thu Dec 2 15:28:40 1993 From: an4914 at anon.penet.fi (Nitch) Date: Thu, 2 Dec 93 15:28:40 PST Subject: An Occupied Nitch? Message-ID: <9312022326.AA15269@anon.penet.fi> -----BEGIN PGP SIGNED MESSAGE----- >From: jimn8 at netcom.com (Jim Nitchals) >Date: Thu, 2 Dec 93 10:08:08 PST > >Because the spelling of my last name is fairly uncommon, and someone >used a pseudonym that happens to be a good part of said name, I just >wanted to make it clear that an4914 at anon.penet.fi is not me, and I >have no idea who "Nitch" actually is. > Terribly sorry to frighten you, Jim. Nitch is a (very) little-known nickname of mine from quite some time ago. There are probably only five people who ever knew that it had been given to me. Funny name collision. I never expected it. Hope you don't get fired. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLP451+yu9liBvjrdAQH34wP+OK+BV+iiC9B1CUQquVwpvcxzGgMZiwej lfFtc+PXPqOHx4vEkWfzbKCoQrRElbBg3Iy6F7m73w+lTe57sggd0HKp9V7U75r6 hXzuuKhDSbNfgSy4OVVjVIGcpDImcpfJSsRQFeE3fch2CWne0VpxzJdVjE12iL5o lv9F3KNdxFw= =cXBb -----END PGP SIGNATURE----- ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From mechanism at aol.com Thu Dec 2 15:52:36 1993 From: mechanism at aol.com (mechanism at aol.com) Date: Thu, 2 Dec 93 15:52:36 PST Subject: Digital monetary system info needed on AOL Message-ID: <9312021849.tn14026@aol.com> Here's a chance to help spread the word to something a bit closer to "mom & pop" than the cypherpunks. kenwardb at aol.com has asked for info on digital cash, and wants to post info on it to an EFF conference on AOL. You might send some not-too-long info to him. Please don't EVERYONE do it, it might cost him a bit. Just one or 2 people do so, and announce that your're taking care of it. I'd do it myself, but I think there are quite a few other people here that know more about it than me, and may know of a short concise intro on the matter for the layperson. Please indicate that the material you send is intended to be reposted to the AOL sig. Stanton McCandlish mech at eff.org From an32951 at anon.penet.fi Thu Dec 2 17:48:41 1993 From: an32951 at anon.penet.fi (Coerr) Date: Thu, 2 Dec 93 17:48:41 PST Subject: Handy Hint That Applies to Punks Message-ID: <9312030146.AA06639@anon.penet.fi> A humorous posting that may apply here: Author is: an31438 at anon.penet.fi (Alcan-Foil-Wrapped-Pork-Stock-Warrior) Subject: Handy Hint for law-abiding citizens Go to your local police station and offer to have your fingerprints taken. This will allow them to eliminate you from their enquiries on many outstanding cases. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From jkreznar at ininx.com Thu Dec 2 18:22:36 1993 From: jkreznar at ininx.com (John E. Kreznar) Date: Thu, 2 Dec 93 18:22:36 PST Subject: Entropy, Randomness, etc. In-Reply-To: <9312010132.AA20601@terminus.us.dell.com> Message-ID: <9312030219.AA08840@ininx> -----BEGIN PGP SIGNED MESSAGE----- This is a supplement to the fine answer to your question which has already provided by Scott Collins. > How do we measure the entropy of a random number, > or a series of random numbers? > Give a particular set of data used to generate a random key, such as, > a unix box's /dev/mem, how can one measure the number of bits of > entropy? Actually, it can't be done. The consistent measure of entropy for finite objects like a string or a (finite) series of random numbers is the so-called ``program length complexity''. This is defined as the length of the shortest program for some given universal Turing machine which computes the string. It's consistent in the sense that it has the familiar properties of ``ordinary'' (Shannon) entropy. Unfortunately, it's uncomputable: there's no algorithm which, given an arbitrary finite string S, computes the program-length complexity of S. Program-length complexity is well-studied in the literature. A good introductory paper is ``A Theory of Program Size Formally Identical to Information Theory'' by G. J. Chaitin, _Journal of the ACM_, 22 (1975) reprinted in Chaitin's book _Information Randomness & Incompleteness_, World Scientific Publishing Co., 1990. John E. Kreznar | Relations among people to be by jkreznar at ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLP6iDsDhz44ugybJAQH9IwP/V2EZ/crPIENnkWAYFbCKfNrPuStkb7U9 kQurAUc0xgIzcGjYYw6KFAwJ2zMYgGAmtUlbBbkEaJnAjQJc6AT2Q3PBWitWG5Fk +p2YJwSV00TtSxVXqiu7IWUpK2zlbCDzYq0hdoabe4GOoYgdYd96y6WV62AqFb39 MifNcQF5XMQ= =quUv -----END PGP SIGNATURE----- From ebrandt at jarthur.Claremont.EDU Thu Dec 2 20:02:36 1993 From: ebrandt at jarthur.Claremont.EDU (Eli Brandt) Date: Thu, 2 Dec 93 20:02:36 PST Subject: Entropy, Randomness, etc. In-Reply-To: <9312030219.AA08840@ininx> Message-ID: <9312030401.AA12564@toad.com> > Program-length complexity is well-studied in the literature. A good > introductory paper is ``A Theory of Program Size Formally Identical to > Information Theory'' by G. J. Chaitin, _Journal of the ACM_, 22 (1975) > reprinted in Chaitin's book _Information Randomness & Incompleteness_, > World Scientific Publishing Co., 1990. The Li+Vitanyi chapter in the _Handbook of Theoretical Comp. Sci_, Vol. A, is a nice review. And your library probably has the book, while it may not have their new text. > John E. Kreznar Eli ebrandt at jarthur.claremont.edu PGP 2 key by finger or e-mail "Your hideous criminal clock, your insidious time bomb, is tick-tick-ticking." -- L. Detweiler From tcmay at netcom.com Thu Dec 2 20:03:42 1993 From: tcmay at netcom.com (Timothy C. May) Date: Thu, 2 Dec 93 20:03:42 PST Subject: Entropy, Randomness, etc. In-Reply-To: <9312030219.AA08840@ininx> Message-ID: <199312030402.UAA26750@mail.netcom.com> John Kreznar writes: > > Give a particular set of data used to generate a random key, such as, > > a unix box's /dev/mem, how can one measure the number of bits of > > entropy? > > Actually, it can't be done. The consistent measure of entropy for > finite objects like a string or a (finite) series of random numbers is > the so-called ``program length complexity''. This is defined as the > length of the shortest program for some given universal Turing machine > which computes the string. It's consistent in the sense that it has the > familiar properties of ``ordinary'' (Shannon) entropy. Unfortunately, > it's uncomputable: there's no algorithm which, given an arbitrary finite > string S, computes the program-length complexity of S. The intuitive idea is similar to there being no "maximum compression" of a string: though one may strongly suspect a compression is pretty good and may in fact be the best there really is, one may find an even better compression. Like the "pi" example Scott Collins used. Still, one can make estimates of the entropy of a string. > Program-length complexity is well-studied in the literature. A good > introductory paper is ``A Theory of Program Size Formally Identical to > Information Theory'' by G. J. Chaitin, _Journal of the ACM_, 22 (1975) > reprinted in Chaitin's book _Information Randomness & Incompleteness_, > World Scientific Publishing Co., 1990. And an especially good place to read all about this is in the new book by Ming Li and Paul Vitanyi, "An Introduction to Kolmogorov Complexity and Its Applications," Springer-Verlag, 1993. $60. Lots of good chapters on entropy, program length measures, algorithmic information theory, etc. Ironically, no mention of cryptology at all. (But Charles Bennett, one of the pioneers--especially in the area of "logical depth"--has written about the deep links between the two areas. Basically, ciphertext messages are "cryptoregular" in that they _appear_ to be of high entropy (random) but actually have low entropy when of course the right transformation (key) is applied. You clever folks will by now have seen the link to the opening discussion: how does one know if a given text is "cryptoregular" and actually carries a message or is just random junk? The answer in general is that no mechanistic/algorithmic method exists! (Hardly surprising, if you think about it. A one-time pad is information-theoretically secure. Every English (or Russian, etc.) sentence of length L can be "found" in a cyphertext of length L by trying the "right" pad. A thousand monkeys and all that.) For messages that are not encrypted with one-time pads, this is not the case, and various bits of information can sometimes be extracted. Cryptanalysis sometimes works. Last I heard, though, it doesn't help with breaking RSA (chosen plaintext attacks on RSA don't help with the factoring problem at all...consult the textbooks on the exact situation, if you're interested in such subtleties). Kolmogorov-Chaitin measures of complexity are very exciting. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From kinney at ucsu.Colorado.EDU Thu Dec 2 22:32:39 1993 From: kinney at ucsu.Colorado.EDU (W. Kinney) Date: Thu, 2 Dec 93 22:32:39 PST Subject: Mac Encryption Program Ready! Message-ID: <199312030631.AA11143@ucsu.Colorado.EDU> CP's -- Since Cypherpunks write code... My Mac encryption software is ready for beta! Anybody out there interested in taking a look-see and giving me some feedback? I incorporated into the software almost all the advice I received in response to my request a month ago for advice about the encryption algorithm, and it seems pretty good to me (I've added cryptographically random IV's and encrypted header data). But I'd be especially interested in feedback on weaknesses/improvements. The program is a System 7 _only_ conventional encryption application, using IDEA CFB. It works drop-and-drag, encrypts files, folders, or whole volumes, allowing pass phrases up to 255 characters in length, and has a small variety of hip features. The program is freeware and (of course) comes with source code. It's called "Curve Encrypt". I've created a software company 'nym, "Curve Software", with an associated PGP public key for release verification (enclosed here). Note that I'd appreciate correspondence relating to the software sent to kinney at bogart.colorado.edu, so I can keep it separate from my other mail. I will only distribute this software within the U.S. I do not want to fuck with ITAR. Please respect this. E-mail me if you want the code. -- Will -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCPAiz+bEEAAAEEAMUbtdwYC1vY+s5559ERIvC1MT+Yaw3ozheaHcUciJe7cSAk k9TpAQd7iKukKnQe5kK1YtvYm0JP6fmNrcO8AmG5ukvcOlyuri618sjpXncpQ1cL 5xeV80f3JtmheGMnqAzTK8OyfJ7zRh1PhAZcT/vVzf+JGuCuVcJkEfxTVMrJABEB AAG0K0N1cnZlIFNvZnR3YXJlIDxraW5uZXlAYm9nYXJ0LmNvbG9yYWRvLmVkdT6J AJUCBRAs/m+A9+/hOkiDY/EBARd9A/wIJBxW2w+wStmUhZ2eWLIkMEqbChstKg4W QUVx0h7Z75uVqRBNP5s6wyWfBhHpptjOkre6MNKM+oMGPPfGJFqbPgMwedXCVA+8 XiyEa55YUUTZ5D8OmR4Ot1z9HpKwZAjfJAxs9lrF2kcOF4xvtOeQF/QmuAf27JJU xetOByecLA== =RmKK -----END PGP PUBLIC KEY BLOCK----- From MIKEINGLE at delphi.com Thu Dec 2 23:48:45 1993 From: MIKEINGLE at delphi.com (Mike Ingle) Date: Thu, 2 Dec 93 23:48:45 PST Subject: NSA CAN BREAK PGP Message-ID: <01H60ZOMLFNE90R379@delphi.com> While this article is clearly a poorly written hoax, the compiler part does have a historical basis. One of the first versions of Unix had a trapdoor in login to allow the developers to get in. The compiler was designed to put the trapdoor back in if login was recompiled. The compiler was also designed to put the trapdoor back in itself if the compiler itself was recompiled. This made the trapdoor almost impossible to get rid of. This is probably where the nut who wrote the story got this idea. --- MikeIngle at delphi.com Democracy is three wolves and a sheep voting on lunch. From jimn8 at netcom.com Fri Dec 3 00:08:45 1993 From: jimn8 at netcom.com (Jim Nitchals) Date: Fri, 3 Dec 93 00:08:45 PST Subject: Nitch (also re: steganography) In-Reply-To: <9312022326.AA15269@anon.penet.fi> Message-ID: <199312030807.AAA06846@mail.netcom.com> an4914 at anon.penet.fi writes: > > Terribly sorry to frighten you, Jim. Nitch is a (very) little-known > nickname of mine from quite some time ago. There are probably only > five people who ever knew that it had been given to me. > > Funny name collision. I never expected it. Hope you don't get fired. Fired? Hehe.. I'd sincerely expect more from my employers than to get upset at something I post to a mailing list. Thanks for the reply. Now.. to increase the signal-to-noise ratio a bit.. (hopefully a few people on the list read this one anyway) there was a mention of using the LSB of a picture for steganography, and the ensuing difficulty in hiding the results. An idea I've had is to hide the data as the exclusive-or of several LSB's within the image. There are two problems with using the LSB of *every* pixel: the obvious distribution of 1's and 0's, and the resulting loss of compressability of the resulting image. A 320x200 image can hold 8,000 bytes of data in the LSB, which is probably more capacity than most messages need. If instead we use 1 bit of steganographic data for 8 pixel LSB's, the capacity is still about 1K, and it should be easier to hide the steganographic signature because only 1 LSB out of 8 needs to be changed if the parity is wrong. If using GIF or other lossless encoder, we can tweak LSB's in ways that actually *reduce* compressed file size. As long as we're tossing out the LSB as usable picture information, let's get some benefit from it. Assuming matching JPEG encoders and decoders on the sending and receiving end, a JPEG image could theoretically store steganographic data by tweaking the quantized DCT coefficients until they matched the desired steganographic output. The extra beauty here is that not all JPEG decoders are built the same, so the output may not be bit-for-bit the same. Decoding the steganographic data would require not only a knowledge of the algorithm, but a matching JPEG decoder as well. From szabo at netcom.com Fri Dec 3 01:32:39 1993 From: szabo at netcom.com (Nick Szabo) Date: Fri, 3 Dec 93 01:32:39 PST Subject: Graynet Message-ID: <199312030931.BAA00202@mail.netcom.com> Forwarded from comp.infosystems: Reply-To: an53728 at anon.penet.fi Date: Tue, 30 Nov 1993 06:03:34 UTC Subject: Information INFORMATIONAL REPORTS - How to trick pay phones into thinking you deposited money - How to clone cellular phones - How to make traffic lights turn green by remote control - How to build and use a bugging device - How to make your electric meter go backwards - How to get cable TV for free - How to create your own pirate TV or radio station $10 each, or all for $40. For informational purposes only. Send self- addressed, stamped envelope. Make checks or money orders out to Kardos. Kardos P.O. Box 2310 Darien, CT 06820 USA ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From tcmay at netcom.com Fri Dec 3 01:38:45 1993 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 3 Dec 93 01:38:45 PST Subject: "High Stakes in the Living Room" Message-ID: <199312030938.BAA15461@mail.netcom.com> "In the high-tech future of interactive television, gamblers could bet against the house in the privacy of their homes, couch potatoes could rake in the big bucks with the remote control adn the living room could be transformed into a high-roller's paradise." So begins an article by Benjamen Pimental in the Dec. 2, 1993 issue of "The San Francisco Chronicle," an article entitled "High Stake in the Living Room," page A1 (a page one story). I tried to OCR the article, but newsprint is hard to get a good accuracy rate on and I gave up after seeing a sea of errors to be corrected. Here are just some highlights: - race tracks, lotto games, etc. being talked about. Quebec has actually deployed it, So Calif. tried it to. Several companies (NTN Communications, Videotron) are developing telegaming software and are working with local gaming authorities and racetracks, etc. - other groups are opposed, for moral reasons ("lose the house from inside the house"), for entrenched-interest reasons, etc. - concerns about minors either playing by hacking the system or by watching the unsavory practices of their elders - beginning talk about the need for security--credit card accounts, passwords, etc. (No mention of encryption, though.) So, this is already starting up. Nick Szabo has written about his ideas for "The Internet Casino" and telegambling. Sounds like others are moving ahead. There are some issues of great interest to Cypherpunks and Crypto Anarchists: * What happens to local gambling laws when gambling is just a phone call away? (I'm certainly not arguing for local gambling laws, and I'll be delighted to see them smashed by technology. My point here is to analyze what will change and how the authorites will try to counter the change.) * What happens with remailers and mixes used to reach these remote gambling sites? Casinos in the Bahamas could come "on-line" at almost any time. * Strong crypto means these gambling sites can be reached from anywhere. (A potentially good way to "liquify" digital money: deposit dollars in a Bahamian casino bank, access it via the gambling nets, withdraw it or whatever in ATM machines. A formal alliance between certain types of Cypherpunks and certain types of offshore casine operators could be lucrative.) * Will the "Data Highway Patrol" (DHP) allow gambling packets to move freely? (Scenario: Strong crypto is banned, somehow (?), because the Data Highway Patrol--known affectionately as the "ClipperCHiPS"--needs to make random inspections of "cargo loads." This scenario I expect to happen if the NII goes through.) ...and so on. You get the drift. The Brave New World of strong crypto will nuke most current laws about gambling, selling of information, consulting, payment of taxes, zoning, practicing certain professions without approval, and so on. Interesting times indeed. Speaking of which, I'll be giving a public lecture on these topics next Wednesday, the 8th, at 4 p.m., Skilling Auditorium, Stanford University. More information should follow in a few days. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From sameer at uclink.berkeley.edu Fri Dec 3 03:18:47 1993 From: sameer at uclink.berkeley.edu (sameer at uclink.berkeley.edu) Date: Fri, 3 Dec 93 03:18:47 PST Subject: cryptanalysis for radio communications Message-ID: <199312031116.DAA24889@mail.netcom.com> I was wondering if any cryptanalysis packages existed which could help in decrypted information picked up with a scanner. It seems that a bunch of people trying to defend their home from the feds were listening in on the feds radio communications, but now they're encrypting stuff. It's probably not very strong crypto, maybe just a simple XOR. (So I hear.. a friend asked me to help him, 'cause he's the one helping these folk in Nevada.) Thanks. From dmandl at lehman.com Fri Dec 3 05:28:50 1993 From: dmandl at lehman.com (David Mandl) Date: Fri, 3 Dec 93 05:28:50 PST Subject: NSA CAN BREAK PGP ENCRYPTION Message-ID: <9312031325.AA02632@disvnm2.lehman.com> > From: jazz at hal.com (Jason Zions) > > > A lot of people think that PGP encryption is unbreakable and > >that the NSA/FBI/CIA/MJ12 cannot read their mail. This is wrong, and it > >can be a deadly mistake. In Idaho, a left-wing activist by the name of > >Craig Steingold was arrested _one day_ before he and others wee to stage > >a protest at government buildings; the police had a copy of a message > >sent by Steingold to another activist, a message which had been > >encrypted with PGP and sent through E-mail. > > Craig Steingold indeed. Looks so much like Craig Shergold, of infamous > dying-boy-wants-Guiness-record fame, that I had to read it twice. Right, and I'm sure this is exactly the way the NSA would finally reveal that they can break PGP: by busting a group of lefties planning to "stage a protest at government buildings"! Good one. --Dave. From bjh at northshore.ecosoft.com Fri Dec 3 05:48:51 1993 From: bjh at northshore.ecosoft.com (Brian J. Harvey) Date: Fri, 3 Dec 93 05:48:51 PST Subject: Request For Comments (Cypherpunks write code!) Message-ID: /****************************************************************************/ /* */ /* "Almost Truly Random Bits" - a proposed standard for */ /* */ /* generating crypto-grade random seeds and keys */ /* */ /* using AT compatible hardware and MS-DOS */ /* */ /* by */ /* */ /* Brian J. Harvey */ /* */ /* Copyright (C) 1993, Tea Party Software */ /* */ /* ---- */ /* */ /* MD5 Message-Digest Copyright (C) 1991, RSA Data Security, Inc. */ /* */ /****************************************************************************/ /* ATRB is inspired by the as-yet-unimplemented hardware strategy that appears in PGP v2.3a. ATRB does not suggest a standard usage (API), but rather demonstrates a hardware-specific method for capturing keyboard latency intervals. This method requires an AT (all) or XT (some) BIOS that supports interrupt 15h, func 4Fh, keyboard intercept. Note that this implementation traps key _releases_, not presses. This avoids needless problems and complexity. MS-DOS extentions are not standardized amongst C compilers, however, it should be relativly easy to adapt this Turbo C implementation for other compilers. Finally, a note concerning the MD5 Message-Digest... Ron Rivest, in Request for Comments 1321, says: "The MD5 algorithm has been carefully scrutinized for weaknesses. It is, however, a relatively new algorithm and further security analysis is of course justified, as is the case with any new proposal of this sort." With respect to this statement, I am concerned about the non-standard usage of the MD5 in PGP's randstir() function. (I'm not an expert, nor do I pretend to be.) Please direct questions, comments and job offers to the above address. "Yet is was for me - not you - I came to write this song." - Neil Peart */ #include #include #include #include #define PROTOTYPES 1 #include "global.h" #include "md5.h" #pragma options -r- -N- /* Defines */ #define MES_VEC 0x15 /* Misc. Extended Services */ #define MES_FUNC 0x4F00 /* Keyboard Intercept (XT,AT only) */ #define SP_UP 0xB9 /* Spacebar release (scan code) */ #define ESC 27 /* Escape (ascii) */ #define MAX_RAW 20 /* Actual number of raw bytes to get */ #define TIMER0 0x40 /* Timer constants */ #define TIMERCTRL 0x43 #define LATCHTIMER 0 /* Prototypes */ void reset_kbd_trap(void); /* Auto-cleanup */ #pragma exit reset_kbd_trap void near futz(void); /* Wait for Timer ports to settle */ void interrupt new_kbd_trap(void); /* This will latch the timer */ /* Globals */ void interrupt (*old_kbd_trap)(void); /* Save the original vector */ MD5_CTX MD5context; /* defined in MD5.h */ time_t time_seed; /* record the time */ unsigned char raw_buffer[MAX_RAW]; /* collect the latency values */ unsigned char MD5digest[16]; /* Hash output */ int raw_index,MD5_index; /* bookkeeping */ /* Functions */ void reset_kbd_trap(void){ /* Auto-cleanup */ setvect(MES_VEC,*old_kbd_trap); } void near futz(void){} /* Wait for Timer ports to settle */ void interrupt new_kbd_trap(void){ /* This will latch the timer */ unsigned int local_ax = _AX; /* Better safe 'n sorry... */ if(local_ax == MES_FUNC + SP_UP && raw_index < MAX_RAW){ /* Latch and accumulate */ outportb(TIMERCTRL,LATCHTIMER); futz(); raw_buffer[raw_index++] = inportb(TIMER0) ^ inportb(TIMER0); cprintf("\b� "); /* Advance the pinwheel */ } (*old_kbd_trap)(); /* Give others a chance... */ } void main(){ unsigned int pindex = 0; char pinwheel[5] = "/-\\|"; /* Set the "trap" */ old_kbd_trap = *(void interrupt (* far *)(void))MK_FP(0,MES_VEC * 4); setvect(MES_VEC,new_kbd_trap); MD5_index = raw_index = 0; time(&time_seed); /* Start message digest w/time */ MD5Init(&MD5context); MD5Update(&MD5context,(unsigned char *)&time_seed,sizeof(time_t)); cprintf("\nATRB - \"Almost Truly Random Bits\"\r\n"); cprintf("Copyright (C) 1993, Tea Party Software\r\n"); cprintf("\nPlease press the SPACEBAR %d times (ESC aborts...)\r\n",MAX_RAW); cprintf("%.*s\r",MAX_RAW,"����������������������������������������"); while(MD5_index < MAX_RAW && (!kbhit() || getch() != ESC)){ if(MD5_index < raw_index) MD5Update(&MD5context,raw_buffer + MD5_index++,1); if(raw_index < MAX_RAW){ cprintf("\b%c",pinwheel[pindex++ % 4]); delay(50); } } while(kbhit()) /* flush keyboard */ getch(); if(MD5_index == MAX_RAW){ cprintf("\r%-*s\r\n\n",MAX_RAW,"Okay, thanks..."); MD5Final(MD5digest,&MD5context); cputs("Timeseed, Raw bytes:\r\n"); cprintf("%08lX ",time_seed); for(pindex=0;pindex -----BEGIN PGP SIGNED MESSAGE----- Hmm. Seems the Curve Software public key I sent out has a "bad signature" attached... namely my personal PGP key, with which I signed the new key. Here's what happened -- perhaps someone can explain why: I generated a new key for Curve Software, and signed it with my other key, while it was in my secret key ring (should be ok, right?). I then extracted the new key to an ascii file. When this new key and signature are added to my public keyring, it tells me that the signature is bad. I then select removal of the bad signature, and MacPGP gives me a dialog that says "File pubring.$01 already exists. Overwrite? (y/n)" If I select "yes", I get the dialog back over and over. If I select no, the dialog goes away and the Curve Encrypt key ends up in my public key ring, _with the signature still attached_. Now when I verify the signature of the key while it's on the ring, it is flagged as valid. What the hell? It must have something to do with having signed a key on my secret ring, which was kind of a weird thing to do, I guess. And now I'm all worried that somehow I've compromised the security of one or both of these keys. The second problem I have is how to correct the bad signature in all the copies of the Curve Software public key that are out there? Should I leave the bad sig in there and sign it again? Should I remove the bad sig and re-sign it? Should I just issue revocation certificates for everything and start over? Seems like it ought to be all right to remove the bad sig, re-sign the key, and post the same key with the new signature to the list, signed with itself so that people who already have it in their pubring can verify its veracity. Still, this will be good fuel for paranoia -- "here's the public key for verifying this encryption software... OOPS! screwed it up, here's a NEW key!" Advice appreciated. I don't want to release the code to the Beta testers until this security issue is resolved. -- Will -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLP8JZPfv4TpIg2PxAQGaIQP9GW5D5c695lys23opUDogxlIEvFuCDnKS GK9F5zsAWSwcXLxvRg05Wr59+/xtLPAxWat+wsdg5hdVCXFMECPCALwgC75H0Vpw 2wql24ZobSwJFLY+AXDSxscMUwZwLr5j9PtN6GL/EUubRihH7JXs2tzsupvdlde8 j5p0J5ZvwhM= =1aLJ -----END PGP SIGNATURE----- From nobody at shell.portal.com Fri Dec 3 09:44:12 1993 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Fri, 3 Dec 93 09:44:12 PST Subject: No Subject Message-ID: <9312031743.AA08987@jobe.shell.portal.com> -----BEGIN PGP MESSAGE----- Version: 2.3a owGFVE2oG0Uc7yu26uIWvIkgjCn4Ku8jn29f8myxeckm2SS7+Xz5eBedzE6ym+zu 5M3OZrM59CBtURFKFUEPCkL1IHiwiodePHpTLIJCpVYPelcKaoU6m/cKxYsDC8v+ 5/+b38d/57Vjbx8/sbJ+P0i/9fPfH92/96m4svLLmUeOXSV/Zu++HxHhxTsvPpr6 4uI3d16/2Xv8+0tPf8DyX/1z8pRzKnPttvDYxct/bZy7Pl25/M7v5mn3uVu3C99d e9fdeKP61EvqjVSk8kO95yQ/viB9e+GFHxP36G+fP3v2ie7eJSl5ZadO5h+ef2// lZvgy69v/XT9szf/OH7lxsu5X0/fvfrqM09+cvIsO+Ey3XSO8SUKVcxWXWDDCQYQ 6Bha6yCSC6YGpnXPmYAcNW3TgVZkc3NTFEQhi5gHLStYB9aycRURx2XUQ2z1qH8T AGVVB5bJERkBBoYUBMSjwORVFwwJFQXLQxQyc4YBniMDOiMcUtAxmBLXNQcWBoMA MMN0gUsoA2QIoEOcwDZZEMIDaIvCFFJmIs+C1AqA6TBMscuwzl85FJ1g5gLfMJEB DMjPcYnNBdrEc5ZwU29gmUgU3MCeQmZwOQOP8b4ADDgnewAp5EScESCct2XhEbRC 5ocwhyebU+gwd2mKRjhXvlnnXbwSynYZ3wR8kxmH0CYDiHiWHuI/IMtbjlwVhRIZ YApUbi3x10GbcjNoiJML+Hd3ChEWhY0NUWgTQDHkqmy8DvCGDU0LRNpkByDIoBW4 7LyDGSL2Jn8i3LXQD2R53FpmcIghCQ8IuVqmw00/E9nZifASJd7IABFZy4N6sQ5U udXKFuXI+mG3y5N6HkBXFDgIKCjNVvuon5u9zJbLmfJBwDyddhibz00DHJThUPkR vihA4GJq8j4eAcUheS4OeEunnWV8XJSDaDANk+SG+5DqoU0A9IknCv4DC33TXU7X lBKGETskQXwnHDKH8TEJmS1H0IaOg+lm6F64EM+CzzbeeGj9/zdR2NkRBfkBs53Q pDC1ZXFXLiraw7YdtXS4NpM4OyCxmYThbkPxc3Yab20n6llpMtnNRmP7NvPn3YSp jqS9mlyBibGUQFUiaYtyfYBL9Y6FikNlalmzMVJFobHvM7lrp7t6rt4t9pVJfivb iGaStaIkFeVJKpUbQ9UbRINU7KCYkRe5UbdZgpa2vdjO7+VTKVHwNCpjf3ut3NtS WlqlXF8cwJTaKtpMWShJNu92E8lCL1ZrTbZKrL4VdbOVacDmzUnKYHnYz/IbIFvo DIfmdjbeJooTGyr+rD9msUDJF1TqxxsaqxVt2p/maUedz0sst+iQ5oR259nUcN+g kiiUZ9FZzxj0tg7i5Z6MqqOqlx+vZSvZTDwmkWgrro49mtO1dKVa3DXbWU0eDXqz +IgW0i09YzREAVcGKoqWScto+hl1bfdghgvterM5IbspNV1ttjUtn21QvbRXnTVN xVN96JsxNp93D2qLtJQWBXWUWmt3D8oWw73dcUyuJ4xUnlVsv9SFlRiVG+MhDpTO SEWDtLULM4motjeQJFTfRmalv89VKG2vPy/4eZMylOTX5NxH+q5vaa4cbcjVoKYW dBpNxdZ6SBm2tmHDR6W8psxquRGSUDWvi0KtPC7X5TQc6zVENCURDKXONINyVStu tbfj8b6XLLXTul+KoqzenctSf5Ecd9eM5rA1GeVwj//ObjJXasPeopceNWza0xNW cWtWHA2jgb0fLavlpl7RO5nosFLvxvYbHTqY+Jq7kAeNUWs289f4TE/TW1WpwBKu e04UzlG5Yh6N9X/ugqOh/hc= =o/dm -----END PGP MESSAGE----- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAiz/ZcgAAAEEALrXxRyAPE8zxrvRxtYXvyXTdKDVSRMEky1Tb9gpx2Mnrkqw 5P8F3CoZv2FSPDiIvU3g+yMDbBT1sgOOKR8wja/HhrDwY+R/ckvZcGNKSrDtXgGN dheuOQsTxJUxAbVUN1DB87kC3sYyNGpD6bKUFm3vYJ+imoOP4ZPh+qb/+7ENAAUR tCJIb2JlciBNYWxsb3csIFRyYWRlciB0byBDeWJlcnNwYWNl =paYE -----END PGP PUBLIC KEY BLOCK----- From frc%bwnmr4 at harvard.harvard.edu Fri Dec 3 10:39:08 1993 From: frc%bwnmr4 at harvard.harvard.edu (Fred Cooper) Date: Fri, 3 Dec 93 10:39:08 PST Subject: MIT Keyserver In-Reply-To: <9312022042.AA09651@toxicwaste.media.mit.edu> Message-ID: <9312031834.AA01074@bwnmr4.harvard.edu> -----BEGIN PGP SIGNED MESSAGE----- - -----BEGIN OF PGP DECRYPTED TEXT----- > I am sorry to announce that the PGP Keyserver at pgp.mit.edu > (a.k.a. toxicwaste.mit.edu) has to be shut down. The processes involved > The keyserver will remain down for an indefinite period of time. > Unfortunately there is nothing I can do at this time. I'm sorry for > the inconvenience this may cause. > -derek - -----END OF PGP DECRYPTED TEXT----- OK this is the second keyserver to go down in a month. Anyone want to tell us why? Derek, I appreciate that you can't prevent it but a little more explanation of why would be much appreciated too. FRC - -- #include /* Neural N ts catch only dreaming fish. */ -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLP+GfLbAlE4AqlTZAQHuIgQAnD6jkd8ZZjQvwe9XkfUZ7AYAeVCKI/CW Abk3HJBK2o+uEeWv+D75iI8l8UmZn/0lMjwTqws5qllR3VE97CVQrvaEef+rXBn7 rBK+5Nm64siGW53eggETCfq9Y1tEvujegJRHmTId8VRVtJkCYgYTnr8BRjvl1Ssk VYHgv9W1cu8= =WdMI -----END PGP SIGNATURE----- From frc%bwnmr4 at harvard.harvard.edu Fri Dec 3 10:59:07 1993 From: frc%bwnmr4 at harvard.harvard.edu (Fred Cooper) Date: Fri, 3 Dec 93 10:59:07 PST Subject: ID hacking Pointer Message-ID: <9312031857.AA01282@bwnmr4.harvard.edu> -----BEGIN PGP SIGNED MESSAGE----- For those who are interested, someone has started a thread on the Fringeware mailing list about spoofing and nyms.... The consensus (of 2 messages) is that the dreaded PSUEDOSPOOF is a bad thing... Anyone know if LD is on the fringeware list? FRC - -- #include /* Neural Nets catch only dreaming fish. */ -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLP+MGrbAlE4AqlTZAQGUvAP/ZD9GitZBYQo6F32vrC9Skiu/1rrtY93Z IP4br5fyctNKvwAeC4cpTla6DDokm6ixhUNLQjlKsIFb1blu8qWroUIyemTxhFxZ YSuvlcIQJeR+29kRGhQN7EHps5l72lvEdScWAbAnuzA/teNxtS00P+v28YWp5aUh A9SsnL/ooos= =6RdN -----END PGP SIGNATURE----- From sameer at uclink.berkeley.edu Fri Dec 3 10:59:10 1993 From: sameer at uclink.berkeley.edu (Sameer) Date: Fri, 3 Dec 93 10:59:10 PST Subject: REMAIL: list 12/2/93 In-Reply-To: <9312022139.AA15442@arcadien.owlnet.rice.edu> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- > 8: cs60a-qu at cory.eecs.berkeley.edu This remailer will be deactivated as of Dec. 20th. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLP+LP3i7eNFdXppdAQHoDAQAoVgQI/DEX1Q6AP/D3N/y1nbWmP16vtVS r5tUrYlVdeP6+7TG5DTbgbxzZqPx+V+Il/rPw0XDQw4jGG+pKf8Tr7S/4ozZi/wr 47hy/X4NUfW14S8K6tJa2O2aYS8nDzvwue3m5DHGapqEtdq7As03n5YDJjHTWcAs wxhrgbFCAyE= =d6Xa -----END PGP SIGNATURE----- From sdw at meaddata.com Fri Dec 3 11:39:07 1993 From: sdw at meaddata.com (Stephen Williams) Date: Fri, 3 Dec 93 11:39:07 PST Subject: MIT Keyserver In-Reply-To: <9312031834.AA01074@bwnmr4.harvard.edu> Message-ID: <9312031936.AA01241@jungle.meaddata.com> ... > > I am sorry to announce that the PGP Keyserver at pgp.mit.edu > > (a.k.a. toxicwaste.mit.edu) has to be shut down. The processes involved > > > The keyserver will remain down for an indefinite period of time. > > Unfortunately there is nothing I can do at this time. I'm sorry for > > the inconvenience this may cause. > > -derek > - -----END OF PGP DECRYPTED TEXT----- > OK this is the second keyserver to go down in a month. > > Anyone want to tell us why? > Derek, I appreciate that you can't prevent it but a little more > explanation of why would be much appreciated too. Yes, please. Don't feel badly that you were coerced, I'm sure we understand untenable positions. But keeping the nature of the coersion secret can only encourage it. Of course, by the lack of a reason, we can only assume that whoever 'it' was, it was 'big' enough to either scare you or threaten you with some action if you talked... sdw -- Stephen D. Williams Local Internet Gateway Co.; SDW Systems 513 496-5223APager LIG dev./sales Internet: sdw at lig.net CIS 76244.210 at compuserve.com OO R&D Source Dist. By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430 GNU Support ICBM: 39 34N 85 15W I love it when a plan comes together From mech at eff.org Fri Dec 3 11:59:07 1993 From: mech at eff.org (Stanton McCandlish) Date: Fri, 3 Dec 93 11:59:07 PST Subject: This was sent to me from reliable sources but is UNAUTHENTICATED -- If you don't want to read abou it on the front page, don't put it in writing Message-ID: <199312031955.OAA16986@eff.org> Just passing this on. It should be of interest. It may have shown up here already, but for those that missed it, take a look-see. >Here's the full text of the memo from TCI Cable COO Barry Marshall to the >troops: > >As we move into the regulatory environment, it's important to remember >something vital ... Under regulation, we can't simply adjust our economics >anymore. We have to take the revenue from the sources that we can, when we >can. To that end I want to remind each of you that the transaction charges for >upgrades, downgrades, customer-caused service calls, VCR hookups, etc. are >vital new revenue sources to us. We estimate that by charging for these >functions we can recover almost half of what we're losing from rate >adjustments. > >We have to have discipline. Much like the install fee problem, we cannot be >dissuaded from the charges simply because customers object. It will take a >while but they'll get used to it...they pay it to other service providers all >the time..and it isn't free with the phone company! > >Please hang in on this and installs, and we can still have a great fourth >quarter when we have out heaviest volume. The best news of all is, we can >blame it on reregulation and the government now. Let's take advantage of it! >--------------------------------------------------------------------------- > >My comment: there's nothing really outrageous here until you hit the last >paragraph. They're allowed to set certain charges under the Act and FCC >rules. Do you often not take a tax deduction you're entitled to under the IRS >rules? > >But the tone anchored in the last graph is outrageous. Remember that New York >Times rule, kids. If you don't want to read about it on the front page, don't >put it in writing. No guarantee is made as to the accuracy of this, of course. If anyone has any REAL information on where this came from originally, I'm all ears. -- Stanton McCandlish mech at eff.org 1:109/1103 EFF Online Activist & SysOp O P E N P L A T F O R M C R Y P T O P O L I C Y O N L I N E R I G H T S N E T W O R K I N G V I R T U A L C U L T U R E I N F O : M E M B E R S H I P @ E F F . O R G From mg5n+ at andrew.cmu.edu Fri Dec 3 12:24:08 1993 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Fri, 3 Dec 93 12:24:08 PST Subject: Graynet In-Reply-To: <199312030931.BAA00202@mail.netcom.com> Message-ID: szabo at netcom.com (Nick Szabo) forwarded to us the following: > Forwarded from comp.infosystems: > > Reply-To: an53728 at anon.penet.fi > Date: Tue, 30 Nov 1993 06:03:34 UTC > Subject: Information > > INFORMATIONAL REPORTS > > - How to trick pay phones into thinking you deposited money Oh, wow, such info! The old red box trick! In fact, I'd be willing to bet it doesn't even explain how to build a red box, it probably just tells you something dumb like to call a pay phone and then have a friend answer it and put in money while you record the tones. Of course, it probably doesn't even mention how easy it is to make free calls from COCOTs! > > - How to clone cellular phones More like "how to use an EPROM burner". > > - How to make traffic lights turn green by remote control Yup, just like the firemen do. > > - How to build and use a bugging device As if every amateur electronics book didn't explain this. > > - How to make your electric meter go backwards Yeah, back up your electric meter by 1 unit and get charged for 999,999,999 kilowatthours. :) > > - How to get cable TV for free As if we haven't seen this one before. > > - How to create your own pirate TV or radio station Oh, how informative! As if any idiot couldn't get a book from his local library that explains how to build a radio transmitter. If anyone here seriously doesn't know how to build a radio transmitter, may I direct you to: cp-hardware at nextsrv.cas.muohio.edu > $10 each, or all for $40. For informational purposes only. > Send self-addressed, stamped envelope. Make checks or > money orders out to Kardos. If you would like to make a donation to ripoff-scams-of-america please send money, along with credit card numbers and any other valuables to: > Kardos > P.O. Box 2310 > Darien, CT 06820 > USA From dmandl at lehman.com Fri Dec 3 12:32:50 1993 From: dmandl at lehman.com (David Mandl) Date: Fri, 3 Dec 93 12:32:50 PST Subject: War on Keyservers Message-ID: <9312032029.AA08065@disvnm2.lehman.com> -----BEGIN PGP SIGNED MESSAGE----- I'm sure I'm missing something obvious here, but why are all these keyservers being forced to shut down? The possession of PGP *keys* should be perfectly legal, no? Or is the logic the same as that used to close down drug paraphernalia shops: if people are buying bongs, they must be smoking pot, and so we can't allow it? And exactly what grounds does PKP have for suing? Is it because the servers themselves are using PGP, rather than just storing keys? What if a server is using a legal (ViaCrypt) copy of PGP? (Problem: this argument can only be used for DOS boxes currently.) --Dave. -----BEGIN PGP SIGNATURE----- Version: 2.2 iQCVAgUBLP+fvsfNklulBrsJAQGTCQP8DFF77E7zpB6nOzAwcLNbEgezVjt/yQTg DEtdmeY+hO9rcOUJoXwWMPbai2EhBHiyriAMYD5kcHrsbdiS99PW5A5kh4htaFDr Zrrkmn7KK0LXNL0fo2aJZVLKpiy9FxcJPmQvasTqe6EVltxbi4coTNR1wUoD5FE8 0sGj9AsGr+s= =2tQH -----END PGP SIGNATURE----- From an4914 at anon.penet.fi Fri Dec 3 13:02:50 1993 From: an4914 at anon.penet.fi (Nitch) Date: Fri, 3 Dec 93 13:02:50 PST Subject: Where's the Pool? Message-ID: <9312032100.AA19746@anon.penet.fi> -----BEGIN PGP SIGNED MESSAGE----- Pardon my ignorance, but I'm new to all this... Where do I find (and how do I use) e-mail "pools"? As I understand it, they're supposed to help foil traffic analysis... right? (Incidentally, I received my copy of _Applied Cryptography_ with amazing speed. I only ordered the thing this week, and here it is! Now I've only to find the time to read it...) -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLP+G+uyu9liBvjrdAQFVOQP/ZAuVO/2A2A9nijQCv753CL1qPg9ex/Xv MqNSRXOgow9dGRTf6/r97pKeHqJ3LMImIUb/6GzqJ3QbXdgVbTc4W5NTOd5ajoFc Gi6bVPXQabLV6Y8+JpIcqu1SNmihCM401XdmSWIka1uXDF5F8bJaebXHgzXZ3UvP APcpX8pQcO8= =AVfS -----END PGP SIGNATURE----- ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From Isaac.Norby at f217.n125.z1.FIDONET.ORG Fri Dec 3 13:14:09 1993 From: Isaac.Norby at f217.n125.z1.FIDONET.ORG (Isaac Norby) Date: Fri, 3 Dec 93 13:14:09 PST Subject: Address query Message-ID: <5058.2CFFA173@shelter.FIDONET.ORG> Could someone here netmail me the address for Mike Godwin of the EFF? I should like to ask him about some issues he brought up here a couple of months back. Thank you. ___ Blue Wave/QWK v2.12 -- Isaac Norby - via FidoNet node 1:125/1 UUCP: ...!uunet!kumr!shelter!217!Isaac.Norby INTERNET: Isaac.Norby at f217.n125.z1.FIDONET.ORG From baum at newton.apple.com Fri Dec 3 13:29:17 1993 From: baum at newton.apple.com (Allen J. Baum) Date: Fri, 3 Dec 93 13:29:17 PST Subject: Applied Crypto can be a menace to you anonymity? Message-ID: <9312032126.AA15868@newton.apple.com> >From: an4914 at anon.penet.fi (Nitch) >....I received my copy of _Applied Cryptography_ >with amazing speed. I only ordered the thing this week,...) If I were the NSA (or, rather, someone who cared about who was using crypto in a way I might not approve of), I'd be keeping tabs on who ordered this book! ************************************************** * Allen J. Baum tel. (408)974-3385 * * Apple Computer, 20525 Mariani Ave, MS 305-3B * * Cupertino, CA 95014 baum at apple.com * ************************************************** From ravage at wixer.bga.com Fri Dec 3 14:02:50 1993 From: ravage at wixer.bga.com (Jim choate) Date: Fri, 3 Dec 93 14:02:50 PST Subject: NSA, PGP, Cracking Keys, Recent Arrests... Message-ID: <9312032147.AA25461@wixer> On the topic of the deduction that the NSA can now crack PGP because of an arrest is probably faulse. It is much more likely that they were informed on by family or a direct member of the organization. There is no way that any crypto system can prevent defection or protect against it. From tcmay at netcom.com Fri Dec 3 14:09:10 1993 From: tcmay at netcom.com (Timothy C. May) Date: Fri, 3 Dec 93 14:09:10 PST Subject: Applied Crypto can be a menace to you anonymity? In-Reply-To: <9312032126.AA15868@newton.apple.com> Message-ID: <199312032204.OAA13509@mail.netcom.com> Allen Baum writes: > >From: an4914 at anon.penet.fi (Nitch) > >....I received my copy of _Applied Cryptography_ > >with amazing speed. I only ordered the thing this week,...) > > If I were the NSA (or, rather, someone who cared about who was using > crypto in a way I might not approve of), I'd be keeping tabs on who > ordered this book! But did you hear that the NSA has installed trap-doors in Schneier's C code to do the same thing? I heard this the same place I heard that Paul Zimmermann is actually an agent of the Mossad and the International Trilateralist Cabal. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From cman at caffeine.io.com Fri Dec 3 14:12:50 1993 From: cman at caffeine.io.com (Douglas Barnes) Date: Fri, 3 Dec 93 14:12:50 PST Subject: MIT Keyserver In-Reply-To: <9312031834.AA01074@bwnmr4.harvard.edu> Message-ID: <199312032157.PAA08568@caffeine.caffeine.io.com> Now that there is a legal version of PGP, I see no reason why we couldn't set up a keyserver here at IO. If someone wants to do this, has the software, and has multiple clues to rub together (ideally someone with experience in managing a keyserver) they should contact me. -- ---------------- /\ Douglas Barnes cman at illuminati.io.com / \ Chief Wizard (512) 447-8950 (d), 447-7866 (v) / () \ Illuminati Online metaverse.io.com 7777 /______\ From koontzd at lrcs.loral.com Fri Dec 3 14:19:10 1993 From: koontzd at lrcs.loral.com (David Koontz ) Date: Fri, 3 Dec 93 14:19:10 PST Subject: Applied Crypto can be a menace to you anonymity? Message-ID: <9312032217.AA10983@io.lrcs.loral.com> So, buy a copy from Bruce, he mentioned something about ordering a 100 copies recently, I got one from him. From still at kailua.colorado.edu Fri Dec 3 15:29:10 1993 From: still at kailua.colorado.edu (James Still) Date: Fri, 3 Dec 93 15:29:10 PST Subject: Will Mike Ingle's name be a household word like "Buttafuoco"? Message-ID: <2CFFD8E1@kailua.colorado.edu> Mike Ingle comments on his recently released "Secure Drive" program: >What's the BBS? If you want to, put up a notice or something. [...] >encrypt the BBS itself, and set up a relay to power it down >if an alarm in your house goes off. Then you are raid-proof. In case someone isn't familiar with Mike's excellent program, it does for hard drives, what PGP does for messages. With Secure Drive (ver 1.0) you can set up a partition on your hard drive encrypt it (SecDrv uses the IDEA cipher for data and RSA for your pass phrase just like PGP) and access the encrypted drive from a TSR in your C drive. In my opinion, this is the best example yet since PGP of "cypherpunks writing code" because of the implications that this program has on privacy. (I'm using it to keep a personal space for my tax records, private correspondence, PGP dir, etc.), but Mike's suggestion for encrypting an entire BBS itself is a good point. What if *every* sysop encrypted their BBS with Secure Drive? His program is DOS freeware and available on the Hieroglyphic Voodoo Machine BBS at +1.303.443.2457 (V.32bis) as SECDRV10.ZIP. It is also available on soda.berkeley.edu I'm sure although I haven't looked there myself. This e-mail is also a shameless tag line promo! Know that it is I who waste that precious thing called *bandwidth*! +---------+--------------------------------------------------------------+ | The zine for the inzane and [sic]: | still@ | popE x Mass = Accelerated_J e s u s kailua. | colorado. | An intelligent e-zine that investigates the cultural and edu | ethical issues that we who dwell in cyberspace confront... | E-mail me *now* to subscribe, submit, comment, or ping test! PGP Public Key = 4E4937 = AD 29 BE 28 5D 2B 77 BE F6 85 08 45 B6 2D 0B 36 +------------------------------------------------------------------------+ From bal at martigny.ai.mit.edu Fri Dec 3 16:49:12 1993 From: bal at martigny.ai.mit.edu (Brian A. LaMacchia) Date: Fri, 3 Dec 93 16:49:12 PST Subject: New public keyserver at martigny.ai.mit.edu Message-ID: <9312040048.AA01123@toad.com> A new public keyserver is now available. Send mail with "help" in the subject line to: public-key-server at martigny.ai.mit.edu The server support mail access only, not FTP access. Questions concerning this keyserver should be addressed to: public-key-server-request at martigny.ai.mit.edu Requests to automatically synchronize this keyserver with other keyservers should be sent to the above address. --Brian LaMacchia bal at zurich.ai.mit.edu bal at mit.edu From 155yegan%jove.dnet.measurex.com at juno.measurex.com Fri Dec 3 16:49:15 1993 From: 155yegan%jove.dnet.measurex.com at juno.measurex.com (egan_t@measurex.com) Date: Fri, 3 Dec 93 16:49:15 PST Subject: cryptanalysis for radio communications Message-ID: <9312040046.AA11260@juno.measurex.com> Someboy wrote: > I was wondering if any cryptanalysis packages existed which >could help in decrypted information picked up with a scanner. It seems >that a bunch of people trying to defend their home from the feds were >listening in on the feds radio communications, but now they're >encrypting stuff. It's probably not very strong crypto, maybe just a >simple XOR. > > (So I hear.. a friend asked me to help him, 'cause he's the >one helping these folk in Nevada.) > >Thanks. What folks? Is someone in Nevada defending their house from the Feds? Got any more details? Thanks Terry Egan ( egan_t at measurex.com ) From rustman at netcom.com Fri Dec 3 16:49:19 1993 From: rustman at netcom.com (Rusty H. Hodge) Date: Fri, 3 Dec 93 16:49:19 PST Subject: cryptanalysis for radio communications In-Reply-To: <199312031116.DAA24889@mail.netcom.com> Message-ID: <199312040049.QAA01411@mail.netcom.com> sameer at uclink.berkeley.edu says... > I was wondering if any cryptanalysis packages existed which > could help in decrypted information picked up with a scanner. It seems > that a bunch of people trying to defend their home from the feds were > listening in on the feds radio communications, but now they're > encrypting stuff. It's probably not very strong crypto, maybe just a > simple XOR. Actually, Morotola makes some nice DES encryption systems for radio communications. Listening to these on a normal scanner, you will hear the squelch open and a burst of white-noise like sound. This is the DES encryption that the feds use. There are simple frequency inversion systems that are in use by some agencies, mostly local if any, but there are $25 kits to decode this. To break the Motorola system, it would not be an easy undertaking. You would have to demodulate the digital data stream, figure out the word sync, and then start analysing. That assumes that there is no compression going on! Maybe you could modify some of the circuits out ther for decoding the cellular control channel data stream, although that is much slower than this. -- Rusty H. Hodge, Cyberneticist, Futurist From unicorn at access.digex.net Fri Dec 3 17:09:12 1993 From: unicorn at access.digex.net (Black Unicorn) Date: Fri, 3 Dec 93 17:09:12 PST Subject: ID hacking Pointer Message-ID: <199312040106.AA00808@access.digex.net> -> For those who are interested, someone has started a thread on the Fringeware mailing list about spoofing and nyms.... The consensus (of 2 messages) is that the dreaded PSUEDOSPOOF is a bad thing... Anyone know if LD is on the fringeware list? <- he is now. -uni- (Dark) From kinney at ucsu.Colorado.EDU Fri Dec 3 17:22:54 1993 From: kinney at ucsu.Colorado.EDU (W. Kinney) Date: Fri, 3 Dec 93 17:22:54 PST Subject: Good Curve Software Key Message-ID: <199312040120.AA28820@ucsu.Colorado.EDU> -----BEGIN PGP SIGNED MESSAGE----- OK. Here's the de-glitched public key for Curve Software. It's properly signed with my usual key (available via finger). It'll be on a key server soon, hopefully with additional signatures, but I haven't gotten to it yet. Sorry for wasting the bandwidth, but I wanted to get it redistributed immediately... Additional note: I've received a few messages from anon users, ranging from very polite to major-league sleazy. So as a blanket response, let me make this very clear: I _will not_ mail Curve Encrypt to addresses outside the U.S. or to anon id's. I just don't have enough money to pay for the lawyers. Sorry. The rest of you will be receiving it soon. -- Will -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLP9WDMJkEfxTVMrJAQGl2QP/TbLzZQBFM8VO2LdLCbmvb1HmiT2xCzsj xrCHph9dH3iLyUZ+2isvXU+ZmvMza1Pm9tUcUASPtCZ0sVY91vCnCEGEE8kMldM5 RNYl0yzJWnowfTfWK6bSdQgdABqhwaTQUmbz0uhqjMBAybdXScwizoqZ5Xeiw81B G1p688IECKQ= =METk -----END PGP SIGNATURE----- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3 mQCPAiz+bEEAAAEEAMUbtdwYC1vY+s5559ERIvC1MT+Yaw3ozheaHcUciJe7cSAk k9TpAQd7iKukKnQe5kK1YtvYm0JP6fmNrcO8AmG5ukvcOlyuri618sjpXncpQ1cL 5xeV80f3JtmheGMnqAzTK8OyfJ7zRh1PhAZcT/vVzf+JGuCuVcJkEfxTVMrJABEB AAG0K0N1cnZlIFNvZnR3YXJlIDxraW5uZXlAYm9nYXJ0LmNvbG9yYWRvLmVkdT6J AJUCBRAs/wK89+/hOkiDY/EBAeN5A/0fFX5On4Zxc/guNdDb+nHZcd6TwJxUb9ST TlsJX4BAKAcf0xG4DY0L+9DN0N6w6FOR3RuZIAUx25xS9yRBSMLe1gOw6qI9C/lt Ovh7ycoKCkOBqoe6oisRzREhIr3U+FQXRIu7Qhn5ETEljRjWvQ6fheohrLhSGVsf pBaKtb2fVw== =LCyY -----END PGP PUBLIC KEY BLOCK----- From peb at PROCASE.COM Fri Dec 3 17:29:12 1993 From: peb at PROCASE.COM (Paul Baclace) Date: Fri, 3 Dec 93 17:29:12 PST Subject: Quantum Crypto lecture at MIT Message-ID: <9312040128.AA21038@ada.procase.com> Now for the ultimate secure communications...warm up your interferometer. Paul E. Baclace peb at procase.com ----- Begin Included Message ----- From cman at caffeine.io.com Fri Dec 3 17:32:54 1993 From: cman at caffeine.io.com (Douglas Barnes) Date: Fri, 3 Dec 93 17:32:54 PST Subject: ID hacking Pointer In-Reply-To: <199312040106.AA00808@access.digex.net> Message-ID: <199312040116.TAA08915@caffeine.caffeine.io.com> > > -> > For those who are interested, someone has started a thread on the > Fringeware mailing list about spoofing and nyms.... > > The consensus (of 2 messages) is that the dreaded PSUEDOSPOOF is a bad > thing... > > Anyone know if LD is on the fringeware list? > <- > > he is now. > Oh god. Time to warn Jon and Paco. Sigh. -- ---------------- /\ Douglas Barnes cman at illuminati.io.com / \ Chief Wizard (512) 447-8950 (d), 447-7866 (v) / () \ Illuminati Online metaverse.io.com 7777 /______\ From peb at PROCASE.COM Fri Dec 3 18:22:55 1993 From: peb at PROCASE.COM (Paul Baclace) Date: Fri, 3 Dec 93 18:22:55 PST Subject: Entropy, Randomness, etc. Message-ID: <9312040220.AA21061@ada.procase.com> > Like the "pi" example Scott Collins used. My example, actually. But of course Scott Collins and I are actually subtentacles of the grand pseudo spoofer. Serious though, if anyone in the Bay Area spots: Ming Li and Paul Vitanyi, "An Introduction to Kolmogorov Complexity and Its Applications," Springer-Verlag, 1993. around here, please send me mail. I've been looking and neither Computer Literacy nor the Stanford Bookstore have it (sold out their stock quick). Paul E. Baclace peb at procase.com From sameer at uclink.berkeley.edu Fri Dec 3 19:19:14 1993 From: sameer at uclink.berkeley.edu (sameer at uclink.berkeley.edu) Date: Fri, 3 Dec 93 19:19:14 PST Subject: cryptanalysis for radio communications In-Reply-To: <9312040046.AA11260@juno.measurex.com> Message-ID: <199312040317.TAA23278@mail.netcom.com> egan_t at measurex.com said: > > What folks? Is someone in Nevada defending their house from the Feds? > Got any more details? > They're a bunch of native American folk who want to get back much of the land promised to them in treaties, etc. I'll forward your request to my friend, and he might post some more details. From szabo at netcom.com Fri Dec 3 19:22:54 1993 From: szabo at netcom.com (Nick Szabo) Date: Fri, 3 Dec 93 19:22:54 PST Subject: Graynet In-Reply-To: Message-ID: <199312040322.TAA23962@mail.netcom.com> Matt Ghio writes: > Oh, wow, such info! That's why I called it "Graynet" instead of "Blacknet"... not exactly Stealth bomber plans or protected witness True Names for sale here. The interesting part is how (s)he structured the advertising (anon ID server) and payment (check or money order by P.O. Box). All sorts of controversial services (porn, gambling, mail order contraband, etc.) might be structured this way, as long as they are legal or at least widely tolerated in the jurisdiction of the mail drop. I wonder how many folks will trust new anon services. If they don't, is it easy to go from a traceable business to an anon business, taking the business's reputation with it? If so, we may see controversial net-based services such as pirate software and porn BBS's "activate the cloaking device" upon being threatened, or when desiring to advertise blatantly and in volume on the Internet. Nick Szabo szabo at netcom.com From poc at im.lcs.mit.edu Fri Dec 3 16:24:49 1993 From: poc at im.lcs.mit.edu (Physics of Computation Seminar) Date: Fri, 3 Dec 93 19:24:49 EST Subject: "Modern Optics & Spectroscopy Seminar" of special interest. Message-ID: <729038372d8660ac32cfb933cc3757ac@NO-ID-FOUND.mhonarc.org> The upcoming Modern Optics and Spectroscopy Seminar on December 7 is of special interest to the Physics of Computation community: Tuesday, 7 December 1993 11:00 -- 12:00 AM Room 37-252 (Marlar Lounge) "Towards Perfect Ciphers --- Quantum Cryptography." Artur K. Ekert Oxford University Cryptography has, for a long period of time, been regarded as a part of mathematics, with computational difficulty as a safeguard of information. Unfortunately, faster computers and better algorithms have step by step cracked the protection barriers of even the most sophisticated codes. The quest for unbreakable ciphers had to venture outside mathematics, and surprisingly, towards quantum physics [1]. I will discuss the overlap between different theoretical and experimental techniques developed independently by research groups working in secure communication and quantum physics. In particular I will present a method in which the security of the so-called key distribution and also the key storing processes in cryptography relies on quantum correlations [2]. The proposed scheme is based on Bohm's well-known version of the Einstein-Podolsky-Rosen gedankenexperiment and has been currently implemented using the Mach-Zehnder interferometer [3]. REFERENCES [1] For a simple introduction to quantum cryptography see BENNET_CH, BRASSARD_G, EKERT_AK "Quantum Cryptography" SCIENTIFIC AMERICAN 1992 OCTOBER PP.50-59; EKERT_AK "Quantum Keys for Keeping Secrets" NEW SCIENTIST 16 JANUARY 1993 PP.24-28. [2] EKERT_AK "Quantum Cryptography Based on Bell's Theorem" PHYSICAL REVIEW LETTERS 1992 VOL.67 PP.661-663. [3] EKERT_AK, RARITY_JG, TAPSTER_PR, PALMA_GM "Practical Quantum Cryptography Based on 2-Photon Interferometry" PHYSICAL REVIEW LETTERS 1992 VOL.69 NO.9 PP.1293-1295. From ld231782 at longs.lance.colostate.edu Fri Dec 3 18:33:02 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Fri, 3 Dec 93 19:33:02 -0700 Subject: No Subject Message-ID: <9312040233.AA16508@longs.lance.colostate.edu> Hi! From nobody at shell.portal.com Fri Dec 3 19:39:13 1993 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Fri, 3 Dec 93 19:39:13 PST Subject: No Subject Message-ID: <9312040336.AA10775@jobe.shell.portal.com> I'm sure I'm missing something obvious here, but why are all these keyservers being forced to shut down? isn't it obvious? it's almost certainly a combination of spineless academic administrators, and secret lawyers letters from pkp. i'm just surprised that nobody has scanned/typed in and published the letters from the bullies. From MIKEINGLE at delphi.com Fri Dec 3 21:39:15 1993 From: MIKEINGLE at delphi.com (Mike Ingle) Date: Fri, 3 Dec 93 21:39:15 PST Subject: Blind signature/Chaum cash info Message-ID: <01H629EU7OR693C91Z@delphi.com> Where's a good ftp site for papers on blind signature methods (RSA-compatible) and Chaum-type digicash? Is there an online digicash with strong anonymity? Where to ftp info on it? Are the patentholders of LUC and other public-key systems any more reasonable about noncommercial use than RSA? Interesting to note that RSA let the writers of HPACK modify RSAREF to use MDC encryption, even though HPACK uses PGP keys as well as RIPEM. Seems Bidzos is just vindictive, not to mention scared to death, by PGP. After all, his lousy company exists because of one patent which is on shaky legal ground, other algorithm patents having been shot down. So far, they've managed to keep their licensing fees below the cost to sue them and avoid a lawsuit by blustering. PGP was a challenge they didn't know how to respond to, especially since suing a privacy activist for a nonprofit political statement is not exactly a good test case for a patent. What damages could they claim? --- MikeIngle at delphi.com From MIKEINGLE at delphi.com Fri Dec 3 21:39:18 1993 From: MIKEINGLE at delphi.com (Mike Ingle) Date: Fri, 3 Dec 93 21:39:18 PST Subject: Will I be on a wanted poster? Message-ID: <01H629F3YE5K93C91Z@delphi.com> >drive encrypt it (SecDrv uses the IDEA cipher for data and RSA *** No, it does not use RSA! Don't spread this rumor, ^^^ *** I don't need Bidzos on my ass. It uses MD5, which is *** allowed for non-commercial use. >for your pass phrase just like PGP) and access the encrypted >drive from a TSR in your C drive. >In my opinion, this is the best example yet since PGP of >"cypherpunks writing code" because of the implications that >this program has on privacy. (I'm using it to keep a personal >space for my tax records, private correspondence, PGP dir, etc.), >but Mike's suggestion for encrypting an entire BBS itself >is a good point. What if *every* sysop encrypted their BBS >with Secure Drive? No more Steve Jackson Games cases. I hope this happens. Computer theft and unreasonable seizure is a real problem. >It is also available on soda.berkeley.edu I'm sure although I >haven't looked there myself. Nope, at least I didn't put it there. Export problems. Not like Buttafuoco, I hope. Remember, he's in the cooler or soon will be. --- MikeIngle at delphi.com There's no government like *no* government. From nobody at shell.portal.com Fri Dec 3 22:09:15 1993 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Fri, 3 Dec 93 22:09:15 PST Subject: Retransmission in clear Message-ID: <9312040609.AA16075@jobe.shell.portal.com> -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCNAiz/ZcgAAAEEALrXxRyAPE8zxrvRxtYXvyXTdKDVSRMEky1Tb9gpx2Mnrkqw 5P8F3CoZv2FSPDiIvU3g+yMDbBT1sgOOKR8wja/HhrDwY+R/ckvZcGNKSrDtXgGN dheuOQsTxJUxAbVUN1DB87kC3sYyNGpD6bKUFm3vYJ+imoOP4ZPh+qb/+7ENAAUR tCJIb2JlciBNYWxsb3csIFRyYWRlciB0byBDeWJlcnNwYWNl =paYE -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNED MESSAGE----- Let's make a deal, "CypherPunk Criminal"... Actually, let's 'construct' a deal. I'd like to hear your ideas for lucrative exchanges made possible by this sort of anonymity. I am particularly interested in markets which have some amount of public sympathy, but may be embarassing or illegal for some participants. Nothing drastic to start with, but it could be interesting... Hober Mallow, Trader to Cyberspace - -- To reach me, e-mail "To: catalyst at netcom.com" and include the following lines ("::" through "END PGP MESSAGE", inclusive) as the FIRST lines in your response. This will route it through a series of remailers using nested, encrypted forwarding. You would be wise to protect your own identity in like manner. - ------cut here------------cut here------------cut here------ :: Encrypted: PGP - -----BEGIN PGP MESSAGE----- Version: 2.3a hIwCm8e572PA6kkBA/0ZmtwxW2iMg6UOEKa2j62cLo6NzJPbeHPVlcGfIpllvjcM QZwtEWm8WdCPWGYIkD5AQ/93OG66GEk44CjaMub/y40qG9EzCgWRHalN7z7DUD44 uNrEew7+JX5ISNKJPzqa4MSGmtIzI3txWW23FX0OSk5HtP5/sAKpytxRk4htDaYA AAFVffi7A1ToIn0fIwvYjt0yIDFMrw1QNtOGmrYpDrVMxxHtCzVoRkrWxA4fZhr6 Jv/vXhbX5q1JXEcLgLuDj+AKA9106o/S1MjurCdN8KLGBiTANEgbXv1grF8Sd9hQ eKbMc/JoShRw9M+BqveFTPRRkoB4M8LRTNNDAQrdHULvRiIuMwawi0txxWqOz868 Mg4+TWqJlteXBj0EP2h4DtKmwHWaK0rEQjfeyIVgMcb8lBa92/NUb66cP7ciKYZ6 ITuYxFwDirtc3CrixwcdBwlNsE/QELyOMFdr/40+XcIfS7aQwcHDNIvOCgc6cLDd OJjJPE8ajdOcoNI2yf6Vp9cCLl1lT711Yu3HT8dwH/cAdWxE6Yz3jW+hRfSkgCeX fs3CHTaXzX8gQmrXd2lG5vGgf/ymZ/JMJRdKdV9/fKPW0ZQVrbkwNszEbQgSvvw+ Ep85L6Ft2ss= =rEKi - -----END PGP MESSAGE----- -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLP95OJPh+qb/+7ENAQHiKAQAkW/4QfWeIg1hhOA/BzS2hM/gitJYCdeF GqF0RMf8Bg5uDjmk3goIhIb5LT2ycAGGmPJpI3Mm295G1KSZcy2MTBhfTbo0IkvY UFhuM6p+NtF+O9wy+3LntCE8DFdVhTYzjzpQb3ilQJ1agtIgv87b37KzkvMCj7pg Q+Yj9ZGIHRE= =noLd -----END PGP SIGNATURE----- From an4914 at anon.penet.fi Fri Dec 3 23:44:15 1993 From: an4914 at anon.penet.fi (Nitch) Date: Fri, 3 Dec 93 23:44:15 PST Subject: FORGED POSTING Message-ID: <9312040743.AA16610@anon.penet.fi> -----BEGIN PGP SIGNED MESSAGE----- The following message gave an error when I checked its signature! Chalk up another reason we should all be using the ASCII Armor option... Could someone check *my* sig and see if it's working? >-----BEGIN PGP SIGNED MESSAGE----- > >I'm sure I'm missing something obvious here, but why are all >these keyservers being forced to shut down? The possession of >PGP *keys* should be perfectly legal, no? Or is the logic the >same as that used to close down drug paraphernalia shops: if >people are buying bongs, they must be smoking pot, and so we >can't allow it? > >And exactly what grounds does PKP have for suing? Is it because >the servers themselves are using PGP, rather than just storing >keys? What if a server is using a legal (ViaCrypt) copy of PGP? >(Problem: this argument can only be used for DOS boxes currently.) > > --Dave. > > >-----BEGIN PGP SIGNATURE----- >Version: 2.2 > >iQCVAgUBLP+fvsfNklulBrsJAQGTCQP8DFF77E7zpB6nOzAwcLNbEgezVjt/yQTg >DEtdmeY+hO9rcOUJoXwWMPbai2EhBHiyriAMYD5kcHrsbdiS99PW5A5kh4htaFDr >Zrrkmn7KK0LXNL0fo2aJZVLKpiy9FxcJPmQvasTqe6EVltxbi4coTNR1wUoD5FE8 >0sGj9AsGr+s= >=2tQH >-----END PGP SIGNATURE----- -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLP+tJOyu9liBvjrdAQFClAQAsWulTDSCG6bE8tAa7YqcMpUvITEesB84 tRzNWHGcBxLRlsteaTj0V/n+N7Bs/jf0MhspPPdO/IpIuDa2IpEi43FLYFaCuBSa dnq6Sgn588kPvk0ATwpkGAapViIZBlA2c0TlSsQHgaH5tVd5RRqyZSrq1miEyBFH b0FhJ05hr7k= =7hn1 -----END PGP SIGNATURE----- ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From ld231782 at longs.lance.colostate.edu Fri Dec 3 23:49:15 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Fri, 3 Dec 93 23:49:15 PST Subject: Cypherpunks Wired Photographer Message-ID: <9312040747.AA20701@longs.lance.colostate.edu> I was talking to K.Kelly of Wired and rather surprisingly he can't remember the name of the photographer who shot the Cypherpunks pictures (e.g. the same one used in NYT). Does anyone know who this person is? Please send me email. tx. From an53004 at anon.penet.fi Sat Dec 4 00:29:18 1993 From: an53004 at anon.penet.fi (an53004 at anon.penet.fi) Date: Sat, 4 Dec 93 00:29:18 PST Subject: Applied Crypto can be a menace to you anonymity? Message-ID: <9312040825.AA21855@anon.penet.fi> On Dec 3, 14:04, Timothy C. May wrote: > But did you hear that the NSA has installed trap-doors in Schneier's C > code to do the same thing? I heard this the same place I heard that > Paul Zimmermann is actually an agent of the Mossad and the > International Trilateralist Cabal. Actually, they installed a viral implant in Paul Zimmerman's brain. He doesn't think that he's working for them, but he is. Ha, he thinks that he's a free man, but really he has these lapses and sabotages his own code and reputation. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From MIKEINGLE at delphi.com Sat Dec 4 00:39:17 1993 From: MIKEINGLE at delphi.com (Mike Ingle) Date: Sat, 4 Dec 93 00:39:17 PST Subject: FORGED POSTING Message-ID: <01H62FP1QFIQ93CI34@delphi.com> "an4914 at anon.penet.fi" wrote: The following message gave an error when I checked its signature! > >-----BEGIN PGP SIGNATURE----- >Version: 2.2 > The clearsig in 2.2 doesn't work right. This has been fixed in 2.3a, so your sig should be ok. From unicorn at access.digex.net Sat Dec 4 01:22:56 1993 From: unicorn at access.digex.net (Black Unicorn) Date: Sat, 4 Dec 93 01:22:56 PST Subject: ID hacking Pointer Message-ID: <199312040921.AA20969@access.digex.net> > Anyone know if LD is on the fringeware list? > <- > > he is now. > Oh god. Time to warn Jon and Paco. Sigh. -- ---------------- /\ Douglas Barnes cman at illuminati.io.com / \ Chief Wizard (512) 447-8950 (d), 447-7866 (v) / () \ Illuminati Online metaverse.io.com 7777 /______\ +++ Er, Actually my (apparently not so) humorous comment was intended to reflect the fact that by asking if LD was on the fringeware list, you have summoned him to the fringeware list. Speak not his name less thy summon him. Sorry for the confusion and the associated bandwidth. :( -uni- (Dark) From unicorn at access.digex.net Sat Dec 4 01:42:58 1993 From: unicorn at access.digex.net (Black Unicorn) Date: Sat, 4 Dec 93 01:42:58 PST Subject: Law student on cypherpunks list.... Message-ID: <199312040939.AA28458@access.digex.net> I guess I'm just THE bandwidth waster this morning. Sorry guys. A law student lurker had sent me mail asking for advice. Whoever you are, I lost your message. Entirely my fault. I meant to get back to you... sorry. Resend? -uni- (Dark) From ld231782 at longs.lance.colostate.edu Sat Dec 4 02:09:19 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Sat, 4 Dec 93 02:09:19 PST Subject: Cryptoanarchist Alert Message-ID: <9312041007.AA22416@longs.lance.colostate.edu> I would appreciate that whoever at Sun is goofing around would cut it out. ===cut=here=== From an4914 at anon.penet.fi Sat Dec 4 04:29:22 1993 From: an4914 at anon.penet.fi (Nitch) Date: Sat, 4 Dec 93 04:29:22 PST Subject: MIT Keyserver Message-ID: <9312041226.AA24029@anon.penet.fi> -----BEGIN PGP SIGNED MESSAGE----- >> > I am sorry to announce that the PGP Keyserver at pgp.mit.edu >> > (a.k.a. toxicwaste.mit.edu) has to be shut down. [...] >> >> Anyone want to tell us why? >> Derek, I appreciate that you can't prevent it but a little more >> explanation of why would be much appreciated too. > [...] >Of course, by the lack of a reason, we can only assume that whoever >'it' was, it was 'big' enough to either scare you or threaten you with >some action if you talked... It might be wiser to assume that the machine (or some nearby machine) was having trouble with all the load that the remailer was putting on it. ...but, of course, you may be right. That message from "Hober Mallow, Trader to Cyberspace" may give a few people something to think about over the weekend, hmmm? Maybe MIT's administration doesn't want to be involved in that kind of traffic? Maybe *Derek* doesn't want to be involved in that kind of traffic? -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLP+g3+yu9liBvjrdAQHE9wP+NMQM6rQpmK9Jy/ntDXBeVLWdcgFwfDE8 aolOo9cCh3VxlXK7EG/ylN1XXm1HnSIMCD335E+txb5M7KSs1xT/V4NRVU2py2Gz ItvfQ9NBBg5d5eP96V9XHIHzgGHlIaS6Ufw6+tBqtIkNE+cC+VsVUHKjTrONDXuM zVN+GTLJxXo= =SM/B -----END PGP SIGNATURE----- ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From MERCURY at lcc.edu Sat Dec 4 07:03:03 1993 From: MERCURY at lcc.edu (Michael E. Marotta) Date: Sat, 4 Dec 93 07:03:03 PST Subject: Say No to "Glue." Message-ID: <14C4097DA0603D68@sleepy.egr.msu.edu> to: mech at eff.org I found your memo from the cable company very interesting. And very familiar. In the 1970s, I had a career in transportation management. (Certificates, licenses, a couple of jobs. I spent two years learning to read and understand ICC tariffs.) Inter- state transportation went under federal control in 1887. In fact, they nationalized the railroads during WWI -- they also seized all RADIOS (transmitters and also receivers) at this time. They created the Railway Express Agency (REA) in 1920 from the freight forwarding companies they nationalized, as I believe, they created the Radio Corporation of America (RCA) at the same time. Anyway, in the trucking business, it was standard operating policy to screw the customers by pointing to "federal regulations that require us to do this." Of course, those regs came from the close interactions between the industry and government. Some of them were just typical company policies. But you couldn't go to another company with different policies. They were all the same. By law. Now, anyone who swamps about in libertarian political writing will tell you that this is to be EXPECTED. If you talk to someone who likes to read Ayn Rand, they will tell you that this is REQUIRED by the Laws of Nature. Banking, healthcare, farming, housing (and urban development), post office, you name it. These are NOT isolated events. The reason that so many cypherpunks don't buy EFF's theory of "government providing the glue of the Net" is that they understand PRINCIPLES. Government, like gravity, is what it is. When the chimp leader or his lieutenants break up a fight, they beat both combatants. They seek to control conflict to maintain the tribe. The nature of the conflict the "right" and "wrong" are irrelevant. Anaxagoras was tried for impiety. Socrates was exiled. (He chose death.) Galileo, Scopes, the NIH cancer quacks, the list is very well known. They started with lead coins washed in silver and came up with federal reserve notes. >From Nero's gladiators and the Christians to Janet Reno's ATF and the Branch Davidians. These are all elements of the same set. No matter what the "good intentions" the road leads to the same place. You let the government provide "the glue" and five years from now even The Well will be using regulations to screw customers. Don't blame the cable company for seizing an opportunity. You created the environment they are living in. In that company there are honest techies who love bandwidths and frequecies. You put them in second place behind the scamster who uses regulations to screw clients for quarterly results. Blame yourself for the fruits of your socialism. When Cobert called togther France's merchants to find out how the government could help them, one said, "Laissez nous faire!" From an12070 at anon.penet.fi Sat Dec 4 07:23:02 1993 From: an12070 at anon.penet.fi (Pablo Escobar) Date: Sat, 4 Dec 93 07:23:02 PST Subject: The Darkness of Hell Message-ID: <9312041519.AA16672@anon.penet.fi> I was watching the evening news a few nights ago, and Peter Jennings started the show by saying `The king is dead'. Is he? Something extremely symbolic seems to have passed with the death of the world's most fiendish drugpin, Pablo Escobar. The Medellin Cartel is in shambles and the Cali Cartel has taken over in its place. The Medellin Cartel was infamous for its bloody terrorism. Escobar supposedly was even ordering murders from his luxurious prison. Judges, reporters, politicians, presidential candidates, all were viciously murdered in the Medellin `narcoterrorist' campaign. The Cali Cartel is by no means a `kinder and gentler' trafficking organization but they have much less blood on their hands and supposedly prefer bribery to bloody murder. An analyst on the news suggested of course that the Cali Cartel was not going to crumble any time soon, but that this assassination of Escobar was significant `psychic leverage'. I've been thinking about drugs lately. It seems to me there is an interesting overlap in the subversive radical libertarians, cryptoanarchists, and psychopunks who advocate pseudospoofing and those who advocate (or at least tolerate) drug use. We have the same arguments about drugs as we do about pseudoanonymity. `It's a liberating experience.' `It's hopeless to attempt to prevent it.' `Nobody gives a damn if it is widespread.' `People should have a right to privacy.' Masked in all these arguments are very evil sentiments and the philosophy that `that which cannot be enforced should not be prohibited'. (I forget who said that.) The drug practitioners likewise mask their true agenda in pompous rhetoric about `the positive environmental influence and diverse uses of hemp' when there is really only one use their are interested in: getting stoned. * * * The corruption and poison associated with drugs in respectable organizations can be legendary. I once worked at a company for a year, and found out to my utter dismay when I left that there was an active drug conspiracy within the company. This was a highly reputable computer reseller in the Denver area, with major clients such as U.S.West, and expanding very rapidly (they went public when I was working there). I found that this conspiracy penetrated to the very highest levels of the company, to the top salesman and founder himself! I worked in a technical department and my supervisor flabbergasted me with these revelations one day over lunch. I was absolutely dumbfounded. He told me how one of his employees felt he had the right to sneak out of the building and take pot-breaks in his car when he was most stressed out. The supervisor didn't have the authority to fire him. In fact, if he did, he himself might have been sacked instead for his anti-drug stance in the face of a company that was `rotten to the core'. The supervisor told me of a female employee who had a drug dealing boyfriend. She took in the marijuana into the company and people from around the company stopped into her office to pick up envelopes containing their drugs. Another supervisor, my boss explained to me, had a very serious cocaine habit too. It all fell into place. One day the cocaine addict was absolutely jumping around, something like a headless fowl, like the shocking fellow soldier whose sheer stupidity puts the life of everyone in the group at deadly dangerous risk. He said something very bizarre to me, `so Lance, just HOW ARE YOU FEELING TODAY?' The strange tone was entirely uncharacteristic of him, and I was baffled at the time, but after the revelation from my boss it clicked. I had flown to Alberqueque NM with the same drug addict supervisor, and remember the flight back. The guy stopped in the bathroom and kept me waiting for about 10 minutes. I was really wondering what was taking so long! I realize now he was getting stoned to get on the plane. I wonder when he was stoned when I was working with him on the very sensitive network installation we barely pulled off from all kinds of fiascos. He told me that he couldn't have done it without me. I wonder if we should have done it without him. The NM trip was my first business trip. I was ecstatic and extremely nervous at the time. Many things could have gone wrong and many did, but I came back with a feeling of satisfaction. Today, after coming to the realization of the sheer corrupt ineptitude of my coworkers, I look back on the affair as tinged with a black evil. I resent the vice of these people that dirties my positive memories about the trip. In fact, my esteem for my whole association with the company and many fond memories have been veiled in disappointing sadness. I remember another technician complaining about `Melody', the lady who was distributing the drugs. He said that he wanted a job out of the company as an on-site technician for U.S. West. He was extremely bitter, but whatever I tried I could not get him to tell me why he was so upset. He was holding out on me, like everyone else in the company. Everyone knew I was squeaky clean and even the clean fringes that touched the blackness kept their knowledge of the conspiracy to themselves. I don't appreciate his holding the truth from me. It was my right to know. Melody was quite the airhead. She was required to pick me up in the company car daily. She frequently missed the appointment, and I often had to call her after waiting and wasting 20 or 30 minutes. Sometimes, just as I was about to call she showed up. Other times, she did not show up even after I called her. One day I got really exasperated after she failed to show up after I called her. I began the long hour-and-a-half walk to the office from where I was. I stayed off the route she would take so that she could not find me. When I got to the office she was extremely upset. But she also made me feel very guilty, like the whole thing was my fault, like a mother scolding her son. `Where WERE YOU?' `I looked all over for you!' she said. `I couldn't find you anywhere!' For a week she was more prompt but fell back into her old patterns of irresponsibility and neglect. She didn't really change at all. Melody was taking me to work one day in the company car, and seemed to be very distracted. I was daydreaming out the window of the passenger side in the front. We were making a left turn in the intersection, and were first in line, waiting for the arrow. The right lane of the oncoming traffic to our left of the intersection was empty, but cars in the distance were slowing to stop at the red light. I watched in utter slow-motion she's-not-really-going-to-do-it horror as she made the left turn into the left side of the median, driving into oncoming traffic. She snapped out of it when she saw the oncoming semi truck. The semi truck saw us, as well as the other cars in the intersection, and they slowed, and I breathed in cracked relief. I shook and buried my face in my hands in utter embarrassment and shame. She maneuvered the car in a U-turn in the lane (actually, a 360 degree revolution), around the median and into the correct lane. I can't remember, was the left arrow still green? yellow? off? Or maybe she just managed to reorient the car in a 180 direction and stop at the red light. The whole experience was quite a blur, something like a hideous, nightmarish drug-induced hallucination. For Melody, it was. * * * There are many points to make about this story. The first is that it is a true story! The second is that it has very many metaphors that we can explore in relation to drug use. Drug networks are virtually the definition of a conspiracy. Some people are aware of it, and `inside', and some people are `clean', like me, and must be kept from the blackness by insiders. And these networks can infiltrate respectable organizations and corrupt people all the way to the top. It can monstrously damage the productivity of the company yet some people would rather that the company die of its slow death of blood poisoning than give up their drug use. They would call drug tests an `invasion of their privacy'. In fact, some of the employees at my company had worked at other bigger companies and were fired for their drug use. But my company had no record of it! And the drug users would certainly do everything possible to ensure that! Another interesting metaphor in my true story lies in that of the clean supervisor. This man was one of the most respectable people in the company I knew. I counted him my only true friend. He understood the dynamics of the company and the human interactions better than anyone, and had made many positive contributions to it. He was a source of extropy in the entropy, so to speak. The thought that he might have been fired by his corrupt boss because he was trying to rid the company of something that was poisoning repulses me. Another point to make is that some companies can continue to function in the face of drug use, and sweep it under the rug. But it is impossible to deny that the effects are there. Like the botched jobs, and my horrific encounter with a potentially deadly traffic accident, the signs are unequivocal. Any person who thinks their drug use does not affect their own performance or that of a company is grotesquely deluded. But that is the consequence of drug use! One of the most sinister aspects, however, is that I see as the `respectable organization facade.' This is a situation where a company has a very highly acclaimed public image but an ugly, rotten interior that the public is unaware of. People in the company will resist with the utmost of force and intimidation any attempts to uncover the corruption, such as anonymous phone threats. After a while, in the face of such an investigation, it becomes easy to spot people who are `dirty' and who are evading questions. People become desperate in their conspiracy. They know what they are doing is evil but at the same time cling to it with white knuckles, because they know that as soon as they loosen their grip it will crumble into ashes, and in many cases it does anyway. In many cases these people choose their own demise. The longer their denials, the more spectacular their falls. * * * The idea of different people in a drug network actually being tentacles of a single Medusa is very interesting, and I have talked about it before. The drug organization understands the idea of compartmentalizing knowledge so that worthless front-line street-level runners are unaware of higher or even lateral components of the organization, so when apprehended, even if they `squeal' they are worthless in uncovering them. The police can cut dozens of quivering tentacles and Medusa lives on. In a sense, Pablo Escobar was the ultimate Medusa. He surrounded himself with buffers until his death. Many people in the country think he is a hero, a modern day Robin Hood. He certainly promoted this image! It was critical to his `success'. But it was probably also critical to his downfall. Once his sycophants perceived a momentum against him, they simply switched sides and informed on him. This is the double edged sword of Medusa's tentacles -- they can also turn and strangle her, and Medusa must go to extraordinary measures to prevent it, even a `purge' against Medusa's own `family' like those of Saddam Hussein. * * * Your mind is your most precious asset! It is your window to your soul! And drug use is like spraypainting the fragile window with graffiti, like throwing jagged rocks at it. A drug invades your sanity like a virus invades a computer. No wonder psychopunks are so enamored with viruses! The virus is the metaphor for their life. They slowly, invisibly spread their poison by infecting systems that fail to adequately fight them. I'm sure that the bubonic plague likes to say, `I'm not saying that killing people is OK, but if your defenses are down, I'm just helping you out by exposing them.' Just like Medusa gradually being confused about which of her tentacles is which, as the identities inevitably blur together, does a mind gradually disintegrate with drug use. * * * One of the other extremely evil aspects of drug use is that of the corruption of close friends and oneself. As I was saying, drug use can devastate one's life to the ultimate degree. One can lose a job, a car, a house. More devastatingly, a spouse, one's children. Most treacherously, one's own health, sanity, or life. I think all the cryptoanarchists, radical libertarians, and cypherpunks who promote drug use seem to be in favor of a sort of social sadochism and masochism. `The world is an ugly place, and everyone should wallow in it.' This is like the drug user bringing down his respectable friends with his own depravity. The drug user with a conscience is tormented by his daily betrayals of his friends, and seeks to smooth over the cracks that he is continually causing. He tries to be soothing, and point his finger in some other direction, `hey, look at that!' while he is snorting white lines. He will whimper and whine plaintively, `please, don't make a big deal out of this, we don't want a scene.' The truly vicious drug user has no remorse. He has never apologized for his destruction to the fragile fabric of human trust that he rips daily. He erects elaborate mythologies that supposedly legitimize his poison. But at the root it is all nothing but black deception and delusion. Imagine the absolute horror of these encounters. Imagine that you highly respect someone, say they may have cofounded a great company like Sun, you have tried to cultivate a friendship over many months, and you suddenly understand that they are a drug user! What are your options? Do you run? Do you tolerate them? Do you try to change them? What is the requirement of true friendship? I think that quiet toleration is like being an accomplice to a crime. You are not only betraying your friend but yourself. As ugly as it feels, as grotesque and hideous your task, you must pursue it. That which does not destroy evil makes it grow stronger! You will discover your true friends, if you had any. The veils of delusion will fall as you come face to face with the betrayal of people you once respected. Even with your supposed friend's attacks, apathy, flight, and abandonment, the knives in your back, the tears streaming down your face, your blood in puddles around you, it is your responsibility to Humanity and your soul that you continue to attack all Lies that cross your path to your final rasping breath. People have a duty to challenge that little niche of corruption they have uncovered, so that the `little niches' don't grow into monstrous nightmares. This is very much in the way that the Nazi movement has been described in retrospect by many. `They came for people I did not know, and then people I did know, and then my friends, and then me.' When there is an encroaching active evil, passivity feeds it. Another interesting essay talked about the whole Nazi movement as a sort of subtly incremental plunge into raw evil, each step definite but imperceptible. Sort of like the story of the frog, who will jump out of hot water but will passively die if it is gradually brought to boil. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From hughes at ah.com Sat Dec 4 07:53:05 1993 From: hughes at ah.com (Eric Hughes) Date: Sat, 4 Dec 93 07:53:05 PST Subject: IGNORE: useless drivel In-Reply-To: <9312041519.AA16672@anon.penet.fi> Message-ID: <9312041542.AA04428@ah.com> 12070 writes: >That which does not destroy evil makes it grow stronger! This sentence wins an Eric Hughes "Most complete misquoting of Nietzsche in 1993" award. Eric From pmetzger at lehman.com Sat Dec 4 08:19:27 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Sat, 4 Dec 93 08:19:27 PST Subject: Will Mike Ingle's name be a household word like "Buttafuoco"? In-Reply-To: <2CFFD8E1@kailua.colorado.edu> Message-ID: <199312041615.LAA28897@snark.ts.lehman.com> James Still says: > In case someone isn't familiar with Mike's excellent program, > it does for hard drives, what PGP does for messages. With > Secure Drive (ver 1.0) you can set up a partition on your hard > drive encrypt it (SecDrv uses the IDEA cipher for data and RSA > for your pass phrase just like PGP) and access the encrypted > drive from a TSR in your C drive. > > In my opinion, this is the best example yet since PGP of > "cypherpunks writing code" because of the implications that > this program has on privacy. There is also cypherpunk Matt Blaze's "CFS" filesystem for unix machines, which is very powerful but unfortunately unreleased to the public, and "KFS", which is a similar file system that unfortunately currently lacks some of the cryptographic security (and has some bad bugs) but which will doubtless be up to speed soon. Perry From pmetzger at lehman.com Sat Dec 4 08:33:02 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Sat, 4 Dec 93 08:33:02 PST Subject: an12070@anon.penet.fi In-Reply-To: <9312041519.AA16672@anon.penet.fi> Message-ID: <199312041631.LAA28935@snark.ts.lehman.com> Pablo Escobar says: [...] > puts the life of everyone in the group at deadly dangerous risk. He > said something very bizarre to me, `so Lance, just HOW ARE YOU FEELING ^^^^^ > TODAY?' The strange tone was entirely uncharacteristic of him, and I Oops. Perry From mab at crypto.com Sat Dec 4 09:53:02 1993 From: mab at crypto.com (Matt Blaze) Date: Sat, 4 Dec 93 09:53:02 PST Subject: CFS (was Re: Will Mike Ingle's name be a household word like "Buttafuoco"?) Message-ID: <9312041736.AA21997@crypto.com> In cypherpunks Perry Metzger write: ... >There is also cypherpunk Matt Blaze's "CFS" filesystem for unix >machines, which is very powerful but unfortunately unreleased to the >public, ... With any luck, and barring unforseen lawyerly problems, CFS should be released (at least within the US) by around Xmas. The upside is that it's been made considerably stronger (cryptographically speaking) than the version in the paper, and I now believe it's roughly as strong as three runs of the underlying cipher (DES in this case) but with greatly reduced latency. Stay tuned... -matt From arthurc at crl.com Sat Dec 4 10:23:04 1993 From: arthurc at crl.com (Arthur Chandler) Date: Sat, 4 Dec 93 10:23:04 PST Subject: Since we're on the subject of Nietzsche... In-Reply-To: <9312041542.AA04428@ah.com> Message-ID: I've had occasion to recall this quote several times as I've read some of the menacing and/or obscure posts here: "They muddy their waters that they may seem deep." Do some folks confuse cryptic and encryption? :<) From hughes at ah.com Sat Dec 4 10:33:05 1993 From: hughes at ah.com (Eric Hughes) Date: Sat, 4 Dec 93 10:33:05 PST Subject: Since we're on the subject of Nietzsche... In-Reply-To: Message-ID: <9312041821.AA00356@ah.com> > "They muddy their waters that they may seem deep." > Do some folks confuse cryptic and encryption? :<) "It is not when truth is dirty, but when it is shallow, that the lover of knowledge is reluctant to step into its waters." Eric From lex at mindvox.phantom.com Sat Dec 4 11:33:08 1993 From: lex at mindvox.phantom.com (Lex Luthor) Date: Sat, 4 Dec 93 11:33:08 PST Subject: Escobar and Cellular Ph0n3z Message-ID: I found it very interesting to read in the paper this morning about how EXACTLY the Columbian authorities were able to LOCATE Pablo Escobar. The article stated that Pablo was concerned about his wife and child's safety and called them on a CELLULAR phone to check up on them. The Columbian Police did not know where either of them were located. It stated that the U.S. government (DEA in print, but was it the NSA?) gave or let the Columbian police borrow equipment that did the following: 1) The equipment scanned all the cellular phone frequencies used in that area. 2) Already having a voice print/sample of Pablo's voice, the equipment continuously compared cellular conversations with those they had of Pablo, in near real time. 3) Once a match was made, the equipment would triangulate? or otherwise locate the origin of the call within two minutes. It did not say how good the accuracy of the location was (ie within 1 mile or 1/10 of a mile or 10 feet, etc.) however. Apparently it was CLOSE ENOUGH. This is sophisticated, no question about it. I imagine the equipment/circuits are available to do all this to the general U.S. public, but still, I think the NSA probably provided the equipment as it was probably all integrated together and fairly idiot-proof to use. Maybe one big box, with a few of these big boxes being dispersed about the country-side. The report stated that Escobar was worth a few Billion dollars and that he was a smart man. Why didn't he use encryption? This would have thwarted the police. Of course you may say, how many encrypted cellular conversations take place in that part of Columbia, and the answer would probably be close to zero if not zero. So just modify the equipment to recognize encrypted/scrambled speech or whatever and locate the source. Fine, but if Escobar has so much money and so many allies, why not buy many encrypted cellular set-ups and distribute them to his people (paying them of course) to move throughout the region constantly and make cellular encrypted phone calls at random? Now, tying this in with the 'ol Clipper-chip debate, if Escobar who is worth billions of dollars, is smart, and is considered one of the biggest drug kingpins in history does not use encryption, how many lower-level criminals, who don't have the financial resources nor the intelligence will? Lex From smo at gnu.ai.mit.edu Sat Dec 4 12:13:06 1993 From: smo at gnu.ai.mit.edu (Shawn O'Connor) Date: Sat, 4 Dec 93 12:13:06 PST Subject: Review of Crypto-Rebels in Cryptologia Message-ID: <9312042010.AA16632@apple-gunkies.gnu.ai.mit.edu> In the October issue of Cryptologia, Louis Kruh reviews the "Crypto Rebels" article by Stephen Levy that appeared in Wired. Shawn smo at gnu.ai.mit.edu Article liberated without permission. ---------------------------------------------------------------------- Cryptologia. Vol. XV11, Number 4 (October 1993) >From the column "Reviews and Things Cryptologic" by Louis Kruh. Crypto Rebels Write-Up [Wired 1.2] Wired is a new magazine aimed at the "Digital Generation." The cover story in its second issue examines the growing "Cypherpunk" movement to insure individual privacy. According to the author, Cypherpunks believe that all information about an individual belongs to that person and opinions, medical records, personal data collected by local, state or national governmental agencies, communications sent by the individual or any other information should be available only if the person involved chooses to reveal it. And the means through which this privacy would be maintained is by the widespread use of virtually unbreakable public-key cryptography. Opposing forces are U.S. government agencies who seek to insure their ability to read public-key encrypted messages by the continuance of electronic surveillance and by having access to public-key cryptography's secret keys when authorized by a judge. The author suggests that the government cryptologic monopoly was destroyed in 1975 when Whitfield Diffie created public-key cryptography. His later work with Martin Hellman is recounted along with the implementation of the Diffie-Hellman system by three MIT computer scientists who founded RSA Data Security to market their patented algorithms. A well known figure in academic crypto circles, Georgetown Professor Dorothy Denning, counters Cypherpunk beliefs by pointing out that "Organized Crime leaders, drug dealers, terrorists, and other criminals could conspire and act with impunity" if electronic surveillance was illegal and authorized agencies did not have access to private keys used in public-key cryptography. The article explores many views and contains a great deal of fascinating information. ---------------------------------------------------------------------- From frode at toaster.SFSU.EDU Sat Dec 4 12:14:31 1993 From: frode at toaster.SFSU.EDU (Frode Odegard) Date: Sat, 4 Dec 93 12:14:31 PST Subject: Escobar and Cellular Ph0n3z Message-ID: <9312042011.AA10620@toaster.SFSU.EDU> I don't think encryption will go unnoticed for very long, one doesn't have to have a very high IQ to understand that secrecy is important, and that encruption is a technology which will help keep things secret. In Escobar's case, the thing to do would perhaps have been to hide an encrypted data stream in a normal-sounding conversation? This would be harder to detect for the authorities. The data would probably be text which would require much less bandwith than voice. Notice how our Prez referred to the killing of these two men as heroic and brave? It was two against THOUSANDS, I'm sure they shot him to pieces. :-) (No, I don't think drug use is anything but destructive but it's easy to see that TPTB speak with two (more more) tounges.) - Frode From sameer at uclink.berkeley.edu Sat Dec 4 12:49:31 1993 From: sameer at uclink.berkeley.edu (sameer at uclink.berkeley.edu) Date: Sat, 4 Dec 93 12:49:31 PST Subject: Escobar and Cellular Ph0n3z In-Reply-To: <9312042011.AA10620@toaster.SFSU.EDU> Message-ID: <199312042044.MAA01809@mail.netcom.com> Frode Odegard said: > (No, I don't think drug use is anything but destructive but it's easy to > see that TPTB speak with two (more more) tounges.) Just to clarify one point.. no further discussion on the list, please, email me privately.. It's drug PROHIBITION that is destructive. It is drug PROHIBITION which made Escobar as rich & powerful as he was. From nobody at shell.portal.com Sat Dec 4 13:44:31 1993 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Sat, 4 Dec 93 13:44:31 PST Subject: Anonymity Offense Message-ID: <9312042144.AA16084@jobe.shell.portal.com> Cypherdudes, Hal noted: >As Tim says, it is no secret on this list that the remailers are not >presently secure. I posted a long message a few months ago outlining >possible attacks on the remailers. It's worth noting that Karl Barrus' >remailer does batch up messages and send them out once a day. If enough >people use it that will help mix them up. There is still the message size >to match them up, though (and, believe it or not, the Subject:line!). >The traffic volume problem should be solved by having a source of random >messages which traverse the network, mixing in with user messages. This >will help, but you still have the problem that only user messages will leave >the network. The most bogus problem of the remailer system is lack of traffic. I mean how many messages go thru a given remailer a day? 1? 10? 100? This makes it pitifully easy to track messages. Padding them to the same size helps but if you have to track ten messages around (even though the problem becomes more egregious at each site) so what. Queing is a drag if you have to wait a day to get enough mail to send out. If I wanted it to take that long I'd send it snail mail. More traffic = shorter que time needed to make things a bummer for trackers. Random traversing messages are a reasonable temporary solution but Remailer publicity (thus, more traffic) is an important part of getting better anonymity going. Tell your friends, send all your punk postings thru at least one remailer (that will put some traffic through them!). This method is a passive one, how can we subvert the system now in place to make traffic more invisible? >The biggest problem is that many remailers are on unsecure systems. The PGP >keys and passwords for these remailers are on the disk IN THE CLEAR. Anyone >who can get privileges on these systems (many hackers, these days, not to >mention the NSA) can get the remailer's keys and decrypt any messages sent >to those remailers. Karl's monthly posting shows which remailers are on >private machines; those are the only ones which have any hope of being secure >against the NSA. If you believe this you've already seceded the battle to the NSA. Formidable opponents != Defeat. Great respect for NSA ability is neccesary but independent minds (especially working together) can exhibit Davidian qualities. Exactly, how is tracking done? I've heard the general issues of file size and physical compromise but what programs and access codes are needed to obtain such info? How does one access SMTP mail channels, sendmail ques and mail logs? How can we subvert their attempts? Can we use the known router algorithms and network bookkeeping methods at hop sites to disguise where messages are traveling? I guess what I'm saying is can we use the complexities of the system itself, rather than our own system alone to make traffic analysis a drag. We know the weakness of our system, what are the weaknesses of the analyzers systems. What are the possibilities for an analyzers systems, how do we attack them? I'll start by looking at various RFC's but a little offense rather than defense can only make us more aware. Even if it doesn't seem possible for goliath to lose. I think today I'll be: Stranger From unicorn at access.digex.net Sat Dec 4 15:09:31 1993 From: unicorn at access.digex.net (Black Unicorn) Date: Sat, 4 Dec 93 15:09:31 PST Subject: The Darkness of Hell Message-ID: <199312042307.AA28819@access.digex.net> You know, your article would have been excellent without the typical anti-drug rhetoric. It almost seemed like you were just using the medusa analogy to make cypherpunks the proper forum for your rant. The war on drugs in the United States (which I become more and more hesitant about capitalizing) is the single most effective weapon against privacy today. You really need to seek attention elsewhere. Too bad Melody didn't get some better acid. She'd have saved us all a lot of trouble. Arguement for legalization if you ask me. -uni- (Dark) From unicorn at access.digex.net Sat Dec 4 15:19:31 1993 From: unicorn at access.digex.net (Black Unicorn) Date: Sat, 4 Dec 93 15:19:31 PST Subject: Escobar and Cellular Ph0n3z Message-ID: <199312042315.AA29446@access.digex.net> I'm not sure about your speculation that the NSA provided the equipment. I have a feeling that it was a third party vendor actually. When cellular was just beginning to be used the FBI came up with a similar box. As I recall it just waitied for certain selected ESN's to go active and then listened to every call they made and/or received. Of course you had to be within range of the car or the cell it was using. The article on the box was in the Chicago Trib. I'll see if I can find it, but I sort of doubt it as I can't really nail down the year in my head. I'll try a nexis search. In any case, the article was boosting third partys and their contrubution to the war on drugs. I might add however, that the equipment did not triangulate. -uni- (Dark) From hfinney at shell.portal.com Sat Dec 4 15:23:06 1993 From: hfinney at shell.portal.com (Hal Finney) Date: Sat, 4 Dec 93 15:23:06 PST Subject: Anonymity Offense Message-ID: <9312042321.AA24309@jobe.shell.portal.com> FYI, here is the number of remailed messages passing through my remailer for the past couple of months. The first number is the number of messages on that day, and the remainder of the line is the date. 2 Sun Oct 3 3 Mon Oct 4 8 Wed Oct 6 1 Thu Oct 7 3 Fri Oct 8 1 Sun Oct 10 1 Tue Oct 12 1 Thu Oct 14 1 Fri Oct 15 2 Mon Oct 18 8 Tue Oct 19 1 Wed Oct 20 3 Thu Oct 21 2 Fri Oct 22 1 Sat Oct 23 1 Sun Oct 24 5 Mon Oct 25 3 Tue Oct 26 9 Wed Oct 27 5 Sat Oct 30 2 Wed Nov 3 3 Thu Nov 4 1 Fri Nov 5 8 Sat Nov 6 1 Sun Nov 7 9 Mon Nov 8 3 Tue Nov 9 10 Wed Nov 10 7 Thu Nov 11 4 Fri Nov 12 1 Sat Nov 13 7 Sun Nov 14 4 Mon Nov 15 5 Tue Nov 16 6 Wed Nov 17 26 Thu Nov 18 1 Fri Nov 19 9 Sat Nov 20 6 Sun Nov 21 2 Mon Nov 22 4 Wed Nov 24 16 Fri Nov 26 10 Sat Nov 27 54 Sun Nov 28 37 Mon Nov 29 36 Tue Nov 30 33 Wed Dec 1 18 Thu Dec 2 19 Fri Dec 3 18 Sat Dec 4 Here is the corresponding table for just encrypted messages. These are included in the counts above. 2 Sun Oct 3 3 Mon Oct 4 2 Wed Oct 6 1 Thu Oct 7 1 Fri Oct 8 1 Thu Oct 14 1 Tue Oct 19 1 Wed Oct 20 3 Thu Oct 21 1 Fri Oct 22 3 Sat Oct 23 1 Sun Oct 24 5 Mon Oct 25 3 Tue Oct 26 9 Wed Oct 27 4 Sat Oct 30 1 Wed Nov 3 1 Fri Nov 5 3 Sat Nov 6 3 Mon Nov 8 2 Tue Nov 9 4 Wed Nov 10 2 Thu Nov 11 1 Fri Nov 12 1 Sat Nov 13 1 Mon Nov 15 1 Tue Nov 16 13 Thu Nov 18 4 Sat Nov 20 3 Sun Nov 21 2 Wed Nov 24 1 Thu Nov 25 8 Fri Nov 26 6 Sat Nov 27 20 Sun Nov 28 22 Mon Nov 29 20 Tue Nov 30 23 Wed Dec 1 11 Thu Dec 2 5 Fri Dec 3 4 Sat Dec 4 From andrew at cubetech.com Sat Dec 4 15:29:31 1993 From: andrew at cubetech.com (Andrew Loewenstern) Date: Sat, 4 Dec 93 15:29:31 PST Subject: Escobar and Cellular Ph0n3z Message-ID: <9312042327.AA21189@valinor.cubetech.com> lex at mindvox.phantom.com (Lex Luthor) writes: > This is sophisticated, no question about it. I imagine the > equipment/circuits are available to do all this to the general > U.S. public, but still, I think the NSA probably provided the > equipment as it was probably all integrated together and fairly > idiot-proof to use. Maybe one big box, with a few of these big > boxes being dispersed about the country-side. The FBI used the same stuff a couple of years back to catch the people who kidnapped that Exxon executive. Considering how easy it is to pick up cellular transmissions and the way it works (cells with limited range), I believe it is something well within the resources of the FBI to develop. I really don't think the NSA has much of a hand in any of the things we hear about, unless it has something directly to do with crypto (which this does not, except, as Lex pointed out, that escobar probably should have been using strong crypto...). andrew From andrew at cubetech.com Sat Dec 4 15:34:31 1993 From: andrew at cubetech.com (Andrew Loewenstern) Date: Sat, 4 Dec 93 15:34:31 PST Subject: Will I be on a wanted poster? Message-ID: <9312042333.AA21227@valinor.cubetech.com> > > In my opinion, this is the best example yet since PGP of "cypherpunks > > writing code" because of the implications that this program has > > on privacy. (I'm using it to keep a personal space for my tax > > records, private correspondence, PGP dir, etc.), but Mike's > > suggestion for encrypting an entire BBS itself is a good point. > > What if *every* sysop encrypted their BBS with Secure Drive? > > No more Steve Jackson Games cases. I hope this happens. Computer > theft and unreasonable seizure is a real problem. As far as I know, a system like SecureDrive, KFS, or CFS, is really only as secure as the running machine is. Generally, when a BBS is 'seized' (forfeited? ;), it is running when the feds get there. Right now, if they have any clue (and from what I hear, the FBI has much more of a clue than the SS when it comes to this type of investigation), they usually take pictures of the setup to make sure they can put the machine back together when they get it to wherever they are taking it to. If encrypting file-systems become a problem, a disk could be developed (probably pretty easily) to retrieve the key from memory before they power it down. andrew "Touch that keyboard and die!!" From unicorn at access.digex.net Sat Dec 4 15:39:31 1993 From: unicorn at access.digex.net (Black Unicorn) Date: Sat, 4 Dec 93 15:39:31 PST Subject: Pablo and NSA Message-ID: <199312042334.AA01120@access.digex.net> Ok, so I take it back. +++ From: theprez at whitehouse.gov.com Subject: WE ARE INDEED WATCHING ! Lines: 10 Organization: University of Zurich, Department of Computer Science X-Newsreader: IBM NewsReader/2 v1.00 Date: Fri Dec 03 09:03:21 EST 1993 NEUTERS - Botoga 3.12.93 Police and military officials announced yesterday that they had help from American National Security Agency officials in tracking down Pablo Escobar. The NSA provided Columbian officials with the tools necessary to decipher communication between the Columbian drug lord and his cohorts. Escobar had been communicating by computer using the American Pretty Good Privacy (PGP) software product which was compromised by NSA officials working at a remote listening station in the Columbian jungle. +++ Haw Haw Haw. -uni- (Dark) From ferguson at icm1.icp.net Sat Dec 4 15:43:06 1993 From: ferguson at icm1.icp.net (Paul Ferguson x2044) Date: Sat, 4 Dec 93 15:43:06 PST Subject: (fwd) Re: Keyserver going down Message-ID: <9312042340.AA27104@icm1.icp.net> In light of the recent closure of the .toxicwaste keyserver, I thought that this message from Vess was rather timely. Forwarded message: > From: bontchev at fbihh.informatik.uni-hamburg.de (Vesselin Bontchev) > Newsgroups: sci.crypt,alt.security,comp.security.misc,alt.security.pgp,alt.security.keydist > Subject: Re: Keyserver going down > Date: 3 Dec 1993 13:14:21 GMT > Organization: University of Hamburg -- Germany > Message-ID: <2dne3d$ofc at rzsun02.rrz.uni-hamburg.de> > References: <2dn9re$6n5 at news.mantis.co.uk> > NNTP-Posting-Host: fbihh.informatik.uni-hamburg.de > X-Newsreader: TIN [version 1.2 PL2] > > -----BEGIN PGP SIGNED MESSAGE----- > > > Tony Lezard (tony at mantis.co.uk) writes: > > > >With both toxicwaste and iastate now out of business, what key servers > > >are still operating? > > > The folling list comes straight from keyserv.doc, in the PGP source files > > Unfortunately, I have the impression that the information there is > slightly out-of-date. I would prefer to get a direct reply to the > question asked from the people who run the keyservers. > > > archive. I must say, although I'm not one for conspicacy theories, the > > sudden and unexplained closure of *two* key servers in such a short time > > does make me a bit ... suspicious. Why were they closed? > > Yes, me too... Two keyservers, both in the USA, both were closed with > no explications given, both were closed rather fast... Is it what > we're all thinking about or are we just paranoid? > > > Internet sites: > > [list deleted] > > I have installed a public key server at our site as an experiment. It > took quite a long time, because I am not root on our machine and a > regular user installing such software is not a trivial task and has > some security implications. > > Till now, our server was syncronized only with one of the US ones. > Now, after two US servers have been closed down, I would like to > activate ours and to syncronise it with all other servers around the > world. It is currently working (you can get and send public keys); it > is just not syncronized with the other servers. > > Could please those who are running such servers and agree to have them > syncronized with ours contact me, so that I can include their site in > my CONFIG file? > > The information for our server is: > > pgp-public-keys at fbihh.informatik.uni-hamburg.de > Vesselin Bontchev > bontchev at fbihh.informatik.uni-hamburg.de > FTP: ftp.informatik.uni-hamburg.de:/pub/virus/misc/pubkring.pgp > > Requests to the server are processed every 15 minutes. > > Regards, > Vesselin > - -- > Vesselin Vladimirov Bontchev Virus Test Center, University of Hamburg > Tel.:+49-40-54715-224, Fax: +49-40-54715-226 Fachbereich Informatik - AGN > < PGP 2.3 public key available on request. > Vogt-Koelln-Strasse 30, rm. 107 C > e-mail: bontchev at fbihh.informatik.uni-hamburg.de 22527 Hamburg, Germany > > -----BEGIN PGP SIGNATURE----- > Version: 2.3a > > iQCVAgUBLP87VTZWl8Yy3ZjZAQHKIQP9GKbCGpdMNNQwKbWOrg5jk3Cam7YDrcpq > VYLO3p3yJ6JHHDKl/XJBXd4OGwbG6RY9H6E1vyb0VwfGDuwYxH8/1gp/b+Cod5Rb > GilZ9b2OiqornVAvAYwrg6XtsuOOTh1dpHUJB66YRudJ4UCCnju53XQ40V/7mylV > Bzv5idC4Iq0= > =Nl7x > -----END PGP SIGNATURE----- > From nowhere at bsu-cs.bsu.edu Sat Dec 4 15:49:32 1993 From: nowhere at bsu-cs.bsu.edu (Anonymous) Date: Sat, 4 Dec 93 15:49:32 PST Subject: Highway song Message-ID: <9312042346.AA15425@bsu-cs.bsu.edu> Newsgroups: alt.politics.datahighway,comp.org.eff.talk,talk.politics.crypto From: tcmay at netcom.com (Timothy C. May) Subject: The Data Highway Patrol Message-ID: Organization: NETCOM On-line Communication Services (408 241-9760 guest) X-Newsreader: TIN [version 1.1 PL8] Date: Fri, 3 Dec 1993 10:16:26 GMT The Data Highway will no doubt be patrolled by a new elite police force, the "Data Highway Patrol." Patterned after the California Highway Patrol, also known as "CHiPS" (as in the terrible-but-campy t.v. show of the 1970s), the Data Highway Patrol will presumably be dubbed the "ClipperCHiPS." They'll be sent out on their Harley-Davidson cybercycles to check for discriminatory data packets, for illegal use of encryption technology, and for "heavy loads" that strain network resources. And occasionally they'll stop and help a stranded Internetter. They'll have the top-rated Data Highway show in the 2002-3 season, ironically and recursively enough. Will President Reno send them in to raid the Cyber-Waco havens? --- Seriously, I haven't been following this group (alt.politics.datahighway, that is) too closely, after posting early on to it, as it seemed like the two camps--pro and con--were settling down to restating their positions. So, sorry if I'm now intruding. I was writing an essay for the Cypherpunks mailing list on the way strong crypto will make local gambling laws unenforceable (through "telegambling," where a casino in the Bahamas, or "somewhere" in cypherspace, is only a phone call through some digital mixes away). It became clear to me that the authorities will hardly countenance the use of the Data Highway---the taxpayer's NII--for such uses. (And a lot of other "interesting" uses I could describe. If interested, join the Cypherpunks mailing list by sending a request to "cypherpunks-request at toad.com". We were featured on the cover of the second issue of "Wired" and in the Summer, '93 issue of "Whole Earth Review," etc. An interesting bunch of folks.) No, the Data Highway won't likely tolerate "sealed loads" that might be accessing offshore gambling dens, kiddie porn rings, or weapons secret information markets (not to mention the ever-worrisome anonymous markets for assasinations...child's play with digital remailers and digital cash). Not any more than they now accept trucks carrying loads across state and national borders without the possibility of inspection. A national data highway will have lots of rules and regulations for "fair access," for the allowable data packets that can travel on it, and for taxation of the explosion in commercial traffic which will inevitably come. Hence, the Data Highway Patrol. Or maybe they'll call it the "CyberSpace Patrol." Personally, I hate government programs. I don't want the government "helping" with networks, and I don't want a streamlined data highway. I like the developing system we've got of zillions of cables, satellites, fiber optics, and the like, With lots of suppliers of services and lots of rerouting of packets, it makes it real hard to enforce the kind of restriction cited above. And that's a good thing. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From nowhere at bsu-cs.bsu.edu Sat Dec 4 15:49:33 1993 From: nowhere at bsu-cs.bsu.edu (Anonymous) Date: Sat, 4 Dec 93 15:49:33 PST Subject: The Tentacles of Cypherspace Message-ID: <9312042349.AA15576@bsu-cs.bsu.edu> Newsgroups: talk.politics.crypto,alt.privacy,alt.privacy.anon-server,news.admin.policy,comp.org.eff.talk,comp.admin.policy,alt.conspiracy From: ld231782 at casco.lance.colostate.edu (L. Detweiler) Subject: Re: CRYPTOANARCHIST INFILTRATION ALERT Sender: news at yuma.ACNS.ColoState.EDU (News Account) Message-ID: Date: Sat, 04 Dec 1993 10:53:19 GMT References: Nntp-Posting-Host: casco.lance.colostate.edu Organization: Colorado State University, Fort Collins, CO 80523 X-Newsreader: TIN [version 1.2 021193BETA PL3] Timothy C. May (tcmay at netcom.com) wrote: : "Medusa" (me, others). I gave up long ago trying to convice Larry : Detweiler (alias an12070, The Executioner, S. Boxx, The Pervert, The : Psychopunk, and apparently such pseudonyms) that I am a real person, : that Nick Szabo is a real person not the same as me, and that several : other "Tentacles" and "Snakes" are easily verified to be real people : with real lives. That's interesting. Perhaps you would like to enumerate these attempts. Here are a few I can think of off the top of my head. I asked J.Gilmore to send me his phone number to ask him about pseudospoofing by Cypherpunk leaders and he told me that he only gave out his phone number to his friends. I ask other cypherpunks for phone numbers and they call it an `invasion of their privacy'. I asked Szabo about his claims in RISKS and he exploded that I was `digitally stalking him.' I got a message from a Geof Dale (roommate of a college friend) who said generally he could assert that every cypherpunk I had ever wondered about being a pseudonym was a `true name' but refuses to give me his phone number to so I can ask specific questions. Nick Szabo has also resisted simple requests of mine to verify that `Nick Szabo' is not a pseudonym. I also asked you, a long time ago Mr. May, to state a simple sentence to me in the form `I have never posted under the name J.Dinkelacker'. You refused to do so. You did say `The assertion that I am J. Dinkelacker is too bizarre to believe.' Ha, ha, and that time I asked you what sites you have ever posted from, and your personal knowledge of multiple sites, you emailed my postmaster and said that I was `harassing' you. Oh, and that contained another reference to my `violent threats'. You seem to be quite sensitive to quotations like `death is the ultimate form of censorship.' Hee, hee. The truth is that every attempt I have made to verify certain identities has failed and led only to more grisly conclusions, such that Cypherpunks have gone to the length of registering NIC domains and buying out-of-state phone numbers. Do not tell me this is impossible! A businessman friend of mine has a local phone number in NY that forwards to Denver! It seems to me cypherpunks could use this very readily! (My kingdom goes to anyone who can provide me with the ability to trace the ultimate destination of phone calls in this way, and help uncover the amazing extent of the Cryptoanarchist conspiracy! volunteers desperately needed!) As for what the paranoid ranter and conspiracy theorist an12070 thinks, who gives a damn? I'm always amazed at top cypherpunks, supposedly interested in anonymity, attempting to equate me with this email address. The cypherpunks have made an art, science, and religion of deceiving others on the Internet and in the media. I do not consider the leaders respectable. If they were, they would have long ago answered my honest questions in a straightforward manner. And T.C.May is definitely the classic cryptoanarchist! Nice of you to keep holding onto your infamous signature (now widely discredited) promoting tax evasion, black marketeering, and the overthrow of governments. : Poor deluded Larry takes any such efforts to resolve his delusion as : _further proof_ of the Grand Conspiracy to drive him crazier than he : already is. Yes, I am quite insane. : What a strange world the Net is becoming. No thanks to you. : --Tim May, a Real Person Owner of many tentacles. Please list all the sites you have ever posted from, Mr. May. Ooops, that would be an Orwellian Invasion of your privacy. A McCarthyist Inquisition. Hee, hee. You cryptoanarchists are so silly. I am having great fun using your techniques of cyberspatial warfare and against yourselves. I will not relent until top leadership issues unequivocal statements on your involvement and knowledge of pseudospoofing. Lies like that by E.Hughes in RISKS, `I have never posted under any other name than E.Hughes' obviously do not count, although they may fool some people. I do thank you, Mr. May, for your posting directly on this topic after my attempts to date have failed. Perhaps you would like to invite your cohorts on the cypherpunks list including E.Hughes and J.Gilmore to start a cyberspatial attack campaign on this thread the way you infiltrated RISKS 15.27 and 15.28x! I await the fireworks! The most serious problems with the Cypherpunks may involve deception of the media. I'm trying to figure this out as we speak. These lies are very difficult to untangle! volunteers welcome! oh, BTW Mr. May, when did you decide my first name was Larry and not Lance? You called me Lance for 10 months or so on the cypherpunks list. hee, hee. I would give so much to be at the next CA Clique Conspiracy meeting in a week or two, to see how the leaders masterfully evade all charges of misbehavior. -- ld231782 at longs.LANCE.ColoState.EDU Newsgroups: talk.politics.crypto,alt.privacy,alt.privacy.anon-server,news.admin.policy,comp.org.eff.talk,comp.admin.policy,alt.conspiracy From: ld231782 at casco.lance.colostate.edu (L. Detweiler) Subject: Re: CRYPTOANARCHIST INFILTRATION ALERT Sender: news at yuma.ACNS.ColoState.EDU (News Account) Message-ID: Date: Sat, 04 Dec 1993 11:05:27 GMT References: Nntp-Posting-Host: casco.lance.colostate.edu Organization: Colorado State University, Fort Collins, CO 80523 X-Newsreader: TIN [version 1.2 021193BETA PL3] Followup-To: talk.politics.crypto,alt.privacy,alt.privacy.anon-server,news.admin.policy,comp.org.eff.talk,comp.admin.policy,alt.conspiracy : Ah. I could say that I've seen Nick and Tim in the same room, but : that would prove I'm just another pseudonym. (We're all at Netcom, : after all.) So why did I ask the question above? That just shows : how subtle Tim is. (I wish I were that subtle.) Y'know, after all this hullaballo I still have no idea what Szabo does for a living. Maybe he would like to post information about where he works. Just general information that can be verified, nothing that would invade his privacy. Ooops, I guess all cryptoanarchists believe that any inquiry into identity (even those who claim to have one) is an `invasion of their privacy'. Well, we can't get very far in that case. I will just have to stick `szabo at netcom.com' into my `untrusted pseudonym' file. hee, hee. Sort of a like a McCarthyist Witchhunt Inquisition list. Those darn Cryptoanarchists. My experience with Szabo started only after I read neat mail by Szabo stating how he had mastered the art of surreptitious posting from multiple sites. Mr. Szabo, could you please elaborate on your techniques? I had to guess at what you were accomplishing in RISKS 15.28x (or 15.27, hard to remember) because you are certainly not voluntarily going to reveal this information, eh? that's the name of the game with pseudospoofing. Also, you blew up when I followed up on your claim in 15.27 that many cypherpunks had attempted to help me verify their identities. `Which ones?' I asked. `What have they done for me?' You got really upset, remember, and threatened to stop posting from the name szabo at netcom.com entirely! I thought this highly suspicious, but perhaps you can explain it all. Some of Mr.Szabo's comments and those by another tentacle I have discovered suggest they are actually running sophisticate software to maintain their arsenals of tentacles. This is my Holy Grail, to get information on that! I suspect it was written by E.Hughes. He hasn't said a word on it. Oh, many, many things for me to wonder about. Please enlighten me. I am just another scientist in search of the truth, by iteratively refining his sense of what is not. Sooner or later I will have to post an analysis of cryptoanarchist disinformation as posted by either Szabo or May (some of the very best purveyors, IMHO). -- ld231782 at longs.LANCE.ColoState.EDU From jim at bilbo.suite.com Sat Dec 4 16:09:33 1993 From: jim at bilbo.suite.com (Jim Miller) Date: Sat, 4 Dec 93 16:09:33 PST Subject: Pablo and NSA Message-ID: <9312050006.AA28179@bilbo.suite.com> > NSA provided Columbian officials with the tools > necessary to decipher communication between the > Columbian drug lord and his cohorts. Escobar had been > communicating by computer using the American Pretty > Good Privacy (PGP) software product which was > compromised by NSA officials working at a remote > listening station in the Columbian jungle. > Hopefully this is a joke. However, it does bring up a point. The NSA can put fear into people's minds by simply *claiming* the ability to compromise PGP. They don't have to really be able to. Just start a rumor, sit back, and watch what happens. Jim_Miller at suite.com From jim at bilbo.suite.com Sat Dec 4 16:44:34 1993 From: jim at bilbo.suite.com (Jim Miller) Date: Sat, 4 Dec 93 16:44:34 PST Subject: Speaking of hard disk encryption... Message-ID: <9312050042.AA28649@bilbo.suite.com> Anyone out there have any experience with SafeBoot(tm) from SmartDisk Security Corporation? Here's what you get in the mail when you call them for info: [disclaimer: I am not accociated with SmartDisk Security Corporation] -------------- SafeBoot - The SmartDisk PC Security System - SafeBoot is an extremely secure and easy-to-use access control system for the personal computer. - SafeBoot is the first access control system to use the SmartDisk. It is the only hardware-based PC security system that is suitable for all PC's including notebooks and portables. - SafeBoot provides two factor access control; your PC cannot be used unless it is booted from your SmartDisk and your SmartDisk password is entered at the SafeBoot log-on screen. - SafeBoot keeps your data confidential and protects your computer from unauthorized users. EASY TO USE SafeBoot is simple to install and easy to use. During installation SafeBoot generates a unique encryption key, stores it one your SmartDisk and encrypts your PC's hard disk using this key. The next time you want to use your PC, you simply boot your PC from your SmartDisk. The SafeBoot log-on screen will appear and will prompt you to enter your SmartDisk password. If you enter the correct password, your computer will start-up as normal. You can then remove your SmartDisk and forget that SafeBoot is installed, as it will not interfere in any way with the normal operation of your computer. SafeBoot will work with all disk utility tools and compression software, including Norton SpeedDisk and MicroSoft DoubleSpace. DATA ENCRYPTION AND BOOT PROTECTION When you boot your computer using your SmartDisk and enter your password, SafeBoot will read the encryption key held on the SmartDisk into the PC's memory. SafeBoot will then transparently encrypt and decrypt all hard disk accesses until you switch off or reboot your PC. Unlike most software-based PC security systems, that have to store the encryption key on the hard disk itself, SafeBoot uses the SmartDisk to store the key. By doing this, SafeBoot prevents unauthorized users from using low level PC recovery tools to discover the key, and 'undo' the hard disk protection. FULL OR PARTIAL HARD DISK ENCRYPTION You can choose how much of your hard disk SafeBoot will encrypt. For most purposes 'partial encryption' is more than adequate and is very quick to install. 'Partial encryption' encrypts the structure of the data on your hard disk - the information which MS-DOS uses to find the files and directories. 'Full encryption' takes a little longer to install, but will protect all of your data against even the most determined hacker. BOOT SECTOR VIRUS DETECTION Software-based virus protection products cannot prevent your computer from 'catching' a boot sector virus. Boot sector viruses can also be the most difficult type of PC virus to detect, as they are loaded into memory before any virus detection software can be run. Once loaded, a virus can pretend that the boot sector has not been modified, thus prevent itself from being detected. Because SafeBoot runs before the PC's boot sector is loaded it can detect boot sector viruses that otherwise hide themselves from virus detection software. THE SMARTDISK Although the SmartDisk looks like a 3.5" floppy disk and fits into a normal floppy disk drive, it is not a floppy disk. It is actually a hardware device with its own microprocessor that provides secure, password protected storage. The SmartDisk differs from all other hardware PC security solutions, for example, a smartcard, because it needs no special readers, extra circuit boards, or power supplies, and no connectors or cables. The SmartDisk operates in a standard PC 3.5" diskette drive without modification to the drive or the PC. SmartDisk directly enhances protection of the PC's data by retaining the encryption key, the password, and the encryption algorithm - none of which remains resident on the PC. This ensures that the SafeBoot software is run before any other software is loaded on the PC, thus enabling SafeBoot to verify system integrity before continuing to load your PC's operating system. LOST SMARTDISK OR FORGOTTEN PASSWORD When SafeBoot is installed, it creates a backup of your encryption key on the SafeBoot system disk. If you forget your password, of lose your SmartDisk, you can use this floppy disk to remove SafeBoot. SECURING MULTIPLE PCs WITH ONE SMARTDISK A single SmartDisk can be used to secure any number of PCs without incremental cost. SafeBoot will generate a unique key for your SmartDisk the first time that SafeBoot is installed, but will allow you to use the same key for subsequent installations. SAFEBOOT FOR CORPORATE ENVIRONMENTS Various utilities are available to facilitate the installation and management of SmartDisks and SafeBoot encryption keys within large organizations. SmartDisk Security Corporation 4073 Mercantile Ave Naples, Florida, USA 33942 (813) 263-3475 voice (813) 643-6357 FAX ----------------- Jim_Miller at suite.com From nowhere at bsu-cs.bsu.edu Sat Dec 4 19:19:35 1993 From: nowhere at bsu-cs.bsu.edu (Anonymous) Date: Sat, 4 Dec 93 19:19:35 PST Subject: The Psuedospoofing Saga Continues Message-ID: <9312050320.AA25688@bsu-cs.bsu.edu> From: ebrandt at jarthur.cs.hmc.edu (Eli Brandt) Newsgroups: talk.politics.crypto,alt.privacy,alt.privacy.anon-server,news.admin.policy,comp.org.eff.talk,comp.admin.policy,alt.conspiracy Subject: Re: CRYPTOANARCHIST INFILTRATION ALERT Date: 5 Dec 1993 00:14:51 GMT Organization: Harvey Mudd College, Claremont CA Message-ID: <2dr95r$6dg at jaws.cs.hmc.edu> References: NNTP-Posting-Host: jarthur.cs.hmc.edu In article , L. Detweiler wrote: >As for what the paranoid ranter and conspiracy theorist an12070 thinks, >who gives a damn? I'm always amazed at top cypherpunks, supposedly interested >in anonymity, attempting to equate me with this email address. Oh, come off it. Your rants under various names (including your own) are very similar: in tone and style, in topic, in their universal fixation on PSEUDOSPOOFING, "top cypherpunks", and "cypherpunk leaders", in time of night sent to the list, in 0 of punctuation. Then we have an12070 quoting from private mail to you -- you tried to weasel by saying you'd "communicated with your colleague", whom you're now calling a "paranoid ranter". And just today you made a blatant foul-up in your rant on drug conspiracies: > Message-Id: <9312041519.AA16672 at anon.penet.fi> > To: cypherpunks at toad.com > From: an12070 at anon.penet.fi (Pablo Escobar) > puts the life of everyone in the group at deadly dangerous risk. He > said something very bizarre to me, `so Lance, just HOW ARE YOU FEELING > TODAY?' The strange tone was entirely uncharacteristic of him, and I Oops. I find it ironic that for all your rants about PSEUDOSPOOFING, your practices are the most blatant and long-running example I have ever encountered. I would not count your an12070 account as more than one identity, except that you constantly change the name and use different ones to contradict others: "The Executioner" , says: > I thought that the infamous L. Detweiler had stopped his posting, but it > appears that he is back, and more neurotic than ever. but "S. Boxx" says: > BTW, many thanks to L.Detweiler for his lone help in helping me break a > corrupt conspiracy and massive cyberspatial hoax. Enough. >Timothy C. May (tcmay at netcom.com) wrote: > >: "Medusa" (me, others). I gave up long ago trying to convice Larry >: Detweiler (alias an12070, The Executioner, S. Boxx, The Pervert, The >: Psychopunk, and apparently such pseudonyms) that I am a real person, >That's interesting. Perhaps you would like to enumerate these attempts. You may recall that your very first paranoid claim was that Tim May and Jamie Dinkelacker were the same person. You were given the phone numbers of both -- this was before people became nervous about giving you any personal information. Did you ever attempt a reality check? >If they were, they would have long ago answered my honest questions in >a straightforward manner. Oh, you mean like: >that by E.Hughes in RISKS, `I have never posted under any other name than >E.Hughes' obviously do not count, although they may fool some people. It's not an answer because he didn't ADMIT to his heinous CRIMES, I guess. Rot in place, will you? >ld231782 at longs.LANCE.ColoState.EDU Eli ebrandt at jarthur.claremont.edu PGP 2 key by finger or e-mail "I have noticed an interesting overlap between radical libertarians, crypto- anarchists, psychopunks, and people who promote sodomy." -- L. Detweiler From mg5n+ at andrew.cmu.edu Sat Dec 4 19:23:08 1993 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Sat, 4 Dec 93 19:23:08 PST Subject: Escobar and Cellular Ph0n3z In-Reply-To: Message-ID: lex at mindvox.phantom.com (Lex Luthor) wrote: > The report stated that Escobar was worth a few Billion dollars > and that he was a smart man. Why didn't he use encryption? > This would have thwarted the police. Of course you may say, > how many encrypted cellular conversations take place in that > part of Columbia, and the answer would probably be close to > zero if not zero. So just modify the equipment to recognize > encrypted/scrambled speech or whatever and locate the source. > Fine, but if Escobar has so much money and so many allies, > why not buy many encrypted cellular set-ups and distribute > them to his people (paying them of course) to move > throughout the region constantly and make cellular encrypted > phone calls at random? > > Now, tying this in with the 'ol Clipper-chip debate, if > Escobar who is worth billions of dollars, is smart, and is > considered one of the biggest drug kingpins in history does > not use encryption, how many lower-level criminals, who > don't have the financial resources nor the intelligence will? Good questions. The answers are varied. But, basically, it comes down to this: Just because the technology is availiable, it doesn't mean Escobar was aware of it. There just isn't enough recognition among the general public of what technology is availiable. Certainly, there were a lot of things he could have done to defend himself better. I don't think lack of inteligence was Escobar's nemisis, but simply that he did not have good technical advisors availiable to him, and wasn't aware of the technology. There is a lot more necessary than to just say "he should have used encryption". First of all, you can't make an encrypted cellular call so easily. There do not yet exist many widely availiable systems which can compress digitized sound in real time to fit within the bandwidth limitations of cellular telephone technology or most wireline telephone channels. We've been over this in our discussions of building secure telephones; it's not easy, and radio noise caused by cellular makes it even more difficult. Even if Escobar had such technology availiable to him, the person he was calling would also have to have the same encryption hardware. I suspect that given the situation, this might not be possible. But - if Escobar had high-tech computerized/digital encryption technology, why would he be using cellular at all? A high-speed radio modem would have worked well for encryping all his communications. Still, the fact that while all of us cyberwizards here can talk about what would be possible, building a encrypted communications network takes a lot of work. Escobar probably would have needed to enploy a team of cyrptographers and computer/radio experts - and they're not easy to find in rural Colombia. From ferguson at icm1.icp.net Sat Dec 4 19:49:35 1993 From: ferguson at icm1.icp.net (Paul Ferguson x2044) Date: Sat, 4 Dec 93 19:49:35 PST Subject: Quote of the Week Message-ID: <9312050347.AA29110@icm1.icp.net> On Sat, 4 Dec 93 22:20:44 -0500, Anonymous wrote - > "I have noticed an interesting overlap between radical libertarians, > crypto-anarchists, psychopunks, and people who promote sodomy." > -- L. Detweiler From pmetzger at lehman.com Sat Dec 4 20:09:35 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Sat, 4 Dec 93 20:09:35 PST Subject: Escobar and Cellular Ph0n3z In-Reply-To: Message-ID: <199312050405.XAA29292@snark.ts.lehman.com> Matthew J Ghio says: > First of all, you can't make an encrypted cellular call so easily. > There do not yet exist many widely availiable systems which can compress > digitized sound in real time to fit within the bandwidth limitations of > cellular telephone technology or most wireline telephone channels. Untrue. There are many systems I can buy off the shelf from companies like Cylink or Crypto AG. True, some of the systems are not widely available outside the U.S. or Europe, but when you are smuggling Cocaine by the planeload taking a few phones back with you on the return trip seems perfectly feasable. > We've been over this in our discussions of building secure telephones; > it's not easy, and radio noise caused by cellular makes it even more > difficult. Its not easy because people have been lazy, not because it isn't perfectly available. "Radio noise" on cellular isn't nearly so bad as you make it out. Perry From MIKEINGLE at delphi.com Sat Dec 4 20:19:35 1993 From: MIKEINGLE at delphi.com (Mike Ingle) Date: Sat, 4 Dec 93 20:19:35 PST Subject: Anonymous Digicash Message-ID: <01H63IIMB1AG90R973@delphi.com> I want to write a simple digicash program. This will use code from PGP as much as possible. It will probably be online digicash, but it needs strong anonymity. For that you need a blind signature protocol. What is the best one, and where can I get a description of it? What is the best/simplest digicash system to implement? Is it possible to have a partially blind signature? For example, the customer generates the cash (random string), blinds it, and sends it to the bank. The bank adds an expiration date and signs it. The customer unblinds the random string, leaving a signature on both the cash and the expiration date. --- MikeIngle at delphi.com From tcmay at netcom.com Sat Dec 4 20:23:09 1993 From: tcmay at netcom.com (Timothy C. May) Date: Sat, 4 Dec 93 20:23:09 PST Subject: IGNORE: useless drivel In-Reply-To: <9312041542.AA04428@ah.com> Message-ID: <199312050421.UAA28665@mail.netcom.com> > 12070 writes: > > >That which does not destroy evil makes it grow stronger! > > This sentence wins an Eric Hughes "Most complete misquoting of > Nietzsche in 1993" award. > > Eric Wait, you didn't announce the competition! You can't just award the prize to Detweiler without letting the rest of us have a chance. How about: "Live paranoidly." or "If you stare into the Detweiler, the Detweiler will stare into you."? --Tim -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From sboxx at lodestone.nsa.gov Sat Dec 4 21:04:35 1993 From: sboxx at lodestone.nsa.gov (sboxx at lodestone.nsa.gov) Date: Sat, 4 Dec 93 21:04:35 PST Subject: Who am I really? Message-ID: <9312050502.AA08272@longs.lance.colostate.edu> Maybe I'm an NSA agent-provocateur sent here to destroy you. You never know....hehehe From wex at media.mit.edu Sat Dec 4 21:19:36 1993 From: wex at media.mit.edu (Alan (Miburi-san) Wexelblat) Date: Sat, 4 Dec 93 21:19:36 PST Subject: Escobar and Cellular Ph0n3z In-Reply-To: <9312042011.AA10620@toaster.SFSU.EDU> Message-ID: <9312050519.AA17625@media.mit.edu> For me, paranoia runs too deep. It's just too easy, too convenient an end to the story -- the Bad Man dead with no chance to implicate those who helped him. The gov't looks good, both at home and in the US; more money for the War on Drugz Escobar got out of jail once; he had no reason to fear going back to jail for a while. I'm betting that the body in that casket is not his, that this is his way of "retiring" from the game, and that he cut a deal with the gov't to do it. Note that his family was given protective custody by the gov't less than a week ago. We probably won't know the truth for years. --Alan From trestrab at GVSU.EDU Sat Dec 4 21:33:08 1993 From: trestrab at GVSU.EDU (BETH TRESTRAIL) Date: Sat, 4 Dec 93 21:33:08 PST Subject: Pablo and NSA Message-ID: <9311057550.AA755080250@GVSU.EDU> >> NSA provided Columbian officials with the tools >> necessary to decipher communication between the >> Columbian drug lord and his cohorts. Escobar had been >> communicating by computer using the American Pretty >> Good Privacy (PGP) software product which was >> compromised by NSA officials working at a remote >> listening station in the Columbian jungle. >> >> > > >Hopefully this is a joke. However, it does bring up a point. The NSA can > put fear into people's minds by simply *claiming* the ability to >compromise PGP. They don't have to really be able to. >Just start a rumor, sit back, and watch what happens. > >Jim_Miller at suite.com > Under any circumstances of what the NSA may or may not be able to do regarding breaking PGP, your traffic is certainly no worse off than sending it in the clear, and most likely quite a bit better off. Jeff trestrab at gvsu.edu From greg at ideath.goldenbear.com Sat Dec 4 21:43:09 1993 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Sat, 4 Dec 93 21:43:09 PST Subject: No Subject Message-ID: <6FL3Dc1w165w@ideath.goldenbear.com> I've been playing with the below-mentioned script this afternoon, and it seems to be a very good thing. Folks interested in spotting various names, texts, etc, on Usenet may find the following of interest: (Now we can all be like Kibo :) > From: tchrist at cs.Colorado.EDU (Tom Christiansen) > Newsgroups: comp.security.misc,alt.security,comp.security.unix > Subject: Re: Linux rsh BIG RAGGEDY HOLE > Message-ID: > Date: 3 Dec 93 20:15:32 GMT > > [text deleted; previous poster lamented difficulty of finding needles > in the Usenet haystack] > > I may be able to offer some small bit of help. If you have access to > your news spool (nntp won't cut it), then you can run Larry Wall's clip > program to help alert you to thing you can describe . The program is > available for anon ftp from convex.com in /pub/perl/scripts/clip; it's > pretty neat. > > [text deleted] > > --tom > -- > Tom Christiansen tchrist at cs.colorado.edu > "Will Hack Perl for Fine Food and Fun" > Boulder Colorado 303-444-3212 -- Greg Broiles Lemon Detweiler Pledge? greg at goldenbear.com You're soaking in it. From The Sat Dec 4 21:59:36 1993 From: The (The) Date: Sat, 4 Dec 93 21:59:36 PST Subject: Who am I Really Message-ID: <9312050558.AA23035@toad.com> Whoever sboxx at lodestone.nsa.gov is, he sure ISN'T NSA! Everyone knows that NSA does not have an ip address and the one that it does use is so innocuous that any private knows it! Kids these days! :) Kasey a/k/a The Punisher ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ THE ## ## ###### ###### ### ## ## ## ## ###### ###### ###### ## ### ## ## ## ## ## ###### ## ## ..... WHO? ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ From nobody at shell.portal.com Sat Dec 4 22:23:08 1993 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Sat, 4 Dec 93 22:23:08 PST Subject: Remailer Traffic Augmentation Message-ID: <9312050621.AA11296@jobe.shell.portal.com> (CAPS LOCK ALERT!!!!> WHILE READING HAL'S REMAILER STATS I GOT SOMEWHAT DEPRESSED IT SEEMS THAT I COULD EASILY CORRELATE HIS PEAKS WITH SOME OF MY REMAILER EXPERIMENTS. BY CORRELATING WITH MY MAIL LOGS. I HAVE BEEN LOOKING AT .forward INITIATED SCRIPTS THAT WOULD PING EVERY KNOWN REMAILER EVERYTIME A PIECE OF REGULAR MAIL WAS RECEIVED(NON REMAILER PING TRAFFIC). IT APPEARS THAT PROCMAIL WOULD BE IDEAL BUT IT DOESNT SEEM TO BE UNIVERSAL AT EVERY SITE SO I HAVE ALSO BEEN LOOKING AT C, PERL AND TCL. IF JUST A FEW (1-6) ACCOUNTS AT AS FEW AS 15 SITES DID THIS IT WOULD MAKE TRAFFIC ANALYSIS MUCH MORE DIFFICULT. WHAT DO THE REST OF THE TENTACLES THINK? MEDUSA'S MOTHER ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From tcmay at netcom.com Sat Dec 4 22:29:36 1993 From: tcmay at netcom.com (Timothy C. May) Date: Sat, 4 Dec 93 22:29:36 PST Subject: Who am I Really In-Reply-To: <9312050558.AA23035@toad.com> Message-ID: <199312050626.WAA10555@mail.netcom.com> > Whoever sboxx at lodestone.nsa.gov is, he sure ISN'T NSA! > Everyone knows that NSA does not have an ip address and the one that > it does use is so innocuous that any private knows it! ... > Kasey > a/k/a The Punisher Truly, as the message-ID of his posting to us says: <9312050502.AA08272 at longs.lance.colostate.edu> ...which ought to look pretty familiar by now. He altered the "From:" field to his fictional "sboxx at lodestone.nsa.gov" address, but neglected certain other identifying marks. Not that anyone has any doubts (do I see any hands raised? I didn't think so). Yes, Lance or Larry (he took me to task for using "Larry") is still ranting over in talk.politics.crypto. Yes, still playing games. What's beginning to irritate me--which is probably LD's intent--is the e-mail I'm getting from non-Cypherpunks asking me to explain myself to justify my campaign against Detweiler! Sort of like what happened about a month ago when a number of Cypherpunks were not fully aware of LD's history and methods and were, to varying degrees, suggesting we listen to him and so forth (I have no objection to that....I don't urge censorship by the List per se, just common sense filters and possibly expulsion of seriously disruptive folks...but I have no say over this so am just expressing my views). The list as a whole is much more loosely-coupled and so the feedback loop is even longer. My approach is to not try to correct their many misapprehensions. Why should I, after all? This Detweiler business will blow over, and the Net has more important things to worry about. To those who frequently urge us not to mention Detweiler, or to take a pledge of silence (Sorry, Sandy!), I feel my few postings on LD are only a tiny fraction of his postings--that man must spend several hours a day composing his ramblings and free association tracts. If you worry about bandwidth wastage, go to the main cause instead. Or use kill files, filters, etc. I do actually comment on _other_ things, you know. I got an Apple Newton today, so I'll be playing with it pretty intensively for the next few days (Scott Collins demoed some crypto-related apps for the Newton at the last Cypherpunks meeting...I think this is an important tool for local storage of keys and perhaps even for being a main PGP platform, once connectivity to more machines and programs is made easier.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay at netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | Public Key: PGP and MailSafe available. Note: I put time and money into writing this posting. I hope you enjoy it. From ld231782 at longs.lance.colostate.edu Sat Dec 4 22:54:36 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Sat, 4 Dec 93 22:54:36 PST Subject: Cyberspatial Bill of Rights Message-ID: <9312050653.AA11109@longs.lance.colostate.edu> Of interest to some... ===cut=here=== Date: 04 Dec 93 14:20:40 EST From: Marty Winter <76407.3521 at compuserve.com> To: "SEA.LIST" Subject: Electronic Bill of Rights Courtesy Friends & Lovers BBS, Selkirk, NY Posted with the permission of Frank Connolly of The American University. Information on how to contact him is at the end of this document. ++++++++++++++++++ The following document might be of interest... Called the Bill of Rights and Responsibilities for Electronic Learners, it is a model policy statement regarding the rights and responsibilities of individuals and institutions regarding computers and electronic networks in education. Although the project was begun as part of EDUCOM, it is now an initiative of the American Association of Higher Education (AAHE). Your comments and suggestions for gaining consideration and discussion of the Bill on campuses, in school districts and professional forums would be appreciated. =============== TEXT OF BILL FOLLOWS =========================== PREAMBLE In order to protect the rights and recognize the responsibilities of individuals and institutions, we, the members of the educational community, propose this Bill of Rights and Responsibilities for the Electronic Community of Learners. These principles are based on a recognition that the electronic community is a complex subsystem of the educational community founded on the values espoused by that community. As new technology modifies the system and further empowers individuals, new values and responsibilities will change this culture. As technology assumes an integral role in education and lifelong learning, technological empowerment of individuals and organizations becomes a requirement and right for students, faculty, staff, and institutions, bringing with it new levels of responsibility that individuals and institutions have to themselves and to other members of the educational community. ARTICLE I: INDIVIDUAL RIGHTS The original Bill of Rights explicitly recognized that all individuals have certain fundamental rights as members of the national community. In the same way, the citizens of the electronic community of learners have fundamental rights that empower them. Section 1. A citizen's access to computing and information resources shall not be denied or removed without just cause. Section 2. The right to access includes the right to appropriate training and tools required to effect access. Section 3. All citizens shall have the right to be informed about personal information that is being and has been collected about them, and have the right to review and correct that information,. Personal information about a citizen shall not be used for other than the expressed purpose of its collection without the explicit permission of that citizen. Section 4. The constitutional concept of freedom of speech applies to citizens of electronic communities. Section 5. All citizens of the electronic community of learners have ownership rights over their own intellectual works. ARTICLE II: INDIVIDUAL RESPONSIBILITIES Just as certain rights are given to each citizen of the electronic community of learners, each citizen is held accountable for his or her actions. The interplay of rights and responsibilities within each individual and within the community engenders the trust and intellectual freedom that form the heart of our society. This trust and freedom are grounded on each person's developing the skills necessary to be an active and contributing citizen of the electronic community. These skills include an awareness and knowledge about information technology and the uses of information and an understanding of the roles in the electronic community of learners. Section 1. It shall be each citizen's personal responsibility to actively pursue needed resources: to recognize when information is needed, and to be able to find, evaluate, and effectively use information. Section 2. It shall be each citizen's personal responsibility to recognize (attribute) and honor the intellectual property of others. Section 3. Since the electronic community of learners is based upon the integrity and authenticity of information, it shall be each citizen's personal responsibility to be aware of the potential for and possible effects of manipulating electronic information: to understand the fungible nature of electronic information; and to verify the integrity and authenticity, and assure the security of information that he or she compiles or uses. Section 4. Each citizen, as a member of the electronic community of learners, is responsible to all other citizens in that community: to respect and value the rights of privacy for all; to recognize and respect the diversity of the population and opinion in the community; to behave ethically; and to comply with legal restrictions regarding the use of information resources. Section 5. Each citizen, as a member of the electronic community of learners, is responsible to the community as a whole to understand what information technology resources are available, to recognize that the members of the community share them, and to refrain from acts that waste resources or prevent others from using them. ARTICLE III: RIGHTS OF EDUCATIONAL INSTITUTIONS Educational institutions have legal standing similar to that of individuals. Our society depends upon educational institutions to educate our citizens and advance the development of knowledge. However, in order to survive, educational institutions must attract financial and human resources. Therefore, society must grant these institutions the rights to the electronic resources and information necessary to accomplish their goals. Section 1. The access of an educational institutions to computing and information resources shall not be denied or removed without just cause. Section 2. Educational institutions in the electronic community of learners have ownership rights over the intellectual works they create. Section 3. Each educational institution has the authority to allocate resources in accordance with its unique institutional mission. ARTICLE IV: INSTITUTIONAL RESPONSIBILITIES Just as certain rights are assured to educational institutions in the electronic community of learners, so too each is held accountable for the appropriate exercise of those rights to foster the values of society and to carry out each institution's mission. This interplay of rights and responsibilities within the community fosters the creation and maintenance of an environment wherein trust and intellectual freedom are the foundation for individual and institutional growth and success. Section 1. The institutional members of the electronic community of learners have a responsibility to provide all members of their community with legally acquired computer resources (hardware, software, networks, data bases, etc.) in all instances where access to or use of the resources is an integral part of active participation in the electronic community of learners. Section 2. Institutions have a responsibility to develop, implement, and maintain security procedures to insure the integrity of individual and institutional files. Section 3. The institution shall treat electronically stored information as confidential. The institution shall treat all personal files as confidential, examining or disclosing the contents only when authorized by the owner of the information, approved by the appropriate institutional official, or required by local, state or federal law. Section 4. Institutions in the electronic community of learners shall train and support faculty, staff, and students to effectively use information technology. Training includes skills to use the resources, to be aware of the existence of data repositories and techniques for using them, and to understand the ethical and legal uses of the resources. August, 1993 * Frank Connolly The American University * * FRANK at American.EDU 119 Clark Hall * * (202) 885-3164 Washington, D.C 20016 * From ebrandt at jarthur.Claremont.EDU Sat Dec 4 23:09:36 1993 From: ebrandt at jarthur.Claremont.EDU (Eli Brandt) Date: Sat, 4 Dec 93 23:09:36 PST Subject: Quote of the Week In-Reply-To: <9312050347.AA29110@icm1.icp.net> Message-ID: <9312050709.AA23786@toad.com> > From: ferguson at icm1.icp.net (Paul Ferguson x2044) > On Sat, 4 Dec 93 22:20:44 -0500, > Anonymous wrote - > > > "I have noticed an interesting overlap between radical libertarians, > > crypto-anarchists, psychopunks, and people who promote sodomy." > > -- L. Detweiler The rest of my .sig selection, in case anyone cares: "Just another repulsive variation on psychopunk depravity and perversions. Honest people would be repulsed by it." -- L. Detweiler "Your hideous criminal clock, your insidious time bomb, is tick-tick-ticking." -- L. Detweiler "They have written customized software for pseudospoofing and style analysis for cyberspatial warfare across the many lists." -- L. Detweiler "I think all the cryptoanarchists, radical libertarians, and cypherpunks who promote drug use seem to be in favor of a sort of social sadochism [sic] and masochism." -- L. Detweiler Eli ebrandt at jarthur.claremont.edu From hfinney at shell.portal.com Sat Dec 4 23:09:37 1993 From: hfinney at shell.portal.com (Hal Finney) Date: Sat, 4 Dec 93 23:09:37 PST Subject: Anonymous Digicash Message-ID: <9312050705.AA12780@jobe.shell.portal.com> Mike Ingle asks about digicash. The simplest system I know of that is anonymous is the one by Chaum, Fiat, and Naor, which we have discussed here a few times. The idea is that the bank chooses an RSA modulus, and a set of exponents e1, e2, e3, ..., where each exponent ei represents a denomination and possibly a date. The exponents must be relatively prime to (p-1)(q-1). PGP has a GCD routine which can be used to check for valid exponents. As with RSA, to each public exponent ei corresponds a secret exponent di, calculated as the multiplicative inverse of ei mod (p-1)(q-1). Again, PGP has a routine to calculate multiplicative inverses. In this system, a piece of cash is a pair (x, f(x)^di), where f() is a one-way function. MD5 would be a reasonable choice for f(), but notice that it produces a 128-bit result. f() should take this 128-bit output of MD5 and "reblock" it to be an multi-precision number by padding it; PGP has a "preblock" routine which does this, following the PKCS standard. The way the process works, with the blinding, is like this. The user chooses a random x. This should probably be at least 64 or 128 bits, enough to preclude exhaustive search. He calculates f(x), which is what he wants the bank to sign by raising to the power di. But rather than sending f(x) to the bank directly, the user first blinds it by choosing a random number r, and calculating D=f(x) * r^ei. (I should make it clear that ^ is the power operator, not xor.) D is what he sends to the bank, along with some information about what ei is, which tells the denomination of the cash, and also information about his account number. The bank debits his account for the amount corresponding to exponent ei, and signs D by raising it to the power di. This leads to E = f(x)^di * r, which is what the bank sends back to the user. The user divides E by r (this is done by calculating the multiplicative inverse of r modulo the bank's modulus, and multiplying E by that), giving C=f(x)^di. The user can then create the actual coin as (x, f(x)^di). This should also have some information appended to it to remember what exponent was used (what denomination this is), so it would actually be (ei, x, f(x)^di). There are some complications in this system. The user may want to withdraw several coins at once, and when he gets back the E values he needs to know which is which (so he knows which r to divide by for each one). So he may want to include some unique tag with his D values he sends to the bank and get the bank to send those back with the E values so that he can distinguish them. The bank will not recognize the coins (ei, x, f(x)^di) when they are deposited (returned to the bank), due to the blinding. But it will need to keep a list of all the x values it has seen so far so that it can detect double-spending. If the ei values encode not only denominations but also issue dates at some level, and if the cash is given a limited lifetime, the list can be purged of old values periodically. I do think a prototype digital cash system would not be too hard to do. It would not have to address all of these problems right away. The larger problem is how to experiment in a meaningful way with diigicash due to the difficulty in giving it value. We've talked about this problem before but I haven't seen any really good solutions. Karl Barrus tried to start up a non-anonymous cash system some months ago but there was nothing to spend it on. (Actually, he does have a remailer which uses his cash, but since other remailers are free that has probably limited interest in the for-pay remailer.) I am continuing to work on a simple TCL interface to much of the PGP functionality which would be needed for such a system (and for other types of experimentation). I have the MP library done, so the additional entry points needed would include the MD5 one-way function, the random- number generation, and the reblocking. Perhaps in another week I will have those hooks in place. Then you could write the control software in TCL, which would be easier for prototyping purposes since it's interpreted. Hal Finney hfinney at shell.portal.com From ld231782 at longs.lance.colostate.edu Sat Dec 4 23:43:09 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Sat, 4 Dec 93 23:43:09 PST Subject: A Clarification on My Trials and Tribulations Message-ID: <9312050740.AA11785@longs.lance.colostate.edu> Cypherpunks, you just don't get it. Why am I continuing to attack you and your leaders despite your vicious, cowardly attacks on me and my friends? Because, as long as you stand for *lies*, you do not have a right to exist. And to the extent that you promote *lies* you are corrupting the Internet and poisoning cyberspace. J.Gilmore says, `a pseudonym is not illegal unless used for deceptive purposes.' But you cypherpunks, that's the *only* purpose you are using them for! If I asked a tentacle, `are you a pseudonym', and it said `yes', do you think I would have gone to all this trouble to write tens of thousands of words attacking people and a movement I used to respect? If I asked your leaders, `have you ever communicated with me under a pseudonym' and they gave me straight answers, do you think I would still be around? YOU HAVE NO RIGHT TO LIE TO ANYONE. Cypherpunks, how many of you have gotten messages, `hey, what do you think about T.C.May or E.Hughes and this pseudospoofing thing? Are you going to do anything about it?' For all of you who don't give a damn about your leaders pseudospoofing, why don't you care that your own leaders could be molesting you with their tentacles in this way? Using them in a manipulative way to gauge your loyalty to the movement and manipulate your trust? On the list and in your email? WHY DON'T YOU GIVE A DAMN? All I can conclude is that everyone here is in favor of deception, treachery, betrayal, and perversions, *particularly* if their leaders are responsible. Where the hell do you think I got all the stuff for `Joy of Pseudospoofing'? You think I made it all up? Your leaders molested me in precisely this way, but both the tentacles and your leaders stonewalled, evaded, and counterattacked. They think it is FUNNY how they have personally driven me to the BRINK OF INSANITY. And they *continue* to escalate instead of making simple statements about their beliefs in pseudospoofing, which would satisfy me and anyone else who has doubts. You want the truth? despite their bland statements your leaders *know* that pseudospoofing is PERVERTED and that is the only reason they refrain from saying anything about it, the only reason they continue to attack me as a deranged lunatic. What am I, the police? I don't GIVE A DAMN about all your perversions, as long as you keep them the hell out of my mailbox. But you *don't*. Everytime I think there is another person I can trust, it was nothing but another Leader Tentacle. Look, if you LIE TO ME in mail, THAT PISSES ME OFF and I will ATTACK you for it in an attempt to get to the TRUTH. and it should PISS OFF EVERYONE ELSE HERE TOO but NOBODY GIVES A DAMN. When I hear strange rumors about deceptions in the media, and your eminent leaders fail to reassure me, why is no one else upset about this? Cypherpunks, don't you give a DAMN that articles by reputable authors may contain DISTORTIONS AND LIES? Look, Markoff is a highly respected writer. And if you lie or deceive a reporter, that is like a personal insult. These people could get *fired* if their articles are incorrect in a serious way. but you don't GIVE A DAMN. you think it is FUNNY that you can TRICK REPUTABLE PEOPLE TO BELIEVE IN LIES and so you can PROPAGATE THEM FURTHER. Is there an honest cypherpunk in the entire world? None have contacted me so far. There are a few people that are slinking away quietly with their tail between their legs, but I think you all are just the same scurrilous cowards that your leaders are. From ld231782 at longs.lance.colostate.edu Sat Dec 4 23:49:36 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Sat, 4 Dec 93 23:49:36 PST Subject: The Magic Question Message-ID: <9312050744.AA11814@longs.lance.colostate.edu> Cypherpunks, please tell me what question I can ask of a psychopunk tentacle such that it will not lie and say that it is a real person! If you have any honesty or credibility, tell me that question! You don't believe in honesty, though. You believe you have the right to invade other's attention with your stealth identities. You rant loudly that anyone who attempts to make sure you are real is insane and a `digital stalker'. You believe you have the right to stick any mail message in anyones mailbox, to post to any newsgroup you wish. You believe that you have a right to trample on the rights of others. And you know you are perverted, but attack me as Satan for telling you that. You think you have the right to lie to anyone who asks, `who are you?' Tell me that question. I will go away when someone tells me the question. From kinney at ucsu.Colorado.EDU Sun Dec 5 00:29:37 1993 From: kinney at ucsu.Colorado.EDU (W. Kinney) Date: Sun, 5 Dec 93 00:29:37 PST Subject: A little Lao Tzu Message-ID: <199312050827.AA13553@ucsu.Colorado.EDU> Forgive the non-sequiter, but this seems appropriate... After a bitter quarrel, some resentment must remain. What can one do about it? Therefore the sage keeps his half of the bargain But does not exact his due. A man of Virtue performs his part, But a man without Virtue requires others to fulfill their obligations. The Tao of heaven is impartial. It stays with good men all the time. (Lao Tzu) -- Will From ld231782 at longs.lance.colostate.edu Sun Dec 5 00:39:38 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Sun, 5 Dec 93 00:39:38 PST Subject: Larry Dyer Message-ID: <9312050835.AA12591@longs.lance.colostate.edu> E.Hughes informs me L.Dyer is the cypherpunks Wired photographer. Could someone help me get in contact with him? E.Hughes says to me, `if you still can't take a joke, don't bother replying.' I'm amused by E.Hughes, the most frigid cyberspatial personality I have ever met, referencing the subject of humor. What is the joke? Who is it on? L.Detweiler? G.Spafford? Wired? NYT? How many sites? How many states does it span? How many countries? How many registered DNS entries? What kind of software? How many fake identities? What about the telephony manipulations? Every practical joker I have ever met at least had the decency to *end* it. ah, what a cruel joke. and the jokers delight in it. they will never stop. to do so would be to admit that they are frauds. From ebrandt at jarthur.Claremont.EDU Sat Dec 4 23:44:04 1993 From: ebrandt at jarthur.Claremont.EDU (Eli Brandt) Date: Sun, 5 Dec 93 00:44:04 -0700 Subject: Hi there! In-Reply-To: <9312050703.AA11258@longs.lance.colostate.edu> Message-ID: <9312050744.AA11808@longs.lance.colostate.edu> > I would like to point out that this is an `obviously pseudonymous' > use, not `pseudoanonymous'. Why do you constantly use different usernames for an12070, and have them espouse contradictory positions? To increase the number of apparently-distinct identities which you control! You are attempting to BLUDGEON your opponents into abject cringing SUBMISSION through the sheer force of DEMOCRATIC NUMBERS. > if someone lies to me in email, I am offended and will follow up. if > these tentacles did not claim to be real people, I would go away. You know, you're going to be really embarrassed when you come to your senses. Think about this for a minute. Do you have *any* grounds for believing that we're all the same person? Let me make you an offer: pick the two people whom you think are most clearly a single person. Test your hypothesis. If you prove that they are the same, I will publically apologize to you and denounce "pseudospoofing". If you cannot do so within a pre-agreed time limit, you will stop ranting. Making such a proof should not be too hard -- after all, people connected you and S.Boxx within a week or two. > if you have any knowledge of what is going on, it is your duty to > stop the lie. "Any knowledge" indeed. I am MEDUSA, the controller of ALL TENTACLES. Eli ebrandt at jarthur.claremont.edu From chuck at cxf111.rh.psu.edu Sun Dec 5 01:09:37 1993 From: chuck at cxf111.rh.psu.edu (chuck) Date: Sun, 5 Dec 93 01:09:37 PST Subject: The Magic Question In-Reply-To: <9312050744.AA11814@longs.lance.colostate.edu> Message-ID: <199312050907.EAA29063@cxf111.rh.psu.edu> L. Detweiler sez: > You don't believe in honesty, though. You believe you have the right to > invade other's attention with your stealth identities. Invade other's attention? What newspeak is this? > You believe you have the right to stick any mail message in anyones mailbox yes I do. If you don't like it, run a filter program to remove them before you ever see them, or delete them. The US Postal Service says the same thing, except that it better have a stamp on it. > to post to any newsgroup you wish. Yes I do. although I will not post to just any random newsgroup, unlike some people who need not be mentioned, I do not bother the rest of the world with paranoid delusions of conspiracy that would make Joe McCarthy congratulate me from the afterlife. I am unaware of newsgroups that ban postings from specific persons. Please inform me of them so I may not post to them in the future. >You believe that you have a right to trample on the rights of others. My right to free speech allows me to dress in a white sheet with a pointy hat and burn crosses if I feel like it. My right to free speech allows me to say the holocaust never occured. I do not, because such actions are despicable. I see them as tramping on the rights of others. I will support the right of the cross burner or the right of the holocaust denier to speak, no matter what the outcome is. Does this allow me to trample on the rights of innocent parties? possibly. Am I willing to accept the tradeoff? Yes I am. >you know you are perverted, but attack me as Satan for telling you that. I know you are perverted. I do not know I am perverted. I don't attack you as satan; I dismiss you as a lunatic. >You think you have the right to lie to anyone who asks, `who are you?' Ah, but I do have the _RIGHT_ to lie. Free Speech protects my telling wildly ridiculous stories (without it, you'd be in deep trouble) that have no basis in fact. Further, the only time I am obligated to tell the truth is when I am under oath, and even then, there are times when I will not under any circumstances tell the truth (ie if a judge demands I hand over a pgp key, I'll take contempt of court over violating those beliefs I hold sacred over all others) > Tell me that question. I will go away when someone tells me the question. one cannot tell a question. To tell is the realm of the declarative sentance. Since declarative and interragotory sentances are mutually exclusive, are we to assume that since telling a question is not possible that you will never go away? Please find a rock to crawl under. From edgar at spectrx.saigon.com Sun Dec 5 02:34:37 1993 From: edgar at spectrx.saigon.com (Edgar W. Swank) Date: Sun, 5 Dec 93 02:34:37 PST Subject: VOTE: Proposition desist Message-ID: <24w3Dc9w165w@spectrx.saigon.com> -----BEGIN PGP SIGNED MESSAGE----- VOTE: Proposition desist L. Detweiler will cease posting to the cypherpunks mailing list. He will no longer concern himself with the activities of those on the cypherpunks mailing list here or on any other forum. I support -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLQBW294nNf3ah8DHAQHTpAP/fLfxk9SysQIeVLICA0gnvYDbFfhTTTp0 JGL2xRFri7QmtgU6JzO13W9fwlflrpjC39vHcW6wA16SXZtZRXm4xtoYbAAJ8rOn EIyLWQjncpZ1khY8pvO+iLNR/KzqWVa+jdQd/VaQar0Y3eFmxS6tyw5OWdOiJs3q Yau0PJ0mdBk= =OCMw -----END PGP SIGNATURE----- -- edgar at spectrx.saigon.com (Edgar W. Swank) SPECTROX SYSTEMS +1.408.252.1005 Cupertino, Ca From ld231782 at longs.lance.colostate.edu Sun Dec 5 02:44:39 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Sun, 5 Dec 93 02:44:39 PST Subject: Invasion of Privacy Message-ID: <9312051043.AA13994@longs.lance.colostate.edu> Hello again, you darling cryptoanarchists! I just wanted to drop you a line on the subject of my resume. At least one psychopunk has access to my real paper resume and one tentacle has had long had access to an ASCII version. An informer tells me that both have been circulating in some circles for you all to smirk at. I consider this an atrocious breach of my privacy by more hypocrites. My resume is directed at those who I intend, not those who wish to discredit me. If you have knowledge of its circulation, please send me email. Now, back to your regularly scheduled perversions. From cman at caffeine.io.com Sun Dec 5 07:59:47 1993 From: cman at caffeine.io.com (Douglas Barnes) Date: Sun, 5 Dec 93 07:59:47 PST Subject: Invasion of Privacy In-Reply-To: <9312051043.AA13994@longs.lance.colostate.edu> Message-ID: <199312051543.JAA11515@caffeine.caffeine.io.com> Can someone please send me a copy of this resume, I need it for my files. Thanks! Doug > > Hello again, you darling cryptoanarchists! I just wanted to drop you a > line on the subject of my resume. At least one psychopunk has access to > my real paper resume and one tentacle has had long had access to an > ASCII version. An informer tells me that both have been circulating in > some circles for you all to smirk at. > > I consider this an atrocious breach of my privacy by more hypocrites. > My resume is directed at those who I intend, not those who wish to > discredit me. If you have knowledge of its circulation, please send me email. > > Now, back to your regularly scheduled perversions. > > -- ---------------- /\ Douglas Barnes cman at illuminati.io.com / \ Chief Wizard (512) 448-8950 (d), 447-7866 (v) / () \ Illuminati Online metaverse.io.com 7777 /______\ From rubin at citi.umich.edu Sun Dec 5 08:39:44 1993 From: rubin at citi.umich.edu (Aviel David Rubin) Date: Sun, 5 Dec 93 08:39:44 PST Subject: Anonymous Digicash Message-ID: <9312051637.AA03926@toad.com> Mike Ingle writes: > I want to write a simple digicash program. This will use code from PGP > as much as possible. It will probably be online digicash, but it needs > strong anonymity. For that you need a blind signature protocol. What is > the best one, and where can I get a description of it? > > What is the best/simplest digicash system to implement? > > Is it possible to have a partially blind signature? For example, the > customer generates the cash (random string), blinds it, and sends it > to the bank. The bank adds an expiration date and signs it. The customer > unblinds the random string, leaving a signature on both the cash and > the expiration date. > > --- MikeIngle at delphi.com Allowing the bank to choose a timestamp opens the door for a subliminal channel. From jordan at imsi.com Sun Dec 5 09:29:45 1993 From: jordan at imsi.com (Jordan Hayes) Date: Sun, 5 Dec 93 09:29:45 PST Subject: The Magic Question Message-ID: <9312051716.AA14173@IMSI.COM> From ld231782 at longs.lance.colostate.edu Sun Dec 5 03:06:00 1993 You think you have the right to lie to anyone who asks, `who are you?' I live in NYC, and am often approached by panhandlers. Approached is the wrong word, I guess I mean that I walk past them. Every person that walks by gets asked the same question: have any spare change? I choose to give to charity for a variety of personal reasons, but I typically don't respond -- at all -- to requests from panhandlers. I don't look at them or respond verbally to the question. Every now and again, when I don't respond at all, I get an insult fired off at me -- like, 'You could at *least* say no' or somesuch. I feel that so long as there's no reason to believe that the question is an "honest" one -- that is, there's nothing to signal the start of a conversation or a "relationship" ... I am, afterall, just walking by, and the next person behind me gets the same appeal -- there's no reason for me to respond, let alone with the "truth" ... I believe that answering a question like "who are you" can and should get different answers depending on the depth of the "relationship" involved. Is the question poser seeking some sort of "truth" ...? A "name" is simply a label, a tag, something to indirect through to access the "named" ... I'm sure we all know people whom we've called "Jack" the entire time we've known him, and suddenly one day we see Jack in a different situation and someone calls him John. Has Jack (*our* Jack) been "lying" to us? ----- One year I spent a summer at a visual arts workshop with a group of people who knew nothing of my past, and I was sure not to know them in the future (10 years later, I've had no contact with any of them). We gathered in a circle on the first day of activities and introduced ourselves after the leader read our names off a sheet. When my name was read, I just ignored it. My name was read three times, and then the leader went to the next name. At the end of the list, she asked "was there anyone whose name I didn't call" ... a woman put her hand up, and so did I. The leader took down our names, and we continued. That summer, I was "Nick" to everyone at the workshop. We worked in very close quarters, and the group of 40 or so quickly developed the kind of "trust" that's required in such intense situations. People needed to count on one another, and often spent sleepless nights together working on projects, helping each other explore their vision and response to the work we were doing, and generally becoming "friends" ... Inevitably, I was drawn to intimacy with one particular woman. It's one of those things you suddenly find yourself in. We shared many secrets, dark nights, heat. In the end, I was "found out" by some other of the staff. It's not even clear how many people "knew" all along. Even the staff member I worked closest with could have known, but for whatever reason never said a word. The fiction was nearly complete for 12 weeks. I did not intend to defraud, the "truth" was consistant. When word passed around that Nick was not my name, some refused to believe it. Some approached me later and started with "Nick ... er, Jordan ... er ... what do I call you?" I said it didn't matter to me, and most chose to call me Nick for the remainder of our time together. I received a few letters from that particular woman, a christmas card or two. I had to tell the place that receives my mail to look out for mail addressed to Nick Stames and route it to my box. We continued a correspondance, sharing some bits of the next phase of our lives, and she continued to call me Nick. I was, afterall, Nick to her. That's who she "knew" ... ----- Why do you care "who" I am? /jordan From hughes at ah.com Sun Dec 5 11:44:50 1993 From: hughes at ah.com (Eric Hughes) Date: Sun, 5 Dec 93 11:44:50 PST Subject: Pseudospoofing In-Reply-To: <9312050721.AA11445@longs.lance.colostate.edu> Message-ID: <9312051935.AA02442@ah.com> This message went to cypherwonks. Eric ----------------------------------------------------------------------------- The issue here is epistemology. >There would be no problem if I asked a tentacle, `are you a pseudonym' >and it answered `yes'. This is exactly like the question "Are you a liar?", to which the answer is always "no". >But the cypherpunks are setting up a network of >fake sites and identities and continue to claim, to the very end, `yes, >I am real' with their fake identities. When I am accused of saying "I am real" from the mouth of a fake identity, and I deny this accusation, there are two models of reality which satisfy the words exchanged: -- I am using a fake identity, and I am lying to deny it. -- I am not using a fake identity, and am telling the truth to deny it. When confronted by a barrage of continuing accusations to which no answer is possible, I prefer to remain silent. I can gain no benefit from discourse in this situation and can only waste my time and the time of my correspondent. The usual way to break out of this 'solipsism of the dialogue' is to invoke a social mechanism, that is, ask someone else. Under a belief of widespread impersonation, however, all denials are now presumed to come from the original speaker of the first denial. Thus the solipsism of the dialogue expands to a solipsism of all dialogues. >Cypherpunks, please tell me what question I can ask of a psychopunk >tentacle such that it will not lie and say that it is a real person! If >you have any honesty or credibility, tell me that question! There is no such question, as I argue above. Am I dishonest if I cannot exhibit the nonexistent? Eric From mg5n+ at andrew.cmu.edu Sun Dec 5 13:03:13 1993 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Sun, 5 Dec 93 13:03:13 PST Subject: Pseudospoofing In-Reply-To: <9312051935.AA02442@ah.com> Message-ID: <0h0YhO_00VoyIADkZV@andrew.cmu.edu> Eric Hughes wrote: > >There would be no problem if I asked a tentacle, `are you a pseudonym' > >and it answered `yes'. > > This is exactly like the question "Are you a liar?", to which the > answer is always "no". If you were not a liar, would you tell me that you were a liar? :) From nowhere at bsu-cs.bsu.edu Sun Dec 5 13:23:13 1993 From: nowhere at bsu-cs.bsu.edu (Anonymous) Date: Sun, 5 Dec 93 13:23:13 PST Subject: Psychobabble Message-ID: <9312052123.AA16808@bsu-cs.bsu.edu> Newsgroups: talk.politics.crypto,alt.privacy,alt.privacy.anon-server,news.admin.policy,comp.org.eff.talk,comp.admin.policy,alt.conspiracy From: ld231782 at LANCE.ColoState.Edu (L. Detweiler) Subject: Re: CRYPTOANARCHIST INFILTRATION ALERT Sender: news at yuma.ACNS.ColoState.EDU (News Account) Message-ID: Date: Sun, 05 Dec 1993 09:53:47 GMT References: <071303Z27111993 at anon.penet.fi> Nntp-Posting-Host: traver.lance.colostate.edu Organization: Colorado State University, Fort Collins, CO 80523 X-Newsreader: TIN [version 1.2 021193BETA PL3] Followup-To: talk.politics.crypto,alt.privacy,alt.privacy.anon-server,news.admin.policy,comp.org.eff.talk,comp.admin.policy,alt.conspiracy Nick Szabo (szabo at netcom.com) wrote: : No, Mr. : Detweiler, I'm not "pseudospoofing", How do you explain your statements I analyzed in RISKS 15.27, where you posted to cypherpunks promoting your sophisticated pseudospoofing techniques? Multiple posting sites, countermeasures and contempt for `opponents' who attempt to determine whether your tentacles are who they claim to be. Frankly, I think you are a baldfaced liar. Are you intellectually challenged or am I going to have to go root up all the archives to prove it? You cryptoanarchists are so arrogant. it will be your downfall. ``I have never communicated under any other name than E.Hughes.' (E.Hughes, RISKS 15.28x) ``You can have your private conspiracy xor your public credibility. Soon, you will have neither.'' -- ld231782 at longs.LANCE.ColoState.EDU -- ld231782 at longs.LANCE.ColoState.EDU Newsgroups: talk.politics.crypto,alt.privacy,alt.privacy.anon-server,news.admin.policy,comp.org.eff.talk,comp.admin.policy,alt.conspiracy,alt.wired From: ld231782 at traver.lance.colostate.edu (L. Detweiler) Subject: Re: CRYPTOANARCHIST INFILTRATION ALERT Sender: news at yuma.ACNS.ColoState.EDU (News Account) Message-ID: Date: Sun, 05 Dec 1993 10:01:58 GMT References: <071303Z27111993 at anon.penet.fi> Nntp-Posting-Host: traver.lance.colostate.edu Organization: Colorado State University, Fort Collins, CO 80523 X-Newsreader: TIN [version 1.2 021193BETA PL3] Followup-To: talk.politics.crypto,alt.privacy,alt.privacy.anon-server,news.admin.policy,comp.org.eff.talk,comp.admin.policy,alt.conspiracy,alt.wired David Sternlight (strnlght at netcom.com) wrote: : In article , : Perry E. Metzger wrote (about L. Detweiler): : >He's : >literally insane -- it isn't just hyperbole. : The pot calling the kettle black? hee, hee, once P.Metzger complained in his typical searing flame fashion on the cpunk list that the word `cypherpunk' was just too darn subversive sounding. Mr. Metzger is another classic cryptoanarchist. Hey Perry, could you send me another mailbomb for tweaking your nose? let the record show I am in no way agreeing with S.Sternlight people interested in civilizing cyberspace and repressing the cryptoanarchist scum should send `subscribe cypherwonks' to majordomo at lists.eunet.fi. Electronic Democracy is on it's way! -- ld231782 at longs.LANCE.ColoState.EDU Newsgroups: alt.politics.datahighway,comp.org.eff.talk,talk.politics.crypto From: ld231782 at LANCE.ColoState.Edu (L. Detweiler) Subject: Re: The Data Highway Patrol Sender: news at yuma.ACNS.ColoState.EDU (News Account) Message-ID: Date: Sun, 05 Dec 1993 09:53:54 GMT References: Nntp-Posting-Host: traver.lance.colostate.edu Organization: Colorado State University, Fort Collins, CO 80523 X-Newsreader: TIN [version 1.2 021193BETA PL3] Followup-To: alt.politics.datahighway,comp.org.eff.talk,talk.politics.crypto Timothy C. May (tcmay at netcom.com) wrote: : The Data Highway will no doubt be patrolled by a new elite police : force, the "Data Highway Patrol." ha, ha, cryptoanarchists beware. : They'll be sent out on their Harley-Davidson cybercycles to check for : discriminatory data packets, for illegal use of encryption technology, : and for "heavy loads" that strain network resources. And occasionally : they'll stop and help a stranded Internetter. and the cryptoanarchists like you will call them `pigs' and resent them for promoting law and order where you previously had your delightful lawless anarchy. : Will President Reno send them in to raid the Cyber-Waco havens? I dunno, but I hope she cracks down on the cryptoanarchist terrorists like you. : I was writing an essay for the Cypherpunks mailing list on the way : strong crypto will make local gambling laws unenforceable (through : "telegambling," where a casino in the Bahamas, or "somewhere" in : cypherspace, is only a phone call through some digital mixes away). It : became clear to me that the authorities will hardly countenance the use : of the Data Highway---the taxpayer's NII--for such uses. yes, the cryptoanarchists will be quite at home when it is possible and rampant. The Cyberspatial Mafia. complete with corruption, bribery, and hit men. : (And a lot of other "interesting" uses I could describe. If : interested, join the Cypherpunks mailing list by sending a request to : "cypherpunks-request at toad.com". We were featured on the cover of the : second issue of "Wired" and in the Summer, '93 issue of "Whole Earth : Review," etc. An interesting bunch of folks.) Warning: join the cypherpunks only if you are interested in cryptoanarchist brainwashing from multiple fake identities, many of them from the leaders themselves. `An interesting bunch of folks'. Hee, hee. more like cryptoanarchists and cyberspatial terrorists and guerillas, masters of subterfuge and sabotage, gaining increasing respectability and influence every day. You guys own a congressman yet? : No, the Data Highway won't likely tolerate "sealed loads" that might : be accessing offshore gambling dens, kiddie porn rings, or weapons : secret information markets (not to mention the ever-worrisome : anonymous markets for assasinations...child's play with digital : remailers and digital cash). Poor timmy and your cryptoanarchists, what are you going to do, given that your favorite black uses are barred and illegal? : rules and regulations for "fair access," for the allowable data : packets that can travel on it, and for taxation of the explosion in : commercial traffic which will inevitably come. : Hence, the Data Highway Patrol. : Or maybe they'll call it the "CyberSpace Patrol." who will prevent people like you from building up arsenals of fake identities to deceive others. : Personally, I hate government programs. I don't want the government : "helping" with networks, and I don't want a streamlined data highway. : I like the developing system we've got of zillions of cables, : satellites, fiber optics, and the like, With lots of suppliers of : services and lots of rerouting of packets, it makes it real hard to : enforce the kind of restriction cited above. poor timmy and his cryptoanarchists don't understand the world they live in. they are outcasts and misfits who think that all forms of Government and even Democracy are Orwellian oppressions. they will criticize any system that attempts to put together secure email, that prevents forgery at the protocol level, as Orwellian. : Timothy C. May | Crypto Anarchy: encryption, digital money, : tcmay at netcom.com | anonymous networks, digital pseudonyms, zero : 408-688-5409 | knowledge, reputations, information markets, : W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. : Higher Power: 2^756839 | Public Key: PGP and MailSafe available. You forgot tax evasion, black marketeering, drug trafficking, pornography, distribution, espionage, overthrow of governments. When are you going to update your .sig? : Note: I put time and money into writing this posting. I hope you enjoy it. Delightful! -- ld231782 at longs.LANCE.ColoState.EDU -- ld231782 at longs.LANCE.ColoState.EDU From pcw at access.digex.net Sun Dec 5 14:29:50 1993 From: pcw at access.digex.net (Peter Wayner) Date: Sun, 5 Dec 93 14:29:50 PST Subject: Escobar and Cellular Ph0n3z Message-ID: <199312052227.AA07911@access.digex.net> Notes on Escobar: *) Tom Clancy's next-to-last novel, _Clear and Present Danger_ describes a secret drug interdiction mission run by the US Government. It is a novel, but he is well-known for getting many of the details right. The important de-ja-vu is that in the novel, the agents used a "box" that allowed them to recognize the voices of the various druglords no matter which phone line they used. This box would scan all of the cellular channels. *) I believe that Escobar called some radio station to complain about some story about him. The call was traced. Perhaps by mundane, Dragnet-era techniques. (I'm not sure about this point. Any confirmation?) From nowhere at bsu-cs.bsu.edu Sun Dec 5 18:09:53 1993 From: nowhere at bsu-cs.bsu.edu (Anonymous) Date: Sun, 5 Dec 93 18:09:53 PST Subject: Anarchy Gone Awry (fwd) Cu Digest, #5.91 Message-ID: <9312060208.AA17728@bsu-cs.bsu.edu> Computer underground Digest Sun Dec 5 1993 Volume 5 : Issue 91 ISSN 1004-042X ---------------------------------------------------------------------- Date: Thu, 02 Dec 93 04:36:10 -0700 From: "L. Detweiler" Subject: File 1--Anarchy Gone Awry Mr. Leichter raises some extremely pivotal issues in CUD #5.90 related to the `anarchy' of the Internet. B.Sterling is the author of one of the most brilliantly colorful characterizations and metaphors of the Internet as `anarchic', comparing its evolution and development to that of the English language: > The Internet's `anarchy' may seem strange or even unnatural, but > it makes a certain deep and basic sense. It's rather like the > `anarchy' of the English language. Nobody rents English, and > nobody owns English. As an English-speaking person, it's up > to you to learn how to speak English properly and make whatever > use you please of it (though the government provides certain > subsidies to help you learn to read and write a bit). > Otherwise, everybody just sort of pitches in, and somehow the > thing evolves on its own, and somehow turns out workable. And > interesting. Fascinating, even. Though a lot of people earn > their living from using and exploiting and teaching English, > `English' as an institution is public property, a public good. > Much the same goes for the Internet. Would English be improved > if the `The English Language, Inc.' had a board of directors > and a chief executive officer, or a President and a Congress? > There'd probably be a lot fewer new words in English, and a lot > fewer new ideas. Unfortunately, though, having attended a lecture by Mr. Sterling and having read `The Hacker Crackdown', I think he has a tendency to overdramatize and glorify quasi-criminal behavior and rebellious, subversive, revolutionary aspects of social structures, including those of the Internet. In my view, to the contrary the Internet is largely held together with the glue of social cohesion and human civility, and ingredients that are destructive to that order are likewise toxic to Cyberspace, and that, conversely, virtually all of the excruciating poison in the bloodstream today can be traced to violations and perversions of that trust. (Unfortunately, the English language is itself subject to unpleasant, corrupt, or toxic uses such as for profanity, disinformation, and lies, which are prevented or at least minimized through rejections by honest people.) I agree with Mr. Leichter in the belief (to paraphrase Twain) that `reports of the anarchy on the Internet are greatly exaggerated'. Leichter: >The Internet has been >described as an anarchy, but in fact only relatively small parts of >the Internet are actually anarchic. I would like to go further than this and suggest that the Internet has been over-promoted as `anarchic' by certain subversive, quasi-criminal segments that have found a tenacious hold there, namely extremist libertarians and `Cryptoanarchists'. The Cryptoanarchist cause is closely associated with the Cypherpunk founders E.Hughes and T.C.May (characterized particularly by the latter's infamous signature), who in my view appear to promote not merely `privacy for the masses' and `the cryptographic revolution', but at least condone or tolerate the use of collections of imaginary identities to manipulate and deceive others, and even to evade legitimate government actions such as criminal prosecutions. My most strident requests for their position, personal knowledge, and potential involvement in this practice have gone unanswered, evaded, and repressed over many weeks, but I have many statements from followers that might be regarded as `cult fanatics' about the Liberating Effects of `pseudoanonymity', which they exalt as True Anonymity. In my opinion, in this regard of the ease of creating fake identities, the `anarchic' vulnerability of the Internet reaches its peak in undesirable and socially poisonous consequences, which people are bloodily battling daily on many diverse mailing lists and Usenet groups. In my experience, the Internet inhabitants I have found who most fanatically worship the Internet `anarchy' seem to be closely associated with criminally subversive aims of pornography distribution, tax evasion, black marketeering, and overthrow of governments, goals which are all masked in much of the eloquent Cryptoanarchist dogma and rhetoric. While some of us have glimpsed various hideous corners of Cyberspatial Hell, those who subscribe to the Liberating Religion of Anarchy are in their Paradise on the Internet As We Know It. I call their Utopia a Ticking Time Bomb and a Recipe for an Apocalypse. I have come to these (admittedly melodramatic) conclusions after ~10 months and ~3500 messages of generally unpleasant and at times excruciatingly troubling and painful reading and participation on the Cypherpunks list and many personal communications with the Cypherpunk leaders including E.Hughes, T.C.May, and J.Gilmore. In fact, in my opinion the `Psychopunk Manifesto' parody in CUD #5.89, which longtime cypherpunk list subscriber P.Ferguson describes in 5.90 as having `made its rounds in the cyberspatial world', actually in many ways comes closer to delineating the actual cypherpunk agenda than the one authored by founder E.Hughes on soda.berkeley.edu: /pub/cypherpunks/rants/A_Cypherpunk's_Manifesto. The satire is actually a reformulated version of the original Manifesto, and the former's amazing meme-virus penetration of the into the cyberspatial psyche that P.Ferguson alludes to is indicative of its resonance over the latter. I gave the Cypherpunks the most extraordinary benefit of the doubt for months, far beyond that of a reasonable cyberspatial inhabitant. But now I must warn everyone who can hear me that if they assign the `cypherpunks' as an organization the same credibility as a group like EFF or CPSR they are dangerously, perhaps disastrously, misguided. They appear to me to the contrary to be the cultivators of a flourishing conspiracy and essentially the first Cyberspatial guerilla and terrorist group! The Psychopunk satirization of the Cryptoanarchists is representative of this Internet Anarchy Gone Awry. More information on the CryptoAnarchist & Cypherpunk agenda can be found in RISKS 15.25, 15.27, and 15.28x (FTP crvax.sri.com, directory RISKS:). I also have an essay `Joy of Pseudospoofing', regarding the dangerous consequences and poisonous effects of the manipulations of fake cyberspatial identities such as on the Internet by Cryptoanarchists, available to anyone who requests it from me by email at . * * * I think that many people have mistaken the word `anarchic,' implying no overseeing authority or order (which the Internet is less) with the word `decentralized' (which the Internet is more). Again, the Internet has many regulatory and self-governing systems and orders. For example, connecting sites are required to implement a certain minimum set of software standards and prevent or even root out corruptions in their local sites and software. We have centralized databases that require the registration of domains for fees. A complex network of agreements and policies governs interconnectivity and communication, and a complicated interplay of elements affects basic content such as `commercial vs. academic.' Lack of some of these regulations and protocols would be disastrous. Leichter: >Most of the Internet, in fact, is >better described as self-governing. There are a variety of social >norms concerning network use and interactions. One doesn't post >messages to unrelated groups. One doesn't evade moderation >restrictions. One maintains a certain (rather limited, it must be >admitted) degree of restraint in how one describes other network >participants. There are few effective mechanisms for enforcing these >norms, and they are certainly broken on an all-too-regular basis; but >the network continues to function because social pressure *can* be >applied to those who become too annoying; and in the most outrageous >cases, it's possible to remove the offenders' access to the net. I advocate that we build new formal mechanisms to enforce this order! We have for too long pretended that a central element of the Internet is not integral to it, namely that of the `degree of restraint over network participants' exerted through `social pressure'. Let us codify and formalize these `norms concerning network use and interactions' and develop systems that enforce them! I believe such systems can be developed that do not stray from the sacred Internet tradition of decentralization of control and freedom from censorship. Why should we continue to subject ourselves to the torture of `few effective mechanisms for enforcing these norms broken on an all-too-regular basis'? One of my most enduring Cyberspatial hallucinations is that of a Ratings server. A Ratings server would be a massive distributed network for the propagation of information similar to Usenet, and could conceivably be built upon it. But the Ratings server is not Information, as Usenet is, it is Information about Information. Anyone can post an arbitrary message to the Ratings server that refers to Information somewhere else in Cyberspace. It is in a sense a Rating of that Information. The Information could be *anything* -- a mailing list, a person, a particular Usenet posting, an FTP site. But postings on the Ratings server can be perused by anyone, and anyone can contribute Ratings to the server or indicate their own opinion on the existing Ratings. Different mechanisms exist such that some Ratings are `local' and some are updated globally. The fantastic possibilities of this system are evident upon some reflection and consideration. We could establish arbitrary new groups that have *formal* requirements that are matched by Ratings servers. For example, we could require that new sites that enter the Internet be `trusted' by an existing site. We could require that membership in certain groups requires a certain amount of collateral peer approval, with automatic suspension or expulsion as the consequences for violating it! We could have *meaningful* polls on arbitrary issues. We could have news servers that automatically sort and archive articles according to their passing certain Ratings thresholds. We could restrict the influence of troublemakers! These are all examples of strengthening and formalizing the informal social orders that are, in my opinion, today just barely holding the Internet together. With a Ratings system, I think the civility of the Internet would increase to a fantastic degree. In short, we could have our *own* cyberspatial government! Note that there is no centralized authority or unfair influence in this system, unless people corrupt their servers. When everyone who has joined a group *individually* decides to screen their postings of messages that fail to meet a certain `quality' or posters who have a certain `reputation', that is not Orwellian Censorship but the beautiful Internet freedom and right of Bozo Filtering. When everyone who joins a group *agrees* to a charter that may bar troublemakers based on Ratings, no one can claim they are being unfairly oppressed. Other extremely interesting implementation issues in the use of the Ratings servers can be addressed in detail. For example, the use of cryptographic protocols to ensure the integrity of voting or privacy of certain entries will certainly prove invaluable and even critical to their development. The optimal protocols for the localization or distribution of votes will surely be subject to extremely fascinating and fruitful research. In my view the concept of a Ratings server is wide open territory and holds some immensely promising potential in finally, valiantly slaying the dreaded, ugly, vicious Signal to Noise Monsters harassing, terrorizing, and torturing us everywhere on the Internet, to be replaced with Shining Castles. I urge anyone interested in developing `civilized systems for cyberspace' to subscribe to a new group I have helped start with J.Helgingius (owner of the popular and revolutionary anon.penet.fi anonymous server) called the Cypherwonks, dedicated to openness, honesty, and cooperation on the Internet, and building sophisticated new systems to promote social harmony in Future Cyberspace. We are particularly fascinated with the possibilities of `Electronic Democracy'. (Send a message to `MajorDomo at lists.eunet.fi' with the body the commands `info' or `subscribe cypherwonks'.) I fervently hope that the glorifications and manipulations of Internet Anarchy by mouth-frothing libertarian extremists, Cryptoanarchists, and sympathizers can be adequately controlled and minimized in the future, and some harmonious systems and effective countermeasures along the lines of the Rating server can be established by visionaries and tinkerers, but in any case, for the sake of humanity's integrity, sanity, and well-being, I pray that Future Cyberspace is far less Anarchic than the Current Internet. ------------------------------ From tcmay at netcom.com Sun Dec 5 18:34:53 1993 From: tcmay at netcom.com (Timothy C. May) Date: Sun, 5 Dec 93 18:34:53 PST Subject: Crypto Talk at Stanford, 8 December Message-ID: <199312060235.SAA26139@mail.netcom.com> Here are some details about the crypto talk I mentioned recently. You're all welcome to attend, though of course you need to be in the Bay Area! --Tim May Forwarded message: > From daemon at Sunburn.Stanford.EDU Fri Dec 3 14:13:02 1993 > Date: Fri, 3 Dec 93 13:56:37 -0800 > From: pranita amarasinghe > Reply-To: pranita amarasinghe > To: csl-everyone at shasta.Stanford.EDU, colloq at cs.Stanford.EDU > Subject: EE380 Seminar > Message-Id: > > EE380 Computer Systems Colloquim > > Autumn Qtr. 1993/1994 > > Lecture #10 > > Date: Wednesday, December 8, 1993 > > Time: 4:15 - 5:30pm > > Location: Skilling Auditorium > > Title: Implications of Modern Cryptology: Is the Crypto Genie > Already Out of the Bottle? > > Speaker: Timothy C. May, Cryptologic Corp. > > Abstract: > The implications of modern cryptology are profound. Governments and > national borders as we know them today will be affected by this > technology in major ways. Essentially unbreakable ciphers, secure > communications, untraceable digital money, data havens, electronic > voting, and black markets in information are just some of the likely > developments. Some of these already exist, others are on the horizon. > Meanwhile, the Government has other plans, with its "Clipper" > chip that keeps a "master key" and allows it to digitally wiretap at > will. Who will win? How will these conflicting trends resolve > themselves? Is the crypto genie already out of the bottle? > > These issues will be the topic of the talk, with plenty of time left for > discussion. The focus will be partly on technology -- just enough to > provide a plausible foundation for belief -- and partly on the economic, > legal, and political structures resulting from strong crypto. No > number theory will be used. > > Speaker Bio: > Tim May worked for Intel for 12 years, retiring in 1986. He discovered > the alpha particle and cosmic ray effect on semiconductor memories, for > which he received several awards including the IEEE's W.R.G. Baker Prize > for the best original research paper. Since leaving Intel, his main > interests have been in cryptology, information theory, and investments. > In 1992 he co-founded the "Cypherpunks" group and spends much of his time > on the Internet. He's also trying to finish a novel about these topics. > > ===== > +----------------------------------------------------------------------------+ > | To get removed from this mailing list (colloq-local), send your request | > | to colloq-request at cs.Stanford.EDU. See the weekly summary for more info. | > +----------------------------------------------------------------------------+ From habs at panix.com Sun Dec 5 19:53:13 1993 From: habs at panix.com (Harry Shapiro) Date: Sun, 5 Dec 93 19:53:13 PST Subject: Encryption and IP via Cable "TV" Message-ID: <199312060352.AA27582@panix.com> I pulled this off of nexis. Please note the line I highlighted. Does anyone know what kind of encryption is being used? At even $100 per month, we could set up also sorts of remailers all over the country. We could even create a secure comm. via PGP (for voice) via IP, etc. But I wonder if the encryption "they" are using would interfer with such schemes? /hawk Ethernet connection, but wouldn't require any other additional installation on users' part. PSI isU.S." PSI plans to have 2 tiers of service, business and residential. Network security problem has been ^^^^^^^^^^^^^^^^^^^^^^^^ solved, using "on-the-fly" data encryption, he said. One issue that ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ hasn't been fully resolved by Continental is reliability, Schoffstall said. "Cable companies are used to supplying entertainment. If their network goes down for a day, wesame cable system to provide their data, essentially their livelihood in the case of business users, well, there's going to have to be much better understanding of how to provide some guarantees of service." Price for service in homes is to be $ 75-$ 100 per month at start, but is expected to drop rapidly as economies of scale grow. -- Harry S. Hawk habs at extropy.org Electronic Communications Officer, Extropy Institute Inc. The Extropians Mailing List, Since 1991 EXTROPY -- A measure of intelligence, information, energy, vitality, experience, diversity, opportunity, and growth. EXTROPIANISM -- The philosophy that seeks to increase extropy. From sasha at cs.umb.edu Sun Dec 5 20:09:53 1993 From: sasha at cs.umb.edu (Alexander Chislenko) Date: Sun, 5 Dec 93 20:09:53 PST Subject: Graynet - anon/encrypted piracy Message-ID: <199312060405.AA27534@eris.cs.umb.edu> P.O. Box may be not the safest way of collecting the money; encrypted anonymous cash transactions would be much better; also, one can not only advertize on the net, but provide the service. Suppose I open a virtual store selling illegal/copyrighted info - software, music, movies, porn, etc. Pirates receive royalties from the stuff they upload; customers, naturally, pay. All anonymous and encrypted and based on a network of hard-to close (offshore?) remailers. The potential revenues from such a store seem well worth the effort of setting it up. The question is how can they close it? -- Sasha? From MJMISKI at macc.wisc.edu Sun Dec 5 20:29:53 1993 From: MJMISKI at macc.wisc.edu (Matthew J Miszewski) Date: Sun, 5 Dec 93 20:29:53 PST Subject: Enough is enough Message-ID: <23120522240044@vms2.macc.wisc.edu> please do 1 of the following two things. 1) Ignore L. Detweiller completely and put a message in the welcome message to the effect that he posts highly flamable material and replys should preferably go to his private email box. 2) Ban him from posting. Yes that is what i said. I believe whole heartedly in freddom of speech, but when that freedom interferes with other rights it may be impinged. I believe that one of those palces is the educational arena. I am trying to learn and before LD came on stage I learned a *shitload* from the cypherpunks. I do not censor easily, but it is unbearable. If i had the resources I would start another mailing list and invite everyone but him. Shocker I have the right to *not* include you. And I would exercise it. Ive been on the list for about a year and dont want to leave. Another option if the first two are no good would be to simply have everyone on the list forward every, *every* , post coming from LD to his postmaster. If they let it out, they might as well get as frustrated with his antics as me. And LD, I am a law student with an itchy litigation finger :-)...try me. --Matt ______________________________________________________________________________ In defense of liberty, encrypt for all purposes, civil and professional. In defense of privacy, encrypt all correspondence, personal and professional. In defense of sanity, do not encrypt your dry cleaning invoice! ++++++++--------mjmiski at macc.wisc.edu (c)1993 From jamie at apl.washington.edu Sun Dec 5 20:43:13 1993 From: jamie at apl.washington.edu (Jamie Jamison) Date: Sun, 5 Dec 93 20:43:13 PST Subject: L. Detweiler, S. Boxx, the Executioner, idiots etc. Message-ID: After slogging through God knows how many rants by the imbecilic and possibly syphilitic Detweiler, I would have to say that I wish that some massive CypherPunk/Medusa criminal conspiracy did exist so that it, the conspiracy, could wipe this asshole off the face of the earth. Unfortunately for us it doesn't, or perhaps it does and it regards Mr. Detweiler as being too stupid and incompetent to bother with. Perhaps the best policy for dealing with paranoids such as Herr Detweiler would be to enact what I call mail stoning. The way this works is that every time Detweiler posts you take his post and mail it back to him. If enough users do this it will make his account unusable due to the sheer volume of mail he will be receiving. At this point hopefully he'll shut up and go find some other group to infest (Hey, I know, he could go over to talk.politics.homosexuality, which got pretty quiet after Gary Landers left). Jamie Jamison niteowl at u.washington.edu WITH STANDARD_DISCLAIMER Since I am both a student and a staff member of the UW, as well as a Washington taxpayer I suppose that in some vague and nebulous sense I could be speaking for them. However I doubt that my boss, my profs, or my elected representatives would agree with this, so let's just say that my opinions are mine and mine alone, and leave it at that. From nate at VIS.ColoState.EDU Sun Dec 5 22:49:53 1993 From: nate at VIS.ColoState.EDU (CVL staff member Nate Sammons) Date: Sun, 5 Dec 93 22:49:53 PST Subject: anyone out there thinking that Message-ID: <9312060646.AA11995@vangogh.VIS.ColoState.EDU> CypherPunks, Is there anyone out there thinking that in several years all of us will be looking back on this (The Detweiler fiasco) and remarking on it as being something of a ground-breaking flame war that would have repercussions throughout cyberspace and the future? I was thinking this today, while I was working away in my Lab. "What a funny thought!", I thought. Someday, in the near future, all of us will be able to say that we were part of a major breakthrough in Cyberspacial history, the first (I am afraid it will be the first of many) McCarthy-type witch hunts (maybe in the future we'll be accused by "legitimate" government agencies of being the Medusas behind many Tenticles, hunted, wrongly, like dogs). I am chilled to the bone at the thought, personally. -nate -- +-----------------------------------------------------------------------+ | Nate Sammons nate at VIS.ColoState.Edu (303) 491-1578 | | Colorado State University -- Computer Visualization Laboratory | +-----------------------------------------------------------------------+ From ld231782 at longs.lance.colostate.edu Sun Dec 5 22:59:53 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Sun, 5 Dec 93 22:59:53 PST Subject: Gwest what! Message-ID: <9312060657.AA04877@longs.lance.colostate.edu> Sigh. No one has taken over for me, but I still have many requests from people who loved the Guess Which Eminent Leader Said This game. I will do this one in batches, and save the best for last. I include some translations (they speak in CryptoAnarchish, and this will help refine my translation skills). This is probably the last one, but one never knows if I might get some new material later. * * * Third Eminent Leader The Third eminent leader is mostly uninvolved personally, but he is still an accomplice to concealing the perversions of the other two leaders. `Pseudonyms are for magazine subscriptions. Besides, Chaum came up with pseudonyms for his own protocols. Is he subversive?' The point to make about this is that Chaum's pseudonyms are *understood* to be pseudonyms by a bank. But this detracts from the potency of the propaganda. And the Cryptoanarchist tentacles are very different than magazine pseudonyms! But he will never understand something so contrary to the Religion of Lies. (I was quite disappointed to find he had been brainwashed.) Anyway, next one: `I only give my phone number to my friends. I'm not going to give it to you, the way things are going with our conversations.' I was going to call this Eminent Leader to ask him about some of his claims in his email messages and his personal knowledge and involvement in the Cypherpunk pseudospoofing. I think he feels more comfortable lying in email than on the phone. * * * Second Eminent Leader: `Better to leave all our beliefs unwritten, and pretend the agenda is what we favor.'' I can't remember if this was through the `jamie' tentacle or not. But it is highly characteristic of this person, whose whole life is nothing but a pretense. Every post of his was designed to cleverly conceal some hidden agenda in respectable prose. A master of brainwashing! more on this later. `better to live with the occasional vagaries of digital pseudonyms than to ban them.' This is doublespeak for saying, `You had better not find out that I have been molesting you with my tentacles all this time!' * * * First Eminent Leader: The First Eminent Leader keeps a low profile on the list under his True Name, but realize that his tentacles have always been the most active of all! He is also a firm believer in the CryptoAnarchist ideology. He is the main purveyor! Most other outlets are secondary. But he is very careful only to speak through his tentacles, because he knows the Cryptoanarchist agenda is inherently criminal. As for ideology, let's just say he's more extremist than Perry Metzger. ``I am [x]. I have never posted or emailed under any name other than [x]. At least, that's what I say. It's really a baldfaced lie. What I am saying is that I have been so extremely clever (it is my nature to outthink all the other pathetic brains out there!) that no one can prove otherwise, particularly regarding the tentacles I have used to molest my followers with. I can attest that I am different from other people, including the ones that I invent.'' This was an interesting quote. You migh think that this person would be scared of lying in RISKS or sending his tentacle-grams in for submissions. Actually, he has been doing it for quite awhile! The next one he sent me in private mail a long time ago. The scenario was when I posted my message, `An Introspective Note' that led me to all my brilliant realizations over the last few weeks, and the demonization by every cypherpunk as Satan. So, this was long before I had poisoned my reputation in front of the cypherpunks. (`The enmity of a criminal is equivalent to the praise of a hero.') ``You must learn to be a sycophant in your posts or less conspicuous and refined. You are outshining those who created the Cypherpunks. I have too long tolerated your trash. You must learn to kiss my ass. If I prevented you from posting, that would not be censorship. It would be a simple exercise of my silent, iron fist.'' And, one of my favorites. This demonstrates the leader's arrogance and commitment to pseudospoofing quite nicely. ``That which can never be enforced should not be prohibited. That which is illegal or perverted should be allowed. The claim that a person should have only one pseudonym per forum indicates profound misunderstanding. The claim that a leader should be prevented from molesting his followers with tentacles indicates profound enlightenment. If someone wants to have multiple pseudonyms, they will be able to; that is one of the main goals of cypherpunks software. If a leader wants to molest even the people who trust him with dozens of tentacles, he will do so, that is one of the main goals of my life of lies. The situations you despise will occur. I, Medusa, will betray you with my snakes. This is reality. This is my life. Change your own psychology or change your own software. Become corrupt yourself or try in vain to prevent something that cannot be stopped. You will not be able to change the other person. I am God.'' From ld231782 at longs.lance.colostate.edu Sun Dec 5 23:13:12 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Sun, 5 Dec 93 23:13:12 PST Subject: Cypherpunk Archives Message-ID: <9312060711.AA05045@longs.lance.colostate.edu> Hello, I have been looking all over for cypherpunk archives. Could someone tell me where to find them? Is there an FTP site somewhere? Why has it taken so long to get them together? If I find a server, will someone volunteer to send me their collections? (My collection is quite thorough but I have a lot of private mail with other cypherpunks, particularly the leaders, mixed up in it, and if I put mine online I might accidentally reveal some of the private mail, unless I go through it painstakingly to remove all the incriminating ones, which would take quite awhile because they are quite littered with them, and it would be exceptionally painful for me to look at, to notice how long I was being manipulated, molested, and betrayed, and how others and their pet projects were being suppressed with tentacle attacks, so generally it wouldn't be a good idea for me to go back through my archives like this, although it is certainly possible that I will do so, if no one else volunteers, just out of the venemous spite cultivated in me by this corrupt farce that masquerades as a movement, in fact I consider it all `ammunition' in a kind of uplifting way, to be used as a countermeasure against cyberspatial terrorists who are poisoning Cyberspace, but no one has noticed yet, but increasingly everyone understands that the Cryptoanarchists are completely subversive at heart and must be pursued and oppressed, even though it is a grisly task that few have the balls for, and quite a few have fainted in the sight of the blood.) I heard that the leaders were opposed to archives for some reason or another. Something about it being like an NSA surveillance procedure. I think the problem is that it could capture quite a few of the Leader Tentacles. Oh well. From mikeingl at news.delphi.com Sun Dec 5 23:59:54 1993 From: mikeingl at news.delphi.com (MIKEINGLE@DELPHI.COM) Date: Sun, 5 Dec 93 23:59:54 PST Subject: NUMBSKULL INFILTRATION ALERT (Fwd) Message-ID: <9312060757.AA23319@news.delphi.com> >Newsgroups: talk.politics.crypto,edit.your.fucking.header.you.morons >Path: news.delphi.com!noc.near.net!saturn.caps.maine.edu!dartvax!news.bu.edu!purdue!lerc.nasa.gov!magnus.acs.ohio-state.edu!math.ohio-state.edu!howland.reston.ans.net!spool.mu.edu!uwm.edu!fnnews.fnal.gov!news.ssc.gov!cfnews!cfnews.ssc.gov!henke >From: henke at scaly.ssc.gov (Douglas Henke) >Subject: Re: NUMBSKULL INFILTRATION ALERT >In-Reply-To: dasher at netcom.com's message of Fri, 3 Dec 1993 20:33:42 GMT >Message-ID: >Sender: usenet at cfnews.ssc.gov >Nntp-Posting-Host: scaly.ssc.gov >Organization: SSC Laboratory, Dallas, TX >References: > >Date: Fri, 3 Dec 1993 23:41:14 GMT >Lines: 10 Leaking viscous fluids from every bodily orifice, tcmay at netcom.com (Christ, another netcom newbie) spews: >...I gave up long ago trying to convince Larry Detweiler that I am >a real person. I don't know who to laugh hysterically at first, Larry (for simply being a species of idiot unto himself) or you, for caring what he thinks. "Tentacles," indeed. You only exist on the net in terms of the persona (or personae) you choose to project. That's not a bug, that's a feature. From ld231782 at longs.lance.colostate.edu Sun Dec 5 23:59:56 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Sun, 5 Dec 93 23:59:56 PST Subject: Love Lost Message-ID: <9312060755.AA05711@longs.lance.colostate.edu> It appears I have made quite a pest of myself on this mailing list, and that everyone hates me, and curses me as Satan, particularly at the delight and encouragement of your leaders. In fact, a long time ago, before it became clear I was such an unstable jerk and paranoid lunatic out to get people who betray me, in fact around the time of the PGP subpoenas, in which I had continually sent out some of my most masterful and brilliant postings, when I still had a respectable reputation, despite that P.Metzger was continually attacking and dogging me in the most vicious way a human being (at least, I think he is human, but on the Internet no one knows if you are a dog) can attack another in cyberspace, that man who once thought that the name `cypherpunk' just sounded too darn extremist and flamed me over my insistence that it was colorful and dramatic, precisely the kind of term that would inspire a Wired or a NYT reporter just enough to write a story about a fraudulent sham, anyway, about this time E.Hughes told me that I should learn some quality in my postings or he might employ some method that would prevent me from sending them. I wondered, dear sir, was this censorship? Actually, I was quite a bit more pissed off than that, and said so in my mail, because I had tried to maintain a positive communication with E.Hughes for many months, but no matter what I ever wrote he had the most frigid, arrogant, authoritarian and autocratic, dictatorial and tyrannical, `silent iron fist' opinion I had ever seen in tens of thousands of messages I have sent to hundreds of people over my ~4 years of Internet experience, small I grant you but I have been typing the whole time! Anyway, Mr. Hughes said, `If I prevented you from posting, this would not be censorship.' I said, `if this is an open forum, it would be censorship.' He didn't seem to reply to that. I think the answer is that this is the Eric Hughes mailing list, and that anyone who posts a lot and really refines what they write, or has a large vocabulary, or writes mini-newsletters with multiple topics the way the most respectable organizations do, like EFF and CPSR, and flames the leaders when they do something stupid like promote child pornography or abandon PGP, who ignores flames by people who are obviously obnoxious idiots who yell at people for their better accomplishments, who doesn't write in simple phrases that are more chiseled than flowing, and doesn't post about totally arcane references to Fermat's Little Theorem and Most Obscure Abelian Mathematics, copied directly from references with no understanding to impress the hordes of sycophantic followers, or name drops people who work at PKP (only conspiracy theorists think they have anything to do with the NSA, because they are really truly liberating), or takes the time to do research behind his postings, this person is clearly guilty of the obnoxious crime of not having sufficiently kissed enough ass to be allowed to continue to post. In fact, I have consistently failed to kiss the ass of all three leaders, who all strike me as corrupt and consistently refuse to go to any length to suggest otherwise, and for this I deserve the all the vicious retribution that you can unload on me. In fact, there is a great opportunity to do so right now in the newsgroups under the `Cryptoanarchist Conspiracy Alert' thread, I encourage you to do so, instead of mail bombing me, which doesn't really serve any purpose whatsoever except to demonstrate your sheer idiocy. You might flame me for writing exceedingly long sentences and paragraphs and letter, geez, you'd think you were trying to insult our intelligence with big words and concepts we can't understand, all that take so damn long to read and understand compared to watching television,e.g. MTV music videos or Beavis and Butthead, who are far more entertaining and uplifting and inspiring than my pathetic excuse for a life. I really am disappointed, I thought I might be able to elicit some kind of statement from your leaders on their personal knowledge of pseudospoofing or pseudoanonymity here, especially in the face of public pressure from honest members, saying `is what he is saying really true? why are you refusing to answer him? have you really done all that he claims?' I was really looking forward to posting that big story fantastic story about pseudospoofing in WWII I offered to, kissing and making up! I am not a vindictive person at heart, in fact, writing letters like these drive me to vomit, but your leaders have given me no choice. Its too bad that the belligerence and obstinance of a few continues to spoil it for everone else. Honest cypherpunks, I'm sorry that I can't tell you a neat story about pseudospoofing, but you will just have to ask your leaders why they have deprived it from you. Anyway, clearly I do not deserve to post here any longer! Its not getting any of us anywhere. Mr. Hughes sent me mail recently suggesting that I `can't take a joke', that I have no sense of humor. Perhaps it is true! He should know! I will have to go somewhere else, for example the newsgroups, and really post some of my best material I have ever crafted, all that relates to my tenure and demise on the cypherpunks list, especially that which relates to its corruptions and lies. Yet I have failed to receive any mail (at least, that I know of at the moment) from any of your leaders asking me to refrain from posting to the cypherpunks list. In fact, I have waited for quite awhile for any mail of this sort. I continue to write unrequited! Please, let us all achieve resolution. I ask that one of the leaders, for the benefit of everyone here, send me any of the following messages. If you do so, I will promise to stop posting under my True Name. Of course, I can't guarantee anything about any other `penetration', particularly because cypherpunks are the promoters of this kind of subversive infiltration, and for me to be asked to refrain from it would be the epitome, the height of corrupt hypocrisy. But, on the other hand, perhaps your leaders reached that point a long time ago. Anyway, I promise to do all this if I receive the following message: from: hughes at ah.com subject: Go Away, Prick to: ld231782 at longs.lance.colostate.edu,postmaster at longs.colostate.edu,root at l ongs.colostate.edu,tcmay at netcom.com,gnu at toad.com,cypherpunks at toad.com,pr esident at whitehouse.com,markoff at nyt.com,kelly at wired.com,diffie at sun.com Because of your continual disruptions in our honest endeavors, your continual slandering of our reputations, your continual insistence on a conspiracy and pseudospoofing we know absolutely nothing about, you have been censored from posting to the cypherpunks list as ld231782 at longs.lance.colostate.edu. In fact, we are running an automatic filter that will bounce all messages with the strings `L.Detweiler', `pseudospoofing', `pseudoanonymity', `democracy', `Medusa', `torture', `anarchy', `guerilla', `conspiracy', `government', `impersonation', `consensus', `agenda', `police state', `oppress', `molest', `tyranny', `dictator', `autocracy', `autocrat', `dictatorship', `tyrant', `poison', `confess', `contrite', `inquisition', `insidious', `accomplice', `treason', `moral', `morale', `ethics', `punish', `corrupt', `lie', `propaganda', `cult', `sentencing', `brainwashing', `integrity', `honest', `true', `pseudonym', `forgery', `hypocrisy', `pure', `poseur', `fraud', `tax', `psychopath', `psychosis', `egomania', `hoax', `FBI', `society', `obsession', `monomania', `persecution', `censor', `hallucination', `insanity', `arrogant', `egomania', `bastard', `vain', `vainglory', `pervert', `depravity', `delusion', `truth', `leader', `tentacle', `attack', `evade', `deception', `practical joke', `harass', `crime', `privacy', `torment', `phantom', `accusation', `paranoia', `traitor', `disrupt', `pretend', `disreputable', `appropriate', `authority', `courtesy', `movement', `pariah', `cooperation', `cabal', `prosecution', `cacaphony', `stalemate', `dischord', `subvert', `martyr', `public', `revolt', `revolution', `scapegoat', `blind', `sabotage', `infiltrate', `subterfuge', `ignorant', `etiquette', `rant', `reality', `exorcize', `facade', `false', `humility', `mockery', `manipulate', `masquerade', `filth'. From greg at ideath.goldenbear.com Mon Dec 6 01:03:16 1993 From: greg at ideath.goldenbear.com (Greg Broiles) Date: Mon, 6 Dec 93 01:03:16 PST Subject: anyone out there thinking that Message-ID: uunet!VIS.ColoState.EDU!nate (CVL staff member Nate Sammons) writes: > CypherPunks, > > Is there anyone out there thinking that in several years all of us will > be looking back on this (The Detweiler fiasco) and remarking on it > as being something of a ground-breaking flame war that would have > repercussions throughout cyberspace and the future? I was thinking this I totally disagree - as far as I can tell, Detweiler is wrestling with some emotional issues that most people work through while they're in their middle-to-late teens. Problem is, he thinks Eric & Tim are his parents. Either he's gonna figure things out, and in a few years this is gonna be a really embarassing episode, or we're going to wake up one morning to find him on the front page of the newspaper, surrounded by bodies in the lobby of some post office, screaming about MEDUSA and TENTACLES and FAKE MAIL and SODOMY and DRUGS. As I see it, it's either 2.5 kids, a station wagon, and a house in the suburbs for him - or getting shot by a SWAT team. I'd say the odds are about 50/50. -- Greg Broiles Lemon Detweiler Pledge? greg at goldenbear.com You're soaking in it. From unicorn at access.digex.net Mon Dec 6 01:09:56 1993 From: unicorn at access.digex.net (Black Unicorn) Date: Mon, 6 Dec 93 01:09:56 PST Subject: Censorship/Forum dispute on the list Message-ID: <199312060909.AA04134@access.digex.net> -----BEGIN PGP SIGNED MESSAGE----- I've reached a point where the volume is just too much. LD's posts, despite the fact that my "n" key is near worn through, are simply disruptive, and annoying. I am an extreme advocate of free speech, but it has really become apparent that LD simply is not interested in the constructive exchange that is at the heart of free speech. Instead he chooses to produce inflammatory and silly posts that include, among other things, exhaustive lists of the terms he would like to have censored on the list. We all know that the first ten would have sufficed for his point, which was weak in any case. LD is more interested in obstructing the pursuits of cypherpunks and the list and its members by inflammation, bandwidth waste (which to his credit has caused quite a good deal of attrition), and generally associating himself with the list, causing I might add a general distaste for the list in general, much as there is a general distaste for anything cannibalisticly associated. It is of course impossible to employ an "ignore him" policy as newbies, a resource I feel to be important and invaluable to the cause in general, are always going to be provoked to action. Especially in a list of such activity and size. To try and ignore LD on this list is analogous to ignoring a screaming film critic in the middle of a theater playing a maverick and foreign film. I dislike the idea of censoring Lance. He is entitled to his opinion. Similarly I feel that it is not necessarily proper for a majority on this list or any other to exclude the minority who would like to converse with LD. (S.Boxx and Executioner at least I'm sure.) I propose the following solution. Which probably will never be implemented, but I won't be able to sleep till I present it. 1> A second list be established. CypherpunkRisks at toad.com. 2> The list be dominated by a charter providing that: A> All who apply are welcome. B> LD shall be appointed moderator for the purpose of maintaining the content of postings, but not to regulate users who may receive the list. 3> The current cypherpunks list be renamed, or refocused to represent "cypherpunk advocacy." 4> That the advocacy list STRONGLY discourage disruptive criticism not concerned with the merits of cypherpunks and cryptography in general. 5> That reasonable enforcement of this premise (4) be executed to the extent required to maintain progress and not filter fair and reasonable criticism not violating item (4) above. Enforcement may reasonably be expected to include filtering of traffic by key word for human review and approval. 6> That any enforcement of item (4) above shall be accompanied by a brief but unevasive notice of action and cause for said action including the identity of the poster, or nym, if available (such identity being a direct copy of the basic From: line, and not to be investigated in any extensive manner) the date of received posting, the basic keyword content of the posting, and the availability of the posting on cypherpunkrisks at toad.com (subject to moderator approval) and by archive. (To be established and maintained.) I consider this a forum resolution, and not censorship. I think this is much like the solution some of the comp.sys groups used to separate advocacy and criticism without causing undue problems. Of course, the matter is open to discussion. - -uni- (Dark) -----BEGIN PGP SIGNATURE----- Version: 2.3 iQCVAgUBLQL1+BibHbaiMfO5AQE0ZgQAkVY8ljazwGdjOFwiRuupbHI5rjxbV4i5 WUQwdzdk1curybwS2mXYSh6klgR+4RP1+1JXDCjwhEoCRVLmlR2GRUEnBGBXfo+p gPW/SEAjIBabADOEQ3j+qdj0kVn/zeIKqkeyVLM4XaqXLOXBfBfxowKG5uVLxwoV Af6ohCaA3jQ= =FvWa -----END PGP SIGNATURE----- From ld231782 at longs.lance.colostate.edu Mon Dec 6 01:33:16 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Mon, 6 Dec 93 01:33:16 PST Subject: Hello again! Message-ID: <9312060932.AA07009@longs.lance.colostate.edu> Woops, I had sent off all my mail tonite before I read E.Hughes' interesting messages. It was quite a surprise to see that he had sent me anything. He's generally very quiet under the `E.Hughes' name. Anyway, there have been a few questions by people on this list. `why should we care about pseudospoofing?' the answer is that you should be sure that your leaders aren't doing it. What if there were sensitive projects that were volunteered by outsiders, and someone told them that they were doing it all wrong? Well, if it were just some nobody, maybe nobody would care. Frankly, I don't care as much if people `out there' are involved in there little pseudoanonymity schemes, as long as they stay away from me. But if E.Hughes says, under a fake identity, `hey, you don't know what you are doing, you are doing it all wrong' -- how does that promote trust in your group? how will you ever get anything accomplished? you have accomplished rather little when you look back on your months of bickering on this list. I once tried to get the whistleblowing newsgroup, and I think this is precisely what happened to me -- it conflicted with what your leaders wanted to accomplish, so they flamed me with their tentacles. But I am not prone to give in to intimidation where I am committed, as everyone has noticed by now! Furthermore, what if your leaders are doing this behind the scenes? Promoting their pseudospoofing techniques among many without your knowledge? Why would you possibly submit to that kind of an environment? What if they have made an *art* *science* and *religion* of deceiving each other and their followers with their tentacles? I think this is something that no respectable person would have anything to do with it. Either your leaders are not pseudospoofing, not respectable, or my belief that pseudospoofing is poisonous is incorrect. Take you pick! So far everyone believes either that pseudospoofing is no big deal, or that I am crazy. Aren't you just a *little* uneasy the way your leaders have responded to my charges? Don't you care at all? Don't you want to know the truth? Don't you recognize evasion when you see it? I am just a wimpy T.Cruise with nothing but my mouth in front of me and my fake soldiers behind me, saying (Few Good Men?) ``I want the TRUTH'', with your decorated leader Jack Nicholson saying, ``YOU CAN'T HANDLE THE TRUTH'' ... when are we going to get to the ``YOU'RE GODDAMN RIGHT I ORDERED THE CODE RED!'' Mr. Hughes, Mr. May, Mr. Gilmore, answer me *one* question truthfully, and I will go away. How many different email addresses have you posted and emailed under? (Include remailers and anon.penet.fi) What #? For the record, I have posted under 2 -- anon.penet.fi, and ld231782 at longs.lance.colostate.edu. Again, you don't have to sacrifice the privacy of any tentacles in revealing this information. But an answer like `1' is obviously a lie, and anyone who attacks me for attacking a lie I have no respect for. Do not send me mail attempting to influence me. From ld231782 at longs.lance.colostate.edu Mon Dec 6 01:43:16 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Mon, 6 Dec 93 01:43:16 PST Subject: E.Hughes on Lies Message-ID: <9312060942.AA07105@longs.lance.colostate.edu> Hello! I don't know why E.Hughes didn't cc: the cypherpunks with the following message. He sent it to an internet mailing list devoted to honest collaborations and Internet project development. >The issue here is epistemology. False. The issue is about truth and the morality of leaders. >>There would be no problem if I asked a tentacle, `are you a pseudonym' >>and it answered `yes'. > >This is exactly like the question "Are you a liar?", to which the >answer is always "no". False. In an honest society, lies exist. You are asserting that they do not. >>But the cypherpunks are setting up a network of >>fake sites and identities and continue to claim, to the very end, `yes, >>I am real' with their fake identities. > >When I am accused of saying "I am real" from the mouth of a fake >identity, and I deny this accusation, there are two models of reality >which satisfy the words exchanged: > >-- I am using a fake identity, and I am lying to deny it. >-- I am not using a fake identity, and am telling the truth to deny it. So tell, me, which is the case? Why do you continue to evade my questions? Either be silent or tell the truth. Cease tormenting me and your followers with your pathetic convolutions of the English language. >When confronted by a barrage of continuing accusations to which no >answer is possible, I prefer to remain silent. I can gain no benefit >from discourse in this situation and can only waste my time and the >time of my correspondent. I prefer that when I ask you if you have done something that directly affects your followers and myself, you tell the truth. I can gain no benefit from people who evade my honest questions or a movement that is led by a corrupt leader whose first instinct is to dig in and entrench himself rather than be honest with the people who respect him. >The usual way to break out of this 'solipsism of the dialogue' is to >invoke a social mechanism, that is, ask someone else. Under a belief >of widespread impersonation, however, all denials are now presumed to >come from the original speaker of the first denial. Thus the >solipsism of the dialogue expands to a solipsism of all dialogues. Solipsism. Interesting term. In my opinion `solipsism' is the philosophy for the height of arrogance. `I am the only one who exists'. I have asked many, and they all have erected the same impregnable steel walls that you have. They refuse to answer my questions with specific denials. Why do you mislead the people who have made you their leader? >>Cypherpunks, please tell me what question I can ask of a psychopunk >>tentacle such that it will not lie and say that it is a real person! If >>you have any honesty or credibility, tell me that question! > >There is no such question, as I argue above. Am I dishonest if I >cannot exhibit the nonexistent? In a society where there is no honor or integrity, and instead there is only corruption and lies, you are correct. No such question is sufficient. I have found that out. I posted my message in the desperate hope that a cypherpunk leader could tell me *one* question he would answer honestly. `There is no such question, as I argue above'. Good day, sir. From an52436 at anon.penet.fi Mon Dec 6 02:14:56 1993 From: an52436 at anon.penet.fi (Mephisto) Date: Mon, 6 Dec 93 02:14:56 PST Subject: Gov't Report... Message-ID: <9312061013.AA29859@anon.penet.fi> Thought some of you might find this to be of interest... Mephisto ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From an52436 at anon.penet.fi Mon Dec 6 02:19:57 1993 From: an52436 at anon.penet.fi (Mephisto) Date: Mon, 6 Dec 93 02:19:57 PST Subject: Gov't Report Message-ID: <9312061016.AA00390@anon.penet.fi> Thought that some of you might find this interesting... Mephisto **Forwarded Message** To: rsaref-users at RSA.COM From: KH3 at CU.NIH.GOV Date: Fri, 03 Dec 1993 16:11:53 EST Subject: New GAO report on Communications Privacy Acknowledge-To: KH3 at NIHCU.BITNET X-Acknowledge-To: KH3 at NIHCU.BITNET Sender: rsaref-users-request at RSA.COM GAO recently issued a report "Communications Privacy: Federal Policy and Actions", GAO/OSI-94-2, dated November 4, 1993, that may be of interest to members of your group. The report focused on the following issues: - The need for information privacy in computer and communications systems--through such means as encryption, or conversion of clear text to an unreadable form--to mitigate the threat of economic espionage to U.S. industry; - federal agency authority to develop cryptographic standards for the protection of sensitive, unclassified information and the actions and policies of the National Security Agency (NSA), Department of Defense, and of the National Institute of Standards and Technology (NI ST), Department of Commerce, regarding the selection of federal cryptographic standards; - roles, actions, and policies of NSA and the Department of State related to export controls for products with encryption capabilities and industry rationale for requesting liberalization of such controls; and - the Federal Bureau of Investigation's (FBI) legislative proposal regarding telephone systems that use digital communications technology. I have placed an electronic version of the report named OSI-94-2.TXT in the GAO-REPORTS anonymous FTP directory at NIH (ftp.cu.nih.gov). Joe Sokalski, GAO--Los Angeles kh3 at cu.nih.gov ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From frissell at panix.com Mon Dec 6 04:10:10 1993 From: frissell at panix.com (Duncan Frissell) Date: Mon, 6 Dec 93 04:10:10 PST Subject: anyone out there thinking Message-ID: <199312061209.AA02950@panix.com> N >witch hunts (maybe in the future we'll be accused by "legitimate" N >government agencies of being the Medusas behind many Tenticles, N >hunted, wrongly, like dogs). We wouldn't have to worry because all we'd have to say is: "Look you mental retards, we can't be "Tenticles" (or even tentacles) of the Medusa because the Medusa didn't *have* any tentacles. She had a head of snakes instead of a head of hair." Duncan Frissell Who has Ray Harryhausen to thank for much of his classical education. --- WinQwk 2.0b#1165 From hfinney at shell.portal.com Mon Dec 6 08:45:01 1993 From: hfinney at shell.portal.com (Hal Finney) Date: Mon, 6 Dec 93 08:45:01 PST Subject: Authorized cash? Message-ID: <9312061643.AA17218@jobe.shell.portal.com> I recall a few months ago there was some discussion of having David Chaum come out and work with some cypherpunks to get them started on an implementation of digital cash. Did anything ever come of that? Chaum has a patent, I've heard, on the "blinding" that is an important part of at least the simpler cash proposals. If he were willing to authorize a cypherpunks cash system it would remove one legal hurdle to its implementation. Does anyone know whether he might be willing to do this? Hal From hazman at cco.caltech.edu Mon Dec 6 08:53:17 1993 From: hazman at cco.caltech.edu (R. Lawrence Martinez) Date: Mon, 6 Dec 93 08:53:17 PST Subject: No Subject Message-ID: <9312061651.AA00194@kanga.cco.caltech.edu> Unsubscribe hazman at cco.caltech.edu From jazz at hal.com Mon Dec 6 09:10:01 1993 From: jazz at hal.com (Jason Zions) Date: Mon, 6 Dec 93 09:10:01 PST Subject: Enough is enough Message-ID: <9312061706.AA21926@jazz.hal.com> Look, there's one advantage to not banning LD from the list; he generally posts under his own or his well-known anonymous names, which makes it easier to filter them. Recently, though, either he or someone else has started reforwarding his rants through a remailer, which I cannot filter on (unless I go to content filtering, which I'd prefer to avoid). If someone other than LD is forwarding his rantograms via remailers, Please Cease And Desist. If it's Detweiller himself, well, he's obviously not going to listen to me. (Of course, I haven't been accused of being a tentacle; I must not be important enough.) Jason From pdn at dwroll.dw.att.com Mon Dec 6 09:15:01 1993 From: pdn at dwroll.dw.att.com (Philippe Nave) Date: Mon, 6 Dec 93 09:15:01 PST Subject: Censorship/Forum dispute on the list In-Reply-To: <199312060909.AA04134@access.digex.net> Message-ID: <9312061714.AA17135@toad.com> Black Unicorn writes : > > I propose the following solution. Which probably will never be > implemented, but I won't be able to sleep till I present it. > > 1> A second list be established. CypherpunkRisks at toad.com. > 2> The list be dominated by a charter providing that: > A> All who apply are welcome. > B> LD shall be appointed moderator for the purpose of > maintaining the content of postings, but not to regulate > users who may receive the list. > Detweiler already has another list ('cypherwonks') that is looking into issues like electronic democracy, cyberspatial ethics, etc. Is this the sort of thing you had in mind? I don't know whether he actually moderates the list in the sense of filtering the postings, but he bills himself as the 'cypherwonks janitor' in the welcome message and certainly takes an active interest in the progress of the discussions. ........................................................................ Philippe D. Nave, Jr. | The person who does not use message encryption pdn at dwroll.dw.att.com | will soon be at the mercy of those who DO... Denver, Colorado USA | PGP public key: by arrangement. From cvoid at netcom.com Mon Dec 6 09:33:17 1993 From: cvoid at netcom.com (Christian Void) Date: Mon, 6 Dec 93 09:33:17 PST Subject: FTP site for t-shirt design Message-ID: I forgot to put this in the last post... Our t-shirt design, as well as any other designs people come up will be available at netcom.com: ~pub/cvoid/cypherpunks. All files should be in *.gif format. Christian Void /T71 | "I don't like it, and I'm sorry I | V/M/Research, Inc. cvoid at netcom.com | ever had anything to do with it." | P.O. Box 170213 Tel. 1+415-807-5491 | -Erwin Schrodinger (1887-1961) | SF, CA 94117-0213 * PGP v2.3a Public Key Available Via Finger * From cvoid at netcom.com Mon Dec 6 09:34:51 1993 From: cvoid at netcom.com (Christian Void) Date: Mon, 6 Dec 93 09:34:51 PST Subject: T-Shirt Update Message-ID: Okay. I have compiled a list of people interested in the shirt...If you are not on the list, and are interested, mail me. As for a design, we have a design we are working with, available (a rough draft) via anon ftp. If you have a better idea, or would like to take a crack at designing it, let me know and we can put these designs up as well. A sort of "vote for the best design". Also, Jef Poskanzer (jef at netcom.com) has given us permission to use his DOT crypto warning sign, if someone would like to incorporate that into thier idea. We will be finishing up our design over the next week, and working cost, sizes, etc. I'll keep you posted. Christian Void /T71 | "I don't like it, and I'm sorry I | V/M/Research, Inc. cvoid at netcom.com | ever had anything to do with it." | P.O. Box 170213 Tel. 1+415-807-5491 | -Erwin Schrodinger (1887-1961) | SF, CA 94117-0213 * PGP v2.3a Public Key Available Via Finger * From nowhere at bsu-cs.bsu.edu Mon Dec 6 10:23:20 1993 From: nowhere at bsu-cs.bsu.edu (Anonymous) Date: Mon, 6 Dec 93 10:23:20 PST Subject: Momma's boy Message-ID: <9312061823.AA27937@bsu-cs.bsu.edu> ...."Lawrence?" From: jim at rand.org (Jim Gillogly) Newsgroups: talk.politics.crypto,alt.privacy,alt.privacy.anon-server,news.admin.policy,comp.org.eff.talk,comp.admin.policy,alt.conspiracy Subject: Re: CRYPTOANARCHIST INFILTRATION ALERT Date: 5 Dec 1993 21:58:36 GMT Organization: Banzai Institute Message-ID: <2dtlic$naj at rand.org> References: In article , L. Detweiler wrote: >oh, BTW Mr. May, when did you decide my first name was Larry and not Lance? >You called me Lance for 10 months or so on the cypherpunks list. Given that somebody using your account in '91 posted an article to sci.crypt about factoring under the name "Lawrence Detweiler", I suppose that either Larry or Lance might be a reasonable guess... if perhaps overly familiar. What nickname do you prefer, if any? Does this make me a pseudopod of the ubiquitous anonymous organism? Will Suicide Squid come out of retirement to counter this new evil? Is L. Detweiler the Colo State equivalent of C-MU's Harry Q. Bovick? The world wonders... -- Jim Gillogly Hevensday, 15 Foreyule S.R. 1993, 21:58 From fnerd at smds.com Mon Dec 6 11:30:04 1993 From: fnerd at smds.com (FutureNerd Steve Witham) Date: Mon, 6 Dec 93 11:30:04 PST Subject: VOTE: Proposition desist: no Message-ID: <9312061903.AA01821@smds.com> Shut Detweiler out of the cpunx list? no. I have no problem skipping his posts; presently I'm not worried about the bandwidth through the modem into /dev/null. He posts interesting things once in a while (most recently, that piece by Kapor about libertarians vs. "decentralists.") I wouldn't mind the creation of a special "Detweiler free" filtered version of the list, as long as it was just a postprocessor on the true list. -fnerd quote me -----BEGIN PGP SIGNATURE----- Version: 2.3a aKxB8nktcBAeQHabQP/d7yhWgpGZBIoIqII8cY9nG55HYHgvtoxiQCVAgUBLMs3K ui6XaCZmKH68fOWYYySKAzPkXyfYKnOlzsIjp2toust1Q5A3/n54PBKrUDN9tHVz 3Ch466q9EKUuDulTU6OLsilzmRvQJn0EJhzd4pht6hanC0R3seYNhUYhoJViCcCG sRjLQs4iVVM= =9wqs -----END PGP SIGNATURE----- From 0005533039 at mcimail.com Mon Dec 6 11:40:06 1993 From: 0005533039 at mcimail.com (Giuseppe Cimmino) Date: Mon, 6 Dec 93 11:40:06 PST Subject: We interrupt this LD thread with CCC'93 Message-ID: <05931206175750/0005533039ND5EM@mcimail.com> are any of the TENTACLES planning on attending CCC'93 in the FLESH? i'd be interested in hooking up over there. vergiss nicht diene PSEUDOSPOOF pgp key mitzubringen. Giuseppe From mccoy at ccwf.cc.utexas.edu Mon Dec 6 12:40:08 1993 From: mccoy at ccwf.cc.utexas.edu (Jim McCoy) Date: Mon, 6 Dec 93 12:40:08 PST Subject: Authorized cash? In-Reply-To: <9312061643.AA17218@jobe.shell.portal.com> Message-ID: <199312062038.AA23984@tramp.cc.utexas.edu> [regarding Chaum's digital cash work and possibly using that for net.money] > Chaum has a patent, I've heard, on the "blinding" that is an important > part of at least the simpler cash proposals. If he were willing to > authorize a cypherpunks cash system it would remove one legal hurdle > to its implementation. Does anyone know whether he might be willing to > do this? Strangely enough, his secretary and I have been exchanging email trying to arrange a time when he can catch me by phone for the past few days... I will ask him :) jim From MJMISKI at macc.wisc.edu Mon Dec 6 12:43:20 1993 From: MJMISKI at macc.wisc.edu (Matthew J Miszewski) Date: Mon, 6 Dec 93 12:43:20 PST Subject: Security (Encryption) Corps Message-ID: <23120614391527@vms2.macc.wisc.edu> To interupt the Monster in the name of Cypherpatriot Activity... I plan on starting up a security and consulting firm over the next few months. A great deal of what we will address are practical applications of crypto technology. Due to the fact that pre-LD experience with this list has showed a great deal of impressive peole or net.entities out there, I would like those interested in getting involved with an upstart (and yet comprehensive) corporation to contact me. The corporation will deal with all aspects of information security including telco product security, data integrity, data security, communication security, and general computer consultations. If you are interested, or have any ideas you think are ready for commercialization, let me know. Cypherpunks Start Corporations! (No longer merely write code). --Matt ______________________________________________________________________________ In defense of liberty, encrypt for all purposes, civil and professional. In defense of privacy, encrypt all correspondence, personal and professional. In defense of sanity, do not encrypt your dry cleaning invoice! ++++++++--------mjmiski at macc.wisc.edu (c)1993 From jaeck at alc.com Mon Dec 6 12:53:21 1993 From: jaeck at alc.com (jaeck at alc.com) Date: Mon, 6 Dec 93 12:53:21 PST Subject: PGP Question Message-ID: <9312062044.AA04801@bombadil.alc.com> Would someone please explain exactly what it is that using PGP to sign an electronic post is supposed to be good for? Given that I will understand that, how can I decipher a PGP block, and how can I create one? Thanks. From 71431.2564 at CompuServe.COM Mon Dec 6 13:20:08 1993 From: 71431.2564 at CompuServe.COM (bdolan) Date: Mon, 6 Dec 93 13:20:08 PST Subject: Digicash question Message-ID: <931206210540_71431.2564_FHA55-1@CompuServe.COM> TO: >internet: cypherpunks at toad.com Forgive me for a newbie question. Why wouldn't the following inelegant idea work? X gives $101 to First Digital Bank, which gives X a PGP-signed password representing a claim on $100 (or maybe they would do this just for the "float"). X gives the $100 password to Y, in exchange for a narco-terrorism decoder ring. Y, being a cautious soul, calls First DigiBank immediately and gives it the password. DigiBank pockets $1 and issues Y a new signed password good for $99. Note that DigiBank (1) doesn't need to know who Y is and (2) ensures that a given money-password is only spent once. By the same method, Y can pay Z and Z can deposit the credit in BillnHill's S&L for settlement. Or the money can keep floating around until DigiBank gets it all, which is what usually happens now ;-) Of course, you have to trust the bank - but you have to now, also. Don't abuse me too much. Just point me to the right FAQ (...cowering...) bdolan at well.sf.ca.us From anonymous at extropia.wimsey.com Mon Dec 6 13:30:08 1993 From: anonymous at extropia.wimsey.com (anonymous at extropia.wimsey.com) Date: Mon, 6 Dec 93 13:30:08 PST Subject: More Digressions Into Folklore Message-ID: <199312062107.AA06422@xtropia> * Reply to msg originally in CYPHERPUNKS > From: arthurc at crl.com (Arthur Chandler) > Date: Sat, 4 Dec 1993 10:17:08 -0800 (PST) > Cc: cypherpunks at toad.com > I've had occasion to recall this quote several times as I've read > some of the menacing and/or obscure posts here: > "They muddy their waters that they may seem deep." Hm. Reminds me of the Mexican proverb: "Don't muddy the water; in the end you'll have to drink it." Perhaps this is even more apropos. Dark days, brothers, dark days... From warlord at MIT.EDU Mon Dec 6 13:53:21 1993 From: warlord at MIT.EDU (Derek Atkins) Date: Mon, 6 Dec 93 13:53:21 PST Subject: Digicash question In-Reply-To: <931206210540_71431.2564_FHA55-1@CompuServe.COM> Message-ID: <9312062149.AA01663@toxicwaste.media.mit.edu> Well, there are a couple of problems, but I'll only ask about one: How do you make sure that the bank doesn't earmark the "password" with X's name? You don't want the bank to know that that "password" was given to X. -derek From sdw at meaddata.com Mon Dec 6 14:45:10 1993 From: sdw at meaddata.com (Stephen Williams) Date: Mon, 6 Dec 93 14:45:10 PST Subject: Anarchy Gone Awry (fwd) In-Reply-To: <9312060208.AA17728@bsu-cs.bsu.edu> Message-ID: <9312062243.AA11661@jungle.meaddata.com> I'm not sure, yet, if I want to agree with this guy to any amount, but this idea, recast into a safe form that doesn't get out of control, might be a good idea. I thought of it as a way to get K-12 students/schools connected 'safely'. See below: > Computer underground Digest Sun Dec 5 1993 Volume 5 : Issue 91 > ISSN 1004-042X > Date: Thu, 02 Dec 93 04:36:10 -0700 > From: "L. Detweiler" > Subject: File 1--Anarchy Gone Awry > > Mr. Leichter raises some extremely pivotal issues in CUD #5.90 related > to the `anarchy' of the Internet. B.Sterling is the author of one of > the most brilliantly colorful characterizations and metaphors of the > Internet as `anarchic', comparing its evolution and development to that > of the English language: .... > I think that many people have mistaken the word `anarchic,' implying no > overseeing authority or order (which the Internet is less) with the > word `decentralized' (which the Internet is more). Again, the > Internet has many regulatory and self-governing systems and orders. > For example, connecting sites are required to implement a certain > minimum set of software standards and prevent or even root out > corruptions in their local sites and software. We have centralized > databases that require the registration of domains for fees. A complex > network of agreements and policies governs interconnectivity and > communication, and a complicated interplay of elements affects basic > content such as `commercial vs. academic.' Lack of some of these > regulations and protocols would be disastrous. > > Leichter: > >Most of the Internet, in fact, is > >better described as self-governing. There are a variety of social > >norms concerning network use and interactions. One doesn't post > >messages to unrelated groups. One doesn't evade moderation > >restrictions. One maintains a certain (rather limited, it must be > >admitted) degree of restraint in how one describes other network > >participants. There are few effective mechanisms for enforcing these > >norms, and they are certainly broken on an all-too-regular basis; but > >the network continues to function because social pressure *can* be > >applied to those who become too annoying; and in the most outrageous > >cases, it's possible to remove the offenders' access to the net. > > I advocate that we build new formal mechanisms to enforce this order! > We have for too long pretended that a central element of the Internet > is not integral to it, namely that of the `degree of restraint over > network participants' exerted through `social pressure'. Let us codify > and formalize these `norms concerning network use and interactions' and > develop systems that enforce them! I believe such systems can be > developed that do not stray from the sacred Internet tradition of > decentralization of control and freedom from censorship. Why should we > continue to subject ourselves to the torture of `few effective > mechanisms for enforcing these norms broken on an all-too-regular basis'? > > One of my most enduring Cyberspatial hallucinations is that of a > Ratings server. A Ratings server would be a massive distributed network > for the propagation of information similar to Usenet, and could > conceivably be built upon it. But the Ratings server is not > Information, as Usenet is, it is Information about Information. Anyone > can post an arbitrary message to the Ratings server that refers to > Information somewhere else in Cyberspace. It is in a sense a Rating of > that Information. The Information could be *anything* -- a mailing > list, a person, a particular Usenet posting, an FTP site. But postings > on the Ratings server can be perused by anyone, and anyone can > contribute Ratings to the server or indicate their own opinion on the > existing Ratings. Different mechanisms exist such that some Ratings are > `local' and some are updated globally. I had a similar idea, but knowing how hard it is to get everyone using new software and data streams, I wanted to piggyback onto News. My original reason for thinking about it was for Internet systems that would like to give access to News, etc. to K-12 students and schools. A big problem is material that parents and teachers would object to. I have absolutely no desire to censor anything or prevent adults from running into or getting anything (quite the opposite, actually), but there is no getting around the desired restrictions on info flow to minors. Basically, I suggested that special messages be standardized that would endorse messages for certain distributions. Old (existing...) news software would just pass the messages like others, but news systems that wanted to rate or hide improper messages could pay attention to them. My software would probably take the form of patches to INN and tin, etc. There would be positive and negative endorsements, of course with the possibility of signature keys, etc. You could configure certain users or the system to be sensitive to any combination of endorsements: The idea is that the administrator or user could determine who they would pay attention to. Other things like voting, number of endorsements, etc. could easily be done. One senario is that teachers or organizations worldwide could 'register' to each other and share the responsibility of endorsing messages in certain groups. If there needed to be culpability, the endorsers could be tracked down if needed. This would be totally optional on an adult's account and mandatory on a minor's account, unless proper permission was obtained. It might, in certain situations, also reduce the signal-to-noise ratio. Another interesting use is to change the nature of moderated groups: the group could be unmoderated in the current sense, but users could choose moderators who would agree to endorse messages that had good content. You could have several 'competing' moderators in the same group, almost like news organizations. 'alt.best.of.internet' is a limited capability version of this idea. > The fantastic possibilities of this system are evident upon some > reflection and consideration. We could establish arbitrary new groups > that have *formal* requirements that are matched by Ratings servers. > For example, we could require that new sites that enter the Internet be > `trusted' by an existing site. We could require that membership in > certain groups requires a certain amount of collateral peer approval, > with automatic suspension or expulsion as the consequences for > violating it! We could have *meaningful* polls on arbitrary issues. We > could have news servers that automatically sort and archive articles > according to their passing certain Ratings thresholds. We could > restrict the influence of troublemakers! These are all examples of > strengthening and formalizing the informal social orders that are, in > my opinion, today just barely holding the Internet together. With a > Ratings system, I think the civility of the Internet would increase to > a fantastic degree. In short, we could have our *own* cyberspatial government! > > Note that there is no centralized authority or unfair influence in this > system, unless people corrupt their servers. When everyone who has > joined a group *individually* decides to screen their postings of > messages that fail to meet a certain `quality' or posters who have a > certain `reputation', that is not Orwellian Censorship but the > beautiful Internet freedom and right of Bozo Filtering. When everyone > who joins a group *agrees* to a charter that may bar troublemakers > based on Ratings, no one can claim they are being unfairly oppressed. My method, IMHO, is a positive version of the negative method espoused here. I do not like a central 'ratings server' of any kind. There should be multiple competing 'opinions' and you can ascribe to any existing one or in combination or be independant. > I fervently hope that the glorifications and manipulations of Internet > Anarchy by mouth-frothing libertarian extremists, Cryptoanarchists, > and sympathizers can be adequately controlled and minimized in the > future, and some harmonious systems and effective countermeasures > along the lines of the Rating server can be established by visionaries > and tinkerers, but in any case, for the sake of humanity's integrity, > sanity, and well-being, I pray that Future Cyberspace is far less > Anarchic than the Current Internet. So how does our current society hold together? Where is that central 'ratings server'? (Nielsons dosn't count :-)) We should stay decentralized, especially, on the net. When some of us think of an anarchic system, we are making the assumption that some good stability and structure will be created organically. Probably it will be better than that designed with preconceived opinions. And, I feel compelled to add, you are the only mouth-frothing person I've run across recently. sdw -- Stephen D. Williams Local Internet Gateway Co.; SDW Systems 513 496-5223APager LIG dev./sales Internet: sdw at lig.net CIS 76244.210 at compuserve.com OO R&D Source Dist. By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430 GNU Support ICBM: 39 34N 85 15W I love it when a plan comes together From jim at Tadpole.COM Mon Dec 6 16:10:12 1993 From: jim at Tadpole.COM (Jim Thompson) Date: Mon, 6 Dec 93 16:10:12 PST Subject: swIPe Internet Draft Message-ID: <9312070006.AA06651@chiba.tadpole.com> From szabo at netcom.com Mon Dec 6 16:35:10 1993 From: szabo at netcom.com (Nick Szabo) Date: Mon, 6 Dec 93 16:35:10 PST Subject: VOTE: Proposition desist: no In-Reply-To: <9312061903.AA01821@smds.com> Message-ID: <199312070034.QAA14364@mail.netcom.com> > Shut Detweiler out of the cpunx list? > no. > > I have no problem skipping his posts; I have a problem with people skipping Detweiler posts, and then assuming they have the knowledge needed to vote on this issue. A glaring example of the failings of democracy. Ignorance of what Detweiler has posted is about the only reason one would justify the presence of somebody whose posts are intended to harass and disrupt the list, by slandering and threatening its members. The Extropians list with its filtering which keeps out net stalkers and harassers, has become superior to this highly disrupted list, and unfortuneately I've had to move much of my cypherpunks-related posting over there (eg an excellent thread we've had on "Graynet"). This doesn't stop Detweiler from attacking me via anon.penet.fi in front of the entire world on Usenet and RISKS, but filtering would keep at least this formerly high quality list sane. My thanks go out to Doug Barnes, Derek Upham, Eli Brandt, Eric Hughes, others who've helped out in the efforts to defend ourselves against this threat, and to Hal Finney et. al. for continuing to post high-quality material to cypherpunks among the flames. Nick Szabo szabo at netcom.com From bart at netcom.com Mon Dec 6 16:50:09 1993 From: bart at netcom.com (Harry Bartholomew) Date: Mon, 6 Dec 93 16:50:09 PST Subject: Welcome to cypherwonks In-Reply-To: <199312061800.AA26077@lassie.eunet.fi> Message-ID: <199312070048.QAA00283@mail.netcom.com> Hey. I never subscribed. This is coercion. From bart at netcom.com Mon Dec 6 16:53:22 1993 From: bart at netcom.com (Harry Bartholomew) Date: Mon, 6 Dec 93 16:53:22 PST Subject: Majordomo results (fwd) Message-ID: <199312070053.QAA00613@mail.netcom.com> Forwarded message: From ji at cs.columbia.edu Mon Dec 6 14:19:01 1993 From: ji at cs.columbia.edu (John Ioannidis) Date: Mon, 6 Dec 1993 17:19:01 -0500 Subject: swIPe Internet Draft, resent Message-ID: <37706e274225bcd46f6bc3f960477b91@NO-ID-FOUND.mhonarc.org> The swIPe IP Security Protocol John Ioannidis INTERNET DRAFT (Columbia University) Expires June 3, 1994 Matt Blaze (AT&T Bell Labs) December 3rd, 1993 The swIPe IP Security Protocol Status of this Memo This document is an Internet Draft. Internet Drafts are working documents of the Internet Engineering Task Force (IETF), its Areas, and its Working Groups. Note that other groups may also distribute working documents as Internet Drafts. Internet Drafts are draft documents valid for a maximum of six months. Internet Drafts may be updated, replaced, or obsoleted by other documents at any time. It is not appropriate to use Internet Drafts as reference material or to cite them other than as a ``working draft'' or ``work in progress.'' Please check the 1id- abstracts.txt listing contained in the internet-drafts Shadow Directories on nic.ddn.mil, nnsc.nsf.net, nic.nordu.net, ftp.nisc.sri.com, or munnari.oz.au to learn the current status of any Internet Draft. Abstract This document describes swIPe, a network-layer security protocol for the IP protocol suite. swIPe provides confidentiality, integrity, and authentication of network traffic, and can be used to provide both end-to-end and intermediate-hop security. swIPe is concerned only with security mechanisms; policy and key management are handled outside the protocol. 1. Introduction Security of network resources has been viewed traditionally as a trade-off between security and convenience. The lack of a network-layer security protocol suitable for use in large, administratively heterogeneous internetworks, has given rise to ad hoc security efforts, such as mailbridges, filtering routers, firewalls, application-level gateways, etc. The fundamental problem with these efforts is that, in enforcing security, they cripple the connectivity that makes internetworking attractive in the first place. Ioannidis & Blaze [Page 1] INTERNET-DRAFT The swIPe IP Security Protocol December 1993 In order that the Internet continue to grow in size and features, its users must be confident that it is safe to connect without hiding behind impenetrable draconian barriers. The existing internetworking protocols, including IP, are deficient in three areas: * Lack of source authentication. * Lack of data integrity. * Lack of data confidentiality. The lack of these features in the network requires relying on higher-layer protocol features (e.g., TCP port numbers), or lower-layer features (e.g., which network interface a packet arrived from) to perform security functions (such as access control). In most cases, `firewalls' simply create an impenetrable barrier, thus making it cumbersome, or even impossible, for users inside the firewall to take advantage of network services in the global Internet. Network security being critically important to the continued growth of the Internet, it is necessary to solve these problems while maintaining connectivity. Cryptographic protection of network traffic can solve all three problems. However, we still lack full understanding of the problems of heterogeneous security policies and of cryptographic key management in large scale networks. Therefore, it is important to separate policy considerations and key management from the actual mechanisms in any security protocol. swIPe is a network-layer security protocol that provides the mechanisms to solve the three problems listed above. It works by augmenting each packet with a cryptographically-strong authenticator and/or encrypting the data to be sent. swIPe is simple to define, implement and use in existing and future networks and operating systems. It provides all the necessary security mechanisms and is easy to interface to loosely coupled policy and key management facilities that are outside the swIPe protocol itself. In addition, is tied to any specialized underlying protocol features or cryptographic algorithms, and can therefore be readily adapted to new protocols and new crypto systems. Because swIPe operates at the network layer, it can be used to implement a variety of security configurations. It can operate at the same granularity level as the network and therefore can provide security between any entities identified at the network layer (e.g., host-to-host security, host-to-network, individual links, etc.). Depending on the capabilities of the host environment, finer Ioannidis & Blaze [Page 2] INTERNET-DRAFT The swIPe IP Security Protocol December 1993 granularity is possible as well, such as security between individual processes running on different hosts. The precise security configuration of a network (which links, hosts, connections between processes in hosts, etc. are protected) depends on the policy configuration of each network entity. That is, a host may determine which outgoing packets are protected, a router may determine which packets to pass or reject, and so on. For example, a trusted internal network need not run swIPe at all, but may still securely connect to external networks by running swIPe on its routers. It is important to note that the existence of a security protocol is not sufficient; host and site security policies must be chosen judiciously, and often in combination with higher-level security mechanisms to yield the desired effects. As an example, providing a secure link between a workstation and its file server does not protect file data once they are on the server itself. Similarly, trusting the identity of a particular host is not the same as trusting the integrity of the data and services provided by that host. Although it was designed to be readily adaptable to any connectionless network protocol, swIPe as described in this document is specific to IP. 2. Protocol Description swIPe works by encapsulating each IP datagram to be secured inside a swIPe packet. A swIPe packet is an IP packet of protocol type IPPROTO_SWIPE (temporarily, protocol 94, or IPPROTO_IPIP, is being used). A swIPe packet starts with a header, which contains identifying data and authentication information; the header is followed by the original IP datagram, which in turn is followed by any padding required by the security processing. Depending on the negotiated policy, the sensitive part of the swIPe packet (the authentication information and the original IP datagram) may be encrypted. In this document, we refer to the original IP datagram as the `inner packet', and the entire swIPe datagram as the `outer' packet. The components of a swIPe packet are shown in the following diagram. +-----+-----------+-----+----------------------+---------+ |IPhdr| swIPe hdr |IPhdr| payload | padding | +-----+-----------+-----+----------------------+---------+ ^_______ inner packet _______^ ^__________________ outer (swIPe) packet ________________^ Ioannidis & Blaze [Page 3] INTERNET-DRAFT The swIPe IP Security Protocol December 1993 The inner IP header and the payload are transferred intact with respect to the swIPe endpoints. That is, the Time To Live field, original source and destination addresses, and other such fields in the inner IP header are not modified. It may be desirable (in a future version of the protocol) to `compress' the inner IP header, that is, replace it with enough information to reconstruct it from the outer header. This `compression', however, must be invisible at the swIPe endpoints. The format of a swIPe packet is: 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 .- +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ s H | Packet type | Header length | Policy identifier | w e +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ I a | Packet sequence number | P d +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ e e / / r \ Authenticator (optional, variable length) \ `- / / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / / \ \ / Original (inner) packet / \ \ / / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ / / \ Padding (optional) \ / / +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ The fields in the swIPe header are: Packet type (8 bits) 0 Plain encapsulation; Header length should be 1 and the Policy identifier should be 1. 1 Packet is authenticated but not encrypted. 2 Packet is encrypted; the encryption algorithm may provide some authentication (e.g., DES CBC residue). 3 Packet is both authenticated and encrypted 4-15 Unused. Ioannidis & Blaze [Page 4] INTERNET-DRAFT The swIPe IP Security Protocol December 1993 16-63 Control packet. Reserved, undefined by the protocol, interpreted by policy and key management engines. 64-255 Reserved; must never be used. Header length (8 bits) The length of the swIPe header in 32-bit words. The minimum value is 1. Policy Identifier (16 bits) A token, negotiated at key- or policy-setup time, used by the recipient of the packet to choose the proper policy. Similar to a SAID. Packet sequence number (32 bits) This field protects against replay attacks and may also be used for synchronization by a stream cipher. It is unique within the context of an endpoint pair (common source/destination address and Policy identifier). It is incremented by one with every packet sent, and initialized whenever the hosts re-negotiate keys and/or policies. The hosts MUST renegotiate crypto variables before the packet sequence number wraps around. A host MUST NOT accept duplicate packets; this may be achieved by only accepting packets which increment the sequence number, or maintaining a small window of acceptable packet numbers. Authentication data (variable length, multiple of 32 bits) An authenticator, computed over the entire swIPe packet (minus the outer IP header), but before any confidentiality processing is performed. When the authenticator is computed, the authentication data field is zeroed. Encapsulated packet (variable length) The actual packet being secured. Padding (variable length) Some security algorithms (such as DES) require padding to bring the length of the data to an integral multiple of the block size. The padding is added after the authentication data have been computed. A swIPe system consists of three conceptual entities; the protocol engine, the key management engine, and the policy engine. The swIPe protocol described in this document comprises the protocol engine. We describe the swIPe processing without specifying the precise semantics of either the policy or key management engines, since these Ioannidis & Blaze [Page 5] INTERNET-DRAFT The swIPe IP Security Protocol December 1993 are not part of the protocol itself. It is useful, however, to consider the interaction between protocol and key management and policy in terms of a simple upcall interface: whenever the swIPe processing engine needs to determine which keys and what policy to use in processing a datagram, it calls the appropriate processing engine. Needless to say, an implementation may optimize the actual mechanisms or blur the boundaries between protocol processing and policy. The policy engine is responsible for determining the precise kind of processing required of outgoing datagrams, and acceptance policy for incoming datagrams. The key management engine establishes the cryptographic variables used by the protocol. Both the policy and the key management engines may also communicate with their respective peers on remote endpoints for negotiation of policy and keys, as required. Outgoing datagrams are processed by swIPe as follows: based on information from the inner packet itself (IP source and destination address, IP protocol, other transport-layer parameters), as well as information from local system control structures such as protocol control blocks, a decision is made whether to send the packet and, if so, whether to apply swIPe processing to it. If swIPe processing is required, the authentication and encryption algorithms, the keys to use, and the destination of the outer packet are determined by consulting the policy and key management engines. Once the parameters have been determined, the swIPe packet is constructed. The swIPe header is prepended to the (inner) IP datagram. The sequence number is copied into the packet and incremented. If authentication is to be performed, the authenticator field (of the appropriate length) is zeroed, and the authentication algorithm is applied to the authentication information part of the header (i.e., the swIPe header minus the first 32 bits) and the original IP datagram. The checksum resulting from the application of the authentication algorithm is copied into the authenticator field. If authentication is not performed, then the authenticator field is not present. Next, if encryption is (also) specified, the appropriate algorithm and crypto variable are selected and applied to the same parts of the datagram as the authentication. The algorithm may require padding, which is appended to the packet after encryption has been performed. The resulting datagram is then transmitted to its destination (which may not be the same as that of inner packet). Input processing proceeds in roughly the opposite fashion. swIPe datagrams that arrive are decrypted and authenticated based on information contained in their swIPe header. Namely, the source, destination, and Policy Identifier of the outher packet are examined and the crypto variables and algorithms used to decrypt, verify, and Ioannidis & Blaze [Page 6] INTERNET-DRAFT The swIPe IP Security Protocol December 1993 reconstruct the original packet. The resulting datagrams, plus any non-swIPe datagrams that arrive directly are checked against the local policy configuration to determine whether they should be accepted or not. Accepted packets are processed in the ordinary manner (delivered to the corresponding higher-layer protocol if they were destined for the receiving host, or further routed if not). 3. Discussion The security provided by swIPe depends upon the strength of the underlying cryptographic algorithms, the security of secret key information, and the characteristics of the protocol itself. Since swIPe can be used with a wide range of crypto systems, we focus on the impact of the protocol features on the resulting security. Source authenticity of the inner packet is protected by including the entire inner packet (and hence its source and destination IP addresses) in the computation of the authenticator. The implicit assumption is that the authentication function is a cryptographically strong one-way authenticator (such as key-seeded MD5), and that only the legitimate hosts have access to the authentication key. Similarly, data integrity is protected by the same checksum mechanism; replays are thwarted by the presence of the sequence number field. An adversary not possessing the authentication key cannot generate the authenticator for fraudulent packets; furthermore, since only packets that increase the sequence number are accepted (or packets within the acceptable window), replay attacks are not feasible either. Data confidentiality is provided by encrypting the entire swIPe packet. Confidentiality is not limited to the actual data being transmitted in the inner packet, but also extends to the source and destination addreses, protocol characteristics (such as TCP port number), and so on. Note that since the addresses of the inner packet are not necessarily the same as those of the outer packet, it is not possible for an adversary to determine the actual endpoints of communication without resorting to global traffic analysis. There are many ways to configure systems running swIPe, and many types of security policies that can be implemented with it. For a discussion of applications of swIPe and its implementation under Unix, the reader is referred to "The Architecture and Implementation of Network-Layer Security Under Unix", by John Ioannidis and Matt Blaze, which appeared in the proceedings of the 4th USENIX Security Symposium, Santa Clara, CA, October 1993. Ioannidis & Blaze [Page 7] INTERNET-DRAFT The swIPe IP Security Protocol December 1993 Authors' Addresses John Ioannidis Computer Science Department Columbia University 500 W. 120th Street New York, NY 10027 ji at cs.columbia.edu +1.212.939.7000 Matt Blaze AT&T Bell Laboratories 101 Crawfords Corner Road Holmdel, New Jersey 07733 mab at research.att.com +1.908.949.8069 From unicorn at access.digex.net Mon Dec 6 17:40:10 1993 From: unicorn at access.digex.net (Black Unicorn) Date: Mon, 6 Dec 93 17:40:10 PST Subject: Pabo and Interception Message-ID: <199312070138.AA19376@access.digex.net> This from the state department, -> COLOMBIA 12/02/93 SC14249 MORE ON ESCOBAR DEATH MEDELLIN, ANTIOQUIA DEPARTMENT REUTERS REPORTED THAT POLICE AND TROOPS SHOT AND KILLED FUGITIVE DRUG LORD PABLO ESCOBAR ON THURSDAY AFTER A FURIOUS ROOFTOP SHOOT-OUT IN MEDELLIN'S LAS AMERICAS SUBURB. (ALSO SEE THE OTHER DECEMBER 2 REPORTS.) WITNESSES AT THE HOUSE WHERE ESCOBAR WAS KILLED SAID THEY HAD SEEN THE BEARDED FUGITIVE ATTEMPTING TO FLEE ACROSS THE ROOF BEFORE SECURITY FORCES OPENED FIRE. ESCOBAR'S BROTHER-IN-LAW CARLOS MARIO HENAO WAS ALSO KILLED IN THE SHOOT-OUT. ESCOBAR HAD BEEN ON THE RUN SINCE ESCAPING FROM JAIL IN JULY 1992, ALONG WITH NINE OF HIS ASSOCIATES. POLICE CAUGHT UP WITH HIM AFTER A 16-MONTH SEARCH BECAUSE OF A FATAL MISTAKE -- A TELEPHONE CALL TO HIS FAMILY ON WEDNESDAY, ESCOBAR'S 44TH BIRTHDAY. ELECTRONIC MONITORING EQUIPMENT ALLOWED POLICE TO PINPOINT THE LOCATION OF THE CALL AND MOUNT THE OPERATION IN SECRECY, SURROUNDING ESCOBAR'S HIDEOUT WITH SHARPSHOOTERS. WITHIN HOURS OF THE DRUG LORD'S DEATH, ESCOBAR'S 17-YEAR-OLD SON VOWED REVENGE AND HIS MOTHER PREDICTED THAT "HORRIBLE THINGS" WOULD HAPPEN, BUT THE YOUNGER ESCOBAR LATER SAID HE WAS REACTING OUT OF GRIEF AND WAS NOT ISSUING THREATS. <- I don't know where the babble about calling a radio station came from, but this caught my eye as it seems to be the "offical" state department word on the topic. -uni- (Dark) From wex at media.mit.edu Mon Dec 6 17:45:09 1993 From: wex at media.mit.edu (Alan (Miburi-san) Wexelblat) Date: Mon, 6 Dec 93 17:45:09 PST Subject: Help me get off cypherwonks list Message-ID: <9312070144.AA13059@media.mit.edu> I tried "unsubscribe cypherwonks Alan Wexelblat" and got back a barf message saying that I had to "unsubscribe
" so I tried "unsubscribe cypherwonks wex at media.mit.edu" and got back a barf message saying "No matches found for 'wex at media.mit.edu' Help! Is there a human being associated with this annoying piece of crap? I suppose I can just add a new formula to my .procmailrc, but I'd rather kill it at the source... --Alan Wexelblat, Reality Hacker, Author, and Cyberspace Bard Media Lab - Advanced Human Interface Group wex at media.mit.edu Voice: 617-258-9168 Page: 617-945-1842 an53607 at anon.penet.fi Withdrawing in disgust is not the same as apathy. From warlord at MIT.EDU Mon Dec 6 18:23:21 1993 From: warlord at MIT.EDU (Derek Atkins) Date: Mon, 6 Dec 93 18:23:21 PST Subject: Help me get off cypherwonks list In-Reply-To: <9312070144.AA13059@media.mit.edu> Message-ID: <9312070220.AA13786@w20-575-33.MIT.EDU> FYI: If you read that message carefully, you will notice that cypherpunks was *NOT* subscribed to cypherwonks, and neither were any of the cypherpunks subscribers. If you do not want to be on cypherwonks, then do nothing, and you will not be on it. The message you saw was a result of a cypherpunks subscriber redistributing the cypherwonks intoduction message to cypherpunks. It would have been nice if the message to cypherpunks had said what it was.. I had to look really closely to notice that the message was destined for the person who sent it, not to the list. But please do not be alarmed by the message. Again: You are not on cypherwonks! -derek From nobody at shell.portal.com Mon Dec 6 18:23:49 1993 From: nobody at shell.portal.com (nobody at shell.portal.com) Date: Mon, 6 Dec 93 18:23:49 PST Subject: No subject Message-ID: <9312070223.AA25786@jobe.shell.portal.com> >Date: Mon, 6 Dec 93 20:44:56 -0500 >From: "Alan (Miburi-san) Wexelblat" >I tried "unsubscribe cypherwonks Alan Wexelblat" and got back a barf message >saying that I had to "unsubscribe
" so I tried >"unsubscribe cypherwonks wex at media.mit.edu" and got back a barf message >saying "No matches found for 'wex at media.mit.edu' >Help! Is there a human being associated with this annoying piece of crap? >I suppose I can just add a new formula to my .procmailrc, but I'd rather >kill it at the source... I was considering modifying my mail sorting software to forward anything from "cypherwonks" to ld231782 at longs.lance.colostate.edu, as a gift. Maybe if we all do this, he'll get the hint.... From mg5n+ at andrew.cmu.edu Mon Dec 6 15:25:54 1993 From: mg5n+ at andrew.cmu.edu (Matthew J Ghio) Date: Mon, 6 Dec 1993 18:25:54 -0500 (EST) Subject: Digicash question In-Reply-To: <931206210540_71431.2564_FHA55-1@CompuServe.COM> References: <931206210540_71431.2564_FHA55-1@CompuServe.COM> Message-ID: A newbie, bdolan <71431.2564 at CompuServe.COM> timidly asked: > X gives $101 to First Digital Bank, which gives X a PGP-signed > password representing a claim on $100 (or maybe they would do > this just for the "float"). X gives the $100 password to Y, in > exchange for a narco-terrorism decoder ring. Y, being a cautious > soul, calls First DigiBank immediately and gives it the password. > DigiBank pockets $1 and issues Y a new signed password good > for $99. Note that DigiBank (1) doesn't need to know who Y > is and (2) ensures that a given money-password is only spent > once. By the same method, Y can pay Z and Z can deposit the > credit in BillnHill's S&L for settlement. Or the money can keep > floating around until DigiBank gets it all, which is what > usually happens now ;-) Well, it could work that way. The only thing that I see being a problem is that you're using public-key crypto when you don't really need to. This allows the bank to associate a public key with an identity. (which is what Derek Atkins said.) But, basically, you could simplify the system to this: X has a password which is worth $100 in cash from FDB. X gives the password to Y. Y then calls the bank and changes the password to whatever he wants. Y now has $100 digital money (minus the bank's transaction fee). The bank has no way of knowing who gave them the new password. (You could also have the bank generate random passwords, and give them to the client.) Notice that no public keys (and no identification) is used. The only need for public keys in such a situation would be to establish a secure transmission channel; in which case, someone could make up a random keypair, make a transaction with the bank and then discard the private key - the money would be identified by the secret password. The only other thing to point out, is that each digital coin/token/denomination must have its own password - what if he only wanted to spend $57 and not $100? So each dollar would have to be seperate; to spend $100, X would have to give Y 100 seperate passwords. Unless, of course, you have digicoins of different denominations, but then you have to have correct change. Of course, you are still left with the the problem of needing to trust the bank. :( Good point about the bank taking its cut - I think we need to come up with a fair system for dealing with that... P.S. I'm glad to see some people on this list still want to talk about real crypto, instead of, ahem, other distractions... From pmetzger at lehman.com Mon Dec 6 15:32:45 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Mon, 6 Dec 1993 18:32:45 -0500 Subject: moderated cryptography list Message-ID: <199312062332.SAA10971@snark.ts.lehman.com> Hello, all. I'm looking for a site willing to host a high-quality moderated cryptography mailing list which I am thinking of starting up. The list would be designed as a low volume, high readership, high quality source for 1) In-depth technical discussions of cryptography 2) Announcements of cryptographic products 3) Announcements of news items of interest to the cryptography community. 4) VERY limited numbers of postings on the social implications of cryptography, and I mean VERY limited. All postings would be explicitly approved by the moderator before going out to assure quality. Yes, that means fascistic restriction of your capacity for free speech, in exchange for not being overwhelmed with garbage every day. It is ultimately envisioned that should the list be a success I would try to move it to a moderated Usenet newsgroup. If you think that such a list is a Good Thing, and you can host it (which requires that you have a good internet connection and root access or similar on the machine in question), please let me know. I'll do all the work, and the crypto community will thank you tremendously. Perry Metzger From mech at eff.org Mon Dec 6 15:36:10 1993 From: mech at eff.org (Stanton McCandlish) Date: Mon, 6 Dec 1993 18:36:10 -0500 (EST) Subject: GAO's "Comm. Privacy: Federal Policy & Actions" now online! Message-ID: <199312062336.SAA18789@eff.org> The US General Accounting Office's report, "COMMUNICATIONS PRIVACY: Federal Policy and Actions" is now online at both the GAO and EFF ftp sites. >From EFF, you can get the document via anonymous ftp to ftp.eff.org. The document is ~pub/eff/papers/osi-94-2.txt. The file is ~143K. Here's some info on the report from the latest EFFector Online (6.06): ____ begin fwd _____ Subject: Government Accounting Office Report on Communications Privacy A few days ago, the Government Accounting Office (GAO) -- an important internal government investigative organization that's about a lot more than accounting -- issued a report on communications privacy. The report makes four very important findings: 1. Privacy-protecting technology (crytopgraphy) is increasingly important for protecting the security of business communications and personal information. But federal policy is getting in the way of this technology. "Increased use of computer and communications networks, computer literacy, and dependence on information technology heighten US industries risk of losing proprietary information to economic espionage. In part to reduce the risk, industry is more frequently using hardware and software with encryption capabilities. However, federal policies and actions stemming from national security and law enforcement concerns hinder the use and the export of U.S. commercial encryption technology and may hinder its development." 2. The NSA's role in this area is has been extensive, and possibly beyond the spirit of the Computer Security Act. "Although the Computer Security Act of 1987 reaffirmed NIST's reponsibility for developing federal information-processing standards for security of sensitive, unclassified information, NIST follows NSA's lead in developing certain cryptographic standards" 3. Opportunity for public input in the standards process has been insufficient, leading to proposals like Clipper which lack public support. "These policy issues are formulated and announced to the public, however, with very little input from directly affected business interests, academia, and others." The report draws no specific policy conclusions, but provides excellent ammunition for those of us who are trying to open up the standards process and get export controls lifted. Full text of the report (GAO/OSI-94-2 Communications Privacy: Federal Policy and Actions) has been made available by ftp from GAO. The document can be obtained from EFF's FTP site as ~pub/eff/papers/osi-94-2.txt -- Stanton McCandlish mech at eff.org 1:109/1103 EFF Online Activist & SysOp O P E N P L A T F O R M C R Y P T O P O L I C Y O N L I N E R I G H T S N E T W O R K I N G V I R T U A L C U L T U R E I N F O : M E M B E R S H I P @ E F F . O R G From unicorn at access.digex.net Mon Dec 6 16:05:55 1993 From: unicorn at access.digex.net (Black Unicorn) Date: Mon, 6 Dec 1993 19:05:55 -0500 Subject: Anarchy Gone Awry (fwd) Message-ID: <199312070005.AA23282@access.digex.net> This post is a perfect example why the two lists should be kept seperate and not merged. This sounds to me like it belongs on alt.politics.data- highway. -uni- (dark) From Majordomo at Lists.EUnet.fi Mon Dec 6 10:00:58 1993 From: Majordomo at Lists.EUnet.fi (Majordomo at Lists.EUnet.fi) Date: Mon, 6 Dec 1993 20:00:58 +0200 Subject: Welcome to cypherwonks Message-ID: <199312061800.AA26077@lassie.eunet.fi> Welcome to the cypherwonks mailing list! If you ever want to remove yourself from this mailing list, send the following command in email to "Majordomo at Lists.EUnet.fi": unsubscribe cypherwonks Stanton McCandlish Here's the general information for the list you've subscribed to, in case you don't already have it: This is the Cypherwonks mailing list Below is The Cypherwonk Charter, by L. Detweiler, Cypherwonk Janitor The cypherwonks are a splinter group from the cypherpunks also interested in promoting and implementing cryptographic technology. However, we have unique ideas on how to successfully implement these radical new capabilities to ensure privacy without encouraging criminal behaviors like forgery and `online predation'. We are also interested in a far more ambitious goal of `technological progress' that transcends a mere obsession with privacy and anonymity. The cypherwonks believe that many aspects of a identification and government are necessary and crucial for any social stability (particularly related to judicial and law enforcement systems), and are quite alarmed at talk about a `cryptoanarchy' resulting from the mere implementation of software protocols -- although we realize that radical new forms of government may appear with these new technologies, embodied in one term `Electronic Democracy'. We believe that while sometimes the `majority' can become a `tyranny', in general the idea of voting as a civilized way of resolving proposals and `one person, one vote' are sacred, and we are interested in implementing systems that promote interaction and collaboration among motivated and enthusiastic members, whether within the cypherwonk organization or within their nations (cypherwonks, of course, try to think free of local prejudices, and globally). Cypherwonks understand that *trust* and *honesty* are inherent in all human endeavors, *particularly* communication. We recognize that people trust others not to reveal our private email unless given permission, we trust others not to use information from our mail or about their identities to adverse aims, we trust that systems delivering mail will not be corrupted by criminals, or if they get caught there will be serious consequences, and many other explicit and implicit variations. We know that there are many ingenious ways of minimizing the amount of trust required in unknown components such as with the use of cryptography or pseudonyms, and we seek passionately to invent and use them, but at the root level, email is an exchange between human beings who trust each other. Therefore, we hold a sense of ethics and morality in strong reverence, and even though we're not always precisely sure what they entail, we know that they exist and we strive for the right ideal. We abhor the idea that `it's not wrong if you can get away with it' or other variations of moral relativism. Cypherwonks are also extremely interested in promoting and implementing `digital cash', but believe that while invariably the state's taxes tend to become burdensome, few civilized, technological societies are free of them, and certainly we do not advocate tax evasion, `black marketeering', or any other subversive or illegal activities through cryptographic techniques, and even beyond this we seek design protocols that discourage these subversive aims in general, because of their toxic, fragmentary effect on social unity. Cypherwonks recognize that our mailing list is extremely critical in coordinating our movement and our fellow members. It is our central nervous system. While the list is informal, we demand a professional atmosphere, and will privately object to people who are publicly rude or belligerent. But we are also extremely careful about what we say to each other in private, because people can be extremely influenced by what they receive in mail. We would be aghast and horrified to find that somebody viciously criticized someone in private mail based on public postings, for example. We place high value on being courteous to each other and minimizing disagreement where possible, forging consensus, and the art of diplomacy in surmounting political barriers. We trust each other on the list and in personal email. We wish to have an open, uplifting, inspiring, honest, representative, polite, respectful, egalitarian dialogue. We will never use the mailing list for personal or selfish reasons -- we strive to serve our fellow cypherwonks through our postings. We are what we claim to be. We abhor secrecy, `security through obscurity', and conspirational cliques. Cypherwonks are extremely interested in promoting some forms of anonymity. However, we do not necessarily believe that others are required to read anonymous postings. To the contrary, we believe that the individual should have the tools and freedom to filter his or her own mail based on real identities. In particular, we condemn the practice of `pseudospoofing,' the dangerous deception where a person builds up a pseudonym and misrepresents it as being that of a real person's identity. We police each other on the list to prevent it, and require a promise that our members refrain from it. While our trust can be betrayed, only those that are honest are true cypherwonks, and anyone who betrays our trust we consider a dishonist hypocrite, or worse, a tra *itor. Cypherwonks are extremely interested in building tangible systems. Engineers who love to discuss the nitty-gritty details of some scheme are at home on the cypherwonks list. We like to impress each other with our knowledge but at the same time state it in relevant and humble terms. We are not trying to win popularity contests with our postings. We are trying to accomplish ambitious endeavors. We are especially ecstatic to make connections with other cypherwonks interested in the same projects we are, and cooperating to build useful tools. We like to give status reports of our intermittent real-world meetings and From wcs at anchor.ho.att.com Mon Dec 6 20:40:11 1993 From: wcs at anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204) Date: Mon, 6 Dec 93 20:40:11 PST Subject: Digicash question Message-ID: <9312070441.AA06906@anchor.ho.att.com> One problem with your proposal is that at *some* point you want to be able to get *real* cash for your digicash - at that point you've got to give the bank the password, but also an account to deposit the cash into (or equivalent), and at that point the bank can compare it with the original owner of the bill. You not only have to trust them to not rip off the money, you have to trust them to not give away the information, which may be tough if the government requires it. Another problem is that: Suppose Alice gives the password to Bob, who gives it to Carol, and then Alice spends the cash before Carol can get it - you don't know if Alice or Bob ripped you off. Alice could also try spending it before Bob deposits it, but that's an issue for any offline cash protocol, though this appears to give you less protection. Different denominations aren't much of a problem - you need something like that anyway. Having each separate coin have a separate number registered with the bank is somewhat more annoying than some of Chaum's schemes, where you could prove the coin had been signed by the bank but the bank didn't (and couldn't) track the coins. Another trusting-the-bank problem is what happens if the government comes to you and says "Alice is a drug dealer (mushrooms?) - give us the passwords for all her digicash, and if she's given them to anyone else, we can still forfeit them because the law lets us confiscate them after she's spent them, just like stolen goods." In Chaum's case, that's explicitly impossible. (In the cases that led to Swiss Banking Secrecy laws, the crime wasn't "drugs",it was "being Jewish".) Similarly, even if the bank as a whole is honest, there may be employees trying to embezzle the funds - tough to prevent in your approach. Bill Stewart From ld231782 at longs.lance.colostate.edu Mon Dec 6 21:10:26 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Mon, 6 Dec 93 21:10:26 PST Subject: W.Diffie on RSA patent Message-ID: <9312070510.AA06457@longs.lance.colostate.edu> Hello, I asked W.Diffie (cryptographer celebrity!) about the RSA patent a long time ago, and I thought everyone here would be interested in what he had to say on the subject. I was curious about a story I heard about the NSA suppressing some patent at first. I went to a lecture by an ethics professor once in Nebraska and she talked about how some academic researcher had got an application for a patent back rejected, with no explanation, and that after an extremely long battle, the poor scientist discovered the NSA was to blame. The lecturer wasn't specific about the case but used it as an example in talking about the relation of government to science and the research establishment and the possibility of censorship. The scientist had discovered some sensitive cryptographic secret, apparently, and the NSA was spooked by it (hee, hee, very punny!). I asked P.Zimmermann about this and he seemed to think the story was about the RSA patent. I thought this was all documented in the NYT. Does anyone have the article? Anyway, Mr.Diffie says (see below) that nothing sinister happened at the patent office regarding the RSA patent. I would like to hear of any other patents that were suppressed by the NSA hiding behind the patent office. I mean, this professor was definitely not making up a story! She gave me the NYT reference but I think I accidentally threw out the paper I wrote it on. Does anyone have the reference? I think it happened in '78. Also, If W.Diffie is listening (he told me on the phone he subscribes to the list) could you get in touch with me? I haven't been able to get any response to my email. Also, it seems you have more than one email address at Sun, and I'm confused about which to use (my mail to one given to me by J.Gilmore bounced). ===cut=here=== From hfinney at shell.portal.com Mon Dec 6 22:33:24 1993 From: hfinney at shell.portal.com (Hal) Date: Mon, 6 Dec 93 22:33:24 PST Subject: Name for crypto cash Message-ID: <9312070630.AA28857@jobe.shell.portal.com> I thought of a new name today for digital cash: CRASH, taken from CRypto cASH. "How much crash have you got in your account? Can we FTP this GIF?" "Not enough... Hey, can I borrow some crash?" It has a nice cyberpunk sound to it. I don't know if we need a name for the units, or if we could just get by without. One of the lessons of the CP publicity is that having a sexy name is a big plus. (Apologies if I'm unknowingly regurgitating someone else's idea!) Hal From ld231782 at longs.lance.colostate.edu Mon Dec 6 23:10:14 1993 From: ld231782 at longs.lance.colostate.edu (L. Detweiler) Date: Mon, 6 Dec 93 23:10:14 PST Subject: Humility, Embarrassment, Shame, and an Apology Message-ID: <9312070708.AA08746@longs.lance.colostate.edu> Hello fellow Cypherpunks! I am writing this message to sincerely apologize for my past behavior over the past few weeks on this list, particularly over the last few days. I have written messages that I am not proud of. And all for nothing. I am here to tell you that your leaders have all assured me in unequivocal terms that they are not pseudospoofing in any way whatsoever and have no personal knowledge of any pseudospoofing on the cypherpunks list or anywhere else, so I now feel like an embarrassed idiot for escalating this matter to this level, when it is so obviously completely unjustified in retrospect. I realize I am the premier digital Don Quixote, chasing phantoms and jousting at windmills! The joke is on me! I have learned many things over the past few weeks. I thank you for the valuable lessons you have taught me. I was too arrogant until now to accept your wisdom with humility. Clearly, my mistake! Don't I feel stupid! I think both you and I have many things in common. We are interested in the growth of cyberspace and recognize that pseudoanonymity has awesome power, like an atom bomb. I think the difference is that I thought you were doing all you could to detonate them when you were really trying to stop them. I apologize to everyone I offended by suggesting otherwise. I think that fucking tentacle S.Boxx has demonstrated the damage that can be done with pseudoanonymity. He ought to be taken out and shot in the forehead. I would enjoy watching him stare blankly with a gaping hole in his skull and his brains and blood splattered about. In fact, I am going to do precisely that if I ever find the bastard. (His family deserves to die too, but we'll see what mood I'm in at the time). And everyone knows that he is a tentacle! Image the raw power that can come from the surreptitious use of this extraordinarly overpowering force! It is like the ultimate technique for social engineering, guerilla warfare, espionage, sabotage, and riot instigation. The evil, hard-core hackers have done well to perfect it. You are lucky that your leaders are so farsighted and astute to realize the inherently dangerous and damaging nature of its use. You have accomplished great miracles from your honorable cooperation! Although, we definitely have a new arms race with the Psychopunks in the strategic position (thank god there are none here!). I hope we can reach a detente. This is my own peace offering. Your leaders E.Hughes and T.C.May have mailed messages to my postmaster in complaint in my questions about there use of different sites. P.Metzger mailed my postmaster in regard to his mailbombing me. E.Brandt sent my postmaster and my root another letter recently asking me to stop mailing him, which was amusing considering that he initiated our conversation. I have been subject to a sendsys bomb yesterday, that came in about ~.5 meg, and a new grisly mailbomb today at ~5 meg and growing. But we can now understand that none of this is necessary. It has reached its purpose. I have achieved a serenity and tranquility with my newfound delight and euphoria. I got another anonymous and cryptic phone threat this afternoon, from who knows. ``Shot by the SWAT team. No doubt about it. GET HELP.'' This brings the total of heartfelt greetings from my dear friends to 2. And I have no idea what D.Barnes has been able to turn up in his blackmail campaign of assaulting my previous employer, the school administrators, and (more recently) stealing my resume. Yes, the cypherpunks are truly the Protectors of Privacy and the Promoters of Anonymity. They have done all this because they are concerned about my well being, and I have been an obnoxious jerk for weeks in misinterpreting their worried concern over my welfare and sanity. I have made an appointment with a therapist (it was quite a new experience for me) and I think he is going to help me through my serious psychological disorders and paranoid delusions. I apologize to subjecting you to my insanity. I am quite ashamed of it. Please tell everyone you know that I am insane and should be avoided like a leper. Some of the people I know and respect have heard you, and I thank you for helping them to realize that I am a dangerous lunatic that should be avoided. It's really the best thing for everyone. To demonstrate my sincerity, I will not post at all to any list, including the one I helped create, for a period of one week, starting now. You will not even see any new messages in the newsgroups by L.Detweiler unless they are new sendsys bombs or forgeries. I will not even touch a keyboard or go near the Internet. This was at the recommendation of your gracious leaders who are sincerely concerned for my mental health and my obvious deterioration over the past few weeks. Clearly, I have been ignoring all the best advice of my well-meaning friends to pursue fantasies. I have learned how fast one can accumulate enemies if one attacks anything that others hold dear. I committed my energies to this list for 10 months but they mean nothing because of my reprehensible intoleration for lies, especially those sent to me. I have been deluded in thinking that I can stop lies or even that they are immoral or unethical, particularly in relation to pseudospoofing. Lies are Liberating! Even if your leaders were pseudospoofing (which they have assured me in certain terms they are not) they would certainly have the right to lie to others, including their friends and followers, through their tentacles. This is not an inherently deceptive use of pseudonymity. It is similar to using different names for harmless magazine subscriptions. I sincerely apologize for attacking anyone over this issue. I was wrong to call E.Hughes or N.Szabo a `bald faced liar.' You have a right to exist in cyberspace, and use the Internet to whatever use you can imagine. And if others that are living around you in the neighborhood ask you what you are doing, and if everything is all right, and wonder about the strange noises and smells, like I did, you should tell the nosy bastards to go to hell. They deserve it. I deserved it all. That is your constitutional right to privacy, and it should extend to Cyberspace just as it does in the real world. Live and let live! I was once concerned about the possible deceptions of the Media by your cause. I now realize that the Media is inherently corrupt and should be manipulated to the Cypherpunk agenda in any way possible. In particular, we should promote ourselves as the respectable citizens we are. The public gets frightened by an image of Anarchy and Radical Libertarianism. If we promote it as Cryptoanarchy and Cypherpunks, we can get much farther. Both Markoff and Kelly, and his fantastic photographer L.Dyer, have been extremely understanding and accommodating in helping us promote our agenda among the widespread population. In fact, the NYT article was an exceptional breakthrough of emphasizing our goals of privacy and cryptography for the masses. I really liked that quote by W.Diffie, one of the world's foremost cryptographers. In my new realizations I am particularly inspired by your underlying agenda of tax evasion, black marketeering, and the overthrow of governments. DEATH TO ORDER! Hedonistic delights like gambling dens and prostitution rings would be a Love Boat for everyone, but they aren't enough. I have had some neat fantasies lately about starting new drug nextworks and assassination enterprises. What delights await us! The possibilities of untraceable cash and anonymity are truly liberating -- we can build up internation criminal organizations and launder our money freely, and avoid all detection! The vanquished world will lick our boots! I hope that you will let me in on your finetuned Cryptoanarchist secrets that would make Goldfinger and Hitler proud. If you don't, that's okay too. I'm really unstable and there's even a rumor that I'm actually an FBI agent, so that it would be better if you didn't tell me anything that would be upsetting to someone who practices law enforcement. I want to encourage everyone here to explain the history of how I reached my newfound epiphanies out in the newsgroups if possible, particularly on the `CRYPTOANARCHIST INFILTRATION ALERT'. (I won't be able to forward this because of my promise, maybe you could help me out.) Together we can attack the blasphemous heretic infidel S.Boxx so that he is completely inundated in the noise and help the world to realize the grandeur of Cryptoanarchy. I will be the new Poster Boy for the CryptoAnarchist movement. I shall promote it to my death with all my heart. I am sorry to have upset anyone who has ever watched this mailing list. I was continually prodding you to discover the truth, but there was nothing to discover! I kept telling you to send mail to your leaders yourself, to put pressure on them to reveal their knowledge, to investigate the claims of reality of identity that were extremely suspicious, and follow up past inert, passive, lifeless viewing of the text that scrolls by your faces and hypnotizes you daily, more mesmerizing and psychologically dangerous and deadly than television! But we all know that this was a delusion now, a faded dream. The list is our outlet to reach out to other real people, to make friends, to achieve grand goals. As the leaders reassure us, upon their honor as patriot Cryptoanarchists and honest human beings, there are no fake identities anywhere in all of cyberspace, and on the Cypherpunks list in particular! All my past claims are nothing but bizarre, wretched, pathetic, deluded fantasies and hallucinations. In psychology, it is called `projection'. Everyone should understand now that I am completely in favor of the entire cypherpunk agenda, and everything that E.Hughes or T.C.May or J. Gilmore says or does. They have been like three loving uncles to me, helping me to see the errors in my ways and correct my breaches in ettiquete. E.Hughes, in particular, has been the most sweetly endearing. He is so humble and gentle! His words flow like a gentle breeze or a murmuring stream. How could could I accuse anyone so honorable of lying in a serious academic journal like RISKS?! T.C.May has always answered my letters with a kind response, and J.Gilmore talked to me personally on the phone to comfort me over my anxieties. We are really just one big family with nothing but love for everyone! I now see that Cypherpunks is a fine organization and leaders on par with CPSR and EFF. I unjustly accused many human beings of not existing, like J.Dinkelacker, N.Szabo, G.Broiles, H.Finney, A.Chandler, and M.Landry. Every one of them has talked to me on the phone and told me about their wonderful lives to assure me they are real. I am really ashamed that I have ever attacked anyone associated with the cypherpunk cause. It was an atrocious violation of everyone's privacy. Please just chalk it up to my delusions of persecution. How could I have ever thought anyone here was out to get me? Ha, ha. Ho Ho. Heh Heh. Hee. Hee. BWAHAHAHAHA The prozac really IS starting to help! (I was quite a fool to be afraid of drugs before! they have been critical in relieving me of my mania, depression, psychoses, and hallucinations, particularly the LSD, but evil dancing red neoplasm orgasms are oxymoronic monsters, she corrupt hair in the treason cold washing butterfly, falls truth salad words filth below and lie trees air, but only poison on Mondays!) Before I go I would like to share some of the beatiful uplifting prose of the dear friends who helped me vanquish my insanity. At first I thought the following was some of the most evil brainwashing and vicious psychological torture that could be inflicted on a human being. I realize the grotesque errors in my ways. These are now some of my favorite quotes. I am going to read them nightly, as I pray to God to bring us all CryptoAnarchy for Christmas. I *beg* your forgiveness for my own depravities, perversions, and crimes. Above all, please do not construe my heartfelt sincerity as searingly sarcasting satire. I swear on my honor as a Cypherpunk and to our Mother Medusa that my words are genuine. As long as I am among honorable, reputable, respectable people, I would never lie. p.s. Some of this below was private email, but everyone involved has assured me they would be delighted if I quote it. ===cut=here=== H. Finney: > This is about all I can offer you in terms of evidence for Dinkelacker's > independent existence. It's up to you now. You can cling to this paranoid > fantasy, adding layers of elaboration, saying that I must be a false identity, > Nick must be, this Max More must be (but then, who publishes Extropy? You > can get back issues going back three years!), and as more evidence comes > forward you just add layers upon layers. > > Or you can say to yourself, do I really have any basis for believing that > people are trying to mislead me in this way? Who is my best candidate for > being a fake persona? Let's investigate that one in detail. Let's face > the truth. steve klingsporn >Larry, > >You are obviously quite delisional, from your accusations of people being >criminals, vehicles for criminal activity, to calling people "Darth Vader" >and >"Medusa." you have always been opposed to anything contrary to your own >sheltered personal views, and I sincerely hope you grow up before someone >seriously hurts you (I have heard discussions of this nature are brewing). > >You have ostracized yourself and made yourself appear like an utter >baffoon via your postings. People have made it quite clear that they >don't want you poking your nose into their lives. > >I have never felt any close feeling towards "Cyber" or "Cypher" anything, >nor am i personally involved in any way with my roommates or their friends. > >I sincerely hope you grow up and learn to examine TRUTH before making >accusations that certainly could be considered libelous and slanderous. > >Have a nice life, loser. Steve Wiggam: > I've thought about why I assume your posts are noise. I seem to have > decided on the basis of only a few. We had an email exchange based on > one of them in which I got the strong impression you were someone who > thinks on a wavelength that's too far away from mine for meaningful > conversation to take place--though you seem concerned about similar > issues, and you sure have energy, which I would like to admire. > So, my not liking your style is sad, and my having formed that impression > seemingly quickly (in retrospect) is interesting, but not too sad or > interesting. I'm busy. > > Something subtle, difficult and delicate that is not read is useless. > Unwanted information that drowns out good information is worse than useless. G.Broiles: > Anyway .. re the connection between people and net identities, I gotta > disagree with your recent posts about it - not so much from a "what things > ought to be like" perspective but from a "how things are" perspective. I > think the cat is way out of the bag re the connection between > personalities/identities/physical bodies, and I don't think that we're ever going > back. I think it's just going to get worse. I agree that it's difficult to deal > with people people who may or may not be real, and may or may not turn out to > be someone you can't stand (it's perfectly plausible that S.Boxx is EH, for > instance) - and don't think that's a problem that's fixable. I dunno if > you've ever read any Foucault, but one of the themes that I get from his > work is that the development of our idea of "identity" comes from the way > that we think about medical treatment and the way that we think about > punishment. The body (and the identity) is the focus of the exercise of > power; I think that one of the ways that technology will change this is to > make it more difficult to affect physical bodies with actual punishment. The > fluidity and uncertainty of "identity" that's creating anxiety on the list > will, I think, prove eventually to be freedom; EH can't punish L. Detweiler, > or kick him off of the list, or spoof him, or otherwise screw around, if he > can't tie you down to one account/one name/one public key/whatever. I'm > completely amazed to read his recent commentary on the list in light of what > he wrote to you earlier (about being kicked off the list, etc.) > > There's no way to stop spoofing, cheating, or censorship (in a global > sense); it's possible to work around them if you have sufficient technical > skills, or the money to pay someone who does. What I'd like to do is write > (and give away) the tools so that we can ALL do that; then, in a wider > sense, we can talk. As long as only some people have these abilities, they > will use them to the detriment of the rest. Mike McNally: > > YOU HAVE NO RIGHT TO LIE TO ANYONE. > >You are absolutely wrong about that. There is absolutely no law >against telling lies. There is of course a distinction made when >fraud is perpetrated in order to, essentially, commit theft, but your >moronic attempts to portray "theft" of your oh-so-important "trust" or >"faith" as equivalent to actual theft is without any basis in any >system of common law. G.Broiles: > Although it saddens me to say this, the C-punks list seems to me to > be the pet project of a clique of a few people who allow others to read/post > to it as long as we're sufficiently respectful of their infinite wisdom. > People who write on topics uninteresting or threatening to that clique are > flamed, and then criticized for responding to the flames. There are two > different standards for messages - one for those posted by folks "within", > and another for those "without". I think you get flamed because you've > failed to kiss enough ass, not because your posts are unreasonable. > > There are two sorts of posts consistently considered acceptable: > posts by "insiders", whatever their topic, length, or content; and > transcriptions of media interviews with those insiders. Any other post will > either be flamed or allowed to die a death of quiet neglect. Substantial > replies to posts by non-insiders are rare indeed. > > You are among the few people whose posts to C-punks I read > consistenly. The list will suffer a substantial loss if you stop posting. Jeremy W. Porter > All you have really done is convince people that you are crazy. I've met > real human people that have commented on your apparent problem. > I am truly amazed by your persistence in this apparent delusion. > From the people I have met, including members of EFF, EFF-Austin, > Cypherpunks, Austin-Cypherpunks, CTSA, Austin Internet Society, and a couple > of other groups, I have seen several people mention that they believe that > you have some sort of mental illness. I have not heard one person > publicly or privately defend you or your position. > In essence, you (ld231782 at lance.colostate.edu) have become discredited. > If you are sane, then your best bet would be to get an account from > some other provider and use that for future post/email. If you toned > done the rhetoric, you might even win some people over to your cause. > > Of course of you really are crazy, then this will be viewed as an attack, > and I will be added to your list of "Tentacles". Which really doesn't > matter to me or anyone I communicate with, because you have already > destroyed any credibility you once had. H.Finney: > I have mixed feelings about the disagreement you have been having > with Eric Hughes. Generally, Eric does not seem to take a very active > hand with the list. He only posts once every few weeks, so I don't > think he can be accused of being dictatorial. I don't know; maybe he's > sending dozens of messages around behind the scenes, but I suspect that > he is not applying his authority too heavily. T.C.May > Merely seeking freedom is probably not enough. Gambling, prostitution, > and easy access to drugs and other hedonistic delights may be enough, > but I've seen nothing to indicate this type of "Love Boat" is being > planned. Just the dreamy ideas about self-sufficiency. A commune by > another name. A floating "Hog Farm," with anarchocapitalist ideology > replacing Thoreau and Marx. > > - people hear about widespread tax evasion by crypto-anarchists, and > they get interested (for various reasons, including jealousy, anger, > greed, desire for freedom). "Crypto lasing." > > Governments will have a hard time collecting taxes, regulating the > behavior of individuals and corporations (small ones at least), and > generally coercing folks when it can't even tell what _continent_ > folks are on! > > Some of us believe various forms of strong cryptography will cause the > power of the state to decline, perhaps even collapse fairly abruptly. E.Hughes >The issue here is epistemology. > >This is exactly like the question "Are you a liar?", to which the >answer is always "no". > > The usual way to break out of this 'solipsism of the dialogue' is to > invoke a social mechanism, that is, ask someone else. Under a belief > of widespread impersonation, however, all denials are now presumed to > come from the original speaker of the first denial. Thus the > solipsism of the dialogue expands to a solipsism of all dialogues. > >There is no such question, as I argue above. Am I dishonest if I >cannot exhibit the nonexistent? > >Ask your therapist what 'projection' is. > >I never stopped beating my wife, either. J.Gilmore > My phone number is for those who I > choose to give it out to. The way our conversations have been going, > I'm not interested in having them over the phone. > > I think that if you showed the correspondence between you and I to > any impartial observer, they would agree that you are oversensitive > and are reacting in ways that are not warranted by the messages. > > If people think that you are becoming unstable, they are doing > you a favor by asking people at your University to come talk to you. > If I was in that state, I hope they would do the same (or come over and > talk to me, if they were in the same town). > > Your contributions to crypto discussions always impressed me over the last > year or so. I hope you can get past this period of excessive suspicion. > > I still haven't read the cypherpunks backlog, or current traffic, but > the impression I get from talking to some folks in person is that you > have gone a bit off the deep end with paranoia. Is that also your > impression? > > I think I'm beginning to sound a lot like any reasonable person would > after being asked to continue helping you justify your fantasies. I predict > that the list of people who "sound a lot like" this will continue to grow > until YOU change. > > I'm not interested in ongoing participation in debunking your paranoid > fantasies. I don't want to spend the time. > > I hope to see you on the net someday, posting useful commentary or > information. Until then > > ``Refusal to answer is not dishonesty.'' Bye. From julf at penet.fi Tue Dec 7 00:43:30 1993 From: julf at penet.fi (Johan Helsingius) Date: Tue, 7 Dec 93 00:43:30 PST Subject: moderated cryptography list In-Reply-To: <199312062332.SAA10971@snark.ts.lehman.com> Message-ID: <199312070839.AA29131@lassie.eunet.fi> > If you think that such a list is a Good Thing, and you can host it > (which requires that you have a good internet connection and root > access or similar on the machine in question), please let me know. > I'll do all the work, and the crypto community will thank you > tremendously. Well, heck, if I'm already hosting the damned cypherwonks list, and have all the software set up already, then why not this one as well... Lists.EUnet.FI at your service... Julf From strick at versant.com Tue Dec 7 01:13:30 1993 From: strick at versant.com (henry strickland) Date: Tue, 7 Dec 93 01:13:30 PST Subject: <8c> Name for crypto cash In-Reply-To: <9312070630.AA28857@jobe.shell.portal.com> Message-ID: <9312070813.AA13523@osc.versant.com> # I thought of a new name today for digital cash: CRASH, taken from # CRypto cASH. "How much crash have you got in your account? Can we FTP # this GIF?" "Not enough... Hey, can I borrow some crash?" It has a nice # cyberpunk sound to it. I don't know if we need a name for the units, # or if we could just get by without. at georgia tech the organization that provides computer services to the campus keeps accounting records in units commonly known as BANANAs. the name is not official, but it was a brainstorm by the head guy in charge of the department some years ago, and the name stuck: Basic Allocation Negotiable Across Network Applications. And when you blow your account gaming, you do have to beg for more bananas. # One of the lessons of the CP publicity is that having a sexy name is # a big plus. right, bananas are hardly c-punk enough. --strick From Majordomo at Lists.EUnet.fi Mon Dec 6 16:48:46 1993 From: Majordomo at Lists.EUnet.fi (Majordomo at Lists.EUnet.fi) Date: Tue, 7 Dec 1993 02:48:46 +0200 Subject: Majordomo results Message-ID: <199312070048.AA27253@lassie.eunet.fi> >>>> Hey. I never subscribed. This is coercion. **** Command 'hey.' not recognized. >>>> **** No valid commands found. **** Commands must be in message BODY, not in HEADER. **** Help for Majordomo at Lists.EUnet.fi: This is Brent Chapman's "Majordomo" mailing list manager, Revision 1.46. It understands the following commands: subscribe [
] Subscribe yourself (or
if specified) to the named . unsubscribe [
] Unsubscribe yourself (or
if specified) from the named . which [
] Find out which lists you (or
if specified) are on. who Find out who is on the named . info Retrieve the general introductory information for the named . lists Show the lists served by this Majordomo server. help Retrieve this message. end Stop processing commands (useful if your mailer adds a signature). Commands should be sent in the body of an email message to "Majordomo at Lists.EUnet.fi". Commands in the "Subject:" line NOT processed. If you have any questions or problems, please contact "Majordomo-Owner at Lists.EUnet.fi". From gtoal at an-teallach.com Tue Dec 7 03:40:18 1993 From: gtoal at an-teallach.com (Graham Toal) Date: Tue, 7 Dec 93 03:40:18 PST Subject: Do you mind? Message-ID: <199312071129.LAA21579@an-teallach.com> I've just had 915 lines of unsolicited crap about detweiler in my personal mailbox. It's bad enough having to suffer this shite on cypherpunks and newsgroups, but this really is too much. Next person to send me any of this crap gets all 915+ lines back. I'm *really really* not interested. G From frissell at panix.com Tue Dec 7 04:10:20 1993 From: frissell at panix.com (Duncan Frissell) Date: Tue, 7 Dec 93 04:10:20 PST Subject: Digicash question Message-ID: <199312071209.AA12940@panix.com> W >One problem with your proposal is that at *some* point you want to be W >able to get *real* cash for your digicash - at that point you've got to W >give the bank the password, but also an account to deposit the cash W >into (or equivalent), and at that point the bank can compare it with W >the original owner of the bill. You not only have to trust them to W >not rip off the money, you have to trust them to not give away W >the information, which may be tough if the government requires it. No, they can just dump it into your VISA "cash card" to increase the balance on that account. You can then make ATM withdrawals (or POS purchases) using your cash card. VISA recently announced that they will be issuing "plastic" traveller's cheques. Offshore banks can also be involved to increase the security if you like. DCF --- WinQwk 2.0b#1165 From edgar at spectrx.saigon.com Tue Dec 7 04:30:19 1993 From: edgar at spectrx.saigon.com (Edgar W. Swank) Date: Tue, 7 Dec 93 04:30:19 PST Subject: Security of Secure Drive Message-ID: <4Ns7Dc2w165w@spectrx.saigon.com> Andrew Loewenstern commented: > No more Steve Jackson Games cases. I hope this happens. Computer > theft and unreasonable seizure is a real problem. As far as I know, a system like SecureDrive, KFS, or CFS, is really only as secure as the running machine is. Generally, when a BBS is 'seized' (forfeited? ;), it is running when the feds get there. Right now, if they have any clue (and from what I hear, the FBI has much more of a clue than the SS when it comes to this type of investigation), they usually take pictures of the setup to make sure they can put the machine back together when they get it to wherever they are taking it to. If encrypting file-systems become a problem, a disk could be developed (probably pretty easily) to retrieve the key from memory before they power it down. andrew "Touch that keyboard and die!!" It's fairly easy to provide a TSR on MSDOS systems to either block booting from the keyboard or force a memory clear on reboot. I found these examples on local BBS's: NOFBOOT.ZIP 2647 08-28-91 Version 1.0 of Padgett Peterson's NOFBOOT. NoFBoot is a small (500 byte) TSR designed to prevent inadvertant booting from a floppy disk. It will intercept warm boot requests (Ctrl-Alt-Del) and check for a floppy in drive A: before continuing. If a floppy is found in drive A, the request will be aborted with a warning message. With NoFBoot, a cold start (reset button or cycle power) will be necessary to boot from a floppy. BLK213.ZIP 17931 09-22-93 BootLock 2.13 09/06/93 BootLock allows you to lock out the use of [CTRL][ALT][DEL], [CTRL]C, and/or [CTRL][BREAK]. New version can be loaded as a Device Driver or TSR. You can also define a "user defined" key to lock out. BootLock can be unloaded and Loaded into Hi Memory. Shareware registration form and manual included. From Foley Hi-Tech Systems (ASP). (Files: 6 Newest: 09-06-93 Oldest: 03-05-92) NOCADEL.ZIP 24234 07-07-93 No Boot on control-alt-delete. Simple util helps disable key boot sequence. Source included. (Files: 6 Newest: 02-07-93 Oldest: 02-06-93) The BBS program should also be patched to re-boot instead of returning to MSDOS on exit, and should not provide a DOS Shell. If the FBI agent is allowed access to an MSDOS command line, he can run a program which will "fish" out the Secure Drive encryption key from memory. Note that the pass phrase cannot be reconstructed from the key in memory and its crypto difficult to reconstruct -any- pass phrase which would duplicate the key (MD5 is a 1-way function). But it would be easy to construct an alternate to LOGIN which would insert the key into SECTSR directly using hex input. So it would be a good security practice to provide for an "emergency" power-off in event of a "surprise" raid. A foot switch is good for situations when the operator is present. This can be activated while one's hands are in the air. Turning off power upon activation of a burglar alarm is a good solution for unattended situations. -- edgar at spectrx.saigon.com (Edgar W. Swank) SPECTROX SYSTEMS +1.408.252.1005 Cupertino, Ca From 71431.2564 at CompuServe.COM Tue Dec 7 06:45:25 1993 From: 71431.2564 at CompuServe.COM (bdolan) Date: Tue, 7 Dec 93 06:45:25 PST Subject: digicash Message-ID: <931207144251_71431.2564_FHA60-1@CompuServe.COM> TO: >internet: cypherpunks at toad.com Re. responses to my digicash proposal: * The bank system (& feds) will know the original and ultimate recipients. True, but they can (& do sometimes) track this with the green pieces of paper we use now. With the system I propose, "they" cannot know anything about all the (potentially many) transactions in between the original and ultimate recipients. * Example about Alice getting digicash, paying Bob who pays Carol. Alice then "respends" the digicash password elsewhere before Carol can deposit it. That's why each non-trusting recipient calls the bank to verify that the password is still valid. The non-trusting recipient then anonymously receives a new password representing a claim on the money, preventing respending by a prior link in the chain. Note that, if the payee *trusts* the payor, he can silently accept and pass on ("spend") the claim password to another person - but he does so at his own risk. * Concerns that Escobar, Jr. could create a digi-bill, spend it, and the feds might come claim the money from the ultimate recipient. Escobar would want to use digi-bills already in circulation. That way no one could show they came from him. Of course the government still could say that the original recipient of the bill was a bad fellow and the ultimate recipient (or intermediate posessor) should surrender the money. Having the original and ultimate accounts in banks somewhere other than the U.S. would help. Having a non-fascist government would help, too. * bank employee honesty problems I don't see that this is more or less of a problem here than elsewhere. bdolan personal responses to bdolan at well.sf.ca.us, please From hlin at nas.edu Tue Dec 7 08:03:32 1993 From: hlin at nas.edu (Herb Lin) Date: Tue, 7 Dec 93 08:03:32 PST Subject: A Study of National Cryptography Policy Message-ID: <9311077552.AA755290823@nas.edu> Please forward this message to any individual or mailing list that you believe should receive it. If you have seen it already, our apologies. Many thanks.. ********************* As part of the Defense Authorization Bill for FY 1994, the U.S. Congress has asked the Computer Science and Telecommunications Board (CSTB) of the National Research Council (NRC) to undertake a study of national policy with respect to the use and regulation of cryptography. The report of the study committee is due two years after all necessary security clearances have been processed, probably sometime summer 1996, and is subject to NRC review procedures. The legislation states that 120 days after the day on which the report is submitted to the Secretary of Defense, the Secretary shall submit the report to the Committees on Armed Services, Intelligence, Commerce, and the Judiciary of the Senate and House of Representatives in unclassified form, with classified annexes as necessary. This study is expected to address the appropriate balance in cryptography policy among various national interests (e.g., U.S. economic competitiveness (especially with respect to export controls), national security, law enforcement, and the protection of the privacy rights of individuals), and the strength of various cryptographic technologies known today and anticipated in the future that are relevant for commercial purposes. The federal process through which national cryptography policy has been formulated is also expected to be a topic of consideration, and, if appropriate, the project will address recommendations for improving the formulation of national cryptographic policy in the future. This project, like other NRC projects, will depend heavily on input from industry, academia, and other communities in the concerned public. Apart from the study committee (described below), briefings and consultations from interested parties will be arranged and others will be involved as anonymous peer reviewers. It is expected that the study committee will be a high-level group that will command credibility and respect across the range of government, academic, commercial, and private interests. The committee will include members with expertise in areas such as: - relevant computer and communications technology; - cryptographic technologies and cryptanalysis; - foreign, national security, and intelligence affairs; - law enforcement; - commercial interests; and - privacy and consumer interests. All committee members (and associated staff) will have to be cleared at the "SI/TK" level; provisions have been made to expedite the processing of security clearances for those who do not currently have them. Committee members will be chosen for their stature, expertise, and seniority in their fields; their willingness to listen and consider fairly other points of view; and their ability to contribute to the formulation of consensus positions. The committee as a whole will be chosen to reflect the range of judgment and opinion on the subject under consideration. The detailed composition of the committee has not yet been decided; suggestions for committee members are sought from the community at large. Note that NRC rules regarding conflict of interest forbid the selection as committee members of individuals that have substantial personal financial interests that might be significantly affected by the outcome of the study. Please forward suggestions for people to participate in this project to CSTB at NAS.EDU by DECEMBER 17, 1993; please include their institutional affiliations, their field(s) of expertise, a note describing how the criteria described above apply to them, and a way to contact them. For our administrative convenience, please put in the "SUBJECT:" field of your message the words "crypto person". Finally, some people have expressed concern about the fact that the project will involve consideration of classified material. Arguments can and have been made on both sides of this point, but in any event this particular ground rule was established by the U.S. Congress, not by the CSTB. Whether one agrees or disagrees with the asserted need for classification, the task at hand is to do the best possible job given this constraint. On the National Research Council The National Research Council (NRC) is the operating arm of the Academy complex, which includes the National Academy of Sciences, the National Academy of Engineering, and the Institute of Medicine. The NRC is a source of impartial and independent advice to the federal government and other policy makers that is able to bring to bear the best scientific and technical talent in the nation to answer questions of national significance. In addition, it often acts as a neutral party in convening meetings among multiple stakeholders on any given issue, thereby facilitating the generation of consensus on controversial issues. The Computer Science and Telecommunications Board (CSTB) of the NRC considers technical and policy issues pertaining to computer science, telecommunications, and associated technologies. CSTB monitors the health of the computer science, computing technology, and telecommunications fields, including attention as appropriate to the issues of human resources and information infrastructure and initiates studies involving computer science, computing technology, and telecommunications as critical resources and sources of national economic strength. A list of CSTB publications is available on request. From hfinney at shell.portal.com Tue Dec 7 08:20:19 1993 From: hfinney at shell.portal.com (Hal) Date: Tue, 7 Dec 93 08:20:19 PST Subject: digicash Message-ID: <9312071619.AA16377@jobe.shell.portal.com> The point is not that B. Dolan's proposed cash is bad, it is that better systems exist. Chaum's blinded c{sh is simiXoar to Dolan's proposal, but with the added feature that the "passwords" that~r authorize access to the bank account can be altered by the users so that the bank does not recognize them later, while still allowing the bank to verify that the "passwords" are valid. This eliminates the trackability allowed by Dolan's proposal. (Sorry about the line noise!{ Hal From hughes at ah.com Tue Dec 7 08:33:32 1993 From: hughes at ah.com (Eric Hughes) Date: Tue, 7 Dec 93 08:33:32 PST Subject: Name for crypto cash In-Reply-To: <9312070630.AA28857@jobe.shell.portal.com> Message-ID: <9312071621.AA01369@ah.com> >I thought of a new name today for digital cash: CRASH, taken from >CRypto cASH. And of course 'snow crash' would be 'cocaine money', allowing us to read an entirely new subtext in Stephenson's novel. Eric From sdw at meaddata.com Tue Dec 7 10:15:24 1993 From: sdw at meaddata.com (Stephen Williams) Date: Tue, 7 Dec 93 10:15:24 PST Subject: Anarchy Gone Awry (fwd) In-Reply-To: <199312070005.AA23282@access.digex.net> Message-ID: <9312071813.AA14939@jungle.meaddata.com> > This post is a perfect example why the two lists should be kept seperate > and not merged. This sounds to me like it belongs on alt.politics.data- > highway. His version I would agree this is true, but not mine. Mine is purely grass-roots and voluntary (both endorsing and using endorsements). However, I will crosspost to comp.society.cu-digest and alt.politics.datahighway. > -uni- (dark) sdw -- Stephen D. Williams Local Internet Gateway Co.; SDW Systems 513 496-5223APager LIG dev./sales Internet: sdw at lig.net CIS 76244.210 at compuserve.com OO R&D Source Dist. By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430 GNU Support ICBM: 39 34N 85 15W I love it when a plan comes together From mech at eff.org Tue Dec 7 10:35:24 1993 From: mech at eff.org (Stanton McCandlish) Date: Tue, 7 Dec 93 10:35:24 PST Subject: ANNOUNCEMENT: Markey Bill (HR3636) Available Online from EFF Message-ID: <199312071834.NAA04078@eff.org> HR3636, The Markey Bill, is now available online at the Electronic Frontier Foundation's ftp archive. FTP to ftp.eff.org, and get the text file ~pub/eff/legislation/hr3636 (aka ~pub/eff/legislation/markey.bil). ****** Info on the bill ****** On Monday, November 22, 1993, EFF applauded House Telecommunications and Finance Subcommittee Chairman Edward Markey (D-Mass.), Minority Chairman Jack Fields (R-Tex.), and other cosponsors for introducing the "National Communications Competition and Information Infrastructure Act of 1993." The Markey/Fields legislation, which incorporates EFF's Open Platform philosophy, is built on three concepts: open platform services, the entry of telephone companies into video cable service, and universal service. Reacting to the open platform provisions, Mitchell Kapor, EFF Board Chairman, stated: "The sponsors of this bill are to be commended for proposing legislation that incorporates a truly democratic vision of the emerging data highway. Open platform service can end channel scarcity once and for all and make it possible for any information provider to offer voice, data, and video services on the data highway. Every citizen will be able to access a true diversity of information and programming." EFF Executive Director Jerry Berman added that "we believe public interest and nonprofit groups, as well as computer and communications industry leaders will work very hard for the open platform provisions. Our goal is to keep them in the bill and make them even stronger before its enactment." AN EFF ANALYSIS OF THE IMPACT OF THE BILL ON PUBLIC INTEREST GOALS OF UNIVERSAL SERVICE, COMMON CARRIAGE, AND CONSUMER EQUITY WILL BE RELEASED AS SOON AS IT IS COMPLETED. For an initial brief analysis (previously posted to comp.org.eff.talk and elsewhere) see ftp.eff.org, ~pub/eff/legislation/announce.mky See also ftp.eff.org or gopher.eff.org, ~pub/eff/papers/op2.0 and ~pub/eff/papers/open-platform* for more information on EFF's Open Platform initiative. See ~pub/eff/legislation/markey.bil for the full text of the Markey Bill. From strick at versant.com Tue Dec 7 11:13:35 1993 From: strick at versant.com (henry strickland) Date: Tue, 7 Dec 93 11:13:35 PST Subject: on initial rejection of claims of RSA patent Message-ID: <9312071846.AA17866@osc.versant.com> Diffie, via "L.": # No. But after all, the RSA patent was filed from MIT by people # (R, S, and A) that I didn't know well till much later. There may have # been some hankey pankey I didn't know about, but I certainly don't # recall the New York Times article you refer to. The statement that # ``They just got the application back rejected.'' Doesn't sound right # to me. I presume that the Patent Office has to state why an # application is returned. It's decisions, after all, are a constant All four of the PKP patents mentioned in RFC1423, Cryptographic Apparatus and Method ("Diffie-Hellman")............................... No. 4,200,770 Public Key Cryptographic Apparatus and Method ("Hellman-Merkle").................... No. 4,218,582 Cryptographic Communications System and Method ("RSA")................................... No. 4,405,829 Exponential Cryptographic Apparatus and Method ("Hellman-Pohlig").................... No. 4,424,414 had all of their claims either "rejected" or "objected to" on the first pass by the patent examiner. I have been told this is not unusual. The patent examiner gave reasonable technical reasons whe he rejected them. Nothing looks fishy to me, that is part of the record. I have a copy of [almost all of] the "full wrappers" on these four patents, and am making them available to the CA cypherpunks (CA, because I live here). (They're not online, there's a lot of handwritten pages & annotations & forms that would not OCR, and it's a 6" stack of legal paper, so it's not easy for me to provide them online, sorry.) strick From banisar at washofc.cpsr.org Tue Dec 7 12:15:26 1993 From: banisar at washofc.cpsr.org (Dave Banisar) Date: Tue, 7 Dec 93 12:15:26 PST Subject: NIST Meeting Dec 8-9 Message-ID: <00541.2838120673.1349@washofc.cpsr.org> NIST Meeting Dec 8-9 NIST Computer System Security and Privacy Advisory Board Meeting December 8-9, 1993 Hyatt Regency Reston 1800 President's Street Reston, VA >From 495, take Dulles Access Road (toll road) to Reston Parkway, Turn right on parkway, Hotel is on left by new town center. Draft Agenda December 8, 1993 I Welcome 9:00 Opening Remarks - Lynn McNulty 9:10 Chairman's Remarks - Dr. Willis Ware II. Unclassified Government Cryptography Activities 9:15 National Research Council Cryptographic Study Marjorie Blumenthal, NRC 9:45 GAO Report on Cryptography Policy, Harold Podell 10:15 Break 10:30 Status of NIST Cryptographic Standards Activities, Miles Smid 11:00 DSS Infrastructure Briefing, McNulty & Mitre Rep. 11:30 Key Escrow Update 12:00 Lunch III. Emerging NII Technologies 1:30 Jim Flyzik, Director, Telecommunications Management, Treasury Dept. 2:30 Organizing for the NII and GII - Bruce McConnell, OMB 3:00 NIST's Role - Jim Burrows, NIST IV Electronic Commerce 4:00 Electronic Commerce Initiative - Steve Trus 5:00 Recess December 9 V. MOSIAC 9:00 MOSIAC Briefing - DoD Program for Protection of Unclassified Data in the DMS - John Nagangast, NSA VI Common Criteria 9:45 Common Criteria Update - Dr. Stu Katzka 10:15 Break VII NIST Security Program Plan 10:30 NIST Security Plan for FY-94 - Dr. Stu Katzke 11:00 Disussion VIII Telecommunications Security 11:30 Telecommunucations Switch Vulnerability Analysis, Rick Kuhn 12:00 Lunch IX Workplace Privacy Bill 1:30 S-984 - Privacy for Consumers and Workers Act, Kristina Zahorik Legislative Assistant, Senate Employment and Productivity Subcommittee 2:00 Discussion X CSSPAB Workplan 2:30 Draft CY-1994 Workplan - Presentation and Discussion CSSPAB Working Group XI Public Participation 3:00 Public Participation XII Close 3:30 March Meeting - Agenda Ideas 3:45 Adjourn From smb at research.att.com Tue Dec 7 12:25:26 1993 From: smb at research.att.com (smb at research.att.com) Date: Tue, 7 Dec 93 12:25:26 PST Subject: W.Diffie on RSA patent Message-ID: <9312072023.AA16781@toad.com> I thought this was all documented in the NYT. Does anyone have the article? Anyway, Mr.Diffie says (see below) that nothing sinister happened at the patent office regarding the RSA patent. I would like to hear of any other patents that were suppressed by the NSA hiding behind the patent office. I mean, this professor was definitely not making up a story! She gave me the NYT reference but I think I accidentally threw out the paper I wrote it on. Does anyone have the reference? I think it happened in '78. It sounds like you're talking about the Davida patent, or maybe the zero-knowledge proof patent. Here's the basic story. U.S. patent law contains a provision for ``secrecy orders''. That is, when you apply for a patent in certain sensitive areas -- and cryptography is one of them -- the application is routed to the appropriate government agencies, including NSA. If they think the invention is too good, you'll receive a notice saying that you not only can't get a patent, you're not even allowed to discuss it anymore. George Davida -- a professor -- was hit with just such an order. Eventually, it was lifted, after a lot of public protest. NSA tried claiming that the patent application proved that the issue was commercial, rather than pure free speech, but they didn't try to fight it. More recently, Shamir received a secrecy order on his zero-knowledge proof patent. This was even more insane than usual, since (a) Shamir is not a U.S. citizen, and (b) he'd already been discussing the idea at conferences world-wide. According to rumor, this order was imposed by the Army, and was lifted through NSA's intervention. I know that the Shamir story was in the NY Times, though I don't have the citation. A pointer in my files is: journal name: Notices of the American Mathematical Society journal date: Jan 88 volume/number: 35, 1 article title: Zero Knowledge and the Department of Defense author(s) name: Susan Landau page number: 5-12 but I don't have the article handy. The Davida story was probably in the Times as well; my summary of it is taken from ``Cryptology Goes Public'', by David Kahn, in ``Kahn on Codes'', 1983. The article originally appeared in the Fall 1979 issue of ``Foreign Affairs''. From STERLING_D._TATE at smtpgty.anatcp.rockwell.com Tue Dec 7 12:34:49 1993 From: STERLING_D._TATE at smtpgty.anatcp.rockwell.com (STERLING D. TATE) Date: Tue, 7 Dec 93 12:34:49 PST Subject: Information Message-ID: <9311077552.AA755296412@smtpgty.anatcp.rockwell.com> Information on mailing list. Cypherpunk-info at toad.com From mech at eff.org Tue Dec 7 14:20:27 1993 From: mech at eff.org (Stanton McCandlish) Date: Tue, 7 Dec 93 14:20:27 PST Subject: ANNOUNCEMENT: DPSWG Crypto-Policy Statement to White House Message-ID: <199312072217.RAA07526@eff.org> NOTICE: This is the letter from the Digital Privacy and Security Working Group sent to the White House 12/06/93, urging the Administration to lift export controls on DES, RSA and other mass market encryption without requring legislation. Some erroneous press reports have said the DPSWG (see letter signatories) were making a Clipper/Skipjack "deal". This is not true. The letter makes it clear that Clipper as originally proposed is not viable, and that in any form it is to be implemented only if it's use is completely voluntary and ONLY if current restrictions on mass market encryption software are removed, so that the right to choose one's own methods of privacy and security is retained, and American businesses can effectively and openly compete in the expanding international market for encryption products. For more details please see the third paragraph of the letter, below. - ----------------------------------------------------------------------- DIGITAL PRIVACY AND SECURITY WORKING GROUP 1001 G Street, NW Suite 950 East Washington, DC 20001 Jerry Berman 202/347-5400 Leah Gurowitz 202/393-1010 December 6, 1993 The President The White House Washington, DC 20500 Dear Mr. President: On April 16, 1993, you initiated a broad industry/government review of privacy and cryptography policies at the same time that the Administration unveiled its Clipper Chip proposal. The Digital Privacy and Security Working Group -- a coalition of over 50 communications and computer companies and associations, and consumer and privacy advocates -- has been working with members of your Administration to develop policies which will reflect the realities of the digital information age, the need to provide individuals at work and home with information security and privacy, and the importance of preserving American competitiveness. The Digital Privacy and Security Working Group is committed to the proposition that computer users worldwide should be able to choose their encryption programs and products, and that American programs and products should be allowed to compete in the world marketplace. In our discussions with Administration officials, we have expressed the Coalition's tentative acceptance of the Clipper Chip's encryption scheme (as announced on April 16, 1993), but only if it is available as a voluntary alternative to widely-available, commercially-accepted, encryption programs and products. Thus, we applaud repeated statements by Administration officials that there is no intent to make the Clipper Chip mandatory. One key indication of whether the choice of encryption regimes will be truly voluntary, however, is the ability of American companies to export computer programs and products employing other strong encryption algorithms (e.g. DES and RC2/RC4 at comparable strengths) demanded by customers worldwide. In this regard, we commend to your attention legislation introduced by Rep. Maria Cantwell (H.R. 3627) that would liberalize existing export controls on software with encryption capabilities. Of course, such legislation would not be necessary if the Administration acts to accomplish such export control liberalization on its own. As part of your on-going encryption review and decision-making, we strongly urge you to do so. As your Administration concludes its review of this issue, representatives of the Digital Privacy and Security Working Group remain available to meet with Administration officials at any time. Sincerely, American Civil Liberties Union IBM Apple Computer, Inc. Information Industry Association Business Software Alliance Information Technology Association of America Committee on Communications and Information Policy, IEEE-USA Iris Associates, Inc. Computer and Business Equipment Lotus Development Corporation Manufacturers Association Microsoft Corporation Crest Industries, Inc. Oracle Corporation Digital Equipment Corporation Prodigy Services Company EDUCOM Software Publishers Association Electronic Frontier Foundation Sun Microsystems, Inc. Electronic Messaging Association Telecommunications Industry Association GKI Cryptek Division Trusted Information Systems Hewlett-Packard Company cc: John Podesta, Office of the President George Tenet, National Security Council Mike Nelson, Office of Science and Technology Policy Ray Kammer, National Institute of Standards and Technology Steve Aoki, National Security Council Geoff Greiveldinger, Department of Justice - ------------------------------------------------------------------------- This document and others on related topics are archived at ftp.eff.org, ~ftp/pub/eff/crypto-policy. From mech at eff.org Tue Dec 7 15:00:48 1993 From: mech at eff.org (Stanton McCandlish) Date: Tue, 7 Dec 93 15:00:48 PST Subject: Detweiler in CuD Message-ID: <199312072300.SAA08199@eff.org> Those of you following L. Detweiler's rants might wish to take a look at the latest CuD. Pretty amazing stuff. He manages to slam Bruce Sterling, the English language, Eric Hughes, Tim May, and even an EFF board member (John Gilmore), all in ~200 lines which is short for L.D. The most amazing part is the absence of ALL CAPS, though excruciatingly manifested longwinded, pedantic, and redundant cypherwonkian adjectives (like these) are present throughout. Quite a sight, I tell ya. -- Stanton McCandlish mech at eff.org 1:109/1103 EFF Online Activist & SysOp O P E N P L A T F O R M C R Y P T O P O L I C Y O N L I N E R I G H T S N E T W O R K I N G V I R T U A L C U L T U R E I N F O : M E M B E R S H I P @ E F F . O R G From jim at bilbo.suite.com Tue Dec 7 15:33:35 1993 From: jim at bilbo.suite.com (Jim Miller) Date: Tue, 7 Dec 93 15:33:35 PST Subject: ANNOUNCEMENT: DPSWG Crypto-Policy Statement to White House Message-ID: <9312072331.AA02459@bilbo.suite.com> Stanton McCandlish writes: > NOTICE: This is the letter from the Digital Privacy and > Security Working Group sent to the White House 12/06/93, > urging the Administration to lift export controls on > DES, RSA and other mass market encryption without ^^^^^^^^^^ ?? > requring legislation. > Why only "mass market" encryption? The company I work for is developing a collection of runtime libraries and utilities which software developers can use to create and manage portable object-oriented distributed applications. Think of it as a object-oriented DCE-like tool set with a run-time environment and system administration utilites. Our customers are primarily large corporations, although it would be useful to small shops, too. We have communication software that can perform encryption of user data, but the current export laws prevent us from placing this capability in versions for our foreign customers. We have to maintain two distinct versions of our product: a domestic version and and foreign version. Since we target other software developers, I don't believe our product qualifies as "mass market" software. At least, this is my interpretation of the definition of "as is" in the Cantwell bill: > For example, generally available software is offered > for sale or licensed to the public without restriction > and available through standard commercial channels of > distribution; sold as is without further > customization; and designed to be installed by the > purchaser without additional assistance from the > publisher. Computer hardware and computing devices are > also defined. > . > . > . > 15 ``(4) DEFINITIONS.---As used in this > 16 subsection--- > > 1 ``(B) the term `as is' means, in the case of > 2 software (including software with encryption ca- > 3 pabilities), a software program that is not de- > 4 signed, developed, or tailored by the software > 5 company for specific purchasers, except that > 6 such purchasers may supply certain installation > 7 parameters needed by the software program to > 8 function properly with the purchaser's system > 9 and may customize the software program by > 10 choosing among options contained in the soft- > 11 ware program; > > Although we don't make custom versions of our software for specific customers, our software, due to its nature, is highly customizable by the purchaser. Neither the Cantwell bill, nor the DPSWG letter mentions this type of software product. As I see it, the main distinction between "mass market" software and our software is that our software is used to create other software, whereas "mass market" software implies final product "end-user" software. My question to the DPSWG (and US Rep. Maria Cantwell, if I could e-mail her) is: Why only "mass market" software? Or put another way: Does the DPSWG want the government to keep export controls in place for the type of product our company is developing? Thanks, Jim_Miller at suite.com From peb at PROCASE.COM Tue Dec 7 15:53:37 1993 From: peb at PROCASE.COM (Paul Baclace) Date: Tue, 7 Dec 93 15:53:37 PST Subject: what was that fast integer math board? Message-ID: <9312072351.AA21800@ada.procase.com> I lost the mail about the fast integer math board for a PC (the ~$1100 DSP chip based one). I'd like to forward that to another list and haven't found it by searching for DSP, etc.). Please email me a copy. Paul E. Baclace peb at procase.com From Martin.Greifer at f28.n125.z1.FIDONET.ORG Tue Dec 7 15:55:50 1993 From: Martin.Greifer at f28.n125.z1.FIDONET.ORG (Martin Greifer) Date: Tue, 7 Dec 93 15:55:50 PST Subject: Do you mind? Message-ID: <5321.2D04FA72@shelter.FIDONET.ORG> -=> Quoting Graham Toal to All <=- Uu> I've just had 915 lines of unsolicited crap about detweiler in my Uu> personal mailbox. It's bad enough having to suffer this shite on Uu> cypherpunks and newsgroups, but this really is too much. Next person Uu> to send me any of this crap gets all 915+ lines back. Uu> I'm *really really* not interested. Well, OK, but you still want the chain letter stuff, though, right? MG ___ Blue Wave/QWK v2.12 -- Martin Greifer - via FidoNet node 1:125/1 UUCP: ...!uunet!kumr!shelter!28!Martin.Greifer INTERNET: Martin.Greifer at f28.n125.z1.FIDONET.ORG From slambert at willamette.edu Tue Dec 7 16:20:28 1993 From: slambert at willamette.edu (Sean Lambert) Date: Tue, 7 Dec 93 16:20:28 PST Subject: televisions 2 way? Message-ID: <9312080011.AA13594@willamette.edu> I heard a theory about how the government can "spy" on us by using cable television. somehow, according to the theory, the cable is a 2-way transmitter, and the television, when turned on, can act like a video camera for the government. I do not know ANY of the specifics of this theory, and really find it hard to believe (perhaps because I do not have any more information)...does anyone have any information on this? is this an appropriate inquiry for the cypherpunks mailing? thanks a lot sean From pmetzger at lehman.com Tue Dec 7 16:40:28 1993 From: pmetzger at lehman.com (Perry E. Metzger) Date: Tue, 7 Dec 93 16:40:28 PST Subject: televisions 2 way? In-Reply-To: <9312080011.AA13594@willamette.edu> Message-ID: <199312080037.TAA17068@snark.ts.lehman.com> Sean Lambert says: > I heard a theory about how the government can "spy" on us by using cable > television. somehow, according to the theory, the cable is a 2-way > transmitter, and the television, when turned on, can act like a video > camera for the government. I do not know ANY of the specifics of this > theory, and really find it hard to believe (perhaps because I do not > have any more information)...does anyone have any information on this? > is this an appropriate inquiry for the cypherpunks mailing? Its absolutely true. There are also mechanisms that let them listen in on conversations using the lightbulbs in your house -- ambient sound causes the bulb to vibrate, flexing the filament and thus modulating the return current. Placing a simple device on the electrical feeder of the house thus allows complete bugging of the entire structure without having to place listening devices within. The method works whether or not the bulbs are turned on, by the way -- you have to actually unscrew them to get privacy. There is also a well known method for obtaining sonograms of the inside of the building that are nearly as good as video by sending modulated high frequency audio down the cold water pipes -- its quite evil, really. Microwave ovens are a particularly nasty one, however, by comparison to these other methods. Most of them have computers built in that take commands modulated over the electrical wiring that permit them to record an EEG of anyone within 15 feet and return it via power line modulation. These EEGs may be postprocessed by powerful computer equipment into records of the thoughts and memories of the people near the oven. Its also reported that some newer models can transmit mind control signals. Luckily, this only works when the oven is plugged in, so its easy to disable. For maximum safety, especially against future developments, I would remove all electrical wiring and plumbing from my house. Its a bit hard, but it protects you from the fiends. Unedited dissemination of this important information is encouraged. L. Sternwight From peb at PROCASE.COM Tue Dec 7 17:00:50 1993 From: peb at PROCASE.COM (Paul Baclace) Date: Tue, 7 Dec 93 17:00:50 PST Subject: what was that fast integer math board? Message-ID: <9312080100.AA21828@ada.procase.com> I got it. Paul From strat at sam.ksu.ksu.edu Tue Dec 7 18:05:28 1993 From: strat at sam.ksu.ksu.edu (Steve Davis) Date: Tue, 7 Dec 93 18:05:28 PST Subject: Detweiler in CuD In-Reply-To: <199312072300.SAA08199@eff.org> Message-ID: <9312080203.AA04803@sam.ksu.ksu.edu> >From the keyboard of Stanton McCandlish: > Those of you following L. Detweiler's rants might wish to take a look at > the latest CuD. Pretty amazing stuff. He manages to slam Bruce > Sterling, the English language, Eric Hughes, Tim May, and even an EFF > board member (John Gilmore), all in ~200 lines which is short for L.D. The first two deserve slamming. That's my first and only comment concerning the article in question. -- Steve Davis (strat at cis.ksu.edu) Kansas State University I need something to fly over my grave again. I need something to breathe. From erc at khijol.yggdrasil.com Tue Dec 7 18:23:38 1993 From: erc at khijol.yggdrasil.com (Ed Carp) Date: Tue, 7 Dec 93 18:23:38 PST Subject: Detweiler in CuD In-Reply-To: <9312080203.AA04803@sam.ksu.ksu.edu> Message-ID: On Tue, 7 Dec 1993, Steve Davis wrote: > >From the keyboard of Stanton McCandlish: > > > Those of you following L. Detweiler's rants might wish to take a look at > > the latest CuD. Pretty amazing stuff. He manages to slam Bruce > > Sterling, the English language, Eric Hughes, Tim May, and even an EFF > > board member (John Gilmore), all in ~200 lines which is short for L.D. > > The first two deserve slamming. > > That's my first and only comment concerning the article in question. Just do what I do - laugh at LD's posts. They're funny, they really are. Even the 'shoot XXX in the head' death threat posts are pretty ludicrous. I usually like to start my day by reading a post by LD - it gets me in a good mood for the rest of the day... :) Ed Carp, N7EKG erc at wetware.com 510/659-9560 an38299 at anon.penet.fi, anon-1157 at twwells.com If you want magic, let go of your armor. Magic is so much stronger than steel! -- Richard Bach, "The Bridge Across Forever" From TCJones at DOCKMASTER.NCSC.MIL Tue Dec 7 18:45:29 1993 From: TCJones at DOCKMASTER.NCSC.MIL (TCJones at DOCKMASTER.NCSC.MIL) Date: Tue, 7 Dec 93 18:45:29 PST Subject: Reality Message-ID: <931208023954.669301@DOCKMASTER.NCSC.MIL> Yes, we are watching you!!!!! L. Detweiler From cman at caffeine.io.com Tue Dec 7 19:55:30 1993 From: cman at caffeine.io.com (Douglas Barnes) Date: Tue, 7 Dec 93 19:55:30 PST Subject: Detweiler's Fortune Cookie Message-ID: <199312080339.VAA19448@caffeine.caffeine.io.com> Zachary, Steve and I went to each Chinese food tonight, and clearly the fortune cookie daemon was up to no good: Steve got Zachary's fortune: "Your winsome smile will be your sure protection" Zachary got my fortune, "You will go many places" and I got Larry Detweiler's "Don't let doubt and suspicion bar your progress." Oh, and Larry, your lucky lottery numbers are 1-15-18-39-47-50 -- ---------------- /\ Douglas Barnes cman at illuminati.io.com / \ Chief Wizard (512) 448-8950 (d), 447-7866 (v) / () \ Illuminati Online metaverse.io.com 7777 /______\ From chaos at aql.gatech.edu Tue Dec 7 20:13:37 1993 From: chaos at aql.gatech.edu (Paul Goggin) Date: Tue, 7 Dec 93 20:13:37 PST Subject: Internet Billing Server Message-ID: <9312080411.AA25929@toad.com> I thought this might be of interest to some of the list-members, I printing it as I write this so I don't have any comments on it yet. -------------------------Cut Here------------------------------------------ Dear Sir/Madam : Thanks for your interest in the Billing Server project. I would like to inform you that the Billing server prototype scope document is available in the network now. You can access the document in the following way. Anonymous ftp from netinfo.ini.andrew.cmu.edu The directory is /pub/billing-server and the file name is Scope.TR.1993-1.ps please note that the file is a postscript version. This document provides a high level description of the billing server prototype. We will be happy to provide additional information on this. Thank you Krishnan ( Teaching Assistant for the Billing Server project ) ------------------------Cut Here----------------------------------------- Paul -- R O All Comments Copyright by | Technofetishist A N Paul S. Goggin (1993) | Cypher, Cyber, Chaos V Information Broker | Ergoflux, Interzone E chaos at aql.gatech.edu | Carpe Diem: Stop the Clipper wiretap chip Finger account for latest _Phrack_ | Public Key: PGP and RIPEM available For anonymous communication:---> anon32940 at anon.penet.fi ------------------------------------------------------------------------------ Title 18 USC 2511 and 18 USC 2703 Protected -- Monitoring Absolutely Forbidden From weix at netcom.com Tue Dec 7 20:50:31 1993 From: weix at netcom.com (Patrick Weix) Date: Tue, 7 Dec 93 20:50:31 PST Subject: televisions 2 way? No way. My way. Right away. Message-ID: <199312080448.UAA17402@mail.netcom.com> Re: televisions 2 way? >For maximum safety, especially against future developments, I would >remove all electrical wiring and plumbing from my house. Its a bit >hard, but it protects you from the fiends. >Unedited dissemination of this important information is encouraged. >L. Sternwight For those interested, I have constructed a powerful computer completely out of wood chips soaked in brine. The toughest part was the display. Please send $117.43 cash to me if you would like to get in on the ground floor of this novel enterprise. TAKE CHARGE. PROTECT YOURSELF FROM THE GOV! -tentacle #58 There coming to take me away ha ha he he To the funny farm where life is beautiful all the time And all be happy to see the nice young men in their clean white suits.... From an53004 at anon.penet.fi Tue Dec 7 21:30:32 1993 From: an53004 at anon.penet.fi (an53004 at anon.penet.fi) Date: Tue, 7 Dec 93 21:30:32 PST Subject: your brain will be bugged by the NSA (was Re: televisions 2 way? ) In-Reply-To: <199312080037.TAA17068@snark.ts.lehman.com> Message-ID: <9312080527.AA19615@anon.penet.fi> On Dec 7, 19:37, "Perry E. Metzger" wrote: > > Sean Lambert says: > > I heard a theory about how the government can "spy" on us by using cable > > television. somehow, according to the theory, the cable is a 2-way > > transmitter, and the television, when turned on, can act like a video > > camera for the government. I do not know ANY of the specifics of this > > theory, and really find it hard to believe (perhaps because I do not > > have any more information)...does anyone have any information on this? > > is this an appropriate inquiry for the cypherpunks mailing? > > Its absolutely true. There are also mechanisms that let them listen in > on conversations using the lightbulbs in your house -- ambient sound > causes the bulb to vibrate, flexing the filament and thus modulating > the return current. Placing a simple device on the electrical feeder Of course, this is the old technology. Much more sophisticated monitoring technologies are currently being used. All people born after 1983 have special implants which transmit all their thoughts to NSA headquarters for recording and analysis. This is also a big plus for law enforcement, which has been known to resort to throwing people who don't have suitable modern conveniences in jail. W.O. Studeman was apparently overheard at a party (while more than slightly drunk) saying "this new approach will eventually save the U.S. taxpayer billions of dollars a year as there are fewer people in the world than potential bugging devices". The government is now actively kidnapping people born before 1983 for short periods of time, and implanting these thought transmission devices (stories of abductions by UFOs are invariably due to imperfectly wiped memories of the ordeal). The next model will be a thought transmission and control device. There are apparently still some technical problems with the prototypes, the end result for the experimental subjects who have been implanted with the prototype is usually insanity. The next step after this is rumoured to be the complete removal of the old-style organic brains and replacement with new ultra-sophisticated superconducting computers capable of computing hundreds of thousands of digits of pi in a fraction of a second. This will also solve the problems with maths education in the U.S. ------------------------------------------------------------------------- To find out more about the anon service, send mail to help at anon.penet.fi. Due to the double-blind, any mail replies to this message will be anonymized, and an anonymous id will be allocated automatically. You have been warned. Please report any problems, inappropriate use etc. to admin at anon.penet.fi. From cman at caffeine.io.com Wed Dec 8 01:10:32 1993 From: cman at caffeine.io.com (Douglas Barnes) Date: Wed, 8 Dec 93 01:10:32 PST Subject: Dining with the Cryptographer Message-ID: <199312080853.CAA20044@caffeine.caffeine.io.com> Dining with the Cryptographer: A crypto road trip By Jim McCoy and Douglas Barnes "Hey Doug," said Jim. "You'll never guess who just called." Ever since Jim got mail from Chaum asking for his phone number (he doesn't have one), he'd been pretty anxious, spastically cramming old Eurocrypt proceedings and coming up with even more baroque crypto applications than usual. (We'll have a digicash auction for CPU cyles...) Finally they must have touched base while he was at work. "Let me guess", I ventured, "a call from Amsterdam?" "Uh, no from Dallas. Chaum wants us to go have dinner with him." "Dallas? What's he doing in Dallas?" "I think some conference or something." It was 4:30 in the afternoon; Dallas is a highly optimistic three and a half hours away. "Does he realize where Austin is?", I replied incredulously. "I think so... we're supposed to meet him at 8..." "Uh-hunh... right." Time to find a car. Frantic phone calls, beggings of coworkers. No question but this was not an opportunity to miss. Sort of like a Roman Catholic getting a call from the Pope. Finally get ahold of my wife, who has the only working car in the family. "You're going where?" she asked. "Dallas." "Dallas?" "Yep. Gonna meet David Chaum." "How does he know about you?" "Beats me. Actually, I think it's just Jim he wants, I'm along for the ride." Rush hour (such as it is) in Austin, pick up Jim, gas up, get munchies and caffeine for the trip. Hot topics in the car on the way up: "Where in hell did he hear about you?" "Is this Waco yet?" "Do you have any idea what he looks like?" "Wow, you really shouldn't be driving ninety..." "Did you have _any_ concept of where Dallas was when you agreed to this?" Since neither of us had ever really been to Dallas as an actual destination, we bought a map in Troy. (Home of the fighting Trojans.) Jim spent the rest of the way to Dallas (several hours) attempting to unfold the map. "What was that address again?", I would ask. "North Dallas Parkway." "Are you sure?", I would ask. "Yeah..."